diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn new file mode 100644 index 0000000000..92f0d843c1 --- /dev/null +++ b/.acrolinx-config.edn @@ -0,0 +1,2 @@ +{:allowed-branchname-matches ["master"] + :allowed-filename-matches ["windows/"]} diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 7a179df68a..4ce774ddfc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -856,73 +856,193 @@ "redirect_document_id": true }, { +"source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-features", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts-queue", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/apis-intro.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/api-hello-world.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-hello-world", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/attack-simulations", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/automated-investigations", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/basic-permissions", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/community", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/conditional-access", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configuration-score", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection", +"source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection", -"redirect_document_id": true +"source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", +"redirect_document_id": false }, { -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection", +"source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { @@ -931,53 +1051,193 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-siem", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-splunk", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/deprecate.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/deprecate", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { @@ -986,23 +1246,98 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/evaluate-atp.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/event-error-codes", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview", "redirect_document_id": true }, { @@ -1011,43 +1346,148 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-domain", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-files", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-ip", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-machines", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-user", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/licensing", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-groups", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-reports", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-tags", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-alerts", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-edr.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-edr", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/management-apis.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/management-apis", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-incidents", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules", "redirect_document_id": true }, { @@ -1056,38 +1496,138 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/mssp-support", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/offboard-machines", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-configure", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/onboard.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-hunting", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/partner-applications", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/portal-overview", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/powershell-example-code", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preferences-setup", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/prerelease.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/prerelease", "redirect_document_id": true }, { @@ -1096,38 +1636,103 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preview", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preview-settings", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/python-example-code", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/rbac", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/response-actions", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-detection-test", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard", "redirect_document_id": true }, { @@ -1136,8 +1741,8 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/service-status", "redirect_document_id": true }, { @@ -1146,28 +1751,58 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/time-settings", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", +"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", + "redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", +"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", +"redirect_document_id": true +}, +{ +"source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { @@ -1176,8 +1811,53 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem", "redirect_document_id": true }, { @@ -1186,11 +1866,61 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use", +"redirect_document_id": true +}, +{ +"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user-roles", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection", "redirect_document_id": true }, { +"source_path": "windows/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/whats-new-in-microsoft-defender-atp", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard", "redirect_document_id": true @@ -1416,11 +2146,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md", "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus", "redirect_document_id": true @@ -5171,11 +5896,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", -"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md", "redirect_url": "/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus", "redirect_document_id": true @@ -5196,11 +5916,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/manage/cortana-at-work-scenario-7.md", "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7", "redirect_document_id": true @@ -5711,11 +6426,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md", "redirect_url": "https://technet.microsoft.com/library/jj635854.aspx", "redirect_document_id": true @@ -5766,11 +6476,6 @@ "redirect_document_id": false }, { -"source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", -"redirect_document_id": false -}, -{ "source_path": "windows/keep-secure/passport-event-300.md", "redirect_url": "/windows/access-protection/hello-for-business/hello-event-300", "redirect_document_id": true @@ -7751,11 +8456,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/advanced-security-audit-policy-settings.md", "redirect_url": "/windows/device-security/auditing/advanced-security-audit-policy-settings", "redirect_document_id": true @@ -7856,11 +8556,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/assign-security-group-filters-to-the-gpo.md", "redirect_url": "/windows/access-protection/windows-firewall/assign-security-group-filters-to-the-gpo", "redirect_document_id": true @@ -8466,11 +9161,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/configure-authentication-methods.md", "redirect_url": "/windows/access-protection/windows-firewall/configure-authentication-methods", "redirect_document_id": true @@ -8521,11 +9211,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/configure-exceptions-for-an-applocker-rule.md", "redirect_url": "/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule", "redirect_document_id": true @@ -9161,11 +9846,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/enable-the-dll-rule-collection.md", "redirect_url": "/windows/device-security/applocker/enable-the-dll-rule-collection", "redirect_document_id": true @@ -11206,11 +11886,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md", "redirect_url": "/windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies", "redirect_document_id": true @@ -11831,16 +12506,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", -"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/trusted-platform-module-overview.md", "redirect_url": "/windows/device-security/tpm/trusted-platform-module-overview", "redirect_document_id": true @@ -13586,38 +14251,13 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", -"redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809", +"redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903", "redirect_document_id": true }, { @@ -13696,6 +14336,36 @@ "redirect_document_id": true }, { +"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp", +"redirect_document_id": false +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp", +"redirect_document_id": false + }, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell", +"redirect_document_id": false +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list", +"redirect_document_id": false +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples", +"redirect_document_id": false +}, +{ "source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13721,11 +14391,21 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alerts", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13736,34 +14416,64 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", -"redirect_document_id": false +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics", +"redirect_document_id": true }, { "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", @@ -13771,6 +14481,11 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13779,22 +14494,43 @@ "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false -},{ +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-information", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13810,63 +14546,128 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-filemachineaction-object", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-filemachineactions-collection", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection", "redirect_document_id": false }, { @@ -13875,26 +14676,61 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machines", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-started", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/isolate-machine", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13905,36 +14741,116 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-ms-flow", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-user-token", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", +"source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-av-scan", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-information", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -13945,14 +14861,181 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-analytics", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/files", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machineaction", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/machineactionsnote.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/ti-indicator", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/update-alert", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user", +"source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md", +"redirect_url": "/windows/deployment/planning/windows-10-1709-removed-features", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/planning/windows-10-creators-update-deprecation.md", +"redirect_url": "/windows/deployment/planning/windows-10-1703-removed-features", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", "redirect_document_id": true }, { - "source_path": "windows/hub/release-information.md", - "redirect_url": "/windows/release-information", - "redirect_document_id": true +"source_path": "windows/windows/deployment/windows-10-enterprise-subscription-activation.md", +"redirect_url": "/windows/windows/deployment/windows-10-subscription-activation", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": true +}, +{ +"source_path": "windows/windows-10/windows-10-landing.yml", +"redirect_url": "/windows/hub/windows-10", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md", +"redirect_url": "windows/security/threat-protection/microsoft-defender-atp/improve-request-performance", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/user-driven-aad.md", +"redirect_url": "/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-azure-active-directory-join", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/user-driven-hybrid.md", +"redirect_url": "/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/intune-connector.md", +"redirect_url": "https://docs.microsoft.com/intune/windows-autopilot-hybrid", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset#reset-devices-with-remote-windows-autopilot-reset", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-local.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset#reset-devices-with-local-windows-autopilot-reset", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/configure-autopilot.md", +"redirect_url": "/windows/deployment/windows-autopilot/add-devices", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/windows-autopilot/administer.md", +"redirect_url": "/windows/deployment/windows-autopilot/add-devices#registering-devices", +"redirect_document_id": true +}, +{ +"source_path": "windows/hub/release-information.md", +"redirect_url": "/windows/release-information", +"redirect_document_id": true } ] } diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..e7f59d08ec --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "cSpell.words": [ + "kovter", + "kovter's", + "poshspy" + ] +} \ No newline at end of file diff --git a/acrolinx-config.edn b/acrolinx-config.edn deleted file mode 100644 index 7f639efb92..0000000000 --- a/acrolinx-config.edn +++ /dev/null @@ -1,3 +0,0 @@ -{:allowed-branchname-matches ["master"] - :allowed-filename-matches ["windows"] - } diff --git a/browsers/edge/about-microsoft-edge.md b/browsers/edge/about-microsoft-edge.md index deef9f2c1a..b38cf78717 100644 --- a/browsers/edge/about-microsoft-edge.md +++ b/browsers/edge/about-microsoft-edge.md @@ -1,8 +1,11 @@ --- title: Microsoft Edge system and language requirements -description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics. +description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics. ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb -author: shortpatti +ms.reviewer: +manager: dansimp +ms.author: eravena +author: eavena ms.prod: edge ms.mktglfcycl: general ms.topic: reference @@ -15,7 +18,7 @@ ms.date: 10/02/2018 # Microsoft Edge system and language requirements >Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile -Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. +Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. >[!IMPORTANT] @@ -26,136 +29,138 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e Some of the components might also need additional system resources. Check the component's documentation for more information. -| Item | Minimum requirements | -| ------------------ | -------------------------------------------- | -| Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) | -| Operating system |

**Note**
For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. | -| Memory |

| -| Hard drive space | | -| DVD drive | DVD-ROM drive (if installing from a DVD-ROM) | -| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors | -| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver | -| Peripherals | Internet connection and a compatible pointing device | +| Item | Minimum requirements | +|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) | +| Operating system |

Note
For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. | +| Memory |

| +| Hard drive space | | +| DVD drive | DVD-ROM drive (if installing from a DVD-ROM) | +| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors | +| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver | +| Peripherals | Internet connection and a compatible pointing device | + --- -  + ## Supported languages -Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages. +Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages. If the extension does not work after install, restart Microsoft Edge. If the extension still does not work, provide feedback through the Feedback Hub. -| Language | Country/Region | Code | -| ------------------------ | -------------- | ------ | -| Afrikaans (South Africa) | South Africa | af-ZA | -| Albanian (Albania) | Albania | sq-AL | -| Amharic | Ethiopia | am-ET | -| Arabic (Saudi Arabia) | Saudi Arabia | ar-SA | -| Armenian | Armenia | hy-AM | -| Assamese | India | as-IN | -| Azerbaijani (Latin, Azerbaijan) | Azerbaijan | az-Latn-AZ | -| Bangla (Bangladesh) | Bangladesh | bn-BD | -| Bangla (India) | India | bn-IN | -| Basque (Basque) | Spain | eu-ES | -| Belarusian (Belarus) | Belarus | be-BY | -| Bosnian (Latin) | Bosnia and Herzegovina | bs-Latn-BA | -| Bulgarian (Bulgaria) | Bulgaria | bg-BG | -| Catalan (Catalan) | Spain | ca-ES | -| Central Kurdish (Arabic) | Iraq | ku-Arab-IQ | -| Cherokee (Cherokee) | United States | chr-Cher-US | -| Chinese (Hong Kong SAR) | Hong Kong Special Administrative Region | zh-HK | -| Chinese (Simplified, China) | People's Republic of China | zh-CN | -| Chinese (Traditional, Taiwan) | Taiwan | zh-TW | -| Croatian (Croatia) | Croatia | hr-HR | -| Czech (Czech Republic) | Czech Republic | cs-CZ | -| Danish (Denmark) | Denmark | da-DK | -| Dari | Afghanistan | prs-AF | -| Dutch (Netherlands) | Netherlands | nl-NL | -| English (United Kingdom) | United Kingdom | en-GB | -| English (United States) | United States | en-US | -| Estonian (Estonia) | Estonia | et-EE | -| Filipino (Philippines) | Philippines | fil-PH | -| Finnish (Finland) | Finland | fi_FI | -| French (Canada) | Canada | fr-CA | -| French (France) | France | fr-FR | -| Galician (Galician) | Spain | gl-ES | -| Georgian | Georgia | ka-GE | -| German (Germany) | Germany | de-DE | -| Greek (Greece) | Greece | el-GR | -| Gujarati | India | gu-IN | -| Hausa (Latin, Nigeria) | Nigeria | ha-Latn-NG | -| Hebrew (Israel) | Israel | he-IL | -| Hindi (India) | India | hi-IN | -| Hungarian (Hungary) | Hungary | hu-HU | -| Icelandic | Iceland | is-IS | -| Igbo | Nigeria | ig-NG | -| Indonesian (Indonesia) | Indonesia | id-ID | -| Irish | Ireland | ga-IE | -| isiXhosa | South Africa | xh-ZA | -| isiZulu | South Africa | zu-ZA | -| Italian (Italy) | Italy | it-IT | -| Japanese (Japan) | Japan | ja-JP | -| Kannada | India | kn-IN | -| Kazakh (Kazakhstan) | Kazakhstan | kk-KZ | -| Khmer (Cambodia) | Cambodia | km-KH | -| K'iche' | Guatemala | quc-Latn-GT | -| Kinyarwanda | Rwanda | rw-RW | -| KiSwahili | Kenya, Tanzania | sw-KE | -| Konkani | India | kok-IN | -| Korean (Korea) | Korea | ko-KR | -| Kyrgyz | Kyrgyzstan | ky-KG | -| Lao (Laos) | Lao P.D.R. | lo-LA | -| Latvian (Latvia) | Latvia | lv-LV | -| Lithuanian (Lithuania) | Lithuania | lt-LT | -| Luxembourgish (Luxembourg) | Luxembourg | lb-LU | -| Macedonian (Former Yugoslav Republic of Macedonia) | Macedonia (FYROM) | mk-MK | -| Malay (Malaysia) | Malaysia, Brunei, and Singapore | ms-MY | -| Malayalam | India | ml-IN | -| Maltese | Malta | mt-MT | -| Maori | New Zealand | mi-NZ | -| Marathi | India | mr-IN | -| Mongolian (Cyrillic) | Mongolia | mn-MN | -| Nepali | Federal Democratic Republic of Nepal | ne-NP | -| Norwegian (Nynorsk) | Norway | nn-NO | -| Norwegian, Bokmål (Norway) | Norway | nb-NO | -| Odia | India | or-IN | -| Polish (Poland) | Poland | pl-PL | -| Portuguese (Brazil) | Brazil | pt-BR | -| Portuguese (Portugal) | Portugal | pt-PT | -| Punjabi | India | pa-IN | -| Punjabi (Arabic) | Pakistan | pa-Arab-PK | -| Quechua | Peru | quz-PE | -| Romanian (Romania) | Romania | ro-RO | -| Russian (Russia) | Russia | ru-RU | -| Scottish Gaelic | United Kingdom | gd-GB | -| Serbian (Cyrillic, Bosnia, and Herzegovina) | Bosnia and Herzegovina | sr-Cyrl-BA | -| Serbian (Cyrillic, Serbia) | Serbia | sr-Cyrl-RS | -| Serbian (Latin, Serbia) | Serbia | sr-Latn-RS | -| Sesotho sa Leboa | South Africa | nso-ZA | -| Setswana (South Africa) | South Africa and Botswana | tn-ZA | -| Sindhi (Arabic) | Pakistan | sd-Arab-PK | -| Sinhala | Sri Lanka | si-LK | -| Slovak (Slovakia) | Slovakia | sk-SK | -| Slovenian (Slovenia) | Slovenia | sl-SL | -| Spanish (Mexico) | Mexico | es-MX | -| Spanish (Spain, International Sort) | Spain | en-ES | -| Swedish (Sweden) | Sweden | sv-SE | -| Tajik (Cyrillic) | Tajikistan | tg-Cyrl-TJ | -| Tamil (India) | India and Sri Lanka | ta-IN | -| Tatar | Russia | tt-RU | -| Telugu | India | te-IN | -| Thai (Thailand) | Thailand | th-TH | -| Tigrinya (Ethiopia) | Ethiopia | ti-ET | -| Turkish (Turkey) | Turkey | tr-TR | -| Turkmen | Turkmenistan | tk-TM | -| Ukrainian (Ukraine) | Ukraine | uk-UA | -| Urdu | Pakistan | ur-PK | -| Uyghur | People's Republic of China | ug-CN | -| Uzbek (Latin, Uzbekistan) | Uzbekistan | uz-Latn-UZ | -| Valencian | Spain | ca-ES-valencia | -| Vietnamese | Vietnam | vi-VN | -| Welsh | United Kingdom | cy-GB | -| Wolof | Senegal | wo-SN | -| Yoruba | Nigeria | yo-NG | ---- \ No newline at end of file +| Language | Country/Region | Code | +|----------------------------------------------------|-----------------------------------------|----------------| +| Afrikaans (South Africa) | South Africa | af-ZA | +| Albanian (Albania) | Albania | sq-AL | +| Amharic | Ethiopia | am-ET | +| Arabic (Saudi Arabia) | Saudi Arabia | ar-SA | +| Armenian | Armenia | hy-AM | +| Assamese | India | as-IN | +| Azerbaijani (Latin, Azerbaijan) | Azerbaijan | az-Latn-AZ | +| Bangla (Bangladesh) | Bangladesh | bn-BD | +| Bangla (India) | India | bn-IN | +| Basque (Basque) | Spain | eu-ES | +| Belarusian (Belarus) | Belarus | be-BY | +| Bosnian (Latin) | Bosnia and Herzegovina | bs-Latn-BA | +| Bulgarian (Bulgaria) | Bulgaria | bg-BG | +| Catalan (Catalan) | Spain | ca-ES | +| Central Kurdish (Arabic) | Iraq | ku-Arab-IQ | +| Cherokee (Cherokee) | United States | chr-Cher-US | +| Chinese (Hong Kong SAR) | Hong Kong Special Administrative Region | zh-HK | +| Chinese (Simplified, China) | People's Republic of China | zh-CN | +| Chinese (Traditional, Taiwan) | Taiwan | zh-TW | +| Croatian (Croatia) | Croatia | hr-HR | +| Czech (Czech Republic) | Czech Republic | cs-CZ | +| Danish (Denmark) | Denmark | da-DK | +| Dari | Afghanistan | prs-AF | +| Dutch (Netherlands) | Netherlands | nl-NL | +| English (United Kingdom) | United Kingdom | en-GB | +| English (United States) | United States | en-US | +| Estonian (Estonia) | Estonia | et-EE | +| Filipino (Philippines) | Philippines | fil-PH | +| Finnish (Finland) | Finland | fi_FI | +| French (Canada) | Canada | fr-CA | +| French (France) | France | fr-FR | +| Galician (Galician) | Spain | gl-ES | +| Georgian | Georgia | ka-GE | +| German (Germany) | Germany | de-DE | +| Greek (Greece) | Greece | el-GR | +| Gujarati | India | gu-IN | +| Hausa (Latin, Nigeria) | Nigeria | ha-Latn-NG | +| Hebrew (Israel) | Israel | he-IL | +| Hindi (India) | India | hi-IN | +| Hungarian (Hungary) | Hungary | hu-HU | +| Icelandic | Iceland | is-IS | +| Igbo | Nigeria | ig-NG | +| Indonesian (Indonesia) | Indonesia | id-ID | +| Irish | Ireland | ga-IE | +| isiXhosa | South Africa | xh-ZA | +| isiZulu | South Africa | zu-ZA | +| Italian (Italy) | Italy | it-IT | +| Japanese (Japan) | Japan | ja-JP | +| Kannada | India | kn-IN | +| Kazakh (Kazakhstan) | Kazakhstan | kk-KZ | +| Khmer (Cambodia) | Cambodia | km-KH | +| K'iche' | Guatemala | quc-Latn-GT | +| Kinyarwanda | Rwanda | rw-RW | +| KiSwahili | Kenya, Tanzania | sw-KE | +| Konkani | India | kok-IN | +| Korean (Korea) | Korea | ko-KR | +| Kyrgyz | Kyrgyzstan | ky-KG | +| Lao (Laos) | Lao P.D.R. | lo-LA | +| Latvian (Latvia) | Latvia | lv-LV | +| Lithuanian (Lithuania) | Lithuania | lt-LT | +| Luxembourgish (Luxembourg) | Luxembourg | lb-LU | +| Macedonian (Former Yugoslav Republic of Macedonia) | Macedonia (FYROM) | mk-MK | +| Malay (Malaysia) | Malaysia, Brunei, and Singapore | ms-MY | +| Malayalam | India | ml-IN | +| Maltese | Malta | mt-MT | +| Maori | New Zealand | mi-NZ | +| Marathi | India | mr-IN | +| Mongolian (Cyrillic) | Mongolia | mn-MN | +| Nepali | Federal Democratic Republic of Nepal | ne-NP | +| Norwegian (Nynorsk) | Norway | nn-NO | +| Norwegian, Bokmål (Norway) | Norway | nb-NO | +| Odia | India | or-IN | +| Polish (Poland) | Poland | pl-PL | +| Portuguese (Brazil) | Brazil | pt-BR | +| Portuguese (Portugal) | Portugal | pt-PT | +| Punjabi | India | pa-IN | +| Punjabi (Arabic) | Pakistan | pa-Arab-PK | +| Quechua | Peru | quz-PE | +| Romanian (Romania) | Romania | ro-RO | +| Russian (Russia) | Russia | ru-RU | +| Scottish Gaelic | United Kingdom | gd-GB | +| Serbian (Cyrillic, Bosnia, and Herzegovina) | Bosnia and Herzegovina | sr-Cyrl-BA | +| Serbian (Cyrillic, Serbia) | Serbia | sr-Cyrl-RS | +| Serbian (Latin, Serbia) | Serbia | sr-Latn-RS | +| Sesotho sa Leboa | South Africa | nso-ZA | +| Setswana (South Africa) | South Africa and Botswana | tn-ZA | +| Sindhi (Arabic) | Pakistan | sd-Arab-PK | +| Sinhala | Sri Lanka | si-LK | +| Slovak (Slovakia) | Slovakia | sk-SK | +| Slovenian (Slovenia) | Slovenia | sl-SL | +| Spanish (Mexico) | Mexico | es-MX | +| Spanish (Spain, International Sort) | Spain | en-ES | +| Swedish (Sweden) | Sweden | sv-SE | +| Tajik (Cyrillic) | Tajikistan | tg-Cyrl-TJ | +| Tamil (India) | India and Sri Lanka | ta-IN | +| Tatar | Russia | tt-RU | +| Telugu | India | te-IN | +| Thai (Thailand) | Thailand | th-TH | +| Tigrinya (Ethiopia) | Ethiopia | ti-ET | +| Turkish (Turkey) | Turkey | tr-TR | +| Turkmen | Turkmenistan | tk-TM | +| Ukrainian (Ukraine) | Ukraine | uk-UA | +| Urdu | Pakistan | ur-PK | +| Uyghur | People's Republic of China | ug-CN | +| Uzbek (Latin, Uzbekistan) | Uzbekistan | uz-Latn-UZ | +| Valencian | Spain | ca-ES-valencia | +| Vietnamese | Vietnam | vi-VN | +| Welsh | United Kingdom | cy-GB | +| Wolof | Senegal | wo-SN | +| Yoruba | Nigeria | yo-NG | + +--- diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index e62e7d861d..1c5ce07a92 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -1,9 +1,10 @@ --- description: You can customize your organization’s browser settings in Microsoft Edge with Group Policy or Microsoft Intune, or other MDM service. When you do this, you set the policy once and then copy it onto many computers—that is, touch once, configure many. ms.assetid: 2e849894-255d-4f68-ae88-c2e4e31fa165 -author: shortpatti -ms.author: pashort -manager: dougkim +ms.reviewer: +author: eavena +ms.author: eravena +manager: dansimp ms.prod: edge ms.mktglfcycl: explore ms.topic: reference @@ -218,4 +219,4 @@ Some policy settings have additional options you can configure. For example, if - [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921) - [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922) - [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923) -- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). \ No newline at end of file +- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index 6d86a32508..888b51a3bc 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -6,18 +6,18 @@ ms.topic: reference ms.mktglfcycl: explore ms.sitesec: library ms.localizationpriority: medium -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: --- # Change history for Microsoft Edge Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile. -# [2018](#tab/2018) - +#### [2018](#tab/2018/) ## October 2018 The Microsoft Edge team introduces new group policies and MDM settings for Microsoft Edge on Windows 10. The new policies let you enable/disable @@ -31,45 +31,45 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi -| **New or updated** | **Group Policy** | **Description** | -|------------|-----------------|--------------------| -| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] | -| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] | -| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] | -| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] | -| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] | -| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] | -| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] | -| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] | -| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] | -| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | -| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | -| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] | -| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] | -| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] | -| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] | -| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] | -| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] | -| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] | -| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] | - - -# [2017](#tab/2017) +| **New or updated** | **Group Policy** | **Description** | +|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| +| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] | +| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] | +| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] | +| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] | +| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] | +| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] | +| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] | +| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] | +| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] | +| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | +| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) | [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | +| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] | +| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] | +| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] | +| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] | +| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] | +| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] | +| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] | +| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] | +#### [2017](#tab/2017/) ## September 2017 + |New or changed topic | Description | |---------------------|-------------| |[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New | ## February 2017 + |New or changed topic | Description | |----------------------|-------------| |[Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. | -# [2016](#tab/2016) - +#### [2016](#tab/2016/) ## November 2016 + |New or changed topic | Description | |----------------------|-------------| |[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added the infographic image and a download link.| @@ -79,6 +79,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi |[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. | ## July 2016 + |New or changed topic | Description | |----------------------|-------------| |[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)| Updated to include a note about the Long Term Servicing Branch (LTSB). | @@ -87,6 +88,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi ## June 2016 + |New or changed topic | Description | |----------------------|-------------| |[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |New | @@ -97,4 +99,4 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi |----------------------|-------------| |[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | ---- +* * * diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index 981615d98b..0bd095bc75 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -1,38 +1,48 @@ { "build": { - "content": - [ - { - "files": ["**/*.md","**/*.yml"], - "exclude": ["**/obj/**"] - } - ], + "content": [ + { + "files": [ + "**/*.md", + "**/*.yml" + ], + "exclude": [ + "**/obj/**" + ] + } + ], "resource": [ - { - "files": ["**/images/**"], - "exclude": ["**/obj/**"] - } + { + "files": [ + "**/images/**", + "**/*.png", + "**/*.jpg", + "**/*.gif" + ], + "exclude": [ + "**/obj/**" + ] + } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json", - "ROBOTS": "INDEX, FOLLOW", - "ms.technology": "microsoft-edge", - "ms.topic": "article", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.microsoft-edge", - "folder_relative_path_in_docset": "./" - } - } + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json", + "ROBOTS": "INDEX, FOLLOW", + "ms.technology": "microsoft-edge", + "ms.topic": "article", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "Win.microsoft-edge", + "folder_relative_path_in_docset": "./" + } + } }, - "externalReference": [ - ], + "externalReference": [], "template": "op.html", "dest": "browsers/edge", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/browsers/edge/edge-technical-demos.md b/browsers/edge/edge-technical-demos.md index 4044596777..5e6a3bbd9f 100644 --- a/browsers/edge/edge-technical-demos.md +++ b/browsers/edge/edge-technical-demos.md @@ -1,11 +1,13 @@ --- title: Microsoft Edge training and demonstrations +ms.reviewer: +manager: dansimp description: Get access to training and demonstrations for Microsoft Edge. ms.prod: edge ms.topic: article ms.manager: elizapo -author: lizap -ms.author: elizapo +author: msdmaguire +ms.author: dmaguire ms.localizationpriority: high --- @@ -27,10 +29,10 @@ Find out more about new and improved features of Microsoft Edge, and how you can Get a behind the scenes look at Microsoft Edge and the improvements we've made to make it faster and more efficient. -![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14] +> [!VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14/player] ### Building a safer browser: Four guards to keep users safe Learn about our security strategy and how we use the Four Guards to keep your users safe while they browse the Internet. -![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03] \ No newline at end of file +> [!VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03/player] diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 5fa2461985..94765b11fb 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -1,8 +1,10 @@ --- description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11. ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4 -author: shortpatti -ms.author: pashort +ms.reviewer: +manager: dansimp +author: eavena +ms.author: eravena ms.manager: dougkim ms.prod: browser-edge ms.topic: reference diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md index b8b82b3882..9997f747b5 100644 --- a/browsers/edge/group-policies/address-bar-settings-gp.md +++ b/browsers/edge/group-policies/address-bar-settings-gp.md @@ -4,10 +4,11 @@ description: Microsoft Edge, by default, shows a list of search suggestions in t services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md index 3ad76e0397..cb27d41986 100644 --- a/browsers/edge/group-policies/adobe-settings-gp.md +++ b/browsers/edge/group-policies/adobe-settings-gp.md @@ -4,10 +4,11 @@ description: Adobe Flash Player still has a significant presence on the internet services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md index d2e9d6ea91..b6649b869c 100644 --- a/browsers/edge/group-policies/books-library-management-gp.md +++ b/browsers/edge/group-policies/books-library-management-gp.md @@ -4,10 +4,11 @@ description: Microsoft Edge decreases the amount of storage used by book files b services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore @@ -33,4 +34,4 @@ You can find the Microsoft Edge Group Policy settings in the following location [!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)] ## Always show the Books Library in Microsoft Edge -[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)] \ No newline at end of file +[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)] diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md index 2570cc3c69..8de1ada8f5 100644 --- a/browsers/edge/group-policies/browser-settings-management-gp.md +++ b/browsers/edge/group-policies/browser-settings-management-gp.md @@ -4,10 +4,11 @@ description: Not only do the other Microsoft Edge group policies enhance the bro services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md index ca4870ac95..bc91700ced 100644 --- a/browsers/edge/group-policies/developer-settings-gp.md +++ b/browsers/edge/group-policies/developer-settings-gp.md @@ -5,9 +5,11 @@ services: keywords: ms.localizationpriority: medium managre: dougkim -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.topic: reference ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md index 3a7fc2dfe5..64ceac0368 100644 --- a/browsers/edge/group-policies/extensions-management-gp.md +++ b/browsers/edge/group-policies/extensions-management-gp.md @@ -4,10 +4,11 @@ description: Currently, Microsoft Edge allows users to add or personalize, and u services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md index 13c415afdf..9e33839605 100644 --- a/browsers/edge/group-policies/favorites-management-gp.md +++ b/browsers/edge/group-policies/favorites-management-gp.md @@ -4,10 +4,11 @@ description: Configure Microsoft Edge to either show or hide the favorites bar o services: keywords: ms.localizationpriority: medium -manager: dougkim -author: shortpatti -ms.author: pashort +manager: dansimp +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: ms.topic: reference ms.prod: edge ms.mktglfcycl: explore @@ -35,4 +36,4 @@ You can find the Microsoft Edge Group Policy settings in the following location [!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)] ## Provision Favorites -[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)] \ No newline at end of file +[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)] diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md index 3f22c2897d..653b98b0c5 100644 --- a/browsers/edge/group-policies/home-button-gp.md +++ b/browsers/edge/group-policies/home-button-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Home button group policies description: Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.prod: edge ms.mktglfcycl: explore diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml index 6e7a2ccb42..7ee2caf174 100644 --- a/browsers/edge/group-policies/index.yml +++ b/browsers/edge/group-policies/index.yml @@ -92,7 +92,7 @@ sections: - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/developer-settings-gp - html:

Learn how configure Microsoft Edge for development and testing.

+ html:

Learn how to configure Microsoft Edge for development and testing.

image: diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md index 9e39200fe0..c6779219cb 100644 --- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -2,10 +2,11 @@ title: Microsoft Edge - Interoperability and enterprise mode guidance description: Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. ms.localizationpriority: medium -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md index b18871a3e6..89d7050a86 100644 --- a/browsers/edge/group-policies/new-tab-page-settings-gp.md +++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - New Tab page group policies description: Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.prod: edge ms.mktglfcycl: explore @@ -42,4 +43,4 @@ You can find the Microsoft Edge Group Policy settings in the following location [!INCLUDE [set-new-tab-url-include](../includes/set-new-tab-url-include.md)] ## Allow web content on New Tab page -[!INCLUDE [allow-web-content-new-tab-page-include](../includes/allow-web-content-new-tab-page-include.md)] \ No newline at end of file +[!INCLUDE [allow-web-content-new-tab-page-include](../includes/allow-web-content-new-tab-page-include.md)] diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md index 8baa1858bb..51f6c1d949 100644 --- a/browsers/edge/group-policies/prelaunch-preload-gp.md +++ b/browsers/edge/group-policies/prelaunch-preload-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Prelaunch and tab preload group policies description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- @@ -39,4 +40,4 @@ You can find the Microsoft Edge Group Policy settings in the following location [!INCLUDE [allow-prelaunch-include](../includes/allow-prelaunch-include.md)] ## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed -[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)] \ No newline at end of file +[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)] diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md index 75677a0ec8..1dfa9b9928 100644 --- a/browsers/edge/group-policies/search-engine-customization-gp.md +++ b/browsers/edge/group-policies/search-engine-customization-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Search engine customization group policies description: Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md index cf137c8439..d2322bf7dc 100644 --- a/browsers/edge/group-policies/security-privacy-management-gp.md +++ b/browsers/edge/group-policies/security-privacy-management-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Security and privacy group policies description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- @@ -56,17 +57,18 @@ Another method thieves often use _hacking_ to attack a system through malformed Microsoft Edge addresses these threats to help make browsing the web a safer experience. -| Feature | Description | -|---|---| -| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). | -| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. | -| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include | -| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:

**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. | -| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. | -| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. | -| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. | -| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. | -| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. | -| **Extension model and HTML5 support** |Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). | -| **Reduced attack surfaces** |Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.

It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. | +| Feature | Description | +|-----------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). | +| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. | +| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include

| +| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:

**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. | +| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. | +| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. | +| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. | +| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. | +| **All web content runs in an app container sandbox** | Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. | +| **Extension model and HTML5 support** | Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). | +| **Reduced attack surfaces** | Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.

It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. | + --- diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md index 55df08e642..a94f166a21 100644 --- a/browsers/edge/group-policies/start-pages-gp.md +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -1,11 +1,12 @@ --- title: Microsoft Edge - Start pages group policies description: Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.localizationpriority: medium ms.date: 10/02/2018 +ms.reviewer: ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md index aac83e87ca..f14bbe0caf 100644 --- a/browsers/edge/group-policies/sync-browser-settings-gp.md +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Sync browser settings description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- @@ -41,4 +42,4 @@ To verify the settings: [!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)] ## Prevent users from turning on browser syncing -[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)] \ No newline at end of file +[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)] diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md index c83cd2848c..7ef162127b 100644 --- a/browsers/edge/group-policies/telemetry-management-gp.md +++ b/browsers/edge/group-policies/telemetry-management-gp.md @@ -1,10 +1,11 @@ --- title: Microsoft Edge - Telemetry and data collection group policies description: Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. -manager: dougkim -ms.author: pashort -author: shortpatti +manager: dansimp +ms.author: eravena +author: eavena ms.date: 10/02/2018 +ms.reviewer: ms.localizationpriority: medium ms.topic: reference --- @@ -27,4 +28,4 @@ You can find the Microsoft Edge Group Policy settings in the following location [!INCLUDE [configure-do-not-track-include.md](../includes/configure-do-not-track-include.md)] ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start -[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)] \ No newline at end of file +[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)] diff --git a/browsers/edge/img-microsoft-edge-infographic-lg.md b/browsers/edge/img-microsoft-edge-infographic-lg.md index e9d8b67cc2..3ac0066282 100644 --- a/browsers/edge/img-microsoft-edge-infographic-lg.md +++ b/browsers/edge/img-microsoft-edge-infographic-lg.md @@ -2,6 +2,10 @@ description: A full-sized view of the Microsoft Edge infographic. title: Full-sized view of the Microsoft Edge infographic ms.date: 11/10/2016 +ms.reviewer: +manager: dansimp +ms.author: eravena +author: eavena --- Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md index fef471693a..ab2f7a396f 100644 --- a/browsers/edge/includes/allow-address-bar-suggestions-include.md +++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,10 +18,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented. Hide the Address bar drop-down list and disable the _Show search and site suggestions as I type_ toggle in Settings. |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|-----------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented. Hide the Address bar drop-down list and disable the *Show search and site suggestions as I type* toggle in Settings. | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured **(default)** | 1 | 1 | Allowed. Show the Address bar drop-down list and make it available. | | + --- ### ADMX info and settings @@ -46,4 +49,4 @@ ms:topic: include [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)] -

\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md index c3965dd477..6747a07952 100644 --- a/browsers/edge/includes/allow-adobe-flash-include.md +++ b/browsers/edge/includes/allow-adobe-flash-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled |0 |0 |Prevented | -|Enabled **(default)** |1 |1 |Allowed | +| Group Policy | MDM | Registry | Description | +|-----------------------|:---:|:--------:|-------------| +| Disabled | 0 | 0 | Prevented | +| Enabled **(default)** | 1 | 1 | Allowed | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md index a3bd064c75..c760771868 100644 --- a/browsers/edge/includes/allow-clearing-browsing-data-include.md +++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured **(default)** |0 |0 |Prevented. Users can configure the _Clear browsing data_ option in Settings. | | -|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|------------------------------------------|:---:|:--------:|------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured **(default)** | 0 | 0 | Prevented. Users can configure the *Clear browsing data* option in Settings. | | +| Enabled | 1 | 1 | Allowed. Clear the browsing data upon exit automatically. | ![Most restricted value](/images/check-gn.png) | + --- @@ -41,4 +44,4 @@ ms:topic: include - **Value name:** ClearBrowsingHistoryOnExit - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md index 21454f87b9..c8bfafc686 100644 --- a/browsers/edge/includes/allow-config-updates-books-include.md +++ b/browsers/edge/includes/allow-config-updates-books-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented. |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented. | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md index 867850d83f..a214284ce3 100644 --- a/browsers/edge/includes/allow-cortana-include.md +++ b/browsers/edge/includes/allow-cortana-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented. Users can still search to find items on their device. |![Most restricted value](../images/check-gn.png) | -|Enabled
**(default)** |1 |1 |Allowed. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------|:---:|:--------:|------------------------------------------------------------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented. Users can still search to find items on their device. | ![Most restricted value](/images/check-gn.png) | +| Enabled
**(default)** | 1 | 1 | Allowed. | | + --- ### ADMX info and settings @@ -33,7 +36,7 @@ ms:topic: include - **Supported devices:** Mobile - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana - **Data type:** Integer - + #### Registry settings - **Path:** HKLM\Software\Policies\Microsoft\Windows\Windows Search - **Value name:** AllowCortana diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md index b335926754..c45ed8ab89 100644 --- a/browsers/edge/includes/allow-dev-tools-include.md +++ b/browsers/edge/includes/allow-dev-tools-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Allowed | | + --- @@ -33,12 +36,12 @@ ms:topic: include #### MDM settings - **MDM name:** Browser/[AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) - **Supported devices:** Desktop -- **URI full Path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools +- **URI full Path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools - **Data type:** Integer #### Registry settings - **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12 -- **Value name:** AllowDeveloperTools +- **Value name:** AllowDeveloperTools - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md index ec76df7f79..9fd30cb289 100644 --- a/browsers/edge/includes/allow-enable-book-library-include.md +++ b/browsers/edge/includes/allow-enable-book-library-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md index f078711142..041dbcc3fc 100644 --- a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md +++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Gather and send only basic diagnostic data. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in _Settings > Diagnostics & feedback_ to **Full**. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Gather and send only basic diagnostic data. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in *Settings > Diagnostics & feedback* to **Full**. | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md index bb9b65ea2c..88e44401f9 100644 --- a/browsers/edge/includes/allow-extensions-include.md +++ b/browsers/edge/includes/allow-extensions-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled |0 |0 |Prevented | -|Enabled or not configured
**(default)** |1 |1 |Allowed | +| Group Policy | MDM | Registry | Description | +|--------------------------------------------|:---:|:--------:|-------------| +| Disabled | 0 | 0 | Prevented | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | + --- ### ADMX info and settings @@ -43,4 +46,4 @@ ms:topic: include [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md index 6cbfe544bd..893caa3d51 100644 --- a/browsers/edge/includes/allow-full-screen-include.md +++ b/browsers/edge/includes/allow-full-screen-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,10 +18,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md index 77339e72ef..57684b112b 100644 --- a/browsers/edge/includes/allow-inprivate-browsing-include.md +++ b/browsers/edge/includes/allow-inprivate-browsing-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,10 +18,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md index bbc6aad2d2..1774a96433 100644 --- a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md +++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md index 7f1d10363c..4121c136de 100644 --- a/browsers/edge/includes/allow-prelaunch-include.md +++ b/browsers/edge/includes/allow-prelaunch-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restrictive value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restrictive value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- @@ -37,8 +40,8 @@ ms:topic: include - **Data type:** Integer #### Registry settings -- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main - **Value name:** AllowPrelaunch - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md index c489b9ebdd..395ccab5bb 100644 --- a/browsers/edge/includes/allow-printing-include.md +++ b/browsers/edge/includes/allow-printing-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restrictive value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restrictive value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings @@ -39,4 +42,4 @@ ms:topic: include - **Value name:** AllowPrinting - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md index cc495aac9e..926c625142 100644 --- a/browsers/edge/includes/allow-saving-history-include.md +++ b/browsers/edge/includes/allow-saving-history-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings @@ -41,4 +44,4 @@ ms:topic: include - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md index cc3137fa52..213f8ea19f 100644 --- a/browsers/edge/includes/allow-search-engine-customization-include.md +++ b/browsers/edge/includes/allow-search-engine-customization-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed | | + --- ### ADMX info and settings @@ -53,4 +56,4 @@ ms:topic: include - [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md index d4b813968c..a36ba01cb6 100644 --- a/browsers/edge/includes/allow-shared-folder-books-include.md +++ b/browsers/edge/includes/allow-shared-folder-books-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,13 +17,15 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Prevented. Microsoft Edge downloads book files to a per-user folder for each user. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

Also, the users must be signed in with a school or work account.| | + +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Prevented. Microsoft Edge downloads book files to a per-user folder for each user. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

Also, the users must be signed in with a school or work account. | | + --- -![Allow a shared books folder](../images/allow-shared-books-folder_sm.png) +![Allow a shared books folder](/images/allow-shared-books-folder_sm.png) ### ADMX info and settings diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md index b0575c853b..db295e9481 100644 --- a/browsers/edge/includes/allow-sideloading-extensions-include.md +++ b/browsers/edge/includes/allow-sideloading-extensions-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured |0 |0 |Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |![Most restricted value](../images/check-gn.png) | -|Enabled
**(default)** |1 |1 |Allowed. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|----------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). | ![Most restricted value](/images/check-gn.png) | +| Enabled
**(default)** | 1 | 1 | Allowed. | | + --- ### ADMX info and settings @@ -49,4 +52,4 @@ ms:topic: include [Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. -

\ No newline at end of file +
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md index 194b9ae015..f1f79bda9c 100644 --- a/browsers/edge/includes/allow-tab-preloading-include.md +++ b/browsers/edge/includes/allow-tab-preloading-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Prevented. |![Most restricted value](../images/check-gn.png) | -|Enabled or not configured
**(default)** |1 |1 |Allowed. Preload Start and New Tab pages. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|-------------------------------------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Prevented. | ![Most restricted value](/images/check-gn.png) | +| Enabled or not configured
**(default)** | 1 | 1 | Allowed. Preload Start and New Tab pages. | | + --- ### ADMX info and settings @@ -35,8 +38,8 @@ ms:topic: include - **Data type:** Integer #### Registry settings -- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -- **Create Value name:** AllowPrelaunch +- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader +- **Create Value name:** AllowTabPreloading - **Value type:** REG_DWORD - **DWORD Value:** 1 diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md index cdd5bb2adc..ac9e26abee 100644 --- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md +++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 11/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,10 +18,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from making changes. | -|Enabled or not configured **(default)** |1 |1 |Load the default New Tab page and the users make changes. | +| Group Policy | MDM | Registry | Description | +|-----------------------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------| +| Disabled | 0 | 0 | Load a blank page instead of the default New Tab page and prevent users from making changes. | +| Enabled or not configured **(default)** | 1 | 1 | Load the default New Tab page and the users make changes. | + --- ### ADMX info and settings @@ -44,4 +47,4 @@ ms:topic: include ### Related policies [Set New Tab page URL](../available-policies.md#set-new-tab-page-url): [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md index 16ee156803..f1953cf341 100644 --- a/browsers/edge/includes/always-enable-book-library-include.md +++ b/browsers/edge/includes/always-enable-book-library-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md index cd5341cd46..4845c13f9d 100644 --- a/browsers/edge/includes/configure-additional-search-engines-include.md +++ b/browsers/edge/includes/configure-additional-search-engines-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Prevented. Use the search engine specified in App settings.

If you enabled this policy and now want to disable it, all previously configured search engines get removed. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.

For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.

If you enabled this policy and now want to disable it, all previously configured search engines get removed. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Allowed. Add up to five additional search engines and set any one of them as the default.

For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | | + --- ### ADMX info and settings @@ -52,4 +55,4 @@ ms:topic: include - [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. -

\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md index 3011317313..8815d323d1 100644 --- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md +++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled |0 |0 |Load and run Adobe Flash content automatically. | | -|Enabled or not configured
**(default)** |1 |1 |Do not load or run Adobe Flash content and require action from the user. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled | 0 | 0 | Load and run Adobe Flash content automatically. | | +| Enabled or not configured
**(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -39,4 +42,4 @@ ms:topic: include - **Value name:** FlashClickToRunMode - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md index bd717cc583..b151c79f48 100644 --- a/browsers/edge/includes/configure-autofill-include.md +++ b/browsers/edge/includes/configure-autofill-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured
**(default)** | Blank |Blank |Users can choose to use Autofill. | | -|Disabled | 0 | no | Prevented. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |yes | Allowed. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------|:-----:|:--------:|-----------------------------------|:------------------------------------------------:| +| Not configured
**(default)** | Blank | Blank | Users can choose to use Autofill. | | +| Disabled | 0 | no | Prevented. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | yes | Allowed. | | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md index f4c4360129..47a1913697 100644 --- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md +++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -13,24 +15,25 @@ ms:topic: include [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] ->[!IMPORTANT] ->For this policy to work, enable the **Allow Telemetry** group policy with the _Enhanced_ option and enable the **Configure the Commercial ID** group policy by providing the Commercial ID. -> ->You can find these policies in the following location of the Group Policy Editor: +> [!IMPORTANT] +> For this policy to work, enable the **Allow Telemetry** group policy with the _Enhanced_ option and enable the **Configure the Commercial ID** group policy by providing the Commercial ID. > ->**Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\** -> +> You can find these policies in the following location of the Group Policy Editor: +> +> **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\** +> ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Send intranet history only | | -|Enabled |2 |2 |Send Internet history only | | -|Enabled |3 |3 |Send both intranet and Internet history | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | No data collected or sent | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Send intranet history only | | +| Enabled | 2 | 2 | Send Internet history only | | +| Enabled | 3 | 3 | Send both intranet and Internet history | | + --- diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md index 5ef992f09e..763646944e 100644 --- a/browsers/edge/includes/configure-cookies-include.md +++ b/browsers/edge/includes/configure-cookies-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Enabled |0 |0 |Block all cookies from all sites. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Block only coddies from third party websites. | | -|Disabled or not configured
**(default)** |2 |2 |Allow all cookies from all sites. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:| +| Enabled | 0 | 0 | Block all cookies from all sites. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Block only coddies from third party websites. | | +| Disabled or not configured
**(default)** | 2 | 2 | Allow all cookies from all sites. | | + --- ### ADMX info and settings @@ -40,4 +43,4 @@ ms:topic: include - **Value name:** Cookies - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md index 4e77fdadf8..42afad9fa1 100644 --- a/browsers/edge/includes/configure-do-not-track-include.md +++ b/browsers/edge/includes/configure-do-not-track-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured
**(default)** |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | | -|Disabled |0 |0 |Never send tracking information. | | -|Enabled |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Not configured
**(default)** | Blank | Blank | Do not send tracking information but let users choose to send tracking information to sites they visit. | | +| Disabled | 0 | 0 | Never send tracking information. | | +| Enabled | 1 | 1 | Send tracking information. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -39,4 +42,4 @@ ms:topic: include - **Value name:** DoNotTrack - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md index 2fa8b095e5..bb5cb307bb 100644 --- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md +++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -37,7 +39,7 @@ You must set the Configure kiosk mode policy to enabled (1 - InPrivate public br #### Registry settings - **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode -- **Value name:**ConfigureKioskResetAfterIdleTimeout +- Value name:ConfigureKioskResetAfterIdleTimeout - **Value type:** REG_DWORD @@ -51,4 +53,4 @@ You must set the Configure kiosk mode policy to enabled (1 - InPrivate public br ### Related topics [Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience. -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md index aeb849adf4..65c68c67e1 100644 --- a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md +++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md @@ -9,10 +9,11 @@ ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. | -|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.

For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). | +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Disabled or not configured
**(default)** | 0 | 0 | Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. | +| Enabled | 1 | 1 | Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.

For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). | + --- ### ADMX info and settings @@ -29,7 +30,7 @@ - **Supported devices:** Desktop and Mobile - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList - **Data type:** String - + #### Registry settings - **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode - **Value name:** SiteList diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md index a5350ca9aa..35f0cefa19 100644 --- a/browsers/edge/includes/configure-favorites-bar-include.md +++ b/browsers/edge/includes/configure-favorites-bar-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -43,4 +45,4 @@ ms:topic: include - **Value name:** ConfigureFavoritesBar - **Value type:** REG_DWORD -

\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md index 5287150eea..88b284d0ae 100644 --- a/browsers/edge/includes/configure-favorites-include.md +++ b/browsers/edge/includes/configure-favorites-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -9,4 +11,4 @@ ms:topic: include >Discontinued in the Windows 10 October 2018 Update. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** group policy instead. -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md index eaaa4f7af4..9796369a9f 100644 --- a/browsers/edge/includes/configure-home-button-include.md +++ b/browsers/edge/includes/configure-home-button-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/28/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,12 +18,13 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |0 |0 |Load the Start page. | -|Enabled |1 |1 |Load the New Tab page. | -|Enabled |2 |2 |Load the custom URL defined in the Set Home Button URL policy. | -|Enabled |3 |3 |Hide the home button. | +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------| +| Disabled or not configured
**(default)** | 0 | 0 | Load the Start page. | +| Enabled | 1 | 1 | Load the New Tab page. | +| Enabled | 2 | 2 | Load the custom URL defined in the Set Home Button URL policy. | +| Enabled | 3 | 3 | Hide the home button. | + --- @@ -51,7 +54,7 @@ ms:topic: include ### Related policies - [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)] - + - [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] diff --git a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md index 98e3d163d0..3578afcf88 100644 --- a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md +++ b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md @@ -1,13 +1,17 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/27/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -| | | -|---|---| -| **Single-app**

![thumbnail](../images/Picture1-sm.png)

**Digital/interactive signage**

Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.

**Policy setting** = Not configured (0 default)

|

 

![thumbnail](../images/Picture2-sm.png)

**Public browsing**

Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.

The single-app public browsing mode is the only kiosk mode that has an **End session** button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.

_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

**Policy setting** = Enabled (1) | -| **Multi-app**

![thumbnail](../images/Picture5-sm.png)

**Normal browsing**

Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.

Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

**Policy setting** = Not configured (0 default) |

 

![thumbnail](../images/Picture6-sm.png)

**Public browsing**

Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.

In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

**Policy setting** = Enabled (1) | ---- \ No newline at end of file + +| | | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Single-app**

![thumbnail](/images/Picture1-sm.png)

**Digital/interactive signage**

Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.

**Policy setting** = Not configured (0 default)

|

 

![thumbnail](/images/Picture2-sm.png)

Public browsing

Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.

The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.

Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

Policy setting = Enabled (1) | +| **Multi-app**

![thumbnail](/images/Picture5-sm.png)

**Normal browsing**

Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.

Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

**Policy setting** = Not configured (0 default) |

 

![thumbnail](/images/Picture6-sm.png)

Public browsing

Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.

In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

Policy setting = Enabled (1) | + +--- diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md index 197b2c1f1a..0a8662e724 100644 --- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md +++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/27/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -46,4 +48,4 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o ### Related topics [Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience. -

\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md index 35c21d3076..966a8be23e 100644 --- a/browsers/edge/includes/configure-open-edge-with-include.md +++ b/browsers/edge/includes/configure-open-edge-with-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -19,13 +21,14 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Not configured |Blank |Blank |If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. | -|Enabled |0 |0 |Load the Start page. | -|Enabled |1 |1 |Load the New Tab page. | -|Enabled |2 |2 |Load the previous pages. | -|Enabled
**(default)** |3 |3 |Load a specific page or pages. | +| Group Policy | MDM | Registry | Description | +|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------| +| Not configured | Blank | Blank | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. | +| Enabled | 0 | 0 | Load the Start page. | +| Enabled | 1 | 1 | Load the New Tab page. | +| Enabled | 2 | 2 | Load the previous pages. | +| Enabled
**(default)** | 3 | 3 | Load a specific page or pages. | + --- @@ -62,4 +65,4 @@ ms:topic: include ---- \ No newline at end of file +--- diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md index 463baf4185..35cba0ce23 100644 --- a/browsers/edge/includes/configure-password-manager-include.md +++ b/browsers/edge/includes/configure-password-manager-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured |Blank |Blank |Users can choose to save and manage passwords locally. | | -|Disabled |0 |no |Not allowed. |![Most restricted value](../images/check-gn.png) | -|Enabled
**(default)** |1 |yes |Allowed. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|--------------------------|:-----:|:--------:|--------------------------------------------------------|:------------------------------------------------:| +| Not configured | Blank | Blank | Users can choose to save and manage passwords locally. | | +| Disabled | 0 | no | Not allowed. | ![Most restricted value](/images/check-gn.png) | +| Enabled
**(default)** | 1 | yes | Allowed. | | + --- Verify not allowed/disabled settings: @@ -43,4 +46,4 @@ Verify not allowed/disabled settings: - **Value name:** FormSuggest Passwords - **Value type:** REG_SZ -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md index dffcc2ed7e..1595f8fc6f 100644 --- a/browsers/edge/includes/configure-pop-up-blocker-include.md +++ b/browsers/edge/includes/configure-pop-up-blocker-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured |Blank |Blank |Users can choose to use Pop-up Blocker. | | -|Disabled
**(default)** |0 |0 |Turned off. Allow pop-up windows to open. | | -|Enabled |1 |1 |Turned on. Prevent pop-up windows from opening. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------|:-----:|:--------:|-------------------------------------------------|:------------------------------------------------:| +| Not configured | Blank | Blank | Users can choose to use Pop-up Blocker. | | +| Disabled
**(default)** | 0 | 0 | Turned off. Allow pop-up windows to open. | | +| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -39,4 +42,4 @@ ms:topic: include - **Value name:** AllowPopups - **Value type:** REG_SZ -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md index 4985091db3..e81aff3cec 100644 --- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md +++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured
**(default)** |Blank |Blank |Users can choose to see search suggestions. | | -|Disabled |0 |0 |Prevented. Hide the search suggestions. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Allowed. Show the search suggestions. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------|:-----:|:--------:|---------------------------------------------|:------------------------------------------------:| +| Not configured
**(default)** | Blank | Blank | Users can choose to see search suggestions. | | +| Disabled | 0 | 0 | Prevented. Hide the search suggestions. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Allowed. Show the search suggestions. | | + --- ### ADMX info and settings @@ -39,4 +42,4 @@ ms:topic: include - **Value name:** ShowSearchSuggestionsGlobal - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md index 3d007554e7..04b7eeddd9 100644 --- a/browsers/edge/includes/configure-start-pages-include.md +++ b/browsers/edge/includes/configure-start-pages-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. | -|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:

    \\

**Version 1703 or later:**
If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.

**Version 1809:**
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. | +| Group Policy | MDM | Registry | Description | +|----------------|:------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Not configured | Blank | Blank | Load the pages specified in App settings as the default Start pages. | +| Enabled | String | String | Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:

    \\

**Version 1703 or later:**
If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.

**Version 1809:**
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. | + --- ### ADMX info and settings @@ -42,10 +45,10 @@ ms:topic: include ### Related policies -- [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] +- [Disable Lockdown of Start Pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] - [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] -

\ No newline at end of file +
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md index 5e460d6a00..0deb5b8f82 100644 --- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md +++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,16 +16,17 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured |Blank |Blank |Users can choose to use Windows Defender SmartScreen. | | -|Disabled |0 |0 |Turned off. Do not protect users from potential threats and prevent users from turning it on. | | -|Enabled |1 |1 |Turned on. Protect users from potential threats and prevent users from turning it off. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | | +| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | | +| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. | ![Most restricted value](/images/check-gn.png) | + --- To verify Windows Defender SmartScreen is turned off (disabled): 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**. -2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.

![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG) +2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.

![Verify that Windows Defender SmartScreen is turned off (disabled)](/images/allow-smart-screen-validation.PNG) ### ADMX info and settings @@ -44,4 +47,4 @@ To verify Windows Defender SmartScreen is turned off (disabled): - **Value name:** EnabledV9 - **Value type:** REG_DWORD -

\ No newline at end of file +
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md index 94af3ec1e5..d5eaa236e5 100644 --- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md +++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -11,13 +13,14 @@ ms:topic: include >*Default setting: Enabled (Start pages are not editable)* [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] - + ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured |0 |0 |Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|----------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | | + --- @@ -52,4 +55,4 @@ ms:topic: include [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] -

\ No newline at end of file +
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md index 143622193e..2ec6bea84d 100644 --- a/browsers/edge/includes/do-not-sync-browser-settings-include.md +++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. | -|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the _Sync your Settings_ option. | +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. | +| Enabled | 2 | 2 | Prevented/turned off. The “browser” group does not use the *Sync your Settings* option. | + --- diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md index 4434b8e64c..255d83e1be 100644 --- a/browsers/edge/includes/do-not-sync-include.md +++ b/browsers/edge/includes/do-not-sync-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. Users can choose what to sync to their device. | | -|Enabled |2 |2 |Prevented/turned off. Disables the _Sync your Settings_ toggle and prevents syncing. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned on. Users can choose what to sync to their device. | | +| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -42,4 +45,4 @@ ms:topic: include [About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are synced. -
\ No newline at end of file +
diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md index 7d722faf12..686e6b552c 100644 --- a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md +++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. \ No newline at end of file +[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. diff --git a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md index d3d116dc84..e20c31d301 100644 --- a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md +++ b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md index c7fc49bc93..dc17580d47 100644 --- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md +++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Turned off/not syncing | | -|Enabled |1 |1 |Turned on/syncing |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Turned off/not syncing | | +| Enabled | 1 | 1 | Turned on/syncing | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** SyncFavoritesBetweenIEAndMicrosoftEdge - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md index f7d692d864..594b69a5ec 100644 --- a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md +++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md index 1f55180874..cf2adc30cc 100644 --- a/browsers/edge/includes/prevent-access-about-flag-include.md +++ b/browsers/edge/includes/prevent-access-about-flag-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed | | -|Enabled |1 |1 |Prevented |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed | | +| Enabled | 1 | 1 | Prevented | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** PreventAccessToAboutFlagsInMicrosoftEdge - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md index 7638ce642a..077eca88ab 100644 --- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md +++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | | -|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | | +| Enabled | 1 | 1 | Prevented/turned on. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** PreventOverrideAppRepUnknown - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md index 438290f181..95d1c0a7ec 100644 --- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md +++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to the site.| | -|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to the site. | | +| Enabled | 1 | 1 | Prevented/turned on. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** PreventOverride - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md index 404d0688e3..5957d7ca37 100644 --- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md +++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -13,10 +15,11 @@ ms:topic: include [!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)] -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. Override the security warning to sites that have SSL errors. | | -|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned on. Override the security warning to sites that have SSL errors. | | +| Enabled | 1 | 1 | Prevented/turned on. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md index 75a386025f..30a902cbbf 100644 --- a/browsers/edge/includes/prevent-changes-to-favorites-include.md +++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | | -|Enabled |1 |1 |Prevented/locked down. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | | +| Enabled | 1 | 1 | Prevented/locked down. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** LockdownFavorites - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md index ec2966bba7..50e5ffbe36 100644 --- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md +++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed. Load the First Run webpage. | | -|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed. Load the First Run webpage. | | +| Enabled | 1 | 1 | Prevented. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -33,9 +36,9 @@ ms:topic: include - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage - **Data type:** Integer -####Registry +#### Registry - **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main - **Value name:** PreventFirstRunPage - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md index e595e3fe28..86777ec60f 100644 --- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md +++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Collect and send Live Tile metadata. | | -|Enabled |1 |1 |Do not collect data. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Collect and send Live Tile metadata. | | +| Enabled | 1 | 1 | Do not collect data. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** PreventLiveTileDataCollection - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md index 39187a492b..d66fd0ae7d 100644 --- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md +++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |Allowed. Show localhost IP addresses. | | -|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|---------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | Allowed. Show localhost IP addresses. | | +| Enabled | 1 | 1 | Prevented. | ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -38,4 +41,4 @@ ms:topic: include - **Value name:** HideLocalHostIPAddress - **Value type:** REG_DWORD -
\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md index 4f168cc2ab..68042aad34 100644 --- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md +++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -15,10 +17,11 @@ ms:topic: include ### Supported values -|Group Policy |Description | -|---|---| -|Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | -|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:

_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. | +| Group Policy | Description | +|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Disabled or not configured
**(default)** | Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | +| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:

*Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe*

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. | + --- @@ -53,4 +56,4 @@ ms:topic: include - [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. - [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house. -

\ No newline at end of file +
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md index 5548ae3f74..3a06e77d5d 100644 --- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md +++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -13,10 +15,12 @@ ms:topic: include [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings. | -|Enabled or not configured
**(default)** |1 |1 |Prevented/turned off. | + +| Group Policy | MDM | Registry | Description | +|--------------------------------------------|:---:|:--------:|---------------------------------------------------------| +| Disabled | 0 | 0 | Allowed/turned on. Users can sync the browser settings. | +| Enabled or not configured
**(default)** | 1 | 1 | Prevented/turned off. | + --- @@ -41,4 +45,4 @@ ms:topic: include [About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices) -
\ No newline at end of file +
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md index a67f33444b..5fb77898e4 100644 --- a/browsers/edge/includes/provision-favorites-include.md +++ b/browsers/edge/includes/provision-favorites-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -18,10 +20,11 @@ ms:topic: include ### Supported values -|Group Policy |Description |Most restricted | -|---|---|:---:| -|Disabled or not configured
**(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | | -|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.

To define a default list of favorites, do the following:

  1. In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
  2. Click **Import from another browser**, click **Export to file** and save the file.
  3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
|![Most restricted value](../images/check-gn.png) | +| Group Policy | Description | Most restricted | +|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | | +| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.

To define a default list of favorites, do the following:

  1. In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
  2. Click **Import from another browser**, click **Export to file** and save the file.
  3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
| ![Most restricted value](/images/check-gn.png) | + --- ### ADMX info and settings @@ -46,4 +49,4 @@ ms:topic: include ### Related policies [Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md index 0189af0a67..019cbc16f0 100644 --- a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md +++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. \ No newline at end of file +[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md index 17ce737c8c..f12f7f392d 100644 --- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md +++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -18,10 +20,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.

Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.

  1. In Group Policy Editor, navigate to:

    **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**

  2. Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.

    A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.

| | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Only intranet sites open in Internet Explorer 11 automatically.

Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.

  1. In Group Policy Editor, navigate to:

    **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**

  2. Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.

    A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.

| | + --- @@ -56,4 +59,4 @@ ms:topic: include - [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. -
\ No newline at end of file +
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md index f7156818de..5620ea5e8b 100644 --- a/browsers/edge/includes/set-default-search-engine-include.md +++ b/browsers/edge/includes/set-default-search-engine-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,11 +16,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Not configured
**(default)** |Blank |Blank |Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | | -|Disabled |0 |0 |Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | | -|Enabled |1 |1 |Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.

Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.

If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.

If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |![Most restricted value](../images/check-gn.png) | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Not configured
**(default)** | Blank | Blank | Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | | +| Disabled | 0 | 0 | Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | | +| Enabled | 1 | 1 | Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.

Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.

If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.

If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. | ![Most restricted value](/images/check-gn.png) | + --- @@ -54,4 +57,4 @@ ms:topic: include - [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): The Microsoft Edge address bar uses rich search integration, including search suggestions, results from the web, your browsing history, and favorites. -

\ No newline at end of file +
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md index 5e091f18ac..355240ff1a 100644 --- a/browsers/edge/includes/set-home-button-url-include.md +++ b/browsers/edge/includes/set-home-button-url-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |Blank |Blank |Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. | -|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.

For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option. | +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Disabled or not configured
**(default)** | Blank | Blank | Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. | +| Enabled - String | String | String | Enter a URL in string format, for example, https://www.msn.com.

For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the *Show home button & set a specific page* option. | + --- diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md index 8b9ac1c728..a53dd93220 100644 --- a/browsers/edge/includes/set-new-tab-url-include.md +++ b/browsers/edge/includes/set-new-tab-url-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |Blank |Blank |Load the default New Tab page. | -|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.

Enabling this policy prevents users from making changes.

| +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:------:|:--------:|----------------------------------------------------------------------------------------------------------------------------------| +| Disabled or not configured
**(default)** | Blank | Blank | Load the default New Tab page. | +| Enabled - String | String | String | Enter a URL in string format, for example, https://www.msn.com.

Enabling this policy prevents users from making changes.

| + --- ### ADMX info and settings @@ -42,7 +45,7 @@ ms:topic: include ### Related policies [Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page): [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)] - -

\ No newline at end of file + +
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md index c5e808c926..bb626be0cf 100644 --- a/browsers/edge/includes/show-message-opening-sites-ie-include.md +++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -17,11 +19,12 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |No additional message displays. |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | | -|Enabled |2 |2 |Show an additional message with a _Keep going in Microsoft Edge_ link to allow users to open the site in Microsoft Edge. | | +| Group Policy | MDM | Registry | Description | Most restricted | +|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| +| Disabled or not configured
**(default)** | 0 | 0 | No additional message displays. | ![Most restricted value](/images/check-gn.png) | +| Enabled | 1 | 1 | Show an additional message stating that a site has opened in IE11. | | +| Enabled | 2 | 2 | Show an additional message with a *Keep going in Microsoft Edge* link to allow users to open the site in Microsoft Edge. | | + --- ### ADMX info and settings @@ -49,4 +52,4 @@ ms:topic: include - [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11): [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md index d2c2e44746..bf30d5d9ed 100644 --- a/browsers/edge/includes/unlock-home-button-include.md +++ b/browsers/edge/includes/unlock-home-button-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -14,10 +16,11 @@ ms:topic: include ### Supported values -|Group Policy |MDM |Registry |Description | -|---|:---:|:---:|---| -|Disabled or not configured
**(default)** |0 |0 |Locked, preventing users from making changes. | -|Enabled |1 |1 |Unlocked, letting users make changes. | +| Group Policy | MDM | Registry | Description | +|---------------------------------------------|:---:|:--------:|-----------------------------------------------| +| Disabled or not configured
**(default)** | 0 | 0 | Locked, preventing users from making changes. | +| Enabled | 1 | 1 | Unlocked, letting users make changes. | + --- ### ADMX info and settings @@ -41,8 +44,8 @@ ms:topic: include ### Related policies - [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)] - + - [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)] -
\ No newline at end of file +
diff --git a/browsers/edge/managing-group-policy-admx-files.md b/browsers/edge/managing-group-policy-admx-files.md index 2f76d6a665..ff853cd179 100644 --- a/browsers/edge/managing-group-policy-admx-files.md +++ b/browsers/edge/managing-group-policy-admx-files.md @@ -2,8 +2,10 @@ title: Managing group policy ADMX files description: Learn how to centrally administer and incorporate ADMX files when editing the administrative template policy settings inside a local or domain-based Group Policy object. ms.assetid: -author: shortpatti -ms.author: pashort +ms.reviewer: +manager: dansimp +author: eavena +ms.author: eravena ms.prod: edge ms.sitesec: library ms.localizationpriority: medium diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md index d862020dcc..ac6e0b7224 100644 --- a/browsers/edge/microsoft-edge-faq.md +++ b/browsers/edge/microsoft-edge-faq.md @@ -1,8 +1,10 @@ --- title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros +ms.reviewer: +manager: dansimp description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems. -author: lizap -ms.author: elizapo +author: msdmaguire +ms.author: dmaguire ms.prod: edge ms.topic: article ms.mktglfcycl: general diff --git a/browsers/edge/microsoft-edge-forrester.md b/browsers/edge/microsoft-edge-forrester.md index 46e097832b..a68908bb52 100644 --- a/browsers/edge/microsoft-edge-forrester.md +++ b/browsers/edge/microsoft-edge-forrester.md @@ -1,10 +1,12 @@ --- title: Forrester Total Economic Impact - Microsoft Edge +ms.reviewer: +manager: dansimp description: Review the results of the Microsoft Edge study carried out by Forrester Research ms.prod: edge ms.topic: article -author: lizap -ms.author: elizapo +author: msdmaguire +ms.author: dmaguire ms.localizationpriority: high --- # Measuring the impact of Microsoft Edge - Total Economic Impact (TEI) of Microsoft Edge @@ -14,7 +16,7 @@ Forrester Research measures the return on investment (ROI) of Microsoft Edge in ## Forrester report video summary View a brief overview of the Forrester TEI case study that Microsoft commissioned to examine the value your organization can achieve by utilizing Microsoft Edge: ->![VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE26zQm] +> ![VIDEO ] ## Forrester Study report @@ -31,4 +33,4 @@ Get a graphical summary of the TEI of Microsoft Edge Forrester Study report and Forrester surveyed 168 customers using Microsoft Edge form the US, Germany, UK, and Japan, ranging in size from 500 to over 100,000 employees. This document is an abridged version of this survey commissioned by Microsoft and delivery by Forrester consulting. -[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892) \ No newline at end of file +[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 81e06a0a9d..b1d69471cd 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -2,8 +2,10 @@ title: Deploy Microsoft Edge kiosk mode description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. ms.assetid: -author: shortpatti -ms.author: pashort +ms.reviewer: +manager: dansimp +author: eavena +ms.author: eravena ms.prod: edge ms.sitesec: library ms.topic: get-started-article @@ -232,21 +234,21 @@ Make sure to check with your provider for instructions. ## Feature comparison of kiosk mode and kiosk browser app In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access. -| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** | -|---------------|:----------------:|:---------------:| -| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Allow/Block URL support | ![Supported](images/148767.png)

*\*For Microsoft Edge kiosk mode use* Windows Defender Firewall*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png) | -| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*Same as Home button URL* | -| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| End session button | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* | -| Reset on inactivity | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)

*Multi-app mode only* | ![Not supported](images/148766.png) | -| Available in Microsoft Store | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -|SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | +| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** | +|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:| +| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Allow/Block URL support | ![Supported](images/148767.png)

*\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. | ![Supported](images/148767.png) | +| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*Same as Home button URL* | +| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| End session button | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* | +| Reset on inactivity | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)

*Multi-app mode only* | ![Not supported](images/148766.png) | +| Available in Microsoft Store | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | **\*Windows Defender Firewall**

To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md index 7eb5da6bd4..8b9845345f 100644 --- a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md +++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account. \ No newline at end of file +Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account. diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md index d970c98301..2a5773c6f9 100644 --- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md +++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings. \ No newline at end of file +Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings. diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md index a06ece3f82..d4c81bfe8f 100644 --- a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md +++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running. \ No newline at end of file +Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running. diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md index 75e6fa71ed..b62ac92d82 100644 --- a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md +++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes. \ No newline at end of file +Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes. diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md index 69f981f0d4..658351c9e1 100644 --- a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md +++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file. \ No newline at end of file +Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file. diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md index cc694ab73b..4b9008b8a0 100644 --- a/browsers/edge/shortdesc/allow-cortana-shortdesc.md +++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device. \ No newline at end of file +Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device. diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md index ef095e5733..faedf6e98c 100644 --- a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md +++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools. \ No newline at end of file +Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools. diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md index 1bbf337754..914207eace 100644 --- a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md +++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data. \ No newline at end of file +By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data. diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md index 41849af3ef..d179b84a0c 100644 --- a/browsers/edge/shortdesc/allow-extensions-shortdesc.md +++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions. \ No newline at end of file +Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions. diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md index 6f37d4a659..cdd6d92c32 100644 --- a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md +++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. \ No newline at end of file +Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md index 0171d9c8a5..9a26485bd0 100644 --- a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md +++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing. \ No newline at end of file +By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing. diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md index 769d1ee379..e1f32efc92 100644 --- a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md +++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat. \ No newline at end of file +During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat. diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md index 3d939db8c0..f12cb4858a 100644 --- a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md +++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching. \ No newline at end of file +Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching. diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md index b9e4cf691f..667479bcab 100644 --- a/browsers/edge/shortdesc/allow-printing-shortdesc.md +++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. \ No newline at end of file +Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md index e37a1e9bfc..fd31328000 100644 --- a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md +++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices. \ No newline at end of file +Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices. diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md index e94443a99b..526626c5dc 100644 --- a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md +++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. \ No newline at end of file +By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md index e9e9fd0512..a91dfe1299 100644 --- a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md +++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). \ No newline at end of file +By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md index b276822d74..44b6908b0d 100644 --- a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md +++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. \ No newline at end of file +Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md index a056b0a737..eb0b507062 100644 --- a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md +++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 11/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. \ No newline at end of file +By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. diff --git a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md index 86ac25c632..668b843424 100644 --- a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md +++ b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder. \ No newline at end of file +With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder. diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md index a91b389923..27ac63ba69 100644 --- a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md +++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region. \ No newline at end of file +Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region. diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md index 39961b4f01..9ecbac9a8c 100644 --- a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md +++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. \ No newline at end of file +By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md index d0be48cb2b..5e0153a64e 100644 --- a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md +++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically. \ No newline at end of file +Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically. diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md index 1688989ef7..a60ce8d196 100644 --- a/browsers/edge/shortdesc/configure-autofill-shortdesc.md +++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. \ No newline at end of file +By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md index 32abbdf60a..d4d0ac2611 100644 --- a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md +++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID. \ No newline at end of file +Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID. diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md index ea5cb7e557..f814e14ff7 100644 --- a/browsers/edge/shortdesc/configure-cookies-shortdesc.md +++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. \ No newline at end of file +Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md index f9de9cd2ec..cb296d0c5e 100644 --- a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md +++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information. \ No newline at end of file +Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information. diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md index fd49f0e0c9..94042574fc 100644 --- a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md +++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. \ No newline at end of file +Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md index 0303f69e10..97f0e78a2e 100644 --- a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md +++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages. \ No newline at end of file +Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages. diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md index ae90afc8af..2d468ccb48 100644 --- a/browsers/edge/shortdesc/configure-favorites-shortdesc.md +++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. \ No newline at end of file +Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md index 7a0260f8ea..0f6419d1b9 100644 --- a/browsers/edge/shortdesc/configure-home-button-shortdesc.md +++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. \ No newline at end of file +Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md index ea135db692..1b52679ba6 100644 --- a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md +++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md index 3bcba1b944..001c3b4adc 100644 --- a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md +++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data. \ No newline at end of file +You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data. diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md index 5bf099b3ca..4877cdc1ca 100644 --- a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md +++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy. \ No newline at end of file +By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy. diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md index 0f77b004ba..403f568244 100644 --- a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md +++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. \ No newline at end of file +By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md index 18d5e9bf38..ec0fca3a7e 100644 --- a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md +++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md index f9e057b6a5..a999cf65cb 100644 --- a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md +++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions. \ No newline at end of file +By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions. diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md index f9b5185f3d..80f486f35e 100644 --- a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md +++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. \ No newline at end of file +By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md index 58dfd6be9a..cdf984bdc5 100644 --- a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md +++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. \ No newline at end of file +Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md index e0c635c0c7..f1799516a7 100644 --- a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md +++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy. \ No newline at end of file +By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy. diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md index 93ecd60efe..60b95651ca 100644 --- a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md +++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option. \ No newline at end of file +By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option. diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md index 5902fb6656..5aecbf86be 100644 --- a/browsers/edge/shortdesc/do-not-sync-shortdesc.md +++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. \ No newline at end of file +By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md index 981ef9d876..027fc09c15 100644 --- a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md +++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. \ No newline at end of file +By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md index efc6fc71a1..967221cc52 100644 --- a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md +++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md @@ -1,10 +1,12 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy): -This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**. \ No newline at end of file +This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**. diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md index 518f94bdea..4bc1eb0947 100644 --- a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page. \ No newline at end of file +By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page. diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md index 6330b51213..de9891f1b2 100644 --- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s). \ No newline at end of file +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s). diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md index d5eaea4a31..74db5c4863 100644 --- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site. \ No newline at end of file +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site. diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md index 156b1bb385..53dc4ea3e4 100644 --- a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings. \ No newline at end of file +Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings. diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md index 78c77baf42..a8948ce133 100644 --- a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. \ No newline at end of file +By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md index 87d3b927ed..037888e82c 100644 --- a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience. \ No newline at end of file +By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience. diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md index af24d3583b..107a995e49 100644 --- a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch. \ No newline at end of file +By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch. diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md index 7875990600..2671634c1b 100644 --- a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy. \ No newline at end of file +Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy. diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md index daa02c5729..3355fa7456 100644 --- a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. \ No newline at end of file +By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md index 4ba3bff11a..9615cd17b6 100644 --- a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md +++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. \ No newline at end of file +By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md index e2ed5da50f..321eae15f4 100644 --- a/browsers/edge/shortdesc/provision-favorites-shortdesc.md +++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. \ No newline at end of file +By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md index 454549bffe..7940263779 100644 --- a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md +++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. \ No newline at end of file +Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md index 79dfd220c1..6cdc361e42 100644 --- a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md +++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. \ No newline at end of file +By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md index c9d57f2140..c3eeaf2045 100644 --- a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md +++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes. \ No newline at end of file +By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes. diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md index 98fcc7aef2..18f35b15b0 100644 --- a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md +++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button. \ No newline at end of file +By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button. diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md index 9f27db97ce..2b73a00927 100644 --- a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md +++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. \ No newline at end of file +Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md index a15e780afe..e338769c79 100644 --- a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md +++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md @@ -1,8 +1,10 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both. \ No newline at end of file +Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both. diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md index d412d67e72..db100006b2 100644 --- a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md +++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md @@ -1,9 +1,11 @@ --- -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- -By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. \ No newline at end of file +By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md index 3f3707624b..4adc94fcf4 100644 --- a/browsers/edge/troubleshooting-microsoft-edge.md +++ b/browsers/edge/troubleshooting-microsoft-edge.md @@ -2,8 +2,10 @@ title: Troubleshoot Microsoft Edge description: ms.assetid: -author: shortpatti -ms.author: pashort +ms.reviewer: +manager: dansimp +author: eavena +ms.author: eravena ms.prod: edge ms.sitesec: library title: Deploy Microsoft Edge kiosk mode @@ -32,4 +34,4 @@ If you want to deliver applications to users via Citrix through Microsoft Edge, ## Missing SettingSync.admx and SettingSync.adml files -Make sure to [download](https://www.microsoft.com/en-us/download/windows.aspx) the latest templates to C:\windows\policydefinitions\. \ No newline at end of file +Make sure to [download](https://www.microsoft.com/en-us/download/windows.aspx) the latest templates to C:\windows\policydefinitions\. diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md index b4a16608e7..58ce9b4d8c 100644 --- a/browsers/edge/use-powershell-to manage-group-policy.md +++ b/browsers/edge/use-powershell-to manage-group-policy.md @@ -8,8 +8,10 @@ ms.pagetype: security title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros) ms.localizationpriority: medium ms.date: 10/02/2018 -ms.author: pashort -author: shortpatti +ms.reviewer: +manager: dansimp +ms.author: eravena +author: eavena --- # Use Windows PowerShell to manage group policy diff --git a/browsers/edge/web-app-compat-toolkit.md b/browsers/edge/web-app-compat-toolkit.md index f2742ca22d..29b12ada64 100644 --- a/browsers/edge/web-app-compat-toolkit.md +++ b/browsers/edge/web-app-compat-toolkit.md @@ -1,11 +1,13 @@ --- title: Web Application Compatibility lab kit +ms.reviewer: +manager: dansimp description: Learn how to use the web application compatibility toolkit for Microsoft Edge. ms.prod: edge ms.topic: article ms.manager: elizapo -author: lizap -ms.author: elizapo +author: eavena +ms.author: eravena ms.localizationpriority: high --- @@ -52,4 +54,4 @@ The Web Application Compatibility Lab Kit is also available in the following lan [DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab) >[!TIP] ->Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space. \ No newline at end of file +>Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space. diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md index 808a874dba..6b9f2add8d 100644 --- a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to add employees to the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Add employees to the Enterprise Mode Site List Portal @@ -62,4 +65,4 @@ The available roles are: 2. Save the EnterpriseModeUsersList.xlsx file. - The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name. \ No newline at end of file + The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name. diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md index 877885d8e6..5b336bc92e 100644 --- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md +++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c +ms.reviewer: +manager: dansimp +ms.author: eravena title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md index 4cdf9fe53e..7561149048 100644 --- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md +++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2). -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd +ms.reviewer: +manager: dansimp +ms.author: eravena title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 10/24/2017 diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md index 49b19fe506..ccb69e9415 100644 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md index 59729cbde1..d07284e3b6 100644 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b +ms.reviewer: +manager: dansimp +ms.author: eravena title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md index 6adfc06b58..48dceffb10 100644 --- a/browsers/enterprise-mode/administrative-templates-and-ie11.md +++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: security description: Administrative templates and Internet Explorer 11 -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md index d6f1772b59..16c6da5049 100644 --- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Approve a change request using the Enterprise Mode Site List Portal @@ -56,4 +59,4 @@ The original Requester, the Approver(s) group, and the Administrator(s) group ca ## Next steps -After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic. \ No newline at end of file +After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic. diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md index 417dc77cad..ad4f6bbe08 100644 --- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md +++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md @@ -2,12 +2,14 @@ title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros) description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df +ms.reviewer: +manager: dansimp ms.prod: ie11 ms.mktglfcycl: deploy ms.pagetype: appcompat ms.sitesec: library -author: jdeckerms -ms.author: dougkim +author: eavena +ms.author: eravena ms.date: 08/14/2017 ms.localizationpriority: low --- diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index 5329325698..34da92da2a 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -2,9 +2,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Collect data using Enterprise Site Discovery ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md index 290b39d09d..070ab271f9 100644 --- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes. -author: jdeckerms +author: eavena ms.prod: ie11 title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Use the Settings page to finish setting up the Enterprise Mode Site List Portal @@ -91,4 +94,4 @@ This optional area lets you specify a period when your employees must stop addin - [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) -- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) \ No newline at end of file +- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md index 771b794761..99f9640e54 100644 --- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to create a change request within the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Create a change request using the Enterprise Mode Site List Portal @@ -67,4 +70,4 @@ Employees assigned to the Requester role can create a change request. A change r - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator. ## Next steps -After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic. \ No newline at end of file +After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic. diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 04ba74d178..90cef488cc 100644 --- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low description: Delete a single site from your global Enterprise Mode site list. ms.pagetype: appcompat ms.mktglfcycl: deploy -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a +ms.reviewer: +manager: dansimp +ms.author: eravena title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md index f19c3e402a..8a17c64622 100644 --- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea +ms.reviewer: +manager: dansimp +ms.author: eravena title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md index 30ded77dda..9d297faa8d 100644 --- a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md +++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e +ms.reviewer: +manager: dansimp +ms.author: eravena title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md index ef400d46d7..b43215b9ac 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 17c61547-82e3-48f2-908d-137a71938823 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -230,4 +233,4 @@ If you want to target specific sites in your organization. |You can specify subdomains in the domain tag. |<docMode>
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode> |

| |You can specify exact URLs by listing the full path. |<emie>
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>|| |You can nest paths underneath domains. |<emie>
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie> | | -|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie>
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie> | | \ No newline at end of file +|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie>
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie> | | diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md index 2460a2a53d..135d5914f0 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 12/04/2017 diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md index 663a632588..592363962b 100644 --- a/browsers/enterprise-mode/enterprise-mode.md +++ b/browsers/enterprise-mode/enterprise-mode.md @@ -3,10 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: security description: Use this section to learn about how to turn on Enterprise Mode. -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.prod: edge, ie11 ms.assetid: +ms.reviewer: +manager: dansimp title: Enterprise Mode for Microsoft Edge ms.sitesec: library ms.date: '' diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md index 929957a727..fe2074f29f 100644 --- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d +ms.reviewer: +manager: dansimp +ms.author: eravena title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 7be8b574cc..a0d0943e07 100644 --- a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to clear all of the sites from your global Enterprise Mode site list. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md index 37eb813af3..91bb223310 100644 --- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md +++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to remove sites from a local compatibility view list. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md index ca2d5c72aa..5a278479ec 100644 --- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md +++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to remove sites from a local Enterprise Mode site list. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md index e41bd71f67..5019258eca 100644 --- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a +ms.reviewer: +manager: dansimp +ms.author: eravena title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md index 17ab2b26ac..455ae58820 100644 --- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Schedule approved change requests for production using the Enterprise Mode Site List Portal @@ -47,4 +50,4 @@ After a change request is approved, the original Requester can schedule the chan ## Next steps -After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic. \ No newline at end of file +After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic. diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 17eed9cd2e..cebf4c013d 100644 --- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Search to see if a specific site already appears in your global Enterprise Mode site list. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md index 4dff80ce73..1be38336f5 100644 --- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md +++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Set up and turn on Enterprise Mode logging and data collection in your organization. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde +ms.reviewer: +manager: dansimp +ms.author: eravena title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md index a3ec81f18b..c69c8bd895 100644 --- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to set up the Enterprise Mode Site List Portal for your organization. -author: jdeckerms +author: eavena ms.prod: ie11 title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Set up the Enterprise Mode Site List Portal @@ -229,4 +232,4 @@ Register the EMIEScheduler tool and service for production site list changes. - [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) -- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) \ No newline at end of file +- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md index 31c3feec2f..9b68512593 100644 --- a/browsers/enterprise-mode/turn-off-enterprise-mode.md +++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md index 74225acded..a8e5413241 100644 --- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md +++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Turn on local user control and logging for Enterprise Mode. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1 +ms.reviewer: +manager: dansimp +ms.author: eravena title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md index d57c5f411b..2b3d7225f2 100644 --- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md @@ -7,6 +7,10 @@ ms.prod: ie11 title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena +author: eavena --- # Use the Enterprise Mode Site List Portal diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md index b85478da24..bcef67f64d 100644 --- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md +++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b +ms.reviewer: +manager: dansimp +ms.author: eravena title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 12/04/2017 diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md index 244e102f38..79575fbf26 100644 --- a/browsers/enterprise-mode/using-enterprise-mode.md +++ b/browsers/enterprise-mode/using-enterprise-mode.md @@ -3,9 +3,12 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: security description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode. -author: jdeckerms +author: eavena ms.prod: ie11 ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a +ms.reviewer: +manager: dansimp +ms.author: eravena title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md index 9ceeafb141..e003e6bc01 100644 --- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Verify your changes using the Enterprise Mode Site List Portal diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md index 5ec5b93f66..5751efc6ef 100644 --- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md +++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # Verify the change request update in the production environment using the Enterprise Mode Site List Portal diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md index 8ed5e12491..f81d244053 100644 --- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md +++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md @@ -3,11 +3,14 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal. -author: jdeckerms +author: eavena ms.prod: ie11 title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: eravena --- # View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md index 3ea0832564..d3e189245d 100644 --- a/browsers/includes/available-duel-browser-experiences-include.md +++ b/browsers/includes/available-duel-browser-experiences-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -17,4 +19,4 @@ Based on the size of your legacy web app dependency, determined by the data coll - Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies. -For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. \ No newline at end of file +For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md index 450c65b503..93f3628760 100644 --- a/browsers/includes/helpful-topics-include.md +++ b/browsers/includes/helpful-topics-include.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md index 02ad5fe86d..9116168ca3 100644 --- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md +++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md @@ -1,14 +1,16 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager. ->[!IMPORTANT] +>[!IMPORTANT] >Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do. 1. In the Enterprise Mode Site List Manager, click **File \> Import**. diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md index a18552366f..ab1b9bf4be 100644 --- a/browsers/includes/interoperability-goals-enterprise-guidance.md +++ b/browsers/includes/interoperability-goals-enterprise-guidance.md @@ -1,7 +1,9 @@ --- -author: shortpatti -ms.author: pashort +author: eavena +ms.author: eravena ms.date: 10/15/2018 +ms.reviewer: +manager: dansimp ms.prod: edge ms:topic: include --- @@ -16,7 +18,7 @@ You must continue using IE11 if web apps use any of the following: * x-ua-compatible headers -* <meta> tags +* <meta> tags with an http-equivalent value of X-UA-Compatible header * Enterprise mode or compatibility view to addressing compatibility issues diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 4446936eb1..7590327773 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -1,41 +1,48 @@ { "build": { - "content": - [ - { - "files": ["**/*.md","**/*.yml"], - "exclude": ["**/obj/**"] - } - ], + "content": [ + { + "files": [ + "**/*.md", + "**/*.yml" + ], + "exclude": [ + "**/obj/**" + ] + } + ], "resource": [ - { - "files": ["**/images/**"], - "exclude": ["**/obj/**"] - } + { + "files": [ + "**/images/**" + ], + "exclude": [ + "**/obj/**" + ] + } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json", - "ROBOTS": "INDEX, FOLLOW", - "ms.author": "shortpatti", - "author": "eross-msft", - "ms.technology": "internet-explorer", - "ms.topic": "article", - "ms.date": "04/05/2017", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.internet-explorer", - "folder_relative_path_in_docset": "./" - } - } + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json", + "ROBOTS": "INDEX, FOLLOW", + "ms.author": "shortpatti", + "author": "eross-msft", + "ms.technology": "internet-explorer", + "ms.topic": "article", + "ms.date": "04/05/2017", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "Win.internet-explorer", + "folder_relative_path_in_docset": "./" + } + } }, - "externalReference": [ - ], + "externalReference": [], "template": "op.html", "dest": "edges/internet-explorer", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md index 8cab9278d3..a9b94e0990 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: How to use Group Policy to install ActiveX controls. -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md index bee3a36c25..da48e06a3b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to add employees to the Enterprise Mode Site List Portal. -author: shortpatti +author: dansimp ms.prod: ie11 title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Add employees to the Enterprise Mode Site List Portal @@ -62,4 +65,4 @@ The available roles are: 2. Save the EnterpriseModeUsersList.xlsx file. - The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name. \ No newline at end of file + The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md index a399ecaa73..ab6bed0da5 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager. -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -44,11 +47,11 @@ You can create and use a custom XML file with the Enterprise Mode Site List Mana Each XML file must include: -- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.

**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser. +- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.

**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser. -- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.

**Important**
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5. +- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.

**Important**
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5. -- **<docMode> tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). +- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). ### Enterprise Mode v.1 XML schema example The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). @@ -101,9 +104,9 @@ After you’ve added all of your sites to the tool and saved the file to XML, yo ## Related topics - [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md index 1f1d14991d..6286b356ea 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2). -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 10/24/2017 @@ -84,9 +87,9 @@ The following is an example of what your XML file should look like when you’re ``` In the above example, the following is true: -- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode. +- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode. -- contoso.com, and all of its domain paths, can use the default compatibility mode for the site. +- contoso.com, and all of its domain paths, can use the default compatibility mode for the site. To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.

**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2). @@ -111,9 +114,9 @@ After you’ve added all of your sites to the tool and saved the file to XML, yo ## Related topics - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) - [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md index 2eab3c28fd..06f0afe48d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -22,11 +25,11 @@ ms.date: 07/27/2017 Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

**Important**
You can only add specific URLs, not Internet or Intranet Zones. -

**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md). +

Note
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager. ## Adding a site to your compatibility list You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager. -

**Note**
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md). +

Note
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2). **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)** @@ -44,20 +47,20 @@ The path within a domain can require a different compatibility mode from the dom Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). -5. Click **Save** to validate your website and to add it to the site list for your enterprise.

-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. +5. Click **Save** to validate your website and to add it to the site list for your enterprise.

+ If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). +6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

+ You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). ## Next steps After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). ## Related topics - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md index df209b5a60..481ddaa91a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -22,7 +25,7 @@ ms.date: 07/27/2017 Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

**Important**
You can only add specific URLs, not Internet or Intranet Zones. -

**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system. +

Note
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) or the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) topic, based on your operating system. ## Adding a site to your compatibility list You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.

@@ -30,50 +33,50 @@ You can add individual sites to your compatibility list by using the Enterprise **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)** -1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**. +1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**. -2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. +2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

+ Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. -3. Type any comments about the website into the **Notes about URL** box.

-Administrators can only see comments while they’re in this tool. +3. Type any comments about the website into the **Notes about URL** box.

+ Administrators can only see comments while they’re in this tool. -4. In the **Compat Mode** box, choose one of the following: +4. In the **Compat Mode** box, choose one of the following: - - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode. + - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode. - - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode. + - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode. - - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode. + - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode. - - **Default Mode**. Loads the site using the default compatibility mode for the page. + - **Default Mode**. Loads the site using the default compatibility mode for the page. The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). -5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. +5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. - - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. + - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. - - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. + - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - - **None**. Opens in whatever browser the employee chooses. + - **None**. Opens in whatever browser the employee chooses. -6. Click **Save** to validate your website and to add it to the site list for your enterprise.

-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. +6. Click **Save** to validate your website and to add it to the site list for your enterprise.

+ If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. -7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). +7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

+ You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). ## Next steps After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). ## Related topics - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md index 2fc51f57c7..4ad92662d8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Administrative templates and Internet Explorer 11 -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -35,11 +38,11 @@ Administrative Templates are XML-based, multi-language files that define the reg ## How do I store Administrative Templates? As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs). -

**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810). +

Important
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files. ## Administrative Templates-related Group Policy settings When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder. -

**Note**
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer. +

Note
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer. IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths: @@ -74,6 +77,6 @@ Regardless which tool you're using to edit your Group Policy settings, you'll ne - **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment. ## Related topics -- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579) +- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880) +- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576) - [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) - diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md index 02bda50d22..6ed6595c40 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal. -author: shortpatti +author: dansimp ms.prod: ie11 title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Approve a change request using the Enterprise Mode Site List Portal @@ -56,4 +59,4 @@ The original Requester, the Approver(s) group, and the Administrator(s) group ca ## Next steps -After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic. \ No newline at end of file +After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic. diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md index d28ba9a2ab..d109a8971f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto configuration and auto proxy problems with Internet Explorer 11 -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -27,33 +30,33 @@ If you experience issues while setting up your proxy server, you can try these t - Check that the browser is pointing to the right automatic configuration script location. - **To check your proxy server address** + **To check your proxy server address** -1. On the **Tools** menu, click **Internet Options**, and then **Connections**. +1. On the **Tools** menu, click **Internet Options**, and then **Connections**. -2. Click **Settings** or **LAN Settings**, and then look at your proxy server address. +2. Click **Settings** or **LAN Settings**, and then look at your proxy server address. -3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.

**Note**
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652). +3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.

**Note**
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652). - **To check that you've turned on the correct settings** + **To check that you've turned on the correct settings** -1. On the **Tools** menu, click **Internet Options**, and then click **Connections**. +4. On the **Tools** menu, click **Internet Options**, and then click **Connections**. -2. Click **Settings** or **LAN Settings**. +5. Click **Settings** or **LAN Settings**. -3. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.

**Note**
If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again. +6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.

**Note**
If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again. - **To check that you're pointing to the correct automatic configuration script location** + **To check that you're pointing to the correct automatic configuration script location** -1. On the **Tools** menu, click **Internet Options**, and then click **Connections**. +7. On the **Tools** menu, click **Internet Options**, and then click **Connections**. -2. Click **Settings** or **LAN Settings**. +8. Click **Settings** or **LAN Settings**. -3. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL. +9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL. -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md index 9e485e54d8..1e912f54d0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto configuration settings for Internet Explorer 11 -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -38,7 +41,7 @@ For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry ## Updating your automatic configuration settings After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding. -

**Important**
Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). +

Important
Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter. **To update your settings** @@ -63,9 +66,9 @@ You have two options to restrict your users' ability to override the automatic c - **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md index 8d6510713e..508da17224 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto detect settings Internet Explorer 11 -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -26,27 +29,27 @@ To use automatic detection, you have to set up your DHCP and DNS servers.

**No **To turn on automatic detection for DHCP servers** -1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page. +1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page. -2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). +2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). -3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649). +3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649). - **To turn on automatic detection for DNS servers** + **To turn on automatic detection for DNS servers** -1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page. +4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page. -2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. +5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. -3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.

**-OR-**

Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.

**Note**
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).  +6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.

**-OR-**

Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.

**Note**
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). -4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.

**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file. +7. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.

**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file. -   + -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md index a0e95c8fac..5784aff62d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto proxy configuration settings for Internet Explorer 11 -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md index ac73cc7854..eee4b1425c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md +++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md @@ -1,9 +1,9 @@ --- title: Blocked out-of-date ActiveX controls description: This page is periodically updated with new ActiveX controls blocked by this feature. -author: shortpatti -ms.author: pashort -manager: elizapo +author: dansimp +ms.author: dansimp +manager: dansimp ms.date: 05/10/2018 ms.topic: article ms.prod: ie11 @@ -11,6 +11,7 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security ms.assetid: '' +ms.reviewer: ms.sitesec: library --- @@ -34,7 +35,9 @@ You will receive a notification if a webpage tries to load one of the following **Silverlight** + | Everything below (but not including) Silverlight 5.1.50907.0 | |--------------------------------------------------------------| +| | -For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864). \ No newline at end of file +For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864). diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md index dc4bf14619..cbea60be67 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md +++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: performance description: Browser cache changes and roaming profiles -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 10/16/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md index d53090e7ee..02abe465ad 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md @@ -5,8 +5,11 @@ description: This topic lists new and updated topics in the Internet Explorer 11 ms.mktglfcycl: deploy ms.prod: ie11 ms.sitesec: library -author: shortpatti +author: dansimp ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md index 9b2c6b0e6d..08d7c2f831 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md +++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md @@ -2,12 +2,14 @@ title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros) description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df +ms.reviewer: +manager: dansimp ms.prod: ie11 ms.mktglfcycl: deploy ms.pagetype: appcompat ms.sitesec: library -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 08/14/2017 ms.localizationpriority: medium --- diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md index c92cdac5b8..4e6630b0f1 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Choose how to deploy Internet Explorer 11 (IE11) -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -15,13 +18,14 @@ ms.date: 07/27/2017 In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools. ## In this section + | Topic | Description | |------------------------------------------------------------- | ------------------------------------------------------ | |[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). | -|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). | -  - -  +|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). | + + + diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md index 0ed79bd249..e66fa1ed2a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Choose how to install Internet Explorer 11 (IE11) -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 424b01e58e..e1bd5ba5d6 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. -author: shortpatti +author: dansimp ms.prod: ie11 ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6 +ms.reviewer: +manager: dansimp +ms.author: dansimp title: Collect data using Enterprise Site Discovery ms.sitesec: library ms.date: 07/27/2017 @@ -245,7 +248,7 @@ You can use both the WMI and XML settings individually or together: -**To turn on both WMI and XML recording** +To turn on both WMI and XML recording @@ -473,7 +476,7 @@ You can completely remove the data stored on your employee’s computers. ## Related topics * [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562) * [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md index 52e126df5a..bc538f78ad 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes. -author: shortpatti +author: lomayor ms.prod: ie11 title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- # Use the Settings page to finish setting up the Enterprise Mode Site List Portal @@ -91,4 +94,4 @@ This optional area lets you specify a period when your employees must stop addin - [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) -- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) \ No newline at end of file +- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md index 145c439f02..3f3ea15d45 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md @@ -3,11 +3,14 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to create a change request within the Enterprise Mode Site List Portal. -author: shortpatti +author: lomayor ms.prod: ie11 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- # Create a change request using the Enterprise Mode Site List Portal @@ -67,4 +70,4 @@ Employees assigned to the Requester role can create a change request. A change r - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator. ## Next steps -After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic. \ No newline at end of file +After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic. diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md index a644d1d832..090b718581 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Create packages for multiple operating systems or languages -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -14,13 +17,13 @@ ms.date: 07/27/2017 # Create packages for multiple operating systems or languages You'll create multiple versions of your custom browser package if: -- You support more than 1 version of Windows®. +- You support more than 1 version of Windows®. -- You support more than 1 language. +- You support more than 1 language. -- You have custom installation packages with only minor differences. Like, having a different phone number. +- You have custom installation packages with only minor differences. Like, having a different phone number. - **To create a new package** + **To create a new package** 1. Create an installation package using the Internet Explorer Customization Wizard 11, as described in the [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md) topic. @@ -30,11 +33,11 @@ You'll create multiple versions of your custom browser package if: **Important**
Except for the **Title bar** text, **Favorites**, **Links bar**, **Home page**, and **Search bar**, keep all of your wizard settings the same for all of your build computers. -   + -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md index 0bf4925ab6..421429eb16 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Customize Internet Explorer 11 installation packages -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 4549be210a..9fe470dfba 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium description: Delete a single site from your global Enterprise Mode site list. ms.pagetype: appcompat ms.mktglfcycl: deploy -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md index 59bb64352d..e964d84927 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS). -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: f51224bd-3371-4551-821d-1d62310e3384 +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -19,14 +22,14 @@ Automatic Version Synchronization (AVS) lets you use the Internet Explorer Admin You must synchronize the setup files at least once on the local computer, for each language and operating system combination, before proceeding through the rest of the wizard. If your packages have more than one version of IE, you need to keep the versions in separate component download folders, which can be pointed to from the **File Locations** page of the IEAK 11. For more information about using the AVS feature, see [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](../ie11-ieak/auto-version-sync-ieak11-wizard.md) . -##Related topics +## Related topics - [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md) - [Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md) -  + -  + diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md index 1441f5564f..cffde71282 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: Deploy Internet Explorer 11 using software distribution tools -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md index ef14f9f67f..b2038ad2f7 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md @@ -2,9 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md index 57bc32ac4a..b34b835676 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md index 504bd09a21..82c1e09e9d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md index 0d7ebd65fa..236dfd3b18 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md @@ -3,10 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Enable and disable add-ons using administrative templates and group policy -ms.author: pashort -author: shortpatti +ms.author: lomayor +author: lomayor ms.prod: ie11 ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b +ms.reviewer: +manager: dansimp title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 4/12/2018 @@ -105,4 +107,4 @@ Open the Local Group Policy Editor and go to: User Configuration\Administrative 7. Click **OK** twice to close the Group Policy editor. - \ No newline at end of file + diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md index 5c5693833e..6d21965faa 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Enhanced Protected Mode problems with Internet Explorer -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45 +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md index 6a0402921f..f3ffd4bf9f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -16,15 +19,16 @@ ms.date: 07/27/2017 **Applies to:** -- Windows 10 -- Windows 8.1 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2008 R2 with Service Pack 1 (SP1) +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. ## In this section + |Topic |Description | |---------------------------------------------------------------|-----------------------------------------------------------------------------------| |[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode. | @@ -41,11 +45,11 @@ Use the topics in this section to learn how to set up and use Enterprise Mode an |[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. | |[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. | |[Turn off Enterprise Mode](turn-off-enterprise-mode.md) |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. | -  - -  - -  + + + + + diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index 307614576b..72522b17ec 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 17c61547-82e3-48f2-908d-137a71938823 +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 07/27/2017 @@ -72,7 +75,7 @@ This table includes the elements used by the Enterprise Mode schema. - @@ -131,11 +134,11 @@ This table includes the elements used by the Enterprise Mode schema.

Example 

 <emie>
-  <domain exclude="true">fabrikam.com
-    <path exclude="false">/products</path>
+  <domain exclude="true">fabrikam.com
+    <path exclude="false">/products</path>
   </domain>
 </emie>

-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does. +Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.

Setting nameRoot node for the schema.

Example 

-<rules version="205">
+<rules version="205">
   <emie>
     <domain>contoso.com</domain>
   </emie>
@@ -84,19 +87,19 @@ This table includes the elements used by the Enterprise Mode schema.
The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.

Example 

-<rules version="205">
+<rules version="205">
   <emie>
     <domain>contoso.com</domain>
   </emie>
 </rules>
-or- -

For IPv6 ranges:

<rules version="205">
+
For IPv6 ranges:
<rules version="205">
   <emie>
     <domain>[10.122.34.99]:8080</domain>
   </emie>
   </rules>

 -or-
-
For IPv4 ranges:
<rules version="205">
+
For IPv4 ranges:
<rules version="205">
   <emie>
     <domain>10.122.34.99:8080</domain>
   </emie>
@@ -105,12 +108,12 @@ This table includes the elements used by the Enterprise Mode schema.
<docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied. +The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.

Example 

-<rules version="205">
+<rules version="205">
   <docMode>
-    <domain docMode="7">contoso.com</domain>
+    <domain docMode="7">contoso.com</domain>
   </docMode>
 </rules>
 Internet Explorer 11Internet Explorer 11 and Microsoft Edge
@@ -163,11 +166,11 @@ This table includes the attributes used by the Enterprise Mode schema.

Example 

 <emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
+  <domain exclude="false">fabrikam.com
+    <path exclude="true">/products</path>
   </domain>
 </emie>

-Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not. +Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not. Internet Explorer 11 and Microsoft Edge @@ -176,8 +179,8 @@ Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/pr

Example 

 <docMode>
-  <domain exclude="false">fakrikam.com
-    <path docMode="7">/products</path>
+  <domain exclude="false">fakrikam.com
+    <path docMode="7">/products</path>
   </domain>
 </docMode>
Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index d9689c000a..187ba67198 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -3,9 +3,12 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. -author: shortpatti +author: lomayor ms.prod: ie11 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5 +ms.reviewer: +manager: dansimp +ms.author: lomayor title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros) ms.sitesec: library ms.date: 12/04/2017 @@ -39,7 +42,7 @@ The following is an example of the v.2 version of the Enterprise Mode schema. **Important**
Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com. -  + ``` xml @@ -103,8 +106,8 @@ This table includes the elements used by the v.2 version of the Enterprise Mode A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.

Example 

-<site-list version="205">
-  <site url="contoso.com">
+<site-list version="205">
+  <site url="contoso.com">
     <compat-mode>IE8Enterprise</compat-mode>
     <open-in>IE11</open-in>
   </site>
@@ -116,19 +119,19 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
 A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
 
Example
 
-<site url="contoso.com">
+<site url="contoso.com">
   <compat-mode>default</compat-mode>
   <open-in>none</open-in>
 </site>

 -or-
-
For IPv4 ranges:
<site url="10.122.34.99:8080">
+
For IPv4 ranges:
<site url="10.122.34.99:8080">
   <compat-mode>IE8Enterprise</compat-mode>
 <site>

 -or-
-
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
+
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
   <compat-mode>IE8Enterprise</compat-mode>
 <site>

-You can also use the self-closing version, <url="contoso.com" />, which also sets:
+You can also use the self-closing version, <url="contoso.com" />, which also sets:
 
    
   
  • <compat-mode>default</compat-mode>
    • 
   
  • <open-in>none</open-in>
    • 
@@ -140,21 +143,21 @@ You can also use the self-closing version, <url="contoso.com" />, which al
 A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
 
    Example
 
    -<site url="contoso.com">
+<site url="contoso.com">
   <compat-mode>IE8Enterprise</compat-mode>
 </site>
    
 -or-
-
    For IPv4 ranges:
    <site url="10.122.34.99:8080">
+
    For IPv4 ranges:
    <site url="10.122.34.99:8080">
   <compat-mode>IE8Enterprise</compat-mode>
 <site>
    
 -or-
-
    For IPv6 ranges:
    <site url="[10.122.34.99]:8080">
+
    For IPv6 ranges:
    <site url="[10.122.34.99]:8080">
   <compat-mode>IE8Enterprise</compat-mode>
 <site>
    
 Where:
 
      
   
    • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
      This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
      • 
-  
    • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
      This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
      Important
      This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
      • 
+  
    • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
      This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
      Important
      This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
      • 
   
    • IE[x]. Where [x] is the document mode number into which the site loads.
      • 
   
    • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
      • 
 
    
@@ -165,7 +168,7 @@ Where:
 A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
 
    Example
 
    -<site url="contoso.com">
+<site url="contoso.com">
   <open-in>none</open-in>
 </site>
    
 Where:
@@ -192,13 +195,13 @@ The <url> attribute, as part of the <site> element in the v.2 versio
 
 
 allow-redirect
-A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
+A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
 
    Example
 
    -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
+<site url="contoso.com/travel">
+  <open-in allow-redirect="true">IE11</open-in>
 </site>
    
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
+In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
 Internet Explorer 11 and Microsoft Edge
 
 
@@ -210,14 +213,14 @@ In this example, if https://contoso.com/travel is encountered in a redirect chai
 url
 Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
 
    Note
    
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
 
    Example
 
    -<site url="contoso.com:8080">
+<site url="contoso.com:8080">
   <compat-mode>IE8Enterprise</compat-mode>
   <open-in>IE11</open-in>
 </site>
    
-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.
+In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.
 Internet Explorer 11 and Microsoft Edge
 
 
@@ -237,17 +240,17 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 
 <forceCompatView>
 <compat-mode>
-Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
+Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
 
 
 <docMode>
 <compat-mode>
-Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
+Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
 
 
 <doNotTransition>
 <open-in>
-Replace <doNotTransition="true"> with <open-in>none</open-in>
+Replace <doNotTransition="true"> with <open-in>none</open-in>
 
 
 <domain> and <path>
@@ -255,24 +258,24 @@ These v.1 version schema attributes have been deprecated in the v.2 version of t
 Replace:
 
     <emie>
-  <domain exclude="false">contoso.com</domain>
+  <domain exclude="false">contoso.com</domain>
 </emie>
    
 With:
 
    -<site url="contoso.com"/>
+<site url="contoso.com"/>
   <compat-mode>IE8Enterprise</compat-mode>
 </site>
    
 -AND-
    
 Replace:
 
     <emie>
-  <domain exclude="true">contoso.com
-     <path exclude="false" forceCompatView="true">/about</path>
+  <domain exclude="true">contoso.com
+     <path exclude="false" forceCompatView="true">/about</path>
   </domain>
 </emie>
    
 With:
 
    -<site url="contoso.com/about">
+<site url="contoso.com/about">
   <compat-mode>IE7Enterprise</compat-mode>
 </site>
    
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 88fe3e4d99..d2b98ef8a0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 99b28d4482..2170dd1219 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Fix web compatibility issues using document modes and the Enterprise Mode site list (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index d3209fc547..69d58d1c31 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Fix validation problems using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 213c9481d9..ae518b4cd1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index 35697cb576..fb65dd9940 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index df2143a7a8..3c8c913f1f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -35,11 +38,11 @@ Use the topics in this section to learn about Group Policy and how to use it to
 |[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. |
 |[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. | 
 |[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects.
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index b615824d04..8895e8e19e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
index e8069dbf48..812e8abe3d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy suggestions for compatibility with Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 810c6ec4c0..247e023667 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview of the available Group Policy management tools
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy management tools (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -30,7 +33,7 @@ After deploying IE11 to your organization, you can continue to manage the browse
 **Note**
    
 Whenever possible, we recommend that you manage IE11 using Administrative Templates, because these settings are always written to secure policy branches in the registry. In addition, we recommend that you deploy using standard user accounts instead of letting your users log on to their computers as administrators. This helps to prevent your users from making unwanted changes to their systems or overriding Group Policy settings.
 
-     
+     
 Users won't be able to use the IE11 user interface or the registry to change any managed settings on their computers. However, they will be able to change many of the preferences associated with the settings you set up using the Internet Explorer Administration Kit 11 (IEAK 11).
 
 ## Which GPO tool should I use?
@@ -44,9 +47,9 @@ You can use any of these tools to create, manage, view, and troubleshoot Group P
 
 -   [Group Policy, Windows Powershell, and Internet Explorer 11](group-policy-windows-powershell-ie11.md). A command-line shell and scripting language that helps automate Windows and application administration on a single computer locally, or across many computers remotely.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index b676409da7..66f39f438f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Info about Group Policy preferences versus Group Policy settings
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index 96f776d73e..19c1de8291 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 42a69458a5..02a0adf579 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 355eac531d..0a81ff7136 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index 7391d19ecf..0b4e605611 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -3,11 +3,13 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
 description:
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.manager: elizapo
 ms.prod: ie11
 ms.assetid:
+ms.reviewer: 
+manager: dansimp
 title: Internet Explorer 11 delivery through automatic updates
 ms.sitesec: library
 ms.date: 05/22/2018
@@ -68,39 +70,39 @@ Automatic Updates will start to distribute Internet Explorer 11 shortly after th
 
 Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
 
-1.  Click **Start**, click **Administrative Tools**, and then click **Microsoft
-    Windows Server Update Services 3.0**.
+1. Click **Start**, click **Administrative Tools**, and then click **Microsoft
+   Windows Server Update Services 3.0**.
 
-2.  Expand *ComputerName*, and then click **Options**.
+2. Expand *ComputerName*, and then click **Options**.
 
-3.  Click **Automatic Approvals**.
+3. Click **Automatic Approvals**.
 
-4.  Click the rule that automatically approves an update that is classified as
-    Update Rollup, and then click **Edit.**
+4. Click the rule that automatically approves an update that is classified as
+   Update Rollup, and then click **Edit.**
 
-    >[!Note]
-    >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
+   >[!Note]
+   >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
 
-5.  Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
+5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
 
-    >[!Note]
-    >The properties for this rule will resemble the following:
    • When an update is in Update Rollups
    • Approve the update for all computers
    
+   >[!Note]
+   >The properties for this rule will resemble the following:
    • When an update is in Update Rollups
    • Approve the update for all computers
    
 
-6.  Clear the **Update Rollup** check box, and then click **OK**.
+6. Clear the **Update Rollup** check box, and then click **OK**.
 
-7.  Click **OK** to close the **Automatic Approvals** dialog box.
    After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
+7. Click **OK** to close the **Automatic Approvals** dialog box.
    After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
 
-8.  Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
+8. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
 
-9.  Expand *ComputerName*, and then click **Synchronizations**.
+9. Expand *ComputerName*, and then click **Synchronizations**.
 
-10.  Click **Synchronize Now**.
+10. Click **Synchronize Now**.
 
-11.  Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
+11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
 
-12.  Choose **Unapproved** in the **Approval**drop down box.
+12. Choose **Unapproved** in the **Approval**drop down box.
 
-13.  Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
+13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
 
     >[!Note]
     >There may be multiple updates, depending on the imported language and operating system updates.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index ba9aba7115..421a10b9d9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -1,8 +1,11 @@
 ---
 description: A full-sized view of how document modes are chosen in IE11.
 title: Full-sized flowchart detailing how document modes are chosen in IE11
-author: shortpatti
+author: lomayor
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
    
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index 8c224e01b5..a84fbae316 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -39,9 +42,9 @@ Importing your file overwrites everything that’s currently in the tool, so mak
 - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index 94788e4dfc..3f147df80e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -31,11 +34,11 @@ Use the topics in this section to learn how to customize your Internet Explorer
 |[Choose how to install Internet Explorer 11 (IE11)](choose-how-to-install-ie11.md) |Guidance for the different ways you can install IE, including using System Center 2012 R2 Configuration Manager, Windows Server Update Services (WSUS), Microsoft Intune, your network, the operating system deployment system, or third-party tools. |
 |[Choose how to deploy Internet Explorer 11 (IE11)](choose-how-to-deploy-ie11.md) |Guidance about how to deploy your custom version of IE using Automatic Version Synchronization (AVS) or using your software distribution tools. |
 |[Virtualization and compatibility with Internet Explorer 11](virtualization-and-compatibility-with-ie11.md) |Info about the Microsoft-supported options for virtualizing web apps. |
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index c72e03d477..4791de3e60 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 7d3b1213f8..594e4cc0ae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index ce93f99c12..e94d46a676 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 8d8382d64f..7816ad8190 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using your network
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -18,22 +21,22 @@ You can install Internet Explorer 11 (IE11) over your network by putting your c
 
  **To manually create the folder structure**
 
--   Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
+- Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
 
- **To create the folder structure using IEAK 11**
+  **To create the folder structure using IEAK 11**
 
--   Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
    
-The wizard automatically puts your custom installation files in your `\\Flat` folder. Where the `` is the location of your other build files.
+- Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
    
+  The wizard automatically puts your custom installation files in your `\\Flat` folder. Where the `` is the location of your other build files.
 
 **Note**
    Use the localized versions of the IE Customization Wizard 11 to create localized IE11 installation packages.
 
 ## Related topics
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-     
+     
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index bd5133b8b9..99af9a34e2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 37916eff52..3bc741dbc0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -16,34 +19,34 @@ Windows Server Update Services (WSUS) lets you download a single copy of the Mic
 
  **To import from Windows Update to WSUS**
 
-1.  Open your WSUS admin site. For example, `https:///WSUSAdmin/`.
    
-Where `` is the name of your WSUS server.
+1. Open your WSUS admin site. For example, `https:///WSUSAdmin/`.
    
+   Where `` is the name of your WSUS server.
 
-2.  Choose the top server node or the **Updates** node, and then click **Import Updates**.
+2. Choose the top server node or the **Updates** node, and then click **Import Updates**.
 
-3.  To get the updates, install the Microsoft Update Catalog ActiveX control.
+3. To get the updates, install the Microsoft Update Catalog ActiveX control.
 
-4.  Search for Internet Explorer 11 and add its contents to your basket.
+4. Search for Internet Explorer 11 and add its contents to your basket.
 
-5.  After you're done browsing, go to your basket and click **Import**.
+5. After you're done browsing, go to your basket and click **Import**.
 
-    You can also download the updates without importing them by unchecking the **Import directly into Windows Server Update Services** box.
+   You can also download the updates without importing them by unchecking the **Import directly into Windows Server Update Services** box.
 
- **To approve Internet Explorer in WSUS for installation**
+   **To approve Internet Explorer in WSUS for installation**
 
-1.  Open your WSUS admin site and check the **Review synchronization settings** box from the **To Do** list.
+6. Open your WSUS admin site and check the **Review synchronization settings** box from the **To Do** list.
 
-2.  Click **Synchronize now** to sync your WSUS server with Windows Update, and then click **Updates** from the navigation bar.
+7. Click **Synchronize now** to sync your WSUS server with Windows Update, and then click **Updates** from the navigation bar.
 
-3.  Enter **Internet Explorer 11** into the **Search Contains** box, and then click **Apply**.
+8. Enter **Internet Explorer 11** into the **Search Contains** box, and then click **Apply**.
 
-4.  Choose the right version of IE11 for your operating system, and click **Approve for installation**.
+9. Choose the right version of IE11 for your operating system, and click **Approve for installation**.
 
-5.  Click each computer group you want to set up for the WSUS server, picking the right approval level, and then click **OK**.
+10. Click each computer group you want to set up for the WSUS server, picking the right approval level, and then click **OK**.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index f1136e386c..c7eac22844 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to fix potential installation problems with Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Install problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index 1dcf781581..91517251f0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to fix intranet search problems with Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 16311a42a8..3a9b502928 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -31,9 +34,9 @@ Use the topics in this section to learn about how to auto detect your settings,
 |[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
 |[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. | 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 563b6dee54..42ffd10dc8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -61,7 +64,7 @@ The IEM settings have replacements you can use in either Group Policy Preference
 |Automatic browser configuration |Lets you update your employee's computer after you've deployed IE11, by specifying a URL to an .ins file, an auto-proxy URL, or both. You can decide when the update occurs, in minutes. Typing zero, or not putting in any number, means that automatic configuration only happens after the browser is started and used to go to a page. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Automatic Configuration** tab, and then add your URL.
    On the **Automatic Configuration** page of IEAK 11, modify the configuration settings, including providing the URL to an .ins file or an auto-proxy site. |
 |Proxy settings |Lets you specify your proxy servers. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, click **LAN Settings**, and then choose whether to turn on automatic detection of your configuration settings and if you want to use proxy servers.
    -OR-
    On the **Proxy Settings** page of IEAK 11, turn on your proxy settings, adding your proxy server addresses and exceptions. |
 |User Agent string |Lets the browser provide identification to visited servers. This string is often used to keep Internet traffic statistics. |This setting isn't available anymore. |
- 
+ 
 ### URLs replacements
 
 |IEM setting |Description |Replacement tool |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index c5e09b4cfb..40ab475677 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index bed077a506..f4e208137d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -16,9 +19,9 @@ If you’re having problems launching your legacy apps while running Internet Ex
 
  **To turn managed browser hosting controls back on**
 
-1.  **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+1.  **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-2.  **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+2.  **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
 For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 0b64ef876d..5098fab9f0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: New group policy settings for Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -13,42 +16,43 @@ ms.date: 07/27/2017
 
 
 # New group policy settings for Internet Explorer 11
-Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
+Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
 
-|Policy |Category Path |Supported on |Explanation |
-|-------|--------------|-------------|------------|
-|Allow IE to use the HTTP2 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.
    If you enable this policy setting, IE uses the HTTP2 network protocol.
    If you disable this policy setting, IE won't use the HTTP2 network protocol.
    If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
-|Allow IE to use the SPDY/3 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.
    If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.
    If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.
    If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced* tab of the **Internet Options** dialog box. The default is on.
    **Note**
    We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
-|Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
    If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
    If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
    If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
-|Allow only approved domains to use the TDC ActiveX control |
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
     |IE11 in Windows 10 |This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
    If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.
    If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
-|Allow SSL3 Fallback |Administrative Templates\Windows Components\Internet Explorer\Security Features |Internet Explorer 11 on Windows 10 |This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.
    If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.
    If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.
    **Important:**
    By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
-|Allow VBScript to run in Internet Explorer|
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
     |Internet Explorer 11|This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
    If you enable this policy setting (default), you must also pick one of the following options from the Options box:
    • Enable. VBScript runs on pages in specific zones, without any interaction.
    • Prompt. Employees are prompted whether to allow VBScript to run in the zone.
    • Disable. VBScript is prevented from running in the zone.
    If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone.|
-|Always send Do Not Track header |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 |This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
    If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
    **In Internet Explorer 9 and 10:**
    If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
    **In at least IE11:**
    If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
    If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced* tab of the **Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
-|Don't run antimalware programs against ActiveX controls
    (Internet, Restricted Zones) |
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
     |IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
    If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
-|Don't run antimalware programs against ActiveX controls
    (Intranet, Trusted, Local Machine Zones) |
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
     |IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
    If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
-|Hide the button (next to the New Tab button) that opens Microsoft Edge |User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ |IE11 on Windows 10, version 1703|This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
    If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.
    If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.
    If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
-|Let users turn on and use Enterprise Mode from the **Tools** menu |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.
    If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.
    If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
-|Limit Site Discovery output by Domain |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.
    **Note:**
    You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-|Limit Site Discovery output by Zone |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones.
    To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
    • 0 – Restricted Sites zone
    • 0 – Internet zone
    • 0 – Trusted Sites zone
    • 0 – Local Intranet zone
    • 0 – Local Machine zone

    **Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
    • 0 – Restricted Sites zone
    • 0 – Internet zone
    • 0 – Trusted Sites zone
    • 1 – Local Intranet zone
    • 0 – Local Machine zone

    **Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
    • 1 – Restricted Sites zone
    • 0 – Internet zone
    • 1 – Trusted Sites zone
    • 1 – Local Intranet zone
    • 1 – Local Machine zone
    **Note:**
    You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-|Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data |Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History |At least Windows Internet Explorer 9 |**In Internet Explorer 9 and Internet Explorer 10:**
    This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
    **In IE11:**
    This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
    If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.
    If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.
    If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
-|Send all sites not included in the Enterprise Mode Site List to Microsoft Edge |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.
    If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.
    If you disable or don't configure this policy setting, all sites will open based on the currently active browser.
    **Note:**
    If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
-|Show message when opening sites in Microsoft Edge using Enterprise Mode |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
    If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
    If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
-|Turn off automatic download of the ActiveX VersionList |Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management |At least Windows Internet Explorer 8 |This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.
    If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.
    If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.
    **Important:**
    Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) topic. |
-|Turn off loading websites and content in the background to optimize performance |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.
    If you enable this policy setting, IE doesn't load any websites or content in the background.
    If you disable this policy setting, IE preemptively loads websites and content in the background.
    If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
-|Turn off phone number detection |Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |IE11 on Windows 10 |This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.
    If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.
    If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.
    If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
-|Turn off sending URL path as UTF-8 |User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding |At least Windows Internet Explorer 7 |This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.
    If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.
    If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.
    If you don't configure this policy setting, users can turn this behavior on or off. |
-|Turn off sending UTF-8 query strings for URLs |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.
    If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:
    • **0.** Never encode query strings.
    • **1.** Only encode query strings for URLs that aren't in the Intranet zone.
    • **2.** Only encode query strings for URLs that are in the Intranet zone.
    • **3.** Always encode query strings.
    If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
-|Turn off the ability to launch report site problems using a menu option |Administrative Templates\Windows Components\Internet Explorer\Browser menus |Internet Explorer 11 |This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.
    If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.
    If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
-|Turn off the flip ahead with page prediction feature |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 on Windows 8 |This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
    If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.
    If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
    If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm.
    **Note**
    Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
-|Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.
    **Important**
    When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
-|Turn on Site Discovery WMI output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as System Center Configuration Manager.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class.
    **Note:**
    Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-|Turn on Site Discovery XML output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file.
    **Note:**
    Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-|Use the Enterprise Mode IE website list |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1511 |This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
    If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.
    If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
+
+|                                               Policy                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       Category Path                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |                Supported on                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Explanation                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                             Allow IE to use the HTTP2 network protocol                              |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                                                                                              This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.
    If you enable this policy setting, IE uses the HTTP2 network protocol.
    If you disable this policy setting, IE won't use the HTTP2 network protocol.
    If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on.                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+|                             Allow IE to use the SPDY/3 network protocol                             |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                      This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.
    If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.
    If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.
    If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced\* tab of the \*\*Internet Options** dialog box. The default is on.
    **Note**
    We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting.                                                                                                                                                                                                                                                                                                                                       |
+|    Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                       This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
    If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
    If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
    If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm.                                                                                                                                                                                                                                                                                                                                                        |
+|                     Allow only approved domains to use the TDC ActiveX control                      |                                                                                                                                                                                                                                                                                                                                                  
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
                                                                                                                                                                                                                                                                                                                                                      |             IE11 in Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
    If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.
    If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+|                                         Allow SSL3 Fallback                                         |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Administrative Templates\Windows Components\Internet Explorer\Security Features                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |     Internet Explorer 11 on Windows 10     |                                                                                                                                                                                                                                                                                                                                                       This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.
    If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.
    If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.
    **Important:**
    By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks.                                                                                                                                                                                                                                                                                                                                                        |
+|                             Allow VBScript to run in Internet Explorer                              | 
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
    •  Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
     |            Internet Explorer 11            |                                                                                                                                                                                                                                                                                                                                                                                                                                   This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
    If you enable this policy setting (default), you must also pick one of the following options from the Options box:
    • Enable. VBScript runs on pages in specific zones, without any interaction.
    • Prompt. Employees are prompted whether to allow VBScript to run in the zone.
    • Disable. VBScript is prevented from running in the zone.
    If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone.                                                                                                                                                                                                                                                                                                                                                                                                                                    |
+|                                   Always send Do Not Track header                                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |       At least Internet Explorer 10        |                                                                                                                                                                                                                                    This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
    If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
    **In Internet Explorer 9 and 10:**
    If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
    **In at least IE11:**
    If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
    If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled.                                                                                                                                                                                                                                     |
+|       Don't run antimalware programs against ActiveX controls
    (Internet, Restricted Zones)       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                               This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
    If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings.                                                                                                                                                                                                                                                                                                                                                                                |
+| Don't run antimalware programs against ActiveX controls
    (Intranet, Trusted, Local Machine Zones) |                                                                                                                                                                                                                                                                                                                                                  
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
    • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
                                                                                                                                                                                                                                                                                                                                                      |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                  This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
    If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
    If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings.                                                                                                                                                                                                                                                                                                                                                                                   |
+|               Hide the button (next to the New Tab button) that opens Microsoft Edge                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |      IE11 on Windows 10, version 1703      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
    If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.
    If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.
    If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|                  Let users turn on and use Enterprise Mode from the **Tools** menu                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                      This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.
    If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.
    If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally.                                                                                                                                                                                                                                                                                                                                                                       |
+|                                Limit Site Discovery output by Domain                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |        At least Internet Explorer 8        |                                                                                                                                                                                                                                                                                                                                                                                                              This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.
    **Note:**
    You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit.                                                                                                                                                                                                                                                                                                                                                                                                              |
+|                                 Limit Site Discovery output by Zone                                 |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |        At least Internet Explorer 8        | This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones.
    To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
    • 0 – Restricted Sites zone
    • 0 – Internet zone
    • 0 – Trusted Sites zone
    • 0 – Local Intranet zone
    • 0 – Local Machine zone

    **Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
    • 0 – Restricted Sites zone
    • 0 – Internet zone
    • 0 – Trusted Sites zone
    • 1 – Local Intranet zone
    • 0 – Local Machine zone

    **Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
    • 1 – Restricted Sites zone
    • 0 – Internet zone
    • 1 – Trusted Sites zone
    • 1 – Local Intranet zone
    • 1 – Local Machine zone
    **Note:**
    You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
+|            Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |    At least Windows Internet Explorer 9    |                                                                                                                                    **In Internet Explorer 9 and Internet Explorer 10:**
    This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
    **In IE11:**
    This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
    If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.
    If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.
    If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**.                                                                                                                                    |
+|           Send all sites not included in the Enterprise Mode Site List to Microsoft Edge            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |      IE11 on Windows 10, version 1607      |                                                                                                                                                                                                                                                                                                                                         This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.
    If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.
    If you disable or don't configure this policy setting, all sites will open based on the currently active browser.
    **Note:**
    If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11.                                                                                                                                                                                                                                                                                                                                         |
+|               Show message when opening sites in Microsoft Edge using Enterprise Mode               |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |      IE11 on Windows 10, version 1607      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
    If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
    If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+|                       Turn off automatic download of the ActiveX VersionList                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |    At least Windows Internet Explorer 8    |                                                                                                                                                                                                                                                                                                This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.
    If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.
    If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.
    **Important:**
    Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking () topic.                                                                                                                                                                                                                                                                                                |
+|           Turn off loading websites and content in the background to optimize performance           |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                                                                        This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.
    If you enable this policy setting, IE doesn't load any websites or content in the background.
    If you disable this policy setting, IE preemptively loads websites and content in the background.
    If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default.                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+|                                   Turn off phone number detection                                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                                                                                              This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.
    If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.
    If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.
    If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on.                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+|                                 Turn off sending URL path as UTF-8                                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |    At least Windows Internet Explorer 7    |                                                                                                                                                                                                                                                                                                                                                                                                                                                  This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.
    If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.
    If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.
    If you don't configure this policy setting, users can turn this behavior on or off.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|                            Turn off sending UTF-8 query strings for URLs                            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.
    If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:
    • **0.** Never encode query strings.
    • **1.** Only encode query strings for URLs that aren't in the Intranet zone.
    • **2.** Only encode query strings for URLs that are in the Intranet zone.
    • **3.** Always encode query strings.
    If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8.                                                                                                                                                                                                                                                                                                                                                                |
+|               Turn off the ability to launch report site problems using a menu option               |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Administrative Templates\Windows Components\Internet Explorer\Browser menus                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |            Internet Explorer 11            |                                                                                                                                                                                                                                                                                                                                                                                                                                                           This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.
    If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.
    If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
+|                        Turn off the flip ahead with page prediction feature                         |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | At least Internet Explorer 10 on Windows 8 |                                                                                                                                                                                                                                                                                                                                                                           This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
    If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.
    If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
    If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm.
    **Note**
    Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop.                                                                                                                                                                                                                                                                                                                                                                            |
+| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                   This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
    If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.
    **Important**
    When using 64-bit processes, some ActiveX controls and toolbars might not be available.                                                                                                                                                                                                                                                                                                                                                    |
+|                                  Turn on Site Discovery WMI output                                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |        At least Internet Explorer 8        |                                                                                                                                                                                                                                                                                                                                                                                                      This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as System Center Configuration Manager.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class.
    **Note:**
    Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit.                                                                                                                                                                                                                                                                                                                                                                                                       |
+|                                  Turn on Site Discovery XML output                                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |        At least Internet Explorer 8        |                                                                                                                                                                                                                                                                                                                                                                                                                                            This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
    If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.
    If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file.
    **Note:**
    Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit.                                                                                                                                                                                                                                                                                                                                                                                                                                            |
+|                               Use the Enterprise Mode IE website list                               |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |      IE11 on Windows 10, version 1511      |                                                                                                                                                                                                                                                                                                                                                                 This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
    If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.
    If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode.                                                                                                                                                                                                                                                                                                                                                                 |
 
 ## Removed Group Policy settings
 IE11 no longer supports these Group Policy settings:
 
--   Turn on Internet Explorer 7 Standards Mode
+-   Turn on Internet Explorer 7 Standards Mode
 
 -   Turn off Compatibility View button
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index a834636814..825f199730 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -3,10 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.prod: ie11
 ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
+ms.reviewer: 
+manager: dansimp
 title: Out-of-date ActiveX control blocking (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 05/10/2018
@@ -189,15 +191,15 @@ Before running the PowerShell script, you must copy both the .ps1 and .mof file
 
  **To configure IE to use WMI logging**
 
-1.  Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
+1. Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
 
-2.  On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
-```
-powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
-``` 
-For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+2. On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
+   ```
+   powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
+   ``` 
+   For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
 
-3.  **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
+3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
 
 The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 9e8959e2a9..dfa4a9576b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 10/16/2017
@@ -42,29 +45,29 @@ If you notice that CPU usage is running higher than normal, or that IE is freque
 
  **To check your browser add-ons**
 
-1.  Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
+1. Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
 
-2.  Check if IE still crashes.
    
-If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
+2. Check if IE still crashes.
    
+   If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
 
-3.  Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
+3. Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
 
-4.  Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
    
-After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
+4. Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
    
+   After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
 
- **To check for Software Rendering mode**
+   **To check for Software Rendering mode**
 
-1.  Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
+5. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
 
-2.  On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
    
-If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
+6. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
    
+   If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
 
 ## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
 IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Microsoft Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index e63c2475a6..40db70828c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -37,9 +40,9 @@ This is a permanent removal and erases everything. However, if you determine it
 - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index 5037f6fe3c..d1c5e4e457 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local compatibility view list.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index 05a2e285bb..0331c344b2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index d6bba6d3d8..a5617dbc2c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
index 06af735490..06750c612b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # Schedule approved change requests for production using the Enterprise Mode Site List Portal
@@ -47,4 +50,4 @@ After a change request is approved, the original Requester can schedule the chan
 
 
 ## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index d4ac172352..f78022cc56 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -26,16 +29,16 @@ You can search to see if a specific site already appears in your global Enterpri
 
  **To search your compatibility list**
 
--   From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
    
-The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
+- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
    
+  The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
 
 ## Related topics
 - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 896d0512a7..09b341577a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index a72a457d0a..3d3726d938 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -37,33 +40,33 @@ When you turn logging on, you need a valid URL that points to a server that can
 
  **To set up an endpoint server**
 
-1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
+1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
 
-2.  Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
    
-This lets you create an ASP form that accepts the incoming POST messages.
+2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
    
+   This lets you create an ASP form that accepts the incoming POST messages.
 
-3.  Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
+3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
 
-    ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png)
+   ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png)
 
-4.  Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
+4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
 
-    ![IIS Manager, setting logging options](images/ie-emie-logging.png)
+   ![IIS Manager, setting logging options](images/ie-emie-logging.png)
 
-5.  Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
    
-Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
+5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
    
+   Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
 
-6.  Apply these changes to your default website and close the IIS Manager.
+6. Apply these changes to your default website and close the IIS Manager.
 
-7.  Put your EmIE.asp file into the root of the web server, using this command:
+7. Put your EmIE.asp file into the root of the web server, using this command:
 
    ``` 
-    <% @ LANGUAGE=javascript %>
-    <%
-    Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
-    %>
-    ```
-This code logs your POST fields to your IIS log file, where you can review all of the collected data.
+   <% @ LANGUAGE=javascript %>
+   <%
+   Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
+   %>
+   ```
+   This code logs your POST fields to your IIS log file, where you can review all of the collected data.
 
 
 ### IIS log file information
@@ -83,47 +86,47 @@ For logging, you’re going to need a valid URL that points to a server that can
 
  **To set up the sample**
 
-1.  Set up a server to collect your Enterprise Mode information from your users.
+1. Set up a server to collect your Enterprise Mode information from your users.
 
-2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
 
-3.  Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
+3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
 
-4.  On the **Build** menu, tap or click **Build Solution**.
    
-The required packages are automatically downloaded and included in the solution.
+4. On the **Build** menu, tap or click **Build Solution**.
    
+   The required packages are automatically downloaded and included in the solution.
 
- **To set up your endpoint server**
+   **To set up your endpoint server**
 
-1.  Right-click on the name, PhoneHomeSample, and click **Publish**.
+5. Right-click on the name, PhoneHomeSample, and click **Publish**.
 
-    ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png)
+   ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png)
 
-2.  In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
+6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
 
    **Important**
    
    Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website. 
 
-    ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png)
+   ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png)
 
    After you finish the publishing process, you need to test to make sure the app deployed successfully.
 
- **To test, deploy, and use the app**
+   **To test, deploy, and use the app**
 
-1.  Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
+7. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
 
-    ``` "Enable"="https:///api/records/"
-    ```
- Where `` points to your deployment URL.
+   ``` "Enable"="https:///api/records/"
+   ```
+   Where `` points to your deployment URL.
 
-2.  After you’re sure your deployment works, you can deploy it to your users using one of the following:
+8. After you’re sure your deployment works, you can deploy it to your users using one of the following:
 
-    -   Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `` information into the **Options** box.
+   -   Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `` information into the **Options** box.
 
-    -   Deploy the registry key in Step 3 using System Center or other management software.
+   -   Deploy the registry key in Step 3 using System Center or other management software.
 
-3.  Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
+9. Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
 
- **To view the report results**
+   **To view the report results**
 
 -   Go to `https:///List` to see the report results.
    
 If you’re already on the webpage, you’ll need to refresh the page to see the results.
@@ -149,9 +152,9 @@ You may need to do some additional package cleanup to remove older package versi
 - [What is Enterprise Mode?](what-is-enterprise-mode.md)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
 - [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 47c4caf92b..872071fdf8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # Set up the Enterprise Mode Site List Portal
@@ -43,7 +46,10 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
 
    Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
 
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
+6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
+
+      >[!Note]
+      >Step 3 of this topic provides the steps to create your database.
 
 7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
 
@@ -105,17 +111,6 @@ Create a new Application Pool and the website, by using the IIS Manager.
     >[!Note]
     >You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
 
-10. Return to the **<website_name> Home** pane, and double-click the **Connection Strings** icon.
-
-11. Open the **LOBMergedEntities Connection String** to edit: 
-
-    - **Data source.** Type the name of your local computer.
-
-    - **Initial catalog.** The name of your database.
-
-        >[!Note]
-        >Step 3 of this topic provides the steps to create your database.
-
 ## Step 3 - Create and prep your database
 Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
 
@@ -229,4 +224,4 @@ Register the EMIEScheduler tool and service for production site list changes.
 
 - [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
 
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index 55f9bcfe0a..155feca2cc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: appcompat
 description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Setup problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 212f8f717a..b04869b6fe 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: System requirements and language support for Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -31,16 +34,16 @@ IE11 isn't supported on Windows 8 or Windows Server 2012.
 
 Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
 
-|Item                        |Minimum requirements                                    |
-|----------------------------|--------------------------------------------------------|
-|Computer/processor          |1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64)          |
-|Operating system            |
    • Windows 10 (32-bit or 64-bit)
    • Windows 8.1 Update (32-bit or 64-bit)
    • Windows 7 with SP1 (32-bit or 64-bit)
    • Windows Server 2012 R2
    • Windows Server 2008 R2 with SP1 (64-bit only)
     |
-|Memory            |
    • Windows 10 (32-bit)-1 GB
    • Windows 10 (64-bit)-2 GB
    • Windows 8.1 Update (32-bit)-1 GB
    • Windows 8.1 Update (64-bit)-2 GB
    • Windows 7 with SP1 (32-bit or 64-bit)-512 MB
    • Windows Server 2012 R2-512 MB
    • Windows Server 2008 R2 with SP1 (64-bit only)-512 MB
     |
-|Hard drive space            |
    • Windows 10 (32-bit)-16 GB
    • Windows 10 (64-bit)-20 GB
    • Windows 8.1 Update (32-bit)-16 GB
    • Windows 8.1 Update (64-bit)-20 GB
    • Windows 7 with SP1 (32-bit)-70 MB
    • Windows 7 with SP1 (64-bit)-120 MB
    • Windows Server 2012 R2-32 GB
    • Windows Server 2008 R2 with SP1 (64-bit only)-200 MB
        •  |
-|Drive                       |CD-ROM drive (if installing from a CD-ROM) |
-|Display                     |Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
-|Peripherals                 |Internet connection and a compatible pointing device               |
 
+|        Item        |                                                                                                                                                                  Minimum requirements                                                                                                                                                                   |
+|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Computer/processor |                                                                                                                                                     1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64)                                                                                                                                                      |
+|  Operating system  |                                                            
        • Windows 10 (32-bit or 64-bit)
        • Windows 8.1 Update (32-bit or 64-bit)
        • Windows 7 with SP1 (32-bit or 64-bit)
        • Windows Server 2012 R2
        • Windows Server 2008 R2 with SP1 (64-bit only)
                                                                     |
+|       Memory       |                  
        • Windows 10 (32-bit)-1 GB
        • Windows 10 (64-bit)-2 GB
        • Windows 8.1 Update (32-bit)-1 GB
        • Windows 8.1 Update (64-bit)-2 GB
        • Windows 7 with SP1 (32-bit or 64-bit)-512 MB
        • Windows Server 2012 R2-512 MB
        • Windows Server 2008 R2 with SP1 (64-bit only)-512 MB
                          |
+|  Hard drive space  | 
        • Windows 10 (32-bit)-16 GB
        • Windows 10 (64-bit)-20 GB
        • Windows 8.1 Update (32-bit)-16 GB
        • Windows 8.1 Update (64-bit)-20 GB
        • Windows 7 with SP1 (32-bit)-70 MB
        • Windows 7 with SP1 (64-bit)-120 MB
        • Windows Server 2012 R2-32 GB
        • Windows Server 2008 R2 with SP1 (64-bit only)-200 MB
            •  |
+|       Drive        |                                                                                                                                                       CD-ROM drive (if installing from a CD-ROM)                                                                                                                                                        |
+|      Display       |                                                                                                                                           Super VGA (800 x 600) or higher-resolution monitor with 256 colors                                                                                                                                            |
+|    Peripherals     |                                                                                                                                                  Internet connection and a compatible pointing device                                                                                                                                                   |
 
 ## Support for .NET Framework
 You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
@@ -50,9 +53,9 @@ IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 lan
 
 Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index de391cfd69..100c1159b5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -3,10 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.prod: ie11
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
 title: Tips and tricks to manage Internet Explorer compatibility
 ms.sitesec: library
 ms.date: 05/10/2018
@@ -130,4 +132,4 @@ We recommend that enterprise customers focus their new development on establishe
 - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
\ No newline at end of file
+- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index 7e28e38f9f..b560483fb1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Troubleshoot Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index 53ac1a4017..ae44dfb1ef 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -29,49 +32,49 @@ In addition, if you no longer want your users to be able to turn Enterprise Mode
 **Important**
            
 Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
 
-  **To turn off the site list using Group Policy**
+  **To turn off the site list using Group Policy**
 
-1.  Open your Group Policy editor, like Group Policy Management Console (GPMC).
+1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
 
-2.  Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
            
-Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
+2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
            
+   Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
 
- **To turn off local control using Group Policy**
+   **To turn off local control using Group Policy**
 
-1.  Open your Group Policy editor, like Group Policy Management Console (GPMC).
+3. Open your Group Policy editor, like Group Policy Management Console (GPMC).
 
-2.  Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
+4. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
 
-3.  Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
+5. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
 
- **To turn off the site list using the registry**
+   **To turn off the site list using the registry**
 
-1.  Open a registry editor, such as regedit.exe.
+6. Open a registry editor, such as regedit.exe.
 
-2.  Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
            
-You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
+7. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
            
+   You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
 
-3.  Close all and restart all instances of Internet Explorer.
            
-IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
+8. Close all and restart all instances of Internet Explorer.
            
+   IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
 
- **To turn off local control using the registry**
+   **To turn off local control using the registry**
 
-1.  Open a registry editor, such as regedit.exe.
+9. Open a registry editor, such as regedit.exe.
 
-2.  Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
            
-You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
+10. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
            
+    You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
 
-3.  Close and restart all instances of IE.
            
-Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
+11. Close and restart all instances of IE.
            
+    Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
 
 ## Related topics
 - [What is Enterprise Mode?](what-is-enterprise-mode.md)
 - [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
 - [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index c98c3e7c5b..c562b6862a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Turn off natural metrics for Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -20,15 +23,15 @@ However, you might find that many intranet sites need you to use Windows Graphic
 
 -   Add the following HTTP header to each site: `X-UA-TextLayoutMetrics: gdi`
 
-
            **-OR-**
            
+
            -OR-
            
 
 - Add the following <meta> tag to each site: ``
 
 Turning off natural metrics automatically turns on GDI metrics.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index a46290559e..ba48d04b38 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -2,12 +2,14 @@
 title: Turn on Enterprise Mode and use a site list (Internet Explorer 11 for IT Pros)
 description: How to turn on Enterprise Mode and specify a site list.
 ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
+ms.reviewer: 
+manager: dansimp
 ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 
@@ -35,28 +37,28 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
 
  **To turn on Enterprise Mode using Group Policy**
 
-1.  Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
            
-Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
+1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
            
+   Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
 
-    ![local group policy editor for using a site list](images/ie-emie-grouppolicysitelist.png)
+   ![local group policy editor for using a site list](images/ie-emie-grouppolicysitelist.png)
 
-2.  Click **Enabled**, and then in the **Options** area, type the location to your site list.
+2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
 
- **To turn on Enterprise Mode using the registry**
+   **To turn on Enterprise Mode using the registry**
 
-1.  **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
-
            -OR-
            
-**For all users on the device:** Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+3. **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+   
            -OR-
            
+   For all users on the device: Open a registry editor, like regedit.exe and go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode.
 
-2.  Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
+4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
 
-    ![enterprise mode with site list in the registry](images/ie-emie-registrysitelist.png)
+   ![enterprise mode with site list in the registry](images/ie-emie-registrysitelist.png)
 
-    -   **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
+   -   **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
 
-    -   **Local network:** `"SiteList"="\\network\shares\sites.xml"`
+   -   **Local network:** `"SiteList"="\\network\shares\sites.xml"`
 
-    -   **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"`
+   -   **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"`
     
    All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. For information about how to create and use an Enterprise Mode site list, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
 
@@ -65,9 +67,9 @@ Turning this setting on also requires you to create and store a site list. For m
 - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index ea9a56a081..830bb995d5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Turn on local user control and logging for Enterprise Mode.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -28,34 +31,34 @@ Besides turning on this feature, you also have the option to provide a URL for E
 
  **To turn on local control of Enterprise Mode using Group Policy**
 
-1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
+1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
 
-    ![group policy editor with emie setting](images/ie-emie-editpolicy.png)
+   ![group policy editor with emie setting](images/ie-emie-editpolicy.png)
 
-2.  Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
+2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
 
- **To turn on local control of Enterprise Mode using the registry**
+   **To turn on local control of Enterprise Mode using the registry**
 
-1.  Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+3. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
 
-2.  In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
+4. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
 
-3.  Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
+5. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
 
-    ![edit registry string for data collection location](images/ie-emie-editregistrystring.png)
+   ![edit registry string for data collection location](images/ie-emie-editregistrystring.png)
 
 Your **Value data** location can be any of the following types:
 
--   **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
            **Important**
            
-The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
--   **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
--   **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
+- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
            **Important**
            
+  The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
+- **Local network location (like, https://emieposturl/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
 
 For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index 2d64e28d56..7a9a2bf652 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: High-level info about some of the new and updated features for Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: List of updated features and tools - Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
index 0da4b5a228..b7fde38f3a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
@@ -7,6 +7,10 @@ ms.prod: ie11
 title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
+author: lomayor
 ---
 
 # Use the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 9abbcb8a09..ae87b553de 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 12/04/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 907b26056e..41c083dc6e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -29,15 +32,15 @@ For IE11, the UI has been changed to provide just the controls needed to support
 
  **To turn the toolbars back on**
 
--   Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
-
            -OR-
            
-In IE, press **ALT+V** to show the **View** menu, press **T** to enter the **Toolbars** menu, and then press:
+- Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
+  
            -OR-
            
+  In IE, press ALT+V to show the View menu, press T to enter the Toolbars menu, and then press:
 
-    -   **C** to turn on the **Command Bar**
+  -   **C** to turn on the **Command Bar**
 
-    -   **F** to turn on the **Favorites Bar**
+  -   **F** to turn on the **Favorites Bar**
 
-    -   **S** to turn on the **Status Bar**
+  -   **S** to turn on the **Status Bar**
 
 ## Where did the search box go?
 IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
@@ -45,11 +48,11 @@ IE11 uses the **One Box** feature, which lets users type search terms directly i
 >[!NOTE]
 >Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see  [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index 14c7b096ac..f003c50e45 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
index f4d86e9b12..b2f95cad98 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 1ccb850f60..6c1dd0c421 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use Setup Information (.inf) files to create installation packages.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -16,14 +19,14 @@ IEAK 11 uses Setup information (.inf) files to provide uninstallation instructi
 
  **To add uninstallation instructions to the .inf files**
 
--   Open the Registry Editor (regedit.exe) and add these registry keys:
-```
-HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
-HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
-```
-Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
-
            **Note**
            
-Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the **Uninstall or change a program**.
+- Open the Registry Editor (regedit.exe) and add these registry keys:
+  ```
+  HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
+  HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
+  ```
+  Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
+  
            Note
            
+  Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the Uninstall or change a program.
 
 ## Limitations
 .Inf files have limitations:
@@ -34,9 +37,9 @@ Make sure your script removes the uninstallation registry key, too. Otherwise, t
 
 -   You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298510).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
index 3f67e92d70..b0c9ec8690 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # Verify your changes using the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
index 66e6178858..ec478a69f7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # Verify the change request update in the production environment using the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
index af5ebf2e29..491687cebc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
index 942409e353..f39f6b42eb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 # View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
@@ -47,4 +50,4 @@ Administrators can view the Microsoft-provided Enterprise Mode reports from the
 
     - **Reasons for request.** Shows how many change request reasons exist, based on the **Reason for request** field.
 
-    - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
\ No newline at end of file
+    - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index d62ac7df09..30b5c76f3c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: virtualization
 description: Virtualization and compatibility with Internet Explorer 11
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 61997d30d7..b9089a1624 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 10/25/2018
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index f0dbb0fe38..f1e454751b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -3,11 +3,13 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
 description: How to download and use the Internet Explorer 11 Blocker Toolkit to turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.manager: elizapo
 ms.prod: ie11
 ms.assetid: fafeaaee-171c-4450-99f7-5cc7f8d7ba91
+ms.reviewer: 
+manager: dansimp
 title: What is the Internet Explorer 11 Blocker Toolkit? (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 05/10/2018
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
index e63b48ab92..86d1ead8ce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
@@ -40,4 +43,4 @@ Use the topics in this section to learn how to perform the available Enterprise
 
 - [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
 
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
\ No newline at end of file
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index 304aac3c88..0eb0c067b3 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: explore
 description: Frequently asked questions about Internet Explorer 11 for IT Pros
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 10/16/2017
@@ -12,31 +15,31 @@ ms.date: 10/16/2017
 
 
 # Internet Explorer 11 - FAQ for IT Pros
-Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
+Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
 
 ## Frequently Asked Questions
 
 **Q: What operating system does IE11 run on?**
 
--   Windows 10
+-   Windows 10
 
--   Windows 8.1
+-   Windows 8.1
 
--   Windows Server 2012 R2
+-   Windows Server 2012 R2
 
--   Windows 7 with Service Pack 1 (SP1)
+-   Windows 7 with Service Pack 1 (SP1)
 
--   Windows Server 2008 R2 with Service Pack 1 (SP1)
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
 
 
-**Q: How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?**
            
-IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
+**Q: How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?**
            
+IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
 
-**Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**
            
-You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
+**Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**
            
+You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
 
-**Q: How does IE11 integrate with Windows 8.1?**
            
-IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
+**Q: How does IE11 integrate with Windows 8.1?**
            
+IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
 
 **Q: What are the new or improved security features?**
            
 IE11 offers improvements to Enhanced Protected Mode, password manager, and other security features. IE11 also turns on Transport Layer Security (TLS) 1.2 by default.
@@ -62,9 +65,9 @@ Supported web standards include:
 For more information about specific changes and additions, see the [IE11 guide for developers](https://go.microsoft.com/fwlink/p/?LinkId=313188).
 
 **Q: What test tools exist to test for potential application compatibility issues?**
            
-The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
 
-**Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?
            
+**Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?
            
 It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
 
 -   **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
@@ -77,7 +80,7 @@ For more information, see the [Web Applications](https://go.microsoft.com/fwlink
 Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
 
 **Q: What is Enterprise Mode?**
            
-Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
            
+Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
            
 For more information, see [Turn on Enterprise Mode and use a site list](../ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md).
 
 **Q: What is the Enterprise Mode Site List Manager tool?**
            
@@ -85,18 +88,18 @@ Enterprise Mode Site List Manager tool gives you a way to add websites to your E
 For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
 
 **Q: Are browser plug-ins supported in IE11?**
            
-The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
+The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
 
 **Q: Is Adobe Flash supported on IE11?**
            
-Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
            
+Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
            
 **Important**
            
-The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
+The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
 
-**Q: Can I replace IE11 on Windows 8.1 with an earlier version?**
            
-No. Windows 8.1 doesn't support any of the previous versions of IE.
+**Q: Can I replace IE11 on Windows 8.1 with an earlier version?**
            
+No. Windows 8.1 doesn't support any of the previous versions of IE.
 
 **Q: Are there any new Group Policy settings in IE11?**
            
-IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
+IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
 
 -   Turn off Page Prediction
 
@@ -120,14 +123,14 @@ Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/f
 
 
 
-**Q: Can I customize settings for IE on Windows 8.1?**
            
+**Q: Can I customize settings for IE on Windows 8.1?**
            
 Settings can be customized in the following ways:
 
 -   IE11 **Settings** charm.
 
 -   IE11-related Group Policy settings.
 
--   IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
+-   IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
 
 **Q: Can I make Internet Explorer for the desktop my default browsing experience?**
            
 Group Policy settings can be set to open either IE or Internet Explorer for the desktop as the default browser experience. Individual users can configure their own settings in the **Programs** tab of **Internet Options**. The following table shows the settings and results:
            
@@ -143,6 +146,7 @@ Group Policy settings can be set to open either IE or Internet Explorer for the
 Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
 
 IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
+
 |  |  |  |
 |---------|---------|---------|
 |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)     |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)         |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)         |
@@ -196,4 +200,4 @@ The following table displays which pages are available in IEAK 11, based on the
 ## Related topics
 - [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
\ No newline at end of file
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
index 3bba45984c..7e3946d6d2 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
@@ -2,10 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: explore
 description: Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.prod: ie11
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
 title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
 ms.sitesec: library
 ms.date: 05/10/2018
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.md b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
index 59d6f5be4a..da2478e9e8 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
@@ -3,11 +3,13 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
 description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.manager: elizapo
 ms.prod: ie11
 ms.assetid:
+ms.reviewer: 
+manager: dansimp
 title: IEAK 11 - Frequently Asked Questions
 ms.sitesec: library
 ms.date: 05/10/2018
@@ -35,7 +37,7 @@ You can customize and install IEAK 11 on the following supported operating syste
 
 >[!Note]
 >IEAK 11 does not support building custom packages for Windows RT.
-     
+
 
 **What can I customize with IEAK 11?**
 
@@ -51,7 +53,7 @@ Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of
 >IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
 
 **Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?**
            
-Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
+Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
 
 - [Internet Explorer Administration Kit Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
 
@@ -97,6 +99,7 @@ The following table displays which pages are available in IEAK 11, based on the
 Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
 
 IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
+
 |  |  |  |
 |---------|---------|---------|
 |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)     |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)         |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)         |
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
index b56b2dedbf..e20d675e6d 100644
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
index f2ab6f6f59..1e9bb4b8b3 100644
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
index b0b9219277..000c0238e4 100644
--- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 7ae4e747-49d2-4551-8790-46a61b5fe838
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Add a Root Certificate page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
index 08b62952da..59d96545ea 100644
--- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Additional Settings page in IEAK 11 Customization Wizard for additional settings that relate to your employee’s desktop, operating system, and security.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c90054af-7b7f-4b00-b55b-5e5569f65f25
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Additional Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index 440d2c7fc1..24d7df97b1 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Automatic Configuration page in the IEAK 11 Customization Wizard to add URLs to auto-configure IE.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: de5b1dbf-6e4d-4f86-ae08-932f14e606b0
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Automatic Configuration page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index b14d4aa1ce..3c1997587f 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -23,13 +26,13 @@ Before you can set up your environment to use automatic detection, you need to t
 ## Automatic detection on DHCP and DNS servers
 Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
 
--   **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
            **Note**
            
-Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.    
+- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
+  
            Note
            
+  Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.    
 
--   **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
-
            **Note**
            
-DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
+- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
+  
            Note
            
+  DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
 
 **To set up automatic detection for DHCP servers**
 
@@ -43,16 +46,16 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
 
 **To set up automatic detection for DNS servers**
 
-1.  In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
            The syntax is:
            
-` IN A `
            
-`corserv IN A 192.55.200.143`
            
-`nameserver2 IN A 192.55.200.2`
            
-`mailserver1 IN A 192.55.200.51`
-
            **-OR-**
            
-Create a canonical name (CNAME) alias record, named **WPAD**. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
            
-**Note**
            For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
+1. In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
            The syntax is:
            
+   ` IN A `
            
+   `corserv IN A 192.55.200.143`
            
+   `nameserver2 IN A 192.55.200.2`
            
+   `mailserver1 IN A 192.55.200.51`
+   
            -OR-
            
+   Create a canonical name (CNAME) alias record, named WPAD. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
            
+   Note
            For more info about creating a WPAD entry, see Creating a WPAD entry in DNS. 
 
-2.  After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
+2. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
 
 **Note**
            
 IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
index ae8a5441f1..336b704352 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Automatic Version Synchronization page in the IEAK 11 Customization Wizard to download the IE11 Setup file each time you run the Wizard.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: bfc7685f-843b-49c3-8b9b-07e69705840c
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Automatic Version Synchronization page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
index 6970178857..4558426d56 100644
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
@@ -2,11 +2,13 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: A list of steps to follow before you start to create your custom browser installation packages.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.manager: elizapo
 ms.prod: ie11
 ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
+ms.reviewer: 
+manager: dansimp
 title: Before you start using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 04/24/2018
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
index 5a0efa8edf..9fa48060a5 100644
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
index 03b1f4eddb..5b332edf14 100644
--- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c4a18dcd-2e9c-4b5b-bcc5-9b9361a79f0d
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Browser User Interface page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -16,7 +19,7 @@ The **Browser User Interface** page of the Internet Explorer Customization Wizar
 
 **Note**
            The customizations you make on this page apply only to Internet Explorer for the desktop.
 
- **To use the Browser User Interface page**
+ **To use the Browser User Interface page**
 
 1.  Check the **Customize Title Bars** box so you can add your custom text to the **Title Bar Text** box.
            
 The text shows up in the title bar as **IE provided by** <*your_custom_text*>.
@@ -25,27 +28,27 @@ The text shows up in the title bar as **IE provided by** <*your_custom_text*&
 
 **Note**
            Only Administrators can use this option.
 
-3.  Click **Add** to add new toolbar buttons.
            
-The **Browser Toolbar Button Information** box appears.
+3. Click **Add** to add new toolbar buttons.
            
+   The **Browser Toolbar Button Information** box appears.
 
-4.  In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
+4. In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
 
-5.  In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
+5. In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
 
-6.  In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
+6. In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
 
-7.  Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
            
-This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
+7. Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
            
+   This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
 
-8.  Click **OK.**
+8. Click **OK.**
 
-9.  Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
+9. Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
 
 10. Click **Next** to go to the [Search Providers](search-providers-ieak11-wizard.md) page or **Back** to go to the [User Experience](user-experience-ieak11-wizard.md) page.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
index e317f9ebc8..d6404a8966 100644
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
index b602a68d7f..1b78bbee1d 100644
--- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Browsing Options page in the IEAK 11 Customization Wizard to manage items in the Favorites, Favorites Bar, and Feeds section.
-author: shortpatti
+author: lomayor
 ms.prod: ie111
 ms.assetid: d6bd71ba-5df3-4b8c-8bb5-dcbc50fd974e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Browsing Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
index d7a3094423..ec0d11f73c 100644
--- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[CabSigning\] .INS file setting to customize the digital signature info for your apps.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 098707e9-d712-4297-ac68-7d910ca8f43b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the CabSigning .INS file to customize the digital signature info for your apps (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
index 64b989ddcb..843f8a478c 100644
--- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
@@ -3,9 +3,12 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: We’re sorry. We’ve removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 51d8f80e-93a5-41e4-9478-b8321458bc30
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Compatibility View page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
index 2e8573d0f1..80fc96491a 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: We’re sorry. We’ve removed all of the functionality included on the **Connection Manager** page of the Internet Explorer Customization Wizard 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 1edaa7db-cf6b-4f94-b65f-0feff3d4081a
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Connection Manager page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
index a54ca3f9f5..4ef7b729f2 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Connection Settings page in IEAK 11 Customization Wizard to import and preset connection settings on your employee’s computers.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: dc93ebf7-37dc-47c7-adc3-067d07de8b78
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Connection Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -24,15 +27,15 @@ The **Connection Settings** page of the Internet Explorer Administration Kit (IE
 
 **To use the Connection Settings page**
 
-1.  Decide if you want to customize your connection settings. You can pick:
+1. Decide if you want to customize your connection settings. You can pick:
 
-    -   **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
+   -   **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
 
-    -   **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
+   -   **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
  
- **Note**
            If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
+   **Note**
            If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
 
-2.  Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
+2. Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
 
-3.  Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
+3. Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
 
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
index 0112c0f16f..bd63234840 100644
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
index b8981f575f..21c49dc308 100644
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Create the build computer folder structure using IEAK 11  (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
index 4827fc1c75..0b775febe8 100644
--- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review this list of tasks and references before you create and deploy your Internet Explorer 11 custom install packages.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: fe71c603-bf07-41e1-a477-ade5b28c9fb3
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Tasks and references to consider before creating and deploying custom packages using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
index cb1a3823fc..205ced6016 100644
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
index e9cb1ff4ce..70feb9ac8a 100644
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 5b7532f69e..515a597c8f 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index f404bf78cf..ecca772d78 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -14,7 +17,8 @@ ms.date: 07/27/2017
 # Use the CustomBranding .INS file to create custom branding and setup info
 Provide the URL to your branding cabinet (.cab) file.
 
-|Name       |Value                           | Description                                                  |
-|-----------|--------------------------------|--------------------------------------------------------------|
-|Branding |`` |The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab.|
+
+|   Name   |      Value       |                                                      Description                                                       |
+|----------|------------------|------------------------------------------------------------------------------------------------------------------------|
+| Branding | `` | The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab. |
 
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index fde8b84b67..20a747a5db 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: manage
 description: Customize Automatic Search in Internet Explorer so that your employees can type a single word into the Address box to search for frequently used pages.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 694e2f92-5e08-49dc-b83f-677d61fa918a
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Customize Automatic Search using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -21,13 +24,13 @@ You can customize Automatic Search so that your employees can type a single word
 
 **To set up Automatic Search**
 
-1.  Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.
            
-For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
            
-**Important**
            If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location. 
+1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.
            
+   For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
            
+   **Important**
            If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location. 
 
-2.  On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
+2. On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
 
-3.  Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
+3. Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
 
 **To redirect to a different site than the one provided by the search results**
 
@@ -90,9 +93,9 @@ end if
 %>
 ```
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
index 4c3726a566..a3c7eaf892 100644
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
index 7b876c2cea..eb28e056bb 100644
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
index 68953ff98d..634f7bef2e 100644
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 55de376a-d442-478e-8978-3b064407b631
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
index 4baf035425..226ffcfaad 100644
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
index 70f59f0665..028e5960f1 100644
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
index d782c47cf9..c9561b70bb 100644
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
index 8ee207bf57..292da104da 100644
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
index f3fbc10a27..10181210d7 100644
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
index 6e1b19b500..1572c07bcb 100644
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
index a0cec600e1..705f4822e4 100644
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -17,11 +20,11 @@ Info about whether to hide the globally unique identifier (GUID) for each of you
 |Name                  |Value                                                                |Description                                    |
 |------|-------------------------------------------------------------------------------------|-----------------------------------------------|
 |GUID  |
            • **0.** Component isn't hidden.
            • **1.** Component is hidden.
             |Determines whether this is a hidden component. | 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
index 3363f80ab6..2e6aff92eb 100644
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Reference about the command-line options and return codes for Internet Explorer Setup.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
index 0e0ea99ea5..c876d926bb 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
@@ -3,11 +3,13 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
 description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. Use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.manager: dougkim
 ms.prod: ie11
 ms.assetid:
+ms.reviewer: 
+manager: dansimp
 title: Internet Explorer Administration Kit (IEAK) information and downloads
 ms.sitesec: library
 ms.date: 05/10/2018
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
index 1e17bda2eb..16275db551 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index c2483af8c4..00e0667eb1 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Reference about the command-line options for the IExpress Wizard.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
index 235580070d..8590dc3ff7 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the IExpress Wizard on Windows Server 2008 R2 with SP1 to create self-extracting files to run your custom Internet Explorer Setup program.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 5100886d-ec88-4c1c-8cd7-be00da874c57
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: IExpress Wizard for Windows Server 2008 R2 with SP1 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index 604489d8fc..0ecb9dcb7f 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Important URLs - Home Page and Support page in the IEAK 11 Customization Wizard to choose one or more **Home** pages and an online support page for your customized version of IE.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 19e34879-ba9d-41bf-806a-3b9b9b752fc1
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
index 30e1694ffe..d6ec147ebd 100644
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
index ba4e23f6df..5b910085bb 100644
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
index cd6540d994..07784519e8 100644
--- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Language Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
index 056ef076a4..2631d361e7 100644
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@@ -2,10 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Learn about the version of the IEAK 11 you should run, based on your license agreement.
-author: pashort
-ms.author: shortpatti
+author: lomayor
+ms.author: lomayor
 ms.prod: ie11, ieak11
 ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
+ms.reviewer: 
+manager: dansimp
 title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 10/23/2018
@@ -15,44 +17,45 @@ ms.date: 10/23/2018
 # Determine the licensing version and features to use in IEAK 11
 In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
 
-During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
+During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
 
 -   **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
     >[!IMPORTANT]
-    >Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
+    >Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
 
 -   **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
 
 ## Available features by version
 
-| Feature | Internal | External |
-| ---------------------------------------- | :---------------------------------------------: | :----------------------------------------------: |
-|Welcome screen                            | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|File locations                            | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Platform selection                        | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Language selection                        | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Package type selection                    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Feature selection                         | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Automatic Version Synchronization (AVS)   | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Custom components                         | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Internal install                          | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|User experience                           | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|Browser user interface                    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Search providers                          | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Important URLs – Home page and support    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Accelerators                              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Favorites, Favorites bar, and feeds       | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Browsing options                          | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|First Run wizard and Welcome page options | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Connection manager                        | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Connection settings                       | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Automatic configuration                   | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|Proxy settings                            | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Security and privacy settings             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|Add a root certificate                    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|Programs                                  | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
-|Additional settings                       | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
-|Wizard complete                           | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)     |
+|                  Feature                  |                                     Internal                                     |                                       External                                       |
+|-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
+|              Welcome screen               | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|              File locations               | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|            Platform selection             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|            Language selection             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|          Package type selection           | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|             Feature selection             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|  Automatic Version Synchronization (AVS)  | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|             Custom components             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|             Internal install              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|              User experience              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|          Browser user interface           | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|             Search providers              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|  Important URLs – Home page and support   | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|               Accelerators                | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|    Favorites, Favorites bar, and feeds    | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|             Browsing options              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+| First Run wizard and Welcome page options | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|            Connection manager             | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|            Connection settings            | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|          Automatic configuration          | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|              Proxy settings               | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|       Security and privacy settings       | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|          Add a root certificate           | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|                 Programs                  | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+|            Additional settings            | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) |
+|              Wizard complete              | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) |   ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png)   |
+
 ---
 
 
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
index ff473d6648..1d64dec04f 100644
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
index 19e75dbdca..eb1096749e 100644
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
index 9bac11b82d..3cb96c9aa2 100644
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
index d6e16707bd..4579a356b2 100644
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
index 7509c355d2..f3e5a30959 100644
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 5e04f4e473..03b4bfee50 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
index c98971ddef..8210cccc8e 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index 22252bf546..76a1a40aac 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
index e0838b0473..a58ac249bf 100644
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.date: 07/27/2017
 ---
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index 922be0f879..c740428fd7 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: manage
 description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index 3633d298c1..24fb8137bc 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index fe275274f8..8a9dc3eaf9 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
index 8da6980597..8dd5b81f5a 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
index a01457ac6c..c81c6b6a9d 100644
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-author: shortpatti
+author: lomayor
 ms.prod: ie11
 ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
index 8f9826a8b5..7e475887ce 100644
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
@@ -2,10 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package.
-author: shortpatti
-ms.author: pashort
+author: lomayor
+ms.author: lomayor
 ms.prod: ie11
 ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
+ms.reviewer: 
+manager: dansimp
 title: Troubleshoot custom package and IEAK 11 problems (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
index b5ba778a93..1aec2abb8a 100644
--- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
-author: shortpatti
+author: dansimp
 ms.prod: ie11
 ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
index 425f3e2e60..b9d51e17e5 100644
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: shortpatti
+author: dansimp
 ms.prod: ie11
 ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
@@ -18,38 +21,38 @@ The **User Experience** page of the Internet Explorer Customization Wizard 11 le
 
 **To use the User Experience page**
 
-1.  Choose how your employee should interact with Setup, including:
+1. Choose how your employee should interact with Setup, including:
 
-    -   **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
+   - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
 
-    -   **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
+   - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
 
-    -   **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
-    
            Both the hands-free and completely silent installation options will:
+   - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
+     
            Both the hands-free and completely silent installation options will:
     
-        - Answer prompts so Setup can continue.
+     - Answer prompts so Setup can continue.
     
-        - Accept the license agreement.
+     - Accept the license agreement.
 
-        - Determine that Internet Explorer 11 is installed and not just downloaded.
+     - Determine that Internet Explorer 11 is installed and not just downloaded.
 
-        - Perform your specific installation type.
+     - Perform your specific installation type.
 
-        - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
+     - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
 
-2.  Choose if your employee’s device will restart at the end of Setup.
+2. Choose if your employee’s device will restart at the end of Setup.
 
-    -   **Default**. Prompts your employees to restart after installing IE.
+   -   **Default**. Prompts your employees to restart after installing IE.
 
-    -   **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
+   -   **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
 
-    -   **Force restart**. Automatically restarts the computer after installing IE.
+   -   **Force restart**. Automatically restarts the computer after installing IE.
 
-3.  Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
+3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
index b3eaeb6c0f..86deef2e02 100644
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: shortpatti
+author: dansimp
 ms.prod: ie11
 ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
index 2754da89f4..221f4896ab 100644
--- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
+++ b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
@@ -3,11 +3,13 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
 description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
 ms.manager: elizapo
 ms.prod: ie11
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
 title: What IEAK can do for you
 ms.sitesec: library
 ms.date: 05/10/2018
@@ -63,4 +65,4 @@ ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Int
 - [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
\ No newline at end of file
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
index aa88edcfee..e32fa2b1da 100644
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
@@ -2,9 +2,12 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: shortpatti
+author: dansimp
 ms.prod: ie11
 ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 6b1c835350..5d0635344e 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1,17 +1,24 @@
 # [Microsoft HoloLens](index.md)
-## [What's new in Microsoft HoloLens](hololens-whats-new.md)
-## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
-## [Insider preview for Microsoft HoloLens](hololens-insider.md)
-## [Set up HoloLens](hololens-setup.md)
+# [What's new in HoloLens](hololens-whats-new.md)
+# [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
+# [Set up HoloLens](hololens-setup.md)
+
+# Device Management
+## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
 ## [Install localized version of HoloLens](hololens-install-localized.md)
-## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) 
+## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
 ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
 ## [Manage updates to HoloLens](hololens-updates.md)
-## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
-## [Share HoloLens with multiple people](hololens-multiple-users.md)
-## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
-## [Install apps on HoloLens](hololens-install-apps.md)
-## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
 ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
+
+# Application Management 
+## [Install apps on HoloLens](hololens-install-apps.md)
+## [Share HoloLens with multiple people](hololens-multiple-users.md)
+
+# User/Access Management
+## [Set up single application access](hololens-kiosk.md)
+## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
 ## [How HoloLens stores data for spaces](hololens-spaces.md)
-## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
+
+# [Insider preview for Microsoft HoloLens](hololens-insider.md)
+# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
index 315e2f8cc1..b886719944 100644
--- a/devices/hololens/change-history-hololens.md
+++ b/devices/hololens/change-history-hololens.md
@@ -1,12 +1,14 @@
 ---
 title: Change history for Microsoft HoloLens documentation
+ms.reviewer: 
+manager: dansimp
 description: This topic lists new and updated topics for HoloLens.
 keywords: change history
 ms.prod: hololens
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ---
@@ -94,4 +96,4 @@ New or changed topic | Description
 
 | New or changed topic | Description |
 | --- | --- |
-| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |
\ No newline at end of file
+| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index dddf3dbe50..0652ccd8b0 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -4,7 +4,7 @@
       {
         "files": [
           "**/*.md",
-		  "**/**.yml"
+          "**/**.yml"
         ],
         "exclude": [
           "**/obj/**",
@@ -29,27 +29,27 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/hololens/breadcrumb/toc.json",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.author": "jdecker",
-		"ms.date": "04/05/2017",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "Win.itpro-hololens",
-			  "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/hololens/breadcrumb/toc.json",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.author": "jdecker",
+      "ms.date": "04/05/2017",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "Win.itpro-hololens",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [
       null
     ],
     "dest": "devices/hololens",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 8a223c0745..25bf786333 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -4,11 +4,13 @@ description: Enable Bitlocker device encryption to protect files stored on the H
 ms.prod: hololens
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 01/26/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Enable encryption for HoloLens
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 5f79d72c2e..7f5f3200e8 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -4,11 +4,13 @@ description: Enroll HoloLens in mobile device management (MDM) for easier manage
 ms.prod: hololens
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Enroll HoloLens in MDM
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 3a90c8fe68..bb56182d56 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -3,11 +3,13 @@ title: Insider preview for Microsoft HoloLens (HoloLens)
 description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/23/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Insider preview for Microsoft HoloLens
@@ -19,7 +21,7 @@ Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get
 
 ## How do I install the Insider builds? 
  
-On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. 
+On a device running the Windows 10 April 2018 Update, go to Settings -> Update & Security -> Windows Insider Program and select Get started. Link the account you used to register as a Windows Insider. 
 
 Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. 
 
diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md
index 05d7673aa2..c4f9c80521 100644
--- a/devices/hololens/hololens-install-apps.md
+++ b/devices/hololens/hololens-install-apps.md
@@ -4,11 +4,13 @@ description: The recommended way to install apps on HoloLens is to use Microsoft
 ms.prod: hololens
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/23/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Install apps on HoloLens
diff --git a/devices/hololens/hololens-install-localized.md b/devices/hololens/hololens-install-localized.md
index e3729388c3..0d3b2aecfb 100644
--- a/devices/hololens/hololens-install-localized.md
+++ b/devices/hololens/hololens-install-localized.md
@@ -4,18 +4,20 @@ description: Learn how to install the Chinese or Japanese versions of HoloLens
 ms.prod: hololens
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/13/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Install localized versions of HoloLens
 
 In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). 
  
->[!IMPORTANT] 
+>[!IMPORTANT]
 >Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. 
  
    
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index c888927596..01dcda9e51 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -3,11 +3,13 @@ title: Set up HoloLens in kiosk mode (HoloLens)
 description: Use a kiosk configuration to lock down the apps on HoloLens. 
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/13/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up HoloLens in kiosk mode
@@ -153,23 +155,23 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 6. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
 7. In the center pane, click **Browse** to locate and select the kiosk configuration XML file that you created.
 
-  ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
+   ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
 
 8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.   
-8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
-8.  On the **File** menu, select **Save.**
-9.  On the **Export** menu, select **Provisioning package**.
-10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
+10. On the **File** menu, select **Save.**
+11. On the **Export** menu, select **Provisioning package**.
+12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 
-11. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
+13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
 
       -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
 
-12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
+14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
 
-13. Click **Next**.
+15. Click **Next**.
 
-14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
 
     
 
@@ -226,4 +228,4 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 
 
 Watch how to configure a kiosk in a provisioning package.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
\ No newline at end of file
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md
index f5bbdf30af..d4aac40795 100644
--- a/devices/hololens/hololens-multiple-users.md
+++ b/devices/hololens/hololens-multiple-users.md
@@ -3,11 +3,13 @@ title: Share HoloLens with multiple people (HoloLens)
 description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/30/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Share HoloLens with multiple people
diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index 3e488d4a85..5e85f10bec 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -3,11 +3,13 @@ title: Configure HoloLens using a provisioning package (HoloLens)
 description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/13/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Configure HoloLens using a provisioning package
@@ -59,7 +61,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 
 2. Click **Provision HoloLens devices**.
 
-  ![ICD start options](images/icd-create-options-1703.png)   
+   ![ICD start options](images/icd-create-options-1703.png)   
 
 3. Name your project and click **Finish**. 
 
@@ -72,12 +74,12 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 
 
 
-
-
-
- 
-
-
+
+
+
+ 
+
+
            ![step one](images/one.png)![set up device](images/set-up-device.png)

            Browse to and select the enterprise license file to upgrade the HoloLens edition.

            You can also toggle **Yes** or **No** to hide parts of the first experience.

            To set up the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.

            Select a region and timezone in which the device will be used.             		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
            ![step two](images/two.png)  ![set up network](images/set-up-network.png)

            In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.            		![Enter network SSID and type](images/set-up-network-details-desktop.png)
            ![step three](images/three.png)  ![account management](images/account-management.png)

            You can enroll the device in Azure Active Directory, or create a local account on the device

            Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions. 

            To create a local account, select that option and enter a user name and password. 

            **Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.              		![join  Azure AD or create a local  account](images/account-management-details.png)
            ![step four](images/four.png) ![add certificates](images/add-certificates.png)

            To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.            		![add a certificate](images/add-certificates-details.png)
            ![step five](images/five.png) ![Developer Setup](images/developer-setup.png)

            Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)            		![Enable Developer Mode](images/developer-setup-details.png)
            ![step six](images/six.png) ![finish](images/finish.png)

            Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.            		![Protect your package](images/finish-details.png)
            step oneset up device

            Browse to and select the enterprise license file to upgrade the HoloLens edition.

            You can also toggle Yes or No to hide parts of the first experience.

            To set up the device without the need to connect to a Wi-Fi network, toggle Skip Wi-Fi setup to On.

            Select a region and timezone in which the device will be used.             		Select enterprise licence file and configure OOBE
            step two  set up network

            In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.            		Enter network SSID and type
            step three  account management

            You can enroll the device in Azure Active Directory, or create a local account on the device

            Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions. 

            To create a local account, select that option and enter a user name and password. 

            Important: (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.              		join  Azure AD or create a local  account
            step four add certificates

            To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.            		add a certificate
            step five Developer Setup

            Toggle Yes or No to enable Developer Mode on the HoloLens. Learn more about Developer Mode.            		Enable Developer Mode
            step six finish

            Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.            		Protect your package
            
 
            
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
index e5d185bf40..b0f40d77cc 100644
--- a/devices/hololens/hololens-recovery.md
+++ b/devices/hololens/hololens-recovery.md
@@ -1,10 +1,12 @@
 ---
 title: Restore HoloLens 2 using Advanced Recovery Companion 
+ms.reviewer: 
+manager: dansimp
 description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md
index 402cb33a40..6cb247c60b 100644
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@@ -3,11 +3,13 @@ title: HoloLens in the enterprise requirements and FAQ (HoloLens)
 description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 06/04/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Microsoft HoloLens in the enterprise: requirements and FAQ
diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md
index 0f62fc2e6e..c7007d172e 100644
--- a/devices/hololens/hololens-setup.md
+++ b/devices/hololens/hololens-setup.md
@@ -3,11 +3,13 @@ title: Set up HoloLens (HoloLens)
 description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up HoloLens
diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md
index 19307fdfb6..3df4ee1cc8 100644
--- a/devices/hololens/hololens-spaces.md
+++ b/devices/hololens/hololens-spaces.md
@@ -3,11 +3,13 @@ title: How HoloLens stores data for spaces (HoloLens)
 description: 
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/05/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # How HoloLens stores data for spaces
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index 9ea1e9de34..ef830c3525 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -3,11 +3,13 @@ title: Manage updates to HoloLens (HoloLens)
 description: Administrators can use mobile device management to manage updates to HoloLens devices.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/30/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Manage updates to HoloLens
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index f7da9a892b..bfafb1d925 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -3,11 +3,13 @@ title: Unlock Windows Holographic for Business features (HoloLens)
 description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/09/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Unlock Windows Holographic for Business features
diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md
index 0e17d81790..c250d1c12c 100644
--- a/devices/hololens/hololens-whats-new.md
+++ b/devices/hololens/hololens-whats-new.md
@@ -3,11 +3,13 @@ title: What's new in Microsoft HoloLens (HoloLens)
 description: Windows Holographic for Business gets new features in Windows 10, version 1809.
 ms.prod: hololens
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/13/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # What's new in Microsoft HoloLens
@@ -33,14 +35,14 @@ Share from Microsoft Edge | Share button is now available on Microsoft Edge wind
 ### For administrators 
 
 
-Feature | Details  
---- | --- 
-[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**.   
-Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration.  
-PIN sign-in on profile switch from sign-in screen  | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. 
-Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. 
            **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  
-Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. 
-Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. 
+|                                   Feature                                   |                                                                                                                                                                       Details                                                                                                                                                                        |
+|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|         [Enable post-setup provisioning](hololens-provisioning.md)          |                                                                                                                                   You can now apply a runtime provisioning package at any time using **Settings**.                                                                                                                                   |
+|                    Assigned access with Azure AD groups                     |                                                                                                           You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration.                                                                                                            |
+|              PIN sign-in on profile switch from sign-in screen              |                                                                                                                                                  PIN sign-in is now available for **Other User**.                                                                                                                                                    |
+|             Sign in with Web Credential Provider using password             | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. 
            **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  |
+| Read device hardware info through MDM so devices can be tracked by serial # |                                                                                        IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions.                                                                                         |
+|                Set HoloLens device name through MDM (rename)                |                                                                                                IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions.                                                                                                |
 
 ### For international customers 
  
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 9b7ed69845..e3790fbfb5 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -14,7 +14,7 @@ ms.date: 07/27/2018
 
 
 
-
+
            Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
             Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.
            		![Hololens](images/hololens.png)
            Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
             Microsoft HoloLens is available in the Development Edition, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the Commercial Suite, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.
            		Hololens
            
 
            
 
 ## In this section
diff --git a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
new file mode 100644
index 0000000000..3254e13d6c
--- /dev/null
+++ b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
@@ -0,0 +1,27 @@
+---
+title: General Data Privacy Regulation and Surface Hub
+description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
+ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
+ms.reviewer: 
+manager: 
+keywords: GDPR
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# General Data Privacy Regulation and Surface Hub
+
+In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents.
+
+Surface Hub customers concerned about privacy under the new GDPR regulations can manage their device privacy with the following options that are provided by Microsoft:
+
+* **Option 1:** Surface Hub devices in regions enforcing GDPR regulations will install KB4284830 when publicly available to automatically reduce diagnostic data emission to basic. Customers opting to provide a higher level of diagnostic data can use the Surface Hub Settings application or Mobile Device Management to override the default basic setting.
+
+* **Option 2:** Surface Hub customers who want to remove any existing diagnostic data can download the **Surface Hub Delete Diagnostic Data** application from the Microsoft Store. This app will allow customers to request deletion of associated diagnostic data directly from their Surface Hub device.
+
+Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.
+
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index 058ddefab4..5455a7c03d 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -48,8 +48,16 @@
 ## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
 ## [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
 ## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
+## [Surface Hub Update History](surface-hub-update-history.md)
+## [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md)
+## [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md)
+## [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md)
+## [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md)
+## [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md)
+## [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md)
+## [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md)
 ## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
 ## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
 ## [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
 ## [Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md)
-## [Change history for Surface Hub](change-history-surface-hub.md)
\ No newline at end of file
+## [Change history for Surface Hub](change-history-surface-hub.md)
diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md
index 3c04327201..031501c2b4 100644
--- a/devices/surface-hub/accessibility-surface-hub.md
+++ b/devices/surface-hub/accessibility-surface-hub.md
@@ -2,11 +2,13 @@
 title: Accessibility (Surface Hub)
 description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10.
 ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
+ms.reviewer: 
+manager: dansimp
 keywords: Accessibility settings, Settings app, Ease of Access
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index 05e00d56fe..8125113887 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Admin group management (Surface Hub)
 description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device.
 ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE
+ms.reviewer: 
+manager: dansimp
 keywords: admin group management, Settings app, configure Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -35,7 +37,7 @@ Note that the local admin account information is not backed by any directory ser
 
 ### Domain join the device to Active Directory (AD)
 
-You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#a-href-iduse-active-directoryause-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
+You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#use-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
 
 #### What happens when you domain join your Surface Hub?
 Surface Hubs use domain join to:
@@ -51,7 +53,7 @@ Surface Hub does not support applying group policies or certificates from the do
 
 ### Azure Active Directory (Azure AD) join the device
 
-You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#a-href-iduse-microsoft-azureause-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
+You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#use-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
 
 By default, all **global administrators** will be given admin rights on an Azure AD joined Surface Hub. With **Azure AD Premium** or **Enterprise Mobility Suite (EMS)**, you can add additional administrators:
 1.  In the [Azure classic portal](https://manage.windowsazure.com/), click **Active Directory**, and then click the name of your organization's directory.
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index f037f97ecb..d2e0e0f813 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: PowerShell for Surface Hub (Surface Hub)
 description: PowerShell scripts to help set up and manage your Microsoft Surface Hub.
 ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784
+ms.reviewer: 
+manager: dansimp
 keywords: PowerShell, set up Surface Hub, manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/10/2018
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
index f34a48b0b7..b78abbff57 100644
--- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: Applying ActiveSync policies to device accounts (Surface Hub)
 description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting.
 ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110
+ms.reviewer: 
+manager: dansimp
 keywords: Surface Hub, ActiveSync policies
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index d105eef44f..b28387f8d2 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -1,11 +1,13 @@
 ---
 title: Change history for Surface Hub
+ms.reviewer: 
+manager: dansimp
 description: This topic lists new and updated topics for Surface Hub.
 keywords: change history
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ---
@@ -190,4 +192,4 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 | [Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Reorganize and streamline guidance on creating a device account.  |
 | [Introduction to Surface Hub](intro-to-surface-hub.md) | Move Surface Hub dependencies table to [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md). |
 | [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Add dependency table and reorganize topic. |
-| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. |
\ No newline at end of file
+| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. |
diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md
index bef2ff6610..142af6e80e 100644
--- a/devices/surface-hub/change-surface-hub-device-account.md
+++ b/devices/surface-hub/change-surface-hub-device-account.md
@@ -2,11 +2,13 @@
 title: Change the Microsoft Surface Hub device account
 description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned.
 ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672
+ms.reviewer: 
+manager: dansimp
 keywords: change device account, change properties, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 241cfc77e6..86d6848826 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -2,10 +2,12 @@
 title: Connect other devices and display with Surface Hub
 description: You can connect other device to your Surface Hub to display content. 
 ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D
+ms.reviewer: 
+manager: dansimp
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -107,7 +109,7 @@ Use these ports on the Surface Hub for Guest Mode.
 
 
 
- 
+ 
 
 ### Port locations
 
@@ -222,7 +224,7 @@ Your choice of video cable will be determined by what is available from your sou
 
 
 
- 
+ 
 
 Source audio is provided by DisplayPort and HDMI cables. If you must use VGA, Surface Hub has an audio input port that uses a 3.5 mm plug. Surface Hub also uses a USB cable that provides Touchback and Inkback from the Surface Hub to compatible Windows 10 devices. The USB cable can be used with any video input that is already connected with a cable.
 
@@ -273,20 +275,20 @@ Check directly with graphics card vendors for the latest drivers.
 
 
 
            NVIDIA
            
-
            [http://nvidia.com/Download/index.aspx](http://nvidia.com/Download/index.aspx)
            
+
            http://nvidia.com/Download/index.aspx
            
 
 
 
            AMD
            
-
            [http://support.amd.com/en-us/download](http://support.amd.com/en-us/download)
            
+
            http://support.amd.com/en-us/download
            
 
 
 
            Intel
            
-
            [https://downloadcenter.intel.com/](https://downloadcenter.intel.com/)
            
+
            https://downloadcenter.intel.com/
            
 
 
 
 
- 
+ 
 
 ### Ports
 
@@ -345,7 +347,7 @@ Replacement PC ports on 55" Surface Hub
 
 
 
- 
+ 
 
 Replacement PC ports on 84" Surface Hub
 
@@ -402,7 +404,7 @@ Replacement PC ports on 84" Surface Hub
 
 
 
- 
+ 
 
 ### Replacement PC setup instructions
 
@@ -437,9 +439,9 @@ You can switch the Surface Hub to use the internal PC.
 
 3.  Turn on the Surface Hub using the power switch next to the power cable.
 
- 
+ 
 ## Video Out
- 
+ 
 The Surface Hub includes a Video Out port for mirroring visual content from the Surface Hub to another display.
 
 ### Ports
@@ -489,4 +491,4 @@ You can connect the following accessories to Surface Hub using Bluetooth:
 - Speakers
 
 >[!NOTE]
->After you connect a Bluetooth headset or speaker, you might need to change the [default microphone and speaker settings](local-management-surface-hub-settings.md).
\ No newline at end of file
+>After you connect a Bluetooth headset or speaker, you might need to change the [default microphone and speaker settings](local-management-surface-hub-settings.md).
diff --git a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
new file mode 100644
index 0000000000..9e70a8755c
--- /dev/null
+++ b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
@@ -0,0 +1,22 @@
+---
+title: What to do if the Connect app in Surface Hub exits unexpectedly
+description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
+ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
+ms.reviewer: 
+manager: 
+keywords: surface, hub, connect, input, displayport
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# What to do if the Connect app in Surface Hub exits unexpectedly
+
+At times, a wired Connect session that is started from the Welcome screen by connecting a DisplayPort input will exit back to the Welcome screen after using the side keypad or the source button to cycle through all source inputs.
+
+This is an issue in the Connect app and its default full-screen state. By changing the size of the app, or by selecting a DisplayPort input thumbnail in the Connect app, you can prevent input cycling from affecting the app.
+
+The way to resolve this issue is to first launch the Connect app from the Welcome screen, and THEN connect a DisplayPort input. If the input is already connected, manually select the thumbnail.
\ No newline at end of file
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index 2d52e698c0..6c133e978d 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -2,11 +2,13 @@
 title: Create a device account using UI (Surface Hub)
 description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center.
 ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C
+ms.reviewer: 
+manager: dansimp
 keywords: create device account, Office 365 UI, Exchange Admin center, Office 365 admin center, Skype for Business, mobile device mailbox policy
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 05/04/2018
 ms.localizationpriority: medium
@@ -217,6 +219,8 @@ In order to enable Skype for Business, your environment will need to meet the fo
 
 ## Create a device account using the Exchange Admin Center
 
+>[!NOTE]
+>This method will only work if you are syncing from an on-premises Active Directory.
 
 You can use the Exchange Admin Center to create a device account:
 
@@ -241,7 +245,7 @@ You can use the Exchange Admin Center to create a device account:
 >[!NOTE]
 >If you want to create and assign a policy to the account you created, and are using Exchange 2010, look up the corresponding information regarding policy creation and policy assignment when using the EMC (Exchange management console).
 
- 
+ 
 
 1.  Go to the Exchange Admin Center.
 
@@ -369,11 +373,11 @@ If you aren't sure what value to use for the `RegistrarPool` parameter in your e
     Get-CsOnlineUser -Identity ‘alice@contoso.microsoft.com’| fl *registrarpool*
     ```
     
-3.  To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
+3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-    ```PowerShell
-    Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
-    ```
+   ```PowerShell
+   Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
+   ```
 
     
 
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index 3895e5aea7..104a1125cc 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -2,11 +2,13 @@
 title: Create and test a device account (Surface Hub)
 description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype.
 ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67
+ms.reviewer: 
+manager: dansimp
 keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 03/06/2018
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index f562b84288..09c4b1ea60 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -2,11 +2,13 @@
 title: Device reset (Surface Hub)
 description: You may wish to reset your Microsoft Surface Hub.
 ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
+ms.reviewer: 
+manager: dansimp
 keywords: reset Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -99,4 +101,4 @@ Reset will begin after the image is downloaded from the cloud. You will see prog
 
 [Manage Microsoft Surface Hub](manage-surface-hub.md)
 
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
\ No newline at end of file
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
index ae478d22b4..a700575ff9 100644
--- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
+++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
@@ -4,10 +4,12 @@ description: This topic explains the differences between Windows 10 Team and Win
 keywords: change history
 ms.prod: surface-hub
 ms.sitesec: library
-author: isaiahng
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/01/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index 9feee3c192..c5b96ab0fe 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -1,43 +1,50 @@
 {
   "build": {
-    "content":
-      [
-        {
-          "files": ["**/**.md", "**/**.yml"],
-          "exclude": ["**/obj/**"]
-        }
-      ],
+    "content": [
+      {
+        "files": [
+          "**/**.md",
+          "**/**.yml"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
+    ],
     "resource": [
-        {
-          "files": ["**/images/**"],
-          "exclude": ["**/obj/**"]
+      {
+        "files": [
+          "**/images/**"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
+    ],
+    "globalMetadata": {
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
+      "ROBOTS": "INDEX, FOLLOW",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.mktglfcycl": "manage",
+      "author": "jdeckerms",
+      "ms.sitesec": "library",
+      "ms.author": "jdecker",
+      "ms.date": "05/23/2017",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "Win.surface-hub",
+          "folder_relative_path_in_docset": "./"
         }
-    ],
-	"globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-	    "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
-		"ROBOTS": "INDEX, FOLLOW",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.mktglfcycl": "manage",
-		"author": "jdeckerms",
-		"ms.sitesec": "library",
-		"ms.author": "jdecker",
-		"ms.date": "05/23/2017",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "Win.surface-hub",
-			  "folder_relative_path_in_docset": "./"
-			}
-		}
+      }
     },
-    "externalReference": [
-    ],
+    "externalReference": [],
     "template": "op.html",
     "dest": "devices/surface-hub",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md
index 810dc3d2ce..bf91e2e42c 100644
--- a/devices/surface-hub/enable-8021x-wired-authentication.md
+++ b/devices/surface-hub/enable-8021x-wired-authentication.md
@@ -3,10 +3,12 @@ title: Enable 802.1x wired authentication
 description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. 
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/15/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
index 2975a20db0..ea9a144cd0 100644
--- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: Microsoft Exchange properties (Surface Hub)
 description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub.
 ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29
+ms.reviewer: 
+manager: dansimp
 keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md
index c56335e042..8776870779 100644
--- a/devices/surface-hub/finishing-your-surface-hub-meeting.md
+++ b/devices/surface-hub/finishing-your-surface-hub-meeting.md
@@ -4,10 +4,12 @@ description: To end a Surface Hub meeting, tap End session. Surface Hub cleans u
 keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 346d0c8d8a..375ee1686d 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -2,11 +2,13 @@
 title: First-run program (Surface Hub)
 description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process.
 ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49
+ms.reviewer: 
+manager: dansimp
 keywords: first run, Surface Hub, out-of-box experience, OOBE
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -38,7 +40,7 @@ Each of these sections also contains information about paths you might take when
 >[!NOTE]
 >You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details.
 
- 
+ 
 
 ## Hi there page
 
@@ -48,7 +50,7 @@ This is the first screen you'll see when you power up the Surface Hub for the fi
 >[!NOTE]
 >This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing.
 
- Select a language and the initial setup options are displayed.
+ Select a language and the initial setup options are displayed.
 
 ![Image showing ICD options checklist.](images/setuplocale.png)
 
@@ -66,7 +68,7 @@ If the default values shown are correct, then you can click **Next** to go on. O
 >[!NOTE]
 > Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
 
- 
+ 
 
 When the settings are accepted, the device will check for a wired network connection. If the connection is fine, it will display the [Set up for you page](#set-up-for-you). If there is a problem with the wired connection, the device will display the [Network setup page](#network-setup).
 
@@ -88,7 +90,7 @@ This screen is shown only if the device fails to detect a wired network. If you
     >[!NOTE]
     >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
-     
+     
 
 -   You can plug in a network cable while this screen is visible. The device will detect it, and will add **Next** to the screen. Click **Next** to continue with making the wired connection.
 
@@ -123,7 +125,7 @@ This page will be shown when the device detects a wired connection with limited
 -   You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
     **Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
-     
+     
 
 -   You can select **Enter proxy settings** which will allow you to specify how to use the network proxy. You'll be taken to the next screen.
 
@@ -149,7 +151,7 @@ You can skip connecting to a network by selecting **Skip this step**. You'll be
 >[!NOTE]
 >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
- 
+ 
 
 ## Set up for you page
 
@@ -183,12 +185,12 @@ On this page, the Surface Hub will ask for credentials for the device account th
 
 Use either a **user principal name (UPN)** or a **domain\\user name** as the account identifier in the first entry field. Use the format that matches your environment, and enter the password.
 
-| Environment  | Required format for device account|
-| ------------ | ----------------------------------|
-| Device account is hosted only online.  | username@domain.com|
-| Device account is hosted only on-prem.  | DOMAIN\username|
-| Device account is hosted online and on-prem (hybrid).  |  DOMAIN\username|
 
+|                      Environment                      | Required format for device account |
+|-------------------------------------------------------|------------------------------------|
+|         Device account is hosted only online.         |        username@domain.com         |
+|        Device account is hosted only on-prem.         |          DOMAIN\username           |
+| Device account is hosted online and on-prem (hybrid). |          DOMAIN\username           |
 
 Click **Skip setting up a device account** to skip setting up a device account. However, if you don't set up a device account, the device will not be fully integrated into your infrastructure. For example, people won't be able to:
 
@@ -317,7 +319,7 @@ Because every Surface Hub can be used by any number of authenticated employees,
 >[!NOTE]
 >The purpose of this page is primarily to determine who can configure the device from the device’s UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings.
 
- 
+ 
 
 ![Image showing Set up admins for this device page.](images/setupsetupadmins.png)
 
@@ -355,7 +357,7 @@ This is what happens when you choose an option.
 >[!NOTE]
 >After you finish this process, you won't be able to change the device's admin option unless you reset the device.
 
- 
+ 
 
 ### Use Microsoft Azure Active Directory
 
@@ -414,7 +416,7 @@ If the join is successful, you'll see the **Enter a security group** page. When
 >[!NOTE]
 >If you domain join the Surface Hub, you can't unjoin the device without resetting it.
 
- 
+ 
 
 ### Use a local admin
 
@@ -440,7 +442,7 @@ This page will attempt to create a new admin account using the credentials that
 >[!IMPORTANT]
 >Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key.
 
- 
+ 
 
 In order to get the latest features and fixes, you should update your Surface Hub as soon as you finish all of the preceding first-run steps.
 
@@ -449,9 +451,9 @@ In order to get the latest features and fixes, you should update your Surface Hu
 3.  If updates are available, they will be downloaded. Once downloading is complete, click the **Update now** button to install the updates.
 4.  Follow the onscreen prompts after the updates are installed. You may need to restart the device.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index fde0bb2f8a..ab66d2931a 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: Hybrid deployment (Surface Hub)
 description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub.
 ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1
+ms.reviewer: 
+manager: dansimp
 keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 08/30/2018
 ms.localizationpriority: medium
@@ -182,20 +184,20 @@ The following table lists the Office 365 plans and Skype for Business options.
 
     Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
     
-    -   Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
+   - Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
     
-    -   Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+   - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
     
-    -   Click the Surface Hub account, and then click the pen icon to edit the account information.
+   - Click the Surface Hub account, and then click the pen icon to edit the account information.
     
-    -   Click **Licenses**.
+   - Click **Licenses**.
     
-    -   In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
+   - In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
     
-    -   Click **Save**.
+   - Click **Save**.
 
-    >[!NOTE]
-    >You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+     >[!NOTE]
+     >You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
 
 For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account.
 
diff --git a/devices/surface-hub/images/01-diagnostic.png b/devices/surface-hub/images/01-diagnostic.png
new file mode 100644
index 0000000000..fde5951776
Binary files /dev/null and b/devices/surface-hub/images/01-diagnostic.png differ
diff --git a/devices/surface-hub/images/01-escape.png b/devices/surface-hub/images/01-escape.png
new file mode 100644
index 0000000000..badfc5883d
Binary files /dev/null and b/devices/surface-hub/images/01-escape.png differ
diff --git a/devices/surface-hub/images/02-all-apps.png b/devices/surface-hub/images/02-all-apps.png
new file mode 100644
index 0000000000..a29e9d8428
Binary files /dev/null and b/devices/surface-hub/images/02-all-apps.png differ
diff --git a/devices/surface-hub/images/02-skip-this-drive.png b/devices/surface-hub/images/02-skip-this-drive.png
new file mode 100644
index 0000000000..930f0b26d3
Binary files /dev/null and b/devices/surface-hub/images/02-skip-this-drive.png differ
diff --git a/devices/surface-hub/images/03-recover-from-cloud.png b/devices/surface-hub/images/03-recover-from-cloud.png
new file mode 100644
index 0000000000..be422cecc8
Binary files /dev/null and b/devices/surface-hub/images/03-recover-from-cloud.png differ
diff --git a/devices/surface-hub/images/03-welcome.png b/devices/surface-hub/images/03-welcome.png
new file mode 100644
index 0000000000..b71ebe0752
Binary files /dev/null and b/devices/surface-hub/images/03-welcome.png differ
diff --git a/devices/surface-hub/images/04-test-results-1.png b/devices/surface-hub/images/04-test-results-1.png
new file mode 100644
index 0000000000..e0b53f2dc3
Binary files /dev/null and b/devices/surface-hub/images/04-test-results-1.png differ
diff --git a/devices/surface-hub/images/04-yes.png b/devices/surface-hub/images/04-yes.png
new file mode 100644
index 0000000000..9c26b795ce
Binary files /dev/null and b/devices/surface-hub/images/04-yes.png differ
diff --git a/devices/surface-hub/images/05-test-results-2.png b/devices/surface-hub/images/05-test-results-2.png
new file mode 100644
index 0000000000..55b7c7abed
Binary files /dev/null and b/devices/surface-hub/images/05-test-results-2.png differ
diff --git a/devices/surface-hub/images/05a-reinstall.png b/devices/surface-hub/images/05a-reinstall.png
new file mode 100644
index 0000000000..60d90928ba
Binary files /dev/null and b/devices/surface-hub/images/05a-reinstall.png differ
diff --git a/devices/surface-hub/images/05b-downloading.png b/devices/surface-hub/images/05b-downloading.png
new file mode 100644
index 0000000000..59393e7162
Binary files /dev/null and b/devices/surface-hub/images/05b-downloading.png differ
diff --git a/devices/surface-hub/images/06-account-settings.png b/devices/surface-hub/images/06-account-settings.png
new file mode 100644
index 0000000000..35a92f2ff8
Binary files /dev/null and b/devices/surface-hub/images/06-account-settings.png differ
diff --git a/devices/surface-hub/images/06-out-of-box.png b/devices/surface-hub/images/06-out-of-box.png
new file mode 100644
index 0000000000..a513b46c5b
Binary files /dev/null and b/devices/surface-hub/images/06-out-of-box.png differ
diff --git a/devices/surface-hub/images/07-account-settings-details.png b/devices/surface-hub/images/07-account-settings-details.png
new file mode 100644
index 0000000000..421f372b03
Binary files /dev/null and b/devices/surface-hub/images/07-account-settings-details.png differ
diff --git a/devices/surface-hub/images/07-cancel.png b/devices/surface-hub/images/07-cancel.png
new file mode 100644
index 0000000000..a788960011
Binary files /dev/null and b/devices/surface-hub/images/07-cancel.png differ
diff --git a/devices/surface-hub/images/08-test-account.png b/devices/surface-hub/images/08-test-account.png
new file mode 100644
index 0000000000..d7cbf9620d
Binary files /dev/null and b/devices/surface-hub/images/08-test-account.png differ
diff --git a/devices/surface-hub/images/08-troubleshoot.png b/devices/surface-hub/images/08-troubleshoot.png
new file mode 100644
index 0000000000..d2af1969bd
Binary files /dev/null and b/devices/surface-hub/images/08-troubleshoot.png differ
diff --git a/devices/surface-hub/images/09-network.png b/devices/surface-hub/images/09-network.png
new file mode 100644
index 0000000000..d69f2d67ec
Binary files /dev/null and b/devices/surface-hub/images/09-network.png differ
diff --git a/devices/surface-hub/images/09-recover-from-cloud2.png b/devices/surface-hub/images/09-recover-from-cloud2.png
new file mode 100644
index 0000000000..64650a91bb
Binary files /dev/null and b/devices/surface-hub/images/09-recover-from-cloud2.png differ
diff --git a/devices/surface-hub/images/10-cancel.png b/devices/surface-hub/images/10-cancel.png
new file mode 100644
index 0000000000..ffef745522
Binary files /dev/null and b/devices/surface-hub/images/10-cancel.png differ
diff --git a/devices/surface-hub/images/10-environment.png b/devices/surface-hub/images/10-environment.png
new file mode 100644
index 0000000000..376e077249
Binary files /dev/null and b/devices/surface-hub/images/10-environment.png differ
diff --git a/devices/surface-hub/images/11-certificates.png b/devices/surface-hub/images/11-certificates.png
new file mode 100644
index 0000000000..13b45396b3
Binary files /dev/null and b/devices/surface-hub/images/11-certificates.png differ
diff --git a/devices/surface-hub/images/12-trust-model.png b/devices/surface-hub/images/12-trust-model.png
new file mode 100644
index 0000000000..996bb4fdd4
Binary files /dev/null and b/devices/surface-hub/images/12-trust-model.png differ
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index 82f19b1a90..87ed316360 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -13,17 +13,17 @@ ms.localizationpriority: medium
 
 # Microsoft Surface Hub admin guide
 
->[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
-
->[Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
+> [Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
+> 
+> [Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
 
 
-
            Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.![image of a Surface Hub](images/surfacehub.png) 
            
- 
+
            Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.image of a Surface Hub 
            
+
 
 ## Surface Hub setup process
 
-In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
+In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
 
 1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md)
 2. [Gather the information listed in the Setup worksheet](setup-worksheet-surface-hub.md)
@@ -34,22 +34,20 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof
 
 ## In this section
 
-| Topic | Description |
-| --- | --- |
-| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). |
-| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
-| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
-| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. |
-| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
-| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) |
-| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security.  | PowerShell scripts to help set up and manage your Surface Hub. |
-| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. |
-| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
-| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
-| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents. |
-| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. |
-
-
+|                                                           Topic                                                           |                                                                                                                                       Description                                                                                                                                       |
+|---------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                  [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)                  |                                                                        Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update).                                                                         |
+| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) |                                                                                       This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise.                                                                                        |
+|             [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)             | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
+|                                [Set up Microsoft Surface Hub](set-up-your-surface-hub.md)                                 |                                                                                       Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.                                                                                        |
+|                                   [Manage Microsoft Surface Hub](manage-surface-hub.md)                                   |                                                                                                          How to manage your Surface Hub after finishing the first-run program.                                                                                                          |
+|                      [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)                       |                                                                                                                                                                                                                                                                                         |
+|                   [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)                    |                                       This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security.                                        |
+|                         [Top support solutions for Surface Hub](support-solutions-surface-hub.md)                         |                                                                                             These are the top Microsoft Support solutions for common issues experienced using Surface Hub.                                                                                              |
+|                             [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)                             |                                                                                                    Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.                                                                                                    |
+|                            [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)                            |                                                                                                                          Learn how to resolve Miracast issues.                                                                                                                          |
+|                        [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)                        |                                                                                                               This topic provides links to useful Surface Hub documents.                                                                                                                |
+|                              [Change history for Surface Hub](change-history-surface-hub.md)                              |                                                                                                    This topic lists new and updated topics in the Surface Hub documentation library.                                                                                                    |
 
 ## Additional resources
 
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index 847625be1f..e19bfc00dd 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -2,11 +2,13 @@
 title: Install apps on your Microsoft Surface Hub
 description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.
 ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94
+ms.reviewer: 
+manager: dansimp
 keywords: install apps, Microsoft Store, Microsoft Store for Business
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 10/23/2018
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
new file mode 100644
index 0000000000..93c56d4e28
--- /dev/null
+++ b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
@@ -0,0 +1,28 @@
+---
+title: Known issues and additional information about Microsoft Surface Hub
+description: Outlines known issues with Microsoft Surface Hub.
+ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
+ms.reviewer: 
+manager: 
+keywords: surface, hub, issues
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Known issues and additional information about Microsoft Surface Hub
+
+We're listening. Quality is a top priority, and we want to keep you informed about issues impacting customers. The following are some known issues of Microsoft Surface Hub:
+
+- **Skype for Business isn't using proxy for media traffic with RS2**
+
            For some Surface Hub users who are behind a proxy, Skype for Business won't use the proxy server for media. However, the Surface Hub will be able to sign in to the account. We received your feedback and are aware of the media traffic issue when you are using proxy. We're actively investigating this issue and will release fixes as soon as a solution is identified and tested. 
+
+- **For AAD joined devices, when a user tries to sign in to "My meetings & files", Surface Hub reports that there is no Internet connection**
+
            We’re aware of a set of issues that affect sign-in and document access on Surface Hub. We're actively investigating these issues. As a workaround until a resolution is released, customers can reset their devices and set up their Hub to use a local admin account. After reconfiguring to use the local admin account, "My meetings and files" will work as expected.
+- **Single sign-in when Azure AD joined**
+
            Surface Hub was designed for communal spaces, which impacts the way user credentials are stored. Because of this, there are currently limitations in how single sign-in works when devices are Azure AD joined. Microsoft is aware of this limitation and is actively investigating options for a resolution.
+- **Miracast over Infrastructure projection to Surface Hub fails if the Surface Hub has a dot character (.) in the friendly name**
+
            Surface Hub users may experience issues projecting to their device if the Friendly Name includes a period or dot in the name (.) -- for example, "Conf.Room42". To work around the issue, change the Friendly Name of the Hub in **Settings** > **Surface Hub** > **About**, and then restart the device. Microsoft is working on a solution to this issue.
\ No newline at end of file
diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md
index b53d27448f..145254f089 100644
--- a/devices/surface-hub/local-management-surface-hub-settings.md
+++ b/devices/surface-hub/local-management-surface-hub-settings.md
@@ -4,10 +4,12 @@ description: How to manage Surface Hub settings with Settings.
 keywords: manage Surface Hub, Surface Hub settings
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
@@ -58,4 +60,4 @@ Surface Hubs have many settings that are common to other Windows devices, but al
 
 [Remote Surface Hub management](remote-surface-hub-management.md)
 
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
\ No newline at end of file
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 65c471f4a1..a7c90874f6 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Manage settings with an MDM provider (Surface Hub)
 description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution.
 ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE
+ms.reviewer: 
+manager: dansimp
 keywords: mobile device management, MDM, manage policies
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 03/07/2018
 ms.localizationpriority: medium
@@ -56,30 +58,32 @@ You can configure the Surface Hub settings in the following table using MDM. The
 
 For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323). 
 
-| Setting          | Node in the SurfaceHub CSP         | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| ---- | --- | --- | --- | --- |
-| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime 
             MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
-| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
-| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
-| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID 
             MOMAgent/WorkspaceKey | Yes | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Friendly name for wireless projection | Properties/FriendlyName | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Device account, including password rotation | DeviceAccount/*``* 
             See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
-| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set default volume | Properties/DefaultVolume | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set screen timeout | Properties/ScreenTimeout | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set session timeout | Properties/SessionTimeout | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set sleep timeout | Properties/SleepTimeout | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes 
              | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes 
             [Use a custom policy.](#example-intune)  | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes 
             [Use a custom policy.](#example-intune)  | Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+
+|                                     Setting                                      |                                                    Node in the SurfaceHub CSP                                                    |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+|                                Maintenance hours                                 |                        MaintenanceHoursSimple/Hours/StartTime 
             MaintenanceHoursSimple/Hours/Duration                         |                       Yes                        |                       Yes                       |             Yes             |
+|              Automatically turn on the screen using motion sensors               |                                                 InBoxApps/Welcome/AutoWakeScreen                                                 |                       Yes                        |                       Yes                       |             Yes             |
+|                      Require a pin for wireless projection                       |                                             InBoxApps/WirelessProjection/PINRequired                                             |                       Yes                        |                       Yes                       |             Yes             |
+|                            Enable wireless projection                            |                                               InBoxApps/WirelessProjection/Enabled                                               |                       Yes                        | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                 Miracast channel to use for wireless projection                  |                                               InBoxApps/WirelessProjection/Channel                                               |                       Yes                        | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|              Connect to your Operations Management Suite workspace               |                                         MOMAgent/WorkspaceID 
             MOMAgent/WorkspaceKey                                          |                       Yes                        | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                         Welcome screen background image                          |                                             InBoxApps/Welcome/CurrentBackgroundPath                                              |                       Yes                        | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Meeting information displayed on the welcome screen                |                                               InBoxApps/Welcome/MeetingInfoOption                                                |                       Yes                        | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                      Friendly name for wireless projection                       |                                                     Properties/FriendlyName                                                      | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                   Device account, including password rotation                    | DeviceAccount/*``* 
             See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). |                        No                        |                       No                        |             Yes             |
+|                               Specify Skype domain                               |                                              InBoxApps/SkypeForBusiness/DomainName                                               |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Auto launch Connect App when projection is initiated               |                                                   InBoxApps/Connect/AutoLaunch                                                   |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                                Set default volume                                |                                                     Properties/DefaultVolume                                                     |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                                Set screen timeout                                |                                                     Properties/ScreenTimeout                                                     |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                               Set session timeout                                |                                                    Properties/SessionTimeout                                                     |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                                Set sleep timeout                                 |                                                     Properties/SleepTimeout                                                      |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                   Allow session to resume after screen is idle                   |                                                  Properties/AllowSessionResume                                                   |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|             Allow device account to be used for proxy authentication             |                                                  Properties/AllowAutoProxyAuth                                                   |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+| Disable auto-populating the sign-in dialog with invitees from scheduled meetings |                                               Properties/DisableSignInSuggestions                                                |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|              Disable "My meetings and files" feature in Start menu               |                                              Properties/DoNotShowMyMeetingsAndFiles                                              |                    Yes 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                     Set the LanProfile for 802.1x Wired Auth                     |                                                         Dot3/LanProfile                                                          | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                    Set the EapUserData for 802.1x Wired Auth                     |                                                         Dot3/EapUserData                                                         | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 ### Supported Windows 10 settings
@@ -89,66 +93,73 @@ In addition to Surface Hub-specific settings, there are numerous settings common
 The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
 
 #### Security settings
-| Setting  | Details  | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. 
              |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. 
              |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. 
              |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. 
             . |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. 
              |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+
+|      Setting       |                                            Details                                             |                                                                          CSP reference                                                                           |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+|  Allow Bluetooth   |                      Keep this enabled to support Bluetooth peripherals.                       |                   [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth)                   |                    Yes. 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. |                     Bluetooth/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)                      |                    Yes. 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|    Allow camera    |                           Keep this enabled for Skype for Business.                            |                            [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera)                            |                    Yes. 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|   Allow location   |                        Keep this enabled to support apps such as Maps.                         |                          [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation)                          |                   Yes. 
             .                    | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|  Allow telemetry   |                    Keep this enabled to help Microsoft improve Surface Hub.                    |                         [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry)                         |                    Yes. 
                                 | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|  Allow USB Drives  |                     Keep this enabled to support USB drives on Surface Hub                     | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. 
 
 #### Browser settings
 
-| Setting  | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages)  |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow developer tools  | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes 
             [Use a custom policy.](#example-intune) |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|                          Setting                          |                                                                        Details                                                                        |                                                                             CSP reference                                                                              |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+|                         Homepages                         |                                               Use to configure the default homepages in Microsoft Edge.                                               |                                [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages)                                | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                       Allow cookies                       |                    Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session.                     |                             [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies)                             | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                   Allow developer tools                   |                                                   Use to stop users from using F12 Developer Tools.                                                   |                      [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools)                      | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                    Allow Do Not Track                     |                                                          Use to enable Do Not Track headers.                                                          |                          [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack)                          | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                       Allow pop-ups                       |                                                         Use to block pop-up browser windows.                                                          |                              [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups)                              | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                 Allow search suggestions                  |                                                  Use to block search suggestions in the address bar.                                                  |       [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar)       | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|                     Allow SmartScreen                     |                                                       Keep this enabled to turn on SmartScreen.                                                       |                         [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen)                         | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+| Prevent ignoring SmartScreen Filter warnings for websites |     For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites.     |         [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride)         | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|  Prevent ignoring SmartScreen Filter warnings for files   | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Windows Update settings
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML*? |
-| --- | --- | --- |---- | --- | --- |
-| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) |  Yes 
             [Use a custom policy.](#example-intune)  | Yes.
             [Use a custom setting.](#example-sccm) | Yes|
-| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|                      Setting                      |                                                                                                           Details                                                                                                            |                                                                    CSP reference                                                                    |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Use Current Branch or Current Branch for Business |                                                       Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                                       |            [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel)             | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Defer feature updates               |                                                                                                          See above.                                                                                                          | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Defer quality updates               |                                                                                                          See above.                                                                                                          | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays)  | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Pause feature updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates)              | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Pause quality updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates)              | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|           Configure device to use WSUS            |                                            Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                             |                [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl)                 | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|               Delivery optimization               | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. |         DeliveryOptimization/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)          | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Windows Defender settings
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
+|      Setting      |                                              Details                                               |                                                     CSP reference                                                      |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Defender policies |            Use to configure various Defender settings, including a scheduled scan time.            | Defender/*``* 
             See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+|  Defender status  | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. |                   [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx)                    |                       No.                        |                       No.                       |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Remote reboot
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
-| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
-| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|                       Setting                        |                                                          Details                                                          |                                                             CSP reference                                                             |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+|            Reboot the device immediately             | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). |        ./Vendor/MSFT/Reboot/RebootNow 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx)        |                       Yes                        |                       No                        |             Yes             |
+|    Reboot the device at a scheduled date and time    |                                                        See above.                                                         |     ./Vendor/MSFT/Reboot/Schedule/Single 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx)     | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+| Reboot the device daily at a scheduled date and time |                                                        See above.                                                         | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent 
             See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Install certificates
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. |  [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. 
             See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. 
             See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes |
+|             Setting             |                           Details                            |                                           CSP reference                                            |                                                         Supported with
            Intune?                                                          |                                                                  Supported with
            Configuration Manager?                                                                  | Supported with
            SyncML\*? |
+|---------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
+| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. 
             See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. 
             See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). |             Yes             |
+
 
@@ -156,32 +167,36 @@ The following tables include info on Windows 10 settings that have been validate
 
 #### Collect logs
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML*? |
-| --- | --- | --- |---- | --- | --- |
-| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
+|     Setting      |                      Details                       |                                     CSP reference                                      | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML\*? |
+|------------------|----------------------------------------------------|----------------------------------------------------------------------------------------|---------------------------|------------------------------------------|-----------------------------|
+| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) |            No             |                    No                    |             Yes             |
+
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Set network quality of service (QoS) policy
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML*? |
-| --- | --- | --- |--- | --- | ---- |
-| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|        Setting         |                                                            Details                                                             |                                                    CSP reference                                                     |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Set network proxy
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML*? |
-| --- | ---- | --- |---- | --- | --- |
-| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|      Setting      |                               Details                               |                                                CSP reference                                                 |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 #### Configure Start menu
 
-| Setting | Details | CSP reference | Supported with
            Intune? | Supported with
            Configuration Manager? | Supported with
            SyncML*? |
-| --- | ---- | --- |---- | --- | --- |
-| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes 
             [Use a custom policy.](#example-intune)  |  Yes.
             [Use a custom setting.](#example-sccm) | Yes |
+|       Setting        |                                                                       Details                                                                        |                                                        CSP reference                                                         |            Supported with
            Intune?             |    Supported with
            Configuration Manager?     | Supported with
            SyncML\*? |
+|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes 
             [Use a custom policy.](#example-intune) | Yes.
             [Use a custom setting.](#example-sccm) |             Yes             |
+
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 ### Generate OMA URIs for settings 
@@ -256,9 +271,9 @@ For more information, see [Create configuration items for Windows 8.1 and Window
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md
index ac7d714624..a5d76ff156 100644
--- a/devices/surface-hub/manage-surface-hub-settings.md
+++ b/devices/surface-hub/manage-surface-hub-settings.md
@@ -4,10 +4,12 @@ description: This section lists topics for managing Surface Hub settings.
 keywords: Surface Hub accessibility settings, device account, device reset, windows updates, wireless network management
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md
index 3761627ee5..fcd75f6dfd 100644
--- a/devices/surface-hub/manage-surface-hub.md
+++ b/devices/surface-hub/manage-surface-hub.md
@@ -2,11 +2,13 @@
 title: Manage Microsoft Surface Hub
 description: How to manage your Surface Hub after finishing the first-run program.
 ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
+ms.reviewer: 
+manager: dansimp
 keywords: manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/17/2018
 ms.localizationpriority: medium
@@ -45,4 +47,4 @@ Learn about managing and updating Surface Hub.
 
 ## Related topics
 
-- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/)
\ No newline at end of file
+- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/)
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 625ba99f34..9592956238 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Windows updates (Surface Hub)
 description: You can manage Windows updates on your Microsoft Surface Hub by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS).
 ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045
+ms.reviewer: 
+manager: dansimp
 keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/03/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md
index 7b6737d1ac..e6875a375d 100644
--- a/devices/surface-hub/miracast-over-infrastructure.md
+++ b/devices/surface-hub/miracast-over-infrastructure.md
@@ -3,10 +3,12 @@ title: Miracast on existing wireless network or LAN
 description: Windows 10 enables you to send a Miracast stream over a local network.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 08/03/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md
index 6f3bdf62ec..ea5e25e1b7 100644
--- a/devices/surface-hub/miracast-troubleshooting.md
+++ b/devices/surface-hub/miracast-troubleshooting.md
@@ -3,10 +3,12 @@ title: Troubleshoot Miracast on Surface Hub
 description: Learn how to resolve issues with Miracast on Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index a210f9834d..cb09128a97 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -2,11 +2,13 @@
 title: Monitor your Microsoft Surface Hub
 description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
 ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942
+ms.reviewer: 
+manager: dansimp
 keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 46877db4de..5bea64a216 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: On-premises deployment single forest (Surface Hub)
 description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
 ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
+ms.reviewer: 
+manager: dansimp
 keywords: single forest deployment, on prem deployment, device account, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.date: 08/28/2018
 ms.localizationpriority: medium
 ---
@@ -18,94 +20,94 @@ This topic explains how you add a device account for your Microsoft Surface Hub
 
 If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
 
-1.  Start a remote PowerShell session from a PC and connect to Exchange.
+1. Start a remote PowerShell session from a PC and connect to Exchange.
 
-    Be sure you have the right permissions set to run the associated cmdlets.
+   Be sure you have the right permissions set to run the associated cmdlets.
 
-    Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
-
-    ```PowerShell
-    Set-ExecutionPolicy Unrestricted
-    $org='contoso.microsoft.com'
-    $cred=Get-Credential $admin@$org
-    $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
-    $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
-    Import-PSSession $sessExchange
-    Import-PSSession $sessLync
-    ```
-
-2.  After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
-
-    If you're changing an existing resource mailbox:
-
-    ```PowerShell
-    Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
-    ```
-
-    If you’re creating a new resource mailbox:
-
-    ```PowerShell
-    New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
-    ```
-
-3.  After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
-
-    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
-
-    If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
-
-    ```PowerShell
-    $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
-    ```
-
-    Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
-
-    ```PowerShell
-    Set-Mailbox $acctUpn -Type Regular
-    Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
-    Set-Mailbox $acctUpn -Type Room
-    Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
-    ```
-
-4.  Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
-
-    ```PowerShell
-    Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
-    Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
-    ```
-
-5.  If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
-
-    ```PowerShell
-    Set-AdUser $acctUpn -PasswordNeverExpires $true
-    ```
-
-6.  Enable the account in Active Directory so it will authenticate to the Surface Hub.
-
-    ```PowerShell
-    Set-AdUser $acctUpn -Enabled $true
-    ```
-
-7.  Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
-
-    ```PowerShell
-    Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
-     -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
-     -Identity HUB01
-    ```
-
-    You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
-
-8.  OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
+   Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
 
    ```PowerShell
-    Set-CsMeetingRoom  -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555"  -EnterpriseVoiceEnabled $true
-    ```
+   Set-ExecutionPolicy Unrestricted
+   $org='contoso.microsoft.com'
+   $cred=Get-Credential $admin@$org
+   $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
+   $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
+   Import-PSSession $sessExchange
+   Import-PSSession $sessLync
+   ```
 
-    Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
+2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+
+   If you're changing an existing resource mailbox:
+
+   ```PowerShell
+   Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
+   ```
+
+   If you’re creating a new resource mailbox:
+
+   ```PowerShell
+   New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
+   ```
+
+3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+
+   Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+
+   If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+
+   ```PowerShell
+   $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+   ```
+
+   Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+
+   ```PowerShell
+   Set-Mailbox $acctUpn -Type Regular
+   Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
+   Set-Mailbox $acctUpn -Type Room
+   Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+   ```
+
+4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+
+   ```PowerShell
+   Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+   Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+   ```
+
+5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
+
+   ```PowerShell
+   Set-AdUser $acctUpn -PasswordNeverExpires $true
+   ```
+
+6. Enable the account in Active Directory so it will authenticate to the Surface Hub.
+
+   ```PowerShell
+   Set-AdUser $acctUpn -Enabled $true
+   ```
+
+7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
+
+   ```PowerShell
+   Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
+    -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
+    -Identity HUB01
+   ```
+
+   You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
+
+8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
+
+   ```PowerShell
+   Set-CsMeetingRoom  -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555"  -EnterpriseVoiceEnabled $true
+   ```
+
+   Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
     
 
- ## Disable anonymous email and IM
+ ## Disable anonymous email and IM
 
 
 
@@ -141,7 +143,7 @@ To change the policy entry:
 ```
 $policyEntry =  New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true
 $clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry}
-```	
+``` 
 	
 To remove the policy entry:
 
@@ -150,7 +152,7 @@ $policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -va
 $clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry}
 ```
 
- 
+ 
 
 
 
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
index cae7e9639e..e3754d3e15 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
@@ -4,9 +4,11 @@ description: This topic explains how you add a device account for your Microsoft
 keywords: multi forest deployment, on prem deployment, device account, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.date: 08/28/2018
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index d5c567a57f..df1bf821b4 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: Online deployment with Office 365 (Surface Hub)
 description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
 ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1
+ms.reviewer: 
+manager: dansimp
 keywords: device account for Surface Hub, online deployment
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 02/21/2018
 ms.localizationpriority: medium
@@ -19,129 +21,129 @@ This topic has instructions for adding a device account for your Microsoft Surfa
 
 If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts. 
 
-1.  Start a remote PowerShell session on a PC and connect to Exchange.
+1. Start a remote PowerShell session on a PC and connect to Exchange.
 
-    Be sure you have the right permissions set to run the associated cmdlets.
+   Be sure you have the right permissions set to run the associated cmdlets.
 
-    ```PowerShell
-    Set-ExecutionPolicy RemoteSigned
-    $org='contoso.microsoft.com'
-    $cred=Get-Credential admin@$org
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
-    Import-PSSession $sess
-    ```
+   ```PowerShell
+   Set-ExecutionPolicy RemoteSigned
+   $org='contoso.microsoft.com'
+   $cred=Get-Credential admin@$org
+   $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+   Import-PSSession $sess
+   ```
 
-2.  After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
 
-    If you're changing an existing resource mailbox:
+   If you're changing an existing resource mailbox:
 
-    ```PowerShell
-    Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
-    ```
+   ```PowerShell
+   Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
+   ```
 
-    If you’re creating a new resource mailbox:
+   If you’re creating a new resource mailbox:
 
-    ```PowerShell
-    New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
-    ```
+   ```PowerShell
+   New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
+   ```
 
-3.  After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
 
-    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+   Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
 
-    If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+   If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```PowerShell
-    $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
-    ```
+   ```PowerShell
+   $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
+   ```
 
-    Once you have a compatible policy, then you will need to apply the policy to the device account.
+   Once you have a compatible policy, then you will need to apply the policy to the device account.
 
-    ```PowerShell
-    Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
-    ```
+   ```PowerShell
+   Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
+   ```
 
-4.  Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```PowerShell
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
-    Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
-    ```
+   ```PowerShell
+   Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+   Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+   ```
 
-5.  Connect to Azure AD.
+5. Connect to Azure AD.
     
-    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+   You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
     
-    ```PowerShell
-    Install-Module -Name AzureAD
-    ```
-    You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+   ```PowerShell
+   Install-Module -Name AzureAD
+   ```
+   You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
-    ```PowerShell
-    Import-Module AzureAD
-    Connect-AzureAD -Credential $cred
-    ```
+   ```PowerShell
+   Import-Module AzureAD
+   Connect-AzureAD -Credential $cred
+   ```
 
-6.  If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
+6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
 
-    ```PowerShell
-    Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
-    ```
+   ```PowerShell
+   Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
+   ```
 
-7.  Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
+7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
    
-    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+   Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+   Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```PowerShell
-    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+   ```PowerShell
+   Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
 	
-	Get-AzureADSubscribedSku | Select Sku*,*Units
-	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
-    $License.SkuId = SkuId You selected 
+   Get-AzureADSubscribedSku | Select Sku*,*Units
+   $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+   $License.SkuId = SkuId You selected 
 	
-	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
-    $AssignedLicenses.AddLicenses = $License
-    $AssignedLicenses.RemoveLicenses = @()
+   $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+   $AssignedLicenses.AddLicenses = $License
+   $AssignedLicenses.RemoveLicenses = @()
 	
-    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
-    ```
+   Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
+   ```
 
-8.  Enable the device account with Skype for Business.
-	If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). 
+8. Enable the device account with Skype for Business.
+   If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). 
 
-    -   Start by creating a remote PowerShell session from a PC.
+   - Start by creating a remote PowerShell session from a PC.
 
-        ```PowerShell
-        Import-Module SkypeOnlineConnector  
-        $cssess=New-CsOnlineSession -Credential $cred  
-        Import-PSSession $cssess -AllowClobber
-        ```
+     ```PowerShell
+     Import-Module SkypeOnlineConnector  
+     $cssess=New-CsOnlineSession -Credential $cred  
+     Import-PSSession $cssess -AllowClobber
+     ```
 
-   - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
+   - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, alice@contoso.com):
 
-        ```PowerShell
-        (Get-CsTenant).TenantPoolExtension
-        ```
-        OR by setting a variable
+       ```PowerShell
+       (Get-CsTenant).TenantPoolExtension
+       ```
+       OR by setting a variable
         
-        ```PowerShell
-		$strRegistrarPool = (Get-CsTenant).TenantPoolExtension
-		$strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
-        ```
+       ```PowerShell
+       $strRegistrarPool = (Get-CsTenant).TenantPoolExtension
+       $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
+       ```
         
-    - Enable the Surface Hub account with the following cmdlet:
+   - Enable the Surface Hub account with the following cmdlet:
       
-        ```PowerShell
-        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
-        ```
+       ```PowerShell
+       Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
+       ```
         
-        OR using the $strRegistarPool variable from above
+       OR using the $strRegistarPool variable from above
         
-        ```PowerShell
-        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
-        ```
+       ```PowerShell
+       Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
+       ```
 
 For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
 
diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
index be86720a3a..283520ee40 100644
--- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
 title: Password management (Surface Hub)
 description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device.
 ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8
+ms.reviewer: 
+manager: dansimp
 keywords: password, password management, password rotation, device account
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md
index 9c22a5b744..32a8f0f5ff 100644
--- a/devices/surface-hub/physically-install-your-surface-hub-device.md
+++ b/devices/surface-hub/physically-install-your-surface-hub-device.md
@@ -2,11 +2,13 @@
 title: Physically install Microsoft Surface Hub
 description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation.
 ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554
+ms.reviewer: 
+manager: dansimp
 keywords: Surface Hub, readiness guide, installation location, mounting options
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index 6f1deba6b9..f9377b503f 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Prepare your environment for Microsoft Surface Hub
 description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub.
 ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9
+ms.reviewer: 
+manager: dansimp
 keywords: prepare environment, features of Surface Hub, create and test device account, check network availability
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 12/04/2017
 ms.localizationpriority: medium
@@ -100,15 +102,15 @@ When you go through the first-run program for your Surface Hub, there's some inf
 
 
 
-
            [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
            
+
            Create and test a device account
            
 
            This topic introduces how to create and test the device account that Surface Hub uses to communicate with and Skype.
            
 
 
-
            [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md)
            
+
            Create provisioning packages
            
 
            For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning.
            
 
 
-
            [Admin group management](admin-group-management-for-surface-hub.md)
            
+
            Admin group management
            
 
            Every Surface Hub can be configured individually by opening the Settings app on the device. However, to prevent people who are not administrators from changing the settings, the Settings app requires administrator credentials to open the app and change settings.
            
 
            The Settings app requires local administrator credentials to open the app.
            
 
@@ -121,9 +123,9 @@ When you go through the first-run program for your Surface Hub, there's some inf
 - [Blog post: Surface Hub in a Multi-Domain Environment](https://blogs.technet.microsoft.com/y0av/2017/11/08/11/)
 - [Blog post: Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md
index 5698f985b0..2f47ffd5f8 100644
--- a/devices/surface-hub/provisioning-packages-for-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Create provisioning packages (Surface Hub)
 description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages. 
 ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345
+ms.reviewer: 
+manager: dansimp
 keywords: add certificate, provisioning package
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 03/16/2019
 ms.localizationpriority: medium
@@ -70,11 +72,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
 ### Create the provisioning package 
 
 1. Open Windows Configuration Designer:
-    - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
+   - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
     
-    or
+     or
     
-    - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
 
 2. Click **Provision Surface Hub devices**.
 
@@ -83,13 +85,13 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
 ### Configure settings
 
 
- 
-
-
-
-
-
-
+ 
+
+
+
+
+
+
            ![step one](images/one.png) ![add certificates](images/add-certificates.png)

            To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.            		![add a certificate](images/add-certificates-details.png)
            ![step two](images/two.png)  ![configure proxy settings](images/proxy.png)

            Toggle **Yes** or **No** for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select **No** if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting **Yes** and **Automatically detect settings**. 

            If you toggle **Yes**, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server).              		![configure proxy settings](images/proxy-details.png)
            ![step three](images/three.png)  ![device admins](images/set-up-device-admins.png)

            You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.

            To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.

            Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

            To create a local administrator account, select that option and enter a user name and password. 

            **Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.              		![join Active Directory, Azure AD, or create a local admin account](images/set-up-device-admins-details.png)
            ![step four](images/four.png) ![enroll in device management](images/enroll-mdm.png)

            Toggle **Yes** or **No** for enrollment in MDM. 

            If you toggle **Yes**, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. [Learn more about managing Surface Hub with MDM.](manage-settings-with-mdm-for-surface-hub.md)            		![enroll in mobile device management](images/enroll-mdm-details.png)
            ![step five](images/five.png) ![add applications](images/add-applications.png)

            You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps). 

            **Important:** Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail.             		![add an application](images/add-applications-details.png)
            ![step six](images/six.png)  ![Add configuration file](images/add-config-file.png)

            You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See [Sample configuration file](#sample-configuration-file) for an example.

            **Important:** The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703.              		![Add a Surface Hub configuration file](images/add-config-file-details.png)
              ![finish](images/finish.png)

            You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.            		![Protect your package](images/finish-details.png)
            step one add certificates

            To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.            		add a certificate
            step two  configure proxy settings

            Toggle Yes or No for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select No if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting Yes and Automatically detect settings. 

            If you toggle Yes, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server).              		configure proxy settings
            step three  device admins

            You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.

            To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.

            Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

            To create a local administrator account, select that option and enter a user name and password. 

            Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.              		join Active Directory, Azure AD, or create a local admin account
            step four enroll in device management

            Toggle Yes or No for enrollment in MDM. 

            If you toggle Yes, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. Learn more about managing Surface Hub with MDM.            		enroll in mobile device management
            step five add applications

            You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see Provision PCs with apps. 

            Important: Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail.             		add an application
            step six  Add configuration file

            You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See Sample configuration file for an example.

            Important: The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703.              		Add a Surface Hub configuration file
              finish

            You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.            		Protect your package
            
 
            
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
@@ -139,11 +141,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
 ### Create the provisioning package (advanced)
 
 1. Open Windows Configuration Designer:
-    - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
+   - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
     
-    or
+     or
     
-    - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
 
 2. Click **Advanced provisioning**.
    
diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md
index 5038e225b5..9d435f4650 100644
--- a/devices/surface-hub/remote-surface-hub-management.md
+++ b/devices/surface-hub/remote-surface-hub-management.md
@@ -4,10 +4,12 @@ description: This section lists topics for managing Surface Hub.
 keywords: remote management, MDM, install apps, monitor Surface Hub, Operations Management Suite, OMS
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md
index 3a013dd827..69b0a020b2 100644
--- a/devices/surface-hub/save-bitlocker-key-surface-hub.md
+++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md
@@ -2,11 +2,13 @@
 title: Save your BitLocker key (Surface Hub)
 description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.
 ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2
+ms.reviewer: 
+manager: dansimp
 keywords: Surface Hub, BitLocker, Bitlocker recovery keys
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md
index 80178e7c22..d329156bb0 100644
--- a/devices/surface-hub/set-up-your-surface-hub.md
+++ b/devices/surface-hub/set-up-your-surface-hub.md
@@ -2,11 +2,13 @@
 title: Set up Microsoft Surface Hub
 description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.
 ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221
+ms.reviewer: 
+manager: dansimp
 keywords: set up instructions, Surface Hub, setup worksheet, first-run program
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -35,21 +37,21 @@ Before you turn on your Microsoft Surface Hub for the first time, make sure you'
 
 
 
-
            [Setup worksheet](setup-worksheet-surface-hub.md)
            
-
            When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.
            
+
            Setup worksheet
            
+
            When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.
            
 
 
-
            [First-run program](first-run-program-surface-hub.md)
            
-
            The term "first run" refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process.
            
+
            First-run program
            
+
            The term "first run" refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process.
            
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md
index f66fce4ef7..54624e80a0 100644
--- a/devices/surface-hub/setup-worksheet-surface-hub.md
+++ b/devices/surface-hub/setup-worksheet-surface-hub.md
@@ -2,11 +2,13 @@
 title: Setup worksheet (Surface Hub)
 description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section.
 ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB
+ms.reviewer: 
+manager: dansimp
 keywords: Setup worksheet, pre-setup, first-time setup
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md
index 5537a823c7..53922be017 100644
--- a/devices/surface-hub/skype-hybrid-voice.md
+++ b/devices/surface-hub/skype-hybrid-voice.md
@@ -4,10 +4,12 @@ description: This topic explains how to enable Skype for Business Cloud PBX with
 keywords: hybrid deployment, Skype Hybrid Voice 
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
@@ -20,63 +22,63 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option
 >[!WARNING]
 >If you create an account before configuration of Hybrid voice (you run Enable-CSMeetingRoom command), you will not be able to configure required hybrid voice parameters. In order to configure hybrid voice parameters for a previously configured account or to reconfigure a phone number, delete the E5 or E3  + Cloud PBX add-on license, and then follow the steps below, starting at step 3.
 
-1. Create a new user account for Surface Hub. This example uses **surfacehub2@adatum.com**. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud. 
+1. Create a new user account for Surface Hub. This example uses surfacehub2@adatum.com. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud. 
 
     ![new object user](images/new-user-hybrid-voice.png)
 
-2.	Select **Password Never Expires**. This is important for a Surface Hub device.
+2. Select **Password Never Expires**. This is important for a Surface Hub device.
 
-    ![Password never expires](images/new-user-password-hybrid-voice.png)
+   ![Password never expires](images/new-user-password-hybrid-voice.png)
 
-3.	In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
+3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
 
-    ![Add product license](images/product-license-hybrid-voice.png)
+   ![Add product license](images/product-license-hybrid-voice.png)
 
-4.	Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
+4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
 
-5.	After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
+5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
 
-    ```
-    Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
-    ```
+   ```
+   Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
+   ```
     
-6.	Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
+6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
 
-7.	Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
+7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
 
-    ```
-    Set-ExecutionPolicy Unrestricted
-    $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
-    Import-PSSession $sess
-    ```
+   ```
+   Set-ExecutionPolicy Unrestricted
+   $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+   $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+   Import-PSSession $sess
+   ```
     
-8.	After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
+8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
 
-    ```
-    Set-Mailbox surfacehub2@adatum.com -Type Room
-    Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
-    ```
+   ```
+   Set-Mailbox surfacehub2@adatum.com -Type Room
+   Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String  -AsPlainText -Force)
+   ```
     
-9.	After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
 
-    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+   Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
     
-    If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts.
+   If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts.
 
-    ```
-    $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
-    ```
+   ```
+   $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
+   ```
     
-    After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
+   After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
     
-    ```
-    Set-Mailbox surfacehub2@adatum.com -Type Regular
-    Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
-    Set-Mailbox surfacehub2@adatum.com -Type Room
-    $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
-    Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
-    ```
+   ```
+   Set-Mailbox surfacehub2@adatum.com -Type Regular
+   Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
+   Set-Mailbox surfacehub2@adatum.com -Type Room
+   $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
+   Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+   ```
     
 10.	Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.
 
@@ -103,4 +105,4 @@ At this moment the room account is fully configured, including Hybrid Voice. If
 In the following image, you can see how the device appears to users.
 
 
-![](images/select-room-hybrid-voice.png)
\ No newline at end of file
+![](images/select-room-hybrid-voice.png)
diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md
index 66d4455737..81eba249eb 100644
--- a/devices/surface-hub/support-solutions-surface-hub.md
+++ b/devices/surface-hub/support-solutions-surface-hub.md
@@ -2,11 +2,13 @@
 title: Top support solutions for Microsoft Surface Hub
 description: Find top solutions for common issues using Surface Hub.
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer: 
+manager: dansimp
 keywords: Troubleshoot common problems, setup issues
 ms.prod: surface-hub
 ms.sitesec: library
-author: kaushika-msft
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 10/24/2017
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
new file mode 100644
index 0000000000..1ec6740c76
--- /dev/null
+++ b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
@@ -0,0 +1,42 @@
+---
+title: Surface Hub may install updates and restart outside maintenance hours
+description: troubleshooting information for Surface Hub regarding automatic updates
+ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
+ms.reviewer: 
+manager: 
+keywords: surface hub, maintenance window, update
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub may install updates and restart outside maintenance hours
+
+Under specific circumstances, Surface Hub installs updates during business hours instead of during the regular maintenance window. The device then restarts if it is necessary. You cannot use the device until the process is completed.
+
+> [!NOTE]  
+> This isn't expected behavior for missing a maintenance window. It occurs only if the device is out-of-date for a long time.
+
+## Cause
+To ensure that Surface Hub remains available for use during business hours, the Hub is configured to perform administrative functions during a maintenance window that is defined in Settings (see "References," below). During this maintenance period, the Hub automatically installs any available updates through Windows Update or Windows Server Update Service (WSUS). Once updates are complete, the Hub may restart.
+
+Updates can be installed during the maintenance window only if the Surface Hub is turned on but not in use or reserved. For example, if the Surface Hub is scheduled for a meeting that lasts 24 hours, any updates that are scheduled to be installed will be deferred until the Hub is available during the next maintenance window. If the Hub continues to be busy and misses multiple maintenance windows, the Hub will eventually begin to install and download updates. This can occur during or outside the maintenance window. Once the download and installation has begun, the device may restart.
+
+## To avoid this issue
+
+It's important that you set aside maintenance time for Surface Hub to perform administrative functions. Reserving the Surface Hub for 24 hour intervals or using the device during the maintenance window delays installing updates. We recommend that you not use or reserve the Hub during scheduled maintenance period. A two-hour window should be reserved for updating.
+
+One option that you can use to control the availability of updates is Windows Server Update Service (WSUS). WSUS provides control over what updates are installed and when.
+
+## References 
+ 
+[Update the Surface Hub](first-run-program-surface-hub.md#update-the-surface-hub) 
+
+[Maintenance window](manage-windows-updates-for-surface-hub.md#maintenance-window) 
+
+[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](/windows/deployment/update/waas-manage-updates-wsus) 
+
+
diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md
index a068fe1fab..d85c5765d3 100644
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@@ -3,10 +3,12 @@ title: Sign in to Surface Hub with Microsoft Authenticator
 description: Use Microsoft Authenticator on your mobile device to sign in to Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 08/28/2017
+ms.reviewer: 
+manager: dansimp
 localizationpriority: medium
 ---
 
@@ -27,7 +29,7 @@ To let people in your organization sign in to Surface Hub with their phones and
 
     ![multi-factor authentication options](images/mfa-options.png)
 
-- Enable content hosting on Azure AD services such as Office online, SharePoint, etc. 
+- Enable content hosting on Azure AD services such as Office, SharePoint, etc. 
 
 - Surface Hub must be running Windows 10, version 1703 or later.
 
diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md
index fd4d2c9332..8f92a6b3a0 100644
--- a/devices/surface-hub/surface-hub-downloads.md
+++ b/devices/surface-hub/surface-hub-downloads.md
@@ -3,10 +3,12 @@ title: Useful downloads for Microsoft Surface Hub
 description: Downloads related to the Microsoft Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 08/22/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md
index 39463f0d49..589cfcfcdf 100644
--- a/devices/surface-hub/surface-hub-qos.md
+++ b/devices/surface-hub/surface-hub-qos.md
@@ -1,10 +1,12 @@
 ---
 title: Implement Quality of Service on Surface Hub   
+ms.reviewer: 
+manager: dansimp
 description: Learn how to configure QoS on Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md
index 866a2de12f..f1f6a52a05 100644
--- a/devices/surface-hub/surface-hub-recovery-tool.md
+++ b/devices/surface-hub/surface-hub-recovery-tool.md
@@ -2,11 +2,13 @@
 title: Using the Surface Hub Recovery Tool
 description: How to use the Surface Hub Recovery Tool to re-image the SSD.
 ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
+ms.reviewer: 
+manager: dansimp
 keywords: manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 05/22/2018
 ms.localizationpriority: medium
@@ -76,7 +78,9 @@ Install Surface Hub Recovery Tool on the host PC.
 5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows.  The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue.  For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md).
 
 
-    ![Connect SSD](images/shrt-drive.png)
+~~~
+![Connect SSD](images/shrt-drive.png)
+~~~
 
 6. When the drive is recognized, click **Start** to begin the re-imaging process. On the warning that all data on the drive will be erased, click **OK**.
 
@@ -92,7 +96,7 @@ Install Surface Hub Recovery Tool on the host PC.
 
 Issue | Notes
 --- | ---
-The tool fails to image the SSD	| Make sure you are using a factory-supplied SSD and one of the tested cables.
+The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables.
 The reimaging process appears halted/frozen | It is safe to close and restart the Surface Hub Recovery Tool with no ill effect to the SSD.
 The drive isn’t recognized by the tool | Verify that the Surface Hub SSD is enumerated as a Lite-On drive, "LITEON L CH-128V2S USB Device".  If the drive is recognized as another named device, your current cable isn’t compatible. Try another cable or one of the tested cable listed above.
 Error: -2147024809 | Open Disk Manager and remove the partitions on the Surface Hub drive.  Disconnect and reconnect the drive to the host machine. Restart the imaging tool again.
diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md
index 2d6c5d82de..f865f7d7a6 100644
--- a/devices/surface-hub/surface-hub-site-readiness-guide.md
+++ b/devices/surface-hub/surface-hub-site-readiness-guide.md
@@ -1,10 +1,12 @@
 ---
 title: Surface Hub Site Readiness Guide  
+ms.reviewer: 
+manager: dansimp
 description: Use this Site Readiness Guide to help plan your Surface Hub installation. 
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.localizationpriority: medium
 ---
@@ -95,6 +97,10 @@ There are three ways to mount your Surface Hub:
 - **Floor support mount**: Supports Surface Hub on the floor while it is permanently anchored to a conference space wall.
 - **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see http://www.microsoft.com/surface/support/surface-hub.
 
+For specifications on available mounts for the original Surfae Hub, see the following:
+
+- [Surface Hub Mounts and Stands Datasheet](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
+- [Surface Hub Stand and Wall Mount Specifications](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
 
 ## The Connect experience
 
@@ -129,7 +135,7 @@ For details on Touchback and Inkback, see the user guide at http://www.microsoft
 
 ## See also
 
-[Watch the video (opens in a pop-up media player)][http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)  
+[Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)  
 
 
 
diff --git a/devices/surface-hub/surface-hub-ssd-replacement.md b/devices/surface-hub/surface-hub-ssd-replacement.md
index 277ceef816..363f1e6e81 100644
--- a/devices/surface-hub/surface-hub-ssd-replacement.md
+++ b/devices/surface-hub/surface-hub-ssd-replacement.md
@@ -1,10 +1,12 @@
 ---
 title: Surface Hub SSD replacement
+ms.reviewer: 
+manager: dansimp
 description: Learn how to replace the solid state drive in a Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md
index dbd5b02e92..9ddfa628e6 100644
--- a/devices/surface-hub/surface-hub-start-menu.md
+++ b/devices/surface-hub/surface-hub-start-menu.md
@@ -3,10 +3,12 @@ title: Configure Surface Hub Start menu
 description: Use MDM to customize the Start menu on Surface Hub. 
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 01/17/2018
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
@@ -100,7 +102,6 @@ There are a few key differences between Start menu customization for Surface Hub
     
   
 
-
 ```
 
 
@@ -177,7 +178,6 @@ This example shows a link to a website and a link to a .pdf file.
     
   
 
-
 ```
 
 >[!NOTE]
diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md
index bfcca2c16f..8b10f58716 100644
--- a/devices/surface-hub/surface-hub-technical-55.md
+++ b/devices/surface-hub/surface-hub-technical-55.md
@@ -1,10 +1,12 @@
 ---
 title: Technical information for 55" Surface Hub   
+ms.reviewer: 
+manager: dansimp
 description: Specifications for the 55" Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md
index b4c17e178c..4c87d4ed53 100644
--- a/devices/surface-hub/surface-hub-technical-84.md
+++ b/devices/surface-hub/surface-hub-technical-84.md
@@ -1,10 +1,12 @@
 ---
 title: Technical information for 84" Surface Hub  
+ms.reviewer: 
+manager: dansimp
 description: Specifications for the 84" Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.localizationpriority: medium
 ---
diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md
new file mode 100644
index 0000000000..881dfa5e4b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-update-history.md
@@ -0,0 +1,487 @@
+---
+title: Surface Hub update history
+description: Surface Hub update history
+ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
+ms.reviewer:
+manager:
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub update history
+
+Windows 10 was designed to be a service, which means it automatically gets better through periodic software updates. The great news is that you usually don’t have to do anything to get the latest Windows 10 updates—they'll download and install whenever they’re available.
+
+Most Windows updates focus on performance and security improvements to keep you going 24/7.
+
+One thing we’re hearing from you is that you want to know more about what's in our Windows 10 updates, so we're providing more details on this page. In the list below, the most recent Windows update is listed first. Installing the most recent update ensures that you also get any previous updates you might have missed, including security updates. Microsoft Store apps are updated through the Microsoft Store (managed by the Surface Hub's system administrator). Details about app updates are provided on a per-app basis.
+We'll be refreshing this page as new updates are released, so stay tuned for the latest info. And thank you for helping us learn and get better with each update!
+
+Please refer to the “[Surface Hub Important Information](https://support.microsoft.com/products/surface-devices/surface-hub)” page for related topics on current and past releases that may require your attention.
+
+## Windows 10 Team Creators Update 1703
+
+
            
+May 28, 2019—update for Team edition based on KB4499162*  (OS Build 15063.1835)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Ensures that Surface Hub users aren't prompted to enter proxy credentials after the "Use device account credentials" feature has been enabled.
+* Resolves an issue where Skype connections fail periodically because audio/video isn't using the correct proxy.
+* Adds support for TLS 1.2 in Skype for Business.
+* Resolves a SIP connection failure in the Skype client when the Skype server has TLS 1.0 or TLS 1.1 disabled.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4499162](https://support.microsoft.com/help/4499162)
+
            
+
+
            
+April 25, 2019—update for Team edition based on KB4493436*  (OS Build 15063.1784)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves video and audio sync issue with some USB devices that are connected to the Surface Hub.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4493436](https://support.microsoft.com/help/4493436)
+
            
+
+
            
+November 27, 2018—update for Team edition based on KB4467699*  (OS Build 15063.1478)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Addresses an issue that prevents some users from Signing-In to “My Meetings and Files.”
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KBKB4467699](https://support.microsoft.com/help/KB4467699)
+
            
+
+
            
+October 18, 2018 —update for Team edition based on KB4462939*  (OS Build 15063.1418)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business fixes: 
+  * Resolves Skype for Business connection issue when resuming from sleep
+  * Resolves Skype for Business network connection issue, when device is connected to Internet
+  * Resolves Skype for Business crash when searching for users from directory
+* Resolves issue where the Hub mistakenly reports “No Internet connection” in enterprise proxy environments.
+* Implemented a feature allowing customers to op-in to a new Whiteboard experience.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4462939](https://support.microsoft.com/help/4462939)
+
            
+
+
            
+August 31, 2018 —update for Team edition based on KB4343889* (OS Build 15063.1292)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds support for Microsoft Teams
+* Resolves task management issue with Intune registration
+* Enables Administrators to disable Instant Messaging and Email services for the Hub
+* Additional bug fixes and reliability improvements for the Surface Hub Skype for Business App
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4343889](https://support.microsoft.com/help/4343889)
+
            
+
+
            
+June 21, 2018 —update for Team edition based on KB4284830* (OS Build 15063.1182)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Telemetry change in support of GDPR requirements in EMEA
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4284830](https://support.microsoft.com/help/KB4284830)
+
            
+
+
            
+April 17, 2018 —update for Team edition based on KB4093117* (OS Build 15063.1058)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves a wired projection issue
+* Enables bulk update for certain MDM (Mobile Device Management) policies
+* Resolves phone dialer issue with international calls
+* Addresses image resolution issue when 2 Surface Hubs join the same meeting
+* Resolves OMS (Operations Management Suite) certificate handling error
+* Addresses a security issue when cleaning up at the end of a session
+* Addresses Miracast issue, when Surface Hub is specified to channels 149 through 165
+  * Channels 149 through 165 will continue to be unusable in Europe, Japan or Israel due to regional governmental regulations
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4093117](https://support.microsoft.com/help/4093117)
+
            
+
+
            
+February 23, 2018 —update for Team edition based on KB4077528* (OS Build 15063.907)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolved an issue where MDM settings were not being correctly applied
+* Improved Cleanup process
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4077528](https://support.microsoft.com/help/4077528)
+
            
+
+
            
+January 16, 2018 —update for Team edition based on KB4057144* (OS Build 15063.877)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds ability to manage Start Menu tile layout via MDM
+* MDM bug fix on password rotation configuration
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4057144](https://support.microsoft.com/help/4057144)
+
            
+
+
            
+December 12, 2017 —update for Team edition based on KB4053580* (OS Build 15063.786)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves camera video flashes (tearing or flickers) during Skype for Business calls
+* Resolves Notification Center SSD ID issue
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4053580](https://support.microsoft.com/help/4053580)
+
            
+
+
            
+November 14, 2017 —update for Team edition based on KB4048954* (OS Build 15063.726)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Feature update that allows customers to enable 802.1x wired network authentication using MDM policy.
+* A feature update that enables users to dynamically select an application of their choice when opening a file.
+* Fix that ensures that End Session cleanup fully removes all connections between the user’s account and the device.
+* Performance fix that improves cleanup time as well as Miracast connection time.
+* Introduces Easy Authentication utilization during ad-hock meetings.
+* Fix that ensures service components to use the same proxy that is configured across the device.
+* Reduces and more thoroughly secures the telemetry transmitted by the device, reducing bandwidth utilization.
+* Enables a feature allowing users to provide feedback to Microsoft after a meeting concludes.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4048954](https://support.microsoft.com/help/4048954)
+
            
+
+
            
+October 10, 2017 —update for Team edition based on KB4041676* (OS Build 15063.674)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+  * Resolves issue that required a device reboot when resuming from sleep.
+  * Fixes issue where external contacts did not resolve through Skype Online Hub account.
+* PowerPoint
+  * Fixes problem where some PowerPoint presentations would not project on Hub.
+* General
+  * Fix to resolve issue where USB port could not be disabled by System Administrator.
+
+*[KB4041676](https://support.microsoft.com/help/4041676)
+
            
+
+
            
+September 12, 2017 —update for Team edition based on KB4038788* (OS Build 15063.605) 
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Security
+  * Resolves issue with Bitlocker when device wakes from sleep.
+* General
+  * Reduces frequency/amount of device health telemetry, improving system performance.
+  * Fixes issue that prevented device from collecting system logs.
+
+*[KB4038788](https://support.microsoft.com/help/4038788)
+
            
+
+
            
+August 1, 2017 — update for Team edition based on KB4032188* (OS Build 15063.498)
+
+* Skype for Business 
+  * Resolves Skype for Business Sign-In issue, which required retry or system reboot.
+  * Resolves Skype for Business meeting time being incorrectly displayed.
+  * Fixes to improve Surface Hub Skype for Business reliability.
+
+*[KB4032188](https://support.microsoft.com/help/4032188)
+
            
+
+
            
+June 27, 2017 — update for Team edition based on KB4022716* (OS Build 15063.442)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Address NVIDIA driver crashes that may necessitate sleeping 84” Surface Hub to power down, requiring a manual restart.
+* Resolved an issue where some apps fail to launch on an 84” Surface Hub.
+
+*[KB4022716](https://support.microsoft.com/help/4022716)
+
            
+
+
            
+June 13, 2017 — update for Team edition based on KB4022725* (OS Build 15063.413)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+  * Resolved Pen ink dropping issues with pens
+  * Resolved issue causing extended time to “cleanup” meeting
+
+*[KB4022725](https://support.microsoft.com/help/4022725)
+
            
+
+
            
+May 24, 2017 — update for Team edition based on KB4021573* (OS Build 15063.328)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+  * Resolved issue with proxy setting retention during update issue
+
+*[KB4021573](https://support.microsoft.com/help/4021573)
+
            
+
+
            
+May 9, 2017 — update for Team edition based on KB4016871* (OS Build 15063.296)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+  * Addressed sleep/wake cycle issue
+  * Resolved several Reset and Recovery issues
+  * Addressed Update History tab issue
+  * Resolved Miracast service launch issue
+* Apps
+  * Fixed App package update error
+
+*[KB4016871](https://support.microsoft.com/help/4016871)
+
            
+
+
            
+Windows 10 Team Creators Update 1703 for Surface Hub — General Release notes (OS Build 15063.0)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Evolving the large screen experience 
+  * Improved the meeting carousel in Welcome and Start
+  * Join meetings and end the session directly from the Start menu
+  * Apps can utilize more of the screen during a session
+  * Simplified Skype controls
+  * Improved mechanisms for providing feedback
+* Access My Personal Content*
+  * Personal single sign-on from Welcome or Start
+  * Join meetings and end the session directly from the Start menu
+  * Access personal files through OneDrive for Business directly from Start
+  * Pre-populated attendee sign-in
+  * Streamlined authentication flows with “Authenticator” app**
+* Deployment & Manageability 
+  * Simplified OOBE experience through bulk provisioning
+  * Cloud-based device recovery service
+  * Enterprise client certificate support
+  * Improved proxy credential support
+  * Added and /improved Skype Quality of Service (QoS) configuration support
+  * Added ability to set default device volume in Settings
+  * Improved MDM support for Surface Hub [settings](https://docs.microsoft.com/surface-hub/remote-surface-hub-management)
+* Improved Security 
+  * Added ability to restrict USB drives to BitLocker only
+  * Added ability to disable USB ports via MDM
+  * Added ability to disable “Resume session” functionality on timeout
+  * Addition of wired 802.1x support
+* Audio and Projection
+  * Dolby Audio “Human Speaker” enhancements
+  * Reduced “pen tap” sounds when using Pen during Skype for Business calls
+  * Added support for Miracast infrastructure connections
+* Reliability and Performance fixes
+  * Resolved several Reset and Recovery issues
+  * Resolved Surface Hub Exchange authentication issue when utilizing client certificates
+  * Improved Wi-Fi network connection and credentials stability
+  * Fixed Miracast audio popping and sync issues during video playback
+  * Included setting to disable auto connect behavior
+
+*Single sign-in feature requires use of Office365 and OneDrive for Business
+**Refer to Admin Guide for service requirements
+
+
            
+
+## Windows 10 Team Anniversary Update 1607
+
+
            
+March 14th, 2017 — update for Team edition based on KB4013429* (OS Build 14393.953)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+  * Security fix for File Explorer to prevent navigation to restricted file locations
+* Skype for Business
+  * Fix to address latency during Remote Desktop based screen sharing
+
+*[KB4013429](https://support.microsoft.com/help/4013429)
+
            
+
+
            
+January 10th, 2017 — update for Team edition based on KB4000825* (OS Build 14393.693)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabled selection of 106/109 Keyboard Layouts for use with physical Japanese keyboards
+
+*[KB4000825](https://support.microsoft.com/help/4000825)
+
            
+
+
            
+December 13, 2016 — update for Team edition based on KB3206632* (OS Build 14393.576)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves wired connection audio distortion issue
+
+*[KB3206632](https://support.microsoft.com/help/3206632)
+
            
+
+
            
+November 4, 2016 — update for Windows 10 Team Anniversary edition based on KB3200970* (OS Build 14393.447)
+
+This update to the Windows 10 Team Anniversary Update (version 1607) for Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business bug fixes to improve reliability
+
+*[KB3200970](https://support.microsoft.com/help/3200970)
+
            
+
+
            
+October 25, 2016 — update for Team edition based on KB3197954* (OS Build 14393.351)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabling new Sleep feature in OS and Bios to reduce the Surface Hub’s power consumption and improve its long-term reliability
+* General
+  * Resolves scenarios where the on-screen keyboard would sometimes not appear
+  * Resolves Whiteboard application shift that occasionally occurs when opening scheduled meeting
+  * Resolves issue that prevented Admins from changing the local administrator password, after device has been Reset
+  * BIOS change resolving issue with status bar tracking during device Reset
+  * UEFI update to resolve powering down issues
+
+*[KB3197954](https://support.microsoft.com/help/3197954)
+
            
+
+
            
+October 11, 2016 — update for Team edition based on KB3194496* (OS Build 14393.222)
+
+This update brings the Windows 10 Team Anniversary Update to Surface Hub and includes quality improvements and security fixes. (Your device will be running Windows 10 Version 1607 after it's installed.) Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+  * Performance improvements when joining meetings, including issues when joining a meeting using federated accounts
+  * Video Based Screen Sharing (VBSS) support now available on Skype for Business for Surface Hub
+  * Resolved disconnection after 5 minutes of idle time issue
+  * Resolved Skype Hub-to-Hub screen sharing failure
+  * Improvements to Skype video, including:
+    * Loss of video during meeting with multiple video presenters
+    * Video cropping during calls
+    * Outgoing call video not displaying for other participants
+  * Addressed issue with UPN sign in error
+  * Addressed issue with dial pad during use of Session Initiation Protocol (SIP) calls
+* Whiteboard
+  * User can now save and recall Whiteboard sessions using OneDrive online service (via Share functionality)
+  * Improved launching Whiteboard when removing pen from dock
+* Apps
+  * Pre-installed OneDrive app, for access to your personal and work files
+  * Pre-installed Photos app, to view photos and video
+  * Pre-installed PowerBI app, to view dashboards
+  * The Office apps – Word, Excel, PowerPoint – are all ink-enabled
+  * Edge on Surface Hub now supports Flash-based websites
+* General
+  * Enabled Audio Device Selection (for Surface Hubs attached using external audio devices)
+  * Enabled support for HDCP on DisplayPort output connector
+  * System UI changes to settings for usability optimization (refer to [User and Admin Guides](http://www.microsoft.com/surface/support/surface-hub) for additional details)
+  * Bug fixes and performance optimizations to speed up the Azure Active Directory sign-in flow
+  * Significantly improved time needed to reset and restore Surface Hub
+  * Windows Defender UI has been added within settings
+  * Improved UX touch to start
+  * Enabled support for greater than 1080p wireless projection via Miracast, on supported devices
+  * Resolved “There’s no internet connection” and “Appointments may be out of date” false notification states from launch
+  * Improved reliability of on-screen keyboard
+  * Additional support for creating Surface Hub provisioning packages using Windows Imaging & Configuration Designer (ICD) and improved Surface Hub monitoring solution on Operations Management Suite (OMS)
+
+*[KB3194496](https://support.microsoft.com/help/3194496)
+
            
+
+## Updates for Windows 10 Version 1511
+
+
            
+November 4, 2016 — update for Windows 10 Team (version 1511) on KB3198586* (OS Build 10586.679)
+
+This update to the Windows 10 Team edition (version 1511) to Surface Hub includes quality improvements and security fixes that are outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history). There are no Surface Hub specific items in this update.
+
+*[KB3198586](https://support.microsoft.com/help/3198586)
+
            
+
+
            
+July 12, 2016 — KB3172985* (OS Build 10586.494)
+
+This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes specific to the Surface Hub (those not already included in the [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history)), include:
+
+* Fixed issue that caused Windows system crashes
+* Fixed issue that caused repeated Edge crashes
+* Fixed issue causing pre-shutdown service crashes
+* Fixed issue where some app data wasn’t properly removed after a session
+* Updated Broadcom NFC driver to improve NFC performance
+* Updated Marvell Wi-Fi driver to improve Miracast performance
+* Updated Nvidia driver to fix a display bug in which 84" Surface Hub devices show dim or fuzzy content
+* Numerous Skype for Business issues fixed, including: 
+  * Issue that caused Skype for Business to disconnect during meetings
+  * Issue in which users were unable to join meetings when the meeting organizer was on a federated configuration
+  * Enabling Skype for Business application sharing
+  * Issue that caused Skype application crashes
+* Added a prompt in “Settings” to inform users that the OS can become corrupted if device reset is interrupted before completion
+
+*[KB3172985](https://support.microsoft.com/help/3172985)
+
            
+
+
            
+June 14, 2016 — KB3163018* (OS Build 10586.420)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Constrained release. Refer to July 12, 2016 — [KB3172985](https://support.microsoft.com/en-us/help/3172985) (OS Build 10586.494) for Surface Hub specific package details
+
+*[KB3163018](https://support.microsoft.com/help/3163018)
+
            
+
+
            
+May 10, 2016 — KB3156421* (OS Build 10586.318)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue that prevented certain Store apps (OneDrive) from installing
+* Fixed issue that caused touch input to stop responding in applications
+
+*[KB3156421](https://support.microsoft.com/help/3156421)
+
            
+
+
            
+April 12, 2016 — KB3147458* (OS Build 10586.218)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue where volume level wasn’t properly reset between sessions
+
+*[KB3147458](https://support.microsoft.com/help/3147458)
+
            
+
+## Related topics
+
+* [Windows 10 feature road map](http://go.microsoft.com/fwlink/p/?LinkId=785967)
+* [Windows 10 release information](http://go.microsoft.com/fwlink/p/?LinkId=724328)
+* [Windows 10 November update: FAQ](http://windows.microsoft.com/windows-10/windows-update-faq)
+* [Microsoft Surface update history](http://go.microsoft.com/fwlink/p/?LinkId=724327)
+* [Microsoft Lumia update history](http://go.microsoft.com/fwlink/p/?LinkId=785968)
+* [Get Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=616447)
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md
index c4051021b6..cfe236376f 100644
--- a/devices/surface-hub/surface-hub-wifi-direct.md
+++ b/devices/surface-hub/surface-hub-wifi-direct.md
@@ -4,10 +4,12 @@ description: This topic provides guidance on Wi-Fi Direct security risks.
 keywords: change history
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
new file mode 100644
index 0000000000..12678d2a9c
--- /dev/null
+++ b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
@@ -0,0 +1,25 @@
+---
+title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
+ms.reviewer: 
+manager: 
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+In compliance with regional governmental regulations, all 5-GHz wireless devices in Europe, Japan, and Israel do not support the U-NII-3 band. In Surface Hub, the channels that are associated with U-NII-3 are 149 through 165. This includes Miracast connection on these channels. Therefore, Surface Hubs that are used in Europe, Japan, and Israel can't use channels 149 through 165 for Miracast connection.
+
+## More Information
+
+For more information see the [U-NII](https://en.wikipedia.org/wiki/U-NII) topic on Wikipedia.
+
+> [!NOTE]
+> Microsoft provides third-party contact information to help you find additional information about this topic. This information may change without notice. Microsoft does not guarantee the accuracy of third-party information. 
\ No newline at end of file
diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md
index 985b44c3cd..1f9447ff87 100644
--- a/devices/surface-hub/surfacehub-whats-new-1703.md
+++ b/devices/surface-hub/surfacehub-whats-new-1703.md
@@ -3,10 +3,12 @@ title: What's new in Windows 10, version 1703 for Surface Hub
 description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 01/18/2018
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md
index a6158edff8..c67203853d 100644
--- a/devices/surface-hub/troubleshoot-surface-hub.md
+++ b/devices/surface-hub/troubleshoot-surface-hub.md
@@ -2,11 +2,13 @@
 title: Troubleshoot Microsoft Surface Hub
 description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer: 
+manager: dansimp
 keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 03/16/2018
 ms.localizationpriority: medium
diff --git a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
new file mode 100644
index 0000000000..2cb3ab2414
--- /dev/null
+++ b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
@@ -0,0 +1,79 @@
+---
+title: How to use cloud recovery for BitLocker on a Surface Hub
+description: How to use cloud recovery for BitLocker on a Surface Hub
+ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
+ms.reviewer: 
+manager: 
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+This article describes how to use the cloud recovery function if you are unexpectedly prompted by BitLocker on a Surface Hub device.
+
+> [!NOTE]
+> You should follow these steps only if a BitLocker recovery key isn't available.
+
+> [!WARNING]
+> * This recovery process deletes the contents of the internal drive. If the process fails, the internal drive will become completely unusable. If this occurs, you will have to log a service request with Microsoft for a resolution.
+> * After the recovery process is complete, the device will be reset to the factory settings and returned to its Out of Box Experience state.
+> * After the recovery, the Surface Hub must be completely reconfigured.
+
+> [!IMPORTANT]
+> This process requires an open Internet connection that does not use a proxy or other authentication method.
+
+## Cloud recovery process
+
+To perform a cloud recovery, follow these steps:
+
+1. Select **Press Esc for more recovery options**.
+
+   ![Screenshot of Escape](images/01-escape.png)
+
+1. Select **Skip this drive**.
+
+   ![Screenshot of Skip this drive](images/02-skip-this-drive.png)
+
+1. Select **Recover from the cloud**.
+
+   ![Screenshot of Recover from the cloud](images/03-recover-from-cloud.png)
+
+1. Select **Yes**.
+
+   ![Screenshot of Yes](images/04-yes.png)
+
+1. Select **Reinstall**.
+
+   ![Screenshot of Reinstall](images/05a-reinstall.png)
+
+   ![Screenshot of Downloading](images/05b-downloading.png)
+
+1. After the cloud recovery process is complete, start the reconfiguration by using the **Out of Box Experience**.
+
+   ![Screenshot of Out of the Box](images/06-out-of-box.png)
+
+## "Something went Wrong" error message
+
+This error is usually caused by network issues that occur during the recovery download. When this issue occurs, don't turn off the Hub because you won't be able to restart it. If you receive this error message, return to the "Recover from the cloud" step, and then restart the recovery process.
+
+1. Select **Cancel**.
+
+   ![Screenshot of Cancel](images/07-cancel.png)
+
+1. Select **Troubleshoot**.
+
+   ![Screenshot of Troubleshoot](images/08-troubleshoot.png)
+
+1. Select **Recover from the cloud**.
+
+   ![Screenshot of Recover from the cloud](images/09-recover-from-cloud2.png)
+
+1. If the **Wired network isn't found** error occurs, select **Cancel**, and then let the Surface Hub rediscover the wired network.
+
+   ![Screenshot of Wired network isn't found](images/10-cancel.png)
\ No newline at end of file
diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
index f64a9fbf5d..65b4f6f1ca 100644
--- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
+++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
@@ -2,10 +2,12 @@
 title: Use fully qualified doman name with Surface Hub
 description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
 keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ms.prod: surface-hub
 ms.sitesec: library
@@ -23,7 +25,7 @@ There are a few scenarios where you need to specify the domain name of your Skyp
 2. Click **Surface Hub**, and then click **Calling & Audio**. 
 3. Under **Skype for Business configuration**, click **Configure domain name**. 
 4. Type the domain name for your Skype for Business server, and then click **Ok**. 
-> [!TIP]
-> You can type multiple domain names, separated by commas. 
             For example: lync.com, outlook.com, lync.glbdns.microsoft.com
+   > [!TIP]
+   > You can type multiple domain names, separated by commas. 
             For example: lync.com, outlook.com, lync.glbdns.microsoft.com
 
     ![Add Skype for Business FQDN to Settings](images/system-settings-add-fqdn.png)
diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 7c5fc0e5d9..f8c792f932 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -2,11 +2,13 @@
 title: Using a room control system (Surface Hub)
 description: Room control systems can be used with your Microsoft Surface Hub.
 ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50
+ms.reviewer: 
+manager: dansimp
 keywords: room control system, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -31,7 +33,7 @@ To connect to a room control system control panel, you don't need to configure a
 | Parity | none |
 | Flow control | none |
 | Line feed | every carriage return |
- 
+ 
 
 ## Wiring diagram
 
@@ -53,7 +55,7 @@ The following command modifiers are available. Commands terminate with a new lin
 | - | Decrease a value |
 | = | Set a discrete value |
 | ? | Queries for a current value |
- 
+ 
 
 ## Power
 
@@ -110,7 +112,7 @@ Changes to volume levels can be sent by a room control system, or other system.
 | Volume- |  SMC sends the volume down command.

            PC service notifies SMC of new volume level. |  Volume = 50 |
 
 
- 
+ 
 
 ## Mute for audio
 
@@ -121,7 +123,7 @@ Audio can be muted.
 | AudioMute+ |  SMC sends the audio mute command.

            PC service notifies SMC that audio is muted. |  none |
 
 
- 
+ 
 
 ## Video source
 
@@ -135,7 +137,7 @@ Several display sources can be used.
 | 3 |  VGA |
 
 
- 
+ 
 
 Changes to display source can be sent by a room control system, or other system.
 
@@ -158,7 +160,7 @@ Errors are returned following the format in this table.
 | Error: Command not available when off '<input>'. |  When the Surface Hub is off, commands other than Power return this error. For example, "Volume+" would be invalid and return " Error: Command not available when off 'Volume'". |
 
 
- 
+ 
 
 ## Related topics
 
@@ -167,9 +169,9 @@ Errors are returned following the format in this table.
 
 [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
new file mode 100644
index 0000000000..8583a2c15a
--- /dev/null
+++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
@@ -0,0 +1,137 @@
+---
+title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
+ms.reviewer: 
+manager: 
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Using the Surface Hub Hardware Diagnostic Tool to test a device account
+
+## Introduction
+
+> [!NOTE]
+> The "Account Settings" section of the Surface Hub Hardware Diagnostic tool doesn’t collect any information. The email and password that are entered as input are used only directly on your environment and not collected or transferred to anyone. The login information persists only until the application is closed or you end the current session on the Surface Hub.
+
+> [!IMPORTANT]
+> * Administrator privileges are not required to run this application.
+> * The results of the diagnostic should be discussed with your local administrator before you open a service call with Microsoft.
+
+### Surface Hub Hardware Diagnostic
+
+By default, the [Surface Hub Hardware Diagnostic](https://www.microsoft.com/store/apps/9nblggh51f2g) application isn’t installed in earlier versions of the Surface Hub system. The application is available for free from the Microsoft Store. Administrator privileges are required to install the application.
+
+   ![Screenshot of Hardware Diagnostic](images/01-diagnostic.png)
+
+## About the Surface Hub Hardware Diagnostic Tool
+
+The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets the user test many of the hardware components within the Surface Hub device. This tool can also test and verify a Surface Hub device account. This article describes how to use the Account Settings test within the Surface Hub Hardware Diagnostic tool.
+
+> [!NOTE]
+> The device account for the Surface Hub should be created before any testing is done. The Surface Hub Administrator Guide provides instructions and PowerShell scripts to help you create on-premises, online (Office365), or hybrid device accounts. For more information, go to the [Create and test a device account (Surface Hub)](https://docs.microsoft.com/surface-hub/create-and-test-a-device-account-surface-hub) topic in the guide.
+
+### Device account testing process
+
+1. Navigate to **All Apps**, and then locate the Surface Hub Hardware Diagnostic application.
+
+    ![Screenshot of  All Apps](images/02-all-apps.png)
+
+1. When the application starts, the **Welcome** page provides a text window to document the reason why you are testing the Hub. This note can be saved to USB together with the diagnostic results at the conclusion of testing. After you finish entering a note, select the **Continue** button.
+
+    ![Screenshot of  Welcome](images/03-welcome.png)
+
+1. The next screen provides you the option to test all or some of the Surface Hub components. To begin testing the device account, select the **Test Results** icon.
+
+    ![Screenshot of  Test Results](images/04-test-results-1.png)
+
+    ![Screenshot of  Test Results](images/05-test-results-2.png)
+
+1. Select **Account Settings**.  
+
+    ![Screenshot of  Account Settings](images/06-account-settings.png)
+
+    The Account Settings screen is used to test your device account.
+
+    ![Screenshot of  Account Settings Details](images/07-account-settings-details.png)
+
+1. Enter the email address of your device account. The password is optional but is recommended. Select the **Test Account** button when you are ready to continue.
+
+    ![Screenshot of  Test Account](images/08-test-account.png)
+
+1. After testing is finished, review the results for the four areas of testing. Each section can be expanded or collapsed by selecting the Plus or Minus sign next to each topic.
+
+    **Network**
+
+    ![Screenshot of Network](images/09-network.png)
+
+    **Environment**
+
+    ![Screenshot of Environment](images/10-environment.png)
+
+    **Certificates**
+
+    ![Screenshot of Certificates](images/11-certificates.png)
+
+    **Trust Model**
+
+    ![Screenshot of Trust Model](images/12-trust-model.png)
+
+## Appendix
+
+### Field messages and resolution
+
+#### Network
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store |
+Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? |
+Proxy Address | | |If configured, returns proxy address. |
+Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy.  |
+
+#### Environment
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Domain | | |Informational.  |
+Skype Environment |Skype for Business Online, Skype for Business OnPrem, Skype for Business Hybrid |Informational. |What type of environment was detected. Note: Hybrid can only be detected if the password is entered.
+LyncDiscover FQDN | | |Informational. Displays the LyncDiscover DNS result |
+LyncDiscover URI | | |Informational. Displays the URL used to perform a LyncDiscover on your environment.|
+LyncDiscover |Connection Successful |Connection Failed |Response from LyncDiscover web service. |
+SIP Pool Hostname | | |Informational. Display the SIP pool name discovered from LyncDiscover |
+
+#### Certificates (in-premises hybrid only)
+
+LyncDiscover Certificate
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+LyncDiscover Cert CN | | |Informational. Displays the LD cert Common name |
+LyncDiscover Cert CA | | |Informational. Displays the LD Cert CA |
+LyncDiscover Cert Root CA | | |Informational. Displays the LD Cert Root CA, if available. |
+LD Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store. Returns positive if the machine trusts the certificate.|[Download and deploy Skype for Business certificates using PowerShell](https://blogs.msdn.microsoft.com/surfacehub/2016/06/07/download-and-deploy-skype-for-business-certificates-using-powershell/)/[Supported items for Surface Hub provisioning packages](https://docs.microsoft.com/en-us/surface-hub/provisioning-packages-for-surface-hub#supported-items-for-surface-hub-provisioning-packages)
+
+SIP Pool Certification
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Pool Cert CN | | |(CONTENTS) |
+SIP Pool Cert CA | | |(CONTENTS) |
+SIP Pool Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store and return a positive if the devices trusts the certificate. |
+SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if available. |
+
+#### Trust Model (on-premises hybrid only)
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. |[Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
+Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. |
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 9a68506147..525c84acb2 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -3,10 +3,12 @@ title: Set up and use Microsoft Whiteboard
 description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 03/18/2019
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
@@ -66,4 +68,4 @@ After you’re done, you can export a copy of the Whiteboard collaboration for y
 ## Related topics
 
 - [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
-- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
\ No newline at end of file
+- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md
index 516ddeab67..5e17e464a9 100644
--- a/devices/surface-hub/wireless-network-management-for-surface-hub.md
+++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md
@@ -2,11 +2,13 @@
 title: Wireless network management (Surface Hub)
 description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection.
 ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D
+ms.reviewer: 
+manager: dansimp
 keywords: network connectivity, wired connection
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: levinec
+ms.author: ellevin
 ms.topic: article
 ms.date: 07/27/2017
 ms.localizationpriority: medium
diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index d9d67fc9ab..c677b56488 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -2,14 +2,16 @@
 title: Advanced UEFI security features for Surface Pro 3 (Surface)
 description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
 ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
+ms.reviewer: 
+manager: dansimp
 keywords: security, features, configure, hardware, device, custom, script, update
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md
index 9771aacb0d..60ff9078bd 100644
--- a/devices/surface/assettag.md
+++ b/devices/surface/assettag.md
@@ -4,10 +4,12 @@ description: This topic explains how to use the Surface Asset Tag Tool.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 02/01/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface Asset Tag Tool
@@ -26,8 +28,8 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
 
 To run Surface Asset Tag:
 
-1.  On the Surface device, download **Surface Pro 3 AssetTag.zip** from the [Microsoft Download
-    Center](http://www.microsoft.com/download/details.aspx?id=44076),
+1.  On the Surface device, download **Surface Asset Tag.zip** from the [Microsoft Download
+    Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703),
     extract the zip file, and save AssetTag.exe in desired folder (in
     this example, C:\\assets).
 
diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md
index b1a34e4f19..48b26edcc5 100644
--- a/devices/surface/battery-limit.md
+++ b/devices/surface/battery-limit.md
@@ -5,9 +5,11 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
+author: dansimp
 ms.date: 10/02/2018
-ms.author: jdecker
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index 271b1cc5e2..d4e7df2e2b 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -1,11 +1,13 @@
 ---
 title: Change history for Surface documentation (Windows 10)
+ms.reviewer: 
+manager: dansimp
 description: This topic lists new and updated topics in the Surface documentation library.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
index 1160b8cacc..ec997db3be 100644
--- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
+++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Considerations for Surface and System Center Configuration Manager
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index 4218ee9ba8..f160c5977b 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -2,14 +2,16 @@
 title: Customize the OOBE for Surface deployments (Surface)
 description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.
 ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87
+ms.reviewer: 
+manager: dansimp
 keywords: deploy, customize, automate, network, Pen, pair, boot
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
index 491ca43c11..9448059c5b 100644
--- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md
+++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
@@ -6,13 +6,15 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, store
 ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 09/21/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
-#Deploy Surface app with Microsoft Store for Business and Education
+# Deploy Surface app with Microsoft Store for Business and Education
 
 **Applies to**
 * Surface Pro 4
@@ -36,11 +38,11 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma
 
 If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. 
 
-##Surface app overview
+## Surface app overview
 
 The Surface app is available as a free download from the [Microsoft Store](https://www.microsoft.com/store/apps/Surface/9WZDNCRFJB8P). Users can download and install it from the Microsoft Store, but if your organization uses Microsoft Store for Business instead, you will need to add it to your store’s inventory and possibly include the app as part of your Windows deployment process. These processes are discussed throughout this article. For more information about Microsoft Store for Business, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) in the Windows TechCenter. 
 
-##Add Surface app to a Microsoft Store for Business account 
+## Add Surface app to a Microsoft Store for Business account 
 
 Before users can install or deploy an app from a company’s Microsoft Store for Business account, the desired app(s) must first be made available and licensed to the users of a business. 
 
@@ -70,14 +72,14 @@ Before users can install or deploy an app from a company’s Microsoft Store for
     *Figure 3. Offline-licensed app acknowledgement*
     * Click **OK**.
 
-##Download Surface app from a Microsoft Store for Business account
+## Download Surface app from a Microsoft Store for Business account
 After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share.
 1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com.
 2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article.
 3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app.
 4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4.
 
-    ![Example of the AppxBundle package](images\deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package")
+    ![Example of the AppxBundle package](images/deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package")
 
     *Figure 4. Download the AppxBundle package for an app*
 5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article.
@@ -89,7 +91,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode
 
 Figure 5 shows the required frameworks for the Surface app.
 
-![Required frameworks for the Surface app](images\deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app")
+![Required frameworks for the Surface app](images/deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app")
 
 *Figure 5. Required frameworks for the Surface app*
 
@@ -103,7 +105,7 @@ To download the required frameworks for the Surface app, follow these steps:
 >[!NOTE]
 >Only the 64-bit (x64) version of each framework is required for Surface devices. Surface devices are native 64-bit UEFI devices and are not compatible with 32-bit (x86) versions of Windows that would require 32-bit frameworks. 
 
-##Install Surface app on your computer with PowerShell
+## Install Surface app on your computer with PowerShell
 The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards.
 1.	Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. 
 2.	Begin an elevated PowerShell session.
@@ -127,26 +129,26 @@ The following procedure provisions the Surface app onto your computer and makes
 
 Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app.
 
-5.	In the elevated PowerShell session, copy and paste the following command:
-```
-    Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
-```
-6.	In the elevated PowerShell session, copy and paste the following command:
-    ```
-    Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
-    ```
+5. In the elevated PowerShell session, copy and paste the following command:
+   ```
+   Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
+   ```
+6. In the elevated PowerShell session, copy and paste the following command:
+   ```
+   Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
+   ```
 
-##Install Surface app with MDT
+## Install Surface app with MDT
 The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image.
-1.	Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file. 
-2.	Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
-3.	On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
+1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file. 
+2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
+3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
 
-    * Command:
-    ```
-    Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
-    ```
-    * Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
+   * Command:
+     ```
+     Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
+     ```
+   * Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
 
 For the Surface app to function on the target computer, it will also require the frameworks described earlier in this article. Use the following procedure to import the frameworks required for the Surface app into MDT and to configure them as dependencies.
 1.	Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index d0e16a8292..76e1c293cc 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -2,15 +2,17 @@
 title: Download the latest firmware and drivers for Surface devices (Surface)
 description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
 ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
+ms.reviewer: 
+manager: dansimp
 keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
+author: dansimp
 ms.date: 11/15/2018
-ms.author: jdecker
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
index 1f84f574f3..e749f22972 100644
--- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
+++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
@@ -6,20 +6,22 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface
 ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit
 
 **Applies to**
 - Surface Studio
-* Surface Pro 4
-* Surface Book
-* Surface 3
-* Windows 10
+- Surface Pro 4
+- Surface Book
+- Surface 3
+- Windows 10
 
 This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
 
@@ -119,13 +121,13 @@ To boot from the network with either your reference virtual machines or your Sur
 
 Windows Deployment Services (WDS) is a Windows Server role. To add the WDS role to a Windows Server 2012 R2 environment, use the Add Roles and Features Wizard, as shown in Figure 1. Start the Add Roles and Features Wizard from the **Manage** button of **Server Manager**. Install both the Deployment Server and Transport Server role services.
 
-![Install the Windows Deployment Services role](images\surface-deploymdt-fig1.png "Install the Windows Deployment Services role")
+![Install the Windows Deployment Services role](images/surface-deploymdt-fig1.png "Install the Windows Deployment Services role")
 
 *Figure 1. Install the Windows Deployment Services server role*
 
 After the WDS role is installed, you need to configure WDS. You can begin the configuration process from the WDS node of Server Manager by right-clicking your server’s name and then clicking **Windows Deployment Services Management Console**. In the **Windows Deployment Services** window, expand the **Servers** node to find your server, right-click your server, and then click **Configure** in the menu to start the Windows Deployment Services Configuration Wizard, as shown in Figure 2.
 
-![Configure PXE response for Windows Deployment Services](images\surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services")
+![Configure PXE response for Windows Deployment Services](images/surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services")
 
 *Figure 2. Configure PXE response for Windows Deployment Services*
 
@@ -146,7 +148,7 @@ To install Windows ADK, run the Adksetup.exe file that you downloaded from [Down
 
 When you get to the **Select the features you want to install** page, you only need to select the **Deployment Tools** and **Windows Preinstallation Environment (Windows PE)** check boxes to deploy Windows 10 using MDT, as shown in Figure 3. 
 
-![Required options for deployment with MDT](images\surface-deploymdt-fig3.png "Required options for deployment with MDT")
+![Required options for deployment with MDT](images/surface-deploymdt-fig3.png "Required options for deployment with MDT")
 
 *Figure 3. Only Deployment Tools and Windows PE options are required for deployment with MDT*
 
@@ -176,24 +178,24 @@ To create the deployment share, follow these steps:
 
 1. Open the Deployment Workbench from your Start menu or Start screen, as shown in Figure 5.
 
-   ![The MDT Deployment Workbench](images\surface-deploymdt-fig5.png "The MDT Deployment Workbench")
+   ![The MDT Deployment Workbench](images/surface-deploymdt-fig5.png "The MDT Deployment Workbench")
 
    *Figure 5. The MDT Deployment Workbench*
 
 2. Right-click the **Deployment Shares** folder, and then click **New Deployment Share** to start the New Deployment Share Wizard, as shown in Figure 6.
 
-   ![Summary page of the New Deployment Share Wizard](images\surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard")
+   ![Summary page of the New Deployment Share Wizard](images/surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard")
 
    *Figure 6. The Summary page of the New Deployment Share Wizard*
 
 3. Create a new deployment share with New Deployment Share Wizard with the following steps:
 
-  * **Path** – Specify a local folder where the deployment share will reside, and then click **Next**.
+   * **Path** – Specify a local folder where the deployment share will reside, and then click **Next**.
 
       >[!NOTE]
       >Like the WDS remote installation folder, it is recommended that you put this folder on an NTFS volume that is not your system volume.
 
-  * **Share** – Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
+   * **Share** – Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
 
       >[!NOTE]
       >The share name cannot contain spaces.
@@ -201,11 +203,11 @@ To create the deployment share, follow these steps:
       >[!NOTE]
       >You can use a Dollar Sign (**$**) to hide your network share so that it will not be displayed when users browse the available network shares on the server in File Explorer.
 
-  * **Descriptive Name** – Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
-  * **Options** – You can accept the default options on this page. Click **Next**.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
-  * **Progress** – While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
-  * **Confirmation** – When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
+   * **Descriptive Name** – Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
+   * **Options** – You can accept the default options on this page. Click **Next**.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
+   * **Progress** – While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
+   * **Confirmation** – When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
 
 4. When the New Deployment Share Wizard is complete, you can expand the Deployment Shares folder to find your newly created deployment share.
 5. You can expand your deployment share, where you will find several folders for the resources, scripts, and components of your MDT deployment environment are stored.
@@ -228,30 +230,30 @@ To import Windows 10 installation files, follow these steps:
 
 1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench, and then click **New Folder** to open the **New Folder** page, as shown in Figure 7.
 
-   ![Create a new folder on the New Folder page](images\surface-deploymdt-fig7.png "Create a new folder on the New Folder page")
+   ![Create a new folder on the New Folder page](images/surface-deploymdt-fig7.png "Create a new folder on the New Folder page")
    
    *Figure 7. Create a new folder on the New Folder page*
 
 2. On the **New Folder** page a series of steps is displayed, as follows:
-  * **General Settings** – Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
-  * **Summary** – Review the specified configuration of the new folder on this page, and then click **Next**.
-  * **Progress** – A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
-  * **Confirmation** – When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
+   * **General Settings** – Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
+   * **Summary** – Review the specified configuration of the new folder on this page, and then click **Next**.
+   * **Progress** – A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
+   * **Confirmation** – When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
 3. Expand the Operating Systems folder to see the newly created folder.
 4. Right-click the newly created folder, and then click **Import Operating System** to launch the Import Operating System Wizard, as shown in Figure 8.
 
-   ![Import source files with the Import Operating System Wizard](images\surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard")
+   ![Import source files with the Import Operating System Wizard](images/surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard")
 
    *Figure 8. Import source files with the Import Operating System Wizard*
 
 5. The Import Operating System Wizard walks you through the import of your operating system files, as follows:
-  * **OS Type** – Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
-  * **Source** – Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
-  * **Destination** – Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
-  * **Confirmation** – When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
-6.	Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
+   * **OS Type** – Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
+   * **Source** – Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
+   * **Destination** – Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+   * **Confirmation** – When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
+6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
 
 Now that you’ve imported the installation files from the installation media, you have the files that MDT needs to create the reference image and you are ready to instruct MDT how to create the reference image to your specifications.
 
@@ -266,35 +268,35 @@ To create the reference image task sequence, follow these steps:
 
 1. Right-click the **Task Sequences** folder under your deployment share in the Deployment Workbench, and then click **New Task Sequence** to start the New Task Sequence Wizard, as shown in Figure 9.
 
-   ![Create new task sequence to deploy and update a Windows 10 reference environment](images\surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment")
+   ![Create new task sequence to deploy and update a Windows 10 reference environment](images/surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment")
 
    *Figure 9. Create a new task sequence to deploy and update a Windows 10 reference environment*
 
 2. The New Task Sequence Wizard presents a series of steps, as follows:
-  * **General Settings** – Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
-  >[!NOTE]
-  >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
-  * **Select Template** – Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
-  * **Select OS** – Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
-  * **Specify Product Key** – Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
-  * **OS Settings** – Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
-  * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
-  >[!NOTE]
-  >During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
-  * **Progress** – While the task sequence is created, a progress bar is displayed on this page.
-  * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
-2. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
-3. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
+   * **General Settings** – Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
+     >[!NOTE]
+     >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+   * **Select Template** – Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
+   * **Select OS** – Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
+   * **Specify Product Key** – Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
+   * **OS Settings** – Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+   * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
+     >[!NOTE]
+     >During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+   * **Progress** – While the task sequence is created, a progress bar is displayed on this page.
+   * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
+3. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
+4. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
 
-   ![Enable Windows Update in the reference image task sequence](images\surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence")
+   ![Enable Windows Update in the reference image task sequence](images/surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence")
 
    *Figure 10. Enable Windows Update in the reference image task sequence*
 
-4. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
-5. Click the **Options** tab, and then clear the **Disable This Step** check box.
-6. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
-7. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
+5. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
+6. Click the **Options** tab, and then clear the **Disable This Step** check box.
+7. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
+8. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
 
 ### Generate and import MDT boot media
 
@@ -304,25 +306,25 @@ To update the MDT boot media, follow these steps:
 
 1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard, as shown in Figure 11.
 
-   ![Generate boot images with the Update Deployment Share Wizard](images\surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard")
+   ![Generate boot images with the Update Deployment Share Wizard](images/surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard")
 
    *Figure 11. Generate boot images with the Update Deployment Share Wizard*
 
 2. Use the Update Deployment Share Wizard to create boot images with the following process:
-  * **Options** – Click **Completely Regenerate the Boot Images**, and then click **Next**.
-  >[!NOTE]
-  >Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
-  * **Summary** – Review the specified options on this page before you click **Next** to begin generation of boot images.
-  * **Progress** – While the boot images are being generated, a progress bar is displayed on this page.
-  * **Confirmation** – When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
+   * **Options** – Click **Completely Regenerate the Boot Images**, and then click **Next**.
+     >[!NOTE]
+     >Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
+   * **Summary** – Review the specified options on this page before you click **Next** to begin generation of boot images.
+   * **Progress** – While the boot images are being generated, a progress bar is displayed on this page.
+   * **Confirmation** – When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
 3. Confirm that boot images have been generated by navigating to the deployment share in File Explorer and opening the Boot folder. The following files should be displayed, as shown in Figure 12:
-  * **LiteTouchPE_x86.iso**
-  * **LiteTouchPE_x86.wim**
-  * **LiteTouchPE_x64.iso**
-  * **LiteTouchPE_x64.wim**
+   * **LiteTouchPE_x86.iso**
+   * **LiteTouchPE_x86.wim**
+   * **LiteTouchPE_x64.iso**
+   * **LiteTouchPE_x64.wim**
 
 
-   ![Boot images in the Boot folder after Update Deployment Share Wizard completes](images\surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes")
+   ![Boot images in the Boot folder after Update Deployment Share Wizard completes](images/surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes")
 
    *Figure 12. Boot images displayed in the Boot folder after completion of the Update Deployment Share Wizard*
 
@@ -332,21 +334,21 @@ To import the MDT boot media into WDS for PXE boot, follow these steps:
 2. Expand **Servers** and your deployment server.
 3. Click the **Boot Images** folder, as shown in Figure 13.
 
-   ![Start the Add Image Wizard from the Boot Images folder](images\surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder")
+   ![Start the Add Image Wizard from the Boot Images folder](images/surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder")
 
    *Figure 13. Start the Add Image Wizard from the Boot Images folder*
 
 4. Right-click the **Boot Images** folder, and then click **Add Boot Image** to open the Add Image Wizard, as shown in Figure 14.
 
-   ![Import the LiteTouchPE_x86.wim MDT boot image](images\surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image")
+   ![Import the LiteTouchPE_x86.wim MDT boot image](images/surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image")
 
    *Figure 14. Import the LiteTouchPE_x86.wim MDT boot image*
 
 5. The Add Image Wizard displays a series of steps, as follows:
-  * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
-  * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
-  * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
-  * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
+   * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
+   * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+   * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
+   * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
 
 >[!NOTE]
 >Only the 32-bit boot image, LiteTouchPE_x86.wim, is required to boot from BIOS devices, including Generation 1 Hyper-V virtual machines like the reference virtual machine.
@@ -377,7 +379,7 @@ Perform the reference image deployment and capture using the following steps:
 
 1. Start your virtual machine and press the F12 key when prompted to boot to the WDS server via PXE, as shown in Figure 15.
 
-   ![Start network boot by pressing the F12 key](images\surface-deploymdt-fig15.png "Start network boot by pressing the F12 key")
+   ![Start network boot by pressing the F12 key](images/surface-deploymdt-fig15.png "Start network boot by pressing the F12 key")
 
    *Figure 15. Start network boot by pressing the F12 key*
 
@@ -385,18 +387,18 @@ Perform the reference image deployment and capture using the following steps:
 3. Enter your MDT username and password, a user with rights to access the MDT deployment share over the network and with rights to write to the Captures folder in the deployment share.
 4. After your credentials are validated, the Windows Deployment Wizard will start and process the boot and deployment share rules.
 5. The Windows Deployment Wizard displays a series of steps, as follows:
-  * **Task Sequence** – Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
-  * **Computer Details** – Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
-  * **Move Data and Settings** – Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
-  * **User Data (Restore)** – Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
-  * **Locale and Time** – Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
-  * **Capture Image** – Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
+   * **Task Sequence** – Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
+   * **Computer Details** – Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
+   * **Move Data and Settings** – Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
+   * **User Data (Restore)** – Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
+   * **Locale and Time** – Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
+   * **Capture Image** – Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
   
-  ![Capture an image of the reference machine](images\surface-deploymdt-fig16.png "Capture an image of the reference machine")
+   ![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine")
     
-  *Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
+   *Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
 
-  * **Ready** – You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
+   * **Ready** – You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
 
 6. Your reference task sequence will run with the specified options.
 
@@ -425,14 +427,14 @@ To import the reference image for deployment, use the following steps:
 
 1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench or the folder you created in when you imported Windows 10 installation files, and then click **Import Operating System** to start the Import Operating System Wizard. 
 2. Import the custom image with the Import Operating System Wizard by using the following steps:
-  * **OS Type** – Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
-  * **Image** – Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**. 
-  * **Setup** – Click **Setup Files are not Neededf**, and then click **Next**.
-  * **Destination** – Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  * **Progress** – While the image is imported, a progress bar is displayed on this page.
-  * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
-3.	Expand the folder in which you imported the image to verify that the import completed successfully.
+   * **OS Type** – Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
+   * **Image** – Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**. 
+   * **Setup** – Click **Setup Files are not Neededf**, and then click **Next**.
+   * **Destination** – Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   * **Progress** – While the image is imported, a progress bar is displayed on this page.
+   * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
+3. Expand the folder in which you imported the image to verify that the import completed successfully.
 
 >[!NOTE]
 >You can import the reference image into the same deployment share that you used to create your reference image, or you could import the reference image into a new deployment share for deployment to your Surface devices. If you chose to create a new deployment share for deployment of your reference image, remember that you still need to import a full set of installation files from installation media.
@@ -456,24 +458,24 @@ To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow
      * Microsoft Corporation
        * Surface Pro 4
 
-   ![Recommended folder structure for drivers](images\surface-deploymdt-fig17.png "Recommended folder structure for drivers")
+   ![Recommended folder structure for drivers](images/surface-deploymdt-fig17.png "Recommended folder structure for drivers")
 
    *Figure 17. The recommended folder structure for drivers*
 
 4. Right-click the **Surface Pro 4** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 18.
 
-   ![Progress page during drivers import](images\surface-deploymdt-fig18.png "Progress page during drivers import")
+   ![Progress page during drivers import](images/surface-deploymdt-fig18.png "Progress page during drivers import")
 
    *Figure 18. The Progress page during drivers import*
 
 5. The Import Driver Wizard displays a series of steps, as follows:
-  * **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  * **Progress** – While the drivers are imported, a progress bar is displayed on this page.
-  * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
-6.	Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
+   * **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   * **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+   * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
+6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
 
-   ![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images\surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share")
+   ![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images/surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share")
 
    *Figure 19. Drivers for Surface Pro 4 imported and organized in the MDT deployment share*
 
@@ -491,7 +493,7 @@ After you have downloaded the source files for your version of Office Click-to-R
 
 1. Right-click the existing **Configuration.xml** file, and then click **Edit**.
 2. This action opens the file in Notepad. Replace the existing text with the following:
-  ```
+   ```
     
      
       
@@ -499,7 +501,7 @@ After you have downloaded the source files for your version of Office Click-to-R
       
     
     
-```
+   ```
 
 3. Save the file.
 
@@ -512,22 +514,22 @@ Now that the installation and configuration files are prepared, the application
 1. Open the Deployment Workbench. 
 2. Expand the deployment share, right-click the **Applications** folder, and then click **New Application** to start the New Application Wizard, as shown in Figure 20.
 
-   ![Enter the command and directory for Office 2016 Click-to-Run](images\surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run")
+   ![Enter the command and directory for Office 2016 Click-to-Run](images/surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run")
 
    *Figure 20. Enter the command and directory for Office 2016 Click-to-Run*
 
 3. The New Application Wizard walks you through importing the Office 2016 Click-to-Run files, as follows:
-  * **Application Type** – Click **Application with Source Files**, and then click **Next**.
-  * **Details** – Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
-  * **Source** – Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
-  * **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
-  * **Command Details** – Enter the Office Deployment Tool installation command line:
+   * **Application Type** – Click **Application with Source Files**, and then click **Next**.
+   * **Details** – Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
+   * **Source** – Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
+   * **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
+   * **Command Details** – Enter the Office Deployment Tool installation command line:
 
      `Setup.exe /configure configuration.xml`
 
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
-  * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+   * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
 
 4. You should now see the **Office 2016 Click-to-Run** item under the **Applications** folder in the Deployment Workbench.
 
@@ -549,17 +551,17 @@ The next step in the process is to create the deployment task sequence. This tas
 To create the deployment task sequence, follow these steps:
 1. In the Deployment Workbench, under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
 2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
-  * **General Settings** – Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
-  >[!NOTE]
-  >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
-  * **Select Template** – Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
-  * **Select OS** – Navigate to and select the reference image that you imported, and then click **Next**.
-  * **Specify Product Key** – Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
-  * **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
-  * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
-  * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
-  * **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
-  * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
+   * **General Settings** – Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
+     >[!NOTE]
+     >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+   * **Select Template** – Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
+   * **Select OS** – Navigate to and select the reference image that you imported, and then click **Next**.
+   * **Specify Product Key** – Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
+   * **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+   * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
+   * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+   * **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
+   * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
 
 After the task sequence is created it can be modified for increased automation, such as the installation of applications without user interaction, the selection of drivers, and the installation of Windows updates.
 
@@ -571,7 +573,7 @@ After the task sequence is created it can be modified for increased automation,
 6. Between the two **Windows Update** steps is the **Install Applications** step. Click the **Install Applications** step, and then click **Add**.
 7. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 21.
 
-   ![A new Install Application step in the deployment task sequence](images\surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence")
+   ![A new Install Application step in the deployment task sequence](images/surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence")
 
    *Figure 21. A new Install Application step in the deployment task sequence*
 
@@ -582,22 +584,22 @@ After the task sequence is created it can be modified for increased automation,
 12.	Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
 13.	Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
 14. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 22), configure the following options:
-  * **Name** – Set DriverGroup001
-  * **Task Sequence Variable** – DriverGroup001
-  * **Value** – Windows 10 x64\%Make%\%Model%
+    * **Name** – Set DriverGroup001
+    * **Task Sequence Variable** – DriverGroup001
+    * **Value** – Windows 10 x64\%Make%\%Model%
 
-   ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
+    ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
 
-   *Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
+    *Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
 
 15.	Select the **Inject Drivers** step, the next step in the task sequence.
 16.	On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
-  * In the **Choose a selection profile** drop-down menu, select **Nothing**.
-  * Click the **Install all drivers from the selection profile** button.
+    * In the **Choose a selection profile** drop-down menu, select **Nothing**.
+    * Click the **Install all drivers from the selection profile** button.
 
-   ![Configure deployment task sequence not to choose the drivers to inject into Windows](images\surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows")
+    ![Configure deployment task sequence not to choose the drivers to inject into Windows](images/surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows")
 
-   *Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
+    *Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
 
 17.	Click **OK** to apply changes to the task sequence and close the task sequence properties window.
 
@@ -615,20 +617,20 @@ To automate the boot media rules, follow these steps:
 2. Click the **Rules** tab, and then click **Edit Bootstrap.ini** to open Bootstrap.ini in Notepad.
 3. Replace the text of the Bootstrap.ini file with the following text:
 
-  ```
-  [Settings]
-  Priority=Model,Default
+   ```
+   [Settings]
+   Priority=Model,Default
 
-  [Surface Pro 4]
-  DeployRoot=\\STNDeployServer\DeploymentShare$
-  UserDomain=STNDeployServer
-  UserID=MDTUser
-  UserPassword=P@ssw0rd
-  SkipBDDWelcome=YES
+   [Surface Pro 4]
+   DeployRoot=\\STNDeployServer\DeploymentShare$
+   UserDomain=STNDeployServer
+   UserID=MDTUser
+   UserPassword=P@ssw0rd
+   SkipBDDWelcome=YES
 
-  [Surface Pro 4]
-  DeployRoot=\\STNDeployServer\DeploymentShare$
-  ```
+   [Surface Pro 4]
+   DeployRoot=\\STNDeployServer\DeploymentShare$
+   ```
 
 4. Press Ctrl+S to save Bootstrap.ini, and then close Notepad.
 
@@ -648,7 +650,7 @@ Rules used in the text shown in Step 3 include:
 
 The bulk of the rules used to automate the MDT deployment process are stored in the deployment share rules, or the Customsettings.ini file. In this file you can answer and hide all of the prompts from the Windows Deployment Wizard, which yields a deployment experience that mostly consists of a progress bar that displays the automated actions occurring on the device. The deployment share rules are shown directly in the **Rules** tab of the deployment share properties, as shown in Figure 24.
 
-![Deployment share rules configured for automation of the Windows Deployment Wizard](images\surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard")
+![Deployment share rules configured for automation of the Windows Deployment Wizard](images/surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard")
 
 *Figure 24. Deployment share rules configured for automation of the Windows Deployment Wizard*
 
@@ -738,10 +740,10 @@ To update the MDT boot media, follow these steps:
 
 1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard.
 2. The Update Deployment Share Wizard displays a series of steps, as follows:
-  * **Options** – Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
-  * **Summary** – Review the specified options on this page before you click **Next** to begin the update of boot images.
-  * **Progress** – While the boot images are being updated a progress bar is displayed on this page.
-  * **Confirmation** – When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
+   * **Options** – Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
+   * **Summary** – Review the specified options on this page before you click **Next** to begin the update of boot images.
+   * **Progress** – While the boot images are being updated a progress bar is displayed on this page.
+   * **Confirmation** – When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
 
 To import the updated MDT boot media into WDS for PXE boot, follow these steps:
 
@@ -750,17 +752,17 @@ To import the updated MDT boot media into WDS for PXE boot, follow these steps:
 3. Click the **Boot Images** folder.
 4. Right-click the existing MDT boot image, and then click **Replace Image** to open the Replace Boot Image Wizard.
 5. Replace the previously imported MDT boot image with the updated version by using these steps in the Replace Boot Image Wizard:
-  * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
-  * **Available Images** – Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
-  * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
-  * **Summary** – Review your selections for importing a boot image into WDS, and then click **Next**.
-  * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
+   * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
+   * **Available Images** – Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
+   * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+   * **Summary** – Review your selections for importing a boot image into WDS, and then click **Next**.
+   * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
 6. Right-click the **Boot Images** folder, and then click **Add Image** to open the Add Image Wizard.
 7. Add the new 64-bit boot image for 64-bit UEFI device compatibility with the Add Image Wizard , as follows:
-  * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
-  * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
-  * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
-  * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
+   * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
+   * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+   * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
+   * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
 
 >[!NOTE]
 >Although it is a best practice to replace and update the boot images in WDS whenever the MDT deployment share is updated, for deployment to Surface devices the 32-bit boot image, LiteTouchPE_x86.wim, is not required. Only the 64-bit boot image is required for 64-bit UEFI devices.
@@ -772,7 +774,7 @@ With all of the automation provided by the deployment share rules and task seque
 >[!NOTE]
 >For the deployment to require only a single touch, the Surface devices must be connected to a keyboard, connected to the network with a Microsoft Surface USB Ethernet Adapter or Surface Dock, and configured with PXE boot as the first boot option, as shown in Figure 25.
 
-![Set boot priority for PXE boot](images\surface-deploymdt-fig25.png "Set boot priority for PXE boot")
+![Set boot priority for PXE boot](images/surface-deploymdt-fig25.png "Set boot priority for PXE boot")
 
 *Figure 25. Setting boot priority for PXE boot*
 
diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md
index 69865822f6..c0b2ec4e85 100644
--- a/devices/surface/deploy.md
+++ b/devices/surface/deploy.md
@@ -5,9 +5,11 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
+author: dansimp
 ms.date: 10/02/2018
-ms.author: jdecker
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 41fee61550..207b2119b7 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -1,40 +1,47 @@
 {
   "build": {
-    "content":
-      [
-        {
-          "files": ["**/**.md", "**/**.yml"],
-          "exclude": ["**/obj/**"]
-        }
-      ],
+    "content": [
+      {
+        "files": [
+          "**/**.md",
+          "**/**.yml"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
+    ],
     "resource": [
-        {
-          "files": ["**/images/**"],
-          "exclude": ["**/obj/**"]
-        }
+      {
+        "files": [
+          "**/images/**"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
     ],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/surface/breadcrumb/toc.json",
-        "ROBOTS": "INDEX, FOLLOW",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.author": "jdecker",
-		"ms.date": "05/09/2017",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "Win.surface",
-			  "folder_relative_path_in_docset": "./"	
-			}
-		}
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/surface/breadcrumb/toc.json",
+      "ROBOTS": "INDEX, FOLLOW",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.author": "jdecker",
+      "ms.date": "05/09/2017",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "Win.surface",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
     },
-    "externalReference": [
-    ],
+    "externalReference": [],
     "template": "op.html",
     "dest": "devices/surface",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
index 7b2265c6f4..580498d41a 100644
--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@@ -2,14 +2,16 @@
 title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface)
 description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
 ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D
+ms.reviewer: 
+manager: dansimp
 keywords: network, wireless, device, deploy, authentication, protocol
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
index 0c64b39169..3d04792b01 100644
--- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md
+++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/06/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Enroll and configure Surface devices with SEMM
@@ -35,13 +37,13 @@ To create a Surface UEFI configuration package, follow these steps:
 2. Click **Start**.
 3. Click **Configuration Package**, as shown in Figure 1.
 
-   ![Create a package for SEMM enrollment](images\surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment")
+   ![Create a package for SEMM enrollment](images/surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment")
 
    *Figure 1. Select Configuration Package to create a package for SEMM enrollment and configuration*
 
 4. Click **Certificate Protection** to add your exported certificate file with private key (.pfx), as shown in Figure 2. Browse to the location of your certificate file, select the file, and then click **OK**.
 
-   ![Add the SEM certificate and Surface UEFI password to configuration package](images\surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package")
+   ![Add the SEM certificate and Surface UEFI password to configuration package](images/surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package")
 
    *Figure 2. Add the SEMM certificate and Surface UEFI password to a Surface UEFI configuration package*
 
@@ -50,23 +52,23 @@ To create a Surface UEFI configuration package, follow these steps:
 7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
 8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
 
-   ![Choose devices for package compatibility](images\surface-semm-enroll-fig3.png "Choose devices for package compatibility")
+   ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility")
 
    *Figure 3. Choose the devices for package compatibility*
 
 9. Click **Next**.
 10. If you want to deactivate a component on managed Surface devices, on the **Choose which components you want to activate or deactivate** page, click the slider next to any device or group of devices you want to deactivate so that the slider is in the **Off** position. (Shown in Figure 4.) The default configuration for each device is **On**. Click the **Reset** button if you want to return all sliders to the default position.
 
-   ![Disable or enable Surface components](images\surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components")
+    ![Disable or enable Surface components](images/surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components")
 
-   *Figure 4. Disable or enable individual Surface components*
+    *Figure 4. Disable or enable individual Surface components*
 
 11.	Click **Next**.
 12.	To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
 
-   ![Control advanced Surface UEFI settings and Surface UEFI pages](images\surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages")
+    ![Control advanced Surface UEFI settings and Surface UEFI pages](images/surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages")
 
-   *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
+    *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
 
 13.	In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
 14.	When the package is created and saved, the **Successful** page is displayed.
@@ -74,7 +76,7 @@ To create a Surface UEFI configuration package, follow these steps:
 >[!NOTE]
 >Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator.
 
-![Display of certificate thumbprint characters](images\surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters")
+![Display of certificate thumbprint characters](images/surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters")
 
 *Figure 6. The last two characters of the certificate thumbprint are displayed on the Successful page*
 
@@ -86,7 +88,7 @@ Now that you have created your Surface UEFI configuration package, you can enrol
 ## Enroll a Surface device in SEMM
 When the Surface UEFI configuration package is executed, the SEMM certificate and Surface UEFI configuration files are staged in the firmware storage of the Surface device. When the Surface device reboots, Surface UEFI processes these files and begins the process of applying the Surface UEFI configuration or enrolling the Surface device in SEMM, as shown in Figure 7.
 
-![SEMM process for configuration of Surface UEFI or enrollment](images\surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment")
+![SEMM process for configuration of Surface UEFI or enrollment](images/surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment")
 
 *Figure 7. The SEMM process for configuration of Surface UEFI or enrollment of a Surface device*
 
@@ -98,12 +100,12 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
 2. Select the **I accept the terms in the License Agreement** check box to accept the End User License Agreement (EULA), and then click **Install** to begin the installation process.
 3. Click **Finish** to complete the Surface UEFI configuration package installation and restart the Surface device when you are prompted to do so.
 4. Surface UEFI will load the configuration file and determine that SEMM is not enabled on the device. Surface UEFI will then begin the SEMM enrollment process, as follows:
-  * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
-  * Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
+   * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
+   * Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
 
-  ![SEMM enrollment requires last two characters of certificate thumbprint](images\surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
+   ![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
   
-  *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
+   *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
 
    * Surface UEFI will store the SEMM certificate in firmware and apply the configuration settings that are specified in the Surface UEFI configuration file.
    
@@ -111,17 +113,17 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
 
 You can verify that a Surface device has been successfully enrolled in SEMM by looking for **Microsoft Surface Configuration Package** in **Programs and Features** (as shown in Figure 9), or in the events stored in the **Microsoft Surface UEFI Configurator** log, found under **Applications and Services Logs** in Event Viewer (as shown in Figure 10).
 
-![Verify enrollment of Surface device in SEMM in Programs and Features](images\surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features")
+![Verify enrollment of Surface device in SEMM in Programs and Features](images/surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features")
 
 *Figure 9. Verify the enrollment of a Surface device in SEMM in Programs and Features*
 
-![Verify enrollment of Surface device in SEMM in Event Viewer](images\surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer")
+![Verify enrollment of Surface device in SEMM in Event Viewer](images/surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer")
 
 *Figure 10. Verify the enrollment of a Surface device in SEMM in Event Viewer*
 
 You can also verify that the device is enrolled in SEMM in Surface UEFI – while the device is enrolled, Surface UEFI will contain the **Enterprise management** page (as shown in Figure 11).
 
-![Surface UEFI Enterprise management page](images\surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page")
+![Surface UEFI Enterprise management page](images/surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page")
 
 *Figure 11. The Surface UEFI Enterprise management page*
 
@@ -136,6 +138,6 @@ If you have secured Surface UEFI with a password, users without the password who
 
 If you have not secured Surface UEFI with a password or a user enters the password correctly, settings that are configured with SEMM will be dimmed (unavailable) and the text Some settings are managed by your organization will be displayed at the top of the page, as shown in Figure 12.
 
-![Settings managed by SEMM disabled in Surface UEFI](images\surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI")
+![Settings managed by SEMM disabled in Surface UEFI](images/surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI")
 
 *Figure 12. Settings managed by SEMM will be disabled in Surface UEFI*
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index 46c4dda2d0..00aa0c1f1a 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -2,14 +2,16 @@
 title: Ethernet adapters and Surface deployment (Surface)
 description: This article provides guidance and answers to help you perform a network deployment to Surface devices.
 ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0
+ms.reviewer: 
+manager: dansimp
 keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md
index 8c54cb0ffd..d7e5bdc7d7 100644
--- a/devices/surface/ltsb-for-surface.md
+++ b/devices/surface/ltsb-for-surface.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 04/25/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Long-Term Servicing Branch (LTSB) for Surface devices
diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
index ce172d5600..57852f1b49 100644
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@@ -4,10 +4,12 @@ description: This topic provides best practice recommendations for maintaining o
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/17/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Maintain optimal power settings on Surface devices
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
index 680e04d830..0913c4266d 100644
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@@ -2,14 +2,16 @@
 title: Manage Surface driver and firmware updates (Surface)
 description: This article describes the available options to manage firmware and driver updates for Surface devices.
 ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
+ms.reviewer: 
+manager: dansimp
 keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index aa003e15fa..d25c33688f 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -7,13 +7,15 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices, surface
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
-#Manage Surface UEFI settings
+# Manage Surface UEFI settings
 
 Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. 
 
@@ -22,7 +24,7 @@ Current and future generations of Surface devices, including Surface Pro 4, Surf
 
 You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. 
 
-##PC information 
+## PC information 
 
 On the **PC information** page, detailed information about your Surface device is provided: 
 
@@ -50,7 +52,7 @@ You will also find detailed information about the firmware of your Surface devic
 
 You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device. 
 
-##Security 
+## Security 
 
 On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2): 
 
@@ -80,7 +82,7 @@ You can also enable or disable the Trusted Platform Module (TPM) device on the *
 
 *Figure 4. Configure Surface UEFI security settings*
 
-##Devices 
+## Devices 
 
 On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include: 
 
@@ -104,7 +106,7 @@ Each device is listed with a slider button that you can move to **On** (enabled)
 
 *Figure 5. Enable and disable specific devices*
 
-##Boot configuration 
+## Boot configuration 
 
 On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices: 
 
@@ -126,7 +128,7 @@ For the specified boot order to take effect, you must set the **Enable Alternate
 
 You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.  
 
-##About 
+## About 
 
 The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7. 
 
@@ -134,7 +136,7 @@ The **About** page displays regulatory information, such as compliance with FCC
 
 *Figure 7. Regulatory information displayed on the About page*
 
-##Exit 
+## Exit 
 
 Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8. 
 
@@ -174,4 +176,4 @@ When you update Surface device firmware, by using either Windows Update or manua
 
 ## Related topics
 
-[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
\ No newline at end of file
+[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md
index e4e4b988cd..34ccb3aa18 100644
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: coveminer
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 1/15/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface Brightness Control
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index 23e0c2dd91..3688553be3 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -2,14 +2,16 @@
 title: Microsoft Surface Data Eraser (Surface)
 description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 keywords: tool, USB, data, erase
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 05/15/2018
 ---
@@ -74,77 +76,77 @@ To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft
 
 After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer.
 
-1.  Start Microsoft Surface Data Eraser from the Start menu or Start screen.
+1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
 
-2.  Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
+2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
 
-3.  Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
+3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
 
-    ![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool")
+   ![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool")
 
-    *Figure 1. Start the Microsoft Surface Data Eraser tool*
+   *Figure 1. Start the Microsoft Surface Data Eraser tool*
 
-4.  Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
+4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
 
-  >[!NOTE]
-  >If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
-  
-    ![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection")
+   >[!NOTE]
+   >If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
+  
+   ![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection")
 
-    *Figure 2. USB thumb drive selection*
+   *Figure 2. USB thumb drive selection*
 
-5.  After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
+5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
 
-6.  When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
+6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
 
-    ![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process")
+   ![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process")
 
-    *Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
+   *Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
 
-7.  Click **X** to close Microsoft Surface Data Eraser.
+7. Click **X** to close Microsoft Surface Data Eraser.
 
 ## How to use a Microsoft Surface Data Eraser USB stick
 
 
 After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure:
 
-1.  Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
+1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
 
-2.  Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
+2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
 
-    a. Turn off your Surface device.
+   a. Turn off your Surface device.
 
-    b. Press and hold the **Volume Down** button.
+   b. Press and hold the **Volume Down** button.
 
-    c. Press and release the **Power** button.
+   c. Press and release the **Power** button.
 
-    d. Release the **Volume Down** button.
+   d. Release the **Volume Down** button.
     
-    >[!NOTE]
-    >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
+   >[!NOTE]
+   >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
 
-3.  When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
+3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
 
-    ![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
+   ![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
 
-    *Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
+   *Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
 
-4.  Read the software license terms, and then close the Notepad file.
+4. Read the software license terms, and then close the Notepad file.
 
-5.  Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
+5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
 
-6.  The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
+6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
 
-  >[!NOTE]
-  >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
+   >[!NOTE]
+   >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
 
-  ![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
+   ![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
   
-  *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
+   *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
 
-7.  If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
+7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
 
-8.  Click the **Yes** button to continue erasing data on the Surface device.
+8. Click the **Yes** button to continue erasing data on the Surface device.
 
 >[!NOTE]
 >When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder.
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index 8dfbc020a2..b6921a138f 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -2,6 +2,8 @@
 title: Microsoft Surface Deployment Accelerator (Surface)
 description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
 ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
+ms.reviewer: 
+manager: dansimp
 ms.date: 07/27/2017
 ms.localizationpriority: medium
 keywords: deploy, install, tool
@@ -9,8 +11,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index e239bcea68..7ce3009574 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -2,14 +2,16 @@
 title: Step by step Surface Deployment Accelerator (Surface)
 description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
 ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 keywords: deploy, configure
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ---
@@ -45,94 +47,94 @@ The tool installs in the SDA program group, as shown in Figure 2.
 >[!NOTE]
 >At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
 
- 
+
 
 ## Create a deployment share
 
 
-The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
+The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
 
 >[!NOTE]
->SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
+>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
 
- 
 
-1.  Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
 
-2.  On the **Welcome** page, click **Next** to continue.
+1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
 
-3.  On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
+2. On the **Welcome** page, click **Next** to continue.
 
-  >[!NOTE]
-  >As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
-  > * Deployment tools
-  >  * User State Migration Tool (USMT)
-  >  * Windows Preinstallation Environment (WinPE)

            
+3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
 
-  >[!NOTE]
-  >As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
+   > [!NOTE]
+   > As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
+   > * Deployment tools
+   >   * User State Migration Tool (USMT)
+   >   * Windows Preinstallation Environment (WinPE)

            
+   > 
+   > [!NOTE]
+   > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
 
-4.  On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
+4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
 
-5.  On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
+5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
 
-    -   **Configure Deployment Share for Windows 10**
+   -   **Configure Deployment Share for Windows 10**
 
-        -   **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
+       -   **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
 
-        -   **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
+       -   **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
 
-    -   **Windows 10 Deployment Services**
+   -   **Windows 10 Deployment Services**
 
-        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
+       -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
 
-    -   **Windows 10 Source Files**
+   -   **Windows 10 Source Files**
 
-        -   **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
+       -   **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
 
-    ![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
+   ![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
 
-    *Figure 3. Specify Windows 10 deployment share options*
+   *Figure 3. Specify Windows 10 deployment share options*
 
-6.  On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
+6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
 
-    ![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
+   ![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
 
-    *Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
+   *Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
 
-    >[!NOTE]
-    >You cannot select both Surface 3 and Surface 3 LTE models at the same time.
+   >[!NOTE]
+   >You cannot select both Surface 3 and Surface 3 LTE models at the same time.
 
-7.  On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
+7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
 
-    -   Download of Windows ADK
+   -   Download of Windows ADK
 
-    -   Installation of Windows ADK
+   -   Installation of Windows ADK
 
-    -   Download of MDT
+   -   Download of MDT
 
-    -   Installation of MDT
+   -   Installation of MDT
 
-    -   Download of Surface apps and drivers
+   -   Download of Surface apps and drivers
 
-    -   Creation of the deployment share
+   -   Creation of the deployment share
 
-    -   Import of Windows installation files into the deployment share
+   -   Import of Windows installation files into the deployment share
 
-    -   Import of the apps and drivers into the deployment share
+   -   Import of the apps and drivers into the deployment share
 
-    -   Creation of rules and task sequences for Windows deployment
+   -   Creation of rules and task sequences for Windows deployment
 
-    ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
+   ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
 
-    *Figure 5. The Installation Progress window*
->[!NOTE]
->The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
+   *Figure 5. The Installation Progress window*
+   >[!NOTE]
+   >The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
 
- ```
-In the following two PowerShell scripts:
-%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
-%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+   ```
+   In the following two PowerShell scripts:
+   %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
+   %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
 
 Edit the $BITSTransfer variable in the input parameters to $False as shown below:
 
@@ -145,7 +147,7 @@ Param(
         [string]$BITSTransfer = $False
     )
  ```
- 
+
 8.  When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
 
 ### Optional: Create a deployment share without an Internet connection
@@ -168,7 +170,7 @@ If you are unable to connect to the Internet with your deployment server, or if
 >[!NOTE]
 >The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
 
- 
+
 
 ### Optional: Prepare offline USB media
 
@@ -177,7 +179,7 @@ You can use USB media to perform an SDA deployment if your Surface device is una
 >[!NOTE]
 >The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
 
- 
+
 
 Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
 
@@ -209,7 +211,7 @@ Before you can create bootable media files within the MDT Deployment Workbench o
     >[!NOTE]
     >You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
 
-     
+
 
 After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
 
@@ -262,7 +264,6 @@ After you have prepared the USB drive for boot, the next step is to generate off
 18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
 
 19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
-
     ```
     UserID=
     UserDomain=
@@ -354,7 +355,7 @@ To perform a deployment from the SDA deployment share, follow this process on th
 
 ### Boot the Surface device from the network
 
-To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
+To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
 
 To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported.
 
@@ -364,7 +365,7 @@ To instruct your Surface device to boot from the network, start with the device
 
 2.  Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network.
 
-3.  If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
+3.  If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
 
 4.  Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14.
 
@@ -414,9 +415,9 @@ To run the Deploy Microsoft Surface task sequence:
 
 8.  When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.
 
- 
-
- 
+
+
+
 
 
 
diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md
index 2ee030e7da..a6099038b0 100644
--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@@ -2,13 +2,15 @@
 title: Top support solutions for Surface devices
 description: Find top solutions for common issues using Surface devices in the enterprise.
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer: 
+manager: dansimp
 keywords: Troubleshoot common problems, setup issues
 ms.prod: w10
 ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: surfacehub
-author: kaushika-msft
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 09/08/2017
 ms.localizationpriority: medium
@@ -26,7 +28,7 @@ These are the top Microsoft Support solutions for common issues experienced when
 - [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged)
 
 
-##Device cover or keyboard issues
+## Device cover or keyboard issues
 
 - [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
 - [Troubleshoot problems with Surface Keyboard, Surface Ergonomic Keyboard, and Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/surface-keyboard-troubleshooting)
@@ -54,10 +56,10 @@ These are the top Microsoft Support solutions for common issues experienced when
 
 
 
- 
+ 
 
 
- 
+ 
 
 
 
diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
index 52bef60ccd..f095bc3269 100644
--- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
+++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/03/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index 1623b7fd0b..ad0823f286 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -4,10 +4,12 @@ description: This topic explains how to use the Surface Diagnostic Toolkit for B
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/15/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface Diagnostic Toolkit for Business
diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md
index 8d5cf4009c..39dc1bddd1 100644
--- a/devices/surface/surface-diagnostic-toolkit-command-line.md
+++ b/devices/surface/surface-diagnostic-toolkit-command-line.md
@@ -4,10 +4,12 @@ description: How to run Surface Diagnostic Toolkit in a command console
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/15/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Run Surface Diagnostic Toolkit for Business using commands
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
index ee76845656..abce43dabc 100644
--- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
+++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
@@ -4,10 +4,12 @@ description: How to use SDT to help users in your organization run the tool to i
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/15/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Use Surface Diagnostic Toolkit for Business in desktop mode
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index 10b49c4719..89e26f6db0 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -2,15 +2,17 @@
 title: Microsoft Surface Dock Updater (Surface)
 description: This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
 ms.assetid: 1FEFF277-F7D1-4CB4-8898-FDFE8CBE1D5C
+ms.reviewer: 
+manager: dansimp
 keywords: install, update, firmware
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
+author: dansimp
 ms.date: 02/23/2018
-ms.author: jdecker
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index 0f888bcc93..9244515eb1 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/06/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Microsoft Surface Enterprise Management Mode
@@ -27,7 +29,7 @@ There are two administrative options you can use to manage SEMM and enrolled Sur
 
 The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
 
-![Microsoft Surface UEFI Configurator](images\surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator")
+![Microsoft Surface UEFI Configurator](images/surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator")
 
 *Figure 1. Microsoft Surface UEFI Configurator*
 
@@ -49,7 +51,7 @@ You can download Microsoft Surface UEFI Configurator from the [Surface Tools for
 
 Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation.
 
-![Secure a SEMM configuration package with a certificate](images\surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate")
+![Secure a SEMM configuration package with a certificate](images/surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate")
 
 *Figure 2. Secure a SEMM configuration package with a certificate*
 
@@ -62,11 +64,11 @@ After a device is enrolled in SEMM, the configuration file is read and the setti
 
 You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
 
-![Enable or disable devices in Surface UEFI with SEMM](images\surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM")
+![Enable or disable devices in Surface UEFI with SEMM](images/surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM")
 
 *Figure 3. Enable or disable devices in Surface UEFI with SEMM*
 
-![Configure advanced settings in SEMM](images\surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM")
+![Configure advanced settings in SEMM](images/surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM")
 
 *Figure 4. Configure advanced settings with SEMM*
 
@@ -100,13 +102,13 @@ You can configure the following advanced settings with SEMM:
 >[!NOTE]
 >When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
 
-![Certificate thumbprint display](images\surface-ent-mgmt-fig5-success.png "Certificate thumbprint display")
+![Certificate thumbprint display](images/surface-ent-mgmt-fig5-success.png "Certificate thumbprint display")
 
 *Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
 
 These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
 
-![Enrollment confirmation in SEMM](images\surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM")
+![Enrollment confirmation in SEMM](images/surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM")
 
 *Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
 
@@ -132,7 +134,7 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
 
 In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
 
-![Initiate a SEMM recovery request](images\surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request")
+![Initiate a SEMM recovery request](images/surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request")
 
 *Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
 
@@ -212,9 +214,7 @@ valid.
 machines that have it?**
 
 If you want SEMM reset or recovery to work, the certificate needs to be
-valid and not expired. You can use the current valid ownership
-certificate to sign a package that updates to a new certificate for
-ownership. You do not need to create a reset package. 
+valid and not expired. 
 
 **Can bulk reset packages be created for each surface that we order? Can
 one be built that resets all machines in our environment?**
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index cf5960ded6..b193b9e336 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 03/20/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # System SKU reference
diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md
index 323624a34f..6531857a06 100644
--- a/devices/surface/unenroll-surface-devices-from-semm.md
+++ b/devices/surface/unenroll-surface-devices-from-semm.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/06/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Unenroll Surface devices from SEMM
@@ -27,7 +29,7 @@ The Surface UEFI reset package is the primary method you use to unenroll a Surfa
 
 Reset packages are created specifically for an individual Surface device. To begin the process of creating a reset package, you will need the serial number of the device you want to unenroll, as well as the SEMM certificate used to enroll the device. You can find the serial number of your Surface device on the **PC information** page of Surface UEFI, as shown in Figure 1. This page is displayed even if Surface UEFI is password protected and the incorrect password is entered.
 
-![Serial number of Surface device is displayed](images\surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed")
+![Serial number of Surface device is displayed](images/surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed")
 
 *Figure 1. The serial number of the Surface device is displayed on the Surface UEFI PC information page*
 
@@ -40,20 +42,20 @@ To create a Surface UEFI reset package, follow these steps:
 2. Click **Start**.
 3. Click **Reset Package**, as shown in Figure 2.
 
-   ![Select Reset Package to create a package to unenroll Surface device from SEMM](images\surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM")
+   ![Select Reset Package to create a package to unenroll Surface device from SEMM](images/surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM")
 
    *Figure 2. Click Reset Package to create a package to unenroll a Surface device from SEMM*
 
 4. Click **Certificate Protection** to add your SEMM certificate file with private key (.pfx), as shown in Figure 3. Browse to the location of your certificate file, select the file, and then click **OK**.
 
-   ![Add the SEMM certificate to Surface UEFI reset package](images\surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package")
+   ![Add the SEMM certificate to Surface UEFI reset package](images/surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package")
 
    *Figure 3. Add the SEMM certificate to a Surface UEFI reset package*
 
 5. Click **Next**.
 6. Type the serial number of the device you want to unenroll from SEMM (as shown in Figure 4), and then click **Build** to generate the Surface UEFI reset package.
 
-   ![Create a Surface UEFI reset package with serial number of Surface device](images\surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device")
+   ![Create a Surface UEFI reset package with serial number of Surface device](images/surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device")
 
    *Figure 4. Use the serial number of your Surface device to create a Surface UEFI reset package*
 
@@ -62,7 +64,7 @@ To create a Surface UEFI reset package, follow these steps:
 
 Run the Surface UEFI reset package Windows Installer (.msi) file on the Surface device to unenroll the device from SEMM. The reset package will require a reboot to perform the unenroll operation. After the device has been unenrolled, you can verify the successful removal by ensuring that the **Microsoft Surface Configuration Package** item in **Programs and Features** (shown in Figure 5) is no longer present.
 
-![Screen that shows device is enrolled in SEMM](images\surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM")
+![Screen that shows device is enrolled in SEMM](images/surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM")
 
 *Figure 5. The presence of the Microsoft Surface Configuration Package item in Programs and Features indicates that the device is enrolled in SEMM*
 
@@ -78,7 +80,7 @@ To initiate a Recovery Request, follow these steps:
 2. Type the Surface UEFI password if you are prompted to do so.
 3. Click the **Enterprise management** page, as shown in Figure 6.
 
-   ![Enterprise Management page](images\surface-semm-unenroll-fig6.png "Enterprise Management page")
+   ![Enterprise Management page](images/surface-semm-unenroll-fig6.png "Enterprise Management page")
 
    *Figure 6. The Enterprise management page is displayed in Surface UEFI on devices enrolled in SEMM*
 
@@ -88,17 +90,17 @@ To initiate a Recovery Request, follow these steps:
    >A Recovery Request expires two hours after it is created. If a Recovery Request is not completed in this time, you will have to restart the Recovery Request process.
 6. Select **SEMM Certificate** from the list of certificates displayed on the **Choose a SEMM reset key** page (shown in Figure 7), and then click or press **Next**.
 
-   ![Select SEMM certificate for your Recovery Request](images\surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request")
+   ![Select SEMM certificate for your Recovery Request](images/surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request")
 
    *Figure 7. Choose SEMM Certificate for your Recovery Request (Reset Request)*
 
 7. On the **Enter SEMM reset verification code** page you can click the **QR Code** or **Text** buttons to display your Recovery Request (Reset Request) as shown in Figure 8, or the **USB** button to save your Recovery Request (Reset Request) as a file to a USB drive, as shown in Figure 9.
 
-   ![Recovery Request displayed as a QR Code](images\surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code")
+   ![Recovery Request displayed as a QR Code](images/surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code")
 
    *Figure 8. A Recovery Request (Reset Request) displayed as a QR Code*
 
-   ![Save a recovery request to a USB drive](images\surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive")
+   ![Save a recovery request to a USB drive](images/surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive")
 
    *Figure 9. Save a Recovery Request (Reset Request) to a USB drive*
 
@@ -112,43 +114,43 @@ To initiate a Recovery Request, follow these steps:
 9. Click **Start**.
 10. Click **Recovery Request**, as shown in Figure 10.
 
-   ![Start process to approve a Recovery Request](images\surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request")
+    ![Start process to approve a Recovery Request](images/surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request")
 
-   *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
+    *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
 
 11.	Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
 12.	Browse to and select your SEMM certificate file, and then click **OK**.
 13.	When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
 
-   ![Type password for SEMM certificate](images\surface-semm-unenroll-fig11.png "Type password for SEMM certificate")
+    ![Type password for SEMM certificate](images/surface-semm-unenroll-fig11.png "Type password for SEMM certificate")
 
-   *Figure 11. Type the password for the SEMM certificate*
+    *Figure 11. Type the password for the SEMM certificate*
 
 14. Click **Next**.
 15. Enter the Recovery Request (Reset Request), and then click **Generate** to create a reset verification code (as shown in Figure 12).
 
-   ![Enter the recovery request](images\surface-semm-unenroll-fig12.png "Enter the recovery request")
+    ![Enter the recovery request](images/surface-semm-unenroll-fig12.png "Enter the recovery request")
 
-   *Figure 12. Enter the Recovery Request (Reset Request)*
+    *Figure 12. Enter the Recovery Request (Reset Request)*
 
-   * If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request)  in the provided field.
-   * If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
-   * If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
+    * If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request)  in the provided field.
+    * If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
+    * If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
 
 16.	The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
 
-   ![Display of the reset verification code](images\surface-semm-unenroll-fig13.png "Display of the reset verification code")
+    ![Display of the reset verification code](images/surface-semm-unenroll-fig13.png "Display of the reset verification code")
 
-   *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
+    *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
 
-   * Click the **Share** button to send the reset verification code by email.
+    * Click the **Share** button to send the reset verification code by email.
 
 17.	Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
 18.	Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
 
-   ![Example display of successful unenrollment from SEMM](images\surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM")
+    ![Example display of successful unenrollment from SEMM](images/surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM")
 
-   *Figure 14. Successful unenrollment from SEMM*
+    *Figure 14. Successful unenrollment from SEMM*
 
 19.	Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.
 
diff --git a/devices/surface/update.md b/devices/surface/update.md
index df7a6e3c5d..0a3a4b4a5d 100644
--- a/devices/surface/update.md
+++ b/devices/surface/update.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 11/13/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface firmware and driver updates
@@ -23,7 +25,7 @@ Find out how to download and manage the latest firmware and driver updates for y
 | [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.| 
 | [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
 | [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|
- 
+ 
 
 ## Related topics
 
@@ -31,9 +33,9 @@ Find out how to download and manage the latest firmware and driver updates for y
 
 [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
index 996293cae5..72f123de7f 100644
--- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
+++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface
 ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 #  Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
@@ -70,28 +72,28 @@ In the import process example shown in the [Deploy Windows 10 to Surface devices
 2. Extract the contents of the Surface Pro 3 firmware and driver pack archive file to a temporary folder. Keep the driver files separate from other drivers or files.
 3. Open the Deployment Workbench and expand the Deployment Shares node and your deployment share. 
 4. If you have not already created a folder structure by operating system version, you should do so next. Under the **Windows 10 x64** folder, create a new folder for Surface Pro 3 drivers named **Surface Pro 3**. Your Out-of-Box Drivers folder should resemble the following structure:
-  * WinPE x86
-  * WinPE x64
-  * Windows 10 x64
-    * Microsoft Corporation
-      * Surface Pro 4
-      * Surface Pro 3
+   * WinPE x86
+   * WinPE x64
+   * Windows 10 x64
+     * Microsoft Corporation
+       * Surface Pro 4
+       * Surface Pro 3
 5. Right-click the **Surface Pro 3** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
 
-  ![Import Surface Pro 3 drivers for Windows 10](images\surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10")
+   ![Import Surface Pro 3 drivers for Windows 10](images/surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10")
 
-  *Figure 1. Import Surface Pro 3 drivers for Windows 10*
+   *Figure 1. Import Surface Pro 3 drivers for Windows 10*
 
 6. The Import Driver Wizard displays a series of steps, as follows:
-  - **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
-  - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
-  - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
+   - **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
+   - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+   - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
 7. Select the **Surface Pro 3** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 2.
 
-  ![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images\surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share")
+   ![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images/surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share")
 
-  *Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
+   *Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
 
 ### Import applications
 
@@ -107,17 +109,17 @@ Create the upgrade task sequence with the following process:
 
 1. In the Deployment Workbench under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
 2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
-  - **General Settings** – Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
-  >[!NOTE]
-  >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
-  - **Select Template** – Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
-  - **Select OS** – Navigate to and select the Windows image that you imported, and then click **Next**.
-  - **Specify Product Key** – Select the product key entry that fits your organization’s licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
-  - **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
-  - **Admin Password** – Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
-  - **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
-  - **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
-  - **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
+   - **General Settings** – Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
+     >[!NOTE]
+     >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+   - **Select Template** – Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
+   - **Select OS** – Navigate to and select the Windows image that you imported, and then click **Next**.
+   - **Specify Product Key** – Select the product key entry that fits your organization’s licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
+   - **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+   - **Admin Password** – Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
+   - **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+   - **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
+   - **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
 
 After the task sequence is created, you can modify some additional settings to provide additional automation of the task sequence and require less interaction during deployment. Follow these steps to modify the task sequence:
 
@@ -129,9 +131,9 @@ After the task sequence is created, you can modify some additional settings to p
 6. Between the two Windows Update steps is an **Install Applications** step. Select that step and then click **Add**.
 7. Hover the mouse over **General** under the **Add** menu, and then choose **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
 
-  ![A new Install Application step in the deployment task sequence](images\surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence")
+   ![A new Install Application step in the deployment task sequence](images/surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence")
   
-  *Figure 3. A new Install Application step in the deployment task sequence*
+   *Figure 3. A new Install Application step in the deployment task sequence*
   
 8. On the **Properties** tab of the new **Install Application** step, enter **Install Surface App** in the **Name** field.
 9. Select **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
@@ -140,22 +142,22 @@ After the task sequence is created, you can modify some additional settings to p
 12. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
 13. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 4) configure the following options:
 
-  - **Name** – Set DriverGroup001
-  - **Task Sequence Variable** – DriverGroup001
-  - **Value** – Windows 10 x64\%Make%\%Model%
+    - **Name** – Set DriverGroup001
+    - **Task Sequence Variable** – DriverGroup001
+    - **Value** – Windows 10 x64\%Make%\%Model%
 
-  ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
+    ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
   
-  *Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
+    *Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
   
 14. Select the **Inject Drivers** step, the next step in the task sequence.
 15. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 5) configure the following options:
-  * In the **Choose a selection profile** drop-down menu, select **Nothing**.
-  * Click the **Install all drivers from the selection profile** button.
+    * In the **Choose a selection profile** drop-down menu, select **Nothing**.
+    * Click the **Install all drivers from the selection profile** button.
   
-  ![Configure the deployment task sequence to not install drivers](images\surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers")
+    ![Configure the deployment task sequence to not install drivers](images/surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers")
   
-  *Figure 5. Configure the deployment task sequence to not install drivers*
+    *Figure 5. Configure the deployment task sequence to not install drivers*
 
 16. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
 
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index 381ba2d8e1..af796bd2c4 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: KiranDavane
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 02/01/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Use System Center Configuration Manager to manage devices with SEMM
@@ -31,10 +33,10 @@ Before you begin the process outlined in this article, it is expected that you a
 * [System Center Configuration Manager application deployment](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications)
 * Certificate management
 
->[!Note]
->You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
-
->It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
+> [!Note]
+> You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
+> 
+> It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
 
 #### Download Microsoft Surface UEFI Manager
 
@@ -393,7 +395,7 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
 
           - Click **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then click **OK** to close the **Specify Required Application** window.
           
-        *	Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
+         *   Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
 
      * Click **Next** to proceed.
      
@@ -403,11 +405,11 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
      
      * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Click **Close** to finish the Create Deployment Type Wizard.
 
-   * **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
+   - **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
 
-   * **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page.
+   - **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page.
 
-   * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
+   - **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
 
 After the script application is available in the Software Library of Configuration Manager, you can distribute and deploy SEMM using the scripts you prepared to devices or collections. If you have configured the Microsoft Surface UEFI Manager assemblies as a dependency that will be automatically installed, you can deploy SEMM in a single step. If you have not configured the assemblies as a dependency, they must be installed on the devices you intend to manage before you enable SEMM.
 
@@ -417,11 +419,11 @@ Alternatively, you can configure the application installation to reboot automati
 
 Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
 
->[!NOTE]
->Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
-
->We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that – just like the certificate itself – this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
-
->When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken.
-
->For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
+> [!NOTE]
+> Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
+> 
+> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that – just like the certificate itself – this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
+> 
+> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken.
+> 
+> For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md
index 75bb5c6f65..de79c73b49 100644
--- a/devices/surface/using-the-sda-deployment-share.md
+++ b/devices/surface/using-the-sda-deployment-share.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Using the Microsoft Surface Deployment Accelerator deployment share
@@ -82,16 +84,16 @@ To import drivers for a peripheral device:
 
 6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
 
-  ![Provide the location of your driver files](images\using-sda-driverfiles-fig1.png "Provide the location of your driver files")
+   ![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files")
   
-  *Figure 1. Provide the location of your driver files*
+   *Figure 1. Provide the location of your driver files*
 
 7. The Import Drivers Wizard presents a series of steps:
 
-  - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
-  - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
-  - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
+   - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
+   - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+   - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
 
 8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
 
@@ -108,44 +110,44 @@ As with drivers, the SDA deployment share can be pre-configured with apps like t
 
 In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
 
-1.	Download the application installation files or locate the installation media for your application.
+1. Download the application installation files or locate the installation media for your application.
 
-2.	Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
+2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
 
-3.	Open the MDT Deployment Workbench.
+3. Open the MDT Deployment Workbench.
 
-4.	Expand the **Deployment Shares** node and expand the SDA deployment share.
+4. Expand the **Deployment Shares** node and expand the SDA deployment share.
 
-5.	Expand the **Applications** folder.
+5. Expand the **Applications** folder.
 
-6.	Click **New Application** to start the New Application Wizard, as shown in Figure 2.
+6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
 
-  ![Provide the command to install your application](images\using-sda-installcommand-fig2.png "Provide the command to install your application")
+   ![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application")
   
-  *Figure 2: Provide the command to install your application*
+   *Figure 2: Provide the command to install your application*
 
-7.	Follow the steps of the New Application Wizard:
+7. Follow the steps of the New Application Wizard:
 
-  - **Application Type** – Click **Application with Source Files**, and then click **Next**.
-  - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
-  - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
-  - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
-  - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
-  - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
-  - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
-  - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
+   - **Application Type** – Click **Application with Source Files**, and then click **Next**.
+   - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
+   - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
+   - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
+   - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
+   - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+   - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+   - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
 
-8.	Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
+8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
 
-9.	Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
+9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
 
 10.	Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
 
 11.	Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
 
-  ![A new Install Application step for Sample POS App](images\using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
+    ![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
   
-  *Figure 3. A new Install Application step for Sample POS App*
+    *Figure 3. A new Install Application step for Sample POS App*
 
 12.	On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
 
diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md
index 907ab49ce6..ddc39aa7c2 100644
--- a/devices/surface/wake-on-lan-for-surface-devices.md
+++ b/devices/surface/wake-on-lan-for-surface-devices.md
@@ -6,10 +6,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ms.date: 01/03/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Wake On LAN for Surface devices
@@ -46,10 +48,10 @@ To enable WOL support on Surface devices, a specific driver for the Surface Ethe
 
 You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
 
->[!NOTE]
->During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
-
->**HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests** 
+> [!NOTE]
+> During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
+> 
+> **HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests** 
 
 To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder:
 
diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index f1fcb46348..8134359845 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -1,13 +1,15 @@
 ---
 title: Windows Autopilot and Surface Devices (Surface)
+ms.reviewer: 
+manager: dansimp
 description: Find out about Windows Autopilot deployment options for Surface devices.
 keywords: autopilot, windows 10, surface, deployment
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 
diff --git a/education/docfx.json b/education/docfx.json
index aed16babee..5e87a91352 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -1,40 +1,47 @@
 {
   "build": {
-    "content":
-      [
-        {
-          "files": ["**/**.md", "**/**.yml"],
-          "exclude": ["**/obj/**"]
-        }
-      ],
+    "content": [
+      {
+        "files": [
+          "**/**.md",
+          "**/**.yml"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
+    ],
     "resource": [
-        {
-          "files": ["**/images/**"],
-          "exclude": ["**/obj/**"]
-        }
+      {
+        "files": [
+          "**/images/**"
+        ],
+        "exclude": [
+          "**/obj/**"
+        ]
+      }
     ],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-        "ROBOTS": "INDEX, FOLLOW",
-		"ms.author": "celested",
-		"audience": "windows-education",
-		"ms.topic": "article",
-		"breadcrumb_path": "/education/breadcrumb/toc.json",
-        "ms.date": "05/09/2017",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-        "_op_documentIdPathDepotMapping": {
-          "./": {
-            "depot_name": "Win.education",
-	    "folder_relative_path_in_docset": "./"
-          }
-       }
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "ROBOTS": "INDEX, FOLLOW",
+      "ms.author": "celested",
+      "audience": "windows-education",
+      "ms.topic": "article",
+      "breadcrumb_path": "/education/breadcrumb/toc.json",
+      "ms.date": "05/09/2017",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "Win.education",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
     },
-    "externalReference": [
-    ],
+    "externalReference": [],
     "template": "op.html",
     "dest": "education",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md
index 890ee785d2..c53e6d17a6 100644
--- a/education/get-started/change-history-ms-edu-get-started.md
+++ b/education/get-started/change-history-ms-edu-get-started.md
@@ -6,9 +6,11 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 07/07/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Change history for Microsoft Education Get Started
diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md
index 6da930b66d..d6010ad62c 100644
--- a/education/get-started/configure-microsoft-store-for-education.md
+++ b/education/get-started/configure-microsoft-store-for-education.md
@@ -8,16 +8,18 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 08/29/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Configure Microsoft Store for Education
 
 > [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
+> [<< Use School Data Sync to import student data](use-school-data-sync.md)
+> [Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
 
 You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
 
@@ -32,31 +34,31 @@ You can watch the descriptive audio version here: [Microsoft Education: Configur
 1. Sign in to Microsoft Store for Education.
 2. Accept the Microsoft Store for Business and Education Services Agreement. 
 
-  This will take you to the Microsoft Store for Education portal.
+   This will take you to the Microsoft Store for Education portal.
 
-  **Figure 1** - Microsoft Store for Education portal
+   **Figure 1** - Microsoft Store for Education portal
 
-  ![Microsoft Store for Education portal](images/msfe_store_portal.png)
+   ![Microsoft Store for Education portal](images/msfe_store_portal.png)
 
 3. In the Microsoft Store portal, click **Manage** to go to the Microsoft Store **Overview** page.
 4. Find the **Overview** page, find the **Store settings** tile and click **Management tools**.
 
-  **Figure 2** - Select management tools from the list of Store settings options
+   **Figure 2** - Select management tools from the list of Store settings options
 
-  ![Select management tools from list of Store settings options](images/msfe_storesettings_select_managementtools.png)
+   ![Select management tools from list of Store settings options](images/msfe_storesettings_select_managementtools.png)
 
-4. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
+5. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
 
-  **Figure 3** - Activate Intune for Education as the management tool
+   **Figure 3** - Activate Intune for Education as the management tool
 
-  ![Activate Intune for Education as the management tool](images/msfe_managementtools_activateintune.png) 
+   ![Activate Intune for Education as the management tool](images/msfe_managementtools_activateintune.png) 
 
 Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
 
 > [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
+> [<< Use School Data Sync to import student data](use-school-data-sync.md)
+> [Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
 
 
 ## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md
index 5d3af7dc3d..350f3be922 100644
--- a/education/get-started/enable-microsoft-teams.md
+++ b/education/get-started/enable-microsoft-teams.md
@@ -8,9 +8,11 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 07/28/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Enable Microsoft Teams for your school
@@ -26,21 +28,21 @@ To get started, IT administrators need to use the Office 365 Admin Center to ena
 3. Go to **Settings > Services & add-ins**.
 4. On the **Services & add-ins** page, select **Microsoft Teams**.
 
-  **Figure 1** - Select Microsoft Teams from the list of services & add-ins
+   **Figure 1** - Select Microsoft Teams from the list of services & add-ins
 
-  ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
+   ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
 
 5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
 
-  **Figure 2** - Select the license that you want to configure
+   **Figure 2** - Select the license that you want to configure
 
-  ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
+   ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
 
 6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
 
-  **Figure 3** - Turn on Microsoft Teams for your organization
+   **Figure 3** - Turn on Microsoft Teams for your organization
 
-  ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
+   ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
 
 7. Click **Save**.
 
@@ -48,9 +50,9 @@ You can find more info about how to control which users in your school can use M
 
 
 > [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
+> [<< Use School Data Sync to import student data](use-school-data-sync.md)
+> [Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
 
 
 ## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md
index 120b357bc2..64361b412b 100644
--- a/education/get-started/finish-setup-and-other-tasks.md
+++ b/education/get-started/finish-setup-and-other-tasks.md
@@ -8,15 +8,17 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/09/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Finish Windows 10 device setup and other tasks
 
 > [!div class="step-by-step"]
-[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+> [<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
 
 Once you've set up your Windows 10 education device, it's worth checking to verify the following:
 
@@ -37,12 +39,12 @@ Verify that the device is set up correctly and boots without any issues.
 1. Confirm that the Start menu contains a simple configuration.
 2. Confirm that the Store and built-in apps are installed and working. The apps pushed down from Intune for Education will appear under **Recently added**. 
 
-  > [!NOTE]  
-  > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
+   > [!NOTE]  
+   > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
 
-  **Figure 1** - Sample list of apps for a user
+   **Figure 1** - Sample list of apps for a user
 
-  ![Apps list contains the apps provisioned for the user](images/win10_start_checkapps.png)
+   ![Apps list contains the apps provisioned for the user](images/win10_start_checkapps.png)
 
 ## Verify the device is Azure AD joined
 Let's now verify that the device is joined to your organization's Azure AD and shows up as being managed in Microsoft Intune for Education.
@@ -52,17 +54,17 @@ Let's now verify that the device is joined to your organization's Azure AD and s
 2. Select **Groups** and select **All Devices**.
 3. In the **All Devices** page, see the list of devices and verify that the device you're signed into appears on the list.
 
-  **Figure 2** - List of all managed devices
+   **Figure 2** - List of all managed devices
 
-  ![Verify that the device is managed in Intune for Education](images/i4e_groups_alldevices_listofaadjdevices.png)
+   ![Verify that the device is managed in Intune for Education](images/i4e_groups_alldevices_listofaadjdevices.png)
 
 4. On the Windows 10 education device, click **Start** and go to **Settings**. 
 5. Select **Accounts > Access work or school**.
 6. In the **Access work or school** page, confirm that the device is connected to the organization's Azure AD.
 
-  **Figure 3** - Confirm that the Windows 10 device is joined to Azure AD
+   **Figure 3** - Confirm that the Windows 10 device is joined to Azure AD
 
-  ![Confirm that the Windows 10 device is joined to Azure AD](images/win10_confirmaadj.png)
+   ![Confirm that the Windows 10 device is joined to Azure AD](images/win10_confirmaadj.png)
 
 **That's it! You're done!** You've completed basic cloud setup, deployment, and management using Microsoft Education. 
 
@@ -89,13 +91,13 @@ If you need to make changes or updates to any of the apps or settings for the gr
 2. Click **Groups** and then choose **Settings** in the taskbar at the top of the page.
 3. You will see the same settings groups that you saw in express setup for Intune for Education as well as other settings categories such as **Windows Defender settings**, **Device sharing**, **Edition upgrade**, and so on.
 
-  **Figure 4** - See the list of available settings in Intune for Education
+   **Figure 4** - See the list of available settings in Intune for Education
 
-  ![See the list of available settings in Intune for Education](images/i4e_groups_settingslist_full.png)
+   ![See the list of available settings in Intune for Education](images/i4e_groups_settingslist_full.png)
 
 4. Keep the default settings or configure the settings according to your school's policies. 
 
-  For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**. 
+   For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**. 
 
 5. Click **Save** or **Discard changes**.
 
@@ -111,9 +113,9 @@ Follow the steps in this section to enable a single person to add many devices t
 2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, https://portal.azure.com.
 3. Select **Azure Active Directory > Users and groups > Device settings**.
 
-  **Figure 5** - Device settings in the new Azure portal
+   **Figure 5** - Device settings in the new Azure portal
 
-  ![Configure device settings in the new Azure portal](images/azure_newportal_usersandgroups_devicesettings.png)
+   ![Configure device settings in the new Azure portal](images/azure_newportal_usersandgroups_devicesettings.png)
 
 4. Find the setting **Maximum number of devices per user** and change the value to **Unlimited**.
 5. Click **Save** to update device settings.
@@ -124,13 +126,13 @@ When students move from using one device to another, they may need to have their
 Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
 
 1. Sign in to the Office 365 admin center.
-3. Go to the new Azure portal, https://portal.azure.com.
+2. Go to the new Azure portal, https://portal.azure.com.
 3. Select **Azure Active Directory > Users and groups > Device settings**.
 4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
 
-  **Figure 6** - Enable settings to roam with users
+   **Figure 6** - Enable settings to roam with users
 
-  ![Enable settings to roam with users](images/azure_usersandgroups_devicesettings_ers.png)
+   ![Enable settings to roam with users](images/azure_usersandgroups_devicesettings_ers.png)
 
 5. Click **Save** to update device settings.
 
@@ -149,21 +151,21 @@ To get started, IT administrators need to use the Office 365 Admin Center to ena
 3. Go to **Settings > Services & add-ins**.
 4. On the **Services & add-ins** page, select **Microsoft Teams**.
 
-  **Figure 1** - Select Microsoft Teams from the list of services & add-ins
+   **Figure 1** - Select Microsoft Teams from the list of services & add-ins
 
-  ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
+   ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png)
 
 5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
 
-  **Figure 2** - Select the license that you want to configure
+   **Figure 2** - Select the license that you want to configure
 
-  ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
+   ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png)
 
 6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
 
-  **Figure 3** - Turn on Microsoft Teams for your organization
+   **Figure 3** - Turn on Microsoft Teams for your organization
 
-  ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
+   ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png)
 
 7. Click **Save**.
 
@@ -186,11 +188,11 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can
 2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
 3. In the **Set up a work or school account** window, enter the user's account info.
 
-  For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
+   For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
 
-  **Figure 7** - Device is now managed by Intune for Education
+   **Figure 7** - Device is now managed by Intune for Education
 
-  ![Device is managed by Intune for Education](images/byob_aad_enrollment_intune.png)
+   ![Device is managed by Intune for Education](images/byob_aad_enrollment_intune.png)
 
 4. Enter the account password and then click **Sign in** to authenticate the user.
 
@@ -198,17 +200,17 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can
 
 5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
 
-  **Figure 8** - Device is connected to organization's MDM
+   **Figure 8** - Device is connected to organization's MDM
 
-  ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png)
+   ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png)
 
 6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [Verify the device is Azure AD joined](#verify-the-device-is-azure-ad-joined). 
 
-  It may take several minutes before the new device shows up so check again later.
+   It may take several minutes before the new device shows up so check again later.
 
 
 > [!div class="step-by-step"]
-[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+> [<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
 
   
 ## Related topic
diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md
index c57aa58776..a36cdb45da 100644
--- a/education/get-started/get-started-with-microsoft-education.md
+++ b/education/get-started/get-started-with-microsoft-education.md
@@ -8,9 +8,11 @@ ms.sitesec: library
 ms.topic: hero-article
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/09/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Get started: Deploy and manage a full cloud IT solution with Microsoft Education
@@ -30,7 +32,7 @@ Hello, IT administrators! In this walkthrough, we'll show you how you can quickl
   - **School Data Sync** to help automate the process for importing and integrating School Information System (SIS) data that you can use with Office 365
   - **OneNote Class Notebook** to organize course content, create and deliver interactive lessons to some or all students, collaborate and provide private feedback to individual students, and connect with major LMS and SIS partners for assignment workflow
 - **Microsoft Teams** to bring conversations, content, and apps together in one place and create collaborate classrooms, connect in professional learning communities, and communicate with school staff 
-- **Learning Tools** are moving beyond the OneNote desktop app and is now available in Office Lens, OneNote Online, Word Online, and Word desktop
+- **Learning Tools** are moving beyond the OneNote desktop app and is now available in Office Lens, OneNote, and Word 
 - **Whiteboard** to create interactive lessons on the big screen, share and collaborate real-time by connecting to Class Notebook and Classroom
 - **Windows 10, version 1703 or later** which brings 3D for everyone and other new and updated Windows features
 - **Minecraft: Education Edition** which provides an open and immersive environment to promote creativity, collaboration, and problem-solving 
@@ -103,18 +105,18 @@ To get started with Microsoft Education in a trial environment, follow these ste
 
 1. [Set up a new Office 365 for Education tenant](set-up-office365-edu-tenant.md).
 
-  Wait for your tenant to be education-verified before proceeding with the next step. Verification can take up to a few days.
+   Wait for your tenant to be education-verified before proceeding with the next step. Verification can take up to a few days.
 
 2. Once you have an education-verified tenant, click https://aka.ms/intuneforedupreviewtrial to apply the Intune for Education trial promo code. 
-  1. In the Intune for Education Trial page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
-  2. Sign in with your global admin credentials. 
+   1. In the Intune for Education Trial page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
+   2. Sign in with your global admin credentials. 
 
 3. Sign in to Office 365 admin portal and:
-  1. Select **Admin > Users** and then search for your admin account. 
-  2. In the user page, select **Product licenses** and expand the **Office 365 Education** license you assigned to yourself. 
-  3. Confirm that School Data Sync is turned on.
+   1. Select **Admin > Users** and then search for your admin account. 
+   2. In the user page, select **Product licenses** and expand the **Office 365 Education** license you assigned to yourself. 
+   3. Confirm that School Data Sync is turned on.
 
-3. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [Use School Data Sync to import student data](use-school-data-sync.md).
+4. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [Use School Data Sync to import student data](use-school-data-sync.md).
 
 ### Option 3: Try out Intune for Education
 Already have an Office 365 for Education verified tenant? Just sign in with your global admin credentials to apply the Intune for Education preview trial code to your tenant and follow the rest of the walkthrough.
@@ -122,9 +124,9 @@ Already have an Office 365 for Education verified tenant? Just sign in with your
 1. Click https://aka.ms/intuneforedupreviewtrial to get started.
 2. In the **Intune for Education Trial** page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
 
-  **Figure 2** - Intune for Education trial sign in page
+   **Figure 2** - Intune for Education trial sign in page
 
-  ![Intune for Education trial sign in page](images/i4e_trialsigninpage.png)
+   ![Intune for Education trial sign in page](images/i4e_trialsigninpage.png)
 
 3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant.
 4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [Enable Microsoft Teams for your school](enable-microsoft-teams.md) and then follow the rest of the instructions in this walkthrough. 
diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md
index 5500fe19dc..a67cc68626 100644
--- a/education/get-started/inclusive-classroom-it-admin.md
+++ b/education/get-started/inclusive-classroom-it-admin.md
@@ -1,82 +1,92 @@
----
-title: Inclusive Classroom IT Admin Guide
-description: Learning which Inclusive Classroom features are available in which apps and in which versions of Microsoft Office.
-keywords: Inclusive Classroom, Admin, Administrator, Microsoft Intune, Intune, Ease of Access, Office 365, account
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: article
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: alhughes
-ms.author: alhughes
-ms.date: 06/12/2018
----
-
-# Inclusive Classroom IT Admin Guide
-The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Microsoft Office. 
-You will also learn how to deploy apps using Microsoft Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription.
-
-1. [Inclusive Classroom features](#features)
-2. [Deploying apps with Microsoft Intune](#intune)
-3. [How to show/hide the Ease of Accesss settings for text in Windows 10](#ease)
-4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account)
-
-## Inclusive Classroom features
-|Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R)  | Office 365 ProPlus Semi Annual (C2R)  | Office 365 ProPlus Annual (C2R)  |
-|---|---|---|---|---|---|---|
-| Read aloud with simultaneous highlighting | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
              | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
             | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
              | 
            X
              | 
            X
             
            (N/A for Outlook PC)
              | 
            X
             
            (N/A for any OneNote apps or Outlook PC)
              | 
-| Adjustable text spacing and font size  | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iPad
            • Outlook Web Access
            • Office Lens on iOS, Android
              | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
              | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
              |
            X
               | 
            X
              | 
            X
             
            (N/A for any OneNote apps)
              | 
-| Syllabification  | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word Online
            • Outlook Web Access
              |   | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access)
              | 
            X
             
            (N/A for Word iOS)
              | 
            X
             
            (N/A for Word iOS)
              | 
            X
             
            (N/A for any OneNote apps or Word iOS)
              | 
-| Parts of speech identification  | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
              | 
            X
             
            (N/A for Word Online, Outlook Web Access)
              | 
            X
             
            (N/A for Word Online, Outlook Web Access)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
-| Line focus mode  | 
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
              |   | 
            X
             
            (N/A for Word Online, Outlook Web Access)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
-| Picture Dictionary  | 
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
              |   | 
            X
             
            (N/A for Word Online, Outlook Web Access)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
            X
             
            (N/A for any OneNote apps)
              | 
-
            
-
-| Writing and proofing features  | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R)  | Office 365 ProPlus Semi Annual (C2R)  | Office 365 ProPlus Annual (C2R)  | 
-|---|---|---|---|---|---|---|
-| Dictation  | 
            • OneNote 2016, OneNote for Windows 10
            • Word 2016
            • Outlook 2016
            • PowerPoint 2016
               |   | 
            X
              | 
            X
              |   |   |  
-| Spelling suggestions for phonetic misspellings  | 
            • Word 2016, Word Online, Word for Mac
            • Outlook 2016
              |   | 
            X
              | 
            X
              | 
            X
              |   |  
-| Synonyms alongside spelling suggestions that can be read aloud  | 
            • Word 2016
            • Outlook 2016
              |   | 
            X
              | 
            X
              | 
            X
              |   |  
-| Grammar checks  | 
            • Word 2016, Word Online, Word for Mac
            • Outlook 2016
              |   | 
            X
              | 
            X
              |   |   |  
-| Customizable writing critiques  | 
            • Word 2016, Word for Mac
            • Outlook 2016
              | 
            X
              | 
            X
              | 
            X
              |   |   |  
-| Tell me what you want to do  | 
            • Office 2016
            • Office Online
            • Office on iOS, Android, Windows 10
              | 
            X
              | 
            X
              | 
            X
              | 
            X
              |   | 
-| Editor  | 
            • Word 2016
              |   | 
            X
              | 
            X
              |   |   |  
-
            
-
-| Creating accessible content features  |  Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R)  | Office 365 ProPlus Semi Annual (C2R)  | Office 365 ProPlus Annual (C2R)  | 
-|---|---|---|---|---|---|---|
-| Accessibility Checker  | 
            • All Office 365 authoring applications on PC, Mac, Web
              |   | 
            X
              | 
            X
              |   |   |  
-| Accessible Templates  | 
            • Word for PCs, Mac
            • Excel for PCs, Mac
            • PowerPoint for PCs, Mac
            • Sway on iOS, Web, Windows 10
              |   | 
            X
              | 
            X
              |   |   | 
-| Ability to add alt-text for images  | 
            • Word for PCs (includes automatic suggestions for image descriptions)
            • SharePoint Online (includes automatic suggestions for image descriptions)
            • PowerPoint for PCs (includes automatic suggestions for image descriptions)
            • OneNote (includes automatic extraction of text in images)
            • All Office 365 authoring applications (include ability to add alt-text manually)
              | 
            X
              | 
            X
              | 
            X
              |   |   | 
-| Ability to add captions to videos  | 
            • PowerPoint for PCs
            • Sway on iOS, Web, Windows 10
            • Microsoft Stream (includes ability to have captions auto-generated for videos in English and Spanish)
              |   | 
            X
              |   |   |   |  
-| Export as tagged PDF  | 
            • Word for PCs, Mac
            • Sway on iOS, Web, Windows 10
              |   | 
            X
              | 
            X
              |   |   |  
-| Ability to request accessible content  | 
            • Outlook Web Access
              |   |   |   |   |   |  
-
            
-
-| Communication features   | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R)  | Office 365 ProPlus Semi Annual (C2R)  | Office 365 ProPlus Annual (C2R)  | 
-|---|---|---|---|---|---|---|
-| Microsoft Translator  | 
            • Word 2016
            • Excel 2016
            • "Translator for Outlook" Add-in
            • PowerPoint 2016 (and PowerPoint Garage Add-in)
              | 
            X
              | 
            X
              | 
            X
              | 
            X
              | 
            X
              |  
-
            
-
-## Deploying apps with Microsoft Intune
-Microsoft Intune can be used to deploy apps such as Immersive Reader and Microsoft Translator to all the devices connected in the same groups.
-1. Go to the Intune for Education portal and log in with your account.
-2. Select the **Apps** page.
-3. Find the app you're looking for in the included list (if it's not there, you can select **Add app** and download it from the Microsoft Store). 
-4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to.
-
-## How to show/hide the Ease of access settings for text in Windows 10
-The Ease of access settings in Windows 10 are very useful accessibility tools, but having those options could be a bit much for everyone in a group to have in their device. With the following instructions you can chose to hide or show the Ease of access settings on users' devices.
-1. Go to the Intune for Education portal and login with your account.
-2. Select the **Groups** page and then select your desired group.
-3. Select **Settings** and under the **User access and device settings** section you will find the toggle to set **Ease of access** to **Blocked** or **Not blocked**.
-4. Select **Save** after making your selection.
-
-## How to change your Office 365 account from monthly, semi-annual, or yearly
-Depending on how you plan to do billing, you can have Office 365 accounts that are set to renew monthly, semi-annually, or yearly.
-1. Sign-in to your services and subscriptions with your Microsoft account.
-2. Find the subscription in the list, then select **Change how you pay**. 
-    >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires.
-3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. 
+---
+title: Inclusive Classroom IT Admin Guide
+description: Learning which Inclusive Classroom features are available in which apps and in which versions of Microsoft Office.
+keywords: Inclusive Classroom, Admin, Administrator, Microsoft Intune, Intune, Ease of Access, Office 365, account
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+ms.pagetype: edu
+ROBOTS: noindex,nofollow
+author: levinec
+ms.author: ellevin
+ms.date: 06/12/2018
+ms.reviewer: 
+manager: dansimp
+---
+
+# Inclusive Classroom IT Admin Guide
+The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Microsoft Office. 
+You will also learn how to deploy apps using Microsoft Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription.
+
+1. [Inclusive Classroom features](#features)
+2. [Deploying apps with Microsoft Intune](#intune)
+3. [How to show/hide the Ease of Accesss settings for text in Windows 10](#ease)
+4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account)
+
+## Inclusive Classroom features
+
+|             Reading features              |                                                                                                              Available in which apps                                                                                                               |                                                                                Office 2016 MSI                                                                                 |                                                                   Office 2019                                                                   |                                  Office 365 ProPlus Monthly (C2R)                                  |                                Office 365 ProPlus Semi Annual (C2R)                                |                                         Office 365 ProPlus Annual (C2R)                                          |
+|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|
+| Read aloud with simultaneous highlighting | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
             | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
             | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
             |                                
            X
                                            |    
            X
             
            (N/A for Outlook PC)
                | 
            X
             
            (N/A for any OneNote apps or Outlook PC)
             |
+|   Adjustable text spacing and font size   |       
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iPad
            • Outlook Web Access
            • Office Lens on iOS, Android
                    | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
             | 
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
             |                                
            X
                                            |                                
            X
                                            |        
            X
             
            (N/A for any OneNote apps)
                    |
+|              Syllabification              |                                           
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word Online
            • Outlook Web Access
                                                        |                                                                                                                                                                                |         
            X
             
            (N/A for Word for iOS, Word Online, Outlook Web Access)
                     |     
            X
             
            (N/A for Word iOS)
                 |     
            X
             
            (N/A for Word iOS)
                 |  
            X
             
            (N/A for any OneNote apps or Word iOS)
              |
+|      Parts of speech identification       | 
            • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
             |                               
            X
             
            (N/A for Word Online, Outlook Web Access)
                                            |                
            X
             
            (N/A for Word Online, Outlook Web Access)
                            | 
            X
             
            (N/A for any OneNote apps)
             | 
            X
             
            (N/A for any OneNote apps)
             |        
            X
             
            (N/A for any OneNote apps)
                    |
+|              Line focus mode              |                                                   
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
                                                                |                                                                                                                                                                                |                
            X
             
            (N/A for Word Online, Outlook Web Access)
                            | 
            X
             
            (N/A for any OneNote apps)
             | 
            X
             
            (N/A for any OneNote apps)
             |        
            X
             
            (N/A for any OneNote apps)
                    |
+|            Picture Dictionary             |                                                   
            • Word 2016, Word Online, Word Mac, Word for iOS
            • Outlook 2016, Outlook Web Access
            • Office Lens on iOS, Android
                                                                |                                                                                                                                                                                |                
            X
             
            (N/A for Word Online, Outlook Web Access)
                            | 
            X
             
            (N/A for any OneNote apps)
             | 
            X
             
            (N/A for any OneNote apps)
             |        
            X
             
            (N/A for any OneNote apps)
                    |
+
+
            
+
+
+|                 Writing and proofing features                  |                                                Available in which apps                                                |           Office 2016 MSI            |             Office 2019              |   Office 365 ProPlus Monthly (C2R)   | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
+|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|---------------------------------|
+|                           Dictation                            | 
            • OneNote 2016, OneNote for Windows 10
            • Word 2016
            • Outlook 2016
            • PowerPoint 2016
             |                                      | 
            X
             | 
            X
             |                                      |                                 |
+|         Spelling suggestions for phonetic misspellings         |                      
            • Word 2016, Word Online, Word for Mac
            • Outlook 2016
                                  |                                      | 
            X
             | 
            X
             | 
            X
             |                                 |
+| Synonyms alongside spelling suggestions that can be read aloud |                                   
            • Word 2016
            • Outlook 2016
                                                |                                      | 
            X
             | 
            X
             | 
            X
             |                                 |
+|                         Grammar checks                         |                      
            • Word 2016, Word Online, Word for Mac
            • Outlook 2016
                                  |                                      | 
            X
             | 
            X
             |                                      |                                 |
+|                 Customizable writing critiques                 |                            
            • Word 2016, Word for Mac
            • Outlook 2016
                                         | 
            X
             | 
            X
             | 
            X
             |                                      |                                 |
+|                  Tell me what you want to do                   |            
            • Office 2016
            • Office Online
            • Office on iOS, Android, Windows 10
                         | 
            X
             | 
            X
             | 
            X
             | 
            X
             |                                 |
+|                             Editor                             |                                              
            • Word 2016
                                                          |                                      | 
            X
             | 
            X
             |                                      |                                 |
+
+
            
+
+
+| Creating accessible content features  |                                                                                                                                                                                                Available in which apps                                                                                                                                                                                                 |           Office 2016 MSI            |             Office 2019              |   Office 365 ProPlus Monthly (C2R)   | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
+|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|---------------------------------|
+|         Accessibility Checker         |                                                                                                                                                                        
            • All Office 365 authoring applications on PC, Mac, Web
                                                                                                                                                                                     |                                      | 
            X
             | 
            X
             |                                      |                                 |
+|         Accessible Templates          |                                                                                                                                          
            • Word for PCs, Mac
            • Excel for PCs, Mac
            • PowerPoint for PCs, Mac
            • Sway on iOS, Web, Windows 10
                                                                                                                                                       |                                      | 
            X
             | 
            X
             |                                      |                                 |
+|  Ability to add alt-text for images   | 
            • Word for PCs (includes automatic suggestions for image descriptions)
            • SharePoint Online (includes automatic suggestions for image descriptions)
            • PowerPoint for PCs (includes automatic suggestions for image descriptions)
            • OneNote (includes automatic extraction of text in images)
            • All Office 365 authoring applications (include ability to add alt-text manually)
             | 
            X
             | 
            X
             | 
            X
             |                                      |                                 |
+|   Ability to add captions to videos   |                                                                                                                
            • PowerPoint for PCs
            • Sway on iOS, Web, Windows 10
            • Microsoft Stream (includes ability to have captions auto-generated for videos in English and Spanish)
                                                                                                                             |                                      | 
            X
             |                                      |                                      |                                 |
+|         Export as tagged PDF          |                                                                                                                                                                        
            • Word for PCs, Mac
            • Sway on iOS, Web, Windows 10
                                                                                                                                                                                    |                                      | 
            X
             | 
            X
             |                                      |                                 |
+| Ability to request accessible content |                                                                                                                                                                                          
            • Outlook Web Access
                                                                                                                                                                                                      |                                      |                                      |                                      |                                      |                                 |
+
+
            
+
+
+| Communication features |                                                            Available in which apps                                                            |           Office 2016 MSI            |             Office 2019              |   Office 365 ProPlus Monthly (C2R)   | Office 365 ProPlus Semi Annual (C2R) |   Office 365 ProPlus Annual (C2R)    |
+|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|
+|  Microsoft Translator  | 
            • Word 2016
            • Excel 2016
            • "Translator for Outlook" Add-in
            • PowerPoint 2016 (and PowerPoint Garage Add-in)
             | 
            X
             | 
            X
             | 
            X
             | 
            X
             | 
            X
             |
+
+
            
+
+## Deploying apps with Microsoft Intune
+Microsoft Intune can be used to deploy apps such as Immersive Reader and Microsoft Translator to all the devices connected in the same groups.
+1. Go to the Intune for Education portal and log in with your account.
+2. Select the **Apps** page.
+3. Find the app you're looking for in the included list (if it's not there, you can select **Add app** and download it from the Microsoft Store). 
+4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to.
+
+## How to show/hide the Ease of access settings for text in Windows 10
+The Ease of access settings in Windows 10 are very useful accessibility tools, but having those options could be a bit much for everyone in a group to have in their device. With the following instructions you can chose to hide or show the Ease of access settings on users' devices.
+1. Go to the Intune for Education portal and login with your account.
+2. Select the **Groups** page and then select your desired group.
+3. Select **Settings** and under the **User access and device settings** section you will find the toggle to set **Ease of access** to **Blocked** or **Not blocked**.
+4. Select **Save** after making your selection.
+
+## How to change your Office 365 account from monthly, semi-annual, or yearly
+Depending on how you plan to do billing, you can have Office 365 accounts that are set to renew monthly, semi-annually, or yearly.
+1. Sign-in to your services and subscriptions with your Microsoft account.
+2. Find the subscription in the list, then select **Change how you pay**. 
+    >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires.
+3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. 
diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md
index 01a5f5b4a9..0d5813061e 100644
--- a/education/get-started/set-up-office365-edu-tenant.md
+++ b/education/get-started/set-up-office365-edu-tenant.md
@@ -8,16 +8,18 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/09/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up an Office 365 Education tenant
 
 > [!div class="step-by-step"]
-[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-[Use School Data Sync to import student data >>](use-school-data-sync.md)
+> [<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
+> [Use School Data Sync to import student data >>](use-school-data-sync.md)
 
 Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud. 
 
@@ -32,25 +34,25 @@ You can watch the descriptive audio version here: [Microsoft Education: Set up a
 1. Go to the Office 365 for Education sign up page to sign up for a free subscription for your school.
 2. Create an account and a user ID and password to use to sign into your account. 
 
-  **Figure 1** - Office 365 account creation
+   **Figure 1** - Office 365 account creation
 
-  ![Create an Office 365 account](images/o365_createaccount.png)
+   ![Create an Office 365 account](images/o365_createaccount.png)
 
 3. Save your sign-in info so you can use it to sign in to https://portal.office.com (the sign-in page). Click **You're ready to go...** 
 4. In the **Verify eligibility for Microsoft Office 365 for Education** screen:
-  1. Add your domain name and follow the steps to confirm ownership of the domain. 
-  2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
+   1. Add your domain name and follow the steps to confirm ownership of the domain. 
+   2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
  
-    In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
+      In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
 
-    You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.  
+      You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.  
 
 As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See *Complete Office 365 for Education setup* in [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) for info.
 
 > [!div class="step-by-step"]
-[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-[Use School Data Sync to import student data >>](use-school-data-sync.md)
+> [<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
+> [Use School Data Sync to import student data >>](use-school-data-sync.md)
 
 
 ## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md
index a62a0e282d..bc564efa41 100644
--- a/education/get-started/set-up-windows-10-education-devices.md
+++ b/education/get-started/set-up-windows-10-education-devices.md
@@ -8,16 +8,18 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/09/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up Windows 10 education devices
 
 > [!div class="step-by-step"]
-[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-[Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
+> [<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+> [Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
 
 We recommend using the latest build of Windows 10, version 1703 on your education devices. 
 
@@ -26,8 +28,8 @@ To set up new Windows 10 devices and enroll them to your education tenant, choos
 - **Option 2: [Go through Windows OOBE and join the device to Azure AD](set-up-windows-education-devices.md)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
 
 > [!div class="step-by-step"]
-[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-[Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
+> [<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+> [Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
 
 
 
diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md
index e1f8ef557e..65cd88c27c 100644
--- a/education/get-started/set-up-windows-education-devices.md
+++ b/education/get-started/set-up-windows-education-devices.md
@@ -8,9 +8,11 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 07/28/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up Windows 10 devices using Windows OOBE
@@ -28,15 +30,15 @@ You can watch the descriptive audio version here: [Microsoft Education: Set up a
 1. If you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired or Ethernet connection.
 2. Go through the Windows device setup experience. On a new or reset device, this starts with the **Let's start with region. Is this right?** screen.
 
-  **Figure 1** - Let's start with region
+   **Figure 1** - Let's start with region
 
-  ![Let's start with region](images/win10_letsstartwithregion.png)
+   ![Let's start with region](images/win10_letsstartwithregion.png)
 
 3. Continue with setup. In the **How would you like to set up?** screen, select **Set up for an organization**.
 
-  **Figure 2** - Select setup for an organization
+   **Figure 2** - Select setup for an organization
 
-  ![Select setup for an organization](images/win10_setupforanorg.png)
+   ![Select setup for an organization](images/win10_setupforanorg.png)
 
 4. Sign in using the user's account and password. Depending on the user password setting, you may be prompted to update the password.
 5. Choose privacy settings for the device. Location, speech recognition, diagnostics, and other settings are all on by default. Configure the settings based on the school's policies. 
@@ -44,4 +46,4 @@ You can watch the descriptive audio version here: [Microsoft Education: Set up a
 
 
 ## Related topic
-[Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
\ No newline at end of file
+[Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md
index d1ab32cfa9..9a4b451c83 100644
--- a/education/get-started/use-intune-for-education.md
+++ b/education/get-started/use-intune-for-education.md
@@ -8,16 +8,18 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 08/29/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Use Intune for Education to manage groups, apps, and settings
 
 > [!div class="step-by-step"]
-[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
+> [<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+> [Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
 
 Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the Intune for Education documentation. 
 
@@ -50,81 +52,81 @@ Intune for Education provides an **Express configuration** option so you can get
 
 1. Log into the Intune for Education console. You will see the Intune for Education dashboard once you're logged in.
 
-  **Figure 1** - Intune for Education dashboard
+   **Figure 1** - Intune for Education dashboard
 
-  ![Intune for Education dashboard](images/i4e_portal.png)
+   ![Intune for Education dashboard](images/i4e_portal.png)
 
 2. On the dashboard, click **Launch Express Configuration**, or select the **Express configuration** option on the menu on the left.
 3. In the **Welcome to Intune for Education** screen, click **Get started**.
   
-  **Figure 2** - Click Get started to set up Intune for Education
+   **Figure 2** - Click Get started to set up Intune for Education
 
-  ![Click Get Started to configure groups, apps, and settings](images/i4e_expressconfiguration_welcome.png)
+   ![Click Get Started to configure groups, apps, and settings](images/i4e_expressconfiguration_welcome.png)
 
 4. In the **Get school information (optional)** screen, it should indicate that SDS is already configured. Click **Next**.
 
-  **Figure 3** - SDS is configured
+   **Figure 3** - SDS is configured
 
-  ![SDS is already configured](images/i4e_expressconfiguration_sdsconfigured.png)
+   ![SDS is already configured](images/i4e_expressconfiguration_sdsconfigured.png)
 
 5. In the **Choose group** screen, select **All Users**. All apps and settings that we select during express setup will apply to this group. 
 
-  You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
+   You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
 
 6. The **Next** button will appear at the bottom of the screen after you select **All Users**. Click **Next**.
 
-  > [!TIP]
-  > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
-  >
-  > **Figure 4** - Click on the buttons to go back to that step
-  >
-  > ![Click on the buttons to back to that step](images/i4e_expressconfiguration_choosebuttontogoback.png)
+   > [!TIP]
+   > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
+   >
+   > **Figure 4** - Click on the buttons to go back to that step
+   >
+   > ![Click on the buttons to back to that step](images/i4e_expressconfiguration_choosebuttontogoback.png)
 
 7. In the **Choose apps** screen, you will see a selection of Web apps, Microsoft Store apps, and desktop (Win32) apps. You will also see a list of popular apps from each category. 
 
-  - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
+   - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
   
-    In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
+     In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
 
-    > [!TIP]
-    > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
+     > [!TIP]
+     > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
 
-  **Figure 5** - Choose the apps that you want to install for the group
+   **Figure 5** - Choose the apps that you want to install for the group
 
-  ![Choose apps to install for the group](images/i4e_expressconfiguration_chooseapps_selected_cropped.png)
+   ![Choose apps to install for the group](images/i4e_expressconfiguration_chooseapps_selected_cropped.png)
 
 8. When you're done choosing apps, click **Next** at the bottom of the screen.
 
-  If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
+   If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
 
-8. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
+9. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
 
-  **Figure 6** - Expand the settings group to get more details
+   **Figure 6** - Expand the settings group to get more details
 
-  ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png)
+   ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png)
 
-9. For this walkthrough, set the following settings:
-  - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
-  - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
+10. For this walkthrough, set the following settings:
+    - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
+    - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
 
-  **Figure 28** - Set some additional settings
+    **Figure 28** - Set some additional settings
 
-  ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png)
+    ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png)
 
-10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
+11. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
 
-  **Figure 7** - Review the group, apps, and settings you configured
+    **Figure 7** - Review the group, apps, and settings you configured
 
-  ![Review the group, apps, and settings you configured](images/i4e_expressconfiguration_review.png)
+    ![Review the group, apps, and settings you configured](images/i4e_expressconfiguration_review.png)
 
-11. Click **Save** to end express configuration.
-12. You will see the **You're done!** screen which lets you choose one of two options. 
+12. Click **Save** to end express configuration.
+13. You will see the **You're done!** screen which lets you choose one of two options. 
 
-  **Figure 8** - All done with Intune for Education express configuration
+    **Figure 8** - All done with Intune for Education express configuration
 
-  ![Done with Intune for Education express configuration](images/i4e_expressconfiguration_alldone.png)
+    ![Done with Intune for Education express configuration](images/i4e_expressconfiguration_alldone.png)
 
-13. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
+14. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
 
 ## Add apps bought from Microsoft Store for Education
 
@@ -136,39 +138,39 @@ Intune for Education provides an **Express configuration** option so you can get
 
   1. In the Intune for Education console, click **Apps** from the menu on the left.
 
-    **Figure 9** - Click on **Apps** to see the list of apps for your tenant
+     **Figure 9** - Click on **Apps** to see the list of apps for your tenant
 
-    ![Click Apps to see the list of apps for your tenant](images/i4e_dashboard_clickapps.png)
+     ![Click Apps to see the list of apps for your tenant](images/i4e_dashboard_clickapps.png)
 
   2. In the **Store apps** section, click **+ New app**. This will take you to the Microsoft Store for Education portal and you will already be signed in.
 
-    **Figure 10** - Select the option to add a new Store app
+     **Figure 10** - Select the option to add a new Store app
 
-    ![Select the option to add a new Store app](images/i4e_apps_newstoreapp_selected.png)
+     ![Select the option to add a new Store app](images/i4e_apps_newstoreapp_selected.png)
 
   3. In the Microsoft Store page, check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express setup for Intune for Education.
   
-    For example, these apps are free:
-    - Duolingo - Learn Languages for Free
-    - Flashcards Pro 
-    - Khan Academy
-    - My Study Life
+     For example, these apps are free:
+     - Duolingo - Learn Languages for Free
+     - Flashcards Pro 
+     - Khan Academy
+     - My Study Life
 
   4. Find or select the app you want to install and click **Get the app**.
   5. In the app's Store page, click the **...** button and select **Add to private store**.
   6. Repeat steps 3-5 to install another app or move to the next step.
   7. In the Microsoft Store for Education portal, select **Manage > Apps & software > Manage apps** to verify that the apps you purchased appear in your inventory.
 
-    For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
+     For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
 
-    **Figure 11** - Apps inventory in Microsoft Store for Education
+     **Figure 11** - Apps inventory in Microsoft Store for Education
 
-    ![Apps inventory in Store for Business](images/msfe_manageapps_inventory_grouped.png)
+     ![Apps inventory in Store for Business](images/msfe_manageapps_inventory_grouped.png)
 
-    In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in Distribute apps using your private store.
+     In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in Distribute apps using your private store.
 
-    > [!NOTE]  
-    > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps. 
+     > [!NOTE]  
+     > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps. 
 
 ## Install apps for all users
 
@@ -176,34 +178,34 @@ Now that you've bought the apps, use Intune for Education to specify the group t
 
 1. In the Intune for Education console, click the **Groups** option from the menu on the left.
 
-  **Figure 12** - Groups page in Intune for Education
+   **Figure 12** - Groups page in Intune for Education
 
-  ![Groups page in Intune for Education](images/i4e_groupspage.png)
+   ![Groups page in Intune for Education](images/i4e_groupspage.png)
 
 2. In the **Groups** page, select **All Users** from the list of groups on the left, and then click **Users** in the taskbar at the top of the **All Users** page. 
 
-  **Figure 13** - List of all users in the tenant
+   **Figure 13** - List of all users in the tenant
 
-  ![List of all users in the tenant](images/i4e_groups_allusers_users_steps.png)
+   ![List of all users in the tenant](images/i4e_groups_allusers_users_steps.png)
 
 3. In the taskbar at the top, select **Apps** and then click **Edit apps** to see a list of available apps.
 
-  **Figure 14** - Edit apps to assign them to users
+   **Figure 14** - Edit apps to assign them to users
 
-  ![Edit apps to assign them to users](images/i4e_groups_allusers_appspage_editapps.png)
+   ![Edit apps to assign them to users](images/i4e_groups_allusers_appspage_editapps.png)
 
 4. Select the apps to deploy to the group. A blue checkmark will appear next to the apps you select. 
 
-  **Figure 15** - Select the apps to deploy to the group
+   **Figure 15** - Select the apps to deploy to the group
 
-  ![Select the apps to deploy to the group](images/i4e_groups_allusers_selectappstodeploy.png)
+   ![Select the apps to deploy to the group](images/i4e_groups_allusers_selectappstodeploy.png)
 
 5. Once you're done, click **Save** at the bottom of the page to deploy the selected apps to the group.
 6. You'll be notified that app assignments are being updated. The updated **All Users** groups page now include the apps you selected. 
 
-  **Figure 16** - Updated list of assigned apps
+   **Figure 16** - Updated list of assigned apps
 
-  ![Updated list of assigned apps](images/i4e_groups_allusers_updatedappslist.png)
+   ![Updated list of assigned apps](images/i4e_groups_allusers_updatedappslist.png)
 
 You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud.
 
@@ -213,10 +215,10 @@ You're now done assigning apps to all users in your tenant. It's time to set up
 -->
 
 > [!div class="step-by-step"]
-[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
+> [<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+> [Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
 
 
 
 ## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
+[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md
index f2bcfb50f9..c6192599ba 100644
--- a/education/get-started/use-school-data-sync.md
+++ b/education/get-started/use-school-data-sync.md
@@ -8,16 +8,18 @@ ms.sitesec: library
 ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 07/10/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Use School Data Sync to import student data
 
 > [!div class="step-by-step"]
-[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
+> [<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+> [Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
 
 School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks. 
 
@@ -34,34 +36,34 @@ You can watch the descriptive audio version here: [Microsoft Education: Use Scho
 1. Go to the O365-EDU-Tools GitHub site.
 2. Click the green **Clone or download** button to download the SDS sample files.
 
-  **Figure 1** - Download the SDS sample files from GitHub
+   **Figure 1** - Download the SDS sample files from GitHub
 
-  ![Download the SDS sample files from GitHub](images/sds_github_downloadsample.png)
+   ![Download the SDS sample files from GitHub](images/sds_github_downloadsample.png)
 
 3. In the **Clone with HTTPS** pop-up window, choose **Download ZIP** and note the location where you're saving the folder.
 4. Go to the folder where you saved the .zip and unzip the files.
 5. Open the **O365-EDU-Tools-master** folder and then open the **CSV Samples** subfolder. Confirm that you can see the following sample CSV files.
 
-  **Figure 2** - Sample CSV files
+   **Figure 2** - Sample CSV files
 
-  ![Use the sample CSV files](images/sds_sample_csv_files_us_uk.png)
+   ![Use the sample CSV files](images/sds_sample_csv_files_us_uk.png)
 
-  > [!NOTE] 
-  > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in. 
-  > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
-  > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
+   > [!NOTE] 
+   > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in. 
+   > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
+   > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
 
 To learn more about the CSV files that are required and the info you need to include in each file, see CSV files for School Data Sync. If you run into any issues, see School Data Sync errors and troubleshooting.
 
 ## Use SDS to import student data
 
 1. If you haven't done so already, go to the SDS portal, https://sds.microsoft.com.
-2.  Click Sign in. Then enter your O365 Global Admin account credentials. 
+2. Click Sign in. Then enter your O365 Global Admin account credentials. 
 3. After logging in, click **+ Add Profile** in the left hand navigation pane to create a Sync Profile..  This opens up the new profile setup wizard within the main page.
 
-  **Figure 3** - New SDS profile setup wizard
+   **Figure 3** - New SDS profile setup wizard
     
-  ![Screenshot that shows creating a new profile](images/03bfe22a-469b-4b73-ab8d-af5aaac8ff89.png)
+   ![Screenshot that shows creating a new profile](images/03bfe22a-469b-4b73-ab8d-af5aaac8ff89.png)
 
 4. For the new profile, in the **How do you want to connect to your school?** screen:
   
@@ -72,101 +74,101 @@ To learn more about the CSV files that are required and the info you need to inc
 
 5. In the **Sync options** screen:
 
-  1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
-  2. In the **Import data** section, click **Upload Files** to bring up the **Select data files to be uploaded** window.  
-  3. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
-  4. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
-  5. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
+   1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
+   2. In the **Import data** section, click **Upload Files** to bring up the **Select data files to be uploaded** window.  
+   3. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
+   4. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
+   5. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
 
-    > [!NOTE]
-    > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
+      > [!NOTE]
+      > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
 
-  6. After all the files are successfully uploaded, click **OK**. 
-  7. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
-  8. In the Replace Unsupported Special Characters section, checking this box will allow SDS to automatically replace unsupported special characters while the sync is running. Special characters will be replaced with an "_", and no longer result in an error during the sync process for that object.
-  9. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
-  10. In the **Student enrollment option** section:
-    * If you want to sync your student roster data immediately, leave the box unchecked.
-    * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.  
-  11. In the Default Term Dates section, You can set default start and end dates for Section terms. These dates will only be used if you do not provide these dates in your CSV files.  If you upload files with Section start and end dates, you will be asked to select the format of the dates provided. If the format that you enter does not match the format of start and end dates in your files, you will receive an error message and need to edit the date format so that it matches the format in your files.
-  12. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
-  13. Click **Next**.
+   6. After all the files are successfully uploaded, click **OK**. 
+   7. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
+   8. In the Replace Unsupported Special Characters section, checking this box will allow SDS to automatically replace unsupported special characters while the sync is running. Special characters will be replaced with an "_", and no longer result in an error during the sync process for that object.
+   9. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
+   10. In the **Student enrollment option** section:
+       * If you want to sync your student roster data immediately, leave the box unchecked.
+       * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.  
+   11. In the Default Term Dates section, You can set default start and end dates for Section terms. These dates will only be used if you do not provide these dates in your CSV files.  If you upload files with Section start and end dates, you will be asked to select the format of the dates provided. If the format that you enter does not match the format of start and end dates in your files, you will receive an error message and need to edit the date format so that it matches the format in your files.
+   12. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
+   13. Click **Next**.
 
-    **Figure 4** - Sync options for the new profile
+       **Figure 4** - Sync options for the new profile
 
-    ![Specify sync options for the new SDS profile](images/how-to-deploy-SDS-using-CSV-files-2a.PNG)
+       ![Specify sync options for the new SDS profile](images/how-to-deploy-SDS-using-CSV-files-2a.PNG)
 
 6. In the **Teacher options** screen:
 
-  1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
-    * Primary Key (Source Directory) - This is the Teacher attribute in the CSV file used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate source directory attribute, and properly configure the identity matching settings for teacher.
-    * Primary Key (Target Directory) - This is the User attribute in Azure AD used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate target directory attribute, and properly configure the identity matching settings for the teacher.
-    * Domain (optional) - This is an optional domain value that you can add to the selected Source Directory attribute to complete your Teacher Identity Matching. If you need to match to a UserPrincipalName or Mail attribute, you must have a domain included in the string. Your source attribute must either include the domain already or you can append the appropriate domain to the source attribute using this dropdown menu.
+   1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
+      * Primary Key (Source Directory) - This is the Teacher attribute in the CSV file used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate source directory attribute, and properly configure the identity matching settings for teacher.
+      * Primary Key (Target Directory) - This is the User attribute in Azure AD used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate target directory attribute, and properly configure the identity matching settings for the teacher.
+      * Domain (optional) - This is an optional domain value that you can add to the selected Source Directory attribute to complete your Teacher Identity Matching. If you need to match to a UserPrincipalName or Mail attribute, you must have a domain included in the string. Your source attribute must either include the domain already or you can append the appropriate domain to the source attribute using this dropdown menu.
 
-  2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+   2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
     
-  3. In the **License assignment** section, choose the SKU to assign licenses for teachers. 
+   3. In the **License assignment** section, choose the SKU to assign licenses for teachers. 
     
-  4. Click **Next**.
+   4. Click **Next**.
 
-    **Figure 5** - Specify options for teacher mapping
+      **Figure 5** - Specify options for teacher mapping
 
-    ![Specify options for teacher mapping](images/how-to-deploy-SDS-using-CSV-files-3.PNG)
+      ![Specify options for teacher mapping](images/how-to-deploy-SDS-using-CSV-files-3.PNG)
 
 7. In the **Student options** screen:
 
-  1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
-  2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
-  3. In the **License assignment** section, choose the SKU to assign licenses for students. 
-  4. Click **Next**.
+   1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
+   2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
+   3. In the **License assignment** section, choose the SKU to assign licenses for students. 
+   4. Click **Next**.
 
-    **Figure 6** - Specify options for student mapping
+      **Figure 6** - Specify options for student mapping
 
-    ![Specify options for student mapping](images/how-to-deploy-SDS-using-CSV-files-4.PNG)
+      ![Specify options for student mapping](images/how-to-deploy-SDS-using-CSV-files-4.PNG)
 
 8. In the profile **Review** page, review the summary and confirm that the options selected are correct. 
 9. Click **Create profile**. You will see a notification that your profile is being submitted and then you will see a page for your profile. 
 
-  **Figure 7** - SDS profile page
+   **Figure 7** - SDS profile page
  
-  ![SDS profile page](images/how-to-deploy-SDS-using-CSV-files-5.png)
+   ![SDS profile page](images/how-to-deploy-SDS-using-CSV-files-5.png)
 
 10. After the profile is created and the status indicates as **Setting up**, refresh the page until you see the status change to **Sync in progress**. Beneath the **Sync in progress** status, you will see which of the 5 sync stages SDS is working on:
-  * Stage 1 - Validating data
-  * Stage 2 - Processing schools and sections
-  * Stage 3 - Processing students and teachers
-  * Stage 4 - Adding students and teachers into sections
-  * Stage 5 - Setting up security groups
+    * Stage 1 - Validating data
+    * Stage 2 - Processing schools and sections
+    * Stage 3 - Processing students and teachers
+    * Stage 4 - Adding students and teachers into sections
+    * Stage 5 - Setting up security groups
 
-  If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
+    If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
 
-  Once you've completed all five sync stages, your profile status will update one final time. 
+    Once you've completed all five sync stages, your profile status will update one final time. 
     * If you haven't encountered any errors, you will see a green check mark which states **Everything is ok**, and the profile status will change to **Sync complete. Ready for more data.** 
     * If SDS encountered sync errors, you will see a red status icon that indicates an error, and a profile status of **Sync complete. Profile contains multiple errors**. Download the available error report to identify and fix your sync errors. Once complete, upload new files as needed and re-sync your data until errors are resolved.
 
-  Here are some examples of what the sync status can look like:
+    Here are some examples of what the sync status can look like:
 
-  **Figure 8** - New profile: Sync in progress
+    **Figure 8** - New profile: Sync in progress
 
-  ![Sync in progress for the new profile](images/sds_profile_status_syncinprogress_062317.png)
+    ![Sync in progress for the new profile](images/sds_profile_status_syncinprogress_062317.png)
 
-  **Figure 9** - New profile: Sync complete - no errors
+    **Figure 9** - New profile: Sync complete - no errors
 
-  ![New profile sync complete with no errors](images/sds_profile_status_everythingok_062317.png)
+    ![New profile sync complete with no errors](images/sds_profile_status_everythingok_062317.png)
 
-  **Figure 10** - New profile: Sync complete - with errors
+    **Figure 10** - New profile: Sync complete - with errors
 
-  ![New profile sync complete with errors](images/sds_profile_status_syncerrors_062317.png)
+    ![New profile sync complete with errors](images/sds_profile_status_syncerrors_062317.png)
 
-  Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
+    Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
 
-  You can refresh the page to confirm that your profile synced successfully.
+    You can refresh the page to confirm that your profile synced successfully.
 
 That's it for importing sample school data using SDS.
 
 > [!div class="step-by-step"]
-[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
+> [<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+> [Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
 
 ## Related topic
 [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index 0861f90f74..b842f7b7e8 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -9,9 +9,11 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.pagetype: edu
 ROBOTS: noindex,nofollow
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 03/18/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Educator Trial in a Box Guide
@@ -76,15 +78,15 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
 
 4. Select the **Immersive Reader** button.
 
-  ![Word Online's Immersive Reader](images/word_online_immersive_reader.png)
+   ![Word Online's Immersive Reader](images/word_online_immersive_reader.png)
 
 5. Press the **Play** button to hear text read aloud.
 
 6. Select these various settings to see different ways to configure Immersive Reader for your students.
 
-  | Text to Speech | Text Preferences | Grammar Options | Line Focus |
-  | :------------: | :--------------: | :-------------: | :--------: |
-  | ![Word Online Text to Speech](images/wordonline_tts.png) | ![Word Online Text Preferences](images/wordonline_text_preferences.png) | ![Word Online Grammar Options](images/wordonline_grammar_options.png) | ![Word Online Line Focus](images/wordonline_line_focus.png) |
+   | Text to Speech | Text Preferences | Grammar Options | Line Focus |
+   | :------------: | :--------------: | :-------------: | :--------: |
+   | ![Word Online Text to Speech](images/wordonline_tts.png) | ![Word Online Text Preferences](images/wordonline_text_preferences.png) | ![Word Online Grammar Options](images/wordonline_grammar_options.png) | ![Word Online Line Focus](images/wordonline_line_focus.png) |
 
 
            
 
            
@@ -131,18 +133,18 @@ When you're not using the pen, just use the magnet to stick it to the left side
 2. Take the digital pen out of the box and make notes or draw.
 
 3. Follow the instructions for the project. Look for the **Try this!** callouts to experiment with these engaging activities.
-  - Discover the power of digital ink by selecting the Draw tab. Choose your pen and get scribbling.
+   - Discover the power of digital ink by selecting the Draw tab. Choose your pen and get scribbling.
 
-    ![OneNote Draw tab](images/onenote_draw.png)
+     ![OneNote Draw tab](images/onenote_draw.png)
 
-  - Type anywhere on the page! Just click your cursor where you want to place text.
-  - Use the checkmark in the **Home** tab to keep track of completed tasks.
+   - Type anywhere on the page! Just click your cursor where you want to place text.
+   - Use the checkmark in the **Home** tab to keep track of completed tasks.
 
-    ![OneNote To Do Tag](images/onenote_checkmark.png)
+     ![OneNote To Do Tag](images/onenote_checkmark.png)
 
-  - To find information without leaving OneNote, use the Researcher tool found under the Insert tab.
+   - To find information without leaving OneNote, use the Researcher tool found under the Insert tab.
 
-    ![OneNote Researcher](images/onenote_researcher.png)
+     ![OneNote Researcher](images/onenote_researcher.png)
 
 
            
 
            
@@ -168,7 +170,7 @@ Use video to create a project summary.
 4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app.
 
 5. Select the first video to preview it full screen. Select **Edit & Create**, then select **Create a video with text**.
-  1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen.
+   1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen.
 
 6. Name your project “Laser Maze Project.” Hit Enter to continue.
 
@@ -176,24 +178,24 @@ Use video to create a project summary.
 
 8. Drag the videos to the Storyboard, one by one. Your project should look roughly like this:
 
-  ![Photos app layout showing videos added in previous steps](images/photo_app_1.png)
+   ![Photos app layout showing videos added in previous steps](images/photo_app_1.png)
 
 9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**.
 
 10.	Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**.  Drag the trim handle on the left to shorten the duration of the clip and select **Done**.
 
 11.	Select the last card on the Storyboard and select **3D effects**.
-  1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser.
-  2. Find the **lightning bolt** effect and click or drag to add it to the scene.  Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror.
-  3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene.
-  4. Play back your effect.
-  5. Select **Done** when you have it where you want it.
+    1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser.
+    2. Find the **lightning bolt** effect and click or drag to add it to the scene.  Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror.
+    3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene.
+    4. Play back your effect.
+    5. Select **Done** when you have it where you want it.
 
-  ![Lighting bolt effect being added to a video clip](images/photo_app_2.png)
+    ![Lighting bolt effect being added to a video clip](images/photo_app_2.png)
 
 12. Select **Music** and select a track from the **Recommended** music collection.
-  1. The music will update automatically to match the length of your video project, even as you make changes.
-  2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background.
+    1. The music will update automatically to match the length of your video project, even as you make changes.
+    2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background.
 
 13. You can adjust the volume for the background music using the **Music volume** button.
 
@@ -224,7 +226,7 @@ Today, we'll explore a Minecraft world through the eyes of a student.
 
 3. Scroll down to the **Details** section and select **Download World**.
 
-  ![Select the download world link](images/mcee_downloadworld.png)
+   ![Select the download world link](images/mcee_downloadworld.png)
 
 4. When prompted, save the world.
 
@@ -237,28 +239,28 @@ Today, we'll explore a Minecraft world through the eyes of a student.
 8. Click **Lesson Hub Vol 1** to enter the downloaded world.
 
 9. Explore the world by using the keys on your keyboard.
-  * **W** moves forward.
-  * **A** moves left.
-  * **S** moves right.
-  * **D** moves backward.
+   * **W** moves forward.
+   * **A** moves left.
+   * **S** moves right.
+   * **D** moves backward.
 
 10. Use your mouse as your "eyes". Just move it to look around.
 
 11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land.
 
-  To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
+    To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
 
-  ![Minecraft mouse and keyboard controls](images/mcee_keyboard_mouse_controls.png)
+    ![Minecraft mouse and keyboard controls](images/mcee_keyboard_mouse_controls.png)
 
 12. Access and adapt over 300 lesson plans, spanning all grades and subjects, to meet your needs. Enjoy exploring new worlds and happy crafting.
 
-  **Try this!**
+    **Try this!**
 
-  1. Go to education.minecraft.net/.
-  2. Click **Class Resources**.
-  3. Click **Find a Lesson**.
+    1. Go to education.minecraft.net/.
+    2. Click **Class Resources**.
+    3. Click **Find a Lesson**.
 
-  ![Access and adapt over 300 Minecraft lesson plans](images/minecraft_lesson_plans.png)
+    ![Access and adapt over 300 Minecraft lesson plans](images/minecraft_lesson_plans.png)
 
 
            
 
            
@@ -267,21 +269,21 @@ Today, we'll explore a Minecraft world through the eyes of a student.
 ![Help students understand new math concepts with the Math Assistant in OneNote](images/Inking.png)
 ## 7. Use Windows Ink to provide a personal math tutor for your students
 
-The **Math Assistant** and **Ink Replay** features available in the OneNote app for Windows 10 and OneNote Online give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph.
+The **Math Assistant** and **Ink Replay** features available in the OneNote app give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph.
 
 **Let's solve 3x+4=7 in OneNote using the pen!**
 To get started:
 1. Open the OneNote app for Windows 10 (not OneNote 2016).
 
-  ![OneNote icon](images/OneNote_logo.png)
+   ![OneNote icon](images/OneNote_logo.png)
 
 2. In the top left corner, click on the **<** arrow to access your notebooks and pages.
 
-  ![OneNote back arrow navigation button](images/left_arrow.png)
+   ![OneNote back arrow navigation button](images/left_arrow.png)
 
 3. Click **Add Page** to launch a blank work space.
 
-  ![Select add page button](images/plus-page.png)
+   ![Select add page button](images/plus-page.png)
 
 4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices.
 
@@ -290,30 +292,30 @@ To solve the equation 3x+4=7, follow these instructions:
 
 2. If you wrote the equation using digital ink, use the **Lasso tool** to circle the equation. If you typed the equation, highlight it using your mouse.
 
-  ![Lasso button](images/lasso.png)
+   ![Lasso button](images/lasso.png)
 
 3. On the **Draw** tab, click the **Math** button.
 
-  ![Math button](images/math-button.png)
+   ![Math button](images/math-button.png)
 
 4. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation.
 
-  ![Solve for x menu](images/solve-for-x.png)
+   ![Solve for x menu](images/solve-for-x.png)
 
 5. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation.
 
 6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem.
 
-  ![Replay button](images/replay.png)
+   ![Replay button](images/replay.png)
 
 To graph the equation 3x+4=7, follow these instructions:
 1. From the drop-down menu in the **Math** pane, select the option to **Graph Both Sides in 2D**. You can play with the interactive graph of your equation - use a single finger to move the graph position or two fingers to change the **zoom** level.
 
-  ![Graph both sides in 2D](images/graph-for-x.png)
+   ![Graph both sides in 2D](images/graph-for-x.png)
 
 2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page.
-
            
-
            
+   
            
+   
            
 
 **Watch what Educators say about Microsoft Education delivering better learning outcomes**
 Bring out the best in students by providing a platform for collaborating, exploring, personalized learning, and getting things done across all devices.
@@ -345,4 +347,4 @@ For more information about checking for updates, and how to optionally turn on a
 
            
 
            
 
            
-1 OneNote in Education Learning Tools transform the student experience.
\ No newline at end of file
+1 OneNote in Education Learning Tools transform the student experience.
diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md
index 054ecc6647..253c4ded12 100644
--- a/education/trial-in-a-box/itadmin-tib-get-started.md
+++ b/education/trial-in-a-box/itadmin-tib-get-started.md
@@ -9,9 +9,11 @@ ms.topic: get-started
 ms.localizationpriority: medium
 ms.pagetype: edu
 ROBOTS: noindex,nofollow
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 03/18/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # IT Admin Trial in a Box Guide
@@ -30,7 +32,7 @@ ms.date: 03/18/2018
 |  |  |
 
 
            
-To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. A tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide.
+To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. A tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide.
 
 If you run into any problems while following the steps in this guide, or you have questions about Trial in a Box or Microsoft Education, see [Microsoft Education Trial in a Box Support](support-options.md).
 
@@ -95,26 +97,26 @@ If you've previously used Set up School PCs to provision student devices, you ca
 
     ![Configure student PC settings](images/suspc_configure_pcsettings_selected.png)
 
-  - **Remove apps pre-installed by the device manufacturer** - If you select this option, this will reset the machine and the provisioning process will take longer (about 30 minutes).
-  - **Allow local storage (not recommended for shared devices)** lets students save files to the **Desktop** and **Documents** folder on the student PC.
-  - **Optimize device for a single student, instead of a shared cart or lab** optimizes the device for use by a single student (1:1). 
-    - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). 
-    - This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data or if the student doesn't use the PC over a prolonged period.
-  - **Let guests sign-in to these PCs** allows guests to use student PCs without a school account. If you select this option, a **Guest** account button will be added in the PC's sign-in screen to allow anyone to use the PC.
-  - **Enable Windows 10 Autopilot Reset** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset).
-  - **Lock screen background** shows the default backgroudn used for student PCs provisioned by Set up School PCs. Select **Browse** to change the default.
+   - **Remove apps pre-installed by the device manufacturer** - If you select this option, this will reset the machine and the provisioning process will take longer (about 30 minutes).
+   - **Allow local storage (not recommended for shared devices)** lets students save files to the **Desktop** and **Documents** folder on the student PC.
+   - **Optimize device for a single student, instead of a shared cart or lab** optimizes the device for use by a single student (1:1). 
+     - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). 
+     - This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data or if the student doesn't use the PC over a prolonged period.
+   - **Let guests sign-in to these PCs** allows guests to use student PCs without a school account. If you select this option, a **Guest** account button will be added in the PC's sign-in screen to allow anyone to use the PC.
+   - **Enable Windows 10 Autopilot Reset** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset).
+   - **Lock screen background** shows the default backgroudn used for student PCs provisioned by Set up School PCs. Select **Browse** to change the default.
 
 7. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test.
 
     ![Configure the Take a Test app](images/suspc_takeatest.png)
 
-  1. Specify if you want to create a Take a Test button on the students' sign-in screens.
-  2. Select **Advanced settings** to allow keyboard text suggestions to appear and to allow teachers to monitor online tests. 
+   1. Specify if you want to create a Take a Test button on the students' sign-in screens.
+   2. Select **Advanced settings** to allow keyboard text suggestions to appear and to allow teachers to monitor online tests. 
 
-    > [!NOTE]
-    > The Take a Test app doesn't provide monitoring capabilities, but it allows tools like AssistX ClassPolicy to see what is going on in the app.
+      > [!NOTE]
+      > The Take a Test app doesn't provide monitoring capabilities, but it allows tools like AssistX ClassPolicy to see what is going on in the app.
 
-  3. Enter the assessment URL. 
+   3. Enter the assessment URL. 
 
 8. **Add recommended apps** lets you choose from a set of recommended Microsoft Store apps to provision. 
 
diff --git a/education/trial-in-a-box/support-options.md b/education/trial-in-a-box/support-options.md
index cc82641391..80fd5383f3 100644
--- a/education/trial-in-a-box/support-options.md
+++ b/education/trial-in-a-box/support-options.md
@@ -9,9 +9,11 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.pagetype: edu
 ROBOTS: noindex,nofollow
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 03/18/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Microsoft Education Trial in a Box Support
@@ -33,10 +35,10 @@ For more information about checking for updates, and how to optionally turn on a
 2. In the admin center dashboard, select your profile on the upper righthand corner and select **My account** from the options.
 3. Select **Personal info** and then edit **Contact details** to update  your phone, primary email address, and alternate email address. 
 
-  > [!NOTE]
-  > For the alternate email address, make sure you use a different address from your Office 365 email address.
+   > [!NOTE]
+   > For the alternate email address, make sure you use a different address from your Office 365 email address.
 
-  ![Complete your contact details](images/o365_adminaccountinfo.png)
+   ![Complete your contact details](images/o365_adminaccountinfo.png)
 
 4. Click **Save**.
 
@@ -44,15 +46,15 @@ For more information about checking for updates, and how to optionally turn on a
 
 1. Click the **Need help?** button in the lower right-hand corner of the Office 365 console.
 
-  ![Select Need help to get support](images/o365_needhelp.png)
+   ![Select Need help to get support](images/o365_needhelp.png)
 
-  You will see a sidebar window open up on the right-hand side of the screen.
+   You will see a sidebar window open up on the right-hand side of the screen.
 
-  ![Option to have a support representative call you](images/o365_needhelp_callingoption.png)
+   ![Option to have a support representative call you](images/o365_needhelp_callingoption.png)
 
-  If you chose to have a support representative call you, a new support ticket will be opened and you can track these in **Support tickets**.
+   If you chose to have a support representative call you, a new support ticket will be opened and you can track these in **Support tickets**.
 
-  ![Track your support tickets](images/o365_needhelp_supporttickets.png)
+   ![Track your support tickets](images/o365_needhelp_supporttickets.png)
 
 2. Click the **question button** ![Question button](images/o365_needhelp_questionbutton.png) in the top navigation of the sidebar window.
 3. In the field below **Need help?**, enter a description of your help request.
@@ -67,10 +69,10 @@ Forget your password? Follow these steps to recover it.
 1. Go to https://portal.office.com
 2. Select **Can't access your account** and follow the prompts to get back into your account.
 
-  ![Recover your account](images/officeportal_cantaccessaccount.png)
+   ![Recover your account](images/officeportal_cantaccessaccount.png)
 
 
 
 
 ## Get more info
-[Microsoft Education Trial in a Box](index.md)
\ No newline at end of file
+[Microsoft Education Trial in a Box](index.md)
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 3ab4c50a66..2c11c122c4 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 06/27/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Reset devices with Autopilot Reset 
@@ -49,12 +51,12 @@ You can set the policy using one of these methods:
 - Set up School PCs app
 
     Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you are running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways:
-    - Reach out to your device manufacturer.
-    - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If  you are using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
-    - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709.
+  - Reach out to your device manufacturer.
+  - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If  you are using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
+  - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709.
 
     To use the Autopilot Reset setting in the Set up School PCs app:
-    * When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
+  - When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
 
     ![Configure student PC settings in Set up School PCs](images/suspc_configure_pc2.jpg)
     
@@ -68,14 +70,14 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
     ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)
 
     This will open up a custom login screen for Autopilot Reset. The screen serves two purposes:
-    1. Confirm/verify that the end user has the right to trigger Autopilot Reset
-    2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
+   1. Confirm/verify that the end user has the right to trigger Autopilot Reset
+   2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
 
-    ![Custom login screen for Autopilot Reset](images/autopilot-reset-customlogin.png)
+      ![Custom login screen for Autopilot Reset](images/autopilot-reset-customlogin.png)
 
 2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
 
->[!IMPORTANT] 
+>[!IMPORTANT]
 >To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
 
     Once Autopilot Reset is triggered, the reset process starts. 
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 4185c9baae..3516574e11 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -6,15 +6,23 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
-author: MikeBlodge
-ms.author: MikeBlodge
-ms.date: 05/07/2018
+author: levinec
+ms.author: ellevin
+ms.date: 05/21/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Change history for Windows 10 for Education
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## May 2019
+
+|New or changed topic | Description|
+|-----------|-------------|
+|[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation)|Subscription activation support for Windows 10 Pro Education to Windows 10 Education|
+
 ## April 2018
 New or changed topic | Description
 --- | ---
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index 58dcd89d1e..da30be64ef 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: MikeBlodge
-ms.author: jaimeo
-ms.date: 04/30/2018
+author: levinec
+ms.author: ellevin
+ms.date: 05/21/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Change to Windows 10 Pro Education from Windows 10 Pro
@@ -20,6 +22,9 @@ If you have an education tenant and use devices with Windows 10 Pro, global admi
 
 To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
 
+>[!IMPORTANT]
+>If you change a Windows 10 Pro device to Windows 10 Pro Education using Microsoft Store for Education, [subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation) won't work.
+
 ## Requirements for changing
 Before you change to Windows 10 Pro Education, make sure you meet these requirements:
 - Devices must be running Windows 10 Pro, version 1607 or higher.
@@ -96,8 +101,8 @@ When you change to Windows 10 Pro Education, you get the following benefits:
 - **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB).
 - **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have.
 - **Roll back options to Windows 10 Pro**
-    - When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). 
-    - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. 
+  - When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). 
+  - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. 
 
     See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro) for more info.
 
@@ -109,7 +114,7 @@ Once you enable the setting to change to Windows 10 Pro Education, the change wi
 
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account.
 
-  If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
+   If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
 
 2. Click **Manage** from the top menu and then select the **Benefits tile**.
 3. In the **Benefits** tile, look for the **Change to Windows 10 Pro Education for free** link and then click it.
@@ -307,6 +312,8 @@ For more information about integrating on-premises AD DS domains with Azure AD,
 
 ## Related topics
 
-[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
             
-[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
             
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
+[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  
+[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)  
+[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)  
+[Windows 10 subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation)
+
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index e981deb743..9769d7a3bf 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -2,14 +2,16 @@
 title: Chromebook migration guide (Windows 10)
 description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
 ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
+ms.reviewer: 
+manager: dansimp
 keywords: migrate, automate, device, Chromebook migration
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu, devices
 ms.localizationpriority: medium
-author: craigash
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/13/2017
 ---
 
@@ -41,7 +43,7 @@ Before you can do any analysis or make decisions about which apps to migrate or
 > [!NOTE]  
 > The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
 
- 
+ 
 
 You can divide the apps into the following categories:
 
@@ -73,15 +75,15 @@ Table 1. Google App replacements
 
 | If you use this Google app on a Chromebook | Use this app on a Windows device     |
 |--------------------------------------------|--------------------------------------|
-| Google Docs                                | Word 2016 or Word Online             |
-| Google Sheets                              | Excel 2016 or Excel Online           |
-| Google Slides                              | PowerPoint 2016 or PowerPoint Online |
+| Google Docs                                | Word 2016 or Word for the web             |
+| Google Sheets                              | Excel 2016 or Excel for the web           |
+| Google Slides                              | PowerPoint 2016 or PowerPoint for the web |
 | Google Apps Gmail                          | Outlook 2016 or Outlook Web App      |
 | Google Hangouts                            | Microsoft Skype for Business         |
 | Chrome                                     | Microsoft Edge                       |
 | Google Drive                               | Microsoft OneDrive for Business      |
 
- 
+ 
 
 It may be that you will decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
 
@@ -162,7 +164,7 @@ Table 2. Settings in the Device Management node in the Google Admin Console
 
            These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
            
 
              
 
            • User settings. Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
              • 
-
            • Public session settings. Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
              • 
+
            • Public session settings. Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
              • 
 
            • Device settings. Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
              • 
 
            • Devices. Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you will need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you will need to manage your Windows devices.
              • 
 
            • App Management. Provides configuration settings for Chrome apps. Record the settings for any apps that you have identified that will run on Windows devices.
              • 
@@ -171,7 +173,7 @@ Table 2. Settings in the Device Management node in the Google Admin Console
 
 
 
- 
+ 
 
 Table 3 lists the settings in the Security node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
 
@@ -213,7 +215,7 @@ Table 3. Settings in the Security node in the Google Admin Console
 
 
 
- 
+ 
 
 **Identify locally-configured settings to migrate**
 
@@ -246,7 +248,7 @@ Table 4. Locally-configured settings
 | Powerwash              | This action removes all user accounts and resets the Chromebook device back to factory settings. You don’t have to migrate any settings in this section.                                                                                                                                                                                                                                                                                                                                                                     |
 | Reset settings         | This action retains all user accounts, but restores all settings back to their default values. You don’t have to migrate any settings in this section.                                                                                                                                                                                                                                                                                                                                                                       |
 
- 
+ 
 
 Determine how many users have similar settings and then consider managing those settings centrally. For example, a large number of users may have many of the same Chrome web browser settings. You can centrally manage these settings in Windows after migration.
 
@@ -349,7 +351,7 @@ Here is a list of reasons that describe why you might want to migrate from an ex
 
 -   **Better integration with Office 365.** If your long-term strategy is to migrate to Office 365 apps (such as Word 2016 or Excel 2016) then a migration to Microsoft cloud services will provide better integration with these apps. The use of existing cloud services may not be as intuitive for users. For example, Office 365 apps will integrate better with OneDrive for Business compared to Google Drive.
 
--   **Online apps offer better document compatibility.** Microsoft Office online apps (such as Word Online and Excel Online) provide the highest level of compatibility with Microsoft Office documents. The Office online apps allow you to open and edit documents directly from SharePoint or OneDrive for Business. Users can access the Office online app from any device with Internet connectivity.
+-   **Online apps offer better document compatibility.** Microsoft Office apps (such as Word and Excel for the web) provide the highest level of compatibility with Microsoft Office documents. The Office apps allow you to open and edit documents directly from SharePoint or OneDrive for Business. Users can access the Office app from any device with Internet connectivity.
 
 -   **Reduce licensing costs.** If you pay for Office 365 licenses, then Office 365 apps and cloud storage are included in those licenses. Although you could keep existing cloud services, you probably would pay more to keep those services.
 
@@ -481,7 +483,7 @@ Table 5. Select on-premises AD DS, Azure AD, or hybrid
 
 
 
- 
+ 
 
 ### 
 
@@ -601,7 +603,7 @@ Table 6. Device, user, and app management products and technologies
 
 
 
- 
+ 
 
 You can use Configuration Manager and Intune in conjunction with each other to provide features from both products and technologies. In some instances you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
 
@@ -678,21 +680,21 @@ Table 7. Network infrastructure products and technologies and deployment resourc
 
 DHCP
 
 
 
 DNS
 
 
 
 
 
- 
+ 
 
 If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
 
@@ -720,22 +722,22 @@ Table 8. AD DS, Azure AD and deployment resources
 
 AD DS
 
 
 
 Azure AD
 
 
 
 
 
- 
+ 
 
 If you decided not to migrate to AD DS or Azure AD as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -763,44 +765,44 @@ Table 9. Management systems and deployment resources
 
 Windows provisioning packages
 
 
 
 Group Policy
 
 
 
 Configuration Manager
 
 
 
 Intune
 
 
 
 MDT
 
 
 
 
 
- 
+ 
 
 If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -828,29 +830,29 @@ Table 10. Management systems and app deployment resources
 
 Group Policy
 
 
 
 Configuration Manager
 
 
 
 Intune
 
 
 
 
 
- 
+ 
 
 If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -956,9 +958,9 @@ After you complete these steps, your management system should take over the day-
 
 [Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index 9d1acc0a3c..1cb747217a 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -7,9 +7,11 @@ ms.sitesec: library
 ms.prod: w10
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 08/31/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Windows 10 configuration recommendations for education customers
@@ -46,16 +48,16 @@ It is easy to be education ready when using Microsoft products. We recommend the
     You can [sign up to learn more about Intune for Education](https://info.microsoft.com/US-WNDWS-CNTNT-FY17-01Jan-17-IntuneforEducationlandingpageandnurture292531_01Registration-ForminBody.html).
 
 3. On PCs running Windows 10, version 1703:
-  1. Provision the PC using one of these methods:
-    * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - This will automatically set both **SetEduPolicies** to True and **AllowCortana** to False.
-    * [Provision PCs with a custom package created with Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False.
-  2. Join the PC to Azure Active Directory.
-    * Use Set up School PCs or Windows Configuration Designer to bulk enroll to Azure AD.
-    * Manually Azure AD join the PC during the Windows device setup experience.
-  3. Enroll the PCs in MDM.
-    * If you have activated Intune for Education in your Azure AD tenant, enrollment will happen automatically when the PC is joined to Azure AD. Intune for Education will automatically set **SetEduPolicies** to True and **AllowCortana** to False.
-  4. Ensure that needed assistive technology apps can be used.
-    * If you have students or school personnel who rely on assistive technology apps that are not available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
+   1. Provision the PC using one of these methods:
+      * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - This will automatically set both **SetEduPolicies** to True and **AllowCortana** to False.
+      * [Provision PCs with a custom package created with Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False.
+   2. Join the PC to Azure Active Directory.
+      * Use Set up School PCs or Windows Configuration Designer to bulk enroll to Azure AD.
+      * Manually Azure AD join the PC during the Windows device setup experience.
+   3. Enroll the PCs in MDM.
+      * If you have activated Intune for Education in your Azure AD tenant, enrollment will happen automatically when the PC is joined to Azure AD. Intune for Education will automatically set **SetEduPolicies** to True and **AllowCortana** to False.
+   4. Ensure that needed assistive technology apps can be used.
+      * If you have students or school personnel who rely on assistive technology apps that are not available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
 
 4. Distribute the PCs to students.
 
@@ -85,14 +87,14 @@ Use one of these methods to set this policy.
 ### MDM
 - Intune for Education automatically sets this policy in the **All devices** group policy configuration.
 - If you're using an MDM provider other than Intune for Education, check your MDM provider documentation on how to set this policy.
-    - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
+  - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
 
-        For example, in Intune, create a new configuration policy and add an OMA-URI. 
-        - OMA-URI:  ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
-        - Data type:  Integer
-        - Value:  0
+      For example, in Intune, create a new configuration policy and add an OMA-URI. 
+    - OMA-URI:  ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
+    - Data type:  Integer
+    - Value:  0
 
-        ![Create an OMA URI for AllowCortana](images/allowcortana_omauri.png)
+      ![Create an OMA URI for AllowCortana](images/allowcortana_omauri.png)
 
 ### Group Policy
 Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
@@ -114,14 +116,14 @@ Use one of these methods to set this policy.
 ### MDM
 - Intune for Education automatically sets this policy in the **All devices** group policy configuration.
 - If you're using an MDM provider other than Intune for Education, check your MDM provider documentation on how to set this policy.
-    - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
+  - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
 
-        For example, in Intune, create a new configuration policy and add an OMA-URI.
-        - OMA-URI:  ./Vendor/MSFT/SharedPC/SetEduPolicies
-        - Data type:  Boolean
-        - Value:  true
+      For example, in Intune, create a new configuration policy and add an OMA-URI.
+    - OMA-URI:  ./Vendor/MSFT/SharedPC/SetEduPolicies
+    - Data type:  Boolean
+    - Value:  true
 
-        ![Create an OMA URI for SetEduPolices](images/setedupolicies_omauri.png)
+      ![Create an OMA URI for SetEduPolices](images/setedupolicies_omauri.png)
 
 ### Group Policy
 **SetEduPolicies** is not natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224(v=vs.85).aspx) to set the policy in [MDM SharedPC](https://msdn.microsoft.com/library/windows/desktop/mt779129(v=vs.85).aspx). 
diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md
index f8c2aecdf4..356dbca7b5 100644
--- a/education/windows/create-tests-using-microsoft-forms.md
+++ b/education/windows/create-tests-using-microsoft-forms.md
@@ -1,13 +1,15 @@
 ---
 title: Create tests using Microsoft Forms
+ms.reviewer: 
+manager: dansimp
 description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
 keywords: school, Take a Test, Microsoft Forms
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms
 ---
 
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index 67bf3f18d4..4b3c170a20 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.pagetype: edu
 ms.sitesec: library
 ms.localizationpriority: medium
-author: craigash
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/30/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Deploy Windows 10 in a school district
@@ -75,7 +77,7 @@ Use these characteristics at a minimum as you deploy your schools. If your distr
 
 Office 365 Education allows:
 
-* Students and faculty to use Microsoft Office Online to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
+* Students and faculty to use Microsoft Office to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
 * Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
 * Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, the administration, and faculty.
 * Teachers to employ Sway to create interactive educational digital storytelling.
@@ -594,8 +596,8 @@ To create a new Office 365 Education subscription for use in the classroom, use
 #### To create a new Office 365 subscription
 
 1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
-   >**Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
-      
              • In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap **More actions**), and then click or tap **New InPrivate window**.
              • In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap **Settings**), click or tap **Safety**, and then click or tap **InPrivate Browsing**.
              
+   > **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
+   >    
              • In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap More actions), and then click or tap New InPrivate window.
              • In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap Settings), click or tap Safety, and then click or tap InPrivate Browsing.
              
 
 
 2. On the **Get started** page, in **Enter your school email address**, type your school email address, and then click **Sign up**.
@@ -1100,30 +1102,30 @@ The first step in preparing for Windows 10 deployment is to configure—that is,
 
 
 1. Import operating systems
-Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).
+Import the operating systems that you selected in the Select the operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench.
 
 
 
 2. Import device drivers
 Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

              
-Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench).
+Import device drivers for each device in your institution. For more information about how to import device drivers, see Import Device Drivers into the Deployment Workbench.
 
 
 
 
 3. Create MDT applications for Microsoft Store apps
-Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called *provisioned apps*). Use this method to deploy up to 24 apps to Windows 10.

              
+Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

              
 
              Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files by performing one of the following tasks:
              
 
                
 
              • For offline-licensed apps, download the .appx files from the Microsoft Store for Business.
                • 
 
              • For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.
                • 
 
              
 
              If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

              
-If you have Intune or System Center Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager) sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

              
+If you have Intune or System Center Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune and Deploy and manage apps by using System Center Configuration Manager sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

              
 In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:

              
 
                
-
              • Prepare your environment for sideloading, see [Try it out: sideload Microsoft Store apps](https://technet.microsoft.com/windows/jj874388.aspx).
                • 
-
              • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
                • 
+
              • Prepare your environment for sideloading, see Try it out: sideload Microsoft Store apps.
                • 
+
              • Create an MDT application, see Create a New Application in the Deployment Workbench.
                • 
 
              
 
 
@@ -1132,10 +1134,10 @@ In addition, you must prepare your environment for sideloading Microsoft Store a
 
 4. Create MDT applications for Windows desktop apps
 You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

              
-To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/library/jj219423.aspx).

              
-If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.
+To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool.

              
+If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.
 

              
-**Note**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section.
+Note  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section.
 
 For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx).
 
@@ -1151,7 +1153,7 @@ For more information about how to create an MDT application for Window desktop a
 
            • Upgrade existing devices to 64-bit Windows 10 Education.
              • 
 
            • Upgrade existing devices to 32-bit Windows 10 Education.
              • 
 
            
-
            Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
+
            Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see Create a New Task Sequence in the Deployment Workbench.
 
 
 
@@ -1159,7 +1161,7 @@ For more information about how to create an MDT application for Window desktop a
 
 6. Update the deployment share
 Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

            
-For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench).
+For more information about how to update a deployment share, see Update a Deployment Share in the Deployment Workbench.
 
 
 
@@ -1336,7 +1338,7 @@ For more information about how to create a task sequence in the:
 * Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
 * Configuration Manager console, see [Create a task sequence to install an operating system in System Center Configuration Manager](https://technet.microsoft.com/library/mt627927.aspx).
 
-####Summary
+#### Summary
 In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or System Center Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, you’re ready to deploy Windows 10 and your apps to your devices.
 
 ## Prepare for device management
@@ -1382,8 +1384,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Restrict the local administrator accounts on the devices
 Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

            
-**Group Policy.** Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

            
-**Intune.** Not available.
+Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

            
+Intune. Not available.
 
 
 
@@ -1391,8 +1393,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Manage the built-in administrator account created during device deployment
 When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.

            
-**Group Policy.** To rename the built-in Administrator account, use the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/library/cc747484.aspx). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/library/jj852165.aspx).

            
-**Intune.** Not available.
+Group Policy. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status.

            
+Intune. Not available.
 
 
 
@@ -1400,8 +1402,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Control Microsoft Store access
 You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

            
-**Group Policy.** To disable the Microsoft Store app, use the **Turn off the Store Application** group policy setting. To prevent Microsoft Store apps from receiving updates, use the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/library/hh832040.aspx#BKMK_UseGP).

            
-**Intune.** To enable or disable Microsoft Store access, use the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration policy**.
+Group Policy. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?.

            
+Intune. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.
 
 
 
@@ -1409,8 +1411,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Use of Remote Desktop connections to devices
 Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

            
-**Group Policy.** To enable or disable Remote Desktop connections to devices, use the **Allow Users to connect remotely using Remote Desktop** setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

            
-**Intune.** Not available.
+Group Policy. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

            
+Intune. Not available.
 
 
 
@@ -1419,8 +1421,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Use of camera
 A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

            
-**Group Policy.** Not available.

            
-**Intune.** To enable or disable the camera, use the **Allow camera** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+Group Policy. Not available.

            
+Intune. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.
 
 
 
@@ -1428,8 +1430,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Use of audio recording
 Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

            
-**Group Policy.** To disable the Sound Recorder app, use the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](https://technet.microsoft.com/library/ee791894.aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/library/ee791899.aspx).

            
-**Intune.** To enable or disable audio recording, use the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy.
+Group Policy. To disable the Sound Recorder app, use the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in Editing an AppLocker Policy and Create Your AppLocker Policies.

            
+Intune. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.
 
 
 
@@ -1437,8 +1439,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Use of screen capture
 Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

            
-**Group Policy.** Not available.

            
-**Intune.** To enable or disable screen capture, use the **Allow screen capture** policy setting in the **System** section of a **Windows 10 General Configuration** policy.
+Group Policy. Not available.

            
+Intune. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.
 
 
 
@@ -1446,8 +1448,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Use of location services
 Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

            
-**Group Policy.** To enable or disable location services, use the **Turn off location** group policy setting in User Configuration\Windows Components\Location and Sensors.

            
-**Intune.** To enable or disable location services, use the **Allow geolocation** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+Group Policy. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.

            
+Intune. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.
 
 
 
@@ -1455,8 +1457,8 @@ Use the information in Table 17 to help you determine whether you need to config
 
 Changing wallpaper
 Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.

            
-**Group Policy.** To configure the wallpaper, use the **Desktop WallPaper** setting in User Configuration\Administrative Templates\Desktop\Desktop.

            
-**Intune.** Not available.
+Group Policy. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.

            
+Intune. Not available.
 
 
 
@@ -1464,7 +1466,7 @@ Use the information in Table 17 to help you determine whether you need to config
 
 
 
            
-*Table 17. Recommended settings for educational institutions*
+Table 17. Recommended settings for educational institutions
 
 ### Configure settings by using Group Policy
 
@@ -1657,10 +1659,10 @@ Table 19 lists the school and individual classroom maintenance tasks, the resour
 Verify that Windows Update is active and current with operating system and software updates.

            
 For more information about completing this task when you have:
 
              
-
            • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
              • 
-
            • Group Policy, see [Windows Update for Business](https://technet.microsoft.com/itpro/windows/plan/windows-update-for-business).
              • 
-
            • WSUS, see [Windows Server Update Services](https://msdn.microsoft.com/library/bb332157.aspx).
              • 
-
            • Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10).
              • 
+
            • Intune, see Keep Windows PCs up to date with software updates in Microsoft Intune.
              • 
+
            • Group Policy, see Windows Update for Business.
              • 
+
            • WSUS, see Windows Server Update Services.
              • 
+
            • Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in Windows 10 help.
              • 
 
            
 
 x
@@ -1670,7 +1672,7 @@ For more information about completing this task when you have:
 
 
 Verify that Windows Defender is active and current with malware Security intelligence.

            
-For more information about completing this task, see [Turn Windows Defender on or off](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab02) and [Updating Windows Defender](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab03).
+For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender.
 
 x
 x
@@ -1679,7 +1681,7 @@ For more information about completing this task, see [Turn Windows Defender on o
 
 
 Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

            
-For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses).
+For more information about completing this task, see the “How do I find and remove a virus?” topic in Protect my PC from viruses.
 
 x
 x
@@ -1690,8 +1692,8 @@ For more information about completing this task, see the “How do I find and re
 Download and approve updates for Windows 10, apps, device driver, and other software.

            
 For more information, see:
 
 
 x
@@ -1701,7 +1703,7 @@ For more information, see:
 
 
 Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

            
-For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing).
+For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options.
 
 
 x
@@ -1712,9 +1714,9 @@ For more information about Windows 10 servicing options for updates and upgrades
 Refresh the operating system and apps on devices.

            
 For more information about completing this task, see the following resources:
 
 
 
@@ -1726,8 +1728,8 @@ For more information about completing this task, see the following resources:
 Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.

            
 For more information, see:
 
 
 
@@ -1740,8 +1742,8 @@ For more information, see:
 Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

            
 You can also deploy Microsoft Store apps directly to devices by using Intune, System Center Configuration Manager, or both in a hybrid configuration. For more information, see:
 
 
 
@@ -1753,8 +1755,8 @@ You can also deploy Microsoft Store apps directly to devices by using Intune, Sy
 Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure).

            
 For more information about how to:
 
              
-
            • Remove unnecessary user accounts, see [Active Directory Administrative Center](https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/adac/active-directory-administrative-center).
              • 
-
            • Remove licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
              • 
+
            • Remove unnecessary user accounts, see Active Directory Administrative Center.
              • 
+
            • Remove licenses, see Assign or remove licenses for Office 365 for business.
              • 
 
            
 
 
@@ -1767,8 +1769,8 @@ For more information about how to:
 Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure).

            
 For more information about how to:
 
              
-
            • Add user accounts, see [Bulk-import user and group accounts into AD DS](#bulk-import-user-and-group-accounts-into-ad-ds).
              • 
-
            • Assign licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
              • 
+
            • Add user accounts, see Bulk-import user and group accounts into AD DS.
              • 
+
            • Assign licenses, see Assign or remove licenses for Office 365 for business.
              • 
 
            
 
 
@@ -1780,8 +1782,8 @@ For more information about how to:
 Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure).

            
 For more information about how to:
 
              
-
            • Remove unnecessary user accounts, see [Delete or restore users](https://support.office.com/en-us/article/Delete-or-restore-users-d5155593-3bac-4d8d-9d8b-f4513a81479e).
              • 
-
            • Remove licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
              • 
+
            • Remove unnecessary user accounts, see Delete or restore users.
              • 
+
            • Remove licenses, see Assign or remove licenses for Office 365 for business.
              • 
 
            
 
 
@@ -1793,8 +1795,8 @@ For more information about how to:
 Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).

            
 For more information about how to:
 
              
-
            • Add user accounts, see [Add users to Office 365 for business](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc) and [Add users individually or in bulk to Office 365](https://www.youtube.com/watch?v=zDs3VltTJps).
              • 
-
            • Assign licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
              • 
+
            • Add user accounts, see Add users to Office 365 for business and Add users individually or in bulk to Office 365.
              • 
+
            • Assign licenses, see Assign or remove licenses for Office 365 for business.
              • 
 
            
 
 
@@ -1806,8 +1808,8 @@ For more information about how to:
 Create or modify security groups, and manage group membership in Office 365.

            
 For more information about how to:
 
              
-
            • Create or modify security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
              • 
-
            • Manage group membership, see [Manage Group membership in the Office 365 admin center](https://support.office.com/en-us/article/Manage-Group-membership-in-the-Office-365-admin-center-e186d224-a324-4afa-8300-0e4fc0c3000a).
              • 
+
            • Create or modify security groups, see Create an Office 365 Group in the admin center.
              • 
+
            • Manage group membership, see Manage Group membership in the Office 365 admin center.
              • 
 
            
 
 
@@ -1817,7 +1819,7 @@ For more information about how to:
 
 
 Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

            
-For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Create and manage distribution groups](https://technet.microsoft.com/library/bb124513.aspx) and [Create, edit, or delete a security group](https://support.office.com/en-us/article/Create-edit-or-delete-a-security-group-55C96B32-E086-4C9E-948B-A018B44510CB).
+For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Create and manage distribution groups and Create, edit, or delete a security group.
 
 
 x
@@ -1826,7 +1828,7 @@ For more information about how to create or modify Exchange Online or Exchange S
 
 
 Install new student devices.

            
-Follow the same steps you followed in the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.
+Follow the same steps you followed in the Deploy Windows 10 to devices section.
 
 
 
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 319f6b217d..1f7820db7b 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.pagetype: edu
 ms.sitesec: library
 ms.localizationpriority: medium
-author: craigash
-ms.author: celested
-ms.date: 10/30/2017
+author: levinec
+ms.author: ellevin
+ms.date: 05/21/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Deploy Windows 10 in a school
@@ -64,7 +66,7 @@ This school configuration has the following characteristics:
 
 Office 365 Education allows:
 
-- Students and faculty to use Microsoft Office Online to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
+- Students and faculty to use Microsoft Office to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
 - Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
 - Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, administration, and faculty.
 - Teachers to employ Sway to create interactive educational digital storytelling.
@@ -174,7 +176,7 @@ Complete the following steps to select the appropriate Office 365 Education lice
 
 
          • Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 1 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.
            • 
 
            
-*Table 1. Comparison of standard and Microsoft Office 365 ProPlus plans*
+Table 1. Comparison of standard and Microsoft Office 365 ProPlus plans
 
            
 @@ -198,7 +200,7 @@ Complete the following steps to select the appropriate Office 365 Education lice
 
            
 The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
 
            
-
          • Determine whether students or faculty need Azure Rights Management.
            You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management](https://technet.microsoft.com/library/jj585024.aspx).
            • 
+
          • Determine whether students or faculty need Azure Rights Management.
            You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see Azure Rights Management.
          • Record the Office 365 Education license plans needed for the classroom in Table 2.

            
 
 *Table 2. Office 365 Education license plans needed for the classroom*
@@ -222,7 +224,7 @@ The best user experience is to run Office 365 ProPlus or use native Office apps
 
 
            • 
 

 
            
 
            
-You will use the Office 365 Education license plan information you record in Table 2 in the [Create user accounts in Office 365](#create-user-accounts-in-office-365) section of this guide.
+You will use the Office 365 Education license plan information you record in Table 2 in the Create user accounts in Office 365 section of this guide.
 
 ### Create a new Office 365 Education subscription
 
@@ -233,11 +235,11 @@ To create a new Office 365 Education subscription for use in the classroom, use
 #### To create a new Office 365 subscription
 
 1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
-   
+
    **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window in one of the following:
-  - Microsoft Edge by opening the Microsoft Edge app, either pressing Ctrl+Shift+P or clicking or tapping **More actions**, and then clicking or tapping **New InPrivate window**.
-  - Internet Explorer 11 by opening Internet Explorer 11, either pressing Ctrl+Shift+P or clicking or tapping **Settings**, clicking or tapping **Safety**, and then clicking or tapping **InPrivate Browsing**.
-  
+   - Microsoft Edge by opening the Microsoft Edge app, either pressing Ctrl+Shift+P or clicking or tapping **More actions**, and then clicking or tapping **New InPrivate window**.
+   - Internet Explorer 11 by opening Internet Explorer 11, either pressing Ctrl+Shift+P or clicking or tapping **Settings**, clicking or tapping **Safety**, and then clicking or tapping **InPrivate Browsing**.
+
 2. On the **Get started** page, type your school email address in the **Enter your school email address** box, and then click **Sign up**. You will receive an email in your school email account.
 3. Click the hyperlink in the email in your school email account.
 4. On the **One last thing** page, complete your user information, and then click **Start**. The wizard creates your new Office 365 Education subscription, and you are automatically signed in as the administrative user you specified when you created the subscription.
@@ -275,12 +277,13 @@ All new Office 365 Education subscriptions have automatic tenant join enabled by
 *Table 3. Windows PowerShell commands to enable or disable Automatic Tenant Join*
 
 
-| Action | Windows PowerShell command |
-|------- |----------------------------|
-| Enable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`|
-| Disable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $false`|
+| Action  |                Windows PowerShell command                 |
+|---------|-----------------------------------------------------------|
+| Enable  | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`  |
+| Disable | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $false` |
+
 
            
-**Note**  If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
+Note  If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
 
 ### Disable automatic licensing
 
@@ -292,10 +295,12 @@ Although all new Office 365 Education subscriptions have automatic licensing ena
 
 *Table 4. Windows PowerShell commands to enable or disable automatic licensing*
 
-| Action | Windows PowerShell command|
-| -------| --------------------------|
-| Enable |`Set-MsolCompanySettings -AllowAdHocSubscriptions $true`|
-|Disable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $false`|
+
+| Action  |                Windows PowerShell command                 |
+|---------|-----------------------------------------------------------|
+| Enable  | `Set-MsolCompanySettings -AllowAdHocSubscriptions $true`  |
+| Disable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $false` |
+
 
            
 ### Enable Azure AD Premium
 
@@ -378,15 +383,15 @@ You can deploy the Azure AD Connect tool by using one of the following methods:
 
 - **On premises.** As shown in Figure 6, Azure AD Connect runs on premises, which has the advantage of not requiring a virtual private network (VPN) connection to Azure. It does, however, require a virtual machine (VM) or physical server.
 
- ![fig 6](images/deploy-win-10-school-figure6.png)
+  ![fig 6](images/deploy-win-10-school-figure6.png)
 
- *Figure 6. Azure AD Connect on premises*
+  *Figure 6. Azure AD Connect on premises*
 
 - **In Azure**. As shown in Figure 7, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
 
- ![fig 7](images/deploy-win-10-school-figure7.png)
+  ![fig 7](images/deploy-win-10-school-figure7.png)
 
- *Figure 7. Azure AD Connect in Azure*
+  *Figure 7. Azure AD Connect in Azure*
 
 This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/library/dn635310.aspx).
 
@@ -437,11 +442,13 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 
 *Table 5. AD DS bulk-import account methods*
 
-|Method | Description and reason to select this method |
-|-------| ---------------------------------------------|
-|Ldifde.exe |This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
-|VBScript | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).|
-|Windows PowerShell| This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
+
+|       Method       |                                                                                                                                                                                                                                                                                                                                         Description and reason to select this method                                                                                                                                                                                                                                                                                                                                         |
+|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|     Ldifde.exe     | This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). |
+|      VBScript      |                                                                                                             This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).                                                                                                              |
+| Windows PowerShell |                                                                          This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).                                                                          |
+
 
            
 ### Create a source file that contains the user and group accounts
 
@@ -449,11 +456,13 @@ After you have selected your user and group account bulk import method, you’re
 
 *Table 6. Source file format for each bulk import method*
 
-| Method | Source file format |
-|--------| -------------------|
-|Ldifde.exe|Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
-|VBScript | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx).|
-| Windows PowerShell| Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
+
+|       Method       |                                                                                                                                                                                                                                                                                                      Source file format                                                                                                                                                                                                                                                                                                       |
+|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|     Ldifde.exe     | Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). |
+|      VBScript      |                                                                                                                              VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx).                                                                                                                              |
+| Windows PowerShell |                               Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).                               |
+
 
            
 ### Import the user accounts into AD DS
 
@@ -554,15 +563,17 @@ After you create the Microsoft Store for Business portal, configure it by using
 
 *Table 7. Menu selections to configure Microsoft Store for Business settings*
 
-| Menu selection        | What you can do in this menu |
-|---------------| -------------------|
-|Account information|Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Portal. For more information, see [Update Microsoft Store for Business account settings](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings).|
-|Device Guard signing|Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide).|
-|LOB publishers| Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps).|
-|Management tools| Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-with-management-tool).|
-|Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing-model).|
-|Permissions|Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/roles-and-permissions-windows-store-for-business).|
-|Private store|Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store).|
+
+|    Menu selection    |                                                                                                                                                                                  What you can do in this menu                                                                                                                                                                                  |
+|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Account information  |              Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Portal. For more information, see [Update Microsoft Store for Business account settings](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings).               |
+| Device Guard signing |                                                                           Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide).                                                                            |
+|    LOB publishers    |            Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps).             |
+|   Management tools   |                                                                    Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-with-management-tool).                                                                    |
+|  Offline licensing   |                                                       Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing-model).                                                        |
+|     Permissions      | Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/roles-and-permissions-windows-store-for-business). |
+|    Private store     | Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store). |
+
 
            
 ### Find, acquire, and distribute apps in the portal
 
@@ -593,11 +604,12 @@ Depending on your school’s requirements, you may need any combination of the f
 
 - **Windows 10 Home**. Use this operating system to upgrade existing eligible institution-owned and personal devices that are running Windows 8.1 Home or Windows 7 Home to Windows 10 Home.
 - **Windows 10 Pro**. Use this operating system to:
- - Upgrade existing eligible institution-owned and personal devices running Windows 8.1 Pro or Windows 7 Professional to Windows 10 Pro.
- - Deploy new instances of Windows 10 Pro to devices so that new devices have a known configuration.
+  - Upgrade existing eligible institution-owned and personal devices running Windows 8.1 Pro or Windows 7 Professional to Windows 10 Pro.
+  - Deploy new instances of Windows 10 Pro to devices so that new devices have a known configuration.
 - **Windows 10 Education**. Use this operating system to:
- - Upgrade institution-owned devices to Windows 10 Education.
- - Deploy new instances of Windows 10 Education so that new devices have a known configuration.
+  - Upgrade institution-owned devices to Windows 10 Education.
+  - Deploy new instances of Windows 10 Education so that new devices have a known configuration.
+- **Windows 10 Pro Education**. Use this operating system to upgrade existing eligible institution-owned devices running Windows 10 Pro Education, version 1903 or later, to Windows 10 Education using [subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation).
 
 **Note**  Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business. These features are not available in Windows 10 Home.
 
@@ -657,7 +669,7 @@ Select this method when you want to deploy Windows over-the-network and perform
 
          • Deploys images more slowly than when using local media.
            • 
 
          • Requires no additional infrastructure.
            • 
 
          
- 
+
 Select this method when you want to deploy Windows over-the-network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.
 
 
@@ -704,7 +716,7 @@ The first step in preparation for Windows 10 deployment is to configure—that i
 
 
 1. Import operating systems
-Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).
+Import the operating systems that you selected in the Select operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench.
 
 
 
@@ -718,7 +730,7 @@ Import device drivers for each device in your institution. For more information
 
 
 3. Create MDT applications for Microsoft Store apps
-Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using *sideloading*, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called *provisioned apps*). Use this method to deploy up to 24 apps to Windows 10.

          
+Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

          
 
 Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files from the app software vendor directly. If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

          
 
@@ -726,8 +738,8 @@ If you have Intune, you can deploy Microsoft Store apps after you deploy Windows
 
 In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:

          
 
            
-
          • Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](https://technet.microsoft.com/itpro/windows/deploy/sideload-apps-in-windows-10).
            • 
-
          • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
            • 
+
          • Prepare your environment for sideloading, see Sideload LOB apps in Windows 10.
            • 
+
          • Create an MDT application, see Create a New Application in the Deployment Workbench.
            • 
 
          
 
 
@@ -784,9 +796,9 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 
 1. Set up and configure Windows Deployment Services.
          Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution. For more information about how to perform this step, see the following resources:
 
-  - [Windows Deployment Services overview](https://technet.microsoft.com/library/hh831764.aspx)
-  - The Windows Deployment Services Help file, included in Windows Deployment Services
-  - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx)
+   - [Windows Deployment Services overview](https://technet.microsoft.com/library/hh831764.aspx)
+   - The Windows Deployment Services Help file, included in Windows Deployment Services
+   - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx)
 
 2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
          The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices).
 
@@ -900,89 +912,89 @@ Microsoft has several recommended settings for educational institutions. Table 1
 
 Use of Microsoft accounts
 You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

          
-**Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

          
-**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/library/jj966262.aspx?f=255&MSPPError=-2147217396) Group Policy setting to use the Users can’t add Microsoft accounts setting option.

          
-**Intune.** Enable or disable the camera by using the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.
+Note  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

          
+Group Policy. Configure the Accounts: Block Microsoft accounts Group Policy setting to use the Users can’t add Microsoft accounts setting option.

          
+Intune. Enable or disable the camera by using the Allow Microsoft account, Allow adding non-Microsoft accounts manually, and Allow settings synchronization for Microsoft accounts policy settings under the Accounts and Synchronization section of a Windows 10 General Configuration policy.
 
 
 
 
 Restrict local administrator accounts on the devices
 Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

          
-**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/library/cc732525.aspx).

          
-**Intune**. Not available.
+Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

          
+Intune. Not available.
 
 
 
 
 Restrict the local administrator accounts on the devices
 Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

          
-**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/library/cc732525.aspx).

          
-**Intune**. Not available.
+Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

          
+Intune. Not available.
 
 
 
 
 Manage the built-in administrator account created during device deployment
 When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.

          
-**Group Policy**. Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/library/cc747484.aspx). You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/library/jj852165.aspx).

          
-**Intune**. Not available.
+Group Policy. Rename the built-in Administrator account by using the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status.

          
+Intune. Not available.
 
 
 
 
 Control Microsoft Store access
 You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

          
-**Group Policy**. You can disable the Microsoft Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/library/hh832040.aspx#BKMK_UseGP).

          
-**Intune**. You can enable or disable the camera by using the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration** policy.
+Group Policy. You can disable the Microsoft Store app by using the Turn off the Store Application Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?.

          
+Intune. You can enable or disable the camera by using the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.
 
 
 
 
 Use of Remote Desktop connections to devices
 Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

          
-**Group Policy**. You can enable or disable Remote Desktop connections to devices by using the **Allow Users to connect remotely using Remote Desktop setting** in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

          
-**Intune**. Not available.
+Group Policy. You can enable or disable Remote Desktop connections to devices by using the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

          
+Intune. Not available.
 
 
 
 
 Use of camera
 A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

          
-**Group Policy**. Not available.

          
-**Intune**. You can enable or disable the camera by using the **Allow camera** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+Group Policy. Not available.

          
+Intune. You can enable or disable the camera by using the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.
 
 
 
 
 Use of audio recording
 Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

          
-**Group Policy**. You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](https://technet.microsoft.com/library/ee791894(v=ws.10).aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/library/ee791899.aspx).

          
-**Intune**. You can enable or disable the camera by using the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy.
+Group Policy. You can disable the Sound Recorder app by using the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in Editing an AppLocker Policy and Create Your AppLocker Policies.

          
+Intune. You can enable or disable the camera by using the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.
 
 
 
 
 Use of screen capture
 Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

          
-**Group Policy**. Not available.

          
-**Intune**. You can enable or disable the camera by using the **Allow screen capture** policy setting in the **System** section of a **Windows 10 General Configuration** policy.
+Group Policy. Not available.

          
+Intune. You can enable or disable the camera by using the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.
 
 
 
 
 Use of location services
 Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

          
-**Group Policy**. You can enable or disable location services by using the **Turn off location** Group Policy setting in User Configuration\Windows Components\Location and Sensors.

          
-**Intune**. You can enable or disable the camera by using the **Allow geolocation** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+Group Policy. You can enable or disable location services by using the Turn off location Group Policy setting in User Configuration\Windows Components\Location and Sensors.

          
+Intune. You can enable or disable the camera by using the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.
 
 
 
 
 Changing wallpaper
 Displaying a custom wallpaper can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or the device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on your devices.

          
-**Group Policy**. You can configure the wallpaper by using the **Desktop WallPaper** setting in User Configuration\Administrative Templates\Desktop\Desktop.

          
-**Intune**. Not available.
+Group Policy. You can configure the wallpaper by using the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.

          
+Intune. Not available.
 
 
 
@@ -1034,13 +1046,16 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in
 
 *Table 12. Deployment preparation checklist*
 
-|Task |      |
-| ---| --- |
-|   |The target devices have sufficient system resources to run Windows 10. |
-|   | Identify the necessary devices drivers, and import them to the MDT deployment share.|
-|   | Create an MDT application for each Microsoft Store and Windows desktop app.|
-|   | Notify the students and faculty about the deployment.|
+
+| Task |                                                                                      |
+|------|--------------------------------------------------------------------------------------|
+|      |        The target devices have sufficient system resources to run Windows 10.        |
+|      | Identify the necessary devices drivers, and import them to the MDT deployment share. |
+|      |     Create an MDT application for each Microsoft Store and Windows desktop app.      |
+|      |                Notify the students and faculty about the deployment.                 |
+
 
          
+
 ### Perform the deployment
 
 Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. 
@@ -1123,10 +1138,10 @@ Table 13 lists the school and individual classroom maintenance tasks, the resour
 Verify that Windows Update is active and current with operating system and software updates.

          
 For more information about completing this task when you have:
 
            
-
          • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
            • 
-
          • Group Policy, see [Windows Update for Business](https://technet.microsoft.com/itpro/windows/plan/windows-update-for-business).
            • 
-
          • Windows Server Update Services (WSUS), see [Windows Server Update Services](https://msdn.microsoft.com/library/bb332157.aspx?f=255&MSPPError=-2147217396).
            • 
-
          • Neither Intune, Group Policy, or WSUS, see [Update Windows 10](https://windows.microsoft.com/en-id/windows-10/update-windows-10)
            • 
+
          • Intune, see Keep Windows PCs up to date with software updates in Microsoft Intune.
            • 
+
          • Group Policy, see Windows Update for Business.
            • 
+
          • Windows Server Update Services (WSUS), see Windows Server Update Services.
            • 
+
          • Neither Intune, Group Policy, or WSUS, see Update Windows 10
            • 
 
          
 
 X
@@ -1136,7 +1151,7 @@ For more information about completing this task when you have:
 
 
 Verify that Windows Defender is active and current with malware Security intelligence.

          
-For more information about completing this task, see [Turn Windows Defender on or off](https://windows.microsoft.com/en-us/windows-10/how-to-protect-your-windows-10-pc#v1h=tab01) and [Updating Windows Defender](https://windows.microsoft.com/en-us/windows-10/how-to-protect-your-windows-10-pc#v1h=tab03). 
+For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender. 
 X
 X
 X
@@ -1144,7 +1159,7 @@ For more information about completing this task, see [Turn Windows Defender on o
 
 
 Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

          
-For more information about completing this task, see [How do I find and remove a virus?](https://windows.microsoft.com/en-US/windows-8/how-find-remove-virus)
+For more information about completing this task, see How do I find and remove a virus?
 
 X
 X
@@ -1153,7 +1168,7 @@ For more information about completing this task, see [How do I find and remove a
 
 
 Verify that you are using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

           
-For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options for updates and upgrades](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing).
+For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options for updates and upgrades.
 
 X
 X
@@ -1161,7 +1176,7 @@ For more information about Windows 10 servicing options for updates and upgrades
 
 
 Refresh the operating system and apps on devices.

          
-For more information about completing this task, see the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.
+For more information about completing this task, see the Deploy Windows 10 to devices section.
 
 
 
@@ -1171,7 +1186,7 @@ For more information about completing this task, see the [Deploy Windows 10 to d
 
 
 Install any new Windows desktop apps or update any Windows desktop apps that are used in the curriculum.

          
-For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.
+For more information, see the Deploy apps by using Intune section.
 
 
 
@@ -1182,7 +1197,7 @@ For more information, see the [Deploy apps by using Intune](#deploy-apps-by-usin
 
 Install new or update existing Microsoft Store apps that are used in the curriculum.

          
 Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

          
-You can also deploy Microsoft Store apps directly to devices by using Intune. For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.
+You can also deploy Microsoft Store apps directly to devices by using Intune. For more information, see the Deploy apps by using Intune section.
 
 
 
@@ -1194,8 +1209,8 @@ You can also deploy Microsoft Store apps directly to devices by using Intune. Fo
 Remove unnecessary user accounts (and corresponding licenses) from Office 365.

          
 For more information about how to:
 
            
-
          • Remove unnecessary user accounts, see [Delete or restore users](https://support.office.com/en-us/article/Delete-or-restore-users-d5155593-3bac-4d8d-9d8b-f4513a81479e?ui=en-US&rs=en-US&ad=US).
            • 
-
          • Unassign licenses, see [Assign or unassign licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-unassign-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
            • 
+
          • Remove unnecessary user accounts, see Delete or restore users.
            • 
+
          • Unassign licenses, see Assign or unassign licenses for Office 365 for business.
            • 
 
          
 
 
@@ -1208,8 +1223,8 @@ For more information about how to:
 Add new accounts (and corresponding licenses) to Office 365.

          
 For more information about how to:
 
            
-
          • Add user accounts, see [Add users to Office 365 for business](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc) and [Add users individually or in bulk to Office 365](https://www.youtube.com/watch?v=zDs3VltTJps).
            • 
-
          • Assign licenses, see [Assign or unassign licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-unassign-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).
            • 
+
          • Add user accounts, see Add users to Office 365 for business and Add users individually or in bulk to Office 365.
            • 
+
          • Assign licenses, see Assign or unassign licenses for Office 365 for business.
            • 
 
          
 
 
@@ -1221,8 +1236,8 @@ For more information about how to:
 Create or modify security groups and manage group membership in Office 365.

          
 For more information about how to:
 
            
-
          • Create or modify security groups, see [View, create, and delete Groups in the Office 365 admin center](https://support.office.com/en-us/article/View-create-and-delete-groups-in-the-Office-365-admin-center-a6360120-2fc4-46af-b105-6a04dc5461c7).
            • 
-
          • Manage group membership, see [Manage Group membership in the Office 365 admin center](https://support.office.com/en-us/article/Manage-Group-membership-in-the-Office-365-admin-center-e186d224-a324-4afa-8300-0e4fc0c3000a).
            • 
+
          • Create or modify security groups, see View, create, and delete Groups in the Office 365 admin center.
            • 
+
          • Manage group membership, see Manage Group membership in the Office 365 admin center.
            • 
 
          
 
 
@@ -1233,7 +1248,7 @@ For more information about how to:
 
 
 Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

          
-For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Manage Distribution Groups](https://technet.microsoft.com/library/bb124513.aspx) and [Groups in Exchange Online and SharePoint Online](https://support.office.com/en-us/article/Create-edit-or-delete-a-security-group-55C96B32-E086-4C9E-948B-A018B44510CB#__groups_in_exchange).
+For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Manage Distribution Groups and Groups in Exchange Online and SharePoint Online.
 
 
 
@@ -1243,7 +1258,7 @@ For more information about how to create or modify Exchange Online or Exchange S
 
 
 Install new student devices

          
-Follow the same steps described in the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.
+Follow the same steps described in the Deploy Windows 10 to devices section.
 
 
 
@@ -1258,10 +1273,10 @@ Follow the same steps described in the [Deploy Windows 10 to devices](#deploy-wi
 
 Now, you have identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your school configuration should match the typical school configuration that you saw in the [Plan a typical school configuration](#plan-a-typical-school-configuration) section. By performing these maintenance tasks you help ensure that your school stays secure and is configured as you specified. 
 
-##Related resources
+## Related resources
 
 
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 82c72e22f5..5ddc9d7456 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -5,9 +5,11 @@ keywords: Windows 10 deployment, recommendations, privacy settings, school
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: levinec
+ms.author: ellevin
 ms.date: 10/13/2017
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ---
 
@@ -89,19 +91,19 @@ If the school allows the use of personal or Microsoft account in addition to org
 Skype uses the user’s contact details to deliver important information about the account and it also lets friends find each other on Skype.
 
 To manage and edit your profile in the Skype UWP app, follow these steps:
-1.	In the Skype UWP app, select the user profile icon ![Skype profile icon](images/skype_uwp_userprofile_icon.png)  to go to the user’s profile page.
-2.	In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
-3.	In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
+1. In the Skype UWP app, select the user profile icon ![Skype profile icon](images/skype_uwp_userprofile_icon.png)  to go to the user’s profile page.
+2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
+3. In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
 
-    The profile page includes these sections:
+   The profile page includes these sections:
 
-        * Personal information
-        * Contact details
-        * Profile settings
+       * Personal information
+       * Contact details
+       * Profile settings
 
 4. Review the information in each section and click **Edit profile** in either or both the **Personal information** and **Contact details** sections to change the information being shared. You can also remove the checks in the **Profile settings** section to change settings on discoverability, notifications, and staying in touch.
-5.	If you do not wish the name to be included, edit the fields and replace the fields with **XXX**.
-6.	To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
+5. If you do not wish the name to be included, edit the fields and replace the fields with **XXX**.
+6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
 
    ![Skype profile icon](images/skype_uwp_manageprofilepic.png)
 
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index af93be32ee..e23fe11c3d 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -8,9 +8,11 @@ ms.sitesec: library
 ms.localizationpriority: medium
 searchScope:
   - Store
-author: trudyha
-ms.author: trudyha
+author: levinec
+ms.author: ellevin
 ms.date: 03/30/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Working with Microsoft Store for Education
@@ -172,4 +174,4 @@ You can manage your orders through Microsoft Store for Business. For info on ord
 It can take up to 24 hours after a purchase, before a receipt is available on your **Order history page**. 
 
 > [!NOTE]
-For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call. 
\ No newline at end of file
+> For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call. 
diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md
index f58a24b82c..0862548ea6 100644
--- a/education/windows/enable-s-mode-on-surface-go-devices.md
+++ b/education/windows/enable-s-mode-on-surface-go-devices.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: kaushika-msft
-ms.author: kaushik
+author: levinec
+ms.author: ellevin
 ms.date: 07/30/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Surface Go for Education - Enabling S mode
@@ -34,30 +36,30 @@ Here are some things you’ll need before attempting any of these procedures:
 Like enterprise administrators performing large-scale deployment of customized Windows images, education customers can create their own customized Windows images for deployment to multiple classroom devices. An education customer who plans to follow [a traditional image-based deployment
 process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-scenarios#traditional-deployment) using a Windows 10 Pro (1803) image for Surface Go devices can enable S mode as follows:
 
-1.  Use DISM to mount your offline Windows 10 Pro (1803) image.
+1. Use DISM to mount your offline Windows 10 Pro (1803) image.
 
    ```
    dism /Mount-image /imagefile:\ {/Index:\ | /Name:\} /MountDir:\
    ```
 
-2.  Create an unattend.xml answer file, adding the
-    amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing
-    and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”.
-    The resulting xml should look like this…
+2. Create an unattend.xml answer file, adding the
+   amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing
+   and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”.
+   The resulting xml should look like this…
 
    Copy
    ```
-    
-     
-         1
-      
-     
+   
+    
+        1
+     
+    
    ```
 3. Save the answer file in the **Windows\Panther** folder of your mounted image as unattend.xml.
 4. Use DISM to apply the unattend.xml file and enable S Mode:
@@ -75,7 +77,7 @@ process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-sce
       ```
          dism /Unmount-image /MountDir:C:\\mount /Commit
       ```
->Note: don’t forget the /Commit parameter to ensure you don’t lose your
+   >Note: don’t forget the /Commit parameter to ensure you don’t lose your
     changes.
 
 Your Windows 10 Pro (1803) image now has S mode enabled and is ready to deploy to Surface Go devices.
diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md
index d0b001b4b7..29c261f768 100644
--- a/education/windows/get-minecraft-device-promotion.md
+++ b/education/windows/get-minecraft-device-promotion.md
@@ -6,11 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: trudyha
+author: levinec
 searchScope:
   - Store
-ms.author: trudyha
+ms.author: ellevin
 ms.date: 06/05/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Get Minecraft: Education Edition with Windows 10 device promotion
@@ -85,4 +87,4 @@ After that, we’ll add the appropriate number of Minecraft: Education Edition l
 Teachers or admins can distribute the licenses:
 - [Learn how teachers can distribute **Minecraft: Education Edition**](teacher-get-minecraft.md#distribute-minecraft)
 - [Learn how IT administrators can distribute **Minecraft: Education Edition**](school-get-minecraft.md#distribute-minecraft)
--->
\ No newline at end of file
+-->
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 2f77a266c0..0908c78b04 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -6,11 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: trudyha
+author: levinec
 searchScope:
   - Store
-ms.author: trudyha
+ms.author: ellevin
 ms.date: 01/29/2019
+ms.reviewer: 
+manager: dansimp
 ms.topic: conceptual
 ---
 
@@ -33,9 +35,9 @@ Teachers and IT administrators can now get early access to **Minecraft: Educatio
  
 - **Minecraft: Education Edition** requires Windows 10.
 - Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD).
-    - If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
-    * Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
-    * If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/library/windows/hardware/mt703369%28v=vs.85%29.aspx)
+  - If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
+  - Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
+  - If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/library/windows/hardware/mt703369%28v=vs.85%29.aspx)
 
  
 
diff --git a/education/windows/index.md b/education/windows/index.md
index d30a753c88..0f1dedb139 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -18,28 +18,28 @@ ms.date: 10/13/2017
 
 ## ![Learn more about Windows](images/education.png) Learn
 
-
          [Windows 10 editions for education customers](windows-editions-for-education-customers.md)
          Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
          
-
          [Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
          Find out more about the features and functionality we support in each edition of Windows.
          
-
          [Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
          When you've made your decision, find out how to buy Windows for your school.
          
+
          Windows 10 editions for education customers
          Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
          
+
          Compare each Windows edition
          Find out more about the features and functionality we support in each edition of Windows.
          
+
          Get Windows 10 Education or Windows 10 Pro Education
          When you've made your decision, find out how to buy Windows for your school.
          
 
 ## ![Plan for Windows 10 in your school](images/clipboard.png) Plan
 
-
          [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)
          Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school.
          
-
          [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
          Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
          
-[Get Minecraft Education Edition](get-minecraft-for-education.md)
          Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
          
-
          [Take tests in Windows 10](take-tests-in-windows-10.md)
          Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
          
-
          [Chromebook migration guide](chromebook-migration-guide.md)
          Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
          
+
          Windows 10 configuration recommendations for education customers
          Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school.
          
+
          Deployment recommendations for school IT administrators
          Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
          
+Get Minecraft Education Edition
          Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
          
+
          Take tests in Windows 10
          Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
          
+
          Chromebook migration guide
          Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
          
 
 ## ![Deploy Windows 10 for Education](images/PCicon.png) Deploy
 
-
          [Set up Windows devices for education](set-up-windows-10.md)
          Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
          
-
          [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
          Get step-by-step guidance to help you deploy Windows 10 in a school environment.
          
-
          [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
          Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
          
-
          [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md)
          Test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
          
+
          Set up Windows devices for education
          Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
          
+
          Deploy Windows 10 in a school
          Get step-by-step guidance to help you deploy Windows 10 in a school environment.
          
+
          Deploy Windows 10 in a school district
          Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
          
+
          Test Windows 10 S on existing Windows 10 education devices
          Test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
          
 
 ## ![Switch to Windows 10 for Education](images/windows.png) Switch
 
-
          [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
          If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
          
+
          Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S
          If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
          
 
 
 ## Windows 8.1
diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md
index 363cc0b93e..d92973b13b 100644
--- a/education/windows/s-mode-switch-to-edu.md
+++ b/education/windows/s-mode-switch-to-edu.md
@@ -8,7 +8,10 @@ ms.prod: w10
 ms.sitesec: library
 ms.pagetype: edu
 ms.date: 12/03/2018
-author: jaimeo
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
+author: mjcaparas
 ---
 
 # Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
@@ -68,4 +71,4 @@ Tenant-wide Windows 10 Pro > Pro Education
 [FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
          
 [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
           
 [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) 
          
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
\ No newline at end of file
+[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 1437894aa9..00a5baee8a 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -6,11 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: trudyha
+author: levinec
 searchScope:
   - Store
-ms.author: trudyha
+ms.author: ellevin
 ms.date: 01/30/2019
+ms.reviewer: 
+manager: dansimp
 ms.topic: conceptual
 ---
 
@@ -115,7 +117,7 @@ After you've finished the purchase, you can find your invoice by checking **Mine
 
 4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
 
-  ![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-invoice-bills.png)
+   ![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-invoice-bills.png)
 
 The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check. 
 
@@ -154,7 +156,7 @@ For Minecraft: Education Edition, you can use auto assign subscription to contro
      
     ![Minecraft Education Edition product page with auto assign control highlighted.](images/mcee-auto-assign-legacy.png)
  
- -Or-
+   -Or-
  
     ![Minecraft Education Edition product page with auto assign control highlighted.](images/mcee-auto-assign-bd.png)
     
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index 98cc4a6b9c..7b8f55bb14 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -7,14 +7,16 @@ ms.mktglfcycl: plan
 ms.sitesec: library  
 ms.pagetype: edu  
 ms.localizationpriority: medium  
-author: lenewsad  
-ms.author: lanewsad  
+author: levinec
+ms.author: ellevin
 ms.date: 01/11/2019
+ms.reviewer: 
+manager: dansimp
 ---  
 
 # Azure AD Join for school PCs  
 
->   [!NOTE]  
+> [!NOTE]
 >   Set up School PCs app uses Azure AD Join to configure PCs. The app is helpful if you use the cloud based directory, Azure Active Directory (AD). If your organization uses Active Directory or requires no account to connect, install and use [Windows Configuration
 >   Designer](set-up-students-pcs-to-join-domain.md) to 
 >   join your PCs to your school's domain.
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 030e698372..48a2aa9549 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library  
 ms.pagetype: edu  
 ms.localizationpriority: medium  
-author: lenewsad  
-ms.author: lanewsad  
+author: mjcaparas
+ms.author: macapara
 ms.date: 10/17/2018  
+ms.reviewer: 
+manager: dansimp
 ---  
 
 # What's in my provisioning package?
@@ -52,34 +54,34 @@ This section lists only the MDM and local group policies that are configured uni
 For a more detailed look of each policy listed, see [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.  
 
 
-|Policy name  |Default value |Description |
-|---------|---------|---------|
-|Authority|User-defined  | Authenticates the admin user. Value is set automatically when signed in to Azure AD.
-|BPRT|User-defined| Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package. |
-|WLAN Setting| XML is generated from the Wi-Fi profile in the Set up School PCs app.| Configures settings for wireless connectivity.| 
-|Hide OOBE for desktop| True | Hides the interactive OOBE flow for Windows 10.|
-|Download Mode|1 - HTTP blended with peering behind the same NAT|Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates|
-|Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel| Specifies how frequently devices receive preview builds and feature updates.|  
-|Allow auto update   | 4 - Auto-installs and restarts without device-user control    |  When an auto update is available, it auto-installs and restarts the device without any input or action from the device user.|
-|Configure automatic updates  | 3 - Set to install at 3am    |  Scheduled time to install updates.|
-|Update power policy for cart restarts   | 1 - Configured| Skips all restart checks to ensure that the reboot will happen at the scheduled install time. |  
-|Select when Preview Builds and Feature Updates are received   | 365 days | Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.|  
-|Allow all trusted apps |   Disabled      | Prevents untrusted apps from being installed to device        |
-|Allow developer unlock  |   Disabled     | Students cannot unlock the PC and use it in developer mode          |
-|Allow Cortana | Disabled | Cortana is not allowed on the device.
-|Allow manual MDM unenrollment   | Disabled          |   Students cannot remove the mobile device manager from their device.     |
-|Settings page visibility|Enabled |Specific pages in the System Settings app are not visible or accessible to students.|
-|Allow add provisioning package  |  Disabled         | Students cannot add and upload new provisioning packages to their device.        |
-|Allow remove provisioning package   | Disabled       | Students cannot remove packages that you've uploaded to their device, including the Set up School PCs app        |
-|Start Layout|Enabled |Lets you specify the Start layout for users and prevents them from changing the configuration.|
-|Import Edge Assets| Enabled| Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files.|  
-|Allow pinned folder downloads|1 - The shortcut is visible and disables the setting in the Settings app |Makes the Downloads shortcut on the Start menu visible to students.|
-|Allow pinned folder File Explorer|1 - The shortcut is visible and disables the setting in the Settings app |Makes the File Explorer shortcut on the Start menu visible to students.|
-|Personalization  |     Deploy lock screen image  | Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default.     | Deploys a jpg, jpeg, or png image to be used as lock screen image on the device.
-|Personalization| Lock screen image URL| Image filename| You can specify a jpg, jpeg, or png image to be used as the device lock screen image. This setting can take an http or https URL to a remote image to be downloaded, or a file URLto an existing local image. 
-|Update|Active hours end    | 5 PM       | There will be no update reboots before this time.        |
-|Update|Active hours start     |  7 AM     |  There will be no update reboots after this time.      |    
-|Updates Windows    |  Nightly       |  Sets Windows to update on a nightly basis.       |  
+|                         Policy name                         |                                 Default value                                  |                                                                                     Description                                                                                     |
+|-------------------------------------------------------------|--------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                          Authority                          |                                  User-defined                                  |                                                Authenticates the admin user. Value is set automatically when signed in to Azure AD.                                                 |
+|                            BPRT                             |                                  User-defined                                  |                                        Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package.                                        |
+|                        WLAN Setting                         |     XML is generated from the Wi-Fi profile in the Set up School PCs app.      |                                                                   Configures settings for wireless connectivity.                                                                    |
+|                    Hide OOBE for desktop                    |                                      True                                      |                                                                   Hides the interactive OOBE flow for Windows 10.                                                                   |
+|                        Download Mode                        |               1 - HTTP blended with peering behind the same NAT                |                               Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates                               |
+| Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel |                                                    Specifies how frequently devices receive preview builds and feature updates.                                                     |
+|                      Allow auto update                      |           4 - Auto-installs and restarts without device-user control           |                            When an auto update is available, it auto-installs and restarts the device without any input or action from the device user.                             |
+|                 Configure automatic updates                 |                           3 - Set to install at 3am                            |                                                                         Scheduled time to install updates.                                                                          |
+|            Update power policy for cart restarts            |                                 1 - Configured                                 |                                            Skips all restart checks to ensure that the reboot will happen at the scheduled install time.                                            |
+| Select when Preview Builds and Feature Updates are received |                                    365 days                                    |                                         Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.                                          |
+|                   Allow all trusted apps                    |                                    Disabled                                    |                                                               Prevents untrusted apps from being installed to device                                                                |
+|                   Allow developer unlock                    |                                    Disabled                                    |                                                             Students cannot unlock the PC and use it in developer mode                                                              |
+|                        Allow Cortana                        |                                    Disabled                                    |                                                                        Cortana is not allowed on the device.                                                                        |
+|                Allow manual MDM unenrollment                |                                    Disabled                                    |                                                         Students cannot remove the mobile device manager from their device.                                                         |
+|                  Settings page visibility                   |                                    Enabled                                     |                                                Specific pages in the System Settings app are not visible or accessible to students.                                                 |
+|               Allow add provisioning package                |                                    Disabled                                    |                                                      Students cannot add and upload new provisioning packages to their device.                                                      |
+|              Allow remove provisioning package              |                                    Disabled                                    |                                      Students cannot remove packages that you've uploaded to their device, including the Set up School PCs app                                      |
+|                        Start Layout                         |                                    Enabled                                     |                                           Lets you specify the Start layout for users and prevents them from changing the configuration.                                            |
+|                     Import Edge Assets                      |                                    Enabled                                     | Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files. |
+|                Allow pinned folder downloads                |    1 - The shortcut is visible and disables the setting in the Settings app    |                                                         Makes the Downloads shortcut on the Start menu visible to students.                                                         |
+|              Allow pinned folder File Explorer              |    1 - The shortcut is visible and disables the setting in the Settings app    |                                                       Makes the File Explorer shortcut on the Start menu visible to students.                                                       |
+|                       Personalization                       |                            Deploy lock screen image                            |             Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default.             |
+|                       Personalization                       |                             Lock screen image URL                              |                                                                                   Image filename                                                                                    |
+|                           Update                            |                                Active hours end                                |                                                                                        5 PM                                                                                         |
+|                           Update                            |                               Active hours start                               |                                                                                        7 AM                                                                                         |
+|                       Updates Windows                       |                                    Nightly                                     |                                                                     Sets Windows to update on a nightly basis.                                                                      |
 
 ## Apps uninstalled from Windows 10 devices
 Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device.  ALl apps uninstalled from Windows 10 devices include:  
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
index 3b3a9148a0..50b01da4f3 100644
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library  
 ms.pagetype: edu  
 ms.localizationpriority: medium  
-author: lenewsad  
-ms.author: lanewsad  
+author: mjcaparas
+ms.author: macapara
 ms.date: 07/13/2018  
+ms.reviewer: 
+manager: dansimp
 ---  
 
 # Shared PC mode for school devices
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 957af5e711..5808bdcd4d 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: lenewsad
-ms.author: lanewsad
+author: mjcaparas
+ms.author: macapara
 ms.date: 07/11/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 What is Set up School PCs?
@@ -56,7 +58,7 @@ The following table describes the Set up School PCs app features and lists each
 | [Settings roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) **via Azure AD**                                                                                                             |             |          |            | X                |
 | Synchronize student and application data across devices for a personalized experience.                                                                                                                                                          |             |          |            |                  |
 
->   [!NOTE]  
+> [!NOTE]
 >   If your school uses Active Directory, use [Windows Configuration
 >   Designer](set-up-students-pcs-to-join-domain.md) 
 >   to configure your PCs to join the domain. You can only use the Set up School
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index 4d555813ad..27ca52dfd3 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -7,15 +7,42 @@ ms.mktglfcycl: plan
 ms.sitesec: library  
 ms.pagetype: edu  
 ms.localizationpriority: medium  
-author: lenewsad  
-ms.author: lanewsad  
-ms.date: 01/11/2019 
+author: mjcaparas
+ms.author: macapara
+ms.date: 06/03/2019 
+ms.reviewer: 
+manager: dansimp
 ---  
 
 # What's new in Set up School PCs
 Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases.   
 
-## Week of December 31, 2019
+## Week of May 23, 2019   
+
+### Suspended support for Windows 10, version 1903 and later
+Due to a provisioning problem, Set up School PCs has temporarily stopped support for Windows 10, version 1903 and later. All settings in the app that were for Windows 10, version 1903 and later have been removed. When the problem is resolved, support will resume again.  
+
+### Mandatory device rename for Azure AD joined devices
+If you configure Azure AD Join, you are now required to rename your devices during setup. Set up School PCs will not let you keep existing device names.    
+
+## Week of April 15, 2019  
+
+### Support for Minecraft Education Edition upgrade
+ Set up School PCs will only add apps to the provisioning package that meet the minimum supported version for Windows 10. For example, Minecraft was the most recent store app to upgrade, and when selected, can only be installed on devices running Windows 10, version 1709 and later. If you select an earlier Windows version, Minecraft won't be added to the provisioning package.  
+
+## Week of April 8, 2019  
+
+### Apps configured as non-removeable  
+All apps that are deployed by Set up School PCs are configured on the device as non-removable apps. This feature ensures that students don't unpin or uninstall the apps they need.  
+
+### Domain name automatically added during sign-in  
+Specify your preferred Azure Active Directory tenant domain name to automatically append it to the username on the sign-in screen. With this setting, students don't need to type out long school domain names. They can sign in by typing only their unique usernames.  
+
+### Set up devices with hidden Wi-Fi network
+Set up devices so that they connect to a hidden Wi-Fi network. To configure a hidden network, open Set up School PCs. When you get to **Wireless network**, choose **Add a Wi-Fi network**. Enter in your Wi-Fi information and select **Hidden network**.  
+
+
+## Week of December 31, 2018
 
 ### Add Microsoft Whiteboard to provisioning package  
 Microsoft Whiteboard has been added to the list of Microsoft-recommended apps for schools. Whiteboard is a freeform digital canvas where ideas, content, and people come together so students can create and collaborate in real time in the classroom. You can add Whiteboard to your provisioning package in Set up School PCs, on the **Add apps** page. For more information see [Use Set up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package).  
@@ -31,7 +58,7 @@ During setup, you can now add apps from your school's Microsoft Store inventory.
 The Set up School PCs app was updated with the following changes:
 
 ### Three new setup screens added to the app
-The following screens and functionality were added to the setup workflow. Select any screenname to view the relevant steps and screenshots in the Set Up School PCs docs.  
+The following screens and functionality were added to the setup workflow. Select a screen name to view the relevant steps and screenshots in the Set Up School PCs docs.  
 
 * [**Package name**](use-set-up-school-pcs-app.md#package-name): Customize a package name to make it easy to recognize it from your school's other packages. The name is generated by Azure Active Directory and appears as the filename and as the token name in Azure AD in the Azure portal.  
 
@@ -46,7 +73,7 @@ Packages now expire 180 days from the date you create them.
 We've updated the app's **Skip** buttons to clarify the intent of each action. You'll also see an **Exit** button on the last page of the app.  
 
 ### Option to keep existing device names
-The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the orginal or existing names of your student devices.   
+The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the original or existing names of your student devices.   
 
 ### Skype and Messaging apps to be removed from student PCs by default
 We've added the Skype and Messaging app to a selection of apps that are, by default, removed from student devices.  
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index a14aa4c69b..3842e9d435 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -6,9 +6,11 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up student PCs to join domain
@@ -26,7 +28,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 
 1. In the **Account Management** step:
 
-    > [!WARNING]  
+    > [!WARNING] 
     > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
     >   - Use a least-privileged domain account to join the device to the domain.
     >   - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
@@ -36,31 +38,31 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 3. Find the **SharedPC** settings group.
     - Set **EnableSharedPCMode** to **TRUE** to configure the PC for shared use.
 4. (Optional) To configure the PC for secure testing, follow these steps.
-  1. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
-  2. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
+   1. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
+   2. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
 
-    **Figure 7** - Add the account to use for test-taking
+      **Figure 7** - Add the account to use for test-taking
 
-    ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
 
-    The account can be in one of the following formats:
-    - username
-    - domain\username
-    - computer name\\username
-    - username@tenant.com
+      The account can be in one of the following formats:
+      - username
+      - domain\username
+      - computer name\\username
+      - username@tenant.com
 
-  3. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
-    1. In **LaunchURI**, enter the assessment URL.
-    2. In **TesterAccount**, enter the test account you entered in the previous step.
+   3. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
+      1. In **LaunchURI**, enter the assessment URL.
+      2. In **TesterAccount**, enter the test account you entered in the previous step.
 
 5. To configure other settings to make Windows education ready, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) and follow the guidance on what settings you can set using Windows Configuration Designer.
 
 6. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package). 
-    - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username*\Windows Imaging and Configuration Designer (WICD)\*Project name*). 
-    - Copy the provisioning package to a USB drive.
+   - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
+   - Copy the provisioning package to a USB drive.
 
-    > [!IMPORTANT]
-    > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+     > [!IMPORTANT]
+     > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 
 ## Apply package
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 77b6702db0..8f09eb0561 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -7,9 +7,11 @@ ms.pagetype: edu
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 10/13/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Provision student PCs with apps
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index f4f62a27f3..eaa22faf91 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up Windows devices for education
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 8cfa0f104d..7106de6cfd 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 11/28/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Take a Test app technical reference 
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index c08098f28d..f1ee030a57 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 11/08/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up Take a Test on multiple PCs
@@ -50,23 +52,23 @@ You can set up a test-taking account in Intune for Education. To do this, follow
     ![Add a test profile in Intune for Education](images/i4e_takeatestprofile_addnewprofile.png)
 
 3. In the new profile page:
-  1. Enter a name for the profile.
-  2. Enter the assessment URL.
-  3. Toggle the switch to **Allow screen capture**.
-  4. Select a user account to use as the test-taking account.
-  5. Click **Save**.
+   1. Enter a name for the profile.
+   2. Enter the assessment URL.
+   3. Toggle the switch to **Allow screen capture**.
+   4. Select a user account to use as the test-taking account.
+   5. Click **Save**.
 
-    **Figure 3** - Add information about the test profile
+      **Figure 3** - Add information about the test profile
 
-    ![Add information about the test profile](images/i4e_takeatestprofile_newtestaccount.png)
+      ![Add information about the test profile](images/i4e_takeatestprofile_newtestaccount.png)
 
-    After you save the test profile, you will see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
+      After you save the test profile, you will see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
     
-4.  In the test account page, click **Groups**.
+4. In the test account page, click **Groups**.
 
-    **Figure 4** - Assign the test account to a group
+   **Figure 4** - Assign the test account to a group
 
-    ![Assign the test account to a group](images/i4e_takeatestprofile_accountsummary.png)
+   ![Assign the test account to a group](images/i4e_takeatestprofile_accountsummary.png)
 
 5. In the **Groups** page, click **Change group assignments**.
 
@@ -75,12 +77,12 @@ You can set up a test-taking account in Intune for Education. To do this, follow
     ![Change group assignments](images/i4e_takeatestprofile_groups_changegroupassignments.png)
 
 6. In the **Change group assignments** page:
-  1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group. 
-  2. Click **OK** when you're done making your selection.
+   1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group. 
+   2. Click **OK** when you're done making your selection.
 
-    **Figure 6** - Select the group(s) that will use the test account
+      **Figure 6** - Select the group(s) that will use the test account
 
-    ![Select the groups that will use the test account](images/i4e_takeatestprofile_groupassignment_selected.png)
+      ![Select the groups that will use the test account](images/i4e_takeatestprofile_groupassignment_selected.png)
 
 And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests.
 
@@ -89,8 +91,8 @@ You can configure a dedicated testing account through MDM or Configuration Manag
 
 **Best practice**
 - Create a single account in the directory specifically for test taking 
-    - Active Directory example: Contoso\TestAccount
-    - Azure Active Directory example: testaccount@contoso.com
+  - Active Directory example: Contoso\TestAccount
+  - Azure Active Directory example: testaccount@contoso.com
 
 - Deploy the policies to the group of test-taking devices
 
@@ -99,14 +101,14 @@ You can configure a dedicated testing account through MDM or Configuration Manag
 1. Launch your management console.
 2. Create a policy to set up single app kiosk mode using the following values:
 
-    - **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp
-    - **String value** = {"*Account*":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}
+   - **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp
+   - **String value** = {"*Account*":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}
 
-    *Account* can be in one of the following formats:
-      - username (not recommended)
-      - domain\username
-      - computer name\\username (not recommended)
-      - username@tenant.com
+     *Account* can be in one of the following formats:
+     - username (not recommended)
+     - domain\username
+     - computer name\\username (not recommended)
+     - username@tenant.com
 
 3. Create a policy to configure the assessment URL using the following values:
 
@@ -128,28 +130,28 @@ To set up a test account through Windows Configuration Designer, follow these st
 
 1. [Install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd).
 2. Create a provisioning package by following the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-for-initial-deployment). However, make a note of these other settings to customize the test account.
-  1. After you're done with the wizard, do not click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtine settings**.
-  2. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
-  3. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
+   1. After you're done with the wizard, do not click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtine settings**.
+   2. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
+   3. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
 
-    **Figure 7** - Add the account to use for test-taking
+      **Figure 7** - Add the account to use for test-taking
 
-    ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
 
-    The account can be in one of the following formats:
-    - username
-    - domain\username
-    - computer name\\username
-    - username@tenant.com
+      The account can be in one of the following formats:
+      - username
+      - domain\username
+      - computer name\\username
+      - username@tenant.com
 
-  4. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
-    1. In **LaunchURI**, enter the assessment URL.
-    2. In **TesterAccount**, enter the test account you entered in step 3.
+   4. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
+      1. In **LaunchURI**, enter the assessment URL.
+      2. In **TesterAccount**, enter the test account you entered in step 3.
 
 3. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package). 
 
-    - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username*\Windows Imaging and Configuration Designer (WICD)\*Project name*). 
-    - Copy the provisioning package to a USB drive.
+   - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
+   - Copy the provisioning package to a USB drive.
 
 4. Follow the steps in [Apply a provisioning package](https://technet.microsoft.com/itpro/windows/configure/provisioning-apply-package) to apply the package that you created.
 
@@ -205,17 +207,17 @@ Anything hosted on the web can be presented in a locked down manner, not just as
 **To provide a link to the test**
 
 1. Create the link to the test using schema activation.
-  - Create a link using a web UI
+   - Create a link using a web UI
 
-    For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
+     For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
 
-    To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
+     To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
 
-  - Create a link using schema activation
+   - Create a link using schema activation
 
-    You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. 
+     You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. 
 
-    For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
+     For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
 
 2. Distribute the link. 
 
@@ -230,20 +232,20 @@ One of the ways you can present content in a locked down manner is by embedding
 
 1. Embed a link or create a desktop shortcut with:
 
-  ```
-  ms-edu-secureassessment:#enforceLockdown
-  ```
+   ```
+   ms-edu-secureassessment:#enforceLockdown
+   ```
 
 2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
 
-  - `&enableTextSuggestions` - Enables text suggestions
-  - `&requirePrinting` - Enables printing
-  - `&enableScreenCapture` - Enables screen capture
-  - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
+   - `&enableTextSuggestions` - Enables text suggestions
+   - `&requirePrinting` - Enables printing
+   - `&enableScreenCapture` - Enables screen capture
+   - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
 
-  If you exclude these parameters, the default behavior is disabled.
+   If you exclude these parameters, the default behavior is disabled.
 
-  For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
+   For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
 
     > [!NOTE] 
     > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters.
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 43ab25e727..bb20a3760e 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 11/08/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Set up Take a Test on a single PC
@@ -26,31 +28,31 @@ To configure the assessment URL and a dedicated testing account on a single PC,
 2. Open the **Settings** app and go to **Accounts > Access work or school**.
 3. Click **Set up an account for taking tests**.
 
-  **Figure 1** - Use the Settings app to set up a test-taking account
+   **Figure 1** - Use the Settings app to set up a test-taking account
 
-  ![Use the Settings app to set up a test-taking account](images/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
+   ![Use the Settings app to set up a test-taking account](images/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
 
 4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account.
 
-  **Figure 2** - Choose the test-taking account
+   **Figure 2** - Choose the test-taking account
 
-  ![Choose the test-taking account](images/tat_settingsapp_setuptesttakingaccount_1703.png) 
+   ![Choose the test-taking account](images/tat_settingsapp_setuptesttakingaccount_1703.png) 
 
     > [!NOTE]  
     > If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**.
 
 5. In the **Set up an account for taking tests**, enter the assessment URL in the field under **Enter the test's web address**. 
 6. Select the options you want to enable during the test.
-  - To enable printing, select **Require printing**. 
+   - To enable printing, select **Require printing**. 
 
       > [!NOTE]  
       > Make sure a printer is preconfigured on the Take a Test account if you're enabling this option.
 
-  - To enable teachers to monitor screens, select **Allow screen monitoring**.
-  - To allow text suggestions, select **Allow text suggestions**.
+   - To enable teachers to monitor screens, select **Allow screen monitoring**.
+   - To allow text suggestions, select **Allow text suggestions**.
 
-6. Click **Save**.
-7. To take the test, the student must sign in using the test-taking account that you created.
+7. Click **Save**.
+8. To take the test, the student must sign in using the test-taking account that you created.
 
 ## Provide a link to the test
 Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
@@ -59,29 +61,29 @@ Anything hosted on the web can be presented in a locked down manner, not just as
 
 1. Create the link to the test. 
 
-  There are different ways you can do this:
-  - Create a link using a web UI
+   There are different ways you can do this:
+   - Create a link using a web UI
 
-    For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
+     For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
 
-    To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
+     To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
 
-  - Create a link using schema activation
+   - Create a link using schema activation
 
-    You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. 
+     You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. 
 
-    For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
+     For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
 
 2. Distribute the link.
 
-  Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing. 
+   Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing. 
 
-  You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link).
+   You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link).
 
 3. To take the test, have the students click on the link and provide user consent.
 
-  > [!NOTE] 
-  > If you enabled printing, the printer must be preconfigured for the account before the student takes the test.
+   > [!NOTE] 
+   > If you enabled printing, the printer must be preconfigured for the account before the student takes the test.
 
 
 ### Create a link using schema activation
@@ -91,20 +93,20 @@ One of the ways you can present content in a locked down manner is by embedding
 
 1. Embed a link or create a desktop shortcut with:
 
-  ```
-  ms-edu-secureassessment:#enforceLockdown
-  ```
+   ```
+   ms-edu-secureassessment:#enforceLockdown
+   ```
 
 2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
 
-  - `&enableTextSuggestions` - Enables text suggestions
-  - `&requirePrinting` - Enables printing
-  - `&enableScreenCapture` - Enables screen capture
-  - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
+   - `&enableTextSuggestions` - Enables text suggestions
+   - `&requirePrinting` - Enables printing
+   - `&enableScreenCapture` - Enables screen capture
+   - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
 
-  If you exclude these parameters, the default behavior is disabled.
+   If you exclude these parameters, the default behavior is disabled.
 
-  For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
+   For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
 
     > [!NOTE] 
     > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters.
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index bede949a26..cad3303266 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
+author: mjcaparas
+ms.author: macapara
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Take tests in Windows 10
@@ -39,22 +41,22 @@ There are several ways to configure devices for assessments. You can:
 
     There are different methods to configure the assessment URL and a dedicated testing account depending on whether you're setting up Take a Test on a single PC or multiple PCs.
 
-    - **For a single PC**
+  - **For a single PC**
         
-        You can use the Windows 10 **Settings** application. For more info, see [Set up Take a Test on a single PC](take-a-test-single-pc.md).
+      You can use the Windows 10 **Settings** application. For more info, see [Set up Take a Test on a single PC](take-a-test-single-pc.md).
 
-    - **For multiple PCs**
+  - **For multiple PCs**
     
-        You can use any of these methods:
-            - Mobile device management (MDM) or Microsoft System Center Configuration Manager
-            - A provisioning package created in Windows Configuration Designer
-            - Group Policy to deploy a scheduled task that runs a Powershell script
+      You can use any of these methods:
+    - Mobile device management (MDM) or Microsoft System Center Configuration Manager
+    - A provisioning package created in Windows Configuration Designer
+    - Group Policy to deploy a scheduled task that runs a Powershell script
 
-        Beginning with Windows 10 Creators Update (version 1703), you can also configure Take a Test using these options:
-            - Set up School PCs app
-            - Intune for Education
+      Beginning with Windows 10 Creators Update (version 1703), you can also configure Take a Test using these options:
+    - Set up School PCs app
+    - Intune for Education
 
-        For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md).
+      For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md).
 
 - **Distribute the assessment URL through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link**
 
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index b5f3145c61..3432624379 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -6,11 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.localizationpriority: medium
-author: trudyha
+author: mjcaparas
 searchScope:
   - Store
-ms.author: trudyha
+ms.author: macapara
 ms.date: 01/05/2018
+ms.reviewer: 
+manager: dansimp
 ms.topic: conceptual
 ---
 
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index ac962a298b..d20b5ec239 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -7,9 +7,11 @@ ms.prod: w10
 ms.pagetype: edu
 ms.sitesec: library
 ms.localizationpriority: medium
-author: MikeBlodge
-ms.author: MikeBlodge
+author: mjcaparas
+ms.author: macapara
 ms.date: 04/30/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Test Windows 10 in S mode on existing Windows 10 education devices
@@ -240,7 +242,7 @@ For help with activation issues, click on the appropriate link below for support
 
 
          
 1 Internet access fees may apply.
          
-2 Devices must be configured for educational use by applying **[SetEduPolicies](https://docs.microsoft.com/education/windows/configure-windows-for-education#setedupolicies)** using the Set up School PCs app.
          
+2 Devices must be configured for educational use by applying SetEduPolicies using the Set up School PCs app.
          
 
 
          
 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index ccd3cd06b7..4c9d0245bd 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: lenewsad
-ms.author: lanewsad
+author: mjcaparas
+ms.author: macapara
 ms.date: 10/23/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Use the Set up School PCs app  
@@ -87,8 +89,8 @@ We recommend that you:
 * Configure your DHCP so at least 200 IP addresses are available for your devices. Having available IP addresses will allow you to set up many devices simultaneously.  
 * Configure your IP addresses to expire after a short time--about 30 minutes. IP addresses will free up quickly so you can continue to set up devices without network issues.    
 
->> [!WARNING]
-> Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.  
+> > [!WARNING]
+> > Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.  
 
 ### Use an additional USB drive  
 To set up more than one PC at the same time, save the provisioning package to additional USB drives. Then plug the USBs in at the same time during setup. 
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index d37d3c1d20..52a4aa6bb6 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -7,9 +7,11 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
-ms.date: 10/13/2017
+author: mjcaparas
+ms.author: macapara
+ms.date: 05/21/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Windows 10 editions for education customers
@@ -61,11 +63,12 @@ Customers who deploy Windows 10 Enterprise are able to configure the product to
 For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
 
 ## Related topics
-* [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
-* [Windows deployment for education](https://aka.ms/edudeploy)
-* [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787)
-* [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788)
-* [Plan for volume activation](https://go.microsoft.com/fwlink/?LinkId=822789)
+- [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
+- [Windows deployment for education](https://aka.ms/edudeploy)
+- [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787)
+- [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788)
+- [Plan for volume activation](https://go.microsoft.com/fwlink/?LinkId=822789)
+- [Windows 10 subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation)
 
 
 
diff --git a/mdop/agpm/administrative-template-settings.md b/mdop/agpm/administrative-template-settings.md
index 7105d25515..80b6ac71d2 100644
--- a/mdop/agpm/administrative-template-settings.md
+++ b/mdop/agpm/administrative-template-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Administrative Template Settings
 description: Administrative Template Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/administrative-templates-folder-agpm30ops.md b/mdop/agpm/administrative-templates-folder-agpm30ops.md
index 62bea2d0e8..5e0fc9628c 100644
--- a/mdop/agpm/administrative-templates-folder-agpm30ops.md
+++ b/mdop/agpm/administrative-templates-folder-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Administrative Templates Folder
 description: Administrative Templates Folder
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0cc5b570-b6d3-4841-9646-02521c13519c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/administrative-templates-folder-agpm40.md b/mdop/agpm/administrative-templates-folder-agpm40.md
index e71b223616..f40c1aca18 100644
--- a/mdop/agpm/administrative-templates-folder-agpm40.md
+++ b/mdop/agpm/administrative-templates-folder-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Administrative Templates Folder
 description: Administrative Templates Folder
-author: jamiejdt
+author: mjcaparas
 ms.assetid: abc41968-4505-4b09-94f2-67ee0e6c9aaf
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/advanced-group-policy-management-40.md b/mdop/agpm/advanced-group-policy-management-40.md
index 9338f4dc71..0ea0886272 100644
--- a/mdop/agpm/advanced-group-policy-management-40.md
+++ b/mdop/agpm/advanced-group-policy-management-40.md
@@ -1,8 +1,11 @@
 ---
 title: Advanced Group Policy Management 4.0
 description: Advanced Group Policy Management 4.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9873a1f7-97fc-4546-9538-b4c0308529c0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-25-navengl.md b/mdop/agpm/agpm-25-navengl.md
index 81274eb864..6b407bf5e4 100644
--- a/mdop/agpm/agpm-25-navengl.md
+++ b/mdop/agpm/agpm-25-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 2.5
 description: AGPM 2.5
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6db42f2e-88b2-4305-ab6b-d3cd0c5d686c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-3-navengl.md b/mdop/agpm/agpm-3-navengl.md
index 3459ff0c04..fd7734162e 100644
--- a/mdop/agpm/agpm-3-navengl.md
+++ b/mdop/agpm/agpm-3-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 3
 description: AGPM 3
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b0d0051d-2900-4a0f-8307-552ad26b0e3b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-4-navengl.md b/mdop/agpm/agpm-4-navengl.md
index 44953f8ace..dbf263cc72 100644
--- a/mdop/agpm/agpm-4-navengl.md
+++ b/mdop/agpm/agpm-4-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 4
 description: AGPM 4
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 81693f30-1b8e-4e63-b1ac-e6de1bc30cc0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-40-sp1-navengl.md b/mdop/agpm/agpm-40-sp1-navengl.md
index 69c013e7ce..03a4a2a65d 100644
--- a/mdop/agpm/agpm-40-sp1-navengl.md
+++ b/mdop/agpm/agpm-40-sp1-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 4.0 SP1
 description: AGPM 4.0 SP1
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4e55d9e6-635c-4ba6-acbb-ed1d1b580a5b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-40-sp2-navengl.md b/mdop/agpm/agpm-40-sp2-navengl.md
index f0a00f54e4..49ac51fa2d 100644
--- a/mdop/agpm/agpm-40-sp2-navengl.md
+++ b/mdop/agpm/agpm-40-sp2-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 4.0 SP2
 description: AGPM 4.0 SP2
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 915c9791-ac07-43db-bd53-957b641c700f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-40-sp3-navengl.md b/mdop/agpm/agpm-40-sp3-navengl.md
index 9be1899784..336886046c 100644
--- a/mdop/agpm/agpm-40-sp3-navengl.md
+++ b/mdop/agpm/agpm-40-sp3-navengl.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM 4.0 SP3
 description: AGPM 4.0 SP3
-author: jamiejdt
+author: mjcaparas
 ms.assetid: cd80eea9-601f-4e45-b89e-c3904addee37
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-server-connection-settings-agpm30ops.md b/mdop/agpm/agpm-server-connection-settings-agpm30ops.md
index 54a41f2c0d..60c6b4b4ab 100644
--- a/mdop/agpm/agpm-server-connection-settings-agpm30ops.md
+++ b/mdop/agpm/agpm-server-connection-settings-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Connection Settings
 description: AGPM Server Connection Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5f03e397-b868-4c49-9cbf-a5f5d0ddcc39
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-server-connection-settings-agpm40.md b/mdop/agpm/agpm-server-connection-settings-agpm40.md
index d34cd89fc2..cd4a015986 100644
--- a/mdop/agpm/agpm-server-connection-settings-agpm40.md
+++ b/mdop/agpm/agpm-server-connection-settings-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Connection Settings
 description: AGPM Server Connection Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: cc67f122-6309-4820-92c2-f6a27d897123
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-server-connection-settings.md b/mdop/agpm/agpm-server-connection-settings.md
index 475a5c4267..a303704f78 100644
--- a/mdop/agpm/agpm-server-connection-settings.md
+++ b/mdop/agpm/agpm-server-connection-settings.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Connection Settings
 description: AGPM Server Connection Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: faf78e5b-2b0d-4069-9b8c-910add892200
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/agpm-server-tab-agpm30ops.md b/mdop/agpm/agpm-server-tab-agpm30ops.md
index ff5621925a..184530ce23 100644
--- a/mdop/agpm/agpm-server-tab-agpm30ops.md
+++ b/mdop/agpm/agpm-server-tab-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Tab
 description: AGPM Server Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: fb3b0265-53ed-4bf6-88a4-c409f5f1bed4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ The maximum number of unique versions to store for each GPO does not include the
 
 When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable.
 
- 
+ 
 
 ### Additional references
 
@@ -43,9 +46,9 @@ When a GPO version is deleted, a record of that version remains in the history o
 
 -   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/agpm-server-tab-agpm40.md b/mdop/agpm/agpm-server-tab-agpm40.md
index 1eacd1a759..6e0807ad30 100644
--- a/mdop/agpm/agpm-server-tab-agpm40.md
+++ b/mdop/agpm/agpm-server-tab-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Tab
 description: AGPM Server Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a6689437-233e-4f33-a0d6-f7d432c96c00
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ The maximum number of unique versions to store for each GPO does not include the
 
 When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable.
 
- 
+ 
 
 ### Additional references
 
@@ -43,9 +46,9 @@ When a GPO version is deleted, a record of that version remains in the history o
 
 -   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/agpm-server-tab.md b/mdop/agpm/agpm-server-tab.md
index 1d53ad63c5..f009fdd1b3 100644
--- a/mdop/agpm/agpm-server-tab.md
+++ b/mdop/agpm/agpm-server-tab.md
@@ -1,8 +1,11 @@
 ---
 title: AGPM Server Tab
 description: AGPM Server Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ce4490b7-b564-49af-8962-858ee39e0016
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md b/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md
index e7f0ebe676..90d438d2f0 100644
--- a/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md
+++ b/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Approve or Reject a Pending Action
 description: Approve or Reject a Pending Action
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6d78989a-b600-4876-9dd9-bc6207ff2ce7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
     **Note**  
     If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
 
-     
+     
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md b/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md
index 474177c7f7..cba1a90592 100644
--- a/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md
+++ b/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Approve or Reject a Pending Action
 description: Approve or Reject a Pending Action
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 078ea8b5-9ac5-45fc-9ac1-a1aa629c10b4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
     **Note**  
     If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
 
-     
+     
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/approve-or-reject-a-pending-action.md b/mdop/agpm/approve-or-reject-a-pending-action.md
index 27f53d2dd7..08603a71fc 100644
--- a/mdop/agpm/approve-or-reject-a-pending-action.md
+++ b/mdop/agpm/approve-or-reject-a-pending-action.md
@@ -1,8 +1,11 @@
 ---
 title: Approve or Reject a Pending Action
 description: Approve or Reject a Pending Action
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 22921a51-50fb-4a47-bec1-4f563f523675
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
     **Note**  
     If an Approver's e-mail address is included in the **To** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
 
-     
+     
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 
 -   [Performing Approver Tasks](performing-approver-tasks.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/back-up-the-archive-agpm40.md b/mdop/agpm/back-up-the-archive-agpm40.md
index 60d485f01f..e07a0de456 100644
--- a/mdop/agpm/back-up-the-archive-agpm40.md
+++ b/mdop/agpm/back-up-the-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Back Up the Archive
 description: Back Up the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 538d85eb-3596-4c1d-bbd7-26bc28857c28
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ A user account that has access to both the AGPM Server—the computer on which t
 **Note**  
 If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy.
 
- 
+ 
 
 ### Additional references
 
@@ -41,9 +44,9 @@ If an AGPM Administrator backs up the archive infrequently, the Group Policy Obj
 
 -   [Managing the Archive](managing-the-archive-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/back-up-the-archive.md b/mdop/agpm/back-up-the-archive.md
index 806bb177d7..a85193dcac 100644
--- a/mdop/agpm/back-up-the-archive.md
+++ b/mdop/agpm/back-up-the-archive.md
@@ -1,8 +1,11 @@
 ---
 title: Back Up the Archive
 description: Back Up the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 400176da-3518-4475-ad19-c96cda6ca7ba
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ A user account that has access to both the AGPM Server—the computer on which t
 **Note**  
 If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy.
 
- 
+ 
 
 ### Additional references
 
@@ -41,9 +44,9 @@ If an AGPM Administrator backs up the archive infrequently, the Group Policy Obj
 
 -   [Managing the Archive](managing-the-archive.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/best-practices-for-version-control-agpm40.md b/mdop/agpm/best-practices-for-version-control-agpm40.md
index 67016e4bdd..92a272c0d4 100644
--- a/mdop/agpm/best-practices-for-version-control-agpm40.md
+++ b/mdop/agpm/best-practices-for-version-control-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Best Practices for Version Control
 description: Best Practices for Version Control
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4a2a1ac7-67f3-4ba3-ab07-860d33da0efe
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/best-practices-for-version-control.md b/mdop/agpm/best-practices-for-version-control.md
index b8da8b24a4..0ec09f3051 100644
--- a/mdop/agpm/best-practices-for-version-control.md
+++ b/mdop/agpm/best-practices-for-version-control.md
@@ -1,8 +1,11 @@
 ---
 title: Best Practices for Version Control
 description: Best Practices for Version Control
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 89067f6a-f7ea-4dad-999d-118284cf6c5a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/check-in-a-gpo-agpm30ops.md b/mdop/agpm/check-in-a-gpo-agpm30ops.md
index 4fb07fb8a5..399b6e1604 100644
--- a/mdop/agpm/check-in-a-gpo-agpm30ops.md
+++ b/mdop/agpm/check-in-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Check In a GPO
 description: Check In a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 437397db-c94b-4940-b1a4-05442619ebee
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/check-in-a-gpo-agpm40.md b/mdop/agpm/check-in-a-gpo-agpm40.md
index 1798daa0f2..1353c657f0 100644
--- a/mdop/agpm/check-in-a-gpo-agpm40.md
+++ b/mdop/agpm/check-in-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Check In a GPO
 description: Check In a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b838c8a2-eb9e-4e5b-8740-d7701a4294ac
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/check-in-a-gpo-approver.md b/mdop/agpm/check-in-a-gpo-approver.md
index 7ba8cd4232..1b264c6d74 100644
--- a/mdop/agpm/check-in-a-gpo-approver.md
+++ b/mdop/agpm/check-in-a-gpo-approver.md
@@ -1,8 +1,11 @@
 ---
 title: Check In a GPO
 description: Check In a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e428cfff-651f-4903-bf01-d742714d2fa9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md b/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md
index 562fcda87a..4b298d6115 100644
--- a/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md
+++ b/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist Administer the AGPM Server and Archive
 description: Checklist Administer the AGPM Server and Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d9c60203-90c2-48a7-9318-197e0ec5038b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,17 +33,17 @@ In Advanced Group Policy Management (AGPM), both the AGPM Service and the archiv
 
 
 
          Delegate access to Group Policy Objects (GPOs) in the archive.
          
-
          [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm40.md)
          
-
          [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md)
          
+
          Delegate Domain-Level Access to the Archive
          
+
          Delegate Access to an Individual GPO in the Archive
          
 
 
 
          Back up the archive to enable disaster recovery.
          
-
          [Back Up the Archive](back-up-the-archive-agpm40.md)
          
+
          Back Up the Archive
          
 
 
 
 
- 
+ 
 
 @@ -56,33 +59,33 @@ In Advanced Group Policy Management (AGPM), both the AGPM Service and the archiv
 
-
+
-
+
-
+
-
+
          
 

 
          
 
          Restore the archive from a backup to recover from a disaster.
          [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md)
          Restore the Archive from a Backup
          		
 
          
 
          
 
          Move the AGPM Service, the archive, or both to a different server.
          [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md)
          Move the AGPM Server and the Archive
          		
 
          
 
          
 
          Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.
          [Modify the AGPM Service](modify-the-agpm-service-agpm40.md)
          Modify the AGPM Service
          		
 
          
 
          
 
          Troubleshoot common problems with the AGPM Server.
          [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md)
          
-
          [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md)
          Troubleshooting AGPM
          
+
          Configure Logging and Tracing
          		
 
          
           
 
          
 
- 
+ 
 
 ### Additional references
 
 -   [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md b/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md
index 2ed6942664..51a6f1f128 100644
--- a/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md
+++ b/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist Administer the AGPM Server and Archive
 description: Checklist Administer the AGPM Server and Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0b2eb536-c3cc-462f-a42f-27a53f57bc55
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,17 +33,17 @@ In Advanced Group Policy Management (AGPM), both the AGPM Service and the archiv
 
 
 
          Delegate access to Group Policy Objects (GPOs) in the archive.
          
-
          [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm30ops.md)
          
-
          [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md)
          
+
          Delegate Domain-Level Access to the Archive
          
+
          Delegate Access to an Individual GPO in the Archive
          
 
 
 
          Back up the archive to enable disaster recovery.
          
-
          [Back Up the Archive](back-up-the-archive.md)
          
+
          Back Up the Archive
          
 
 
 
 
- 
+ 
 
 @@ -56,33 +59,33 @@ In Advanced Group Policy Management (AGPM), both the AGPM Service and the archiv
 
-
+
-
+
-
+
-
+
          
 

 
          
 
          Restore the archive from a backup to recover from a disaster.
          [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md)
          Restore the Archive from a Backup
          		
 
          
 
          
 
          Move the AGPM Service, the archive, or both to a different server.
          [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md)
          Move the AGPM Server and the Archive
          		
 
          
 
          
 
          Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.
          [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md)
          Modify the AGPM Service
          		
 
          
 
          
 
          Troubleshoot common problems with the AGPM Server.
          [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management-agpm30ops.md)
          
-
          [Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md)
          Troubleshooting Advanced Group Policy Management
          
+
          Configure Logging and Tracing
          		
 
          
           
 
          
 
- 
+ 
 
 ### Additional references
 
 -   [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md
index 2c39dedabf..25fa7701f1 100644
--- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md
+++ b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist Create, Edit, and Deploy a GPO
 description: Checklist Create, Edit, and Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a7a17706-304a-4455-9ada-52508ec620f1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,41 +33,41 @@ In an environment where multiple people make changes to Group Policy Objects (GP
 
 
 
          Editor requests the creation of a new GPO or an Approver creates a new GPO.
          
-
          [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
          
-
          [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm30ops.md)
          
+
          Request the Creation of a New Controlled GPO
          
+
          Create a New Controlled GPO
          
 
 
 
          Approver approves the creation of the GPO if it was requested by an Editor.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
          Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.
          
-
          [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md)
          
+
          Edit a GPO Offline
          
 
 
 
          Editor requests deployment of the GPO to the production environment.
          
-
          [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm30ops.md)
          
+
          Request Deployment of a GPO
          
 
 
 
          Reviewers, such as Approvers or Editors, analyze the GPO.
          
-
          [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
          
+
          Performing Reviewer Tasks
          
 
 
 
          Approver approves and deploys the GPO to the production environment or rejects the GPO.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
 
- 
+ 
 
 ### Additional references
 
 [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md
index c4ca4f9cc3..a95a9654f7 100644
--- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md
+++ b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist Create, Edit, and Deploy a GPO
 description: Checklist Create, Edit, and Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 44631bed-16d2-4b5a-af70-17a73fb5f6af
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,45 +33,45 @@ In an environment where multiple people change Group Policy Objects (GPOs) by us
 
 
 
          Editor requests that a new GPO be created or an Approver creates a new GPO.
          
-
          [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
          
-
          [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md)
          
+
          Request the Creation of a New Controlled GPO
          
+
          Create a New Controlled GPO
          
 
 
 
          Approver approves the creation of the GPO if it was requested by an Editor.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
          Editor checks out a copy of the GPO from the archive so that no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.
          
-
          [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md)
          
+
          Edit a GPO Offline
          
 
 
 
          If developing in a test forest, Editor exports the GPO to a file, transfers the file to the production forest, and imports the file. Additionally, an Editor can link the GPO to an organizational unit that contains test computers and users.
          
-
          [Using a Test Environment](using-a-test-environment.md)
          
+
          Using a Test Environment
          
 
 
 
          Editor requests deployment of the GPO to the production environment of the domain.
          
-
          [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md)
          
+
          Request Deployment of a GPO
          
 
 
 
          Reviewers, such as Approvers or Editors, analyze the GPO.
          
-
          [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
          
+
          Performing Reviewer Tasks
          
 
 
 
          Approver approves and deploys the GPO to the production environment of the domain or rejects the GPO.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
 
- 
+ 
 
 ### Additional references
 
 [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md
index 83af28fa98..fcb032c722 100644
--- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md
+++ b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist Create, Edit, and Deploy a GPO
 description: Checklist Create, Edit, and Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 614e2d9a-c18b-4f62-99fd-e17a2ac8559d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,37 +33,37 @@ In an environment where multiple people make changes to Group Policy objects (GP
 
 
 
          Editor requests the creation of a new GPO or an Approver creates a new GPO.
          
-
          [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
          
-
          [Create a New Controlled GPO](create-a-new-controlled-gpo.md)
          
+
          Request the Creation of a New Controlled GPO
          
+
          Create a New Controlled GPO
          
 
 
 
          Approver approves the creation of the GPO if it was requested by an Editor.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
          Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.
          
-
          [Edit a GPO Offline](edit-a-gpo-offline.md)
          
+
          Edit a GPO Offline
          
 
 
 
          Editor requests deployment of the GPO to the production environment.
          
-
          [Request Deployment of a GPO](request-deployment-of-a-gpo.md)
          
+
          Request Deployment of a GPO
          
 
 
 
          Reviewers, such as Approvers or Editors, analyze the GPO.
          
-
          [Performing Reviewer Tasks](performing-reviewer-tasks.md)
          
+
          Performing Reviewer Tasks
          
 
 
 
          Approver approves and deploys the GPO to the production environment or rejects the GPO.
          
-
          [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)
          
+
          Approve or Reject a Pending Action
          
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
index beaa0c8299..c5b9d72127 100644
--- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md
+++ b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
@@ -1,8 +1,11 @@
 ---
 title: Choosing Which Version of AGPM to Install
 description: Choosing Which Version of AGPM to Install
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 31357d2a-bc23-4e15-93f4-0beda8ab7a7b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -53,7 +56,7 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and
 
 
          Windows Server 2012 R2
          
 
          Windows 10
          
-
          Supported with the caveats outlined in [KB 4015786](https://support.microsoft.com/help/4015786/known-issues-managing-a-windows-10-group-policy-client-in-windows-serv)
+
          Supported with the caveats outlined in KB 4015786
 
          
 
 
@@ -89,7 +92,7 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and
 
 
 
- 
+ 
 
 ## AGPM 4.0 SP2
 
@@ -147,7 +150,7 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP2, and
 
 
 
- 
+ 
 
 ## AGPM 4.0 SP1
 
@@ -198,7 +201,7 @@ Table 2 lists the operating systems on which you can install AGPM 4.0 SP1, and t
 
 
 
- 
+ 
 
 ## AGPM 4.0
 
@@ -244,7 +247,7 @@ Table 3 lists the operating systems on which you can install AGPM 4.0, and the p
 
 
 
- 
+ 
 
 ## Versions of AGPM that precede AGPM 4.0
 
@@ -284,7 +287,7 @@ Table 4 lists the operating systems on which you can install the versions of AGP
 
 
 
- 
+ 
 
 ## How to Get MDOP Technologies
 
@@ -296,9 +299,9 @@ AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP i
 
 [Advanced Group Policy Management](index.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/common-secondary-tab-features.md b/mdop/agpm/common-secondary-tab-features.md
index f297a49673..7383568174 100644
--- a/mdop/agpm/common-secondary-tab-features.md
+++ b/mdop/agpm/common-secondary-tab-features.md
@@ -1,8 +1,11 @@
 ---
 title: Common Secondary Tab Features
 description: Common Secondary Tab Features
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 44a15c28-944c-49c1-8534-115ce1c362ed
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-agpm-server-connections-agpm30ops.md b/mdop/agpm/configure-agpm-server-connections-agpm30ops.md
index 7ab152e0f9..14cb1c8009 100644
--- a/mdop/agpm/configure-agpm-server-connections-agpm30ops.md
+++ b/mdop/agpm/configure-agpm-server-connections-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Configure AGPM Server Connections
 description: Configure AGPM Server Connections
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6062b77b-2fd7-442c-ad1b-6f14419ebd5f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-agpm-server-connections-agpm40.md b/mdop/agpm/configure-agpm-server-connections-agpm40.md
index a9bccdb1a0..f830c94dae 100644
--- a/mdop/agpm/configure-agpm-server-connections-agpm40.md
+++ b/mdop/agpm/configure-agpm-server-connections-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configure AGPM Server Connections
 description: Configure AGPM Server Connections
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bbbb15e8-35e7-403c-b695-7a6ebeb87839
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-an-agpm-server-connection-agpm40.md b/mdop/agpm/configure-an-agpm-server-connection-agpm40.md
index 8ff9375089..1d27c35dd9 100644
--- a/mdop/agpm/configure-an-agpm-server-connection-agpm40.md
+++ b/mdop/agpm/configure-an-agpm-server-connection-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configure an AGPM Server Connection
 description: Configure an AGPM Server Connection
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 409cbbcf-3b0e-459d-9bd2-75cb7b9430b0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md b/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md
index 9649ce9235..4941464778 100644
--- a/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md
+++ b/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Configure an AGPM Server Connection
 description: Configure an AGPM Server Connection
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ae78dc74-111d-4509-b0a6-e8b8b451c22a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-e-mail-notification-agpm30ops.md b/mdop/agpm/configure-e-mail-notification-agpm30ops.md
index b32a73989a..c1e769ec3e 100644
--- a/mdop/agpm/configure-e-mail-notification-agpm30ops.md
+++ b/mdop/agpm/configure-e-mail-notification-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Configure E-Mail Notification
 description: Configure E-Mail Notification
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b32ce395-d1b9-4c5b-b765-97cdbf455f9e
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-e-mail-notification-agpm40.md b/mdop/agpm/configure-e-mail-notification-agpm40.md
index fda5fd5e5b..10119ff76f 100644
--- a/mdop/agpm/configure-e-mail-notification-agpm40.md
+++ b/mdop/agpm/configure-e-mail-notification-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configure E-Mail Notification
 description: Configure E-Mail Notification
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 06f19556-f296-4a80-86a4-4f446c992204
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-e-mail-notification.md b/mdop/agpm/configure-e-mail-notification.md
index d8dd656865..865b510ca2 100644
--- a/mdop/agpm/configure-e-mail-notification.md
+++ b/mdop/agpm/configure-e-mail-notification.md
@@ -1,8 +1,11 @@
 ---
 title: Configure E-Mail Notification
 description: Configure E-Mail Notification
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6e152de0-4376-4963-8d1a-3e7f5866d30f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md b/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md
index 8d319e968d..4e4802cb36 100644
--- a/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md
+++ b/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Configure E-Mail Security for AGPM
 description: Configure E-Mail Security for AGPM
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4850ed8e-a1c6-43f0-95c5-853aa66a94ae
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ By encrypting AGPM e-mail notifications, you can better protect those that could
 **Caution**  
 Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
 
- 
+ 
 
 A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic.
 
@@ -79,9 +82,9 @@ A user account that has the AGPM Administrator (Full Control) role, the user acc
 
 -   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md b/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md
index 085ba098d9..e4c204dcf0 100644
--- a/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md
+++ b/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configure E-Mail Security for AGPM
 description: Configure E-Mail Security for AGPM
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b9c48894-0a10-4d03-8027-50ed3b02485a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ By encrypting AGPM e-mail notifications, you can better protect those that could
 **Caution**  
 Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
 
- 
+ 
 
 A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic.
 
@@ -75,9 +78,9 @@ A user account that has the AGPM Administrator (Full Control) role, the user acc
 
 -   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/configure-logging-and-tracing-agpm30ops.md b/mdop/agpm/configure-logging-and-tracing-agpm30ops.md
index b3303207e4..2fd5e988c9 100644
--- a/mdop/agpm/configure-logging-and-tracing-agpm30ops.md
+++ b/mdop/agpm/configure-logging-and-tracing-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Logging and Tracing
 description: Configure Logging and Tracing
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4f89552f-e949-48b0-9325-23746034eaa4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-logging-and-tracing-agpm40.md b/mdop/agpm/configure-logging-and-tracing-agpm40.md
index 132144d8f4..69c630de77 100644
--- a/mdop/agpm/configure-logging-and-tracing-agpm40.md
+++ b/mdop/agpm/configure-logging-and-tracing-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Logging and Tracing
 description: Configure Logging and Tracing
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2418cb6a-7189-4080-8fe2-9c8d47dec62c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-logging-and-tracing.md b/mdop/agpm/configure-logging-and-tracing.md
index 1cc6c31f8d..242b0dc634 100644
--- a/mdop/agpm/configure-logging-and-tracing.md
+++ b/mdop/agpm/configure-logging-and-tracing.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Logging and Tracing
 description: Configure Logging and Tracing
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 419231f9-e9db-4f91-a7cf-a0a73db25256
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-the-agpm-server-connection-reviewer.md b/mdop/agpm/configure-the-agpm-server-connection-reviewer.md
index d63d53eabf..e4c102ba9e 100644
--- a/mdop/agpm/configure-the-agpm-server-connection-reviewer.md
+++ b/mdop/agpm/configure-the-agpm-server-connection-reviewer.md
@@ -1,8 +1,11 @@
 ---
 title: Configure the AGPM Server Connection
 description: Configure the AGPM Server Connection
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 74e8f348-a8ed-4d69-a8e0-9c974aaeca2d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configure-the-agpm-server-connection.md b/mdop/agpm/configure-the-agpm-server-connection.md
index c0b5da3de9..80bef3aea5 100644
--- a/mdop/agpm/configure-the-agpm-server-connection.md
+++ b/mdop/agpm/configure-the-agpm-server-connection.md
@@ -1,8 +1,11 @@
 ---
 title: Configure the AGPM Server Connection
 description: Configure the AGPM Server Connection
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9a42b5bc-41be-44ef-a6e2-6f56e2cf1996
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md b/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md
index 077db2091e..fa059fc59e 100644
--- a/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md
+++ b/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Advanced Group Policy Management
 description: Configuring Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 8c978ddf-2789-44e4-9c08-de7b4cd1afa0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/configuring-advanced-group-policy-management.md b/mdop/agpm/configuring-advanced-group-policy-management.md
index 60127ea9bf..a8b8d92728 100644
--- a/mdop/agpm/configuring-advanced-group-policy-management.md
+++ b/mdop/agpm/configuring-advanced-group-policy-management.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Advanced Group Policy Management
 description: Configuring Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 836f4a49-2c77-4f6b-8727-9df7ef443141
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/contents-tab-agpm30ops.md b/mdop/agpm/contents-tab-agpm30ops.md
index c5234d71fa..8ab5fc8894 100644
--- a/mdop/agpm/contents-tab-agpm30ops.md
+++ b/mdop/agpm/contents-tab-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Contents Tab
 description: Contents Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6ada6430-cd93-47aa-af6e-d7f5b5620132
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/contents-tab-agpm40.md b/mdop/agpm/contents-tab-agpm40.md
index 811b6c62e2..6f2c059b3e 100644
--- a/mdop/agpm/contents-tab-agpm40.md
+++ b/mdop/agpm/contents-tab-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Contents Tab
 description: Contents Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: cf9d1f17-3c3d-422f-bd6b-3db87be45554
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/contents-tab-features-agpm30ops.md b/mdop/agpm/contents-tab-features-agpm30ops.md
index a1e68588b4..217b586426 100644
--- a/mdop/agpm/contents-tab-features-agpm30ops.md
+++ b/mdop/agpm/contents-tab-features-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Contents Tab Features
 description: Contents Tab Features
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 725f025a-c30a-4d07-add1-4e0ed9a1a5fd
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/contents-tab-features-agpm40.md b/mdop/agpm/contents-tab-features-agpm40.md
index 3857c71a43..c714922193 100644
--- a/mdop/agpm/contents-tab-features-agpm40.md
+++ b/mdop/agpm/contents-tab-features-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Contents Tab Features
 description: Contents Tab Features
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f1f4849d-bf94-47d5-ad81-0eee33abcaca
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/contents-tab.md b/mdop/agpm/contents-tab.md
index 9eb8c4ba87..0039020f48 100644
--- a/mdop/agpm/contents-tab.md
+++ b/mdop/agpm/contents-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Contents Tab
 description: Contents Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 8a756bc1-3900-4d83-93c4-7ebc4705d956
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/control-a-previously-uncontrolled-gpo.md b/mdop/agpm/control-a-previously-uncontrolled-gpo.md
index 5792fd6292..535a5958f2 100644
--- a/mdop/agpm/control-a-previously-uncontrolled-gpo.md
+++ b/mdop/agpm/control-a-previously-uncontrolled-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Control a Previously Uncontrolled GPO
 description: Control a Previously Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 452689a9-4e32-4e3b-8208-56353a82bf36
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md b/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md
index 84a851641f..6b69bcd500 100644
--- a/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md
+++ b/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Control an Uncontrolled GPO
 description: Control an Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 603f00f9-1e65-4b2f-902a-e53dafedbd8d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md b/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md
index 5f0fe6fb4f..fa7fb95245 100644
--- a/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md
+++ b/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Control an Uncontrolled GPO
 description: Control an Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: dc81545c-8da5-4b6f-b266-f01a82e27c6b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/controlled-gpo-commands-agpm30ops.md b/mdop/agpm/controlled-gpo-commands-agpm30ops.md
index c4a51bc0d8..a964df04b5 100644
--- a/mdop/agpm/controlled-gpo-commands-agpm30ops.md
+++ b/mdop/agpm/controlled-gpo-commands-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Controlled GPO Commands
 description: Controlled GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 82db4772-154a-4a8d-99cd-2c69e1738698
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/controlled-gpo-commands-agpm40.md b/mdop/agpm/controlled-gpo-commands-agpm40.md
index d62fee921d..7f1617be1c 100644
--- a/mdop/agpm/controlled-gpo-commands-agpm40.md
+++ b/mdop/agpm/controlled-gpo-commands-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Controlled GPO Commands
 description: Controlled GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 370d3db9-4efc-4799-983d-e29ba5f32b07
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/controlled-tab.md b/mdop/agpm/controlled-tab.md
index 84e99c288c..c17aab7903 100644
--- a/mdop/agpm/controlled-tab.md
+++ b/mdop/agpm/controlled-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Controlled Tab
 description: Controlled Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 8995a9e1-ace4-40b7-a47b-e1e9924541ba
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md b/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md
index 23d11c7fd7..ed19062453 100644
--- a/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md
+++ b/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Create a New Controlled GPO
 description: Create a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f89eaae8-7858-4222-ba3f-a93a9d7ea5a3
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/create-a-new-controlled-gpo-agpm40.md b/mdop/agpm/create-a-new-controlled-gpo-agpm40.md
index 2a6df8279f..89efc3c447 100644
--- a/mdop/agpm/create-a-new-controlled-gpo-agpm40.md
+++ b/mdop/agpm/create-a-new-controlled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Create a New Controlled GPO
 description: Create a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5ce760f6-9f05-42b4-b787-7835ab8e324e
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/create-a-new-controlled-gpo.md b/mdop/agpm/create-a-new-controlled-gpo.md
index 60a6bed93a..614627225b 100644
--- a/mdop/agpm/create-a-new-controlled-gpo.md
+++ b/mdop/agpm/create-a-new-controlled-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Create a New Controlled GPO
 description: Create a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b43ce0f4-4519-4278-83c4-c7d5163ddd11
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/create-a-template-agpm30ops.md b/mdop/agpm/create-a-template-agpm30ops.md
index 523db2a41f..406acb5276 100644
--- a/mdop/agpm/create-a-template-agpm30ops.md
+++ b/mdop/agpm/create-a-template-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Create a Template
 description: Create a Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 8208f14a-5c18-43a7-8564-118230398cca
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ Creating a template enables you to save all of the settings of a particular vers
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -49,9 +52,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/create-a-template-agpm40.md b/mdop/agpm/create-a-template-agpm40.md
index ae35953dbe..c8a1e97a01 100644
--- a/mdop/agpm/create-a-template-agpm40.md
+++ b/mdop/agpm/create-a-template-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Create a Template
 description: Create a Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b38423af-7d24-437a-98bc-01f1ae891127
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ Creating a template enables you to save all of the settings of a particular vers
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -49,9 +52,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/create-a-template.md b/mdop/agpm/create-a-template.md
index 85086f3c40..d0db0eb513 100644
--- a/mdop/agpm/create-a-template.md
+++ b/mdop/agpm/create-a-template.md
@@ -1,8 +1,11 @@
 ---
 title: Create a Template
 description: Create a Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6992bd55-4a4f-401f-9815-c468bac598ef
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ Creating a template enables you to save all of the settings of a particular vers
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -49,9 +52,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md
index 013d0aa730..d35b5810d4 100644
--- a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md
+++ b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a Template and Setting a Default Template
 description: Creating a Template and Setting a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: acce0e0f-7e67-479c-9daa-e678fccd7ced
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,15 +34,15 @@ Some potential uses for a template include the following:
 **Note**  
 A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template.
 
- 
+ 
 
 -   [Create a Template](create-a-template-agpm30ops.md)
 
 -   [Set a Default Template](set-a-default-template-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md
index e90e3cfb7d..a3981ca8a0 100644
--- a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md
+++ b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a Template and Setting a Default Template
 description: Creating a Template and Setting a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ffa72c2a-64eb-4492-8072-c3a66179b546
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,15 +34,15 @@ Some potential uses for a template include the following:
 **Note**  
 A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template.
 
- 
+ 
 
 -   [Create a Template](create-a-template-agpm40.md)
 
 -   [Set a Default Template](set-a-default-template-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template.md b/mdop/agpm/creating-a-template-and-setting-a-default-template.md
index c3fca70641..79e1c3682d 100644
--- a/mdop/agpm/creating-a-template-and-setting-a-default-template.md
+++ b/mdop/agpm/creating-a-template-and-setting-a-default-template.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a Template and Setting a Default Template
 description: Creating a Template and Setting a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 8771b4b5-4dea-4be1-a675-f60cfd3ec5dc
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,15 +22,15 @@ Creating a template enables you to save all of the settings of a particular vers
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. Renaming or deleting a template does not impact GPOs created from that template.
 
- 
+ 
 
 -   [Create a Template](create-a-template.md)
 
 -   [Set a Default Template](set-a-default-template.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md
index 4351376c13..8e9e92e5ac 100644
--- a/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md
+++ b/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Creating, Controlling, or Importing a GPO
 description: Creating, Controlling, or Importing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ce8b232e-7758-4a6a-9e2f-18967da6cdad
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md
index 8e8318dfa6..ba433a553b 100644
--- a/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md
+++ b/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md
@@ -1,8 +1,11 @@
 ---
 title: Creating, Controlling, or Importing a GPO
 description: Creating, Controlling, or Importing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f2c8bef5-b654-4864-99d4-9207cfb0a137
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md
index e77b422bee..0aee5a400a 100644
--- a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md
+++ b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Creating, Controlling, or Importing a GPO
 description: Creating, Controlling, or Importing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0cc1b6ee-3335-4d84-9e1c-d1aefabfef51
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md
index 0de3c626cd..7a228249c6 100644
--- a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md
+++ b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md
@@ -1,8 +1,11 @@
 ---
 title: Creating, Controlling, or Importing a GPO
 description: Creating, Controlling, or Importing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5259ce25-f570-4346-9f50-6b051724a998
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md
index 11940e0f01..fc60c82ade 100644
--- a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md
+++ b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md
@@ -1,8 +1,11 @@
 ---
 title: Creating or Controlling a GPO
 description: Creating or Controlling a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ca2fa40e-c6e9-4c57-9da1-e5375df4a2fd
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md
index f03ca5f277..119b8134b3 100644
--- a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md
+++ b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md
@@ -1,8 +1,11 @@
 ---
 title: Creating or Controlling a GPO
 description: Creating or Controlling a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 807f3b3f-ad3d-4851-9772-7f54a065632a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delegate-access-to-a-gpo.md b/mdop/agpm/delegate-access-to-a-gpo.md
index 1fd37f74fb..d303c1e2f1 100644
--- a/mdop/agpm/delegate-access-to-a-gpo.md
+++ b/mdop/agpm/delegate-access-to-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to a GPO
 description: Delegate Access to a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f1d6bb6c-d5bf-4080-a6cb-32774689f804
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md
index 7f01da9505..3c102e5273 100644
--- a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md
+++ b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to an Individual GPO in the Archive
 description: Delegate Access to an Individual GPO in the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 7b37b188-2b6b-4e52-be97-8ef899e9893b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,14 +34,14 @@ A user account with the AGPM Administrator (Full Control) role, the user account
         **Note**  
         If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
 
-         
+         
 
     3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**.
 
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ A user account with the AGPM Administrator (Full Control) role, the user account
 
 -   [Managing the Archive](managing-the-archive.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md
index dadda27bb9..f5124591cc 100644
--- a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md
+++ b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to an Individual GPO in the Archive
 description: Delegate Access to an Individual GPO in the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 284d2aa2-7c10-4ffa-8978-bbe30867c1c1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,14 +34,14 @@ A user account with the AGPM Administrator (Full Control) role, the user account
         **Note**  
         If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
 
-         
+         
 
     3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**.
 
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ A user account with the AGPM Administrator (Full Control) role, the user account
 
 -   [Managing the Archive](managing-the-archive-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo.md b/mdop/agpm/delegate-access-to-an-individual-gpo.md
index c61abad081..48a3a17674 100644
--- a/mdop/agpm/delegate-access-to-an-individual-gpo.md
+++ b/mdop/agpm/delegate-access-to-an-individual-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to an Individual GPO
 description: Delegate Access to an Individual GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b2a7d550-14bf-4b41-b6e4-2cc091eedd2d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md b/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md
index 5ff92f7d83..5465a92076 100644
--- a/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md
+++ b/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to the Production Environment
 description: Delegate Access to the Production Environment
-author: jamiejdt
+author: mjcaparas
 ms.assetid: c1ebae2e-909b-4e64-b368-b7d3cc67b1eb
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md b/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md
index 5e3952ae37..499f2dda22 100644
--- a/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md
+++ b/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Access to the Production Environment
 description: Delegate Access to the Production Environment
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4c670581-8c47-41ea-80eb-02846ff1ec1f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md
index ba47258fbd..3d5ef495b1 100644
--- a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md
+++ b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Domain-Level Access to the Archive
 description: Delegate Domain-Level Access to the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d232069e-71d5-4b4d-b22e-bef11de1cfd4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
 
 -   [Managing the Archive](managing-the-archive.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md
index b0b05042bf..f1aa01ad7e 100644
--- a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md
+++ b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Domain-Level Access to the Archive
 description: Delegate Domain-Level Access to the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 11ca1d40-4b5c-496e-8922-d01412717858
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
 
 -   [Managing the Archive](managing-the-archive-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-domain-level-access.md b/mdop/agpm/delegate-domain-level-access.md
index ff3f936cdb..da327eae2f 100644
--- a/mdop/agpm/delegate-domain-level-access.md
+++ b/mdop/agpm/delegate-domain-level-access.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Domain-Level Access
 description: Delegate Domain-Level Access
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 64c8e773-38cc-4991-9ed2-5a801094d06e
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
     **Note**  
     Editor and Approver include Reviewer permissions.
 
-     
+     
 
 4.  In the **Advanced Security Settings** dialog box, select a Group Policy administrator, and then click **Edit**.
 
@@ -53,9 +56,9 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md
index 89337b2164..2a17a1e42b 100644
--- a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md
+++ b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Management of a Controlled GPO
 description: Delegate Management of a Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 509b02e7-ce0b-4919-b58a-c3a33051152e
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,14 +34,14 @@ A user account with the AGPM Administrator (Full Control) role, the user account
         **Note**  
         If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
 
-         
+         
 
     3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
 
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -52,9 +55,9 @@ A user account with the AGPM Administrator (Full Control) role, the user account
 
 -   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md
index a83b6f5347..19b09da4c5 100644
--- a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md
+++ b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Delegate Management of a Controlled GPO
 description: Delegate Management of a Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 96b4bfb3-5657-4267-8326-85d7a0db87ce
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,14 +34,14 @@ A user account with the AGPM Administrator (Full Control) role, the user account
         **Note**  
         If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
 
-         
+         
 
     3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
 
         **Note**  
         Editor and Approver include Reviewer permissions.
 
-         
+         
 
 ### Additional considerations
 
@@ -52,9 +55,9 @@ A user account with the AGPM Administrator (Full Control) role, the user account
 
 -   [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md b/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md
index 087950b66f..82004ed62c 100644
--- a/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md
+++ b/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Delete a Controlled GPO
 description: Delete a Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f51c1737-c116-4faf-a6f6-c72303f60a3b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delete-a-controlled-gpo-agpm40.md b/mdop/agpm/delete-a-controlled-gpo-agpm40.md
index 0629e33eef..4b1f19997b 100644
--- a/mdop/agpm/delete-a-controlled-gpo-agpm40.md
+++ b/mdop/agpm/delete-a-controlled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Delete a Controlled GPO
 description: Delete a Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2a461018-aa0b-4ae3-b079-efc554ca4a3d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delete-a-gpo-approver.md b/mdop/agpm/delete-a-gpo-approver.md
index 2014a13ae3..fee036a028 100644
--- a/mdop/agpm/delete-a-gpo-approver.md
+++ b/mdop/agpm/delete-a-gpo-approver.md
@@ -1,8 +1,11 @@
 ---
 title: Delete a GPO
 description: Delete a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 85fca371-5707-49c1-aa51-813fc3a58dfc
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/delete-a-gpo-editor.md b/mdop/agpm/delete-a-gpo-editor.md
index b5252c989e..5bc745374a 100644
--- a/mdop/agpm/delete-a-gpo-editor.md
+++ b/mdop/agpm/delete-a-gpo-editor.md
@@ -1,8 +1,11 @@
 ---
 title: Delete a GPO
 description: Delete a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 66be3dde-653e-4c25-8cb7-00e7090c8d31
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md b/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md
index 1ff67a0f89..d4ebed245e 100644
--- a/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md
+++ b/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Deleting or Restoring a GPO
 description: Deleting or Restoring a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ee4a467a-187a-48e3-8f0d-548de0606a56
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md b/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md
index 19b9de7078..e0bc537cc9 100644
--- a/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md
+++ b/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Deleting or Restoring a GPO
 description: Deleting or Restoring a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d4f92f4d-eba7-4e6e-b166-13670864d298
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md
index 869477d761..a27d832f3f 100644
--- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md
+++ b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Deleting, Restoring, or Destroying a GPO
 description: Deleting, Restoring, or Destroying a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3e1b862e-007a-4b60-900f-0489069f5c75
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md
index 3daa52ad77..e9a7b13f30 100644
--- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md
+++ b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Deleting, Restoring, or Destroying a GPO
 description: Deleting, Restoring, or Destroying a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3af6c396-61c8-4b32-9fd8-28e9f15e575c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md
index e9fb3766a6..96207fe50f 100644
--- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md
+++ b/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Deleting, Restoring, or Destroying a GPO
 description: Deleting, Restoring, or Destroying a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 089c68e7-c1a5-418a-8776-cf23960f10c4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/deploy-a-gpo-agpm30ops.md b/mdop/agpm/deploy-a-gpo-agpm30ops.md
index 33fb3fc58e..15b54d327d 100644
--- a/mdop/agpm/deploy-a-gpo-agpm30ops.md
+++ b/mdop/agpm/deploy-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy a GPO
 description: Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3767b722-db43-40f1-a714-bb8e38bcaa10
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
 
- 
+ 
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ To verify whether the most recent version of a GPO has been deployed, on the **C
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/deploy-a-gpo-agpm40.md b/mdop/agpm/deploy-a-gpo-agpm40.md
index ea0506484c..d24c1562ea 100644
--- a/mdop/agpm/deploy-a-gpo-agpm40.md
+++ b/mdop/agpm/deploy-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy a GPO
 description: Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a6febeaa-144b-4c02-99af-d972f0f2b544
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
 
- 
+ 
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ To verify whether the most recent version of a GPO has been deployed, on the **C
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/deploy-a-gpo.md b/mdop/agpm/deploy-a-gpo.md
index 0acb735724..6cccb83b8a 100644
--- a/mdop/agpm/deploy-a-gpo.md
+++ b/mdop/agpm/deploy-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy a GPO
 description: Deploy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a0a3f292-e3ab-46ae-a0fd-d7b2b4ad8883
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
 
- 
+ 
 
 ### Additional considerations
 
@@ -49,9 +52,9 @@ To verify whether the most recent version of a GPO has been deployed, on the **C
 
 -   [Performing Approver Tasks](performing-approver-tasks.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/destroy-a-gpo-agpm30ops.md b/mdop/agpm/destroy-a-gpo-agpm30ops.md
index 6c3e7be7f0..dd853317de 100644
--- a/mdop/agpm/destroy-a-gpo-agpm30ops.md
+++ b/mdop/agpm/destroy-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Destroy a GPO
 description: Destroy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bfabd71a-47f3-462e-b86f-5f15762b9e28
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/destroy-a-gpo-agpm40.md b/mdop/agpm/destroy-a-gpo-agpm40.md
index c34773a34e..28f76ae7c9 100644
--- a/mdop/agpm/destroy-a-gpo-agpm40.md
+++ b/mdop/agpm/destroy-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Destroy a GPO
 description: Destroy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 09bce8c4-f75b-4633-b80b-d894bbec95c9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/destroy-a-gpo.md b/mdop/agpm/destroy-a-gpo.md
index 11a45186e8..4c21c398e6 100644
--- a/mdop/agpm/destroy-a-gpo.md
+++ b/mdop/agpm/destroy-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Destroy a GPO
 description: Destroy a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d74941a3-beef-46cd-a4ca-80a324dcfadf
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/domain-delegation-tab-agpm30ops.md b/mdop/agpm/domain-delegation-tab-agpm30ops.md
index 48550bb25b..aa5f709f13 100644
--- a/mdop/agpm/domain-delegation-tab-agpm30ops.md
+++ b/mdop/agpm/domain-delegation-tab-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Domain Delegation Tab
 description: Domain Delegation Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 523cdf39-f4b8-4d20-a917-3485756658ce
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/domain-delegation-tab-agpm40.md b/mdop/agpm/domain-delegation-tab-agpm40.md
index 2df9df6ecb..5d2f696910 100644
--- a/mdop/agpm/domain-delegation-tab-agpm40.md
+++ b/mdop/agpm/domain-delegation-tab-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Domain Delegation Tab
 description: Domain Delegation Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5be5841e-92fb-4af6-aa68-0ae50f8d5141
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/domain-delegation-tab.md b/mdop/agpm/domain-delegation-tab.md
index 337c1e3a7f..476c26e436 100644
--- a/mdop/agpm/domain-delegation-tab.md
+++ b/mdop/agpm/domain-delegation-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Domain Delegation Tab
 description: Domain Delegation Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 15a9bfff-e25b-4b62-9ebc-521a5f4eae96
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/edit-a-gpo-offline-agpm30ops.md b/mdop/agpm/edit-a-gpo-offline-agpm30ops.md
index 6cff2b03fd..5518d46244 100644
--- a/mdop/agpm/edit-a-gpo-offline-agpm30ops.md
+++ b/mdop/agpm/edit-a-gpo-offline-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Edit a GPO Offline
 description: Edit a GPO Offline
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 51677d8a-6209-41b5-82ed-4f3be817abc0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -54,7 +57,7 @@ To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and
     **Note**  
     To disable all Computer Configuration settings or all User Configuration settings, right-click the GPO in the **Group Policy Management Editor** window and click **Properties**. Select **Disable Computer Configuration settings** or **Disable User Configuration settings** as appropriate.
 
-     
+     
 
 3.  When you have finished modifying the GPO, close the **Group Policy Management Editor** window.
 
@@ -98,9 +101,9 @@ To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and
 
     -   [Deploy a GPO](deploy-a-gpo-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/edit-a-gpo-offline-agpm40.md b/mdop/agpm/edit-a-gpo-offline-agpm40.md
index 099c52135e..4f311a1cc3 100644
--- a/mdop/agpm/edit-a-gpo-offline-agpm40.md
+++ b/mdop/agpm/edit-a-gpo-offline-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Edit a GPO Offline
 description: Edit a GPO Offline
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9c75eb3c-d4d5-41e0-b65e-8b4464a42cd9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -54,7 +57,7 @@ To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and
     **Note**  
     To disable all Computer Configuration settings or all User Configuration settings, right-click the GPO in the **Group Policy Management Editor** window and click **Properties**. Select **Disable Computer Configuration settings** or **Disable User Configuration settings** as appropriate.
 
-     
+     
 
 3.  When you have finished modifying the GPO, close the **Group Policy Management Editor** window.
 
@@ -98,9 +101,9 @@ To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and
 
     -   [Deploy a GPO](deploy-a-gpo-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/edit-a-gpo-offline.md b/mdop/agpm/edit-a-gpo-offline.md
index 798f01ebe3..6ea16ebc61 100644
--- a/mdop/agpm/edit-a-gpo-offline.md
+++ b/mdop/agpm/edit-a-gpo-offline.md
@@ -1,8 +1,11 @@
 ---
 title: Edit a GPO Offline
 description: Edit a GPO Offline
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4a148952-9fe9-4ec4-8df1-b25e37c97a54
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/editing-a-gpo-agpm30ops.md b/mdop/agpm/editing-a-gpo-agpm30ops.md
index 753f7c337c..36bd0a1166 100644
--- a/mdop/agpm/editing-a-gpo-agpm30ops.md
+++ b/mdop/agpm/editing-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Editing a GPO
 description: Editing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3024051a-ff33-46d0-9c3e-68ebae7f6b60
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/editing-a-gpo-agpm40.md b/mdop/agpm/editing-a-gpo-agpm40.md
index bf8a240a68..77dcc4e9cc 100644
--- a/mdop/agpm/editing-a-gpo-agpm40.md
+++ b/mdop/agpm/editing-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Editing a GPO
 description: Editing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ef42eefe-7705-46b2-954d-18966335cbbf
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/editing-a-gpo.md b/mdop/agpm/editing-a-gpo.md
index fbdc6178e3..c4bcdd473c 100644
--- a/mdop/agpm/editing-a-gpo.md
+++ b/mdop/agpm/editing-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Editing a GPO
 description: Editing a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ec77d3bb-8a64-4d8e-9c28-87763de02ec0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/export-a-gpo-to-a-file.md b/mdop/agpm/export-a-gpo-to-a-file.md
index 91cb177d3a..d75d40eada 100644
--- a/mdop/agpm/export-a-gpo-to-a-file.md
+++ b/mdop/agpm/export-a-gpo-to-a-file.md
@@ -1,8 +1,11 @@
 ---
 title: Export a GPO to a File
 description: Export a GPO to a File
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0d01b1f7-a6a4-4d0d-9aa7-2d6f1ae93d9d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/feature-visibility-settings-agpm30ops.md b/mdop/agpm/feature-visibility-settings-agpm30ops.md
index b83c9ebb0c..d3049f4b3f 100644
--- a/mdop/agpm/feature-visibility-settings-agpm30ops.md
+++ b/mdop/agpm/feature-visibility-settings-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Feature Visibility Settings
 description: Feature Visibility Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6a844478-a6b0-490d-923f-5a6f82467831
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/feature-visibility-settings-agpm40.md b/mdop/agpm/feature-visibility-settings-agpm40.md
index 50e4df652a..e30c603bc7 100644
--- a/mdop/agpm/feature-visibility-settings-agpm40.md
+++ b/mdop/agpm/feature-visibility-settings-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Feature Visibility Settings
 description: Feature Visibility Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d3c0b02a-b943-4001-8b9c-dfac8fe58789
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/feature-visibility-settings.md b/mdop/agpm/feature-visibility-settings.md
index 75296a1cbb..1cb1b3fc24 100644
--- a/mdop/agpm/feature-visibility-settings.md
+++ b/mdop/agpm/feature-visibility-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Feature Visibility Settings
 description: Feature Visibility Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9db2ba03-fb75-4f95-9138-ec89b9fc8d01
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/history-window-agpm30ops.md b/mdop/agpm/history-window-agpm30ops.md
index a7cd61cd22..c3295c3095 100644
--- a/mdop/agpm/history-window-agpm30ops.md
+++ b/mdop/agpm/history-window-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: History Window
 description: History Window
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 114f50a4-508d-4589-b006-6cd05cffe6b7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -46,7 +49,7 @@ The tabs within the **History** window filter the states in the history of the G
 
 
 
- 
+
 
 ## Event information
 
@@ -85,11 +88,10 @@ Information is provided for each state in the history of the GPO.
 
          Deletable
          
 
          Whether this version of the GPO can be deleted if the number of unique versions of each GPO retained in the archive is limited.
          
 
          
-Note  
-
          You can modify whether a version of a GPO is deletable by right-clicking it and then clicking Do Not Allow Deletion or Allow Deletion.
          
+Note
          You can modify whether a version of a GPO is deletable by right-clicking it and then clicking Do Not Allow Deletion or Allow Deletion.
          
 
          
 
          
- 
+
 
          
 
 
@@ -111,7 +113,7 @@ Information is provided for each state in the history of the GPO.
 
 
 
- 
+
 
 ## Reports
 
@@ -141,7 +143,7 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 
 
- 
+
 
 ### Key to difference reports
 
@@ -182,7 +184,7 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 
 
- 
+
 
 -   For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report.
 
@@ -192,9 +194,9 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 -   [Contents Tab](contents-tab-agpm30ops.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/agpm/history-window-agpm40.md b/mdop/agpm/history-window-agpm40.md
index 7c145de0f0..7603d75dd5 100644
--- a/mdop/agpm/history-window-agpm40.md
+++ b/mdop/agpm/history-window-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: History Window
 description: History Window
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5bea62e7-d267-40b2-a66d-fb1be7373a1c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -46,7 +49,7 @@ The tabs within the **History** window filter the states in the history of the G
 
 
 
- 
+
 
 ## Event information
 
@@ -85,11 +88,10 @@ Information is provided for each state in the history of the GPO.
 
          Deletable
          
 
          Whether this version of the GPO can be deleted if the number of unique versions of each GPO retained in the archive is limited.
          
 
          
-Note  
-
          You can change whether a version of a GPO can be deleted by right-clicking the GPO and then clicking Do Not Allow Deletion or Allow Deletion.
          
+Note
          You can change whether a version of a GPO can be deleted by right-clicking the GPO and then clicking Do Not Allow Deletion or Allow Deletion.
          
 
          
 
          
- 
+
 
          
 
 
@@ -111,7 +113,7 @@ Information is provided for each state in the history of the GPO.
 
 
 
- 
+
 
 ## Reports
 
@@ -141,7 +143,7 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 
 
- 
+
 
 ### Key to difference reports
 
@@ -182,7 +184,7 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 
 
- 
+
 
 -   For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report.
 
@@ -192,9 +194,9 @@ The **Settings** and **Differences** buttons display reports about GPO settings
 
 -   [Contents Tab](contents-tab-agpm40.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/agpm/history-window.md b/mdop/agpm/history-window.md
index b79c525eaf..0e5e9a6687 100644
--- a/mdop/agpm/history-window.md
+++ b/mdop/agpm/history-window.md
@@ -1,8 +1,11 @@
 ---
 title: History Window
 description: History Window
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f11f9ad9-bffe-4c56-8c46-fe9c0a8e55c1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md
index 15684d3085..370ce5130b 100644
--- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md
+++ b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Identify Differences Between GPOs, GPO Versions, or Templates
 description: Identify Differences Between GPOs, GPO Versions, or Templates
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e391fa91-3956-4150-9d43-900cfc88d543
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md
index f58f985f26..57a7719f21 100644
--- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md
+++ b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Identify Differences Between GPOs, GPO Versions, or Templates
 description: Identify Differences Between GPOs, GPO Versions, or Templates
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3f03c368-162b-450f-be6c-2807c3e8d741
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md
index 83ba8fada3..31a0ed88ed 100644
--- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md
+++ b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md
@@ -1,8 +1,11 @@
 ---
 title: Identify Differences Between GPOs, GPO Versions, or Templates
 description: Identify Differences Between GPOs, GPO Versions, or Templates
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6320afc4-af81-47e8-9f4c-463ff99d5a53
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md b/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md
index 172d641e83..259967c12d 100644
--- a/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md
+++ b/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from a File
 description: Import a GPO from a File
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2cbcda72-4de3-47ad-aaf8-4fc7341d5a00
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-a-file-ed.md b/mdop/agpm/import-a-gpo-from-a-file-ed.md
index ad52baee15..3019b67029 100644
--- a/mdop/agpm/import-a-gpo-from-a-file-ed.md
+++ b/mdop/agpm/import-a-gpo-from-a-file-ed.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from a File
 description: Import a GPO from a File
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6e901a52-1101-4fed-9f90-3819b573b378
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-agpm30ops.md b/mdop/agpm/import-a-gpo-from-production-agpm30ops.md
index 1b6fc4831e..06214d174c 100644
--- a/mdop/agpm/import-a-gpo-from-production-agpm30ops.md
+++ b/mdop/agpm/import-a-gpo-from-production-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 35c2a682-ece8-4577-a083-7e3e9facfd13
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-agpm40-app.md b/mdop/agpm/import-a-gpo-from-production-agpm40-app.md
index 0fc2a8a019..af00e3582a 100644
--- a/mdop/agpm/import-a-gpo-from-production-agpm40-app.md
+++ b/mdop/agpm/import-a-gpo-from-production-agpm40-app.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: c5b2f40d-1dc7-4dbf-b8b3-4d97ad73e1e5
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md b/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md
index 75a1e93314..a10d461d9e 100644
--- a/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md
+++ b/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ad14203a-2e6a-41d4-a05e-4508c80045fd
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-approver.md b/mdop/agpm/import-a-gpo-from-production-approver.md
index 55fa048aaa..6895bd2248 100644
--- a/mdop/agpm/import-a-gpo-from-production-approver.md
+++ b/mdop/agpm/import-a-gpo-from-production-approver.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 071270fa-1890-40ce-ab89-ce070a54aa59
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md b/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md
index f3e5076171..cc32d29e0f 100644
--- a/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md
+++ b/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ad90f13e-e73c-400f-b86f-c12f2e75d19d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/import-a-gpo-from-production-editor.md b/mdop/agpm/import-a-gpo-from-production-editor.md
index 1ab8ff19b0..3ee29adf06 100644
--- a/mdop/agpm/import-a-gpo-from-production-editor.md
+++ b/mdop/agpm/import-a-gpo-from-production-editor.md
@@ -1,8 +1,11 @@
 ---
 title: Import a GPO from Production
 description: Import a GPO from Production
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ffa02b2a-2a43-4fc0-a06e-7d4b59022cc3
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index c3b4414d7c..96315421b6 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -44,17 +44,17 @@ In addition to the product documentation available online, supplemental product
 
 
 
          MDOP Virtual Labs
          
-
          For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/?LinkId=234276) (https://go.microsoft.com/fwlink/?LinkId=234276).
          
+
          For a list of available MDOP virtual labs, go to Microsoft Desktop Optimization Pack (MDOP) Virtual Labs (https://go.microsoft.com/fwlink/?LinkId=234276).
          
 
 
 
          MDOP TechCenter
          
-
          For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/?LinkId=225286) (https://go.microsoft.com/fwlink/?LinkId=225286)
          
+
          For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to MDOP TechCenter (https://go.microsoft.com/fwlink/?LinkId=225286)
          
 
          
 
 
 
 
- 
+ 
 
 ## How to Get MDOP
 
@@ -70,9 +70,9 @@ MDOP subscribers can download the software at the [Microsoft Volume Licensing we
 **Purchase MDOP**
 Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md b/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md
index ec3a87bbdc..1aa5500034 100644
--- a/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md
+++ b/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Label the Current Version of a GPO
 description: Label the Current Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3845211a-0bc9-4875-9906-cb758c443825
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md b/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md
index fbe3c7b8f2..4a8c652822 100644
--- a/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md
+++ b/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Label the Current Version of a GPO
 description: Label the Current Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: cadc8769-21da-44b0-8122-6cafdb448913
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/label-the-current-version-of-a-gpo.md b/mdop/agpm/label-the-current-version-of-a-gpo.md
index 1c233077d6..23520638fb 100644
--- a/mdop/agpm/label-the-current-version-of-a-gpo.md
+++ b/mdop/agpm/label-the-current-version-of-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Label the Current Version of a GPO
 description: Label the Current Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5e4e50f8-e4a8-4bda-aac4-1569d5fbd6a7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md b/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md
index a2baa4af41..d119a83fa7 100644
--- a/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md
+++ b/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Limit the GPO Versions Stored
 description: Limit the GPO Versions Stored
-author: jamiejdt
+author: mjcaparas
 ms.assetid: da14edc5-0c36-4c54-b122-861c86b99eb1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
     **Important**  
     Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit.
 
-     
+     
 
 4.  Click the **Apply** button.
 
@@ -43,9 +46,9 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
 
 -   [Managing the Archive](managing-the-archive.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md b/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md
index 992a948ff1..2570da4136 100644
--- a/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md
+++ b/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Limit the GPO Versions Stored
 description: Limit the GPO Versions Stored
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d802c7b6-f303-4b23-aefd-f19f1300b0ff
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
     **Important**  
     Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit.
 
-     
+     
 
 4.  Click the **Apply** button.
 
@@ -43,9 +46,9 @@ A user account with the AGPM Administrator (Full Control) role or necessary perm
 
 -   [Managing the Archive](managing-the-archive-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/logging-and-tracing-settings-agpm30ops.md b/mdop/agpm/logging-and-tracing-settings-agpm30ops.md
index f6b44f355c..327edf7784 100644
--- a/mdop/agpm/logging-and-tracing-settings-agpm30ops.md
+++ b/mdop/agpm/logging-and-tracing-settings-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Logging and Tracing Settings
 description: Logging and Tracing Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 858b6fbf-65b4-42fa-95a9-69b04e5734d7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/logging-and-tracing-settings-agpm40.md b/mdop/agpm/logging-and-tracing-settings-agpm40.md
index 8dc6423659..3e42a4a154 100644
--- a/mdop/agpm/logging-and-tracing-settings-agpm40.md
+++ b/mdop/agpm/logging-and-tracing-settings-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Logging and Tracing Settings
 description: Logging and Tracing Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 66d03306-80d8-4132-bf71-2827157b1fc9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/logging-and-tracing-settings.md b/mdop/agpm/logging-and-tracing-settings.md
index 39ed63b471..ec78ccc511 100644
--- a/mdop/agpm/logging-and-tracing-settings.md
+++ b/mdop/agpm/logging-and-tracing-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Logging and Tracing Settings
 description: Logging and Tracing Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: db6b43c7-fdde-4d11-b5ab-a81346e56940
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/managing-the-agpm-service-agpm30ops.md b/mdop/agpm/managing-the-agpm-service-agpm30ops.md
index 7a4e22cf3a..9896b4a887 100644
--- a/mdop/agpm/managing-the-agpm-service-agpm30ops.md
+++ b/mdop/agpm/managing-the-agpm-service-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the AGPM Service
 description: Managing the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a522b1f1-c57b-43aa-9d75-acc6f9bedbf9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 -   [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md)
 
@@ -31,9 +34,9 @@ Do not modify settings for the AGPM Service through **Administrative Tools** and
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/managing-the-agpm-service-agpm40.md b/mdop/agpm/managing-the-agpm-service-agpm40.md
index 9d9ea8a720..96280adf4b 100644
--- a/mdop/agpm/managing-the-agpm-service-agpm40.md
+++ b/mdop/agpm/managing-the-agpm-service-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the AGPM Service
 description: Managing the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 48ca02aa-6acf-403b-afd4-66ae8a953246
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 -   [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md)
 
@@ -31,9 +34,9 @@ Do not modify settings for the AGPM Service through **Administrative Tools** and
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/managing-the-agpm-service.md b/mdop/agpm/managing-the-agpm-service.md
index c1fdfc3d68..174c061105 100644
--- a/mdop/agpm/managing-the-agpm-service.md
+++ b/mdop/agpm/managing-the-agpm-service.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the AGPM Service
 description: Managing the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 331f64d2-1236-4711-81b4-1b92f019bfa5
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 -   [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md)
 
@@ -29,9 +32,9 @@ Do not modify settings for the AGPM Service through **Administrative Tools** and
 
 -   [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/managing-the-archive-agpm40.md b/mdop/agpm/managing-the-archive-agpm40.md
index 7c7f6231e6..e22bed1a2d 100644
--- a/mdop/agpm/managing-the-archive-agpm40.md
+++ b/mdop/agpm/managing-the-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the Archive
 description: Managing the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b11a3d71-74ea-4dd7-b243-6f2880b7af2d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/managing-the-archive.md b/mdop/agpm/managing-the-archive.md
index 38c14277ec..ba25337775 100644
--- a/mdop/agpm/managing-the-archive.md
+++ b/mdop/agpm/managing-the-archive.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the Archive
 description: Managing the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 7c7654e9-ab0e-4531-8ef7-ae77ef391620
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/modify-the-agpm-service-account.md b/mdop/agpm/modify-the-agpm-service-account.md
index 207b0f5527..21bd9e501c 100644
--- a/mdop/agpm/modify-the-agpm-service-account.md
+++ b/mdop/agpm/modify-the-agpm-service-account.md
@@ -1,8 +1,11 @@
 ---
 title: Modify the AGPM Service Account
 description: Modify the AGPM Service Account
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0d8d8c7b-f299-4fee-8414-406492156942
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ The archive path and AGPM Service Account are configured during the installation
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure.
 
@@ -30,7 +33,7 @@ The AGPM Service Account must have full access to the GPOs that it will manage a
 
 If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains.
 
- 
+ 
 
 **To modify the AGPM Service Account**
 
@@ -54,9 +57,9 @@ If you will be managing GPOs on multiple domains or if a member server will be t
 
 -   [Managing the AGPM Service](managing-the-agpm-service.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/modify-the-agpm-service-agpm30ops.md b/mdop/agpm/modify-the-agpm-service-agpm30ops.md
index a111d6f4a5..ce08a4d000 100644
--- a/mdop/agpm/modify-the-agpm-service-agpm30ops.md
+++ b/mdop/agpm/modify-the-agpm-service-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Modify the AGPM Service
 description: Modify the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3485f85f-59d1-48dc-8748-36826214dcb1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to complete this procedure.
 
@@ -42,7 +45,7 @@ A user account that is a member of the Domain Admins group and has access to the
         **Important**  
         The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server.
 
-         
+         
 
     2.  In the **AGPM Service Account** dialog box, enter credentials for a service account under which the AGPM Service will run, and click **Next**.
 
@@ -53,14 +56,14 @@ A user account that is a member of the Domain Admins group and has access to the
 
         If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains.
 
-         
+         
 
     3.  In the **Archive Owner** dialog box, enter the user name of an AGPM Administrator (Full Control) or group of AGPM Administrators, and click **Next**.
 
         **Note**  
         Modifying the installation clears the credentials for the Archive Owner. You must re-enter credentials, but they are not required to match the credentials used during the original installation.
 
-         
+         
 
     4.  In the **Port Configuration** dialog box, type a new port on which the AGPM Service should listen or confirm the port currently selected, and click **Next**.
 
@@ -69,7 +72,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
         If you manually configure port exceptions or have rules configuring port exceptions, you can clear the **Add port exception to firewall** check box.
 
-         
+         
 
 5.  Click **Change**, and when the installation is complete click **Finish**.
 
@@ -81,9 +84,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/modify-the-agpm-service-agpm40.md b/mdop/agpm/modify-the-agpm-service-agpm40.md
index 9c780a1547..20ec5c3a65 100644
--- a/mdop/agpm/modify-the-agpm-service-agpm40.md
+++ b/mdop/agpm/modify-the-agpm-service-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Modify the AGPM Service
 description: Modify the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3239d088-bb86-4ec4-bc56-dbe8f1c710f5
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Caution**  
 Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
- 
+ 
 
 A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to complete this procedure.
 
@@ -38,7 +41,7 @@ A user account that is a member of the Domain Admins group and has access to the
         **Important**  
         The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server.
 
-         
+         
 
     2.  In the **AGPM Service Account** dialog box, enter credentials for a service account under which the AGPM Service will run, and click **Next**.
 
@@ -49,14 +52,14 @@ A user account that is a member of the Domain Admins group and has access to the
 
         If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains.
 
-         
+         
 
     3.  In the **Archive Owner** dialog box, enter the user name of an AGPM Administrator (Full Control) or group of AGPM Administrators, and click **Next**.
 
         **Note**  
         Modifying the installation clears the credentials for the Archive Owner. You must re-enter credentials, but they are not required to match the credentials used during the original installation.
 
-         
+         
 
     4.  In the **Port Configuration** dialog box, type a new port on which the AGPM Service should listen or confirm the port currently selected, and click **Next**.
 
@@ -65,7 +68,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
         If you manually configure port exceptions or have rules configuring port exceptions, you can clear the **Add port exception to firewall** check box.
 
-         
+         
 
 5.  Click **Change**, and when the installation is complete click **Finish**.
 
@@ -77,9 +80,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Managing the AGPM Service](managing-the-agpm-service-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/modify-the-archive-path.md b/mdop/agpm/modify-the-archive-path.md
index 19775ccfa6..0e52f280d7 100644
--- a/mdop/agpm/modify-the-archive-path.md
+++ b/mdop/agpm/modify-the-archive-path.md
@@ -1,8 +1,11 @@
 ---
 title: Modify the Archive Path
 description: Modify the Archive Path
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6d90daf9-58db-4166-b5b3-e84bb261164a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -41,7 +44,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
         If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains.
 
-         
+         
 
     3.  For the archive owner, enter the credentials of an AGPM Administrator (Full Control).
 
@@ -51,9 +54,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Managing the AGPM Service](managing-the-agpm-service.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md b/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md
index e96c539572..6ad27ab0b6 100644
--- a/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md
+++ b/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md
@@ -1,8 +1,11 @@
 ---
 title: Modify the Port on Which the AGPM Service Listens
 description: Modify the Port on Which the AGPM Service Listens
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a82c6873-e916-4a04-b263-aa612cd6956b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Note**  
 Before modifying the port on which the AGPM Service listens, it is recommended that you back up the AGPM archive index file (gpostate.xml). This file is located in the folder entered as the archive path during the installation of Advanced Group Policy Management - Server. By default, this location of this file is %CommonAppData%\\Microsoft\\AGPM\\gpostate.xml on the AGPM Server. If you do not know which computer hosts the archive, you can follow the procedure for modifying the archive path to display the current archive path. For more information, see [Modify the Archive Path](modify-the-archive-path.md).
 
- 
+ 
 
 A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) and the archive index file is required to complete this procedure.
 
@@ -41,9 +44,9 @@ A user account with access to the AGPM Server (the computer on which the AGPM Se
 
 -   [Managing the AGPM Service](managing-the-agpm-service.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
index 14cfd0268c..027abbaaa7 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Move the AGPM Server and the Archive
 description: Move the AGPM Server and the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9ec48d3a-c293-45f0-8939-32ccdc062303
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you are replacing the AGPM Server and the server on which the archive is host
 
 -   By default, the archive is hosted on the AGPM Server, but you can specify an archive path to host it on another server instead.
 
- 
+ 
 
 A user account that is a member of the Domain Admins group and has access to the previous and new AGPM Servers is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to be used by the new AGPM Server to complete this procedure.
 
@@ -40,7 +43,7 @@ A user account that is a member of the Domain Admins group and has access to the
         **Note**  
         As a best practice, you should uninstall Microsoft Advanced Group Policy Management – Server from the previous AGPM Server. This will ensure that the AGPM Service cannot be unintentionally restarted on that server and potentially cause confusion if any AGPM Server connections to it remain.
 
-         
+         
 
 3.  Copy the archive from the backup to the new server that will host the archive. For more information, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md).
 
@@ -51,7 +54,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     2.  You must re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md).
 
-     
+     
 
 ### Additional references
 
@@ -69,9 +72,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive.md b/mdop/agpm/move-the-agpm-server-and-the-archive.md
index c5fd297983..93f0d42c02 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive.md
@@ -1,8 +1,11 @@
 ---
 title: Move the AGPM Server and the Archive
 description: Move the AGPM Server and the Archive
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 13cb83c4-bb42-4e81-8660-5b7540f473d8
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you are replacing the AGPM Server and the server on which the archive is host
 
 -   By default, the archive is hosted on the AGPM Server, but you can specify an archive path to host it on another server instead.
 
- 
+ 
 
 A user account that is a member of the Domain Admins group and has access to the previous and new AGPM Servers is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to be used by the new AGPM Server to complete this procedure.
 
@@ -40,7 +43,7 @@ A user account that is a member of the Domain Admins group and has access to the
         **Note**  
         As a best practice, you should uninstall Microsoft Advanced Group Policy Management – Server from the previous AGPM Server. This will ensure that the AGPM Service cannot be unintentionally restarted on that server and potentially cause confusion if any AGPM Server connections to it remain.
 
-         
+         
 
 3.  Copy the archive from the backup to the new server that will host the archive. For more information, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md).
 
@@ -51,7 +54,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     2.  You must re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md).
 
-     
+     
 
 ### Additional references
 
@@ -69,9 +72,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md
index b55f380d6c..464ddc37b5 100644
--- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md
+++ b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md
@@ -1,8 +1,11 @@
 ---
 title: Operations Guide for Microsoft Advanced Group Policy Management 2.5
 description: Operations Guide for Microsoft Advanced Group Policy Management 2.5
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 005f0bb5-789f-42a9-bcaf-7e8c31a8df66
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md
index aba11693ff..eaa5a661af 100644
--- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md
+++ b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Operations Guide for Microsoft Advanced Group Policy Management 3.0
 description: Operations Guide for Microsoft Advanced Group Policy Management 3.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: aaefe6d1-a9e5-43eb-b4d8-85880798cb8b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md
index 4d10c6c54b..7243627a33 100644
--- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md
@@ -1,8 +1,11 @@
 ---
 title: Operations Guide for Microsoft Advanced Group Policy Management 4.0
 description: Operations Guide for Microsoft Advanced Group Policy Management 4.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0bafeba3-20a9-4360-be5d-03f786df11ee
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/other-enhancements-to-the-gpmc.md b/mdop/agpm/other-enhancements-to-the-gpmc.md
index cf52c01209..d68a942bcd 100644
--- a/mdop/agpm/other-enhancements-to-the-gpmc.md
+++ b/mdop/agpm/other-enhancements-to-the-gpmc.md
@@ -1,8 +1,11 @@
 ---
 title: Other Enhancements to the GPMC
 description: Other Enhancements to the GPMC
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ef344101-17e1-4e06-9dc8-2f20ca796774
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md
index 0f63c731ae..e14a1f4b10 100644
--- a/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md
+++ b/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of Advanced Group Policy Management
 description: Overview of Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3a8d1e58-12b9-42bd-898f-6d57514dfbb9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md b/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md
index 8f3cacc31b..4d4f47e6ad 100644
--- a/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md
+++ b/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of Advanced Group Policy Management
 description: Overview of Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2c12f3b4-8472-4c5b-b7f8-1c98a80d6b47
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/overview-of-advanced-group-policy-management.md b/mdop/agpm/overview-of-advanced-group-policy-management.md
index 895f84b049..6bbb659ca4 100644
--- a/mdop/agpm/overview-of-advanced-group-policy-management.md
+++ b/mdop/agpm/overview-of-advanced-group-policy-management.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of Advanced Group Policy Management
 description: Overview of Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 028de9dd-848b-42bc-a982-65ba5c433772
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/pending-gpo-commands-agpm30ops.md b/mdop/agpm/pending-gpo-commands-agpm30ops.md
index f85e8c4a53..c155fbc2cf 100644
--- a/mdop/agpm/pending-gpo-commands-agpm30ops.md
+++ b/mdop/agpm/pending-gpo-commands-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Pending GPO Commands
 description: Pending GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3868dda0-8a41-4bba-9b0c-9f656f9a3cd5
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/pending-gpo-commands-agpm40.md b/mdop/agpm/pending-gpo-commands-agpm40.md
index b216a3e7ed..1e6862db89 100644
--- a/mdop/agpm/pending-gpo-commands-agpm40.md
+++ b/mdop/agpm/pending-gpo-commands-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Pending GPO Commands
 description: Pending GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b62f49e1-43ab-4c93-8102-96cd97a4adad
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/pending-tab.md b/mdop/agpm/pending-tab.md
index fc93c3d1c9..4ee185771f 100644
--- a/mdop/agpm/pending-tab.md
+++ b/mdop/agpm/pending-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Pending Tab
 description: Pending Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 54a9a977-c0bc-4553-922b-b2e10e162df9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md b/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md
index 00f29a8d57..b23cff06c7 100644
--- a/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md
+++ b/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Performing AGPM Administrator Tasks
 description: Performing AGPM Administrator Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9678b0f4-70a5-411e-a896-afa4dc9ea6c4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md b/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md
index 3d4f052a7c..aa73d0ac46 100644
--- a/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md
+++ b/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Performing AGPM Administrator Tasks
 description: Performing AGPM Administrator Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bc746f39-bdc9-4e2a-bc48-c3c7905de098
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -35,7 +38,7 @@ Because the AGPM Administrator role includes the permissions for all other roles
 
 [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md), such as reviewing settings and comparing GPOs
 
- 
+ 
 
 ### Additional considerations
 
@@ -65,9 +68,9 @@ By default, the AGPM Administrator role has Full Control—all AGPM permissions:
 
 The **Modify Options** and **Modify Security** permissions are unique to the role of AGPM Administrator.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-agpm-administrator-tasks.md b/mdop/agpm/performing-agpm-administrator-tasks.md
index 038af8f501..ebc6992639 100644
--- a/mdop/agpm/performing-agpm-administrator-tasks.md
+++ b/mdop/agpm/performing-agpm-administrator-tasks.md
@@ -1,8 +1,11 @@
 ---
 title: Performing AGPM Administrator Tasks
 description: Performing AGPM Administrator Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 32e694a7-be64-4943-bce2-2a3a15e5341f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/performing-approver-tasks-agpm30ops.md b/mdop/agpm/performing-approver-tasks-agpm30ops.md
index 71f239915c..457707ad10 100644
--- a/mdop/agpm/performing-approver-tasks-agpm30ops.md
+++ b/mdop/agpm/performing-approver-tasks-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Approver Tasks
 description: Performing Approver Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9f711824-191b-4b4b-a1c6-a3b2116006a4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ An Approver is a person authorized by an AGPM Administrator (Full Control) to cr
 **Important**  
 Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md).
 
- 
+ 
 
 -   [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md)
 
@@ -36,7 +39,7 @@ Make sure that you are connecting to the central archive for GPOs. For more info
 **Note**  
 Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ By default, the following permissions are provided for the Approver role:
 
 Also, an Approver has full control over GPOs that he created or controlled.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-approver-tasks-agpm40.md b/mdop/agpm/performing-approver-tasks-agpm40.md
index 5f672fa959..8a19c9ecda 100644
--- a/mdop/agpm/performing-approver-tasks-agpm40.md
+++ b/mdop/agpm/performing-approver-tasks-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Approver Tasks
 description: Performing Approver Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e0a4b7fe-ce69-4755-9104-c7f523ea6b62
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ An Approver is a person authorized by an AGPM Administrator (Full Control) to cr
 **Important**  
 Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md).
 
- 
+ 
 
 -   [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md)
 
@@ -36,7 +39,7 @@ Make sure that you are connecting to the central archive for GPOs. For more info
 **Note**  
 Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ By default, the following permissions are provided for the Approver role:
 
 Also, an Approver has full control over GPOs that he created or controlled.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-approver-tasks.md b/mdop/agpm/performing-approver-tasks.md
index b3f77c0555..ce05f48885 100644
--- a/mdop/agpm/performing-approver-tasks.md
+++ b/mdop/agpm/performing-approver-tasks.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Approver Tasks
 description: Performing Approver Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 6f6310b3-19c1-47c9-8615-964ddd10ce14
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ An Approver is a person authorized by an AGPM Administrator (Full Control) to cr
 **Important**  
 Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md).
 
- 
+ 
 
 -   [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)
 
@@ -36,7 +39,7 @@ Ensure that you are connecting to the central archive for GPOs. For more informa
 **Note**  
 Because the Approver role includes the permissions for the Reviewer role, an Approver can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ By default, the following permissions are provided for the Approver role:
 
 Also, an Approver has full control over GPOs that he created or controlled.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-editor-tasks-agpm30ops.md b/mdop/agpm/performing-editor-tasks-agpm30ops.md
index b23493f83f..abc69827c2 100644
--- a/mdop/agpm/performing-editor-tasks-agpm30ops.md
+++ b/mdop/agpm/performing-editor-tasks-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Editor Tasks
 description: Performing Editor Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d4ac3277-2557-41cf-ac90-5adb6c30687c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ An Editor is a person authorized by an AGPM Administrator (Full Control) to make
 **Important**  
 Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md).
 
- 
+ 
 
 -   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md)
 
@@ -32,7 +35,7 @@ Ensure that you are connecting to the central archive for GPOs. For more informa
 **Note**  
 Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -46,9 +49,9 @@ By default, the following permissions are provided for the Editor role:
 
 -   Create Template
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-editor-tasks-agpm40.md b/mdop/agpm/performing-editor-tasks-agpm40.md
index dd4b932e6d..b776479dfc 100644
--- a/mdop/agpm/performing-editor-tasks-agpm40.md
+++ b/mdop/agpm/performing-editor-tasks-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Editor Tasks
 description: Performing Editor Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 81976a01-2a95-4256-b703-9fb3c884ef34
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ In Advanced Group Policy Management (AGPM), an Editor is a person authorized by
 **Important**  
 Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md).
 
- 
+ 
 
 -   [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md)
 
@@ -36,7 +39,7 @@ Make sure that you are connecting to the central archive for GPOs. For more info
 **Note**  
 Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -54,9 +57,9 @@ By default, the following permissions are provided for the Editor role:
 
 -   Create Template
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-editor-tasks.md b/mdop/agpm/performing-editor-tasks.md
index 6d0ec33db4..eeea2a652c 100644
--- a/mdop/agpm/performing-editor-tasks.md
+++ b/mdop/agpm/performing-editor-tasks.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Editor Tasks
 description: Performing Editor Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b1e62615-2e02-460e-81d1-4a3fbe59f62d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ An Editor is a person authorized by an AGPM Administrator (Full Control) to make
 **Important**  
 Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md).
 
- 
+ 
 
 -   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md)
 
@@ -32,7 +35,7 @@ Ensure that you are connecting to the central archive for GPOs. For more informa
 **Note**  
 Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks.md) for more information.
 
- 
+ 
 
 ### Additional considerations
 
@@ -46,9 +49,9 @@ By default, the following permissions are provided for the Editor role:
 
 -   Create Template
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/performing-reviewer-tasks-agpm30ops.md b/mdop/agpm/performing-reviewer-tasks-agpm30ops.md
index 9da7ecfaf4..94d4b73d01 100644
--- a/mdop/agpm/performing-reviewer-tasks-agpm30ops.md
+++ b/mdop/agpm/performing-reviewer-tasks-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Reviewer Tasks
 description: Performing Reviewer Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 1faf396d-be0d-49ac-b063-0722fda2e43d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/performing-reviewer-tasks-agpm40.md b/mdop/agpm/performing-reviewer-tasks-agpm40.md
index 9c9f34dd64..5bf87e09a7 100644
--- a/mdop/agpm/performing-reviewer-tasks-agpm40.md
+++ b/mdop/agpm/performing-reviewer-tasks-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Reviewer Tasks
 description: Performing Reviewer Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b5f0805c-da55-45a5-a94c-2473af92b54a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/performing-reviewer-tasks.md b/mdop/agpm/performing-reviewer-tasks.md
index 9a7cfb77c2..aa542e0ac9 100644
--- a/mdop/agpm/performing-reviewer-tasks.md
+++ b/mdop/agpm/performing-reviewer-tasks.md
@@ -1,8 +1,11 @@
 ---
 title: Performing Reviewer Tasks
 description: Performing Reviewer Tasks
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4bdd43fa-5c73-4900-8947-b45906f47f60
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/production-delegation-tab-agpm30ops.md b/mdop/agpm/production-delegation-tab-agpm30ops.md
index 9525a5030f..efa8ccb039 100644
--- a/mdop/agpm/production-delegation-tab-agpm30ops.md
+++ b/mdop/agpm/production-delegation-tab-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Production Delegation Tab
 description: Production Delegation Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9851637d-d5c1-4d29-8582-e8779500a14e
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/production-delegation-tab-agpm40.md b/mdop/agpm/production-delegation-tab-agpm40.md
index 1e9a808eef..29e323127c 100644
--- a/mdop/agpm/production-delegation-tab-agpm40.md
+++ b/mdop/agpm/production-delegation-tab-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Production Delegation Tab
 description: Production Delegation Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 046bb9bc-769a-4306-bc49-c159a9533552
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/recycle-bin-commands-agpm30ops.md b/mdop/agpm/recycle-bin-commands-agpm30ops.md
index a26de82f05..baf41c217c 100644
--- a/mdop/agpm/recycle-bin-commands-agpm30ops.md
+++ b/mdop/agpm/recycle-bin-commands-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Recycle Bin Commands
 description: Recycle Bin Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: ffe8f020-7aa9-40ad-8019-cc99901a7840
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/recycle-bin-commands-agpm40.md b/mdop/agpm/recycle-bin-commands-agpm40.md
index ea9308d563..ddd12cfd22 100644
--- a/mdop/agpm/recycle-bin-commands-agpm40.md
+++ b/mdop/agpm/recycle-bin-commands-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Recycle Bin Commands
 description: Recycle Bin Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 347a101f-0ba0-4afc-bd59-752cc06bb904
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/recycle-bin-tab.md b/mdop/agpm/recycle-bin-tab.md
index 7e684f4fb5..95d40a6e1d 100644
--- a/mdop/agpm/recycle-bin-tab.md
+++ b/mdop/agpm/recycle-bin-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Recycle Bin Tab
 description: Recycle Bin Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9ce62e98-c03e-4a75-90e0-51be83c6d2db
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
index 5252da0ff0..f72ca9d61d 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1
 description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 91835bf8-e53c-4202-986e-8d37050d1267
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
index c417fd3031..e5a7a19136 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2
 description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0593cd11-3308-4942-bf19-8a7bb9447f01
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
index 876c5e1474..2c9d766a6d 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3
 description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 955d7674-a8d9-4fc5-b18a-5a1639e38014
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
index 0fe9f4eaae..caa920e145 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for Microsoft Advanced Group Policy Management 4.0
 description: Release Notes for Microsoft Advanced Group Policy Management 4.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 44c19e61-c8e8-48aa-a2c2-20396d14d5bb
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md b/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md
index 6b1a3f3e3d..3aa827f71f 100644
--- a/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md
+++ b/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Rename a GPO or Template
 description: Rename a GPO or Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 19d17ddf-8b58-4677-929e-9550fa388b93
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/rename-a-gpo-or-template-agpm40.md b/mdop/agpm/rename-a-gpo-or-template-agpm40.md
index a8e3ddcc5b..7befd4f578 100644
--- a/mdop/agpm/rename-a-gpo-or-template-agpm40.md
+++ b/mdop/agpm/rename-a-gpo-or-template-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Rename a GPO or Template
 description: Rename a GPO or Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 84293f7a-4ff7-497e-bdbc-cabb70189a03
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/rename-a-gpo-or-template.md b/mdop/agpm/rename-a-gpo-or-template.md
index 9e21324eea..3a2a71a243 100644
--- a/mdop/agpm/rename-a-gpo-or-template.md
+++ b/mdop/agpm/rename-a-gpo-or-template.md
@@ -1,8 +1,11 @@
 ---
 title: Rename a GPO or Template
 description: Rename a GPO or Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 64a1aaf4-f672-48b5-94c6-473bf1076cf3
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md b/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md
index 7c7a7d2e52..e58c025f14 100644
--- a/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md
+++ b/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Request Control of a Previously Uncontrolled GPO
 description: Request Control of a Previously Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 00e8725d-5d7f-4eed-a5e6-c3631632cfbd
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md
index 9ed9338221..3d14dbd600 100644
--- a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md
+++ b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Request Control of an Uncontrolled GPO
 description: Request Control of an Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b668a67a-5a2c-4f6a-8b1c-efa3ca0794d4
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md
index 13d0c681fc..86d8e3030f 100644
--- a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md
+++ b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Request Control of an Uncontrolled GPO
 description: Request Control of an Uncontrolled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: a34e0aeb-33a1-4c9f-b187-1d08493a785c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md b/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md
index be73f3d7cc..7f2ecf3393 100644
--- a/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md
+++ b/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Request Deletion of a GPO
 description: Request Deletion of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 576ece5c-dc6d-4b5e-8628-01c15ae2c9a8
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-deletion-of-a-gpo-agpm40.md b/mdop/agpm/request-deletion-of-a-gpo-agpm40.md
index 0dacac9629..844b1cad3c 100644
--- a/mdop/agpm/request-deletion-of-a-gpo-agpm40.md
+++ b/mdop/agpm/request-deletion-of-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Request Deletion of a GPO
 description: Request Deletion of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2410f7a1-ccca-44cf-ab26-76ad474409e7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md b/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md
index cd06413149..a1fb49a16f 100644
--- a/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md
+++ b/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Request Deployment of a GPO
 description: Request Deployment of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f44ae0fb-bcf7-477b-b99e-9dd6a55ee597
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-deployment-of-a-gpo-agpm40.md b/mdop/agpm/request-deployment-of-a-gpo-agpm40.md
index 351e8091fe..334d30d658 100644
--- a/mdop/agpm/request-deployment-of-a-gpo-agpm40.md
+++ b/mdop/agpm/request-deployment-of-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Request Deployment of a GPO
 description: Request Deployment of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5783cfd0-bd93-46b4-8fa0-684bd39aa8fc
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-deployment-of-a-gpo.md b/mdop/agpm/request-deployment-of-a-gpo.md
index 031eb90227..fd81f52490 100644
--- a/mdop/agpm/request-deployment-of-a-gpo.md
+++ b/mdop/agpm/request-deployment-of-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Request Deployment of a GPO
 description: Request Deployment of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9aa9af29-4754-4f72-b624-bb3e1087cbe1
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md
index 9a0ff2a46c..5eea73eb07 100644
--- a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md
+++ b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Request Restoration of a Deleted GPO
 description: Request Restoration of a Deleted GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: dcc3baea-8af7-4886-a301-98b6ac5819cd
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Editor role or necessary permissions in Advanced Group P
 **Note**  
 If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).
 
- 
+ 
 
 ### Additional considerations
 
@@ -45,9 +48,9 @@ If a GPO was deleted from the production environment, restoring it to the archiv
 
 -   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md
index 92aaa88e07..9a569cc216 100644
--- a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md
+++ b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Request Restoration of a Deleted GPO
 description: Request Restoration of a Deleted GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bac5ca3b-be47-49b5-bf1b-96280625fda8
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Editor role or necessary permissions in Advanced Group P
 **Note**  
 If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md).
 
- 
+ 
 
 ### Additional considerations
 
@@ -45,9 +48,9 @@ If a GPO was deleted from the production environment, restoring it to the archiv
 
 -   [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md
index 428ab4dd91..9c7adfcc7c 100644
--- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md
+++ b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Request the Creation of a New Controlled GPO
 description: Request the Creation of a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 4194c2f3-8116-4a35-be1a-81c84072daec
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md
index cbb1507a80..155d54a519 100644
--- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md
+++ b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Request the Creation of a New Controlled GPO
 description: Request the Creation of a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: cb265238-386f-4780-a59a-0c9a4a87d736
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md
index f582317b23..be1818d321 100644
--- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md
+++ b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Request the Creation of a New Controlled GPO
 description: Request the Creation of a New Controlled GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e1875d81-8553-42ee-8f3a-023d6ced86ca
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/resources-for-agpm.md b/mdop/agpm/resources-for-agpm.md
index 034f124b5f..310dda78df 100644
--- a/mdop/agpm/resources-for-agpm.md
+++ b/mdop/agpm/resources-for-agpm.md
@@ -1,8 +1,11 @@
 ---
 title: Resources for AGPM
 description: Resources for AGPM
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b44b58c0-2810-40d6-9677-f2f64e1add75
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md b/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md
index fac192ab4d..5f46d1b370 100644
--- a/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md
+++ b/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Restore a Deleted GPO
 description: Restore a Deleted GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 853feb0a-d2d9-4be9-a07e-e113a56a9968
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ If a GPO was deleted from the production environment, restoring it to the archiv
 
 -   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/restore-a-deleted-gpo-agpm40.md b/mdop/agpm/restore-a-deleted-gpo-agpm40.md
index 5574466f98..d68d3dc138 100644
--- a/mdop/agpm/restore-a-deleted-gpo-agpm40.md
+++ b/mdop/agpm/restore-a-deleted-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Restore a Deleted GPO
 description: Restore a Deleted GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0a131d26-a741-4a51-b612-c0bc7dbba06b
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ If a GPO was deleted from the production environment, restoring it to the archiv
 
 -   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/restore-a-deleted-gpo.md b/mdop/agpm/restore-a-deleted-gpo.md
index a1c6654b55..27a79b4d0e 100644
--- a/mdop/agpm/restore-a-deleted-gpo.md
+++ b/mdop/agpm/restore-a-deleted-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Restore a Deleted GPO
 description: Restore a Deleted GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e6953296-7b7d-4d1e-ad82-d4a23044cdd7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Editor, Approver, or AGPM Administrator (Full Control) r
 **Note**  
 If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo.md).
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ If a GPO was deleted from the production environment, restoring it to the archiv
 
 -   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md b/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md
index 949add81e2..35d0247a88 100644
--- a/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md
+++ b/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Restore the Archive from a Backup
 description: Restore the Archive from a Backup
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b83f6173-a236-4da2-b16e-8df20920d4cc
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/restore-the-archive-from-a-backup.md b/mdop/agpm/restore-the-archive-from-a-backup.md
index 24f21d9bb0..597857d21f 100644
--- a/mdop/agpm/restore-the-archive-from-a-backup.md
+++ b/mdop/agpm/restore-the-archive-from-a-backup.md
@@ -1,8 +1,11 @@
 ---
 title: Restore the Archive from a Backup
 description: Restore the Archive from a Backup
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 49666337-d72c-4e44-99e4-9eb59b2355a9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-links-agpm30ops.md b/mdop/agpm/review-gpo-links-agpm30ops.md
index 2dc27c3645..f76ec518b9 100644
--- a/mdop/agpm/review-gpo-links-agpm30ops.md
+++ b/mdop/agpm/review-gpo-links-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Links
 description: Review GPO Links
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5ae95afc-2b89-45cf-916c-efe2d43b2211
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-links-agpm40.md b/mdop/agpm/review-gpo-links-agpm40.md
index b091fe7b5e..46af2603fc 100644
--- a/mdop/agpm/review-gpo-links-agpm40.md
+++ b/mdop/agpm/review-gpo-links-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Links
 description: Review GPO Links
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3aaba9da-f0aa-466f-bd1c-49f11d00ea54
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-links.md b/mdop/agpm/review-gpo-links.md
index 744acfe88b..e0569fce2c 100644
--- a/mdop/agpm/review-gpo-links.md
+++ b/mdop/agpm/review-gpo-links.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Links
 description: Review GPO Links
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 3c472448-f16a-493c-a229-5ca60a470965
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-settings-agpm30ops.md b/mdop/agpm/review-gpo-settings-agpm30ops.md
index 8aa78566fc..5568f18e0f 100644
--- a/mdop/agpm/review-gpo-settings-agpm30ops.md
+++ b/mdop/agpm/review-gpo-settings-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Settings
 description: Review GPO Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bed956d0-082e-4fa9-bf1e-572d0d3d02ec
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-settings-agpm40.md b/mdop/agpm/review-gpo-settings-agpm40.md
index e0cc440c5a..2b24c18e22 100644
--- a/mdop/agpm/review-gpo-settings-agpm40.md
+++ b/mdop/agpm/review-gpo-settings-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Settings
 description: Review GPO Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: c346bcde-dd6a-4775-aeab-721ca3a361b2
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/review-gpo-settings.md b/mdop/agpm/review-gpo-settings.md
index a2b5ace52f..406ad65b0c 100644
--- a/mdop/agpm/review-gpo-settings.md
+++ b/mdop/agpm/review-gpo-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Review GPO Settings
 description: Review GPO Settings
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e82570b2-d8ce-4bf0-8ad7-8910409f3041
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md
index 3df1a1b26e..14901c7456 100644
--- a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md
+++ b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Roll Back to a Previous Version of a GPO
 description: Roll Back to a Previous Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2a98ad8f-32cb-41eb-ab99-0318f2a55d81
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**.
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ To verify that the version that has been redeployed matches the version intended
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md
index 423e99d924..2363f2055b 100644
--- a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md
+++ b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md
@@ -1,8 +1,11 @@
 ---
 title: Roll Back to a Previous Version of a GPO
 description: Roll Back to a Previous Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 028631c0-4cb9-4642-90ad-04cd813051b7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**.
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ To verify that the version that has been redeployed matches the version intended
 
 -   [Performing Approver Tasks](performing-approver-tasks.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md b/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md
index 3ba1c30f3f..5a9b000943 100644
--- a/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md
+++ b/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Roll Back to an Earlier Version of a GPO
 description: Roll Back to an Earlier Version of a GPO
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 06ce9251-95e0-46d0-99c2-b9a0690e5891
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ A user account with the Approver or AGPM Administrator (Full Control) role or ne
 **Note**  
 To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**.
 
- 
+ 
 
 ### Additional considerations
 
@@ -43,9 +46,9 @@ To verify that the version that has been redeployed matches the version intended
 
 -   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/search-and-filter-the-list-of-gpos.md b/mdop/agpm/search-and-filter-the-list-of-gpos.md
index 05bea8ac48..51af8002eb 100644
--- a/mdop/agpm/search-and-filter-the-list-of-gpos.md
+++ b/mdop/agpm/search-and-filter-the-list-of-gpos.md
@@ -1,8 +1,11 @@
 ---
 title: Search and Filter the List of GPOs
 description: Search and Filter the List of GPOs
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 1bc58a38-033c-4aed-9eb4-c239827f5501
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/set-a-default-template-agpm30ops.md b/mdop/agpm/set-a-default-template-agpm30ops.md
index 002227f846..aab61140e4 100644
--- a/mdop/agpm/set-a-default-template-agpm30ops.md
+++ b/mdop/agpm/set-a-default-template-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Set a Default Template
 description: Set a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 84edbd69-451b-4c10-a898-781d4b75d09c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ As an Editor, you can specify which of the available templates will be the defau
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -51,9 +54,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/set-a-default-template-agpm40.md b/mdop/agpm/set-a-default-template-agpm40.md
index fb4bda9884..68c165be29 100644
--- a/mdop/agpm/set-a-default-template-agpm40.md
+++ b/mdop/agpm/set-a-default-template-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Set a Default Template
 description: Set a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 07208b6b-cb3a-4f6c-9c84-36d4dc1486d8
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ As an Editor, you can specify which of the available templates will be the defau
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -51,9 +54,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/set-a-default-template.md b/mdop/agpm/set-a-default-template.md
index b73319daa1..354b961123 100644
--- a/mdop/agpm/set-a-default-template.md
+++ b/mdop/agpm/set-a-default-template.md
@@ -1,8 +1,11 @@
 ---
 title: Set a Default Template
 description: Set a Default Template
-author: jamiejdt
+author: mjcaparas
 ms.assetid: e0acf980-437f-4357-b237-298aaebe490d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ As an Editor, you can specify which of the available templates will be the defau
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
 
@@ -51,9 +54,9 @@ A user account with the Editor or AGPM Administrator (Full Control) role or nece
 
 -   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md b/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md
index 8f8f7492a3..bd04d77d92 100644
--- a/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md
+++ b/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Start and Stop the AGPM Service
 description: Start and Stop the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b9d26920-c439-4992-9a78-73e4fba8309d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Important**  
 Stopping or disabling the AGPM Service will prevent AGPM Clients from performing any operations (such as listing or editing GPOs) through the server.
 
- 
+ 
 
 A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure.
 
@@ -32,15 +35,15 @@ A user account with access to the AGPM Server (the computer on which the AGPM Se
     **Caution**  
     Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
-     
+     
 
 ### Additional references
 
 -   [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md b/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md
index 31041a8b38..7d19498e83 100644
--- a/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md
+++ b/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Start and Stop the AGPM Service
 description: Start and Stop the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: dcc9566c-c515-4fbe-b7f5-8ac030141307
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Important**  
 Stopping or disabling the AGPM Service will prevent AGPM Clients from performing any operations (such as listing or editing GPOs) through the server.
 
- 
+ 
 
 A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure.
 
@@ -32,15 +35,15 @@ A user account with access to the AGPM Server (the computer on which the AGPM Se
     **Caution**  
     Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting.
 
-     
+     
 
 ### Additional references
 
 -   [Managing the AGPM Service](managing-the-agpm-service-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/start-and-stop-the-agpm-service.md b/mdop/agpm/start-and-stop-the-agpm-service.md
index 6a84cc5488..05cb3f8cc5 100644
--- a/mdop/agpm/start-and-stop-the-agpm-service.md
+++ b/mdop/agpm/start-and-stop-the-agpm-service.md
@@ -1,8 +1,11 @@
 ---
 title: Start and Stop the AGPM Service
 description: Start and Stop the AGPM Service
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 769aa0ce-224a-446f-9958-9518af4ad159
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The AGPM Service is a Windows service that acts as a security proxy, managing cl
 **Important**  
 Stopping or disabling the AGPM Service will prevent AGPM clients from performing any operations (such as listing or editing GPOs) through the server.
 
- 
+ 
 
 A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure.
 
@@ -32,15 +35,15 @@ A user account with access to the AGPM Server (the computer on which the AGPM Se
     **Caution**  
     Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. To modify settings for the service, see [Managing the AGPM Service](managing-the-agpm-service.md).
 
-     
+     
 
 ### Additional references
 
 -   [Managing the AGPM Service](managing-the-agpm-service.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
index 4bb0a1432b..b41ee4e572 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
@@ -1,8 +1,11 @@
 ---
 title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5
 description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 454298c9-0fab-497a-9808-c0246a4c8db5
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -65,7 +68,7 @@ Archives cannot be migrated from an AGPM Server or a GPOVault Server running Win
 
 For Windows Server 2003, if GPOVault Server is installed on the computer on which you want to install AGPM Server, it is recommended that you do not uninstall GPOVault Server before beginning the installation. The installation of AGPM Server will uninstall GPOVault Server and automatically transfer your existing GPOVault archive data to an AGPM archive.
 
- 
+ 
 
 ### AGPM Client requirements
 
@@ -78,16 +81,16 @@ Before you begin this scenario, create four user accounts. During the scenario,
 **Note**  
 **Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts with the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which to assign the permission.
 
- 
+ 
 
 For this scenario, you perform actions with different accounts. You can either log on with each account as indicated, or you can use the **Run as** command to start the GPMC with the indicated account.
 
 **Note**  
 To use the **Run as** command with GPMC on Windows Server 2003, click **Start**, point to **Administrative Tools**, right-click **Group Policy Management**, and click **Run as**. Click **The following user** and enter credentials for an account.
 
-To use the **Run as** command with GPMC on Windows Vista, click the **Start** button, point to **Run**, and type **runas /user:***DomainName\\UserName***"mmc %windir%\\system32\\gpmc.msc"**, and click **OK**. Type the password for the account when prompted.
+To use the **Run as** command with GPMC on Windows Vista, click the **Start** button, point to **Run**, and type **runas /user:**DomainName\\UserName**"mmc %windir%\\system32\\gpmc.msc"**, and click **OK**. Type the password for the account when prompted.
 
- 
+ 
 
 ## Steps for installing and configuring AGPM
 
@@ -131,7 +134,7 @@ In this step, you install AGPM Server on the member server or domain controller
     **Caution**  
     Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. For information on how to modify settings for the service, see Help for Advanced Group Policy Management.
 
-     
+     
 
 ### Step 2: Install AGPM Client
 
@@ -208,12 +211,12 @@ As an AGPM Administrator (Full Control), you delegate domain-level access to GPO
 **Note**  
 You can also delegate access at the GPO level rather than the domain level. For details, see Help for Advanced Group Policy Management.
 
- 
+ 
 
 **Important**  
 You should restrict membership in the Group Policy Creator Owners group, so it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
 
- 
+ 
 
 **To delegate access to all GPOs throughout a domain**
 
@@ -509,7 +512,7 @@ Occasionally you may discover after deleting a GPO that it is still needed. In t
     **Note**  
     Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3).
 
-     
+     
 
 After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to a previous version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made.
 
@@ -526,11 +529,11 @@ After editing and deploying a GPO, you may discover that recent changes to the G
     **Note**  
     To verify that the version that has been redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**.
 
-     
+     
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
index f240a50bb0..d593fc9011 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
@@ -1,8 +1,11 @@
 ---
 title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0
 description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d067f465-d7c8-4f6d-b311-66b9b06874f7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -53,7 +56,7 @@ Computers on which you want to install AGPM must meet the following requirements
 **Note**  
 If you have AGPM 2.5 installed and are upgrading from Windows Server® 2003 to Windows Server 2008 or Windows Vista® with no service packs installed to Windows Vista with Service Pack 1, you must upgrade the operating system before you can upgrade to AGPM 3.0.
 
- 
+ 
 
 ### AGPM Server requirements
 
@@ -102,7 +105,7 @@ Before you begin this scenario, create four user accounts. During the scenario,
 **Note**  
 **Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts with the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which to assign the permission.
 
- 
+ 
 
 ## Steps for installing and configuring AGPM
 
@@ -150,7 +153,7 @@ In this step, you install AGPM Server on the member server or domain controller
     **Caution**  
     Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. For information on how to modify settings for the service, see Help for Advanced Group Policy Management.
 
-     
+     
 
 ### Step 2: Install AGPM Client
 
@@ -217,12 +220,12 @@ As an AGPM Administrator (Full Control), you delegate domain-level access to GPO
 **Note**  
 You can also delegate access at the GPO level rather than the domain level. For details, see Help for Advanced Group Policy Management.
 
- 
+ 
 
 **Important**  
 You should restrict membership in the Group Policy Creator Owners group, so it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
 
- 
+ 
 
 **To delegate access to all GPOs throughout a domain**
 
@@ -345,31 +348,31 @@ In this step, you act as an Approver, creating reports and analyzing the setting
 
 **To review settings in the GPO**
 
-1.  On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. (Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.)
+1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. (Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.)
 
-2.  Open the e-mail inbox for the account and note that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO.
+2. Open the e-mail inbox for the account and note that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO.
 
-3.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
 
-4.  On the **Contents** tab in the details pane, click the **Pending** tab.
+4. On the **Contents** tab in the details pane, click the **Pending** tab.
 
-5.  Double-click **MyGPO** to display its history.
+5. Double-click **MyGPO** to display its history.
 
-6.  Review the settings in the most recent version of MyGPO:
+6. Review the settings in the most recent version of MyGPO:
 
-    1.  In the **History** window, right-click the GPO version with the most recent timestamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings.
+   1.  In the **History** window, right-click the GPO version with the most recent timestamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings.
 
-    2.  In the Web browser, click **show all** to display all of the settings in the GPO. Close the browser.
+   2.  In the Web browser, click **show all** to display all of the settings in the GPO. Close the browser.
 
-7.  Compare the most recent version of MyGPO to the first version checked in to the archive:
+7. Compare the most recent version of MyGPO to the first version checked in to the archive:
 
-    1.  In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and click the oldest GPO version for which the **Computer Version** is not **\***.
+   1. In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and click the oldest GPO version for which the **Computer Version** is not **\\***.
 
-    2.  Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**, indicating that this setting is configured only in the latter version of the GPO.
+   2. Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**, indicating that this setting is configured only in the latter version of the GPO.
 
-    3.  Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO.
+   3. Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO.
 
-    4.  Close the Web browser.
+   4. Close the Web browser.
 
 **To deploy the GPO to the production environment**
 
@@ -498,7 +501,7 @@ Occasionally you may discover after deleting a GPO that it is still needed. In t
     **Note**  
     Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3).
 
-     
+     
 
 After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to a previous version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made.
 
@@ -515,11 +518,11 @@ After editing and deploying a GPO, you may discover that recent changes to the G
     **Note**  
     To verify that the version that has been redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**.
 
-     
+     
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
index a2a8a06001..dc69096e0f 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
@@ -1,8 +1,11 @@
 ---
 title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0
 description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: dc6f9b16-b1d4-48f3-88bb-f29301f0131c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -57,7 +60,7 @@ If you have AGPM 2.5 installed and are upgrading from Windows Server® 2003 to
 
 If you have AGPM 3.0 installed, you do not have to upgrade the operating system before you upgrade to AGPM 4.0
 
- 
+ 
 
 In a mixed environment that includes both newer and older operating systems, there are some limitations to functionality, as indicated in the following table.
 
@@ -98,7 +101,7 @@ In a mixed environment that includes both newer and older operating systems, the
 
 
 
- 
+ 
 
 ### AGPM Server requirements
 
@@ -159,7 +162,7 @@ Before you begin this scenario, create four user accounts. During the scenario,
 **Note**  
 **Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts that have the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which you want to assign the permission.
 
- 
+ 
 
 ## Steps for installing and configuring AGPM
 
@@ -219,7 +222,7 @@ In this step, you install AGPM Server on the member server or domain controller
     **Caution**  
     Do not change settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing this can prevent the AGPM Service from starting. For information about how to change settings for the service, see Help for Advanced Group Policy Management.
 
-     
+     
 
 ### Step 2: Install AGPM Client
 
@@ -286,12 +289,12 @@ As an AGPM Administrator (Full Control), you delegate domain-level access to GPO
 **Note**  
 You can also delegate access at the GPO level instead of the domain level. For more information, see Help for Advanced Group Policy Management.
 
- 
+ 
 
 **Important**  
 You should restrict membership in the Group Policy Creator Owners group so that it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
 
- 
+ 
 
 **To delegate access to all GPOs throughout a domain**
 
@@ -414,31 +417,31 @@ In this step, you act as an Approver, creating reports and analyzing the setting
 
 **To review settings in the GPO**
 
-1.  On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Approver in AGPM. Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.
+1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Approver in AGPM. Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.
 
-2.  Open the e-mail inbox for the account and notice that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO.
+2. Open the e-mail inbox for the account and notice that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO.
 
-3.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
 
-4.  On the **Contents** tab in the details pane, click the **Pending** tab.
+4. On the **Contents** tab in the details pane, click the **Pending** tab.
 
-5.  Double-click **MyGPO** to display its history.
+5. Double-click **MyGPO** to display its history.
 
-6.  Review the settings in the most recent version of MyGPO:
+6. Review the settings in the most recent version of MyGPO:
 
-    1.  In the **History** window, right-click the GPO version with the most recent time stamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings.
+   1.  In the **History** window, right-click the GPO version with the most recent time stamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings.
 
-    2.  In the Web browser, click **show all** to display all the settings in the GPO. Close the browser.
+   2.  In the Web browser, click **show all** to display all the settings in the GPO. Close the browser.
 
-7.  Compare the most recent version of MyGPO to the first version checked in to the archive:
+7. Compare the most recent version of MyGPO to the first version checked in to the archive:
 
-    1.  In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and then click the oldest GPO version for which the **Computer Version** is not **\***.
+   1. In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and then click the oldest GPO version for which the **Computer Version** is not **\\***.
 
-    2.  Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**. This indicates that the setting is configured only in the latter version of the GPO.
+   2. Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**. This indicates that the setting is configured only in the latter version of the GPO.
 
-    3.  Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO.
+   3. Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO.
 
-    4.  Close the Web browser.
+   4. Close the Web browser.
 
 **To deploy the GPO to the production environment**
 
@@ -567,7 +570,7 @@ Occasionally you may discover after you delete a GPO that it is still needed. In
     **Note**  
     Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3).
 
-     
+     
 
 After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to an earlier version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made.
 
@@ -584,11 +587,11 @@ After editing and deploying a GPO, you may discover that recent changes to the G
     **Note**  
     To verify that the version that was redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**.
 
-     
+     
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/technical-overview-of-agpm.md b/mdop/agpm/technical-overview-of-agpm.md
index 7fe3c69409..9f7a7d14d8 100644
--- a/mdop/agpm/technical-overview-of-agpm.md
+++ b/mdop/agpm/technical-overview-of-agpm.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Overview of AGPM
 description: Technical Overview of AGPM
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 36bc0ab5-f752-474c-8559-721ea95169c2
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -98,7 +101,7 @@ Table 1 describes both the items that AGPM installs or creates and the parts of
 
 
 
- 
+ 
 
 ### Additional references
 
@@ -116,7 +119,7 @@ The gpostate.xml file records the state of each GPO in the archive. The file is
 **Caution**  
 Do not manually edit gpostate.xml or the GPOs the archive contains. This information is provided only to enhance understanding of the AGPM archive. Instead, use the AGPM snap-in to change GPOs.
 
- 
+ 
 
 When AGPM creates the archive, it gives Full Control to SYSTEM, Administrators, and the AGPM Service Account (specified in the setup of AGPM Server). Changing permissions by using the AGPM user interface on the AGPM snap-in does not alter permissions on the archive, because the AGPM Service Account performs all operations on behalf of the logged-on user.
 
@@ -258,22 +261,22 @@ AGPM gives AGPM Administrators the flexibility to configure permissions at a mor
 
 
 
- 
+ 
 
 **Note**  
 **Export GPO** and **Import GPO** permissions are not available in AGPM 3.0 or 2.5.
 
 The ability to delegate access to GPOs in the production environment for a domain and the ability to limit the number of GPO versions stored are not available in AGPM 2.5.
 
- 
+ 
 
 ### Additional references
 
 For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/template-commands-agpm30ops.md b/mdop/agpm/template-commands-agpm30ops.md
index 66b4332721..d0d078ee41 100644
--- a/mdop/agpm/template-commands-agpm30ops.md
+++ b/mdop/agpm/template-commands-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Template Commands
 description: Template Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 2ec11b3f-0c5c-4788-97bd-bd4bf64ba51a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -27,7 +30,7 @@ Because a template cannot be altered, templates have no history. However, like a
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable.
 
@@ -53,7 +56,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Reports
 
@@ -81,7 +84,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Template management
 
@@ -113,7 +116,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Miscellaneous
 
@@ -141,7 +144,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ### Additional references
 
@@ -151,9 +154,9 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 -   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/template-commands-agpm40.md b/mdop/agpm/template-commands-agpm40.md
index ef54dd6dfa..ab77542a14 100644
--- a/mdop/agpm/template-commands-agpm40.md
+++ b/mdop/agpm/template-commands-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Template Commands
 description: Template Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 243a9b18-bf3f-44fa-94d7-5c793f7322da
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -27,7 +30,7 @@ Because a template cannot be altered, templates have no history. However, like a
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable.
 
@@ -53,7 +56,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Reports
 
@@ -81,7 +84,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Template management
 
@@ -113,7 +116,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Miscellaneous
 
@@ -141,7 +144,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ### Additional references
 
@@ -151,9 +154,9 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 -   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/templates-tab.md b/mdop/agpm/templates-tab.md
index 5185339d76..6c6a7e617d 100644
--- a/mdop/agpm/templates-tab.md
+++ b/mdop/agpm/templates-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Templates Tab
 description: Templates Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 5676e9f9-eb52-49e1-a55d-15c1059af368
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -27,7 +30,7 @@ Because a template cannot be altered, templates have no history. However, like a
 **Note**  
 A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
 
- 
+ 
 
 Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable.
 
@@ -53,7 +56,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Reports
 
@@ -81,7 +84,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Template management
 
@@ -113,7 +116,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ## Miscellaneous
 
@@ -141,7 +144,7 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 
 
- 
+ 
 
 ### Additional references
 
@@ -151,9 +154,9 @@ Right-clicking the **Group Policy Objects** list on this tab displays a shortcut
 
 -   [Performing Reviewer Tasks](performing-reviewer-tasks.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md b/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md
index 005d631176..7eebcfe46c 100644
--- a/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md
+++ b/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Test a GPO in a Separate Organizational Unit
 description: Test a GPO in a Separate Organizational Unit
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 9a9e6d22-74e6-41d8-ac2f-12a1b76ad5a0
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md
index 9a27501a70..9cfdbb49f9 100644
--- a/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md
+++ b/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Advanced Group Policy Management
 description: Troubleshooting Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f7ece97c-e9f8-4b18-8c7a-a615c98d5c60
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/troubleshooting-advanced-group-policy-management.md b/mdop/agpm/troubleshooting-advanced-group-policy-management.md
index dbd8c55459..17e6a15981 100644
--- a/mdop/agpm/troubleshooting-advanced-group-policy-management.md
+++ b/mdop/agpm/troubleshooting-advanced-group-policy-management.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Advanced Group Policy Management
 description: Troubleshooting Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: f58849cf-6c5b-44d8-b356-0ed7a5b24cee
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/troubleshooting-agpm-agpm40.md b/mdop/agpm/troubleshooting-agpm-agpm40.md
index 79b3dd25fd..a714041c6c 100644
--- a/mdop/agpm/troubleshooting-agpm-agpm40.md
+++ b/mdop/agpm/troubleshooting-agpm-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting AGPM
 description: Troubleshooting AGPM
-author: jamiejdt
+author: mjcaparas
 ms.assetid: bedcd817-beb2-47bf-aebd-e3923c4fd06f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md b/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md
index 99d8023d4d..63d79386b6 100644
--- a/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md
+++ b/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Uncontrolled GPO Commands
 description: Uncontrolled GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 94c07b09-cb96-4ff2-b963-b25f103e73e9
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/uncontrolled-gpo-commands-agpm40.md b/mdop/agpm/uncontrolled-gpo-commands-agpm40.md
index 7f1d842e74..81b96fa77a 100644
--- a/mdop/agpm/uncontrolled-gpo-commands-agpm40.md
+++ b/mdop/agpm/uncontrolled-gpo-commands-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: Uncontrolled GPO Commands
 description: Uncontrolled GPO Commands
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 05a8050f-adc3-465b-8524-bbe95745165c
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/uncontrolled-tab.md b/mdop/agpm/uncontrolled-tab.md
index bc66a72df2..92f967b4c2 100644
--- a/mdop/agpm/uncontrolled-tab.md
+++ b/mdop/agpm/uncontrolled-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Uncontrolled Tab
 description: Uncontrolled Tab
-author: jamiejdt
+author: mjcaparas
 ms.assetid: d7e658bf-a72b-4813-bdc8-2fdb7251e742
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/use-a-test-environment-agpm30ops.md b/mdop/agpm/use-a-test-environment-agpm30ops.md
index 448a6a6979..02be96d42b 100644
--- a/mdop/agpm/use-a-test-environment-agpm30ops.md
+++ b/mdop/agpm/use-a-test-environment-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: Use a Test Environment
 description: Use a Test Environment
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 86295084-b39e-4040-bb3f-15c3c1e99b1a
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/use-a-test-environment.md b/mdop/agpm/use-a-test-environment.md
index a7ebad6170..42f74a29ce 100644
--- a/mdop/agpm/use-a-test-environment.md
+++ b/mdop/agpm/use-a-test-environment.md
@@ -1,8 +1,11 @@
 ---
 title: Use a Test Environment
 description: Use a Test Environment
-author: jamiejdt
+author: mjcaparas
 ms.assetid: b8d7b3ee-030a-4b5b-8223-4a3276fd47a7
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md
index 8cad21f079..1fc220154a 100644
--- a/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md
+++ b/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md
@@ -1,8 +1,11 @@
 ---
 title: User Interface Advanced Group Policy Management
 description: User Interface Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 19aab694-8283-4d97-9425-1845404b461f
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md b/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md
index 6b1b40ac33..db917b9080 100644
--- a/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md
+++ b/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md
@@ -1,8 +1,11 @@
 ---
 title: User Interface Advanced Group Policy Management
 description: User Interface Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 1bf67f6a-4f24-4020-a8c1-fe440de9caa3
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/user-interface-advanced-group-policy-management.md b/mdop/agpm/user-interface-advanced-group-policy-management.md
index a4ee48001a..2ab508b6ad 100644
--- a/mdop/agpm/user-interface-advanced-group-policy-management.md
+++ b/mdop/agpm/user-interface-advanced-group-policy-management.md
@@ -1,8 +1,11 @@
 ---
 title: User Interface Advanced Group Policy Management
 description: User Interface Advanced Group Policy Management
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 73324c99-adca-46dc-b516-ef78b7235f59
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/using-a-test-environment.md b/mdop/agpm/using-a-test-environment.md
index 8cda60da55..0b9b47d7e4 100644
--- a/mdop/agpm/using-a-test-environment.md
+++ b/mdop/agpm/using-a-test-environment.md
@@ -1,8 +1,11 @@
 ---
 title: Using a Test Environment
 description: Using a Test Environment
-author: jamiejdt
+author: mjcaparas
 ms.assetid: fc5fcc7c-1ac8-483a-a6bd-2279ae2ee3fb
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,11 +28,11 @@ Before you request that a Group Policy Object (GPO) be deployed to the productio
 **Note**  
 You can also import a GPO from the production environment of the domain. For more information, see [Import a GPO from Production](import-a-gpo-from-production-agpm40-ed.md).
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/agpm/whats-new-in-agpm-30.md b/mdop/agpm/whats-new-in-agpm-30.md
index d2e95ce243..5d83cee0ba 100644
--- a/mdop/agpm/whats-new-in-agpm-30.md
+++ b/mdop/agpm/whats-new-in-agpm-30.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in AGPM 3.0
 description: What's New in AGPM 3.0
-author: jamiejdt
+author: mjcaparas
 ms.assetid: 0d082b86-63c5-45ce-9529-6e5f37254f9d
+ms.reviewer: 
+manager: dansimp
+ms.author: macapara
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp1.md b/mdop/agpm/whats-new-in-agpm-40-sp1.md
index d4995121dc..6151532df1 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp1.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in AGPM 4.0 SP1
 description: What's New in AGPM 4.0 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: c6a3d94a-13c3-44e6-a466-c3011879999e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp2.md b/mdop/agpm/whats-new-in-agpm-40-sp2.md
index e0d49899be..407487d485 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp2.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in AGPM 4.0 SP2
 description: What's New in AGPM 4.0 SP2
-author: jamiejdt
+author: dansimp
 ms.assetid: 5c0dcab4-f27d-4153-8b8e-b280b080be51
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md
index 45c3c62588..4e65034c54 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp3.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in AGPM 4.0 SP3
 description: What's New in AGPM 4.0 SP3
-author: jamiejdt
+author: dansimp
 ms.assetid: df495d55-9fbf-4f7e-a7af-3905f4f8790e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/agpm/whats-new-in-agpm-40.md b/mdop/agpm/whats-new-in-agpm-40.md
index a194d9f799..280c395196 100644
--- a/mdop/agpm/whats-new-in-agpm-40.md
+++ b/mdop/agpm/whats-new-in-agpm-40.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in AGPM 4.0
 description: What's New in AGPM 4.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 31775f7f-a59c-4e64-a875-0adc9f5bc835
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
index e482e17d1e..1b90836822 100644
--- a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
+++ b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V Package Accelerators (App-V 4.6 SP1)
 description: About App-V Package Accelerators (App-V 4.6 SP1)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: fc2d2375-8f17-4a6d-b374-771cb947cb8c
+ms.reviewer: 
+manager: dansimp
+ms.author: manikadhiman
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,14 +22,14 @@ You can use App-V Package Accelerators to automatically sequence large, complex
 **Note**  
 In some cases, you are prompted to install an application locally to the computer running the App-V Sequencer before you can use the Package Accelerator. If you have to install an application, you must install the application to the application’s default location. This installation is not monitored by App-V Sequencer. When the App-V Package Accelerator is created, the author of the Package Accelerator determines whether to install an application locally is required.
 
- 
+ 
 
 App-V Sequencer extracts the required files from the App-V Package Accelerator and associated installation media to create a virtual package without having to monitor the installation of the application.
 
 **Important**  
 Disclaimer: The Microsoft Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer.
 
- 
+ 
 
 App-V Package Accelerators and project templates differ from each other. Package Accelerators are application-specific. Project templates enable users to save commonly used settings specific to an organization and apply them to multiple applications. You can also create project templates at the command prompt, while in contrast, you must use the App-V Sequencer console to create Package Accelerators. Additionally, creating a package by using a Package Accelerator and applying a project template is not supported.
 
@@ -57,9 +60,9 @@ Always save App-V Package Accelerators and any associated installation media in
 
 [How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-application-licensing.md b/mdop/appv-v4/about-application-licensing.md
index ca7bdd05d0..323ddc8447 100644
--- a/mdop/appv-v4/about-application-licensing.md
+++ b/mdop/appv-v4/about-application-licensing.md
@@ -1,8 +1,11 @@
 ---
 title: About Application Licensing
 description: About Application Licensing
-author: jamiejdt
+author: dansimp
 ms.assetid: 6b487641-1627-4e91-b829-04f001008176
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-application-virtualization-applications.md b/mdop/appv-v4/about-application-virtualization-applications.md
index b46e61da80..bcde0caabe 100644
--- a/mdop/appv-v4/about-application-virtualization-applications.md
+++ b/mdop/appv-v4/about-application-virtualization-applications.md
@@ -1,8 +1,11 @@
 ---
 title: About Application Virtualization Applications
 description: About Application Virtualization Applications
-author: jamiejdt
+author: dansimp
 ms.assetid: 3bf833b7-d172-4eef-a9e8-4b4f0c7eb15b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-application-virtualization-packages.md b/mdop/appv-v4/about-application-virtualization-packages.md
index 23b3f2f6dd..cc5664e576 100644
--- a/mdop/appv-v4/about-application-virtualization-packages.md
+++ b/mdop/appv-v4/about-application-virtualization-packages.md
@@ -1,8 +1,11 @@
 ---
 title: About Application Virtualization Packages
 description: About Application Virtualization Packages
-author: jamiejdt
+author: dansimp
 ms.assetid: 69bd35c1-7af3-43db-931b-3074780aa926
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-application-virtualization-servers.md b/mdop/appv-v4/about-application-virtualization-servers.md
index c0dcb517c7..241dbca298 100644
--- a/mdop/appv-v4/about-application-virtualization-servers.md
+++ b/mdop/appv-v4/about-application-virtualization-servers.md
@@ -1,8 +1,11 @@
 ---
 title: About Application Virtualization Servers
 description: About Application Virtualization Servers
-author: jamiejdt
+author: dansimp
 ms.assetid: 60a45509-2112-44ca-8e28-c73b0c2ff85e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ You can also stream applications to clients from Application Virtualization Stre
 
 You can stream applications to the client directly from a file or disk. Some application virtualization deployment scenarios, which are characterized by low or unreliable connectivity or where bandwidth is limited, are ideally suited for streaming from file or disk.
 
- 
+ 
 
 One or more Application Virtualization Management Servers that share a single data store make up an *Application Virtualization system*.
 
@@ -34,9 +37,9 @@ One or more Application Virtualization Management Servers that share a single da
 
 [How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
index 32ea80d6fb..2ece8bb435 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.5 SP1
 description: About Microsoft Application Virtualization 4.5 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: f5dcff12-5956-41ef-bc36-b59200f90807
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
index 54fb77e2d7..6e0135e762 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.5 SP2
 description: About Microsoft Application Virtualization 4.5 SP2
-author: jamiejdt
+author: dansimp
 ms.assetid: c498adbe-e331-42c8-99fe-29623fae2345
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45.md b/mdop/appv-v4/about-microsoft-application-virtualization-45.md
index 5f8e44147c..6747f077ed 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.5
 description: About Microsoft Application Virtualization 4.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 39f45a6f-ac55-4fd7-8a83-865e1a7034f8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md
index dddea4565c..aa774f657e 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.6 SP1
 description: About Microsoft Application Virtualization 4.6 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: 20917eb6-c998-43f8-aefa-307eb322dc8d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
index 86ee3d3959..d11db11a1f 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.6 SP2
 description: About Microsoft Application Virtualization 4.6 SP2
-author: jamiejdt
+author: dansimp
 ms.assetid: 1429e314-9c38-472b-8687-3bed6cf0015c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft Application Virtualization (App-V) 4.6 SP2 provides several enhanceme
 **Caution**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+ 
 
 **Support for Windows 8 and Windows Server 2012**
 
@@ -58,12 +61,12 @@ Before launching the App-V Sequencer, create the following registry value under
 
 
 
- 
+ 
 
 **Note**  
 On a computer running a 64-bit operating system, create the registry value under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\Overrides.
 
- 
+ 
 
 For each OSD-file in your Adobe Reader X package, add the following items under the <POLICIES> element:
 
@@ -95,9 +98,9 @@ App-V 4.6 SP2 includes a rollup of fixes to address issues found since the App
 [App-V 4.6 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=267600)  
 Provides the most up-to-date information about known issues with App-V 4.6 SP2.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
index 19c1aefb73..5973540792 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.6 SP3
 description: About Microsoft Application Virtualization 4.6 SP3
-author: jamiejdt
+author: dansimp
 ms.assetid: a6374fb0-1dfa-41f7-9a6a-3d2688492a8b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46.md b/mdop/appv-v4/about-microsoft-application-virtualization-46.md
index c926dd4276..394b921628 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46.md
@@ -1,8 +1,11 @@
 ---
 title: About Microsoft Application Virtualization 4.6
 description: About Microsoft Application Virtualization 4.6
-author: jamiejdt
+author: dansimp
 ms.assetid: 34150f34-ee74-45a6-957e-9ea6c5a497de
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,7 +32,7 @@ Microsoft Application Virtualization (App-V) 4.6 provides the following enhancem
 **Note**  
 The App-V Management Server and Streaming Server have not been updated to version 4.6. Until they are updated, use App-V Management Server and Streaming Server 4.5 with the most recent service pack.
 
- 
+ 
 
 ## In This Section
 
@@ -37,9 +40,9 @@ The App-V Management Server and Streaming Server have not been updated to versio
 [App-V 4.6 Release Notes](app-v-46-release-notes.md)  
 Provides the most up-to-date information about known issues with Microsoft Application Virtualization (App-V) 4.6.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-publishing.md b/mdop/appv-v4/about-publishing.md
index 32272189cb..54ba36cfd3 100644
--- a/mdop/appv-v4/about-publishing.md
+++ b/mdop/appv-v4/about-publishing.md
@@ -1,8 +1,11 @@
 ---
 title: About Publishing
 description: About Publishing
-author: jamiejdt
+author: dansimp
 ms.assetid: 295074d7-123f-4740-b938-e4a371ee72fd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can centrally manage publishing applications to the Application Virtualizati
 **Note**  
 Before the client can refresh the publishing information, the client must know about the Application Virtualization Management Server. You configure the client with the necessary information about the server when you install the client.
 
- 
+ 
 
 When a client contacts the server for application publishing information, the server provides the client with the list of applications that the user has permission to access and the location of the corresponding Open Software Descriptor (OSD) files. The server also provides the relevant information about icons, file type associations, and shortcuts.
 
@@ -30,9 +33,9 @@ When a client contacts the server for application publishing information, the se
 
 [About Application Virtualization Applications](about-application-virtualization-applications.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-sequencing-phases.md b/mdop/appv-v4/about-sequencing-phases.md
index ab2f3e3551..78f1f65733 100644
--- a/mdop/appv-v4/about-sequencing-phases.md
+++ b/mdop/appv-v4/about-sequencing-phases.md
@@ -1,8 +1,11 @@
 ---
 title: About Sequencing Phases
 description: About Sequencing Phases
-author: jamiejdt
+author: dansimp
 ms.assetid: c1cb7b6c-204c-48f2-848c-4bd5a3d5ecb6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ The four phases to sequencing an application and creating a virtual application
     **Important**  
     To view the advanced options select **Show Advanced Monitoring Options** on the **Package Information** page.
 
-     
+     
 
 2.  **Launch phase**—During the launch phase, you can specify any required file associations and security descriptors that should be configured with the package. You should open the application as many times as necessary to ensure application functionality and stability.
 
@@ -36,9 +39,9 @@ The four phases to sequencing an application and creating a virtual application
 
 [Application Virtualization Sequencer](application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-sharing-package-accelerators-page.md b/mdop/appv-v4/about-sharing-package-accelerators-page.md
index b261087e23..c8cf061993 100644
--- a/mdop/appv-v4/about-sharing-package-accelerators-page.md
+++ b/mdop/appv-v4/about-sharing-package-accelerators-page.md
@@ -1,8 +1,11 @@
 ---
 title: About Sharing Package Accelerators Page
 description: About Sharing Package Accelerators Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 9630cde0-e2c3-476f-8fa1-58b3c9f7d3f7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-application-virtualization-sequencer.md b/mdop/appv-v4/about-the-application-virtualization-sequencer.md
index 06e0049a02..139afed1b7 100644
--- a/mdop/appv-v4/about-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/about-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: About the Application Virtualization Sequencer
 description: About the Application Virtualization Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: bee193ca-58bd-40c9-b41a-310435633895
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Microsoft Application Virtualization (App-V) Sequencer monitors and records
 **Important**  
 To run a virtual application package the target computer must be running the appropriate version of the App-V client.
 
- 
+ 
 
 Virtual application packages run on target computers without interacting with the underlying operating system on the target computer because each application runs in a virtual environment and is isolated from other applications that are installed or running on the target computer. This isolation can reduce application conflicts and can help decrease the required amount of application pre-deployment testing.
 
@@ -80,16 +83,16 @@ The App-V Sequencer runs all services detected at sequencing time using the Loca
 **Important**  
 You should always save virtual application packages in a secure location.
 
- 
+ 
 
 ## Related topics
 
 
 [Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-the-application-virtualization-server-management-console.md b/mdop/appv-v4/about-the-application-virtualization-server-management-console.md
index 414e83ae8b..eb23af68bb 100644
--- a/mdop/appv-v4/about-the-application-virtualization-server-management-console.md
+++ b/mdop/appv-v4/about-the-application-virtualization-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: About the Application Virtualization Server Management Console
 description: About the Application Virtualization Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 108d0e4b-08fa-47b4-a737-d2c36c2641de
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-deployment-tab.md b/mdop/appv-v4/about-the-deployment-tab.md
index cfb1590eef..ecd0dce407 100644
--- a/mdop/appv-v4/about-the-deployment-tab.md
+++ b/mdop/appv-v4/about-the-deployment-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Deployment Tab
 description: About the Deployment Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 12891798-baa4-45a5-b845-b9505ab95633
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -47,16 +50,15 @@ Use the **Server URL** controls to specify the virtual application server config
 
          Hostname
          
 
          Enables you to select the virtual application server or the load balancer in front of a group of virtual application servers that will stream the software package to an Application Virtualization Desktop Client. You must complete this item to create a sequenced application package, but you can change from the default %SFT_SOFTGRIDSERVER% environment variable to the actual hostname or IP address of a virtual application server.
          
 
          
-Note  
-
          If you choose not to specify a static hostname or IP address, on each Application Virtualization Desktop Client you must set up an environment variable called SFT_SOFTGRIDSERVER. Its value must be the hostname or IP address of the virtual application server or load balancer that is this client's source of applications. You should make this environment variable a system variable rather than a user variable. Any Application Virtualization Desktop Client session that is running on this computer during your assignment of this variable must be closed and then opened so that the resumed session will be aware of its new application source.
          
+Note
          If you choose not to specify a static hostname or IP address, on each Application Virtualization Desktop Client you must set up an environment variable called SFT_SOFTGRIDSERVER. Its value must be the hostname or IP address of the virtual application server or load balancer that is this client's source of applications. You should make this environment variable a system variable rather than a user variable. Any Application Virtualization Desktop Client session that is running on this computer during your assignment of this variable must be closed and then opened so that the resumed session will be aware of its new application source.
          
 
          
 
          
- 
+
 
          
 
 
 
          Port
          
-
          Enables you to specify the port on which the virtual application server or the load balancer will listen for an Application Virtualization Desktop Client's request for the package. This information is required to create a package, but you can change it. The default port is 554.
          
+
          Enables you to specify the port on which the virtual application server or the load balancer will listen for an Application Virtualization Desktop Client's request for the package. This information is required to create a package, but you can change it. The default port is 554.
          
 
 
 
          Path
          
@@ -65,7 +67,7 @@ Use the **Server URL** controls to specify the virtual application server config
 
 
 
- 
+
 
 ## Operating Systems
 
@@ -95,7 +97,7 @@ Use the **Operating Systems** controls to specify the application's operating sy
 
 
 
- 
+
 
 ## Output Options
 
@@ -118,7 +120,7 @@ Use the **Output Options** controls to specify the output options for the applic
 
          Compression Algorithm
          
 
          Use to select the method for compressing the SFT file for streaming across a network. Select one of the following compression methods:
          
 
            
-
          • Compressed—Specifies that the SFT file be compressed in the [ZLIB](https://go.microsoft.com/fwlink/?LinkId=111475) format.
            • 
+
          • Compressed—Specifies that the SFT file be compressed in the ZLIB format.
            • 
 
          • Not Compressed—The default; specifies that the SFT file not be compressed.
            • 
 
          
 
@@ -133,7 +135,7 @@ Use the **Output Options** controls to specify the output options for the applic
 
 
 
- 
+
 
 ## Related topics
 
@@ -142,9 +144,9 @@ Use the **Output Options** controls to specify the output options for the applic
 
 [Sequencer Console](sequencer-console.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/about-the-files-tab.md b/mdop/appv-v4/about-the-files-tab.md
index 0d26f953e1..8d8c64dd8b 100644
--- a/mdop/appv-v4/about-the-files-tab.md
+++ b/mdop/appv-v4/about-the-files-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Files Tab
 description: About the Files Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 3c20e720-4b0f-465b-b7c4-3013dae1c815
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-osd-tab.md b/mdop/appv-v4/about-the-osd-tab.md
index 485ad0e842..6355f6a8a5 100644
--- a/mdop/appv-v4/about-the-osd-tab.md
+++ b/mdop/appv-v4/about-the-osd-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the OSD Tab
 description: About the OSD Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 7c78cd3a-91f2-4377-8c62-e52912906197
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-properties-tab.md b/mdop/appv-v4/about-the-properties-tab.md
index 36c2280463..60f67d1be8 100644
--- a/mdop/appv-v4/about-the-properties-tab.md
+++ b/mdop/appv-v4/about-the-properties-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Properties Tab
 description: About the Properties Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: a6cf6f51-3778-4c8d-9632-3af4005775d2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -66,7 +69,7 @@ Specifies the size of the primary and secondary feature blocks into which the SF
 **Note**  
 After the initial package has been created, the block size value is not changeable.
 
- 
+ 
 
 ## Related topics
 
@@ -75,9 +78,9 @@ After the initial package has been created, the block size value is not changeab
 
 [Sequencer Console](sequencer-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-the-sequencer-console.md b/mdop/appv-v4/about-the-sequencer-console.md
index 959177c046..836a438e18 100644
--- a/mdop/appv-v4/about-the-sequencer-console.md
+++ b/mdop/appv-v4/about-the-sequencer-console.md
@@ -1,8 +1,11 @@
 ---
 title: About the Sequencer Console
 description: About the Sequencer Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 36ecba89-a0f5-4d4d-981c-7f581aa43695
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-virtual-file-system-tab.md b/mdop/appv-v4/about-the-virtual-file-system-tab.md
index d77975980a..bd07a942c7 100644
--- a/mdop/appv-v4/about-the-virtual-file-system-tab.md
+++ b/mdop/appv-v4/about-the-virtual-file-system-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Virtual File System Tab
 description: About the Virtual File System Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 4d2e344d-3f3b-49fd-bbbd-fa5177e7af50
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-the-virtual-registry-tab.md b/mdop/appv-v4/about-the-virtual-registry-tab.md
index be0c2ef3e4..71e0e3aa94 100644
--- a/mdop/appv-v4/about-the-virtual-registry-tab.md
+++ b/mdop/appv-v4/about-the-virtual-registry-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Virtual Registry Tab
 description: About the Virtual Registry Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: ca8d837f-8218-4f86-95fd-13a44dccd022
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,9 +24,9 @@ You can also choose to ignore the hosting system’s keys by selecting **Overrid
 The changes to the virtual registry **Settings** tab affect applications that are part of the specific sequenced application package, but they do not affect the operation of other applications that are streamed to or locally installed on the Application Virtualization Desktop Client.
 
 **Note**  
-  Exercise caution when changing virtual registry keys and values. Changing these keys and values might render your sequenced application package inoperable.
+  Exercise caution when changing virtual registry keys and values. Changing these keys and values might render your sequenced application package inoperable.
 
- 
+ 
 
 The left pane of the **Virtual Registry** tab displays the full list of virtual registries created during the sequencing of an application.
 
@@ -49,9 +52,9 @@ Displays the file attributes.
 
 [Sequencer Console](sequencer-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-the-virtual-services-tab.md b/mdop/appv-v4/about-the-virtual-services-tab.md
index 51a8b03093..94b51a9dd2 100644
--- a/mdop/appv-v4/about-the-virtual-services-tab.md
+++ b/mdop/appv-v4/about-the-virtual-services-tab.md
@@ -1,8 +1,11 @@
 ---
 title: About the Virtual Services Tab
 description: About the Virtual Services Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: d31eea1b-9a37-42f1-8d7c-95881716e753
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/about-using-the-sequencer-command-line.md b/mdop/appv-v4/about-using-the-sequencer-command-line.md
index d6baafcffd..844d28f414 100644
--- a/mdop/appv-v4/about-using-the-sequencer-command-line.md
+++ b/mdop/appv-v4/about-using-the-sequencer-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: About Using the Sequencer Command Line
 description: About Using the Sequencer Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: 0fd5f81b-17f9-4065-bce2-8785e8aac7c7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ You can use the command line to create sequenced application packages. Using the
 **Important**  
 Sequencing at the command prompt allows for default sequencing only. If you need to change default sequencing parameters, you must either manually modify a sequenced application package or re-sequence the application.
 
- 
+ 
 
 All subsequent modifications to existing sequenced application packages must be made using the sequencing wizard.
 
@@ -45,9 +48,9 @@ To sequence an application by using the command prompt, the following conditions
 
 [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/about-virtual-environments.md b/mdop/appv-v4/about-virtual-environments.md
index e24d538683..91448a0bbb 100644
--- a/mdop/appv-v4/about-virtual-environments.md
+++ b/mdop/appv-v4/about-virtual-environments.md
@@ -1,8 +1,11 @@
 ---
 title: About Virtual Environments
 description: About Virtual Environments
-author: jamiejdt
+author: dansimp
 ms.assetid: e03a8c72-56c1-4ae9-aa45-0283c50a154c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/add-app.md b/mdop/appv-v4/add-app.md
index b4c36d2e7f..56e1ff83ee 100644
--- a/mdop/appv-v4/add-app.md
+++ b/mdop/appv-v4/add-app.md
@@ -1,8 +1,11 @@
 ---
 title: ADD APP
 description: ADD APP
-author: jamiejdt
+author: dansimp
 ms.assetid: 329fd0c8-a795-49be-b0fd-1367c5b4a34b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -57,7 +60,7 @@ Adds an application record.
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -74,21 +77,21 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Note**  
 The resulting name of the application will be taken from the OSD file and not from the name provided in APP:<application>.
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/add-package.md b/mdop/appv-v4/add-package.md
index 5f9bb40898..58a1f87769 100644
--- a/mdop/appv-v4/add-package.md
+++ b/mdop/appv-v4/add-package.md
@@ -1,8 +1,11 @@
 ---
 title: ADD PACKAGE
 description: ADD PACKAGE
-author: jamiejdt
+author: dansimp
 ms.assetid: aa83928d-a234-4395-831e-2a7ef786ff53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/add-server.md b/mdop/appv-v4/add-server.md
index 15247ab378..3db501a538 100644
--- a/mdop/appv-v4/add-server.md
+++ b/mdop/appv-v4/add-server.md
@@ -1,8 +1,11 @@
 ---
 title: ADD SERVER
 description: ADD SERVER
-author: jamiejdt
+author: dansimp
 ms.assetid: 4be2ac2e-a410-4711-9f84-f305393c8fa7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/add-type.md b/mdop/appv-v4/add-type.md
index 9a1caa64af..804035833e 100644
--- a/mdop/appv-v4/add-type.md
+++ b/mdop/appv-v4/add-type.md
@@ -1,8 +1,11 @@
 ---
 title: ADD TYPE
 description: ADD TYPE
-author: jamiejdt
+author: dansimp
 ms.assetid: 8f1d3978-9977-4851-9f46-fee6aefa3535
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/administrators-node.md b/mdop/appv-v4/administrators-node.md
index 5755924b3b..4c36416137 100644
--- a/mdop/appv-v4/administrators-node.md
+++ b/mdop/appv-v4/administrators-node.md
@@ -1,8 +1,11 @@
 ---
 title: Administrators Node
 description: Administrators Node
-author: jamiejdt
+author: dansimp
 ms.assetid: 5f462a0d-af53-4464-9891-7b712193c7e8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/administrators-results-pane-columns.md b/mdop/appv-v4/administrators-results-pane-columns.md
index 4591905944..7a62f2ddf6 100644
--- a/mdop/appv-v4/administrators-results-pane-columns.md
+++ b/mdop/appv-v4/administrators-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Administrators Results Pane Columns
 description: Administrators Results Pane Columns
-author: jamiejdt
+author: dansimp
 ms.assetid: 2ac86625-15a8-471a-846b-a42eae37ed72
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/administrators-results-pane.md b/mdop/appv-v4/administrators-results-pane.md
index 1040b74560..8432b0e579 100644
--- a/mdop/appv-v4/administrators-results-pane.md
+++ b/mdop/appv-v4/administrators-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Administrators Results Pane
 description: Administrators Results Pane
-author: jamiejdt
+author: dansimp
 ms.assetid: 92f4f924-c73b-45d6-8905-26f0f30aa189
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md
index 72c631c464..055f74d65d 100644
--- a/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Antivirus Running Dialog Box (App-V 4.6 SP1)
 description: Antivirus Running Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: b720e308-8597-4470-a03e-fc36ffef84aa
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,16 +26,16 @@ Use the following procedure to stop the antivirus software from running during s
     **Important**  
     Remember to restart the antivirus software when you have finished sequencing the application.
 
-     
+     
 
 ## Related topics
 
 
 [Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md
index 5c6b89d307..dc5d8fafe0 100644
--- a/mdop/appv-v4/app-v-45-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 4.5 SP2 Release Notes
 description: App-V 4.5 SP2 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: 1b3a8a83-4523-4634-9f75-29bc22ca5815
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Important**  
 Read these Release Notes thoroughly before you install the Microsoft Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. These Release Notes contain information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative.
 
- 
+ 
 
 For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=184640) (https://go.microsoft.com/fwlink/?LinkId=184640).
 
@@ -81,7 +84,7 @@ Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client fo
 
 -   This step is not required if you are upgrading and have previously installed Dw20shared.msi.
 
- 
+ 
 
 ### Improving performance when sequencing the .NET Framework
 
@@ -209,9 +212,9 @@ Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and W
 
 All other trademarks are property of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-46-release-notes.md b/mdop/appv-v4/app-v-46-release-notes.md
index 073252ddf4..efa16e1ff9 100644
--- a/mdop/appv-v4/app-v-46-release-notes.md
+++ b/mdop/appv-v4/app-v-46-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 4.6 Release Notes
 description: App-V 4.6 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: a3eba129-edac-48bf-a933-3bf43a9873e5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Important**  
 Read these Release Notes thoroughly before you install the Microsoft Application Virtualization (App-V) Management System. These Release Notes contain information that you need to successfully install Application Virtualization (App-V) 4.6. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other App-V documentation, the latest change should be considered authoritative.
 
- 
+ 
 
 ## Protect Against Security Vulnerabilities and Viruses
 
@@ -40,7 +43,7 @@ WORKAROUND   Open the old package with either the App-V 4.5 SP1 Sequencer or
 **Note**  
 Alternatively, at the command prompt, the App-V Sequencer can generate the new .msi file by using the */OPEN* and */MSI* parameters, for example, `SFTSequencer /Open:”package.sprj” /MSI`. For more information, see [How to Upgrade a Virtual Application by Using the Command Line](how-to-upgrade-a-virtual-application-by-using-the-command-line.md).
 
- 
+ 
 
 ### Release Notes Copyright Information
 
@@ -56,9 +59,9 @@ Microsoft, Active Directory, ActiveSync, ActiveX, Excel, SQL Server, Windows, Wi
 
 All other trademarks are property of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-46-sp1-release-notes.md b/mdop/appv-v4/app-v-46-sp1-release-notes.md
index 157b875063..09ea6abd40 100644
--- a/mdop/appv-v4/app-v-46-sp1-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp1-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 4.6 SP1 Release Notes
 description: App-V 4.6 SP1 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: aeb6784a-864a-4f4e-976b-40c34dcfd8d6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Important**  
 Read these Release Notes thoroughly before you install the Microsoft Application Virtualization (App-V) Management System. These Release Notes contain information that helps you successfully install Application Virtualization (App-V) 4.6 SP1. This document contains information that is not available in the product documentation. If there is a difference between these Release Notes and other App-V documentation, the latest change should be considered authoritative.
 
- 
+ 
 
 ## Protect Against Security Vulnerabilities and Viruses
 
@@ -95,9 +98,9 @@ Microsoft, Active Directory, ActiveSync, ActiveX, Excel, SQL Server, Windows, Wi
 
 All other trademarks are property of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-46-sp2-release-notes.md b/mdop/appv-v4/app-v-46-sp2-release-notes.md
index 4078f1da7e..9da44bdde6 100644
--- a/mdop/appv-v4/app-v-46-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp2-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 4.6 SP2 Release Notes
 description: App-V 4.6 SP2 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: abb536f0-e187-4c5b-952a-f837abd10ad2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ We are interested in your feedback on App-V 4.6 SP2. You can send your feedbac
 **Note**  
 This email address is not a support channel, but your feedback will help us to plan future changes for our documentation and product releases.
 
- 
+ 
 
 For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
@@ -63,7 +66,7 @@ fsutil 8dot3name set Q: 0
 **Note**  
 You do not need to change this setting on the App-V client because the App-V file system properly handles short paths on Windows 8 or Windows Server 2012.
 
- 
+ 
 
 ###  App-V does not override the default handler for file type or protocol associations on Windows 8
 
@@ -101,9 +104,9 @@ Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Win
 
 [About Microsoft Application Virtualization 4.6 SP2](about-microsoft-application-virtualization-46-sp2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-46-sp3-release-notes.md b/mdop/appv-v4/app-v-46-sp3-release-notes.md
index 7544c3e742..7dc2b557c3 100644
--- a/mdop/appv-v4/app-v-46-sp3-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp3-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 4.6 SP3 Release Notes
 description: App-V 4.6 SP3 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: 206fadeb-59cc-47b4-836f-191ab1c27ff8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/app-v-application-wmi-class.md b/mdop/appv-v4/app-v-application-wmi-class.md
index 4b1cf3e3dd..7aae865573 100644
--- a/mdop/appv-v4/app-v-application-wmi-class.md
+++ b/mdop/appv-v4/app-v-application-wmi-class.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Application WMI Class
 description: App-V Application WMI Class
-author: jamiejdt
+author: dansimp
 ms.assetid: b79b0d5a-ba57-442f-8bb4-d7154fc056f9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/app-v-client-registry-values-sp1.md b/mdop/appv-v4/app-v-client-registry-values-sp1.md
index 883ac02651..59e5ac9ae5 100644
--- a/mdop/appv-v4/app-v-client-registry-values-sp1.md
+++ b/mdop/appv-v4/app-v-client-registry-values-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Client Registry Values
 description: App-V Client Registry Values
-author: jamiejdt
+author: dansimp
 ms.assetid: 46af5209-9762-47b9-afdb-9a2947e013f7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,12 +17,12 @@ ms.date: 08/30/2016
 # App-V Client Registry Values
 
 
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists all the Application Virtualization (App-V) client registry keys and explains their uses.
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists all the Application Virtualization (App-V) client registry keys and explains their uses.
 
-**Important**  
+**Important**  
 On a computer running a 64-bit operating system, the keys and values described in the following sections will be under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client.
 
- 
+
 
 ## Configuration Key
 
@@ -49,45 +52,44 @@ The following table provides information about the registry values associated wi
 
          Do not modify.
          
 
 
-
          Version 
          
-
          String 
          
-
          4.5.0.xxx 
          
-
          Do not modify. 
          
+
          Version 
          
+
          String 
          
+
          4.5.0.xxx 
          
+
          Do not modify. 
          
 
 
-
          Drivers 
          
-
          String 
          
-
          Sftfs.sys 
          
+
          Drivers 
          
+
          String 
          
+
          Sftfs.sys 
          
 
          If this key value is present, it contains the name of the driver that caused a stop error the last time the core was starting. After you have fixed the stop error, you must delete this key value so that sftlist can start.
          
 
 
-
          InstallPath 
          
-
          String 
          
+
          InstallPath 
          
+
          String 
          
 
          Default=C:\Program Files\Microsoft Application Virtualization Client
          
-
          The location where the client is installed. Do not modify. 
          
+
          The location where the client is installed. Do not modify. 
          
 
 
-
          LogFileName 
          
-
          String 
          
+
          LogFileName 
          
+
          String 
          
 
          Default=CSIDL_COMMON_APPDATA\Microsoft\Application Virtualization Client\sftlog.txt
          
 
          The path and name for the client log file.
          
 
          
-Note  
-
          If you are running an earlier version than App-V 4.6, SP1 and you modify the log file name or location, you must restart the sftlist service for the change to take effect.
          
+Note
          If you are running an earlier version than App-V 4.6, SP1 and you modify the log file name or location, you must restart the sftlist service for the change to take effect.
          
 
          
 
          
- 
+
 
          
 
          
 
 
-
          LogMinSeverity 
          
-
          DWORD 
          
+
          LogMinSeverity 
          
+
          DWORD 
          
 
          Default=4, Informational
          
 
          Controls which messages are written to the log. The value indicates a threshold of what is logged—everything less than or equal to that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.
          
 
          Value Range: 0x0 = None, 0x1 = Critical, 0x2 = Error, 0x3 = Warning, 0x4 = Information (Default), 0x5 = Verbose.
          
 
          The log level is configurable from the Application Virtualization (App-V) client console and from the command prompt. At a command prompt, the command sftlist.exe /verboselog will increase the log level to verbose. For more information on command-line details see
          
-
          https://go.microsoft.com/fwlink/?LinkId=141467https://go.microsoft.com/fwlink/?LinkId=141467
          
+
          https://go.microsoft.com/fwlink/?LinkId=141467https://go.microsoft.com/fwlink/?LinkId=141467
          
 
          .
          
 
 
@@ -128,31 +130,31 @@ The following table provides information about the registry values associated wi
 
          ApplicationSourceRoot
          
 
          String
          
 
          rtsps://mainserver:322/prodapps
          
-
          https://mainserver:443/prodapps
          
-
          file://\\uncserver\share\prodapps
          
-
          file://\\uncserver\share
          
+
          https://mainserver:443/prodapps
          
+
          file://\uncserver\share\prodapps
          
+
          file://\uncserver\share
          
 
          Enables an administrator or electronic software distribution (ESD) system to ensure application loading is performed according to the topology management scheme. Use this key value to override the OSD CODEBASE for the HREF element (for example, the source location) for an application. Application Source Root supports URLs and Universal Naming Convention (UNC) path formats.
          
-
          The correct format for the URL path is protocol://servername:[port][/path][/], where port and path are optional. If a port is not specified, the default port for the protocol is used. Only the protocol://server:port portion of the OSD URL is replaced. 
          
-
          The correct format for the UNC path is \\computername\sharefolder\[folder][\], where folder is optional. The computer name can be a fully qualified domain name (FQDN) or an IP address, and sharefolder can be a drive letter. Only the \\computername\sharefolder or drive letter portion of the OSD path is replaced. 
          
+
          The correct format for the URL path is protocol://servername:[port][/path][/], where port and path are optional. If a port is not specified, the default port for the protocol is used. Only the protocol://server:port portion of the OSD URL is replaced. 
          
+
          The correct format for the UNC path is \computername\sharefolder[folder][], where folder is optional. The computer name can be a fully qualified domain name (FQDN) or an IP address, and sharefolder can be a drive letter. Only the \computername\sharefolder or drive letter portion of the OSD path is replaced. 
          
 
 
 
          OSDSourceRoot
          
 
          String
          
-
          \\computername\sharefolder\resource
          
-
          \\computername\content
          
+
          \computername\sharefolder\resource
          
+
          \computername\content
          
 
          C:\foldername
          
-
          http://computername/productivity/
          
-
          https://computername/productivity/
          
+
          http://computername/productivity/
          
+
          https://computername/productivity/
          
 
          Enables an administrator to specify a source location for OSD file retrieval for a sequenced application package during publication. Acceptable formats for the OSDSourceRoot include UNC paths and URLs (http or https).
          
 
 
 
          IconSourceRoot
          
 
          String
          
-
          \\computername\sharefolder\resource
          
-
          \\computername\content
          
+
          \computername\sharefolder\resource
          
+
          \computername\content
          
 
          C:\foldername
          
-
          http://computername/productivity/
          
-
          https://computername/productivity/
          
+
          http://computername/productivity/
          
+
          https://computername/productivity/
          
 
          Enables an administrator to specify a source location for icon file retrieval for a sequenced application package during publication. Acceptable formats for the IconSourceRoot include UNC paths and URLs (http or https).
          
 
 
@@ -186,89 +188,89 @@ The following table provides information about the registry values associated wi
 
          Restart the sftlist service for the change to take effect.
          
 
 
-
          UserDataDirectory 
          
-
          String 
          
+
          UserDataDirectory 
          
+
          String 
          
 
          %APPDATA%
          
 
          Location where the icon cache and user settings are stored.
          
 
 
-
          GlobalDataDirectory 
          
-
          String 
          
-
          C:\Users\Public\Documents 
          
+
          GlobalDataDirectory 
          
+
          String 
          
+
          C:\Users\Public\Documents 
          
 
          Directory to use for global App-V data, including caches for OSD files, icon files, shortcut information, and SystemGuard resources such as .ini files.
          
 
 
-
          AllowCrashes 
          
-
          DWORD 
          
-
          0 or 1 
          
+
          AllowCrashes 
          
+
          DWORD 
          
+
          0 or 1 
          
 
          Default=0: A value of 0 means that the client tries to catch internal program exceptions so that other user applications can recover and continue when a crash happens. A value of 1 means that the client allows the internal program exceptions to occur so that they can be captured in a debugger.
          
 
 
-
          CoreInternalTimeout 
          
-
          DWORD 
          
+
          CoreInternalTimeout 
          
+
          DWORD 
          
 
          60
          
-
          Time-out in seconds for internal IPC requests between core and front-end. Do not modify. 
          
+
          Time-out in seconds for internal IPC requests between core and front-end. Do not modify. 
          
 
 
-
          DefaultSuiteCombineTime 
          
-
          DWORD 
          
+
          DefaultSuiteCombineTime 
          
+
          DWORD 
          
 
          10
          
-
          This value is used to indicate how soon after being started that a program can shut down and not generate any error messages when another application in the same suite is running. 
          
+
          This value is used to indicate how soon after being started that a program can shut down and not generate any error messages when another application in the same suite is running. 
          
 
 
-
          SerializedSuiteLaunchTimeout 
          
-
          DWORD 
          
+
          SerializedSuiteLaunchTimeout 
          
+
          DWORD 
          
 
          Default=60000
          
-
          Defines how long in milliseconds the client will wait as it tries to serialize program starts in the same suite. If the client times out, the program start will continue but it will not be serialized. 
          
+
          Defines how long in milliseconds the client will wait as it tries to serialize program starts in the same suite. If the client times out, the program start will continue but it will not be serialized. 
          
 
 
-
          ScriptTimeout 
          
-
          DWORD 
          
+
          ScriptTimeout 
          
+
          DWORD 
          
 
          300
          
-
          Default time-out in seconds for scripts in OSD file if WAIT=TRUE. You can specify per-script time-outs with TIMEOUT instead of WAIT. A value of 0 means no wait, and 0xFFFFFFFF means wait forever. 
          
+
          Default time-out in seconds for scripts in OSD file if WAIT=TRUE. You can specify per-script time-outs with TIMEOUT instead of WAIT. A value of 0 means no wait, and 0xFFFFFFFF means wait forever. 
          
 
 
-
          LaunchRecordLogPath 
          
-
          String 
          
+
          LaunchRecordLogPath 
          
+
          String 
          
 
          
 
          If, under either HKLM or HKCU, this value contains a valid path to a log file, SFTTray will write to this log when programs start, shut down, fail to launch, and enter or exit disconnected mode.
          
 
 
-
          LaunchRecordMask 
          
-
          DWORD 
          
+
          LaunchRecordMask 
          
+
          DWORD 
          
 
          0x1A (26) log launch errors and disconnected mode entry and exit activity.
          
 
          0x1F (31) logs everything.
          
-
          0x0 (0) logs nothing. 
          
+
          0x0 (0) logs nothing. 
          
 
          Specifies which of the five events are logged (bitmask values):
          
 
          1 for program starts
          
 
          2 for launch failure errors
          
 
          4 for shutdowns
          
 
          8 for entering disconnected mode
          
 
          16 for exiting disconnected mode to reconnect to a server
          
-
          Add any combination of those numbers to turn on the respective messages. Defaults to 0x1F if not in registry. 
          
+
          Add any combination of those numbers to turn on the respective messages. Defaults to 0x1F if not in registry. 
          
 
 
-
          LaunchRecordWriteTimeout 
          
-
          DWORD 
          
+
          LaunchRecordWriteTimeout 
          
+
          DWORD 
          
 
          Default=3000
          
 
          Specifies in milliseconds how long the tray will wait when trying to write to the launch record log if another process is using it.
          
 
 
-
          ImportSearchPath 
          
-
          String 
          
-
          d:\files\;C:\documents and settings\user1\SFTs 
          
+
          ImportSearchPath 
          
+
          String 
          
+
          d:\files;C:\documents and settings\user1\SFTs 
          
 
          A semicolon delimited list of up to five directories to search for portable SFT files before prompting the user to select a directory. Trailing backslash in paths is optional. This value is not present by default and must be set manually.
          
 
 
 
          UserImportPath
          
-
          String 
          
-
          D:\SFTs\ 
          
+
          String 
          
+
          D:\SFTs\ 
          
 
          Valid only under HKCU. The last location the user browsed to while finding a SFT file for package import. Set automatically if the SFT is found successfully. This is used on successive imports when trying to automatically locate SFT files.
          
 
 
 
 
- 
+
 
 ## Shared Key
 
@@ -284,29 +286,29 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Shared key control
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
 
-
          DumpPath 
          
-
          String 
          
-
          Default=C:\ 
          
-
          Default path to create dump files when generating a minidump on an exception. This defaults to C:\ if not specified. The Client installer sets this key to the <App Virtualization global data directory>\Dumps. The Sequencer installer sets this key to the installation directory. 
          
+
          DumpPath 
          
+
          String 
          
+
          Default=C:\ 
          
+
          Default path to create dump files when generating a minidump on an exception. This defaults to C:\ if not specified. The Client installer sets this key to the <App Virtualization global data directory>\Dumps. The Sequencer installer sets this key to the installation directory. 
          
 
 
-
          DumpPathSizeLimit 
          
-
          DWORD 
          
+
          DumpPathSizeLimit 
          
+
          DWORD 
          
 
          1000
          
 
          Specifies the maximum total amount of disk space in megabytes that can be used to store minidumps. Default = 1000 MB.
          
 
 
 
 
- 
+
 
 ## Network Key
 
@@ -322,10 +324,10 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network ke
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
@@ -336,8 +338,8 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network ke
 
          Enables or disables offline mode. If set to 0, the client will not communicate with App-V Management Servers or publishing servers. In disconnected operations, the client can start a loaded application even when it is not connected to an App-V Management Server. In offline mode, the client does not attempt to connect to an App-V Management Server or publishing server. You must allow disconnected operations to be able to work offline. Default value is 1 enabled (online), and 0 is disabled (offline).
          
 
 
-
          AllowDisconnectedOperation 
          
-
          DWORD 
          
+
          AllowDisconnectedOperation 
          
+
          DWORD 
          
 
          Default=1
          
 
          Enables or disables disconnected operation. Default value is 1 enabled, and 0 is disabled. When disconnected operations are enabled, the App-V client can start a loaded application even when it is not connected to an App-V Management Server.
          
 
@@ -345,12 +347,12 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network ke
 
          FastConnectTimeout
          
 
          DWORD
          
 
          Default=1000
          
-
          This value specifies the TCP connect time-out in milliseconds to determine when to go into disconnected operations mode. This value can be used to override the default ConnectTimeout of 20 seconds (App-V connect time-out for network transactions) or the system’s TCP time-out of approximately 25 seconds. This brings the client into disconnected operations mode quickly. Applied on the next connect.
          
+
          This value specifies the TCP connect time-out in milliseconds to determine when to go into disconnected operations mode. This value can be used to override the default ConnectTimeout of 20 seconds (App-V connect time-out for network transactions) or the system’s TCP time-out of approximately 25 seconds. This brings the client into disconnected operations mode quickly. Applied on the next connect.
          
 
 
 
          LimitDisconnectedOperation
          
 
          DWORD
          
-
          Default=1 
          
+
          Default=1 
          
 
          Applicable only if AllowDisconnectedOperation is 1, enabled. This value determines whether there will be a time limit for how long the client will be allowed to operate in disconnected operations. 1=limited. 0=unlimited.
          
 
 
@@ -404,7 +406,7 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network ke
 
 
 
- 
+
 
 ## Http Key
 
@@ -420,10 +422,10 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\H
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
@@ -442,7 +444,7 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\H
 
 
 
- 
+
 
 ## File System Key
 
@@ -458,53 +460,53 @@ The values that are contained under the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsof
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
 
-
          FileSize 
          
-
          DWORD 
          
+
          FileSize 
          
+
          DWORD 
          
 
          4096
          
-
          Maximum size in megabytes of file system cache file. If you change this value in the registry, you must set State to 0 and reboot. 
          
+
          Maximum size in megabytes of file system cache file. If you change this value in the registry, you must set State to 0 and reboot. 
          
 
 
-
          FileName 
          
-
          String 
          
-
          C:\Users\Public\Documents\SoftGrid Client\sftfs.fsd 
          
-
          Location of file system cache file. If you change this value in the registry, you must either leave FileSize the same and reboot or set State to 0 and reboot. 
          
+
          FileName 
          
+
          String 
          
+
          C:\Users\Public\Documents\SoftGrid Client\sftfs.fsd 
          
+
          Location of file system cache file. If you change this value in the registry, you must either leave FileSize the same and reboot or set State to 0 and reboot. 
          
 
 
-
          DriveLetter 
          
-
          String 
          
-
          Q: 
          
-
          Drive where App-V file system will be mounted, if it is available. This value is set either by the listener or the installer, and it is read by the file system. 
          
+
          DriveLetter 
          
+
          String 
          
+
          Q: 
          
+
          Drive where App-V file system will be mounted, if it is available. This value is set either by the listener or the installer, and it is read by the file system. 
          
 
 
-
          State 
          
-
          DWORD 
          
-
          0x100 
          
-
          State of file system. Set to 0 and reboot to completely clear the file system cache. 
          
+
          State 
          
+
          DWORD 
          
+
          0x100 
          
+
          State of file system. Set to 0 and reboot to completely clear the file system cache. 
          
 
 
-
          FileSystemStorage 
          
-
          String 
          
-
          C:\Profiles\Joe\SG 
          
-
          Path for symlinks, set under HKCU. Do not modify (use data directory under Configuration to change). 
          
+
          FileSystemStorage 
          
+
          String 
          
+
          C:\Profiles\Joe\SG 
          
+
          Path for symlinks, set under HKCU. Do not modify (use data directory under Configuration to change). 
          
 
 
-
          GlobalFileSystemStorage 
          
-
          String 
          
-
          C:\Users\Public\Documents\SoftGrid Client\AppFS Storage 
          
-
          Path for global file system data. Do not modify. 
          
+
          GlobalFileSystemStorage 
          
+
          String 
          
+
          C:\Users\Public\Documents\SoftGrid Client\AppFS Storage 
          
+
          Path for global file system data. Do not modify. 
          
 
 
-
          MaxPercentToLockInCache 
          
-
          DWORD 
          
-
          Default=90 
          
+
          MaxPercentToLockInCache 
          
+
          DWORD 
          
+
          Default=90 
          
 
          Specifies the maximum percentage of the file system cache file that can be locked. Do not modify.
          
 
 
@@ -522,19 +524,19 @@ The values that are contained under the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsof
 
 
 
- 
+
 
 ## Permissions Key
 
 
-To help to prevent users from making mistakes, administrators can use the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions key to control access to some actions for non-administrative users—for example, to prevent users from accidentally unloading programs. Users with administrative rights can give themselves any of these permissions. On shared systems, such as a Remote Desktop Session Host (RD Session Host) server (formerly Terminal Server) system, be careful when granting additional permissions to users because some of these permissions would enable users to control the applications used by all users on the system. Possible values for these settings are 1 (allow) and 0 (disallow).
+To help to prevent users from making mistakes, administrators can use the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions key to control access to some actions for non-administrative users—for example, to prevent users from accidentally unloading programs. Users with administrative rights can give themselves any of these permissions. On shared systems, such as a Remote Desktop Session Host (RD Session Host) server (formerly Terminal Server) system, be careful when granting additional permissions to users because some of these permissions would enable users to control the applications used by all users on the system. Possible values for these settings are 1 (allow) and 0 (disallow).
 
 The Permissions key settings control all interfaces that enable the named actions. This includes the Options Dialog, SFTTray, and SFTMime. These settings do not affect administrators. The following table provides information about the registry values associated with the Permissions key.
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 ChangeFSDrive
 
 DWORD
@@ -567,21 +569,21 @@ Default=0
 
 A value of 1 allows users to add applications explicitly. This does not affect applications that are added through publishing refresh nor does it prevent users from starting (and thereby implicitly adding) applications that have not already been added. Values are 0 or 1.
 
-LoadApp 
+LoadApp 
 
-DWORD 
+DWORD 
 
 0
 
-Does not allow a user to load an application. This is the default for RD Session Hosts. If you are a mobile user, you might want to fully load your applications in the cache to use them during disconnected operation or offline mode. To stream applications from the App-V Management Server or the App-V Streaming Server, you must be connected to a server to load applications.
+Does not allow a user to load an application. This is the default for RD Session Hosts. If you are a mobile user, you might want to fully load your applications in the cache to use them during disconnected operation or offline mode. To stream applications from the App-V Management Server or the App-V Streaming Server, you must be connected to a server to load applications.
 
 1
 
-Allows a user to load an application. This is the default for Windows desktops. 
+Allows a user to load an application. This is the default for Windows desktops. 
 
-UnloadApp 
+UnloadApp 
 
-DWORD 
+DWORD 
 
 0
 
@@ -589,43 +591,43 @@ Does not allow a user to unload an application. When you load or unload a packag
 
 1
 
-Allows a user to unload an application. 
+Allows a user to unload an application. 
 
-LockApp 
+LockApp 
 
-DWORD 
+DWORD 
 
 0
 
-Does not allow a user to lock and unlock an application. This is the default for RD Session Hosts. A locked application cannot be removed from the cache to make room for new applications. To remove a locked application from the App-V Desktop or Client for Remote Desktop Services (formerly Terminal Services) cache, you must unlock it.
+Does not allow a user to lock and unlock an application. This is the default for RD Session Hosts. A locked application cannot be removed from the cache to make room for new applications. To remove a locked application from the App-V Desktop or Client for Remote Desktop Services (formerly Terminal Services) cache, you must unlock it.
 
 1
 
-Allows a user to lock and unlock an application. This is the default for Windows Desktops. 
+Allows a user to lock and unlock an application. This is the default for Windows Desktops. 
 
-ManageTypes 
+ManageTypes 
 
-DWORD 
+DWORD 
 
 0
 
-Does not allow a user to add, edit, or remove file type associations for that User alone. This is the default for RD Session Hosts. 
+Does not allow a user to add, edit, or remove file type associations for that User alone. This is the default for RD Session Hosts. 
 
 1
 
-Allows a user to add, edit, and remove file type associations for that user only and not globally. This is the default for Windows Desktops. 
+Allows a user to add, edit, and remove file type associations for that user only and not globally. This is the default for Windows Desktops. 
 
-RefreshServer 
+RefreshServer 
 
-DWORD 
+DWORD 
 
 0
 
-Does not allow a user to trigger a refresh of MIME settings. This is the default for RD Session Hosts. 
+Does not allow a user to trigger a refresh of MIME settings. This is the default for RD Session Hosts. 
 
 1
 
-Enables a user to trigger a refresh of MIME settings. This is the default for Windows Desktops. 
+Enables a user to trigger a refresh of MIME settings. This is the default for Windows Desktops. 
 
 UpdateOSDFile
 
@@ -635,17 +637,17 @@ Default= 0
 
 A value of 1 enables a user to use a modified OSD file.
 
-ImportApp 
+ImportApp 
 
-DWORD 
+DWORD 
 
 0
 
-Does not allow a user to import applications into cache. The difference between Load and Import is that when a Load is triggered, the client gets the package from the currently configured location contained in the OSD, ASR, or Override URL. When using Import, a location to get the package from must be specified. 
+Does not allow a user to import applications into cache. The difference between Load and Import is that when a Load is triggered, the client gets the package from the currently configured location contained in the OSD, ASR, or Override URL. When using Import, a location to get the package from must be specified. 
 
 1
 
-Allows a user to import applications into cache. 
+Allows a user to import applications into cache. 
 
 ChangeRefreshSettings
 
@@ -711,7 +713,7 @@ DWORD
 
 A value of 1 allows the users to select to run the client in Offline Mode. In Offline Mode, the Application Virtualization client can start a loaded application even when it is not connected to an Application Virtualization Server.
 
- 
+
 
 ## Custom Settings
 
@@ -727,24 +729,24 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\CustomSett
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
 
-
          TrayErrorDelay 
          
-
          DWORD 
          
-
          Default=30 
          
-
          Time in seconds that the Application Virtualization notification area will display error messages like "Launch failed". Minimum value of 1. 
          
+
          TrayErrorDelay 
          
+
          DWORD 
          
+
          Default=30 
          
+
          Time in seconds that the Application Virtualization notification area will display error messages like "Launch failed". Minimum value of 1. 
          
 
 
-
          TraySuccessDelay 
          
-
          DWORD 
          
-
          Default=10 
          
-
          Time in seconds that the appvmed notification area will display success messages like "Word launched" or "Excel shut down". If 0, those messages will be suppressed. 
          
+
          TraySuccessDelay 
          
+
          DWORD 
          
+
          Default=10 
          
+
          Time in seconds that the appvmed notification area will display success messages like "Word launched" or "Excel shut down". If 0, those messages will be suppressed. 
          
 
 
 
          TrayVisibility
          
@@ -769,7 +771,7 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\CustomSett
 
 
 
- 
+
 
 ## Reporting Settings
 
@@ -785,10 +787,10 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Reporting
 
 
 
-Name 
-Type 
-Data (Examples) 
-Description 
+Name 
+Type 
+Data (Examples) 
+Description 
 
 
 
@@ -807,16 +809,16 @@ The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Reporting
 
 
 
- 
+
 
 ## Related topics
 
 
 [Application Virtualization Client Reference](application-virtualization-client-reference.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/app-v-desktop-client-security.md b/mdop/appv-v4/app-v-desktop-client-security.md
index 6e6eb58648..8b1261715e 100644
--- a/mdop/appv-v4/app-v-desktop-client-security.md
+++ b/mdop/appv-v4/app-v-desktop-client-security.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Desktop Client Security
 description: App-V Desktop Client Security
-author: jamiejdt
+author: dansimp
 ms.assetid: 216b9c16-7bb4-4f94-b9d8-810501285008
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The App-V Desktop Client provides many security enhancements that were not avail
 **Note**  
 When you install the App-V Desktop Client on a computer, the software defaults to the most secure settings. However, when upgrading, the previous settings of the client persist.
 
- 
+ 
 
 By default, the App-V Desktop Client is configured only with the permissions required to allow a non-administrative user to perform a publishing refresh and stream applications. Additional security enhancements provided in the App-V Desktop Client include the following:
 
@@ -41,12 +44,12 @@ After you install the Desktop Client, you can configure other security settings
 **Important**  
 Carefully consider the consequences of changing access rights, especially on systems that are shared by multiple users, such as Terminal Servers.
 
- 
+ 
 
 **Note**  
 If users in the environment have local administrator privileges for their computers, the permissions are ignored.
 
- 
+ 
 
 ### ADM Template
 
@@ -55,7 +58,7 @@ Microsoft Application Virtualization (App-V) introduces an ADM Template that you
 **Important**  
 When using the ADM Template, remember that the settings are Group Policy preference settings and not fully managed Group Policies.
 
- 
+ 
 
 For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [https://go.microsoft.com/fwlink/LinkId=122063](https://go.microsoft.com/fwlink/?LinkId=122063).
 
@@ -64,9 +67,9 @@ For a full description of the ADM Template, the specific settings, and guidance
 
 If your organization does not require users to open applications directly from an OSD file, you can enhance security by removing the file type associations on the client. Remove the `HKEY_CURRENT_USERS` keys for OSD and `Softgird.osd.file` by using the registry editor. You can put this process into a logon script or into a post-installation script to automate these changes.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-installation-checklist.md b/mdop/appv-v4/app-v-installation-checklist.md
index 1a916f52c7..4b2e5c573d 100644
--- a/mdop/appv-v4/app-v-installation-checklist.md
+++ b/mdop/appv-v4/app-v-installation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Installation Checklist
 description: App-V Installation Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: b17efaab-cd6d-4c30-beb7-c6e7c9c87657
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,43 +33,43 @@ The following checklist is intended to provide a high-level list of items to con
 
 
 
          Install the App-V Management Server. If you are installing the Management Web Service, Management Console, or the Data Store on different servers, you can use the custom installation option.
          
-
          [How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md)
          
+
          How to Install Application Virtualization Management Server
          
 
 
 
          Install the App-V Management Web Service. (Optional ¹)
          
-
          [How to Install the Management Web Service](how-to-install-the-management-web-service.md)
          
+
          How to Install the Management Web Service
          
 
 
 
          Install the App-V Management Console. (Optional ¹)
          
-
          [How to Install the Management Console](how-to-install-the-management-console.md)
          
+
          How to Install the Management Console
          
 
 
 
          Install the App-V Data Store. (Optional ¹)
          
-
          [How to Install a Database](how-to-install-a-database.md)
          
+
          How to Install a Database
          
 
 
 
          Install the App-V client.
          
-
          [How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md)
          
+
          How to Manually Install the Application Virtualization Client
          
 
 
 
          Install the App-V Sequencer.
          
-
          [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md)
          
+
          How to Install the Application Virtualization Sequencer
          
 
 
 
          Install the App-V Streaming Server. (This is optional and required only if you are installing the Streaming Server).
          
-
          [How to Install the Application Virtualization Streaming Server](how-to-install-the-application-virtualization-streaming-server.md)
          
+
          How to Install the Application Virtualization Streaming Server
          
 
 
 
          Create Content directories on the servers that will be used for streaming applications to users’ computers.
          
-
          [How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md)
          
-
          [How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md)
          
-
          [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)
          
-
          [How to Configure the File Server](how-to-configure-the-file-server.md)
          
+
          How to Configure the Application Virtualization Management Servers
          
+
          How to Configure the Application Virtualization Streaming Servers
          
+
          How to Configure the Server for IIS
          
+
          How to Configure the File Server
          
 
 
 
 
- 
+ 
 
 ¹ This is required only if you are installing the App-V Management Web Service, Management Console, or the Data Store on a different computer.
 
@@ -77,9 +80,9 @@ The following checklist is intended to provide a high-level list of items to con
 
 [App-V Postinstallation Checklist](app-v-postinstallation-checklist.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
index 198861885a..be861b5d2c 100644
--- a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
+++ b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Interoperability with Windows AppLocker
 description: App-V Interoperability with Windows AppLocker
-author: jamiejdt
+author: dansimp
 ms.assetid: 9a488034-607d-411c-b495-ff184c726f49
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Version 4.5 SP1 of the Microsoft Application Virtualization (App-V) client suppo
 **Note**  
 Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkId=156732) (https://go.microsoft.com/fwlink/?LinkId=156732).
 
- 
+ 
 
 ## Configuring Windows AppLocker Rules for Virtual Applications
 
@@ -28,9 +31,9 @@ Local administrators can create Windows AppLocker rules that restrict the runnin
 
 When you browse to find a directory path or specific file for which you want to create a rule, you can access the App-V drive by using the path to the hidden share. For example, you can browse to \\\\localhost\\Q$, where the App-V drive is drive Q. However, to create the rule, you must edit the path to remove the reference to \\\\localhost\\Q$ and use Q:\\ instead. You must start each application on the reference computer to access the application’s files, and administrative rights are required to browse to \\\\localhost\\Q$.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-package-wmi-class.md b/mdop/appv-v4/app-v-package-wmi-class.md
index 3a48b5747a..bd91ad1751 100644
--- a/mdop/appv-v4/app-v-package-wmi-class.md
+++ b/mdop/appv-v4/app-v-package-wmi-class.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Package WMI Class
 description: App-V Package WMI Class
-author: jamiejdt
+author: dansimp
 ms.assetid: 0fc26c3b-9706-4804-be2d-645771dc33ae
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/app-v-postinstallation-checklist.md b/mdop/appv-v4/app-v-postinstallation-checklist.md
index f86bfdf207..87b30551fd 100644
--- a/mdop/appv-v4/app-v-postinstallation-checklist.md
+++ b/mdop/appv-v4/app-v-postinstallation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Postinstallation Checklist
 description: App-V Postinstallation Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: 74db297e-a744-4287-bcc6-0e096ca8b57a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,37 +33,37 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
          Create firewall exceptions for the App-V Management Server or Streaming Server services.
          
-
          [Configuring the Firewall for the App-V Servers](configuring-the-firewall-for-the-app-v-servers.md)
          
+
          Configuring the Firewall for the App-V Servers
          
 
 
 
          Verify that the App-V system is functioning correctly by publishing, streaming, and testing the default application.
          
-
          [How to Install and Configure the Default Application](how-to-install-and-configure-the-default-application.md)
          
+
          How to Install and Configure the Default Application
          
 
 
 
          Configure the App-V Client to use the App-V Streaming Server or other server for streaming by means of the ApplicationSourceRoot, IconSourceRoot, and OSDSourceRoot settings.
          
-
          [How to Configure the Client for Application Package Retrieval](how-to-configure-the-client-for-application-package-retrieval.md)
          
+
          How to Configure the Client for Application Package Retrieval
          
 
 
 
          Understand how to use the .msi file version of sequenced application packages for offline deployment.
          
-
          [How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md)
          
+
          How to Publish a Virtual Application on the Client
          
 
 
 
          (Optional) Configure SQL Server database mirroring for the App-V database.
          
-
          [How to Configure Microsoft SQL Server Mirroring Support for App-V](how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md)
          
+
          How to Configure Microsoft SQL Server Mirroring Support for App-V
          
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/app-v-pre-installation-checklist.md b/mdop/appv-v4/app-v-pre-installation-checklist.md
index e2fb7810b1..c426c83566 100644
--- a/mdop/appv-v4/app-v-pre-installation-checklist.md
+++ b/mdop/appv-v4/app-v-pre-installation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Pre-Installation Checklist
 description: App-V Pre-Installation Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: 3af609b1-2c09-4edb-b083-b913b6d5e8c4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,35 +33,34 @@ The following checklist is intended to provide a high-level list of items to con
 
 
 
          Ensure your computing environment meets the supported configurations required for App-V.
          
-
          [Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md)
          
+
          Application Virtualization Deployment Requirements
          
 
 
 
          Configure the necessary Active Directory groups and accounts.
          
-
          [Configuring Prerequisite Groups in Active Directory for App-V](configuring-prerequisite-groups-in-active-directory-for-app-v.md)
          
+
          Configuring Prerequisite Groups in Active Directory for App-V
          
 
 
 
          Configure the Internet Information Services (IIS) settings on the server that is running IIS.
          
-
          [How to Configure Windows Server 2008 for App-V Management Servers](how-to-configure-windows-server-2008-for-app-v-management-servers.md)
          
+
          How to Configure Windows Server 2008 for App-V Management Servers
          
 
 
 
          Configure the server that is running IIS to be trusted for delegation.
          
 
          
-Note  
-
          This is required only if you are installing the App-V Management Server by using a distributed system architecture, that is, if you install the App-V Management Console, the Management Web Service, and the database on different computers.
          
+Note
          This is required only if you are installing the App-V Management Server by using a distributed system architecture, that is, if you install the App-V Management Console, the Management Web Service, and the database on different computers.
          
 
          
 
          
- 
+
 
          
-
          [How to Configure the Server to be Trusted for Delegation](how-to-configure-the-server-to-be-trusted-for-delegation.md)
          
+
          How to Configure the Server to be Trusted for Delegation
          
 
 
 
          Install Microsoft SQL Server 2008.
          
-
          [Install SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=181924) (https://go.microsoft.com/fwlink/?LinkId=181924).
          
+
          Install SQL Server 2008 (https://go.microsoft.com/fwlink/?LinkId=181924).
          
 
 
 
 
- 
+
 
 ## Related topics
 
@@ -67,9 +69,9 @@ The following checklist is intended to provide a high-level list of items to con
 
 [App-V Installation Checklist](app-v-installation-checklist.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/app-v-upgrade-checklist.md b/mdop/appv-v4/app-v-upgrade-checklist.md
index d9ddeef65f..fcabc76d01 100644
--- a/mdop/appv-v4/app-v-upgrade-checklist.md
+++ b/mdop/appv-v4/app-v-upgrade-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V Upgrade Checklist
 description: App-V Upgrade Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: 64e317d2-d260-4b67-8a49-ba9ac513087a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,7 +17,7 @@ ms.date: 08/30/2016
 # App-V Upgrade Checklist
 
 
-Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or later versions, any version earlier than App-V 4.1 must be upgraded to App-V 4.1. You should plan to upgrade clients first, and then upgrade the server components. App-V clients that have been upgraded to App-V 4.5 continue to work with App-V servers that have not yet been upgraded. Earlier versions of the client are not supported on servers that have been upgraded to App-V 4.5.
+Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or later versions, any version earlier than App-V 4.1 must be upgraded to App-V 4.1. You should plan to upgrade clients first, and then upgrade the server components. App-V clients that have been upgraded to App-V 4.5 continue to work with App-V servers that have not yet been upgraded. Earlier versions of the client are not supported on servers that have been upgraded to App-V 4.5.
 
 @@ -30,64 +33,63 @@ Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or
 
-
+
-
+
-
+
-
+
-
+
          
 

 
          
 
          Upgrade the App-V clients.
          [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md)
          How to Upgrade the Application Virtualization Client
          		
 
          
 
          
 
          Upgrade the App-V servers and database.
          
 
          
-Important  
-
          If you have more than one server sharing access to the App-V database, all those servers must be taken offline while the database is being upgraded. You should follow your regular business practices for the database upgrade, but we recommend that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the App-V software on the other servers.
          
+Important
          If you have more than one server sharing access to the App-V database, all those servers must be taken offline while the database is being upgraded. You should follow your regular business practices for the database upgrade, but we recommend that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the App-V software on the other servers.
          
 
          
 
          
- 
+
 
          [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md)
          How to Upgrade the Servers and System Components
          		
 
          
 
          
 
          Upgrade the App-V Management Web Service.
          
 
          This step applies only if the Management Web Service is on a separate server, which would require that you run the server installer program on that separate server to upgrade the Management Web service. Otherwise, the previous server upgrade step will automatically upgrade the Management Web Service.
          [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md)
          How to Upgrade the Servers and System Components
          		
 
          
 
          
 
          Upgrade the App-V Management Console.
          
 
          This step applies only if the Management Console is on a separate computer, which would require that you run the server installer program on that separate computer to upgrade the console. Otherwise, the previous server upgrade step will upgrade the Management Console.
          [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md)
          How to Upgrade the Servers and System Components
          		
 
          
 
          
 
          Upgrade the App-V Sequencer.
          [How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md)
          How to Upgrade the Application Virtualization Sequencer
          		
 
          
           
 
          
 
- 
+
 
 ## Additional Upgrade Considerations
 
 
--   Any virtual application packages sequenced in version 4.2 will not have to be sequenced again for use with version 4.5. However, you should consider upgrading the virtual packages to the Microsoft Application Virtualization 4.5 format if you want to apply default access control lists (ACLs) or generate a Windows Installer file. This is a simple process and requires only that the existing virtual application package be opened and saved with the App-V 4.5 Sequencer. This can be automated by using the App-VSequencer command-line interface. For more information, see [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md)
+-   Any virtual application packages sequenced in version 4.2 will not have to be sequenced again for use with version 4.5. However, you should consider upgrading the virtual packages to the Microsoft Application Virtualization 4.5 format if you want to apply default access control lists (ACLs) or generate a Windows Installer file. This is a simple process and requires only that the existing virtual application package be opened and saved with the App-V 4.5 Sequencer. This can be automated by using the App-VSequencer command-line interface. For more information, see [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md)
 
--   One of the features of the 4.5 Sequencer is the ability to create Windows Installer (.msi) files as control points for virtual application package interoperability with electronic software distribution (ESD) systems, such as Microsoft System Center Configuration Manager 2007. Previous Windows Installer files created with the MSI tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 client that is subsequently upgraded to App-V 4.5 will continue to work, although they cannot be installed on the App-V 4.5 client. However, they cannot be removed or upgraded unless they are upgraded in the App-V 4.5 Sequencer. The original App-V package earlier than 4.5 has to be opened in the App-V 4.5 Sequencer and then saved as a Windows Installer File.
+-   One of the features of the 4.5 Sequencer is the ability to create Windows Installer (.msi) files as control points for virtual application package interoperability with electronic software distribution (ESD) systems, such as Microsoft System Center Configuration Manager 2007. Previous Windows Installer files created with the MSI tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 client that is subsequently upgraded to App-V 4.5 will continue to work, although they cannot be installed on the App-V 4.5 client. However, they cannot be removed or upgraded unless they are upgraded in the App-V 4.5 Sequencer. The original App-V package earlier than 4.5 has to be opened in the App-V 4.5 Sequencer and then saved as a Windows Installer File.
 
-    **Note**  
-    If the App-V 4.2 Client has already been upgraded to App-V 4.5, it is possible to script a workaround to preserve the version 4.2 packages on version 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key:\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]:
+    **Note**  
+    If the App-V 4.2 Client has already been upgraded to App-V 4.5, it is possible to script a workaround to preserve the version 4.2 packages on version 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key:\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]:
 
     "ClientVersion"="4.2.1.20"
 
     "GlobalDataDirectory"="C:\\\\Documents and Settings\\\\All Users\\\\Documents\\\\" (a globally writeable location)
 
-     
+
 
 -   Windows Installer files generated by the App-V 4.5 Sequencer display the error message "This package requires Microsoft Application Virtualization Client 4.5 or later" when trying to run them on an App-V 4.6 Client. Open the old package with either the App-V 4.5 SP1 Sequencer or the App-V 4.6 Sequencer and generate a new .msi file for the package.
 
--   Any version 4.2 reports that were created and saved will be overwritten when the server is upgraded to version 4.5. If you have to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
+-   Any version 4.2 reports that were created and saved will be overwritten when the server is upgraded to version 4.5. If you have to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
 
 -   For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358).
 
-## App-V 4.6 Client Package Support
+## App-V 4.6 Client Package Support
 
 
-You can deploy packages created in previous versions of App-V to App-V 4.6 clients. However, you must modify the associated .osd file so that it includes the appropriate operating system and chip architecture information. The following values can be used:
+You can deploy packages created in previous versions of App-V to App-V 4.6 clients. However, you must modify the associated .osd file so that it includes the appropriate operating system and chip architecture information. The following values can be used:
 
 @@ -135,16 +137,16 @@ You can deploy packages created in previous versions of App-V to App-V 4.6 cli
 
          
 

 
          
 
- 
 
-To run a newly created 32-bit package, you must sequence the application on a computer running a 32-bit operating system with the App-V 4.6 Sequencer installed. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab and then specify the appropriate operating system and chip architecture as required.
 
-**Important**  
-Applications sequenced on a computer running a 64-bit operating system must be deployed to computers running a 64-bit operating system. New 32-bit packages created by using the App-V 4.6 Sequencer do not run on computers running the App-V 4.5 client.
+To run a newly created 32-bit package, you must sequence the application on a computer running a 32-bit operating system with the App-V 4.6 Sequencer installed. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab and then specify the appropriate operating system and chip architecture as required.
 
- 
+**Important**  
+Applications sequenced on a computer running a 64-bit operating system must be deployed to computers running a 64-bit operating system. New 32-bit packages created by using the App-V 4.6 Sequencer do not run on computers running the App-V 4.5 client.
 
-To run new 64-bit packages on the App-V 4.6 Client, you must sequence the application on a computer running the App-V 4.6 Sequencer and that is running a 64-bit operating system. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab, and then specify the appropriate operating system and chip architecture as required.
+
+
+To run new 64-bit packages on the App-V 4.6 Client, you must sequence the application on a computer running the App-V 4.6 Sequencer and that is running a 64-bit operating system. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab, and then specify the appropriate operating system and chip architecture as required.
 
 The following table lists which client versions will run packages created by using the various versions of the sequencer.
 
@@ -159,36 +161,36 @@ The following table lists which client versions will run packages created by usi
 
 
 
-Sequenced by using the App-V 4.2 Sequencer
-Sequenced by using the App-V 4.5 Sequencer
-Sequenced by using the 32-bit App-V 4.6 Sequencer
-Sequenced by using the 64-bit App-V 4.6 Sequencer
+Sequenced by using the App-V 4.2 Sequencer
+Sequenced by using the App-V 4.5 Sequencer
+Sequenced by using the 32-bit App-V 4.6 Sequencer
+Sequenced by using the 64-bit App-V 4.6 Sequencer
 
 
 
 
-
          4.2 Client
          
+
          4.2 Client
          
 
          Yes
          
 
          No
          
 
          No
          
 
          No
          
 
 
-
          4.5 Client ¹
          
+
          4.5 Client ¹
          
 
          Yes
          
 
          Yes
          
 
          No
          
 
          No
          
 
 
-
          4.6 Client (32-bit)
          
+
          4.6 Client (32-bit)
          
 
          Yes
          
 
          Yes
          
 
          Yes
          
 
          No
          
 
 
-
          4.6 Client (64-bit)
          
+
          4.6 Client (64-bit)
          
 
          Yes
          
 
          Yes
          
 
          Yes
          
@@ -197,13 +199,13 @@ The following table lists which client versions will run packages created by usi
 
 
 
- 
 
-¹Applies to all versions of the App-V 4.5 client, including App-V 4.5, App-V 4.5 CU1, and App-V 4.5 SP1.
 
- 
-
- 
+¹Applies to all versions of the App-V 4.5 client, including App-V 4.5, App-V 4.5 CU1, and App-V 4.5 SP1.
+
+
+
+
 
 
 
diff --git a/mdop/appv-v4/application-utilization-reportserver.md b/mdop/appv-v4/application-utilization-reportserver.md
index ccac73ba60..29301ef748 100644
--- a/mdop/appv-v4/application-utilization-reportserver.md
+++ b/mdop/appv-v4/application-utilization-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: Application Utilization Report
 description: Application Utilization Report
-author: jamiejdt
+author: dansimp
 ms.assetid: cb961969-c9a3-4d46-8303-121d737d76d8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
index 4f285ff5cf..e11246cb72 100644
--- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Hardware and Software Requirements
 description: Application Virtualization Client Hardware and Software Requirements
-author: jamiejdt
+author: dansimp
 ms.assetid: 8b877a2c-5721-4b22-a47f-e2838d58ab12
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ The following list includes the recommended minimum hardware and software requir
 **Note**  
 The Application Virtualization (App-V) Desktop Client requires no additional processor or RAM resources beyond the requirements of the host operating system.
 
- 
+ 
 
 ### Hardware Requirements
 
@@ -82,8 +85,8 @@ The hardware requirements are applicable to all versions.
 
 
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
- -   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
+- **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
+  -   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
@@ -133,19 +136,19 @@ The Application Virtualization (App-V) 4.6 Desktop Client supports x86 and x64 S
 
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
+-   Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist_x86.exe from Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
+-   Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
--   **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file.
+-   Microsoft Application Error Reporting—The installation program for this software is included in the Support\Watson folder in the self-extracting archive file.
 
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
+-   Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
 ## Application Virtualization Client for Remote Desktop Services
 
-Following are the recommended hardware and software requirements for the Application Virtualization Client for Remote Desktop Services. The requirements are listed first for appv461\_3, followed by the requirements for versions that preceded App-V 4.6 SP2.
+Following are the recommended hardware and software requirements for the Application Virtualization Client for Remote Desktop Services. The requirements are listed first for appv461_3, followed by the requirements for versions that preceded App-V 4.6 SP2.
 
 The Application Virtualization (App-V) Client for Remote Desktop Services requires no additional processor or RAM resources beyond the requirements of the host operating system.
 
diff --git a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
index afde6ebaa3..5934984a4d 100644
--- a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
+++ b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Installer Command-Line Parameters
 description: Application Virtualization Client Installer Command-Line Parameters
-author: jamiejdt
+author: dansimp
 ms.assetid: 508fa404-52a5-4919-8788-2a3dfb00639b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,12 +19,12 @@ ms.date: 08/30/2016
 
 The following table lists all available Microsoft Application Virtualization Client installer command-line parameters, their values, and a brief description of each parameter. Parameters are case-sensitive and must be entered as all-uppercase letters. All parameter values must be enclosed in double quotes.
 
-**Note**  
--   For App-V version 4.6, command-line parameters cannot be used during a client upgrade.
+**Note**  
+-   For App-V version 4.6, command-line parameters cannot be used during a client upgrade.
 
 -   The *SWICACHESIZE* and *MINFREESPACEMB* parameters cannot be combined on the command line. If both are used, the *SWICACHESIZE* parameter will be ignored.
 
- 
+
 
 @@ -56,14 +59,13 @@ The following table lists all available Microsoft Application Virtualization Cli
 
          A URL has several parts:
          <protocol>://<server>:<port>/<path>/<?query><#fragment>
          A UNC path has three parts:
          
-
          \\<computername>\<share folder>\<resource>
          
+
          &lt;computername>&lt;share folder>&lt;resource>
          If the APPLICATIONSOURCEROOT parameter is specified on a client, the client will break the URL or UNC path from an OSD file into its constituent parts and replace the OSD sections with the corresponding APPLICATIONSOURCEROOT sections.
          
-Important  
-
          Be sure to use the correct format when using file:// with a UNC path. The correct format is file://\\<server>\<share>.
          
+Important
          Be sure to use the correct format when using file:// with a UNC path. The correct format is file://&lt;server>&lt;share>.
          
 
          
- 
+
 
          
@@ -74,13 +76,12 @@ The following table lists all available Microsoft Application Virtualization Cli
 
          A URL has several parts:
          <protocol>://<server>:<port>/<path>/<?query><#fragment>
          A UNC path has three parts:
          
-
          \\<computername>\<share folder>\<resource>
          
+
          &lt;computername>&lt;share folder>&lt;resource>
          
-Important  
-
          Be sure to use the correct format when using a UNC path. Acceptable formats are \\<server>\<share> or <drive letter>:\<folder>.
          
+Important
          Be sure to use the correct format when using a UNC path. Acceptable formats are &lt;server>&lt;share> or <drive letter>:&lt;folder>.
          
 
          
- 
+
 
          
@@ -91,13 +92,12 @@ The following table lists all available Microsoft Application Virtualization Cli
 
          A URL has several parts:
          <protocol>://<server>:<port>/<path>/<?query><#fragment>
          A UNC path has three parts:
          
-
          \\<computername>\<share folder>\<resource>
          
+
          &lt;computername>&lt;share folder>&lt;resource>
          
-Important  
-
          Be sure to use the correct format when using a UNC path. Acceptable formats are \\<server>\<share> or <drive letter>:\<folder>.
          
+Important
          Be sure to use the correct format when using a UNC path. Acceptable formats are &lt;server>&lt;share> or <drive letter>:&lt;folder>.
          
 
          
- 
+
 
          
@@ -108,11 +108,10 @@ The following table lists all available Microsoft Application Virtualization Cli
 
@@ -141,20 +139,18 @@ The following table lists all available Microsoft Application Virtualization Cli
 
        • NONE—No auto-loading, regardless of what triggers might be set.
        • ALL—If any AutoLoad trigger is enabled, all packages are automatically loaded, whether or not they have ever been launched.
          
 
          
-Note  
-
          This setting is configured for individual packages by using the SFTMIME ADD PACKAGE and CONFIGURE PACKAGE commands. For more information about these commands, see [SFTMIME Command Reference](sftmime--command-reference.md).
          
+Note
          This setting is configured for individual packages by using the SFTMIME ADD PACKAGE and CONFIGURE PACKAGE commands. For more information about these commands, see SFTMIME Command Reference.
          
 
          
 
          
- 
+
 
        • PREVUSED—If any AutoLoad trigger is enabled, load only the packages where at least one application in the package has been previously used (that is, launched or precached).
          • 
-Note  
-
          When you install the App-V client to use a read-only cache, (for example, as a VDI server implementation), you must set the AUTOLOADTARGET parameter to NONE to prevent the client from trying to update applications in the read-only cache.
          
+Note
          When you install the App-V client to use a read-only cache, (for example, as a VDI server implementation), you must set the AUTOLOADTARGET parameter to NONE to prevent the client from trying to update applications in the read-only cache.
          
 
          
- 
+
 
          
@@ -214,7 +210,7 @@ The following table lists all available Microsoft Application Virtualization Cli
 
-
@@ -283,19 +279,18 @@ The following table lists all available Microsoft Application Virtualization Cli
 
          
 

 
 
 
 
 
 
 
          
 
 
 
 
 
          
 
          
 
 
 
 
 
          
 
          The AutoLoad triggers that define the events that initiate auto-loading of applications. AutoLoad implicitly uses background streaming to enable the application to be fully loaded into cache.
          
 
          The primary feature block will be loaded as quickly as possible. Remaining feature blocks will be loaded in the background to enable foreground operations, such as user interaction with applications, to take priority and provide optimal performance.
          
 
          
-Note  
-
          The AUTOLOADTARGET parameter determines which applications are auto-loaded. By default, packages that have been used are auto-loaded unless AUTOLOADTARGET is set.
          
+Note
          The AUTOLOADTARGET parameter determines which applications are auto-loaded. By default, packages that have been used are auto-loaded unless AUTOLOADTARGET is set.
          
 
          
 
          
- 
+
 
          
 
          Each parameter affects loading behavior as follows:
          
 
            
@@ -123,11 +122,10 @@ The following table lists all available Microsoft Application Virtualization Cli
 
            The three values can be combined. In the following example, AutoLoad triggers are enabled both at user login and when publishing refresh occurs:
            
 
            AUTOLOADONLOGIN AUTOLOADONREFRESH
            
 
            
-Note  
-
            If the client is configured with these values at first install, Autoload will not be triggered until the next time the user logs off and logs back on.
            
+Note
            If the client is configured with these values at first install, Autoload will not be triggered until the next time the user logs off and logs back on.
            
 
            
 
            
- 
+
 
          		
 
          
 
          
 
 
 
 
 
 
          
 
          
 
          SWIPUBSVRHOST
          		
 
          IP address|host name
          Specifies either the IP address of the Application Virtualization Server or a host name of the server that resolves into the server's IP address; required when SWIPUBSVRDISPLAY is used.
          
+
          Specifies either the IP address of the Application Virtualization Server or a host name of the server that resolves into the server's IP address; required when SWIPUBSVRDISPLAY is used.
          
 
          Example: SWIPUBSVRHOST="SERVER01"
          		
 
          
 
          [0|1]
          		
 
          Used when you have applied registry settings prior to deploying a client—for example, by using Group Policy. When a client is deployed, set this parameter to a value of 1 so that it will not overwrite the registry settings.
          
 
          
-Important  
-
          If set to a value of 1, the following client installer command-line parameters are ignored:
          
+Important
          If set to a value of 1, the following client installer command-line parameters are ignored:
          
 
          SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, and SWIUSERDATA.
          
-
          For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([https://go.microsoft.com/fwlink/?LinkId=122939](https://go.microsoft.com/fwlink/?LinkId=122939)).
          
+
          For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide (https://go.microsoft.com/fwlink/?LinkId=122939).
          
 
          
 
          
- 
+
 
          		
 
          
           
 
          
 
- 
+
 
 ## Related topics
 
@@ -306,9 +301,9 @@ The following table lists all available Microsoft Application Virtualization Cli
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-client-management-console-overview.md b/mdop/appv-v4/application-virtualization-client-management-console-overview.md
index a6c537240c..314b2e91ef 100644
--- a/mdop/appv-v4/application-virtualization-client-management-console-overview.md
+++ b/mdop/appv-v4/application-virtualization-client-management-console-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Management Console Overview
 description: Application Virtualization Client Management Console Overview
-author: jamiejdt
+author: dansimp
 ms.assetid: 21d648cc-eca5-475c-be42-228879b7a45a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-management-console-reference.md b/mdop/appv-v4/application-virtualization-client-management-console-reference.md
index aa1dd22200..0d705a6dbc 100644
--- a/mdop/appv-v4/application-virtualization-client-management-console-reference.md
+++ b/mdop/appv-v4/application-virtualization-client-management-console-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Management Console Reference
 description: Application Virtualization Client Management Console Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: aa27537d-e053-45b5-b0ee-cf6606849e0c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md b/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md
index cb27823b9d..c00f5ef58d 100644
--- a/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md
+++ b/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Management Console Roadmap
 description: Application Virtualization Client Management Console Roadmap
-author: jamiejdt
+author: dansimp
 ms.assetid: 3aca02c4-728c-4c34-b90f-4e6f188937b0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-management-console.md b/mdop/appv-v4/application-virtualization-client-management-console.md
index 1c701579d1..703e1fcab3 100644
--- a/mdop/appv-v4/application-virtualization-client-management-console.md
+++ b/mdop/appv-v4/application-virtualization-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Management Console
 description: Application Virtualization Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 18635688-8cbe-40d1-894e-acb2749b4e69
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-reference.md b/mdop/appv-v4/application-virtualization-client-reference.md
index ccc4e6c92e..2363a32ee3 100644
--- a/mdop/appv-v4/application-virtualization-client-reference.md
+++ b/mdop/appv-v4/application-virtualization-client-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client Reference
 description: Application Virtualization Client Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 5107f567-9ac8-43e1-89c8-5e0762e3ddd8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client-wmi-provider.md b/mdop/appv-v4/application-virtualization-client-wmi-provider.md
index 3025258d50..39b1ebb2ed 100644
--- a/mdop/appv-v4/application-virtualization-client-wmi-provider.md
+++ b/mdop/appv-v4/application-virtualization-client-wmi-provider.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client WMI Provider
 description: Application Virtualization Client WMI Provider
-author: jamiejdt
+author: dansimp
 ms.assetid: 384e33e0-6689-4e28-af84-53acee8a5c24
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-client.md b/mdop/appv-v4/application-virtualization-client.md
index d31cebbf26..1756d814d7 100644
--- a/mdop/appv-v4/application-virtualization-client.md
+++ b/mdop/appv-v4/application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Client
 description: Application Virtualization Client
-author: jamiejdt
+author: dansimp
 ms.assetid: d9e1939b-eb9c-49a0-855d-f4c323b84c2f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md
index f0934b8e1a..ae15062828 100644
--- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md
+++ b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Deployment and Upgrade Checklists
 description: Application Virtualization Deployment and Upgrade Checklists
-author: jamiejdt
+author: dansimp
 ms.assetid: 462e5119-cb83-4548-98f2-df668aa0958b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md
index 693077f351..c7c5b57205 100644
--- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md
+++ b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Deployment and Upgrade Considerations
 description: Application Virtualization Deployment and Upgrade Considerations
-author: jamiejdt
+author: dansimp
 ms.assetid: c3c38930-0da3-43e6-b240-945edfd00a01
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md
index 37bbb869da..7e6e309b9b 100644
--- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md
+++ b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Deployment and Upgrade Considerations
 description: Application Virtualization Deployment and Upgrade Considerations
-author: jamiejdt
+author: dansimp
 ms.assetid: adc562ee-7276-4b14-b10a-da17f05e1682
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-deployment-requirements.md b/mdop/appv-v4/application-virtualization-deployment-requirements.md
index cd1da33519..2d00a73d21 100644
--- a/mdop/appv-v4/application-virtualization-deployment-requirements.md
+++ b/mdop/appv-v4/application-virtualization-deployment-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Deployment Requirements
 description: Application Virtualization Deployment Requirements
-author: jamiejdt
+author: dansimp
 ms.assetid: 9564e974-a853-45ae-b605-0a2e3e5cf212
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-glossary.md b/mdop/appv-v4/application-virtualization-glossary.md
index f43aebc300..441bff3d5d 100644
--- a/mdop/appv-v4/application-virtualization-glossary.md
+++ b/mdop/appv-v4/application-virtualization-glossary.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Glossary
 description: Application Virtualization Glossary
-author: jamiejdt
+author: dansimp
 ms.assetid: 9eb71774-e288-4f94-8f94-5b98e0d012a7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md b/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md
index 8dfc1b4b2a..c459939b7c 100644
--- a/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties Connectivity Tab
 description: Application Virtualization Properties Connectivity Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: e07c1352-a2be-4d99-9968-daba515bcde2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-properties-file-system-tab.md b/mdop/appv-v4/application-virtualization-properties-file-system-tab.md
index cfee97c8f4..2a116d4707 100644
--- a/mdop/appv-v4/application-virtualization-properties-file-system-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-file-system-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties File System Tab
 description: Application Virtualization Properties File System Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: c7d56d36-8c50-4dfc-afee-83dea06376d4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-properties-general-tab.md b/mdop/appv-v4/application-virtualization-properties-general-tab.md
index 68c42054e6..31bfb94c4b 100644
--- a/mdop/appv-v4/application-virtualization-properties-general-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-general-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties General Tab
 description: Application Virtualization Properties General Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: be7449d9-171a-4a11-9382-83b7008ccbdd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ Select the level from the drop-down list. The default level is **Warning**.
 **Note**  
 The **System Log Level** setting controls the level of messages sent to the system event log. The logged messages are identical to the messages that get logged to the client event log, but they are stored in a different location that does not have the space limitations of the client event log. Because the system event log does not have space limitations, it is ideally suited for situations where verbose logging is necessary.
 
- 
+ 
 
 **Global Data Directory**  
 Enter or browse to the location of the directory of the log file. The default locations are as follows:
@@ -54,9 +57,9 @@ Enter or browse to the location of the directory where user-specific data is sto
 
 [Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md b/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md
index 5ee10019b3..87085b92cf 100644
--- a/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties Import Search Path Tab
 description: Application Virtualization Properties Import Search Path Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 7f94d472-1d0a-49d8-b307-330936071e13
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-properties-interface-tab.md b/mdop/appv-v4/application-virtualization-properties-interface-tab.md
index e7bd619e81..558c483a39 100644
--- a/mdop/appv-v4/application-virtualization-properties-interface-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-interface-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties Interface Tab
 description: Application Virtualization Properties Interface Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: bb9cb54e-315a-48bf-a396-b33e2cbd030a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-properties-permissions-tab.md b/mdop/appv-v4/application-virtualization-properties-permissions-tab.md
index bedc27d46b..b80b1b8d6a 100644
--- a/mdop/appv-v4/application-virtualization-properties-permissions-tab.md
+++ b/mdop/appv-v4/application-virtualization-properties-permissions-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Properties Permissions Tab
 description: Application Virtualization Properties Permissions Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 5219bc7c-7c7a-4e2f-8fba-7039933d1124
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-reference.md b/mdop/appv-v4/application-virtualization-reference.md
index 37233206f9..974d97b6f6 100644
--- a/mdop/appv-v4/application-virtualization-reference.md
+++ b/mdop/appv-v4/application-virtualization-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Reference
 description: Application Virtualization Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 5f994be7-41fa-416b-8a4c-6ed52fcd9b72
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-report-types.md b/mdop/appv-v4/application-virtualization-report-types.md
index dca30f5bc9..6ea5f2c5b6 100644
--- a/mdop/appv-v4/application-virtualization-report-types.md
+++ b/mdop/appv-v4/application-virtualization-report-types.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Report Types
 description: Application Virtualization Report Types
-author: jamiejdt
+author: dansimp
 ms.assetid: 232ef25e-11a0-49fb-b4b3-54ac83577383
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-command-line.md b/mdop/appv-v4/application-virtualization-sequencer-command-line.md
index f4a10043ff..a8be9c0b31 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-command-line.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Command Line
 description: Application Virtualization Sequencer Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: a6d5ec9f-cc66-4869-9250-5c65d7e1e58e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-console-overview.md b/mdop/appv-v4/application-virtualization-sequencer-console-overview.md
index 3ec1ac30ae..cb4b33d294 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-console-overview.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-console-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Console Overview
 description: Application Virtualization Sequencer Console Overview
-author: jamiejdt
+author: dansimp
 ms.assetid: 681bb40d-2937-4645-82aa-4a44775232d8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md
index 9186e17f03..22cdebc6e0 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Hardware and Software Requirements
 description: Application Virtualization Sequencer Hardware and Software Requirements
-author: jamiejdt
+author: dansimp
 ms.assetid: c88a1b5b-23e1-4460-afa9-a5f37e32eb05
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ This topic describes the minimum recommended hardware and software requirements
 **Important**  
 You must run the App-V sequencer (**SFTSequencer.exe**) using an account that has administrator privileges because of the changes the sequencer makes to the local system. These changes can include writing files to the **C:\\Program Files** directory, making registry changes, starting and stopping services, updating security descriptors for files, and changing permissions.
 
- 
+ 
 
 Before you install the Sequencer and after you sequence each application, you must restore a clean operating system image to the sequencing computer. You can use one of the following methods to restore the computer running the Sequencer:
 
@@ -44,7 +47,7 @@ The requirements are listed first for Microsoft Application Virtualization (App-
     **Note**  
     Sequencing requires heavy disk usage. A fast disk speed can decrease the sequencing time.
 
-     
+     
 
 ### Software Requirements for App-V 4.6 SP2
 
@@ -93,12 +96,12 @@ The following list outlines the supported operating systems for running the App-
 
 
 
- 
+ 
 
 **Note**  
 The Application Virtualization (App-V) 4.6 SP2 Sequencer supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 You should configure computers running the Sequencer with the same applications that are installed on targeted computers.
 
@@ -143,14 +146,14 @@ The following list outlines the supported operating systems for running the Sequ
 
 
 
- 
+ 
 
 ¹Supported for App-V 4.5 with SP1 or SP2, and App-V 4.6 only
 
 **Note**  
 The Application Virtualization (App-V) 4.6 Sequencer supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 You should configure computers running the Sequencer with the same applications that are installed on targeted computers.
 
@@ -199,12 +202,12 @@ You should configure computers running the Sequencer with the same applications
 
 
 
- 
+ 
 
 **Note**  
 Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 ### Software Requirements for Remote Desktop Services for Versions that Precede App-V 4.6 SP2
 
@@ -251,12 +254,12 @@ Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports
 
 
 
- 
+ 
 
 **Note**  
 Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 ## Related topics
 
@@ -269,9 +272,9 @@ Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports
 
 [How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-sequencer-online-help.md b/mdop/appv-v4/application-virtualization-sequencer-online-help.md
index d8ffc5e9ee..ca78682274 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-online-help.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-online-help.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Online Help
 description: Application Virtualization Sequencer Online Help
-author: jamiejdt
+author: dansimp
 ms.assetid: 0ddeae59-314f-4c61-b85f-6b137b959fa6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md
index 99d3714dcf..99a1ab2bb0 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Options Dialog Box
 description: Application Virtualization Sequencer Options Dialog Box
-author: jamiejdt
+author: dansimp
 ms.assetid: f71eda8d-8270-439f-a093-867b3a43ebff
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-overview.md b/mdop/appv-v4/application-virtualization-sequencer-overview.md
index 3638b814cd..3c9e44e3ab 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-overview.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Overview
 description: Application Virtualization Sequencer Overview
-author: jamiejdt
+author: dansimp
 ms.assetid: e6422a28-633e-4dff-8abb-7cf6a5468112
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-reference.md b/mdop/appv-v4/application-virtualization-sequencer-reference.md
index 676361d795..e68f8bfb5c 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-reference.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Reference
 description: Application Virtualization Sequencer Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: a2aef256-98c0-4f81-83a2-af4b64208088
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md b/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md
index 97ec81c142..75d1b5f1a4 100644
--- a/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md
+++ b/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer Technical Reference
 description: Application Virtualization Sequencer Technical Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 4aa515ce-64f0-4998-8100-f87dc77aed70
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencer.md b/mdop/appv-v4/application-virtualization-sequencer.md
index 199f81a525..7ba4e42e1c 100644
--- a/mdop/appv-v4/application-virtualization-sequencer.md
+++ b/mdop/appv-v4/application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencer
 description: Application Virtualization Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: f078f3c9-7b5c-4ff1-b319-4c076b88bc39
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md
index c2e4650873..19fe7b1ff4 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard-Add Application Dialog Box
 description: Application Virtualization Sequencing Wizard-Add Application Dialog Box
-author: jamiejdt
+author: dansimp
 ms.assetid: 247eac0e-830d-4d72-be48-af7d1525eefd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md
index 3c4db7eb87..6b96b69061 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box
 description: Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box
-author: jamiejdt
+author: dansimp
 ms.assetid: f7656053-3d92-448e-8759-b6b09cef6025
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md
index bbbc0fae3b..a987309e5f 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Add Files to Virtual File System Page
 description: Application Virtualization Sequencing Wizard Add Files to Virtual File System Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 6b01333b-08bd-4b96-a123-a07a7aafddd1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md
index 04ff4ed10c..bea986ef57 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Advanced Options Page
 description: Application Virtualization Sequencing Wizard Advanced Options Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 2c4c5d95-d55e-463d-a851-8486f6a724f2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -38,16 +41,15 @@ Use the **Advanced Options** page of the Application Virtualization (App-V) Sequ
 
        • 64 KB
          • 
 
        
 
        
-Note  
-
        When you select a block size, consider the size of the SFT file and your network bandwidth. A file with a smaller block size takes longer to stream over the network but is less bandwidth-intensive. Files with larger block sizes might stream faster, but they use more network bandwidth. Through experimentation, you can discover the optimum block size for streaming applications on your network.
        
+Note
        When you select a block size, consider the size of the SFT file and your network bandwidth. A file with a smaller block size takes longer to stream over the network but is less bandwidth-intensive. Files with larger block sizes might stream faster, but they use more network bandwidth. Through experimentation, you can discover the optimum block size for streaming applications on your network.
        
 
        
 
        
- 
+
 
        
 
 
 
        Enable Microsoft Update During Monitoring
        
-
        Enables installation of Microsoft Updates during the Sequencing Wizard's monitoring phase.
        
+
        Enables installation of Microsoft Updates during the Sequencing Wizard's monitoring phase.
        
 
 
 
        Rebase DLLs
        
@@ -55,11 +57,11 @@ Use the **Advanced Options** page of the Application Virtualization (App-V) Sequ
 
 
 
        Back
        
-
        Accesses the Sequencing Wizard's previous page.
        
+
        Accesses the Sequencing Wizard's previous page.
        
 
 
 
        Next
        
-
        Accesses the Sequencing Wizard's next page.
        
+
        Accesses the Sequencing Wizard's next page.
        
 
 
 
        Cancel
        
@@ -68,7 +70,7 @@ Use the **Advanced Options** page of the Application Virtualization (App-V) Sequ
 
 
 
- 
+
 
 \[Template Token Value\]
 
@@ -109,7 +111,7 @@ Use the **Advanced Options** page of the App-V Sequencing Wizard to specify adva
 
 
 
- 
+
 
 \[Template Token Value\]
 
@@ -118,9 +120,9 @@ Use the **Advanced Options** page of the App-V Sequencing Wizard to specify adva
 
 [Sequencing Wizard](sequencing-wizard.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md
index 83d0a4906f..fde9035b02 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Configure Application Page
 description: Application Virtualization Sequencing Wizard Configure Application Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 2927debd-de4b-41d2-9e1c-e8927231f4cc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md
index 2033a87c77..fbbb325980 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Launch Applications Page
 description: Application Virtualization Sequencing Wizard Launch Applications Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 69b1d6e1-00ff-49e3-a245-a4aca225d681
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md
index 296ae7e55d..cab2f6fa85 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Monitor Installation Page
 description: Application Virtualization Sequencing Wizard Monitor Installation Page
-author: jamiejdt
+author: dansimp
 ms.assetid: b54b8145-a57e-4d0d-b776-b5319aadb78e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,31 +35,29 @@ Use the **Monitor Installation** page of the Application Virtualization Sequenci
 
        Begin Monitoring
        
 
        Starts the monitoring of the sequencing process.
        
 
        
-Note  
-
        The Sequencer will minimize so that you can run your application's installer, except on Vista.
        
+Note
        The Sequencer will minimize so that you can run your application's installer, except on Vista.
        
 
        
 
        
- 
+
 
        
 
 
 
        Stop Monitoring
        
 
        Stops the monitoring of the sequencing process.
        
 
        
-Note  
-
        The Stop Monitoring button is displayed only after the monitoring process starts.
        
+Note
        The Stop Monitoring button is displayed only after the monitoring process starts.
        
 
        
 
        
- 
+
 
        
 
 
 
        Back
        
-
        Accesses the Sequencing Wizard's previous page.
        
+
        Accesses the Sequencing Wizard's previous page.
        
 
 
 
        Next
        
-
        Accesses the Sequencing Wizard's next page.
        
+
        Accesses the Sequencing Wizard's next page.
        
 
 
 
        Cancel
        
@@ -65,7 +66,7 @@ Use the **Monitor Installation** page of the Application Virtualization Sequenci
 
 
 
- 
+
 
 \[Template Token Value\]
 
@@ -106,7 +107,7 @@ Use the **Monitor Installation** page of the App-V sequencing wizard to monitor
 
 
 
- 
+
 
 \[Template Token Value\]
 
@@ -115,9 +116,9 @@ Use the **Monitor Installation** page of the App-V sequencing wizard to monitor
 
 [Sequencing Wizard](sequencing-wizard.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md
index 38156fac6d..3cefd2e341 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Package Information Page
 description: Application Virtualization Sequencing Wizard Package Information Page
-author: jamiejdt
+author: dansimp
 ms.assetid: e52efd08-1b05-4bd6-a6e7-5f6bdbde7df7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md
index e0af4c968c..e27772099e 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard Sequence Package Page
 description: Application Virtualization Sequencing Wizard Sequence Package Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 4c603d6a-9139-4867-a085-c6d6b517917e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md
index 723b880775..ac297b38e4 100644
--- a/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md
+++ b/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box
 description: Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box
-author: jamiejdt
+author: dansimp
 ms.assetid: d79d7085-228e-4be2-abe6-2760b9b983d5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md b/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md
index cf10b2b73e..fd47fcd34c 100644
--- a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md
+++ b/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Server-Based Scenario Overview
 description: Application Virtualization Server-Based Scenario Overview
-author: jamiejdt
+author: dansimp
 ms.assetid: 2d91392b-5085-4a5d-94f2-15eed1ed2928
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -52,7 +55,7 @@ For load from file package delivery, the server delivers the entire virtualized
 **Note**  
 For each delivery method, the initial virtual application delivery process and the virtual application update process are the same; the updated virtual application package replaces the original application package.
 
- 
+ 
 
 The following table compares the advantages and disadvantages of each package delivery method.
 
@@ -95,7 +98,7 @@ The following table compares the advantages and disadvantages of each package de
 
 
 
- 
+ 
 
 ## Server-Related Protocols and External Components
 
@@ -154,7 +157,7 @@ The following table lists the server types that can be used in an Application Vi
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -165,9 +168,9 @@ The following table lists the server types that can be used in an Application Vi
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-server-based-scenario.md b/mdop/appv-v4/application-virtualization-server-based-scenario.md
index 34638870e9..e572a24620 100644
--- a/mdop/appv-v4/application-virtualization-server-based-scenario.md
+++ b/mdop/appv-v4/application-virtualization-server-based-scenario.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Server-Based Scenario
 description: Application Virtualization Server-Based Scenario
-author: jamiejdt
+author: dansimp
 ms.assetid: 10ed0b18-087d-470f-951b-5083f4cb076f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-server-management-console-reference.md b/mdop/appv-v4/application-virtualization-server-management-console-reference.md
index 43aaba4de2..24e202d492 100644
--- a/mdop/appv-v4/application-virtualization-server-management-console-reference.md
+++ b/mdop/appv-v4/application-virtualization-server-management-console-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Server Management Console Reference
 description: Application Virtualization Server Management Console Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 7c9890f4-7230-44dd-bbe8-95a4b65dc796
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-server-management-help.md b/mdop/appv-v4/application-virtualization-server-management-help.md
index f58b64b917..eebfea01e7 100644
--- a/mdop/appv-v4/application-virtualization-server-management-help.md
+++ b/mdop/appv-v4/application-virtualization-server-management-help.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Server Management Help
 description: Application Virtualization Server Management Help
-author: jamiejdt
+author: dansimp
 ms.assetid: 4f67265c-58f5-4d77-bfff-95474d8f1bb6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-server.md b/mdop/appv-v4/application-virtualization-server.md
index 1031a2665d..088cca81ff 100644
--- a/mdop/appv-v4/application-virtualization-server.md
+++ b/mdop/appv-v4/application-virtualization-server.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Server
 description: Application Virtualization Server
-author: jamiejdt
+author: dansimp
 ms.assetid: feea99b2-5e3d-42b1-ad41-157429e5fceb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/application-virtualization-system-requirements.md b/mdop/appv-v4/application-virtualization-system-requirements.md
index fcdb31944d..0688d51f04 100644
--- a/mdop/appv-v4/application-virtualization-system-requirements.md
+++ b/mdop/appv-v4/application-virtualization-system-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization System Requirements
 description: Application Virtualization System Requirements
-author: jamiejdt
+author: dansimp
 ms.assetid: a2798dd9-168e-45eb-8103-e12e128fae7c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -86,7 +89,7 @@ The following list includes the minimum recommended hardware and software requir
 
 
 
- 
+ 
 
 ¹Applies to App-V 4.5 SP1 and SP2 only.
 
@@ -160,7 +163,7 @@ The following list includes the minimum recommended hardware and software requir
 
 
 
- 
+ 
 
 ¹Applies to App-V 4.5 SP1 and SP2 only.
 
@@ -240,7 +243,7 @@ The following list includes the minimum recommended hardware and software requir
 
 
 
- 
+ 
 
 ¹Applies to App-V 4.5 SP1 and SP2 only.
 
@@ -324,7 +327,7 @@ The following list includes the minimum recommended hardware and software requir
 
 
 
- 
+ 
 
 ¹Applies to App-V 4.5 SP1 and SP2 only.
 
@@ -335,7 +338,7 @@ The following list includes the minimum recommended hardware and software requir
     **Important**  
     The minimum requirement is .NET Framework 2.0 SP2 if you must install App-V hotfix KB980850 or subsequent App-V hotfixes on the computer that is running the App-V Management Console.
 
-     
+     
 
 ## Related topics
 
@@ -350,9 +353,9 @@ The following list includes the minimum recommended hardware and software requir
 
 [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md b/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md
index c470338eac..0e6f43502d 100644
--- a/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md
+++ b/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md
@@ -1,8 +1,11 @@
 ---
 title: Application Virtualization Technical Publications
 description: Application Virtualization Technical Publications
-author: jamiejdt
+author: dansimp
 ms.assetid: 86606647-3b9b-4459-9638-64626051ac94
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-licenses-node.md b/mdop/appv-v4/applications-licenses-node.md
index ea2fbc6412..e41472ad97 100644
--- a/mdop/appv-v4/applications-licenses-node.md
+++ b/mdop/appv-v4/applications-licenses-node.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Licenses Node
 description: Applications Licenses Node
-author: jamiejdt
+author: dansimp
 ms.assetid: 2b8752ff-aa56-483e-b844-966941af2d94
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ The **Applications Licenses** node is one level below the Application Virtualiza
 **Note**  
 You can combine concurrent and named licenses for the same application.
 
- 
+ 
 
 Right-click the **Applications Licenses** node to display a pop-up menu that contains the following elements.
 
@@ -113,9 +116,9 @@ Displays the help system for the Application Virtualization Server Management Co
 
 [Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/applications-licenses-results-pane-columns.md b/mdop/appv-v4/applications-licenses-results-pane-columns.md
index 7d162df66c..db5a7c01f6 100644
--- a/mdop/appv-v4/applications-licenses-results-pane-columns.md
+++ b/mdop/appv-v4/applications-licenses-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Licenses Results Pane Columns
 description: Applications Licenses Results Pane Columns
-author: jamiejdt
+author: dansimp
 ms.assetid: bd56b36a-655e-4fc4-9f83-d2ed68882402
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-licenses-results-pane.md b/mdop/appv-v4/applications-licenses-results-pane.md
index eb0f4c8053..8ef30047ea 100644
--- a/mdop/appv-v4/applications-licenses-results-pane.md
+++ b/mdop/appv-v4/applications-licenses-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Licenses Results Pane
 description: Applications Licenses Results Pane
-author: jamiejdt
+author: dansimp
 ms.assetid: 8b519715-b2fe-451e-ad9b-e9b73f454961
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-node-in-server-management-console.md b/mdop/appv-v4/applications-node-in-server-management-console.md
index 9f484ffa6a..69d90c8bdb 100644
--- a/mdop/appv-v4/applications-node-in-server-management-console.md
+++ b/mdop/appv-v4/applications-node-in-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Node in Server Management Console
 description: Applications Node in Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 27edbd83-0fc2-4a40-9834-d5db5be06681
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-node.md b/mdop/appv-v4/applications-node.md
index e81599900a..872ead9d24 100644
--- a/mdop/appv-v4/applications-node.md
+++ b/mdop/appv-v4/applications-node.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Node
 description: Applications Node
-author: jamiejdt
+author: dansimp
 ms.assetid: ded79569-8a3f-47ab-b135-0836bbb039f3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md b/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md
index 67ec28d6db..f39b06792c 100644
--- a/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md
+++ b/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Results Pane Columns in Server Management Console
 description: Applications Results Pane Columns in Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 8757e3bc-450b-4550-81d2-624906523147
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-results-pane-columns.md b/mdop/appv-v4/applications-results-pane-columns.md
index 4c669aaded..763e99c393 100644
--- a/mdop/appv-v4/applications-results-pane-columns.md
+++ b/mdop/appv-v4/applications-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Results Pane Columns
 description: Applications Results Pane Columns
-author: jamiejdt
+author: dansimp
 ms.assetid: abae5ce2-40df-4f47-8062-f5eb6295c88c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The **Results** pane of the **Applications** node in the Application Virtualizat
 **Note**  
 You can add or remove columns by right-clicking in the **Results** pane, selecting **View**, and then selecting **Add/Remove Columns**.
 
- 
+ 
 
 The list can be sorted by any column. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text, dates and times are considered to come before any other text.
 
@@ -124,9 +127,9 @@ The application version.
 
 [Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/applications-results-pane-in-server-management-console.md b/mdop/appv-v4/applications-results-pane-in-server-management-console.md
index 65aaf16f6d..5bf7b2615d 100644
--- a/mdop/appv-v4/applications-results-pane-in-server-management-console.md
+++ b/mdop/appv-v4/applications-results-pane-in-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Results Pane in Server Management Console
 description: Applications Results Pane in Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 686218bc-6156-40e2-92aa-90981c3d112a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/applications-results-pane.md b/mdop/appv-v4/applications-results-pane.md
index 3715f0ac45..22f28cbc17 100644
--- a/mdop/appv-v4/applications-results-pane.md
+++ b/mdop/appv-v4/applications-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Applications Results Pane
 description: Applications Results Pane
-author: jamiejdt
+author: dansimp
 ms.assetid: 977a4d35-5344-41fa-af66-14957b38ed47
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md b/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
index f36bf3a87b..98700d6626 100644
--- a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
+++ b/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Best Practices for the Application Virtualization Sequencer
 description: Best Practices for the Application Virtualization Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 95e5e216-864f-41a1-90d4-b8d7e1eb42a0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -65,7 +68,7 @@ The following best practices should be considered when sequencing a new applicat
     **Note**  
     If you are running App-V 4.6 SP1 you do not need to sequence to a directory that follows the 8.3 naming convention.
 
-     
+     
 
 -   **Sequence to a unique directory that follows the 8.3 naming convention.**
 
@@ -92,9 +95,9 @@ The following best practices should be considered when sequencing a new applicat
 
 [Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/change-history-tab-keep.md b/mdop/appv-v4/change-history-tab-keep.md
index 561d662ddf..4347604ec5 100644
--- a/mdop/appv-v4/change-history-tab-keep.md
+++ b/mdop/appv-v4/change-history-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Change History Tab
 description: Change History Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 652ef2f0-3a3e-4844-a472-9fa99ec5ee32
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/clear-app.md b/mdop/appv-v4/clear-app.md
index f0894b3362..c2d2aabe62 100644
--- a/mdop/appv-v4/clear-app.md
+++ b/mdop/appv-v4/clear-app.md
@@ -1,8 +1,11 @@
 ---
 title: CLEAR APP
 description: CLEAR APP
-author: jamiejdt
+author: dansimp
 ms.assetid: c2e63031-5941-45e4-9863-127231cfa25b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/clear-obj.md b/mdop/appv-v4/clear-obj.md
index ce49ae7dae..d3ca15bcc0 100644
--- a/mdop/appv-v4/clear-obj.md
+++ b/mdop/appv-v4/clear-obj.md
@@ -1,8 +1,11 @@
 ---
 title: CLEAR OBJ
 description: CLEAR OBJ
-author: jamiejdt
+author: dansimp
 ms.assetid: 1e50b33f-6324-4eae-8573-75c153f786cd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-about-dialog-boxes.md b/mdop/appv-v4/client-management-console-about-dialog-boxes.md
index 0e20237b0c..97a9f99b1d 100644
--- a/mdop/appv-v4/client-management-console-about-dialog-boxes.md
+++ b/mdop/appv-v4/client-management-console-about-dialog-boxes.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console About Dialog Boxes
 description: Client Management Console About Dialog Boxes
-author: jamiejdt
+author: dansimp
 ms.assetid: eaf4a05e-513d-4eac-a549-76e63a70893d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-application-virtualization-node.md b/mdop/appv-v4/client-management-console-application-virtualization-node.md
index 81a48908f9..5f7297aa42 100644
--- a/mdop/appv-v4/client-management-console-application-virtualization-node.md
+++ b/mdop/appv-v4/client-management-console-application-virtualization-node.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console Application Virtualization Node
 description: Client Management Console Application Virtualization Node
-author: jamiejdt
+author: dansimp
 ms.assetid: cf74e112-ddff-4e30-a3cc-7f4c643366c6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-application-virtualization-properties.md b/mdop/appv-v4/client-management-console-application-virtualization-properties.md
index a3fac23fda..5da7bbfacd 100644
--- a/mdop/appv-v4/client-management-console-application-virtualization-properties.md
+++ b/mdop/appv-v4/client-management-console-application-virtualization-properties.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console Application Virtualization Properties
 description: Client Management Console Application Virtualization Properties
-author: jamiejdt
+author: dansimp
 ms.assetid: 70319e4c-5032-4cb3-bbb8-4292809dcea2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-applications-node.md b/mdop/appv-v4/client-management-console-applications-node.md
index 6f2b30981a..586ba675da 100644
--- a/mdop/appv-v4/client-management-console-applications-node.md
+++ b/mdop/appv-v4/client-management-console-applications-node.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console Applications Node
 description: Client Management Console Applications Node
-author: jamiejdt
+author: dansimp
 ms.assetid: 20cf533c-e0b0-4b81-af4b-b5b519594d1e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-file-type-associations-node.md b/mdop/appv-v4/client-management-console-file-type-associations-node.md
index c16d7674a9..f30e504b85 100644
--- a/mdop/appv-v4/client-management-console-file-type-associations-node.md
+++ b/mdop/appv-v4/client-management-console-file-type-associations-node.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console File Type Associations Node
 description: Client Management Console File Type Associations Node
-author: jamiejdt
+author: dansimp
 ms.assetid: f0bc05ce-2cb2-4b06-961b-6c42d0274d28
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/client-management-console-publishing-servers-node.md b/mdop/appv-v4/client-management-console-publishing-servers-node.md
index 2c5491a980..304a71be0d 100644
--- a/mdop/appv-v4/client-management-console-publishing-servers-node.md
+++ b/mdop/appv-v4/client-management-console-publishing-servers-node.md
@@ -1,8 +1,11 @@
 ---
 title: Client Management Console Publishing Servers Node
 description: Client Management Console Publishing Servers Node
-author: jamiejdt
+author: dansimp
 ms.assetid: 03f2038f-b5f7-4e5b-a8f0-98f5e9d5f644
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/command-line-errors.md b/mdop/appv-v4/command-line-errors.md
index 3abc4aaaca..4acd9ab657 100644
--- a/mdop/appv-v4/command-line-errors.md
+++ b/mdop/appv-v4/command-line-errors.md
@@ -1,8 +1,11 @@
 ---
 title: Command-Line Errors
 description: Command-Line Errors
-author: jamiejdt
+author: dansimp
 ms.assetid: eea62568-4e90-4877-9cc7-e27ef5c05068
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following list of errors to identify the reasons why command-line sequen
 **Note**  
 More than one error might be displayed when sequencing. Furthermore, the error code displayed might be the sum of two error codes. For example, if the */InstallPath* and */OutputFile* parameters are missing, the Microsoft System Center Application Virtualization Sequencer will return 96—the sum of the two error codes.
 
- 
+ 
 
 01  
 There is an unspecified error.
@@ -61,7 +64,7 @@ The sequenced application package cannot be saved.
 The specified package name (/PACKAGENAME) is not valid.
 
 8192  
-The specified block size (/BLOCKSIZE*)* is not valid.
+The specified block size (/BLOCKSIZE) is not valid.
 
 16384  
 The specified compression type (/COMPRESSION) is not valid.
@@ -88,9 +91,9 @@ The package name was not specified.
 
 [Command-Line Parameters](command-line-parameters.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/command-line-parameters.md b/mdop/appv-v4/command-line-parameters.md
index 80aa27962c..b404816379 100644
--- a/mdop/appv-v4/command-line-parameters.md
+++ b/mdop/appv-v4/command-line-parameters.md
@@ -1,8 +1,11 @@
 ---
 title: Command-Line Parameters
 description: Command-Line Parameters
-author: jamiejdt
+author: dansimp
 ms.assetid: d90a0591-f1ce-4cb8-b244-85cc70461922
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ Use to specify the path and file name of the SPRJ file that will be generated.
 **Important**  
 The */OUTPUTFILE* parameter is not available when opening a package that you do not intend to upgrade.
 
- 
+ 
 
 */FULLLOAD* or */F*  
 Use to specify whether to put everything in the primary feature block.
@@ -84,9 +87,9 @@ Specifies the directory on the sequencing computer where the files associated wi
 
 [How to Upgrade a Package Using the Open Package Command](how-to-upgrade-a-package-using-the-open-package-command.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/completion-page-package-accelerator.md b/mdop/appv-v4/completion-page-package-accelerator.md
index 49e876d8ea..27a3c7d86a 100644
--- a/mdop/appv-v4/completion-page-package-accelerator.md
+++ b/mdop/appv-v4/completion-page-package-accelerator.md
@@ -1,8 +1,11 @@
 ---
 title: Completion Page
 description: Completion Page
-author: jamiejdt
+author: dansimp
 ms.assetid: b2c7776c-2c35-4d25-92b4-6cd8c2bdff42
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/completion-page.md b/mdop/appv-v4/completion-page.md
index 4cf1c0254a..185a46fbcb 100644
--- a/mdop/appv-v4/completion-page.md
+++ b/mdop/appv-v4/completion-page.md
@@ -1,8 +1,11 @@
 ---
 title: Completion Page
 description: Completion Page
-author: jamiejdt
+author: dansimp
 ms.assetid: b284d362-b9e1-4d04-88cd-fe9980652188
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-app.md b/mdop/appv-v4/configure-app.md
index f0981bf413..b79e177839 100644
--- a/mdop/appv-v4/configure-app.md
+++ b/mdop/appv-v4/configure-app.md
@@ -1,8 +1,11 @@
 ---
 title: CONFIGURE APP
 description: CONFIGURE APP
-author: jamiejdt
+author: dansimp
 ms.assetid: fcfb4f86-8b7c-4208-bca3-955fd067079f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-package.md b/mdop/appv-v4/configure-package.md
index f98fd0b57b..140a076da1 100644
--- a/mdop/appv-v4/configure-package.md
+++ b/mdop/appv-v4/configure-package.md
@@ -1,8 +1,11 @@
 ---
 title: CONFIGURE PACKAGE
 description: CONFIGURE PACKAGE
-author: jamiejdt
+author: dansimp
 ms.assetid: acc7eaa8-6ada-47b9-a655-2ca2537605b9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-server.md b/mdop/appv-v4/configure-server.md
index 9e7cc0d818..80234b1cb8 100644
--- a/mdop/appv-v4/configure-server.md
+++ b/mdop/appv-v4/configure-server.md
@@ -1,8 +1,11 @@
 ---
 title: CONFIGURE SERVER
 description: CONFIGURE SERVER
-author: jamiejdt
+author: dansimp
 ms.assetid: c916eddd-74f2-46e4-953d-120b23284e37
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-software-page--learn-more-.md b/mdop/appv-v4/configure-software-page--learn-more-.md
index 7b3f1d7e83..af0b0a1d3a 100644
--- a/mdop/appv-v4/configure-software-page--learn-more-.md
+++ b/mdop/appv-v4/configure-software-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Software Page (Learn More)
 description: Configure Software Page (Learn More)
-author: jamiejdt
+author: dansimp
 ms.assetid: 9a0cd4a5-88da-4897-a13a-5d21fc04afda
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-software-page-app-v-46-sp1.md b/mdop/appv-v4/configure-software-page-app-v-46-sp1.md
index ee0ecb558e..a34c98a052 100644
--- a/mdop/appv-v4/configure-software-page-app-v-46-sp1.md
+++ b/mdop/appv-v4/configure-software-page-app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Software Page
 description: Configure Software Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 50596eba-ce20-4d36-8e57-bd4b6c6cf92e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configure-type.md b/mdop/appv-v4/configure-type.md
index e34180c292..e835038f35 100644
--- a/mdop/appv-v4/configure-type.md
+++ b/mdop/appv-v4/configure-type.md
@@ -1,8 +1,11 @@
 ---
 title: CONFIGURE TYPE
 description: CONFIGURE TYPE
-author: jamiejdt
+author: dansimp
 ms.assetid: 2caf9433-5449-486f-ab94-83ee8e44d7f1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
index 14c0fbbbb5..13366bf24f 100644
--- a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
+++ b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring App-V Administration for a Distributed Environment
 description: Configuring App-V Administration for a Distributed Environment
-author: jamiejdt
+author: dansimp
 ms.assetid: 53971fa9-8319-435c-be74-c37feb9af1da
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-app-v-for-secure-administration.md b/mdop/appv-v4/configuring-app-v-for-secure-administration.md
index 5ad39eb778..c7cba41d0a 100644
--- a/mdop/appv-v4/configuring-app-v-for-secure-administration.md
+++ b/mdop/appv-v4/configuring-app-v-for-secure-administration.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring App-V for Secure Administration
 description: Configuring App-V for Secure Administration
-author: jamiejdt
+author: dansimp
 ms.assetid: 4543fa81-c8cc-4b10-83b7-060778eb1349
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
index 2c84bfdbb1..5c2c349db4 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Certificates to Support App-V Management Server or Streaming Server
 description: Configuring Certificates to Support App-V Management Server or Streaming Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 2f24e550-585e-4b7e-b486-22a3f181f543
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,12 +22,12 @@ After you complete the certificate provisioning process and change the private k
 **Note**  
 Select the certificate that was configured for App-V if there is more than one certificate provisioned for this server.
 
- 
+ 
 
 **Important**  
 When upgrading from version  4.2 to version  4.5, the setup has an option for **Use enhanced security**; however, selecting this option will not disable streaming over RTSP. You must use the Management Console to disable RTSP after installation.
 
- 
+ 
 
 Select the TCP port that the service will use for client communications. The default port is TCP 322; however, you can change the port to a custom port for your environment.
 
@@ -48,9 +51,9 @@ For more detailed information about configuring certificates with the SAN attrib
 
 [How to Modify Private Key Permissions to Support Management Server or Streaming Server](how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
index 23bd3bfc8a..2a4167506b 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Certificates to Support Secure Streaming
 description: Configuring Certificates to Support Secure Streaming
-author: jamiejdt
+author: dansimp
 ms.assetid: 88dc76d8-7745-4729-92a1-af089c921244
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +35,7 @@ The scenarios for obtaining and installing a certificate for App-V are as follow
     **Note**  
     If you need to obtain a certificate from a third-party CA, follow the documentation available on that CA’s Web site.
 
-     
+     
 
 If a PKI infrastructure has been deployed, consult with the PKI administrators to acquire a certificate that complies with the requirements described in this topic. If a PKI infrastructure is not available, use a third-party CA to obtain a valid certificate.
 
@@ -44,9 +47,9 @@ For step-by-step guidance for obtaining and installing a certificate, see .
 
@@ -38,9 +41,9 @@ App-V can use IIS servers to support different infrastructure configurations. Fo
 
 [How to Install and Configure the App-V Management Console for a More Secure Environment](how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/configuring-iis-for-secure-streaming.md b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
index 66d9ad8a10..7257a99ab0 100644
--- a/mdop/appv-v4/configuring-iis-for-secure-streaming.md
+++ b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring IIS for Secure Streaming
 description: Configuring IIS for Secure Streaming
-author: jamiejdt
+author: dansimp
 ms.assetid: 9a80a703-4642-4bec-b7af-dc7cb6b76925
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ If you want to stream applications from a file server, you should enhance the se
 
 -   For Windows Server 2008, 
 
- 
+ 
 
 ## MIME Types
 
@@ -52,9 +55,9 @@ To create an SPN, run `setspn.exe` from a command prompt while logged in as a me
 
 [Configuring Management or Streaming Server for Secure Communications Post-Installation](configuring-management-or-streaming-server-for-secure-communications-post-installation.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md b/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md
index 8f240e413a..96a4b5539a 100644
--- a/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md
+++ b/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Management or Streaming Server for Secure Communications Post-Installation
 description: Configuring Management or Streaming Server for Secure Communications Post-Installation
-author: jamiejdt
+author: dansimp
 ms.assetid: 1062a213-470b-4ae2-b12f-b3e28a6ab745
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md b/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md
index f4062089e9..1bd95ead94 100644
--- a/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md
+++ b/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Prerequisite Groups in Active Directory for App-V
 description: Configuring Prerequisite Groups in Active Directory for App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 0010d534-46c0-44a3-b5c1-621b4d5e2c31
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md b/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md
index 6be2a4fd15..edc3ef0f37 100644
--- a/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md
+++ b/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)
 description: Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: af775165-5b99-4c74-807f-f504377c7be4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md b/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md
index 46e15e58c0..d464360774 100644
--- a/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring the Application Virtualization Sequencer
 description: Configuring the Application Virtualization Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: cae1c368-9fcd-454e-8fc9-0893345d55bf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md b/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md
index cf6febb6b0..e30320dafe 100644
--- a/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md
+++ b/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring the Firewall for the App-V Servers
 description: Configuring the Firewall for the App-V Servers
-author: jamiejdt
+author: dansimp
 ms.assetid: f779c450-6c6f-46a8-ac66-5e82e0689d55
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/configuring-windows-firewall-for-app-v.md b/mdop/appv-v4/configuring-windows-firewall-for-app-v.md
index c924bf037c..73934119ca 100644
--- a/mdop/appv-v4/configuring-windows-firewall-for-app-v.md
+++ b/mdop/appv-v4/configuring-windows-firewall-for-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Windows Firewall for App-V
 description: Configuring Windows Firewall for App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 6b5e253c-473f-4afc-a48b-631eda11d9ca
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md b/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md
index 8269ad2d41..fc96660a9f 100644
--- a/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md
+++ b/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Create New Package Wizard (AppV 4.6 SP1)
 description: Create New Package Wizard (AppV 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 1f73d044-b364-4c95-8ae1-daedd316d87e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/create-package-accelerator--review-errors--page.md b/mdop/appv-v4/create-package-accelerator--review-errors--page.md
index c6b375dd72..8d75ae4c4d 100644
--- a/mdop/appv-v4/create-package-accelerator--review-errors--page.md
+++ b/mdop/appv-v4/create-package-accelerator--review-errors--page.md
@@ -1,8 +1,11 @@
 ---
 title: Create Package Accelerator (Review Errors) Page
 description: Create Package Accelerator (Review Errors) Page
-author: jamiejdt
+author: dansimp
 ms.assetid: ea3f531d-1887-4b42-a30f-b875d0ccb916
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/create-package-accelerator-page.md b/mdop/appv-v4/create-package-accelerator-page.md
index 0c3e1694ed..375a138612 100644
--- a/mdop/appv-v4/create-package-accelerator-page.md
+++ b/mdop/appv-v4/create-package-accelerator-page.md
@@ -1,8 +1,11 @@
 ---
 title: Create Package Accelerator Page
 description: Create Package Accelerator Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 51cdc262-beda-4a4f-bb3e-66458062a7bd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md b/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md
index 801d0695c8..71a197fc05 100644
--- a/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md
+++ b/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Create Package Accelerator Wizard (AppV 4.6 SP1)
 description: Create Package Accelerator Wizard (AppV 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 976d84e1-86d7-4a9b-a747-2b6eef790c1f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/create-package-page--app-v-46-sp1.md b/mdop/appv-v4/create-package-page--app-v-46-sp1.md
index bfedd7a691..11e4b06c98 100644
--- a/mdop/appv-v4/create-package-page--app-v-46-sp1.md
+++ b/mdop/appv-v4/create-package-page--app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Create Package Page
 description: Create Package Page
-author: jamiejdt
+author: dansimp
 ms.assetid: dd7a8709-74cc-459a-88ac-b63d8dcf2ddf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,16 +33,16 @@ Select the **Compress Package** check box to compress the package, which can hel
 **Note**  
 If the original package size is more than 4 GB and compressed, by default, the checkbox is checked and cannot be changed. If the original package is compressed and less than 4 GB, the check box is checked, but can be cleared.
 
- 
+ 
 
 ## Related topics
 
 
 [Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/customize-page--learn-more-.md b/mdop/appv-v4/customize-page--learn-more-.md
index 1508aeed0f..6a0e3c74c1 100644
--- a/mdop/appv-v4/customize-page--learn-more-.md
+++ b/mdop/appv-v4/customize-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Customize Page (Learn More)
 description: Customize Page (Learn More)
-author: jamiejdt
+author: dansimp
 ms.assetid: 893df614-7058-4fcf-ba34-d0f16c856374
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md
index c5fdc8f79d..e4c834e85d 100644
--- a/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Defender Running Dialog Box (App-V 4.6 SP1)
 description: Defender Running Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 716ec7f9-ddad-45dd-a3c7-4a9d81cfcfd0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md
index 0108c3332a..07fbba35bd 100644
--- a/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Defrag Running Dialog Box (App-V 4.6 SP1)
 description: Defrag Running Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 0ceb0897-377e-4754-a7ab-3bc2b5af1452
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/delete-app.md b/mdop/appv-v4/delete-app.md
index d27d4e5405..0e41d65f85 100644
--- a/mdop/appv-v4/delete-app.md
+++ b/mdop/appv-v4/delete-app.md
@@ -1,8 +1,11 @@
 ---
 title: DELETE APP
 description: DELETE APP
-author: jamiejdt
+author: dansimp
 ms.assetid: 2f89c0c0-373b-4389-a26d-67b3f9712957
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/delete-obj.md b/mdop/appv-v4/delete-obj.md
index 5e6f873001..6b5acf34df 100644
--- a/mdop/appv-v4/delete-obj.md
+++ b/mdop/appv-v4/delete-obj.md
@@ -1,8 +1,11 @@
 ---
 title: DELETE OBJ
 description: DELETE OBJ
-author: jamiejdt
+author: dansimp
 ms.assetid: fb17a261-f378-4ce6-a538-ab2f0ada0f2d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/delete-package.md b/mdop/appv-v4/delete-package.md
index 496134edc0..b5f9062d59 100644
--- a/mdop/appv-v4/delete-package.md
+++ b/mdop/appv-v4/delete-package.md
@@ -1,8 +1,11 @@
 ---
 title: DELETE PACKAGE
 description: DELETE PACKAGE
-author: jamiejdt
+author: dansimp
 ms.assetid: 8f7a4598-610d-490e-a224-426acce01a9f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -49,7 +52,7 @@ Removes a package record and the applications associated with it.
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -66,23 +69,23 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Important**  
 The DELETE PACKAGE command always performs a global delete of the package and deletes only global file types and shortcuts.
 
 If the package is global, this command must be run as local Administrator; otherwise, only **DeleteApp** permission is needed.
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/delete-server.md b/mdop/appv-v4/delete-server.md
index 95bc74d1d3..4f021d2a66 100644
--- a/mdop/appv-v4/delete-server.md
+++ b/mdop/appv-v4/delete-server.md
@@ -1,8 +1,11 @@
 ---
 title: DELETE SERVER
 description: DELETE SERVER
-author: jamiejdt
+author: dansimp
 ms.assetid: 4c929639-1c1d-47c3-9225-cc4d7a8736f0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Removes a publishing server.
 **Note**  
 This command does not remove any applications or packages published to the client by the server. For each application, use the SFTMIME **CLEAR APP** command followed by the **DELETE PACKAGE** command to completely remove those applications and packages from the client.
 
- 
+ 
 
 `SFTMIME DELETE SERVER:server-name [/LOG log-pathname | /CONSOLE | /GUI]`
 
@@ -54,7 +57,7 @@ This command does not remove any applications or packages published to the clien
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -71,16 +74,16 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/delete-type.md b/mdop/appv-v4/delete-type.md
index 9860c735c8..d0a905b4ee 100644
--- a/mdop/appv-v4/delete-type.md
+++ b/mdop/appv-v4/delete-type.md
@@ -1,8 +1,11 @@
 ---
 title: DELETE TYPE
 description: DELETE TYPE
-author: jamiejdt
+author: dansimp
 ms.assetid: f2852723-c894-49f3-a3c5-56f9648bb9ca
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/deployment-tab.md b/mdop/appv-v4/deployment-tab.md
index db39ed078a..d6e1eff0b6 100644
--- a/mdop/appv-v4/deployment-tab.md
+++ b/mdop/appv-v4/deployment-tab.md
@@ -1,8 +1,11 @@
 ---
 title: Deployment Tab
 description: Deployment Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 4510188b-eade-445d-a90f-b9127dd479a7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/determine-your-publishing-method.md b/mdop/appv-v4/determine-your-publishing-method.md
index dc50b8dd81..1883661846 100644
--- a/mdop/appv-v4/determine-your-publishing-method.md
+++ b/mdop/appv-v4/determine-your-publishing-method.md
@@ -1,8 +1,11 @@
 ---
 title: Determine Your Publishing Method
 description: Determine Your Publishing Method
-author: jamiejdt
+author: dansimp
 ms.assetid: 1f2d0d39-5d65-457a-b826-4f45b00c8c85
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/determine-your-streaming-method.md b/mdop/appv-v4/determine-your-streaming-method.md
index 63985a43f9..290ebfd16b 100644
--- a/mdop/appv-v4/determine-your-streaming-method.md
+++ b/mdop/appv-v4/determine-your-streaming-method.md
@@ -1,8 +1,11 @@
 ---
 title: Determine Your Streaming Method
 description: Determine Your Streaming Method
-author: jamiejdt
+author: dansimp
 ms.assetid: 50d5e0ec-7f48-4cea-8711-5882bd89153b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,14 +22,14 @@ The first time that a user double-clicks the icon that has been placed on a comp
 **Note**  
 *Streaming* is the term used to describe the process of obtaining content from a sequenced application package, starting with the primary feature block and then obtaining additional blocks as needed.
 
- 
+ 
 
 The streaming source location is usually a server that is accessible by the user’s computer; however, some electronic distribution systems, such as Microsoft System Center Configuration Manager, can distribute the SFT file to the user’s computer and then stream the virtual application package locally from that computer’s cache.
 
 **Note**  
 A streaming source location for virtual packages can be set up on a computer that is not a server. This is especially useful in a small branch office that has no server.
 
- 
+ 
 
 The streaming sources that can be used to store sequenced applications are described in the following table.
 
@@ -57,7 +60,7 @@ The streaming sources that can be used to store sequenced applications are descr
 
          
 
        • No active upgrade
          • 
 
        
-
        [How to Configure the File Server](how-to-configure-the-file-server.md)
        
+
        How to Configure the File Server
        
 
 
 
        IIS server
        
@@ -73,7 +76,7 @@ The streaming sources that can be used to store sequenced applications are descr
 
      • Need to manage IIS
        • 
 
      • No active upgrade
        • 
 
      
-
      [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)
      
+
      How to Configure the Server for IIS
      
 
 
 
      Application Virtualization Streaming Server
      
@@ -87,12 +90,12 @@ The streaming sources that can be used to store sequenced applications are descr
 
    • Dual infrastructure
      • 
 
    • Server administration requirement
      • 
 
    
-
    [How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md)
    
+
    How to Configure the Application Virtualization Management Servers
    
 
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -103,9 +106,9 @@ The streaming sources that can be used to store sequenced applications are descr
 
 [Determine Your Publishing Method](determine-your-publishing-method.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md b/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md
index c50d2a2d12..9ff9753e82 100644
--- a/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md
+++ b/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Dialog Boxes (AppV 4.6 SP1)
 description: Dialog Boxes (AppV 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: f76b95df-cba4-4a69-8cd8-a888edf437be
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/disconnected-operation-mode.md b/mdop/appv-v4/disconnected-operation-mode.md
index 51e1c11782..dd0d4d4240 100644
--- a/mdop/appv-v4/disconnected-operation-mode.md
+++ b/mdop/appv-v4/disconnected-operation-mode.md
@@ -1,8 +1,11 @@
 ---
 title: Disconnected Operation Mode
 description: Disconnected Operation Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: 3f9849ea-ba53-4c68-85d3-87a4218f59c6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md b/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md
index 79f7b7f8e8..d0ea1928a7 100644
--- a/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md
+++ b/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md
@@ -1,8 +1,11 @@
 ---
 title: Domain-Joined and Non-Domain-Joined Clients
 description: Domain-Joined and Non-Domain-Joined Clients
-author: jamiejdt
+author: dansimp
 ms.assetid: a935dc98-de60-45f3-ab74-2444ce082e88
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/edit-shortcuts-learn-more.md b/mdop/appv-v4/edit-shortcuts-learn-more.md
index 382b004494..ace37c7243 100644
--- a/mdop/appv-v4/edit-shortcuts-learn-more.md
+++ b/mdop/appv-v4/edit-shortcuts-learn-more.md
@@ -1,8 +1,11 @@
 ---
 title: Edit Shortcuts
 description: Edit Shortcuts
-author: jamiejdt
+author: dansimp
 ms.assetid: a0ca75aa-1059-4d0c-894c-2e3474e9f519
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
index 4108d81f97..51c635b149 100644
--- a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
+++ b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Electronic Software Distribution-Based Scenario Overview
 description: Electronic Software Distribution-Based Scenario Overview
-author: jamiejdt
+author: dansimp
 ms.assetid: e9e94b8a-6cba-4de8-9b57-73897796b6a0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ If you plan to use an electronic software distribution (ESD) solution to deploy
 **Important**  
 Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at .
 
- 
+ 
 
 Using an existing ESD system provides you with the following benefits:
 
@@ -72,9 +75,9 @@ For more detailed information about the preceding streaming methods, see [Determ
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario.md b/mdop/appv-v4/electronic-software-distribution-based-scenario.md
index 2c0d7af12a..2c8df5d6cd 100644
--- a/mdop/appv-v4/electronic-software-distribution-based-scenario.md
+++ b/mdop/appv-v4/electronic-software-distribution-based-scenario.md
@@ -1,8 +1,11 @@
 ---
 title: Electronic Software Distribution-Based Scenario
 description: Electronic Software Distribution-Based Scenario
-author: jamiejdt
+author: dansimp
 ms.assetid: 18be0f8d-60ee-449b-aa83-93c86d1a908e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/exclusion-item-dialog-box.md b/mdop/appv-v4/exclusion-item-dialog-box.md
index fe34166204..3038ca2a54 100644
--- a/mdop/appv-v4/exclusion-item-dialog-box.md
+++ b/mdop/appv-v4/exclusion-item-dialog-box.md
@@ -1,8 +1,11 @@
 ---
 title: Exclusion Item Dialog Box
 description: Exclusion Item Dialog Box
-author: jamiejdt
+author: dansimp
 ms.assetid: 5523c6d4-95f2-47af-8c06-3ab18004a207
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the **Exclusion Item** dialog box to assign or change a mapping rule and to
 **Important**  
 Adding files from an excluded directory to the virtual files system is not supported.
 
- 
+ 
 
 **Exclude Path**  
 Use to specify variable name that the Application Virtualization Sequencer will exclude if encountered while parsing virtual file system items or virtual registry items.
@@ -38,9 +41,9 @@ Use to select the mapping rules the Application Virtualization Sequencer will ap
 
 [Sequencer Dialog Boxes](sequencer-dialog-boxes.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/exclusion-items-tab-keep.md b/mdop/appv-v4/exclusion-items-tab-keep.md
index 56879bea8e..03cef6b8c2 100644
--- a/mdop/appv-v4/exclusion-items-tab-keep.md
+++ b/mdop/appv-v4/exclusion-items-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Exclusion Items Tab
 description: Exclusion Items Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 864e46dd-3d6e-4a1b-acf4-9dc00548117e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md
index f4742c44c0..5e81d25347 100644
--- a/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Failed Launch Dialog Box (App-V 4.6 SP1)
 description: Failed Launch Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 55669552-51b4-48aa-8bd0-6d78c2c930d9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/file-type-association-results-pane-columns.md b/mdop/appv-v4/file-type-association-results-pane-columns.md
index c4e314081c..553b985e35 100644
--- a/mdop/appv-v4/file-type-association-results-pane-columns.md
+++ b/mdop/appv-v4/file-type-association-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Association Results Pane Columns
 description: File Type Association Results Pane Columns
-author: jamiejdt
+author: dansimp
 ms.assetid: eab48e20-9c92-459d-a06b-8e20202d73f6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ In the Application Virtualization Client Management Console, the **Results** pan
 **Note**  
 You can add or remove a column simply by right-clicking in the **Results** pane, selecting **View**, then selecting **Add/Remove Columns**.
 
- 
+ 
 
 The list can be sorted by any of the columns. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text, dates and times are considered to come before any other text.
 
@@ -83,9 +86,9 @@ The perceived type or blank.
 
 [File Type Association Results Pane](file-type-association-results-pane.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/file-type-association-results-pane.md b/mdop/appv-v4/file-type-association-results-pane.md
index 2e1db0ce38..c390505e3b 100644
--- a/mdop/appv-v4/file-type-association-results-pane.md
+++ b/mdop/appv-v4/file-type-association-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Association Results Pane
 description: File Type Association Results Pane
-author: jamiejdt
+author: dansimp
 ms.assetid: bc5ceb48-1b9f-45d9-a770-1bac90629c76
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/file-type-associations-node-client.md b/mdop/appv-v4/file-type-associations-node-client.md
index 9a8a1185b9..eb1add60af 100644
--- a/mdop/appv-v4/file-type-associations-node-client.md
+++ b/mdop/appv-v4/file-type-associations-node-client.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Associations Node
 description: File Type Associations Node
-author: jamiejdt
+author: dansimp
 ms.assetid: 48e4d9eb-00bd-4231-a68a-f8597ab683ff
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/file-type-associations-node.md b/mdop/appv-v4/file-type-associations-node.md
index 696509629f..a3c15d61a1 100644
--- a/mdop/appv-v4/file-type-associations-node.md
+++ b/mdop/appv-v4/file-type-associations-node.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Associations Node
 description: File Type Associations Node
-author: jamiejdt
+author: dansimp
 ms.assetid: a3f35562-32d0-4a43-8604-3a54189ade92
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/file-type-associations-results-pane-columns.md b/mdop/appv-v4/file-type-associations-results-pane-columns.md
index 79041c1d6f..328719b89c 100644
--- a/mdop/appv-v4/file-type-associations-results-pane-columns.md
+++ b/mdop/appv-v4/file-type-associations-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Associations Results Pane Columns
 description: File Type Associations Results Pane Columns
-author: jamiejdt
+author: dansimp
 ms.assetid: 8cbb63e4-f93b-4066-ba06-30103e6d0c3e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/file-type-associations-results-pane.md b/mdop/appv-v4/file-type-associations-results-pane.md
index e3a95c450f..b92248b3ce 100644
--- a/mdop/appv-v4/file-type-associations-results-pane.md
+++ b/mdop/appv-v4/file-type-associations-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: File Type Associations Results Pane
 description: File Type Associations Results Pane
-author: jamiejdt
+author: dansimp
 ms.assetid: 881d7fa7-ecde-4a05-b6ee-132fe2c09900
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md
index 8e5d68b4c7..3d67e35b05 100644
--- a/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Files Excluded Page Dialog Box (App-V 4.6 SP1)
 description: Files Excluded Page Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 9718c7bf-7ed2-44d8-bdac-df013cd0d6c6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/files-tab-keep.md b/mdop/appv-v4/files-tab-keep.md
index 030112fc89..3c616264a1 100644
--- a/mdop/appv-v4/files-tab-keep.md
+++ b/mdop/appv-v4/files-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Files Tab
 description: Files Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: 14191e51-11a2-40ab-8855-3408a4bc5a9d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/g b/mdop/appv-v4/g
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/mdop/appv-v4/gathering-information-page--learn-more-.md b/mdop/appv-v4/gathering-information-page--learn-more-.md
index be82b01436..c6c6f38d8a 100644
--- a/mdop/appv-v4/gathering-information-page--learn-more-.md
+++ b/mdop/appv-v4/gathering-information-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Gathering Information Page (Learn More)
 description: Gathering Information Page (Learn More)
-author: jamiejdt
+author: dansimp
 ms.assetid: f8d5ec6b-a3d3-4e80-b1c2-3f8441b04aaa
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/general-tab-keep.md b/mdop/appv-v4/general-tab-keep.md
index cf23253bf5..4df61af9be 100644
--- a/mdop/appv-v4/general-tab-keep.md
+++ b/mdop/appv-v4/general-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: General Tab
 description: General Tab
-author: jamiejdt
+author: dansimp
 ms.assetid: aeefae39-60cd-4ad4-9575-c07d7e2b1e59
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/guidance-page-app-v-46-sp1.md b/mdop/appv-v4/guidance-page-app-v-46-sp1.md
index 831df6d2e5..879ece17d3 100644
--- a/mdop/appv-v4/guidance-page-app-v-46-sp1.md
+++ b/mdop/appv-v4/guidance-page-app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Guidance Page
 description: Guidance Page
-author: jamiejdt
+author: dansimp
 ms.assetid: 2d461f7e-bde0-4f20-bfc1-46d52feb701e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/help.md b/mdop/appv-v4/help.md
index 5f4f495f73..287e3fa741 100644
--- a/mdop/appv-v4/help.md
+++ b/mdop/appv-v4/help.md
@@ -1,8 +1,11 @@
 ---
 title: HELP
 description: HELP
-author: jamiejdt
+author: dansimp
 ms.assetid: 0ddb5f18-0c0a-45ea-b7c7-2d4749e3d35d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-add-a-file-type-association.md b/mdop/appv-v4/how-to-add-a-file-type-association.md
index fbb18b2b33..046d2f8f0d 100644
--- a/mdop/appv-v4/how-to-add-a-file-type-association.md
+++ b/mdop/appv-v4/how-to-add-a-file-type-association.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add a File Type Association
 description: How to Add a File Type Association
-author: jamiejdt
+author: dansimp
 ms.assetid: cccfbd00-51ba-4a60-a598-ee97f5ea1215
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md b/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md
index 7159d7873c..8f7b5ed7f5 100644
--- a/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add a Package by Using the Command Line
 description: How to Add a Package by Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: e75af49e-811a-407a-a7f0-6de8562b9188
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-add-a-package-version.md b/mdop/appv-v4/how-to-add-a-package-version.md
index e9f97dcad2..b2aba5778b 100644
--- a/mdop/appv-v4/how-to-add-a-package-version.md
+++ b/mdop/appv-v4/how-to-add-a-package-version.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add a Package Version
 description: How to Add a Package Version
-author: jamiejdt
+author: dansimp
 ms.assetid: dbb829c1-e5cb-4a2f-bc17-9a9bb50c671c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ In the Application Virtualization Server Management Console, when you resequence
 **Note**  
 When you upgrade a package with a new version, you can leave the existing version in place or delete it and leave only the newest one. You might want to leave the old version in place for compatibility with legacy documents or so that you can test the new version before making it available to all users.
 
- 
+ 
 
 **To add a package version**
 
@@ -44,9 +47,9 @@ When you upgrade a package with a new version, you can leave the existing versio
 
 [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-add-a-package.md b/mdop/appv-v4/how-to-add-a-package.md
index 87aa513ecb..4e55ae9e08 100644
--- a/mdop/appv-v4/how-to-add-a-package.md
+++ b/mdop/appv-v4/how-to-add-a-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add a Package
 description: How to Add a Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 5407fdbe-e658-44f6-a9b8-a566b81dedce
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,7 +38,7 @@ It is recommended that you import applications instead of adding them manually.
 
     In dialog boxes that refer to Virtual Application Servers, you must use a network location, such as the server's static host name or IP address, that your users can access. The application's Open Software Descriptor (OSD) file can replace the placeholder variable *%SFT\_SOFTGRIDSERER%* with the server's static host name or IP address. If you leave the placeholder variable, you must set this variable on each client computer that will access that server. Set a User or System variable on each computer for SFT\_SOFTGRIDSERVER. The variable value must be the server's static host name or IP address. If you set a variable, exit the Client session, log out of and back into Microsoft Windows, and then restart the session on each computer that had a session running and had the variable set.
 
-     
+     
 
 4.  Click **Next**.
 
@@ -44,7 +47,7 @@ It is recommended that you import applications instead of adding them manually.
     **Note**  
     If you are managing applications on a remote server, in the next dialog box, type only the path of the file relative to the server's content root.
 
-     
+     
 
 ## Related topics
 
@@ -53,9 +56,9 @@ It is recommended that you import applications instead of adding them manually.
 
 [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-add-a-server.md b/mdop/appv-v4/how-to-add-a-server.md
index 1e84d5f93d..4649e67c3f 100644
--- a/mdop/appv-v4/how-to-add-a-server.md
+++ b/mdop/appv-v4/how-to-add-a-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add a Server
 description: How to Add a Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 1f31678a-8edf-4d35-a812-e4a2abfd979b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To help you manage your Application Virtualization Management Servers more effic
 **Note**  
 All servers in a server group must be connected to the same data store.
 
- 
+ 
 
 **To add a server to a group**
 
@@ -48,9 +51,9 @@ All servers in a server group must be connected to the same data store.
 
 [How to Remove a Server](how-to-remove-a-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-add-an-administrator-group.md b/mdop/appv-v4/how-to-add-an-administrator-group.md
index 30e2284939..193e0366bd 100644
--- a/mdop/appv-v4/how-to-add-an-administrator-group.md
+++ b/mdop/appv-v4/how-to-add-an-administrator-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add an Administrator Group
 description: How to Add an Administrator Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 2611f33e-6082-4269-b0ba-394174701492
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,14 +28,14 @@ From the **Administrators** node of the Application Virtualization Server Manage
     **Important**  
     When completing the **Select Groups** dialog box, you might see the **Multiple Names Found** dialog box, which can display multiple group names. To add more than one group at a time, press **Ctrl** and click the name of each group you want to add. Click **OK** to exit the **Multiple Names Found** dialog box.
 
-     
+     
 
 3.  Click **OK**.
 
     **Note**  
     To add administrator groups to the Application Virtualization Management Server, you must have system administrator or security administrator privileges on the associated data store. If you attempt to create a group without sufficient privileges, the system generates an error message.
 
-     
+     
 
 ## Related topics
 
@@ -41,9 +44,9 @@ From the **Administrators** node of the Application Virtualization Server Manage
 
 [How to Delete an Administrator Group](how-to-delete-an-administrator-group.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-add-an-application.md b/mdop/appv-v4/how-to-add-an-application.md
index ed990397b3..71dbe1c7f8 100644
--- a/mdop/appv-v4/how-to-add-an-application.md
+++ b/mdop/appv-v4/how-to-add-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add an Application
 description: How to Add an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 0147233d-f369-4796-8e34-fb1d894af732
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md b/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md
index c5ec733bae..c1ecf63c7e 100644
--- a/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)
 description: How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: ca0bd514-2bbf-4130-8c77-98d991cbe016
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,77 +19,79 @@ ms.date: 06/16/2016
 
 You can use App-V Package Accelerators to automatically generate a new virtual application package. For more information about Package Accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md).
 
-**Important**  
+**Important**  
 Disclaimer: The Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer.
 
- 
 
-**Note**  
+
+**Note**  
 Before starting this procedure, copy the required Package Accelerator locally to the computer running the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer running the Sequencer. This is the directory that you have to specify in step 5 of this procedure.
 
- 
+
 
 Use the following procedure to create a virtual application package by using a Package Accelerator.
 
 **To create a virtual application package by using an App-V Package Accelerator**
 
-1.  To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
+2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
 
-3.  On the **Select Package Accelerator** page, to specify the Package Accelerator that will be used to create the new virtual application package, click **Browse** to locate the Package Accelerator that you want to use. Click **Next**.
+3. On the **Select Package Accelerator** page, to specify the Package Accelerator that will be used to create the new virtual application package, click **Browse** to locate the Package Accelerator that you want to use. Click **Next**.
 
-    **Important**  
-    If the publisher of the Package Accelerator cannot be verified and does not contain a valid digital signature, in the **Security Warning** dialog box, you must confirm that you trust the source of the Package Accelerator before you click **Run**.
+   **Important**  
+   If the publisher of the Package Accelerator cannot be verified and does not contain a valid digital signature, in the **Security Warning** dialog box, you must confirm that you trust the source of the Package Accelerator before you click **Run**.
 
-     
 
-4.  On the **Guidance** page, review the publishing guidance information displayed in the information pane. The information displayed was added when the Package Accelerator was created and contains information about creating and publishing the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
-5.  On the **Select Installation Files** page, to create a local folder that contains all required installation files for the package, click **Make New Folder** and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer running the Sequencer, click **Browse** to select the folder.
+4. On the **Guidance** page, review the publishing guidance information displayed in the information pane. The information displayed was added when the Package Accelerator was created and contains information about creating and publishing the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
-    Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
+5. On the **Select Installation Files** page, to create a local folder that contains all required installation files for the package, click **Make New Folder** and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer running the Sequencer, click **Browse** to select the folder.
 
-    **Note**  
-    You can specify the following types of supported installation files:
+   Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
 
-    -   Windows Installer files(**.msi**
+   **Note**  
+   You can specify the following types of supported installation files:
 
-    -   .cab files
+   -   Windows Installer files(**.msi**
 
-    -   Compressed files with a .zip file name extension
+   -   .cab files
 
-    -   The actual application files
+   -   Compressed files with a .zip file name extension
 
-    The following file types are not supported: **.msp** and**.exe** files. If you specify an **.exe** file you must extract the installation files manually.
+   -   The actual application files
 
-     
+   The following file types are not supported: **.msp** and.exe files. If you specify an **.exe** file you must extract the installation files manually.
 
-    If the Package Accelerator requires an application be installed prior to applying the Package Accelerator and you have installed the application, on the **Local Installation** page, select the check box **I have installed all applications**, and then click **Next**.
 
-6.  On the **Package Name** page, specify a name that will be associated with the package. The name specified identifies the package in the App-V Management Console. Click **Next**.
 
-7.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package you are creating. To confirm the location where the package is created, review the information displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
+~~~
+If the Package Accelerator requires an application be installed prior to applying the Package Accelerator and you have installed the application, on the **Local Installation** page, select the check box **I have installed all applications**, and then click **Next**.
+~~~
 
-    To create the package, click **Create**. After the package has been created, click **Next**.
+6. On the **Package Name** page, specify a name that will be associated with the package. The name specified identifies the package in the App-V Management Console. Click **Next**.
 
-8.  On the **Configure Software** page, to enable the Sequencer to configure the applications contained in the package, select **Configure Software**. This step is useful for configuring any associated tasks that must be completed to run the application on target computers, such as configuring any associated license agreements.
+7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package you are creating. To confirm the location where the package is created, review the information displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
 
-    If you select **Configure Software**, the following items are configured by the Sequencer as part of this step:
+   To create the package, click **Create**. After the package has been created, click **Next**.
 
-    -   **Load Package**. The Sequencer loads the files associated with the package. It can take several seconds to up to an hour to decode the package.
+8. On the **Configure Software** page, to enable the Sequencer to configure the applications contained in the package, select **Configure Software**. This step is useful for configuring any associated tasks that must be completed to run the application on target computers, such as configuring any associated license agreements.
 
-    -   **Run Each Program**. Optionally run the programs contained in the package. This step is helpful for completing any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+   If you select **Configure Software**, the following items are configured by the Sequencer as part of this step:
 
-    -   **Save Package**. The Sequencer saves the package.
+   -   **Load Package**. The Sequencer loads the files associated with the package. It can take several seconds to up to an hour to decode the package.
 
-    -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
+   -   **Run Each Program**. Optionally run the programs contained in the package. This step is helpful for completing any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
 
-    If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+   -   **Save Package**. The Sequencer saves the package.
 
-9.  On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**.
+   -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
 
-    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md).
+   If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+
+9. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**.
+
+   The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md).
 
 ## Related topics
 
@@ -95,9 +100,9 @@ Use the following procedure to create a virtual application package by using a P
 
 [How to Create App-V Package Accelerators (App-V 4.6 SP1)](how-to-create-app-v-package-accelerators--app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md b/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md
index 8dac52b922..4ac9accd65 100644
--- a/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply an App-V Project Template (App-V 4.6 SP1)
 description: How to Apply an App-V Project Template (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 8ef120ab-8cfb-438c-8136-671167b7bd9d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use an App-V project template to apply common settings associated with a
 **Note**  
 You can only apply an App-V project template when you are creating a new virtual application package. Applying project templates to existing virtual application packages is not supported. Additionally, you cannot use a project template in conjunction with a Package Accelerator.
 
- 
+ 
 
 For more information about creating App-V project templates, see [How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md).
 
@@ -40,9 +43,9 @@ For more information about creating App-V project templates, see [How to Create
 
 [How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md
index c4b1a96966..ae25bdef3b 100644
--- a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md
+++ b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md
@@ -1,8 +1,11 @@
 ---
 title: How to Assign the Proper Credentials for Windows Vista
 description: How to Assign the Proper Credentials for Windows Vista
-author: jamiejdt
+author: dansimp
 ms.assetid: cc11d2af-a350-4d16-ba7b-f9c1d89e14b4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to configure the App-V Desktop Client for proper Win
 **Note**  
 This procedure must be completed on each non-domain joined computer. Depending on the number of non-domain joined computers in your environment, this could be a very tedious operation. You can use scripts and the command-line interface for Credential Manager to help administrators automate this process.
 
- 
+ 
 
 **To assign the proper credentials for App-V clients running Windows Vista**
 
@@ -48,9 +51,9 @@ This procedure must be completed on each non-domain joined computer. Depending o
 
 [How to Assign the Proper Credentials for Windows XP](how-to-assign--the-proper-credentials-for-windows-xp.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md
index 265cd4aac5..2d0a95bbfd 100644
--- a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md
+++ b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md
@@ -1,8 +1,11 @@
 ---
 title: How to Assign the Proper Credentials for Windows XP
 description: How to Assign the Proper Credentials for Windows XP
-author: jamiejdt
+author: dansimp
 ms.assetid: cddbd556-d8f9-4981-a947-6e8e3f552b70
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to configure the App-V Desktop Client for proper Win
 **Note**  
 After finishing this procedure, the non-domain joined client can perform a publishing refresh without being joined to a domain.
 
- 
+ 
 
 **To assign the proper credentials for App-V clients running Windows XP**
 
@@ -46,9 +49,9 @@ After finishing this procedure, the non-domain joined client can perform a publi
 
 [How to Assign the Proper Credentials for Windows Vista](how-to-assign--the-proper-credentials-for-windows-vista.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md b/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md
index 38d1cf7646..ffb07d7155 100644
--- a/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md
+++ b/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Associate an Application with a License Group
 description: How to Associate an Application with a License Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 85639db3-5751-497e-a9e7-ce4770c0b55f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can enforce licensing restrictions on an application by associating the appl
 **Important**  
 One or more application license groups must exist for you to associate an application with a license group.
 
- 
+ 
 
 **To associate an application with a license group**
 
@@ -32,9 +35,9 @@ One or more application license groups must exist for you to associate an applic
 4.  Click **OK**.
 
     **Note**  
-       You can alter the **Properties** tab of one application at a time.
+       You can alter the **Properties** tab of one application at a time.
 
-     
+     
 
 ## Related topics
 
@@ -45,9 +48,9 @@ One or more application license groups must exist for you to associate an applic
 
 [How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-branch-a-package.md b/mdop/appv-v4/how-to-branch-a-package.md
index d6c12f3572..52221d9dd2 100644
--- a/mdop/appv-v4/how-to-branch-a-package.md
+++ b/mdop/appv-v4/how-to-branch-a-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Branch a Package
 description: How to Branch a Package
-author: jamiejdt
+author: dansimp
 ms.assetid: bfe46a8a-f0ee-4a71-9e9c-64ac08aac9c1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,23 +29,25 @@ Use the following procedure to branch a sequenced virtual application package.
 
 3.  To save a copy of the package, in the App-V Sequencer, select **File**, **Save As**. Specify a new, unique name, and specify a new unique package root directory for the copy of the package. Click **Save**.
 
-    **Important**  
+    **Important**  
     You must specify a new package name or you will overwrite the existing version of the package.
 
-     
 
-    The sequencer will automatically generate new GUID files for the new package. The version number associated with the package will also be automatically appended to the OSD file name.
 
-4.  After you save the new version you can apply the required configuration changes and save the associated ICO, OSD, SFT, and SPRJ files to correct location on the Application Virtualization (App-V) server.
+~~~
+The sequencer will automatically generate new GUID files for the new package. The version number associated with the package will also be automatically appended to the OSD file name.
+~~~
+
+4. After you save the new version you can apply the required configuration changes and save the associated ICO, OSD, SFT, and SPRJ files to correct location on the Application Virtualization (App-V) server.
 
 ## Related topics
 
 
 [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md
index bd23fdf1d6..d5b2380a20 100644
--- a/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md
+++ b/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md
@@ -1,8 +1,11 @@
 ---
 title: How to Cancel Loading of Virtual Applications from the Desktop Notification Area
 description: How to Cancel Loading of Virtual Applications from the Desktop Notification Area
-author: jamiejdt
+author: dansimp
 ms.assetid: 4420a091-a344-48e9-a354-93bc0e2470eb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-an-application-icon.md b/mdop/appv-v4/how-to-change-an-application-icon.md
index 02df9111cf..1f2881c4f8 100644
--- a/mdop/appv-v4/how-to-change-an-application-icon.md
+++ b/mdop/appv-v4/how-to-change-an-application-icon.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change an Application Icon
 description: How to Change an Application Icon
-author: jamiejdt
+author: dansimp
 ms.assetid: bd6cfb22-086b-43fd-b6f9-1907b5f16e83
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-an-application-iconserver.md b/mdop/appv-v4/how-to-change-an-application-iconserver.md
index de7be67d3d..7f85c76a15 100644
--- a/mdop/appv-v4/how-to-change-an-application-iconserver.md
+++ b/mdop/appv-v4/how-to-change-an-application-iconserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change an Application Icon
 description: How to Change an Application Icon
-author: jamiejdt
+author: dansimp
 ms.assetid: 52c870eb-4a54-410b-8abf-79395a53f846
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-deployment-properties.md b/mdop/appv-v4/how-to-change-deployment-properties.md
index 5d7dd808c2..66c8d2fd96 100644
--- a/mdop/appv-v4/how-to-change-deployment-properties.md
+++ b/mdop/appv-v4/how-to-change-deployment-properties.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change Deployment Properties
 description: How to Change Deployment Properties
-author: jamiejdt
+author: dansimp
 ms.assetid: 0a214a7a-cc83-4d04-89f9-5727153be918
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-import-search-paths.md b/mdop/appv-v4/how-to-change-import-search-paths.md
index bf9168377b..928852dfa1 100644
--- a/mdop/appv-v4/how-to-change-import-search-paths.md
+++ b/mdop/appv-v4/how-to-change-import-search-paths.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change Import Search Paths
 description: How to Change Import Search Paths
-author: jamiejdt
+author: dansimp
 ms.assetid: 0125f2bf-4958-4854-a5a4-a63afe5bb986
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-package-properties.md b/mdop/appv-v4/how-to-change-package-properties.md
index 6552231511..abe69abeb3 100644
--- a/mdop/appv-v4/how-to-change-package-properties.md
+++ b/mdop/appv-v4/how-to-change-package-properties.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change Package Properties
 description: How to Change Package Properties
-author: jamiejdt
+author: dansimp
 ms.assetid: 6050916a-d4fe-4dac-8f2a-47308dbbf481
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ If this is the first time the package has been created, you can also change the
 **Note**  
 When selecting a block size, consider the size of the SFT file and your network bandwidth. A file with a smaller block size takes longer to stream over the network, but it is less bandwidth intensive. Files with larger block sizes might stream faster, but they use more network bandwidth. Through experimentation, you can discover the optimum block size for streaming applications on your network.
 
- 
+ 
 
 The remainder of the package properties on the **Properties** tab is automatically generated and cannot be modified on this tab.
 
@@ -50,9 +53,9 @@ The remainder of the package properties on the **Properties** tab is automatical
 
 [Sequencer Console](sequencer-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md b/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md
index 9c1eebdb7c..8346a0eb10 100644
--- a/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md
+++ b/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Cache Size and the Drive Letter Designation
 description: How to Change the Cache Size and the Drive Letter Designation
-author: jamiejdt
+author: dansimp
 ms.assetid: e7d7b635-079e-41aa-a5e6-655f33b4e317
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 You can change the cache size and drive letter designation directly from the **Application Virtualization** node in the Application Virtualization Client Management Console.
 
-**Note**  
+**Note**  
 After the cache size has been set, it cannot be made smaller.
 
- 
+
 
 **To change the cache size**
 
@@ -27,20 +30,22 @@ After the cache size has been set, it cannot be made smaller.
 
 2.  Select the **File System** tab on the **Properties** dialog box. In the **Client Cache Configuration Settings** section, click one of the following radio buttons to choose how to manage the cache space:
 
-    **Important**  
+    **Important**  
     If you select the **Use free disk space threshold** setting, the value you enter will set the cache size to the total disk size minus the free disk space threshold number you entered. If you then want revert to using the **Use maximum cache size** setting, you must specify a larger number than the existing cache size. Otherwise, the error “New size must be larger than the existing cache size” will appear.
 
-     
 
-    -   **Use maximum cache size**
 
-        Enter a numeric value from 100 to 1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. The value shown in **Reserved Cache Size** indicates the amount of cache in use.
+~~~
+-   **Use maximum cache size**
 
-    -   **Use free disk space threshold**
+    Enter a numeric value from 100 to 1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. The value shown in **Reserved Cache Size** indicates the amount of cache in use.
 
-        Enter a numeric value to specify the amount of free disk space, in MB, that the cache must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is unused.
+-   **Use free disk space threshold**
 
-3.  Click **OK** or **Apply** to change the setting.
+    Enter a numeric value to specify the amount of free disk space, in MB, that the cache must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is unused.
+~~~
+
+3. Click **OK** or **Apply** to change the setting.
 
 **To change the drive letter designation**
 
@@ -55,9 +60,9 @@ After the cache size has been set, it cannot be made smaller.
 
 [How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md b/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md
index 6f30faa888..c981b9ffd1 100644
--- a/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md
+++ b/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Log Reporting Levels and Reset the Log Files
 description: How to Change the Log Reporting Levels and Reset the Log Files
-author: jamiejdt
+author: dansimp
 ms.assetid: 9561d6fb-b35c-491b-a355-000064583194
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,14 +28,14 @@ You can use the following procedure to change the log reporting level from the *
     **Note**  
     If you choose **Verbose** as the logging level, the log files will grow large very quickly. This might inhibit client performance, so best practice is to use this log level only for diagnosing specific problems.
 
-     
+     
 
 3.  On the **General** tab in the **Properties** dialog box, from the **System Log Level** drop-down list, select the desired log level.
 
     **Note**  
     The **System Log Level** setting controls the level of messages sent to the system event log. The logged messages are identical to the messages that get logged to the client event log, but they are stored in a different location.
 
-     
+     
 
 4.  Click **OK** or **Apply** to change the setting.
 
@@ -51,9 +54,9 @@ You can use the following procedure to change the log reporting level from the *
 
 [User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-server-cache-size.md b/mdop/appv-v4/how-to-change-the-server-cache-size.md
index 3687c7e7a6..198ee9a625 100644
--- a/mdop/appv-v4/how-to-change-the-server-cache-size.md
+++ b/mdop/appv-v4/how-to-change-the-server-cache-size.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Server Cache Size
 description: How to Change the Server Cache Size
-author: jamiejdt
+author: dansimp
 ms.assetid: 24e63744-21c3-458e-b137-9592f4fe785c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to change the cache size for any server dire
 **Note**  
 Although you can change the cache size, unless your configuration specifically requires you to change the size, it is recommended that you leave the cache size set to the default values.
 
- 
+ 
 
 **To change the server cache size**
 
@@ -44,9 +47,9 @@ Although you can change the cache size, unless your configuration specifically r
 
 [How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md b/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md
index 4dd2ea6d8e..8bfcb4dcb4 100644
--- a/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md
+++ b/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Server Logging Level and the Database Parameters
 description: How to Change the Server Logging Level and the Database Parameters
-author: jamiejdt
+author: dansimp
 ms.assetid: e3ebaee5-6c4c-4aa8-9766-c5aeb00f477a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ The following logging levels are available:
 **Note**  
 Because of the size of the log file produced when you use **Verbose** mode, the recommendation is that you do not run production servers with this level of logging set.
 
- 
+ 
 
 The database logging parameters determine the database driver type, access credentials, and location of the logging database.
 
@@ -100,7 +103,7 @@ The database logging parameters determine the database driver type, access crede
     
     
 
-     
+     
 
 **To change database log parameters**
 
@@ -129,9 +132,9 @@ The database logging parameters determine the database driver type, access crede
 
 [How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-server-port.md b/mdop/appv-v4/how-to-change-the-server-port.md
index 6f97e5a2aa..3a807f2d68 100644
--- a/mdop/appv-v4/how-to-change-the-server-port.md
+++ b/mdop/appv-v4/how-to-change-the-server-port.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Server Port
 description: How to Change the Server Port
-author: jamiejdt
+author: dansimp
 ms.assetid: 0b4a262c-4816-48d0-b7c6-e496bb0d7370
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ From the Application Virtualization Server Management Console, you can use the f
     **Note**  
     The port number can be any value between 1 and 65,535. The default values are 554 for RTSP and 322 for RTSPS.
 
-     
+     
 
 6.  Click **OK** to change the port number.
 
@@ -46,9 +49,9 @@ From the Application Virtualization Server Management Console, you can use the f
 
 [How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md b/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md
index c9aed501f1..7fe070657a 100644
--- a/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md
+++ b/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change the Size of the FileSystem Cache
 description: How to Change the Size of the FileSystem Cache
-author: jamiejdt
+author: dansimp
 ms.assetid: 6ed17ba3-293b-4482-b3fa-31e5f606dad6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-change-user-access-permissions.md b/mdop/appv-v4/how-to-change-user-access-permissions.md
index 9e2f967104..ef7947df2b 100644
--- a/mdop/appv-v4/how-to-change-user-access-permissions.md
+++ b/mdop/appv-v4/how-to-change-user-access-permissions.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change User Access Permissions
 description: How to Change User Access Permissions
-author: jamiejdt
+author: dansimp
 ms.assetid: 21b60cc7-5395-401e-a374-6ef0d58872b7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to change user access permissions in the Application
 **Note**  
 Before changing users access permissions, ensure that any permissions changes are consistent with the organization's guidelines for granting user access.
 
- 
+ 
 
 **To change user access permissions**
 
@@ -36,9 +39,9 @@ Before changing users access permissions, ensure that any permissions changes ar
 
 [User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-clear-an-application.md b/mdop/appv-v4/how-to-clear-an-application.md
index f9ec60a5c1..c738ca904d 100644
--- a/mdop/appv-v4/how-to-clear-an-application.md
+++ b/mdop/appv-v4/how-to-clear-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Clear an Application
 description: How to Clear an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 247b8f40-531c-413e-a2e5-fc990ed0a51a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can clear an application from the console directly from the **Results** pane
 **Note**  
 When you clear an application from the console, you can no longer use that application. However, the application remains in cache and is still available to other users on the same system. After a publishing refresh, the cleared applications will again become available to you. If there are multiple applications in a package, the user's settings are not removed until all of the applications are cleared.
 
- 
+ 
 
 **To clear an application from the console**
 
@@ -27,9 +30,9 @@ When you clear an application from the console, you can no longer use that appli
 
 2.  At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
index eec4c7053e..801b2d13bc 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure a Read-only Cache on the App-V Client (RDS)
 description: How to Configure a Read-only Cache on the App-V Client (RDS)
-author: jamiejdt
+author: dansimp
 ms.assetid: b6607fe2-6f92-4567-99f1-d8e3c8a591e0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,14 +20,14 @@ ms.date: 08/30/2016
 **Important**  
 You must be running App-V 4.6, SP1 to use this procedure.
 
- 
+ 
 
 You can deploy the App-V client by using a shared cache that is populated with all the applications required for all users. Then you configure the App-V Remote Desktop Services (RDS) Clients to use the same cache file. Users are granted access to specific applications by using the App-V publishing process. Because the cache is already preloaded with all applications, no streaming occurs when a user starts an application. However, the packages used to prepopulate the cache must be put on an App-V server that supports Real Time Streaming Protocol (RTSP) streaming and that grants access permissions to the App-V Clients. If you publish the applications by using an App-V Management Server, you can use it to provide this streaming function.
 
 **Note**  
 The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process.
 
- 
+ 
 
 ## Deploying the App-V Client in an RDS Scenario
 
@@ -44,77 +47,77 @@ These tasks require careful planning. We recommend that you prepare and document
 **Note**  
 Although you can publish the applications by using several different methods, the following procedures are based on your using an App-V Management Server for publishing.
 
- 
+ 
 
 **To configure the read-only cache for initial deployment**
 
-1.  Set up and configure an App-V Management Server to provide user authentication and publishing support.
+1. Set up and configure an App-V Management Server to provide user authentication and publishing support.
 
-2.  Populate the Content folder of this Management Server with all the application packages required for all users.
+2. Populate the Content folder of this Management Server with all the application packages required for all users.
 
-3.  Set up a staging computer that has the App-V Client installed. Log on to the staging computer by using an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded.
+3. Set up a staging computer that has the App-V Client installed. Log on to the staging computer by using an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded.
 
-    **Important**  
-    The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run.
+   **Important**  
+   The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run.
 
-     
+     
 
-4.  Restart the staging computer in safe mode to make sure that the drivers are not started, because this would lock the cache file.
+4. Restart the staging computer in safe mode to make sure that the drivers are not started, because this would lock the cache file.
 
-    **Note**  
-    Or, you can stop and disable the Application Virtualization service, and then restart the computer. After the file is copied, remember to enable and start the service again.
+   **Note**  
+   Or, you can stop and disable the Application Virtualization service, and then restart the computer. After the file is copied, remember to enable and start the service again.
 
-     
+     
 
-5.  Copy the Sftfs.fsd cache file to a SAN where all the RDS servers can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName.
+5. Copy the Sftfs.fsd cache file to a SAN where all the RDS servers can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName.
 
-    **Important**  
-    You must put the FSD file in a location that has the responsiveness and reliability equal to locally attached storage performance, for example, a SAN.
+   **Important**  
+   You must put the FSD file in a location that has the responsiveness and reliability equal to locally attached storage performance, for example, a SAN.
 
-     
+     
 
-6.  Install the App-V RDS Client on each RDS server, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 32-bit computers and at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 64-bit computers.
+6. Install the App-V RDS Client on each RDS server, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 32-bit computers and at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 64-bit computers.
 
-    
-    -    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    





    KeyTypeValuePurpose
    FileName
    String
    path of FSD
    Specifies the path of the shared cache file, for example, \\RDSServername\Sharefolder\SFTFS.FSD (Required).
    ReadOnlyFSD
    DWORD
    1
    Configures the client to operate in Read-Only mode. This ensures that the client will not try to stream updates to the package cache. (Required)
    ErrorLogLocation
    String
    path of error log (.etl) file
    Entry used to specify the path of the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).
    
+   
+   +   +   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    





    KeyTypeValuePurpose
    FileName
    String
    path of FSD
    Specifies the path of the shared cache file, for example, \RDSServername\Sharefolder\SFTFS.FSD (Required).
    ReadOnlyFSD
    DWORD
    1
    Configures the client to operate in Read-Only mode. This ensures that the client will not try to stream updates to the package cache. (Required)
    ErrorLogLocation
    String
    path of error log (.etl) file
    Entry used to specify the path of the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).
    
 
-     
+     
 
-7.  Configure each RDS server in the farm to use the publishing server and to use publishing update when users log on. As users log on to the RDS servers, a publishing update cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache.
+7. Configure each RDS server in the farm to use the publishing server and to use publishing update when users log on. As users log on to the RDS servers, a publishing update cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache.
 
 **To configure the RDS client for package upgrade**
 
@@ -127,7 +130,7 @@ Although you can publish the applications by using several different methods, th
     **Note**  
     Or, you can first stop and then disable the Application Virtualization service in the Services.msc, and restart the computer. After the file has been copied, remember to enable and start the service again.
 
-     
+     
 
 4.  Copy the Sftfs.fsd cache file to a SAN where all the RDS servers can access it, such as in a shared folder. You can use a different file name, for example, SFTFS\_V2.FSD, to distinguish the new version.
 
@@ -136,7 +139,7 @@ Although you can publish the applications by using several different methods, th
     **Important**  
     You must restart the RDS servers in order to use the updated shared cache file.
 
-     
+     
 
 ## How to Use Symbolic Links when Upgrading the Cache
 
@@ -158,7 +161,7 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil
     **Note**  
     On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.
 
-     
+     
 
 4.  When you configure the App-V RDS Client, set the AppFS key FILENAME value equal to the UNC path of the FSD file that is using the symbolic link. For example, set the file name to \\\\VDIHostserver\\Symlinkname. When the App-V client first accesses the cache, the symbolic link passes to the client a handle to the cache file. The client continues to use that handle as long as the client is running. The value of the symbolic link can safely be updated even if existing clients have the old shared cache open.
 
@@ -173,9 +176,9 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil
 
 [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
index 7a26ca6403..2ee211e811 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure a Read-only Cache on the App-V Client (VDI)
 description: How to Configure a Read-only Cache on the App-V Client (VDI)
-author: jamiejdt
+author: dansimp
 ms.assetid: 7a41e017-9e23-4a6a-a659-04d23f008b83
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a
 **Note**  
 The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process.
 
- 
+ 
 
 ## Deploying the App-V Client in a VDI Scenario
 
@@ -41,77 +44,77 @@ These tasks require careful planning. We recommend that you prepare and document
 **Note**  
 Although you can publish the applications by using several different methods, the following procedures are based on the use of an App-V Management Server for publishing.
 
- 
+ 
 
 **To configure the read-only cache for initial deployment in a Pooled VM VDI or Static VM VDI scenario**
 
-1.  Set up and configure an App-V Management Server in a VM on the VDI server to provide user authentication and publishing support.
+1. Set up and configure an App-V Management Server in a VM on the VDI server to provide user authentication and publishing support.
 
-2.  Populate the Content folder of this Management Server with all the application packages required for all users.
+2. Populate the Content folder of this Management Server with all the application packages required for all users.
 
-3.  Set up a staging computer that has the App-V Client installed. Log on to the staging computer with an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded.
+3. Set up a staging computer that has the App-V Client installed. Log on to the staging computer with an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded.
 
-    **Important**  
-    The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run.
+   **Important**  
+   The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run.
 
-     
+     
 
-4.  Restart the staging computer in Safe Mode to ensure the drivers are not started, which would lock the cache file.
+4. Restart the staging computer in Safe Mode to ensure the drivers are not started, which would lock the cache file.
 
-    **Note**  
-    Alternatively, you can stop and disable the Application Virtualization service, and then restart the computer. After the file has been copied, remember to enable and start the service again.
+   **Note**  
+   Alternatively, you can stop and disable the Application Virtualization service, and then restart the computer. After the file has been copied, remember to enable and start the service again.
 
-     
+     
 
-5.  Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName.
+5. Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName.
 
-    **Important**  
-    You must put the FSD file in a location that has the responsiveness and reliability equivalent to locally attached storage performance, for example, a SAN.
+   **Important**  
+   You must put the FSD file in a location that has the responsiveness and reliability equivalent to locally attached storage performance, for example, a SAN.
 
-     
+     
 
-6.  Install the App-V Desktop Client on the VDI Master VM Image, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\[Wow6432Node\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS.
+6. Install the App-V Desktop Client on the VDI Master VM Image, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\[Wow6432Node\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS.
 
-    
-    -    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    





    KeyTypeValuePurpose
    FileName
    String
    path to FSD
    Specifies the path to the shared cache file, for example, \\VDIServername\Sharefolder\SFTFS.FSD (Required).
    ReadOnlyFSD
    DWORD
    1
    Configures the client to operate in Read-Only mode. This ensures that the client will not attempt to stream updates to the package cache. (Required)
    ErrorLogLocation
    String
    path to error log (.etl) file
    Entry used to specify the path to the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).
    
+   
+   +   +   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    





    KeyTypeValuePurpose
    FileName
    String
    path to FSD
    Specifies the path to the shared cache file, for example, \VDIServername\Sharefolder\SFTFS.FSD (Required).
    ReadOnlyFSD
    DWORD
    1
    Configures the client to operate in Read-Only mode. This ensures that the client will not attempt to stream updates to the package cache. (Required)
    ErrorLogLocation
    String
    path to error log (.etl) file
    Entry used to specify the path to the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).
    
 
-     
+     
 
-7.  Configure the Master VM Image client to use the publishing server and to use publishing refresh at logon. As users log on to the VDI system and their VM is built from the Master VM Image, a publishing refresh cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache.
+7. Configure the Master VM Image client to use the publishing server and to use publishing refresh at logon. As users log on to the VDI system and their VM is built from the Master VM Image, a publishing refresh cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache.
 
 **To configure the client for package upgrade in a Pooled VM scenario**
 
@@ -124,7 +127,7 @@ Although you can publish the applications by using several different methods, th
     **Note**  
     Alternatively, you can stop and disable the Application Virtualization service in the Services.msc, and then restart the computer. After the file has been copied, remember to enable and start the service again.
 
-     
+     
 
 4.  Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. You can use a different filename, for example, SFTFS\_V2.FSD, to distinguish the new version.
 
@@ -141,7 +144,7 @@ Although you can publish the applications by using several different methods, th
     **Note**  
     Alternatively, you can stop and disable the Application Virtualization service in the Services.msc, and then restart the computer. After the file has been copied, remember to enable and start the service again.
 
-     
+     
 
 4.  Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. You can use a different filename, for example, SFTFS\_V2.FSD, to distinguish the new version.
 
@@ -169,7 +172,7 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi
     **Note**  
     On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.
 
-     
+     
 
 4.  When you configure the App-V Desktop Client on the VDI Master VM Image, set the AppFS key FILENAME value equal to the UNC path of the FSD file that is using the symbolic link; for example, set it to \\\\VDIHostserver\\Symlinkname. When the App-V client first accesses the cache, the symbolic link passes to the client a handle to the cache file. The client continues to use that handle as long as the client is running. The value of the symbolic link can safely be updated even if existing clients have the old shared cache open.
 
@@ -184,9 +187,9 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi
 
 [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md b/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md
index d4beadda98..ec3efe7a1a 100644
--- a/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md
+++ b/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Management Server Security Post-Installation
 description: How to Configure Management Server Security Post-Installation
-author: jamiejdt
+author: dansimp
 ms.assetid: 71979fa6-3d0b-4a8b-994e-cb728d013090
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,7 +32,7 @@ Use the App-V Management Console to add the certificate and configure the App-V
     **Note**  
     If no certificates are displayed in the wizard, a certificate has not been provisioned or the certificate does meet the requirements of App-V.
 
-     
+     
 
 5.  Click **Next** to continue on to the **Welcome To Certificate Wizard** page.
 
@@ -48,9 +51,9 @@ Use the App-V Management Console to add the certificate and configure the App-V
 
 [Troubleshooting Certificate Permission Issues](troubleshooting-certificate-permission-issues.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
index a3807324db..978aefac2f 100644
--- a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Microsoft SQL Server Mirroring Support for App-V
 description: How to Configure Microsoft SQL Server Mirroring Support for App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 6d069eb5-109f-460a-836a-de49473b7035
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,18 +19,18 @@ ms.date: 08/30/2016
 
 You can use the following procedure to configure your Microsoft Application Virtualization (App-V) environment to use Microsoft SQL Server database mirroring. Configuring database mirroring can help with disaster recovery and failover scenarios. App-V 4.5 SP2 supports all modes of database mirroring currently available for Microsoft SQL Server 2005 and SQL Server 2008.
 
-**Note**  
+**Note**  
 This procedure is written for administrators who are familiar with setting up and configuring SQL Server databases and database mirroring with Microsoft SQL Server, and therefore covers only the specific configuration settings that are unique to App-V.
 
- 
+
 
 **To configure your App-V environment to use Microsoft SQL Server database mirroring**
 
 1.  Set up SQL Server database mirroring of the App-V database following your standard business practices for database mirroring. Use the following links for general information about implementing Microsoft SQL Server database mirroring:
 
-    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187478) (https://go.microsoft.com/fwlink/?LinkId=187478)
+    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187478) (https://go.microsoft.com/fwlink/?LinkId=187478)
 
-    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187477) (https://go.microsoft.com/fwlink/?LinkId=187477)
+    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187477) (https://go.microsoft.com/fwlink/?LinkId=187477)
 
     In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](https://go.microsoft.com/fwlink/?LinkId=190270) (https://go.microsoft.com/fwlink/?LinkId=190270).
 
@@ -39,10 +42,10 @@ This procedure is written for administrators who are familiar with setting up an
 
 5.  Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerName** and make sure that it contains only the host name of the SQL Server. If it includes an instance name, for example *serverhostname\\instancename*, the instance name must be removed.
 
-    **Important**  
+    **Important**  
     The App-V Management Server uses the TCP/IP networking library to communicate with the SQL Server when database mirroring is enabled, and therefore instance names cannot be used. The port numbers must be specified in the registry keys instead.
 
-     
+
 
 6.  Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerPort** and make sure that it contains the port number that is used for SQL on the SQL Server computer. If you are using a named instance this key value must be set to the port that is used for the named instance.
 
@@ -58,28 +61,30 @@ This procedure is written for administrators who are familiar with setting up an
 
     -   Click the **All** tab, and then select the entry **Failover Partner**. Click **Edit Value**, and then enter the server name of the failover SQL Server. Click **OK**.
 
-    **Important**  
+    **Important**  
     The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](https://go.microsoft.com/fwlink/?LinkId=203186) (https://go.microsoft.com/fwlink/?LinkId=203186).
 
-     
+
 
 10. To verify that database mirroring is running correctly, test the failover and confirm that the App-V Management Server continues to function correctly.
 
-    **Important**  
+    **Important**  
     Proceed with care, and follow your standard business practices to ensure that system operations are not disrupted in the event of a failure.
 
-     
 
-    After the failover has occurred successfully, as verified by using the SQL Server status monitoring information, right-click the **Applications** node in the App-V Management Console, and then select **Refresh**. The list of applications should display normally if the system is working correctly.
+
+~~~
+After the failover has occurred successfully, as verified by using the SQL Server status monitoring information, right-click the **Applications** node in the App-V Management Console, and then select **Refresh**. The list of applications should display normally if the system is working correctly.
+~~~
 
 ## Related topics
 
 
 [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md b/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md
index 3560100875..4f60659a53 100644
--- a/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md
+++ b/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Servers for ESD-Based Deployment
 description: How to Configure Servers for ESD-Based Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 96208522-3a0c-4606-a10b-fc0ec0a12021
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md b/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md
index 9899d3547a..9fb56f0792 100644
--- a/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md
+++ b/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Servers for Server-Based Deployment
 description: How to Configure Servers for Server-Based Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 6371c37a-46eb-44e8-ad6b-4430c866c8b4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md b/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md
index 5853fc63d0..7f8b6db82f 100644
--- a/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md
+++ b/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Shortcut and File Type Association Behavior
 description: How to Configure Shortcut and File Type Association Behavior
-author: jamiejdt
+author: dansimp
 ms.assetid: d6fd1728-4de6-4066-b36b-d4837d593d40
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -60,16 +63,16 @@ There are four policy values defined in the following table and these apply to b
 
 
 
- 
+ 
 
 **Note**  
 The text values refer to the values for the XML attributes in the publishing XML file.  You can set these values manually if you have implemented a custom HTTP publishing solution.
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md b/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md
index 7038049961..05d2bc0b77 100644
--- a/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md
+++ b/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Streaming Server Security Post-Installation
 description: How to Configure Streaming Server Security Post-Installation
-author: jamiejdt
+author: dansimp
 ms.assetid: 9bde3677-d1aa-4dcc-904e-bb49a268d748
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
index cf1547bbe9..150d93d6c9 100644
--- a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the App-V Client Registry Settings by Using the Command Line
 description: How to Configure the App-V Client Registry Settings by Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: 3e3d873f-13d2-402f-97b4-f62d0c399171
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ There is also an ADM template that you can use. For more information about the A
 **Caution**  
 Use care when you edit the registry because errors can leave the computer in an unusable state. Be sure to follow your standard business practices that relate to registry edits. Thoroughly test all proposed changes in a test environment before you deploy them to production computers.
 
- 
+ 
 
 ## In This Section
 
@@ -35,7 +38,7 @@ Use care when you edit the registry because errors can leave the computer in an
 **Important**  
 On a 64-bit computer, the keys and values described in the following sections will be under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client.
 
- 
+ 
 
 [How to Reset the FileSystem Cache](how-to-reset-the-filesystem-cache.md)  
 Provides the information that is required to reset the FileSystem cache.
@@ -66,9 +69,9 @@ Describes the registry key values that control shortcuts and file type associati
 
 [Application Virtualization Client](application-virtualization-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md b/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md
index 8ca46a9f80..023d8ba9ba 100644
--- a/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md
+++ b/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the App-V Sequencer
 description: How to Configure the App-V Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 0f43f618-80b0-4715-af17-90f5c673d838
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md b/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md
index 6146ea24d9..1b477e3c0e 100644
--- a/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md
+++ b/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the App-V System for Package Upgrade
 description: How to Configure the App-V System for Package Upgrade
-author: jamiejdt
+author: dansimp
 ms.assetid: de133898-f887-46c1-9bc9-fbb03feac66a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md
index 0fd6b3a317..9dc834b4ad 100644
--- a/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md
+++ b/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Application Virtualization Client Settings Manually
 description: How to Configure the Application Virtualization Client Settings Manually
-author: jamiejdt
+author: dansimp
 ms.assetid: 53bd21d8-49eb-4c77-9692-c093ffe4c17c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md
index 0aed3c1fe9..bd27ed1708 100644
--- a/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md
+++ b/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Application Virtualization Management Servers
 description: How to Configure the Application Virtualization Management Servers
-author: jamiejdt
+author: dansimp
 ms.assetid: a9f96148-bf2d-486f-98c2-23409bfb0935
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Before virtualized applications can be streamed to the Application Virtualizatio
 **Important**  
 Application Virtualization Servers stream SFT files to the Desktop Client and the Client for Remote Desktop Services using only RTSP or RTSPS protocols. The ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different file or HTTP server.
 
- 
+ 
 
 **To configure the Application Virtualization Management Server**
 
@@ -30,7 +33,7 @@ Application Virtualization Servers stream SFT files to the Desktop Client and th
     **Note**  
     During the installation procedure, you specify the location of the \\Content directory on the **Content Path** screen.
 
-     
+     
 
 2.  Navigate to the location that you specified for the \\Content directory, and if necessary, create the directory.
 
@@ -47,9 +50,9 @@ Application Virtualization Servers stream SFT files to the Desktop Client and th
 
 [How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md
index a1c28b5df3..9f63f76ebb 100644
--- a/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md
+++ b/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Application Virtualization Streaming Servers
 description: How to Configure the Application Virtualization Streaming Servers
-author: jamiejdt
+author: dansimp
 ms.assetid: 3e2dde35-9d72-40ba-9fdf-d0338bd4d561
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Before virtual applications can be streamed to the Application Virtualization De
 **Important**  
 Application Virtualization Servers stream SFT files to the Desktop Client and the Client for Remote Desktop Services using only RTSP or RTSPS protocols. The ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different file or HTTP server.
 
- 
+ 
 
 **To configure the Application Virtualization Streaming Servers**
 
@@ -44,9 +47,9 @@ Application Virtualization Servers stream SFT files to the Desktop Client and th
 
 [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md b/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md
index 63246aa503..54a3e12931 100644
--- a/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md
+++ b/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client for Application Package Retrieval
 description: How to Configure the Client for Application Package Retrieval
-author: jamiejdt
+author: dansimp
 ms.assetid: 891f2739-da7a-46da-b452-b8c0af075525
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,12 +23,12 @@ If you want the client to obtain the package content (SFT file) from a local App
 
 You can also configure the OSDSourceRoot and IconSourceRoot registry key values if you want to override those settings in the package manifest file or in the paths sent by a publishing server. The OSDSourceRoot specifies a source location for OSD file retrieval for an application package during publication. The IconSourceRoot specifies a source location for icon retrieval for an application package during publication.
 
-**Note**  
+**Note**  
 -   The IconSourceRoot and OSDSourceRoot settings override the values in the package manifest file, so if you try to deploy a package by using the Windows Installer (.msi) file method, it will also override the values in the package manifest file that is contained within that .msi file.
 
 -   During both the publishing and HTTP(S) streaming operations,App-V 4.5 SP1 clients use the proxy server settings that are configured in Internet Explorer on the user’s computer.
 
- 
+
 
 **To configure the ApplicationSourceRoot registry key value**
 
@@ -37,93 +40,95 @@ You can also configure the OSDSourceRoot and IconSourceRoot registry key values
 
     The correct format for the URL path is **protocol://servername:\[port\]\[/path\]\[/\]**, where **port** and **path** are optional. If **port** is not specified, the default port for the protocol is used. Only the **protocol://server:port** portion of the OSD URL is replaced.
 
-    **Important**  
+    **Important**  
     Environment variables are not supported in the ApplicationSourceRoot definition.
 
-     
 
-    The following table lists examples of acceptable URL and UNC path formats.
 
-    
-    -    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    





    ApplicationSourceRootOSD File HREF PathResultComments
    rtsps://mainserver:322
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq
    https://mainserver:443/prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    https://mainserver:443/prodapps/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps
    rtsp://%SFT_APPVSERVER%:554/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322
    \\uncserver\share\productivity\office2k3.sft
    rtsps://mainserver:322/productivity/office2k3.sft
    ‘\’ converted to ‘/’
    rtsps://mainserver:322
    file://\\uncserver\share\productivity\office2k3.sft
    rtsps://mainserver:322/productivity/office2k3.sft
    ‘\’ converted to ‘/’
    \\uncserver\share
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    \\uncserver\share\productivity\office2k3.sft
    ‘/’ converted to ‘\’ and parameter dropped when converting to UNC path
    \\uncserver\share\prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    \\uncserver\share\prodapps\productivity\office2k3.sft
    ‘/’ converted to ‘\’ and parameter dropped when converting to UNC path
    M:
    \\uncserver\share\productivity\office2k3.sft
    M:\productivity\office2k3.sft
    M:\prodapps
    \\uncserver\share\productivity\office2k3.sft
    M:\prodapps\productivity\office2k3.sft
    
+~~~
+The following table lists examples of acceptable URL and UNC path formats.
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    





    ApplicationSourceRootOSD File HREF PathResultComments
    rtsps://mainserver:322
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq
    https://mainserver:443/prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    https://mainserver:443/prodapps/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps
    rtsp://%SFT_APPVSERVER%:554/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq
    rtsps://mainserver:322
    \\uncserver\share\productivity\office2k3.sft
    rtsps://mainserver:322/productivity/office2k3.sft
    ‘\’ converted to ‘/’
    rtsps://mainserver:322
    file://\\uncserver\share\productivity\office2k3.sft
    rtsps://mainserver:322/productivity/office2k3.sft
    ‘\’ converted to ‘/’
    \\uncserver\share
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    \\uncserver\share\productivity\office2k3.sft
    ‘/’ converted to ‘\’ and parameter dropped when converting to UNC path
    \\uncserver\share\prodapps
    rtsp://appserver/productivity/office2k3.sft?customer=seq
    \\uncserver\share\prodapps\productivity\office2k3.sft
    ‘/’ converted to ‘\’ and parameter dropped when converting to UNC path
    M:
    \\uncserver\share\productivity\office2k3.sft
    M:\productivity\office2k3.sft
    M:\prodapps
    \\uncserver\share\productivity\office2k3.sft
    M:\prodapps\productivity\office2k3.sft
    
+~~~
+
 
-     
 
 **To configure the OSDSourceRoot value**
 
@@ -154,9 +159,9 @@ You can also configure the OSDSourceRoot and IconSourceRoot registry key values
 
 [How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md b/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md
index f4c7b97649..08fb9b8dfb 100644
--- a/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md
+++ b/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client for Disconnected Operation Mode
 description: How to Configure the Client for Disconnected Operation Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: 3b48464a-b8b4-494b-93e3-9a6d9bd74652
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The disconnected operation mode enables the Application Virtualization (App-V) D
 **Important**  
 In a large organization where multiple Remote Desktop Session Host (RD°Session Host) servers (formerly Terminal Servers) are linked in a farm to support many users, using a single App-V Management Server to support the farm represents a single point of failure. To provide high availability to support the RD Session Host farm, consider linking two or more App-V Management Servers to use the same database.
 
- 
+ 
 
 **To enable disconnected operation mode**
 
@@ -56,9 +59,9 @@ In a large organization where multiple Remote Desktop Session Host (RD°Session
 
 [How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md b/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md
index 96a22d6817..ec298ac0dd 100644
--- a/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md
+++ b/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client for MIT Kerberos Realm Support
 description: How to Configure the Client for MIT Kerberos Realm Support
-author: jamiejdt
+author: dansimp
 ms.assetid: 46102f4c-270c-4115-8eb4-7ff5ae3be32d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md b/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md
index a74f09107a..2dcd0fc57b 100644
--- a/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md
+++ b/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client in the Application Virtualization Client Management Console
 description: How to Configure the Client in the Application Virtualization Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: d0868c9f-8fe9-442f-a9ad-ef30efb0f6b1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-the-client-log-file.md b/mdop/appv-v4/how-to-configure-the-client-log-file.md
index 440171d152..20b326dfa4 100644
--- a/mdop/appv-v4/how-to-configure-the-client-log-file.md
+++ b/mdop/appv-v4/how-to-configure-the-client-log-file.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client Log File
 description: How to Configure the Client Log File
-author: jamiejdt
+author: dansimp
 ms.assetid: dd79f8ce-61e2-4dc8-af03-2a353554a1b2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ You can use the following procedures to configure the Application Virtualization
     **Caution**  
     This registry key value must be set to a value greater than zero to ensure the log file does get reset.
 
-     
+     
 
 **To change the number of backup copies**
 
@@ -90,16 +93,16 @@ You can use the following procedures to configure the Application Virtualization
     
     
 
-     
+     
 
 ## Related topics
 
 
 [How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-file-server.md b/mdop/appv-v4/how-to-configure-the-file-server.md
index 35061111a7..812c78cb2c 100644
--- a/mdop/appv-v4/how-to-configure-the-file-server.md
+++ b/mdop/appv-v4/how-to-configure-the-file-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the File Server
 description: How to Configure the File Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 0977554c-1741-411b-85e7-7e1cd017542f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you are using an Application Virtualization Management Server as a distributi
 **Important**  
 For applications to stream properly to the Application Virtualization Desktop Client and the Client for Remote Desktop Services, the SFT file streams from the content directory on the server where you store the virtual application; the ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different server.
 
- 
+ 
 
 **To configure the Application Virtualization file server**
 
@@ -32,14 +35,14 @@ For applications to stream properly to the Application Virtualization Desktop Cl
     **Note**  
     During the installation procedure, you specify the location of the \\Content directory on the **Content Path** screen.
 
-     
+     
 
 2.  Create a \\Content directory, which corresponds to the directory you specified when you installed the server, on each computer that you are using as a file share.
 
     **Important**  
     Configure the Application Virtualization Desktop Clients to stream applications from the computer you are using as a file share rather than from an Application Virtualization Server or IIS server.
 
-     
+     
 
 3.  When the \\Content directory is created, configure this directory as a standard file share.
 
@@ -56,9 +59,9 @@ For applications to stream properly to the Application Virtualization Desktop Cl
 
 [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-server-for-iis.md b/mdop/appv-v4/how-to-configure-the-server-for-iis.md
index 06a8ac3e32..76119811be 100644
--- a/mdop/appv-v4/how-to-configure-the-server-for-iis.md
+++ b/mdop/appv-v4/how-to-configure-the-server-for-iis.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Server for IIS
 description: How to Configure the Server for IIS
-author: jamiejdt
+author: dansimp
 ms.assetid: 1fcfc583-322f-4a38-90d0-e64bfa9ee3d8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ Before virtual applications can be streamed to the Application Virtualization De
 **Note**  
 If you are using IIS to publish the ICO and OSD files, you must configure a MIME type for OSD=TXT; otherwise, IIS will not serve the ICO and OSD files to clients. If you are using IIS to publish packages (SFT files), you must configure a MIME type for SFT=Binary; otherwise, IIS will not serve the SFT files to clients.
 
- 
+ 
 
 ## Related topics
 
@@ -46,9 +49,9 @@ If you are using IIS to publish the ICO and OSD files, you must configure a MIME
 
 [How to Configure the File Server](how-to-configure-the-file-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md b/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md
index cd01cd456c..04e4ec6328 100644
--- a/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md
+++ b/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Server to be Trusted for Delegation
 description: How to Configure the Server to be Trusted for Delegation
-author: jamiejdt
+author: dansimp
 ms.assetid: d8d11588-17c0-4bcb-a7e6-86b5e4ba7e1c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ When you install the Microsoft Application Virtualization (App-V) Management Ser
 **Note**  
 If you install the App-V Management Server software on a single server and place the data store on a separate server, there is one situation in which you must still configure the server to be trusted for delegation even though the Management Web Service and Management Console are on the same server. This situation occurs if you need to connect to the Management Web Service in the console by using the **Use Alternate Credentials** option.
 
- 
+ 
 
 The type of delegation that you can use depends on the Domain Functional Level that you have configured in your Active Directory Domain Services (AD DS) infrastructure. The following table lists the types of delegation that can be configured for each Domain Functional Level for App-V. Detailed instructions follow the table.
 
@@ -54,7 +57,7 @@ The type of delegation that you can use depends on the Domain Functional Level t
 
 
 
- 
+ 
 
 ¹ Not recommended.
 
@@ -123,9 +126,9 @@ If you are running the Management Web Service on an IIS 7 server, you must compl
 
 3.  Type **appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true**, and then press ENTER.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-user-permissions.md b/mdop/appv-v4/how-to-configure-user-permissions.md
index b993f4fc67..31a1894e7b 100644
--- a/mdop/appv-v4/how-to-configure-user-permissions.md
+++ b/mdop/appv-v4/how-to-configure-user-permissions.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure User Permissions
 description: How to Configure User Permissions
-author: jamiejdt
+author: dansimp
 ms.assetid: 54e69f46-b028-4ad1-9b80-f06ef5c8f559
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md
index 6b168497bb..59c1e3b44c 100644
--- a/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Windows Server 2003 Firewall for App-V
 description: How to Configure Windows Server 2003 Firewall for App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 2c0e80f8-41e9-4164-ac83-b23b132b489a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,14 +26,14 @@ Use the following procedure to configure the Windows Server 2003 firewall for A
     **Note**  
     If the server has not been configured to run the firewall service before this step, you will be prompted to start the firewall service.
 
-     
+     
 
 2.  If ICO and OSD files are published through SMB, ensure that **File and Printer Sharing** is enabled on the **Exceptions** tab.
 
     **Note**  
     If ICO and OSD files are published through HTTP/HTTPS on the Management Server, you might need to add an exception for HTTP or HTTPS. If the IIS server hosting the ICO and OSD files is hosted on a computer separate from the Management Server, you need to add the exception to that computer. To maximize performance, it is recommended that you host the ICO and OSD files on a separate server from the Management Server.
 
-     
+     
 
 3.  Add a program exception for `sghwdsptr.exe`, which is the Management Server service executable. The default path to this executable is `%ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\bin`.
 
@@ -39,7 +42,7 @@ Use the following procedure to configure the Windows Server 2003 firewall for A
 
     The App-V Streaming Server requires a program exception `sglwdsptr.exe` for RTSPS communication. The App-V Streaming Server that uses RTSP for communication also requires a program exception for `sglwsvr.exe`.
 
-     
+     
 
 4.  Ensure that the proper scope is configured for each exception. To reduce risk, remove any computer and strictly limit the IP addresses to which the server will respond.
 
@@ -48,9 +51,9 @@ Use the following procedure to configure the Windows Server 2003 firewall for A
 
 [How to Configure Windows Server 2008 Firewall for App-V](how-to-configure-windows-server-2008-firewall-for-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
index 7e262b2024..7578063d2b 100644
--- a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Windows Server 2008 Firewall for App-V
 description: How to Configure Windows Server 2008 Firewall for App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 57f4ed17-0651-4a3c-be1e-29d9520c6aeb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ If the Management Server is configured to use RTSP, repeat this procedure to add
 
 The App-V Streaming Server requires the program exception `sglwdsptr.exe` for RTSPS communication. An App-V Streaming Server that uses RTSP for communication also requires a program exception for `sglwsvr.exe`.
 
- 
+ 
 
 **To configure Windows Server 2008 firewall for App-V**
 
@@ -46,9 +49,9 @@ The App-V Streaming Server requires the program exception `sglwdsptr.exe` for RT
 
 [How to Configure Windows Server 2003 Firewall for App-V](how-to-configure-windows-server-2003-firewall-for-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md b/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md
index f185fe428f..9321f73949 100644
--- a/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md
+++ b/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Windows Server 2008 for App-V Management Servers
 description: How to Configure Windows Server 2008 for App-V Management Servers
-author: jamiejdt
+author: dansimp
 ms.assetid: 38b4016f-de82-4209-9159-387d20ddee25
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
index 3cd9f48609..097bf0d4b7 100644
--- a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
+++ b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
@@ -1,8 +1,11 @@
 ---
 title: How to Connect to an Application Virtualization System
 description: How to Connect to an Application Virtualization System
-author: jamiejdt
+author: dansimp
 ms.assetid: ac38216c-5464-4c0b-a4d3-3949ba6358ac
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,49 +21,49 @@ You must connect the Application Virtualization Server Management Console to an
 
 **To connect to an Application Virtualization System**
 
-1.  Right-click the Application Virtualization System node in the **Scope** pane, and select **Connect to Application Virtualization System** from the pop-up menu.
+1. Right-click the Application Virtualization System node in the **Scope** pane, and select **Connect to Application Virtualization System** from the pop-up menu.
 
-    **Note**  
-    There are three components to Application Virtualization server management: the Application Virtualization Management Console, the Management Web Service, and the SQL Datastore. If these components are distributed across different physical machines, you must configure security properly for the components to communicate across the system. For more information, see the following manuals and articles:
+   **Note**  
+   There are three components to Application Virtualization server management: the Application Virtualization Management Console, the Management Web Service, and the SQL Datastore. If these components are distributed across different physical machines, you must configure security properly for the components to communicate across the system. For more information, see the following manuals and articles:
 
-    [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkID=166682) (https://go.microsoft.com/fwlink/?LinkID=166682)
+   [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkID=166682) (https://go.microsoft.com/fwlink/?LinkID=166682)
 
-    [Planning and Deployment Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=122063) (https://go.microsoft.com/fwlink/?LinkID=122063)
+   [Planning and Deployment Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=122063) (https://go.microsoft.com/fwlink/?LinkID=122063)
 
-    [Operations Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=133129) (https://go.microsoft.com/fwlink/?LinkID=133129)
+   [Operations Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=133129) (https://go.microsoft.com/fwlink/?LinkID=133129)
 
-    [Article 930472](https://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114647)
+   [Article 930472](https://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114647)
 
-    [Article 930565](https://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114648)
+   [Article 930565](https://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114648)
 
-     
+     
 
-2.  Complete the fields in the **Connect to Application Virtualization System** dialog box:
+2. Complete the fields in the **Connect to Application Virtualization System** dialog box:
 
-    1.  **Web Service Host Name**—Enter the name of the Application Virtualization System to which you want to connect, or enter **localhost** to connect to the local server.
+   1. **Web Service Host Name**—Enter the name of the Application Virtualization System to which you want to connect, or enter **localhost** to connect to the local server.
 
-    2.  **Use Secure Connection**—Select this check box if you want to connect to the server with a secure connection.
+   2. **Use Secure Connection**—Select this check box if you want to connect to the server with a secure connection.
 
-    3.  **Port**—Enter the port number you want to use for the connection. **80** is the default regular port number, and **443** is the secure-port number.
+   3. **Port**—Enter the port number you want to use for the connection. **80** is the default regular port number, and **443** is the secure-port number.
 
-    4.  **Use Current Windows Account**—Select this radio button to use the current Windows account credentials.
+   4. **Use Current Windows Account**—Select this radio button to use the current Windows account credentials.
 
-    5.  **Specify Windows Account**—Select this radio button when you want to connect to the server as a different user.
+   5. **Specify Windows Account**—Select this radio button when you want to connect to the server as a different user.
 
-    6.  **Name**—Enter the name of the new user by using either the *DOMAIN\\username* or the *username@domain* format.
+   6. **Name**—Enter the name of the new user by using either the *DOMAIN\\username* or the username@domain format.
 
-    7.  **Password**—Enter the password that corresponds to the new user.
+   7. **Password**—Enter the password that corresponds to the new user.
 
-3.  Click **OK**.
+3. Click **OK**.
 
 ## Related topics
 
 
 [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-create-a-reportserver.md b/mdop/appv-v4/how-to-create-a-reportserver.md
index 9c6d7df2c3..134036f18f 100644
--- a/mdop/appv-v4/how-to-create-a-reportserver.md
+++ b/mdop/appv-v4/how-to-create-a-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Report
 description: How to Create a Report
-author: jamiejdt
+author: dansimp
 ms.assetid: 70938167-d3b9-45ce-b459-a953c93769b0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,9 +20,9 @@ ms.date: 06/16/2016
 The process for creating a report from the Application Virtualization Server Management Console is the same regardless of the report type. When you select a report type, the window displays a brief description of the selected report.
 
 **Note**  
-  When you create a report, you specify the parameters that are used for collecting the data when the report is run. Until you run a report, no data is collected.
+  When you create a report, you specify the parameters that are used for collecting the data when the report is run. Until you run a report, no data is collected.
 
- 
+ 
 
 **To create a report**
 
@@ -48,9 +51,9 @@ The process for creating a report from the Application Virtualization Server Man
 
 [How to Run a Report](how-to-run-a-reportserver.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-create-a-server-group.md b/mdop/appv-v4/how-to-create-a-server-group.md
index a6aaab96d4..fa407f994a 100644
--- a/mdop/appv-v4/how-to-create-a-server-group.md
+++ b/mdop/appv-v4/how-to-create-a-server-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Server Group
 description: How to Create a Server Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 29ada98b-1024-483d-a3ee-67d4bb263df7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md b/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md
index 9741e22e24..249ed7b0e1 100644
--- a/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md
+++ b/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Virtual Environment for a Web-Based Application
 description: How to Create a Virtual Environment for a Web-Based Application
-author: jamiejdt
+author: dansimp
 ms.assetid: d2b16e9d-369c-4bd6-b2a0-16dd24c0e32c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md b/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md
index dd06f93229..55143333bd 100644
--- a/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create an App-V Project Template (App-V 4.6 SP1)
 description: How to Create an App-V Project Template (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 7e87fba2-b72a-4bc9-92b8-220e25aae99a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use an App-V project template to save commonly applied settings associat
 **Note**  
 You can only apply an App-V project template when you are creating a new virtual application package. Applying project templates to existing virtual application packages is not supported.
 
- 
+ 
 
 For more information about applying an App-V project template, see [How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md).
 
@@ -52,9 +55,9 @@ The following general settings are saved with an App-V project template:
 
 [How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-create-an-application-group.md b/mdop/appv-v4/how-to-create-an-application-group.md
index 37f0a14dc5..4144e95e2f 100644
--- a/mdop/appv-v4/how-to-create-an-application-group.md
+++ b/mdop/appv-v4/how-to-create-an-application-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create an Application Group
 description: How to Create an Application Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 32751511-3d1e-40e5-b21f-d88ea39c76a3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-create-an-application-license-group.md b/mdop/appv-v4/how-to-create-an-application-license-group.md
index 01f92da9f8..e1c6567c65 100644
--- a/mdop/appv-v4/how-to-create-an-application-license-group.md
+++ b/mdop/appv-v4/how-to-create-an-application-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create an Application License Group
 description: How to Create an Application License Group
-author: jamiejdt
+author: dansimp
 ms.assetid: b385324a-8a11-41ee-86e8-8f809235454c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md
index 77bfa2b677..522662b28d 100644
--- a/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create App-V Package Accelerators (App-V 4.6 SP1)
 description: How to Create App-V Package Accelerators (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 585e692e-cebb-48ac-93ab-b2e7eb7ae7ad
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,19 +21,19 @@ You can use App-V Package Accelerators to automatically generate a new virtual a
 
 In some situations, to create the Package Accelerator, you might have to install the application locally on the computer running the Sequencer. First try to create the Package Accelerator by using the installation media, and if there are a number of missing files that are required, install the application locally to the computer running the Sequencer, and then create the Package Accelerator.
 
-**Important**  
+**Important**  
 Before you begin the following procedure, you should do the following:
 
 -   Copy the virtual application package that you must use to create the Package Accelerator locally to the computer running the Sequencer.
 
 -   Copy all required installation files associated with the virtual application package to the computer running the Sequencer.
 
- 
 
-**Important**  
+
+**Important**  
 Disclaimer: The Microsoft Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer.
 
- 
+
 
 **To create an App-V Package Accelerator**
 
@@ -40,45 +43,49 @@ Disclaimer: The Microsoft Application Virtualization Sequencer does not give you
 
 3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.sprj file).
 
-    **Tip**  
+    **Tip**  
     Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
 
-     
 
-    Click **Next**.
 
-4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
+~~~
+Click **Next**.
+~~~
 
-    **Tip**  
-    Copy the folder that contains the required installation files to the computer running the Sequencer.
+4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-     
+   **Tip**  
+   Copy the folder that contains the required installation files to the computer running the Sequencer.
 
-    If the application is already installed on the computer running the Sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
 
-5.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-    **Note**  
-    You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
+~~~
+If the application is already installed on the computer running the Sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
+~~~
 
-     
+5. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-6.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the Package Accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+   **Note**  
+   You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-7.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
 
-    If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
 
-8.  On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+6. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the Package Accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
 
-9.  On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
+7. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+
+   If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
+
+8. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+
+9. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
 
 10. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
 
-    **Important**  
-    To help ensure that the Package Accelerator is as secure as possible, and so that the publisher can be verified when the Package Accelerator is applied, you should always digitally sign the Package Accelerator.
+   **Important**  
+   To help ensure that the Package Accelerator is as secure as possible, and so that the publisher can be verified when the Package Accelerator is applied, you should always digitally sign the Package Accelerator.
+
 
-     
 
 ## Related topics
 
@@ -86,9 +93,9 @@ Disclaimer: The Microsoft Application Virtualization Sequencer does not give you
 Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)
 [How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md b/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md
index 6eadeb3912..c169abd147 100644
--- a/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md
+++ b/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create or Upgrade Virtual Applications Using the App-V Sequencer
 description: How to Create or Upgrade Virtual Applications Using the App-V Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 661d4f8c-2527-4654-9d92-15ecc652c0db
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-create-the-package-root-directory.md b/mdop/appv-v4/how-to-create-the-package-root-directory.md
index 514d146b36..01ba72181f 100644
--- a/mdop/appv-v4/how-to-create-the-package-root-directory.md
+++ b/mdop/appv-v4/how-to-create-the-package-root-directory.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create the Package Root Directory
 description: How to Create the Package Root Directory
-author: jamiejdt
+author: dansimp
 ms.assetid: bcfe3bd4-6c60-409a-8ffa-cc22f27194b1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,16 +30,16 @@ After you have created the package root directory, you can begin sequencing appl
     **Important**  
     The name you assign to virtual application files that will be saved in the package root directory should use the 8.3 naming format. The file names should be no longer than 8 characters with a three-character file name extension.
 
-     
+     
 
 ## Related topics
 
 
 [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md b/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md
index 84092cee4d..6b2e6bc05c 100644
--- a/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md
+++ b/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create the Sequencer Package Root Directory
 description: How to Create the Sequencer Package Root Directory
-author: jamiejdt
+author: dansimp
 ms.assetid: 23fe28f1-c284-43ee-b8b7-1dfbed94eea5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ After you have created the package root directory, you can begin sequencing appl
     **Important**  
     The name you assign to virtual application files that will be saved in the package root directory should use the 8.3 naming format. The file names should be no longer than 8 characters with a three-character file name extension.
 
-     
+     
 
 ## Related topics
 
@@ -38,9 +41,9 @@ After you have created the package root directory, you can begin sequencing appl
 
 [How to Modify the Scratch Directory Location](how-to-modify-the-scratch-directory-location.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md b/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md
index e35e881bb5..49f4a3afc7 100644
--- a/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Customize an Application Virtualization System in the Server Management Console
 description: How to Customize an Application Virtualization System in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: e3a51d1d-451d-46a5-8ae5-f5792d49495b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-delete-a-file-type-association.md b/mdop/appv-v4/how-to-delete-a-file-type-association.md
index 4c11d9bcec..8f12921951 100644
--- a/mdop/appv-v4/how-to-delete-a-file-type-association.md
+++ b/mdop/appv-v4/how-to-delete-a-file-type-association.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a File Type Association
 description: How to Delete a File Type Association
-author: jamiejdt
+author: dansimp
 ms.assetid: bb2dd1cf-9a5d-45a9-aca1-3c53144b73ec
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-delete-a-package-version.md b/mdop/appv-v4/how-to-delete-a-package-version.md
index c4ae2a7bd8..62137f64ca 100644
--- a/mdop/appv-v4/how-to-delete-a-package-version.md
+++ b/mdop/appv-v4/how-to-delete-a-package-version.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Package Version
 description: How to Delete a Package Version
-author: jamiejdt
+author: dansimp
 ms.assetid: a55adb9d-ffa6-4df3-a2d1-5e0c73c35e1b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ From the Application Virtualization Server Management Console, for a package tha
 **Note**  
 When you choose to delete a version, a confirmation box reminds you that client computers might still be using it. You should advise users to exit and unload any applications before you remove a version that is in use.
 
- 
+ 
 
 **To delete a package version**
 
@@ -34,7 +37,7 @@ When you choose to delete a version, a confirmation box reminds you that client
     **Note**  
     If you have users in disconnected operation, their applications will be replaced with the new versions the next time they connect to the servers. After you are sure all users have updated applications, you can delete old versions.
 
-     
+     
 
 ## Related topics
 
@@ -43,9 +46,9 @@ When you choose to delete a version, a confirmation box reminds you that client
 
 [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-delete-a-packageserver.md b/mdop/appv-v4/how-to-delete-a-packageserver.md
index 3d38149924..c63d2eaf35 100644
--- a/mdop/appv-v4/how-to-delete-a-packageserver.md
+++ b/mdop/appv-v4/how-to-delete-a-packageserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Package
 description: How to Delete a Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 23f9c0e9-8910-47df-9fc0-7bbb5bbf2dc9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to delete a package, including all versions
 **Important**  
 When you choose to delete a package, a confirmation box reminds you that this action deletes all its versions. The server will no longer be able to stream the application.
 
- 
+ 
 
 **To delete a package**
 
@@ -36,9 +39,9 @@ When you choose to delete a package, a confirmation box reminds you that this ac
 
 [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-delete-a-reportserver.md b/mdop/appv-v4/how-to-delete-a-reportserver.md
index 672580ca14..2b8a517f7c 100644
--- a/mdop/appv-v4/how-to-delete-a-reportserver.md
+++ b/mdop/appv-v4/how-to-delete-a-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Report
 description: How to Delete a Report
-author: jamiejdt
+author: dansimp
 ms.assetid: 53350b71-1fb5-4f7e-a684-9ea1116c5c3f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md b/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md
index 5d362ad27f..21e583e5b2 100644
--- a/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete All Virtual Applications by Using the Command Line
 description: How to Delete All Virtual Applications by Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: bfe13b5c-825a-4eb1-a979-6c4b8d8b2a9c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to delete all virtual applications from a sp
 **Note**  
 When all applications are deleted from a package, the Application Virtualization (App-V) Client also deletes the package.
 
- 
+ 
 
 **To delete all applications**
 
@@ -30,7 +33,7 @@ When all applications are deleted from a package, the Application Virtualization
     **Note**  
     When all applications are deleted from a package, the Application Virtualization (App-V) Client also deletes the package.
 
-     
+     
 
 ## Related topics
 
@@ -39,9 +42,9 @@ When all applications are deleted from a package, the Application Virtualization
 
 [How to Remove a Package by Using the Command Line](how-to-remove-a-package-by-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-delete-an-administrator-group.md b/mdop/appv-v4/how-to-delete-an-administrator-group.md
index 06eff4cec6..c825492416 100644
--- a/mdop/appv-v4/how-to-delete-an-administrator-group.md
+++ b/mdop/appv-v4/how-to-delete-an-administrator-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete an Administrator Group
 description: How to Delete an Administrator Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 398a8028-e128-4020-bbe2-59ba63b5cd48
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-delete-an-application-server.md b/mdop/appv-v4/how-to-delete-an-application-server.md
index 7c0af9be22..247163a1de 100644
--- a/mdop/appv-v4/how-to-delete-an-application-server.md
+++ b/mdop/appv-v4/how-to-delete-an-application-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete an Application
 description: How to Delete an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 421e7df0-fea3-4cb2-a884-3d04f2223da7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can delete an application through the Application Virtualization Server Mana
 **Note**  
 If this is the only application in a package, deleting it also removes related package data and file associations.
 
- 
+ 
 
 **To delete an application**
 
@@ -38,9 +41,9 @@ If this is the only application in a package, deleting it also removes related p
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-delete-an-application.md b/mdop/appv-v4/how-to-delete-an-application.md
index 50130374b0..4ac8548398 100644
--- a/mdop/appv-v4/how-to-delete-an-application.md
+++ b/mdop/appv-v4/how-to-delete-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete an Application
 description: How to Delete an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 03b0912d-b14a-4522-916d-71f8b77a8a82
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ When you delete an application, the selected application will no longer be avail
 
 After a publishing refresh, the deleted applications will again become available to you.
 
- 
+ 
 
 **To delete an application**
 
@@ -29,9 +32,9 @@ After a publishing refresh, the deleted applications will again become available
 
 2.  At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-deny-access-to-an-application.md b/mdop/appv-v4/how-to-deny-access-to-an-application.md
index 8c29d340d0..e1a9045654 100644
--- a/mdop/appv-v4/how-to-deny-access-to-an-application.md
+++ b/mdop/appv-v4/how-to-deny-access-to-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deny Access to an Application
 description: How to Deny Access to an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 14f5e201-7265-462c-b738-57938dc3fc30
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,7 +32,7 @@ Users must be in an application's **Access Permissions** list to load and use th
     **Note**  
     To control access to applications, you can also limit the application licenses. Setting up the proper user groups in Active Directory Domain Services provides the easiest way to grant and deny access to specific sets of users.
 
-     
+     
 
 ## Related topics
 
@@ -40,9 +43,9 @@ Users must be in an application's **Access Permissions** list to load and use th
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md b/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md
index b3eea268fd..2c88ccb0f0 100644
--- a/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md
+++ b/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Determine Whether to Edit or Upgrade a Virtual Application Package
 description: How to Determine Whether to Edit or Upgrade a Virtual Application Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 33dd5332-6802-46e0-9748-43fcc8f80aa3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
index da0b38d834..140d19db20 100644
--- a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)
 description: How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: 936abee2-98f1-45fb-9f0d-786e1d7464b1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -38,31 +41,31 @@ Use the following table to determine which type of application you should sequen
 
 
    Standard
    
 
    Select this option to create a package that contains an application or a suite of applications. You should select this option for most applications that you plan to sequence.
    
-
    [How to Sequence a New Standard Application (App-V 4.6 SP1)](how-to-sequence-a-new-standard-application--app-v-46-sp1-.md)
    
+
    How to Sequence a New Standard Application (App-V 4.6 SP1)
    
 
 
 
    Add-on or Plug-in
    
-
    Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).
    
-
    [How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md)
    
+
    Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see How To Use Dynamic Suite Composition (https://go.microsoft.com/fwlink/?LinkId=203804).
    
+
    How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)
    
 
 
 
    Middleware
    
-
    Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).
    
-
    [How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md)
    
+
    Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see How To Use Dynamic Suite Composition (https://go.microsoft.com/fwlink/?LinkId=203804).
    
+
    How to Sequence a New Middleware Application (App-V 4.6 SP1)
    
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md b/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md
index d76c9ba4a8..07a83858b4 100644
--- a/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md
+++ b/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md
@@ -1,8 +1,11 @@
 ---
 title: How to Disable or Modify Disconnected Operation Mode Settings
 description: How to Disable or Modify Disconnected Operation Mode Settings
-author: jamiejdt
+author: dansimp
 ms.assetid: 39f166d7-2d25-4899-8405-b45f051facb8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md b/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md
index 531239f910..b92d34564c 100644
--- a/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md
+++ b/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit an Existing Virtual Application
 description: How to Edit an Existing Virtual Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 358b9a69-5695-4c6f-92e1-7ed2b69a2def
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md b/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md
index 2b183ba29a..6930a3459d 100644
--- a/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md
+++ b/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit an OSD File Using a Text Editor
 description: How to Edit an OSD File Using a Text Editor
-author: jamiejdt
+author: dansimp
 ms.assetid: f4263a1b-824f-49b9-8060-b8229c9d9960
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ Use the following procedure to edit an Open Software Descriptor (OSD) file by us
     **Note**  
     Before modifying the OSD file, read the schema prescribed by the XSD file in the install directory. Failing to follow this schema might introduce errors that prevent a sequenced application from starting successfully.
 
-     
+     
 
 2.  Edit the OSD file using your XML or ASCII text editor of choice, adhering to the prescribed schema and the following guidelines:
 
@@ -44,9 +47,9 @@ Use the following procedure to edit an Open Software Descriptor (OSD) file by us
 
 [OSD File Elements](osd-file-elements.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-edit-an-osd-file.md b/mdop/appv-v4/how-to-edit-an-osd-file.md
index 547645c46f..e150953185 100644
--- a/mdop/appv-v4/how-to-edit-an-osd-file.md
+++ b/mdop/appv-v4/how-to-edit-an-osd-file.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit an OSD File
 description: How to Edit an OSD File
-author: jamiejdt
+author: dansimp
 ms.assetid: 0d126ba7-72fb-42ce-982e-90ed01a852c8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,14 +20,14 @@ ms.date: 06/16/2016
 Use the following procedures to modify a sequenced application package's Open Software Descriptor (OSD) file by adding or deleting an element or an attribute.
 
 **Note**  
-  Some elements do not have an attribute, so it is not possible to add an attribute to every element.
+  Some elements do not have an attribute, so it is not possible to add an attribute to every element.
 
- 
+ 
 
 **Important**  
 If you use the OSD editor to change the .sft file name, the HREF attribute of the CODEBASE element in the OSD file, you must use the **Save As** command to save the change to the project files.
 
- 
+ 
 
 **To add an element**
 
@@ -79,9 +82,9 @@ If you use the OSD editor to change the .sft file name, the HREF attribute of th
 
 [Sequencer Console](sequencer-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md b/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md
index 43590eea76..25d48601e0 100644
--- a/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md
+++ b/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md
@@ -1,8 +1,11 @@
 ---
 title: How to Exit the App-V Client from the Notification Area
 description: How to Exit the App-V Client from the Notification Area
-author: jamiejdt
+author: dansimp
 ms.assetid: 71ebf88b-ef51-41a5-ae34-4e197d9d6ee6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-export-a-reportserver.md b/mdop/appv-v4/how-to-export-a-reportserver.md
index 2f32510db2..6580474502 100644
--- a/mdop/appv-v4/how-to-export-a-reportserver.md
+++ b/mdop/appv-v4/how-to-export-a-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Export a Report
 description: How to Export a Report
-author: jamiejdt
+author: dansimp
 ms.assetid: 2f917130-db02-4c72-a45a-7928e51e689e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-grant-access-to-an-application.md b/mdop/appv-v4/how-to-grant-access-to-an-application.md
index a11e351cd0..697afb607b 100644
--- a/mdop/appv-v4/how-to-grant-access-to-an-application.md
+++ b/mdop/appv-v4/how-to-grant-access-to-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Grant Access to an Application
 description: How to Grant Access to an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: e54d9e84-21f5-488f-b040-25f374d9289f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ As the administrator, you can use the Application Virtualization Server Manageme
     **Note**  
     You must set up your groups in Active Directory Domain Services before you attempt to grant access to applications.
 
-     
+     
 
 ## Related topics
 
@@ -46,9 +49,9 @@ As the administrator, you can use the Application Virtualization Server Manageme
 
 [How to Manually Add an Application](how-to-manually-add-an-application.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-import-an-application.md b/mdop/appv-v4/how-to-import-an-application.md
index ad86691bbc..ecaec1c2de 100644
--- a/mdop/appv-v4/how-to-import-an-application.md
+++ b/mdop/appv-v4/how-to-import-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Import an Application
 description: How to Import an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 85aaf5d8-489c-4929-996f-f15d2dab1ad8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,11 +28,11 @@ You can use the following procedure to import an application into the cache dire
     **Note**  
     If you have already configured an import search path or if the SFT file is in the same path as the last successful import, step 2 is not required.
 
-     
+     
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-import-an-applicationserver.md b/mdop/appv-v4/how-to-import-an-applicationserver.md
index 499d7f4655..24b4bce0dd 100644
--- a/mdop/appv-v4/how-to-import-an-applicationserver.md
+++ b/mdop/appv-v4/how-to-import-an-applicationserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Import an Application
 description: How to Import an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: ab40acad-1025-478d-8e13-0e1ff1bd37e4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Typically, you import applications to make them available to stream from an Appl
 **Note**  
 To import an application, you must have its sequenced Open Software Descriptor (OSD) file or its Sequencer Project (SPRJ) file available on the server.
 
- 
+ 
 
 When importing an application, you should make sure the server is configured with a value in the **Default Content Path** field on the **General** tab of the **System Options** dialog (accessible by right-clicking the **Application Virtualization System** node in the App-V Server Console). The default content path value defines where the applications will be imported, and during the import process, this value is used to modify the paths defined in the OSD file for the SFT file and for the icon shortcuts. In the OSD file, the path for the SFT file is specified in the CODEBASE HREF entry and the path for the icons is specified in the SHORTCUTS entry.
 
@@ -40,14 +43,14 @@ During the import process, the protocol, server, and, if present, port specified
 
 
 
-
    \\server\content\
    
-
    http://WebServer/myFolder/package.sft
    
-
    \\server\content\myFolder\package.sft
    
+
    \server\content</p>
+
    http://WebServer/myFolder/package.sft
    
+
    \server\content\myFolder\package.sft
    
 
 
 
 
- 
+ 
 
 **To import an application**
 
@@ -68,7 +71,7 @@ During the import process, the protocol, server, and, if present, port specified
     **Note**  
     Applications sequenced with Sequencer 4.0 populate the **File Associations** dialog box when you import or create them through the management console. Applications with previous Sequencer version packages do not.
 
-     
+     
 
 8.  Click **Next**.
 
@@ -89,9 +92,9 @@ During the import process, the protocol, server, and, if present, port specified
 
 [How to Manually Add an Application](how-to-manually-add-an-application.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-a-database.md b/mdop/appv-v4/how-to-install-a-database.md
index 9068458e9b..884793e4a7 100644
--- a/mdop/appv-v4/how-to-install-a-database.md
+++ b/mdop/appv-v4/how-to-install-a-database.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install a Database
 description: How to Install a Database
-author: jamiejdt
+author: dansimp
 ms.assetid: 52e3a19d-b7cf-4f2c-8268-0f8361cc9766
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to install a database for your server-based
 **Important**  
 To install the database, you must use a network account with the appropriate permissions. If your organization requires that only database administrators are allowed to create and conduct database upgrades, scripts are available that allow this task to be performed.
 
- 
+ 
 
 **To install a database**
 
@@ -38,7 +41,7 @@ To install the database, you must use a network account with the appropriate per
     **Note**  
     If a component is already installed on the computer, by deselecting it on the **Custom Setup** screen it will automatically be uninstalled.
 
-     
+     
 
 7.  On the **Database Server** page, type the passwords, assign an installation path, save the information, and click **Next**.
 
@@ -47,44 +50,44 @@ To install the database, you must use a network account with the appropriate per
     **Note**  
     If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see .
 
-     
+     
 
 9.  On the **Directory Server** screen, enter a domain name and credentials that Application Virtualization Servers and the Management Web Service will use to access your domain controller, save this information, and then click **Next**.
 
     **Note**  
     The installation will default to the domain of the current computer.
 
-     
+     
 
 10. On the **Administrator Group** page, enter the name of a group that will have Administrator privileges, save this information, and then click **Next**.
 
     **Note**  
     You can also enter the first few characters of the name of a group that will have Administration privileges, click **Next**, and on the **Select Administrator Group** screen, select the group from the resulting list. Then save this information and click **Next**.
 
-     
+     
 
 11. On the **Default Provider Group** page, enter the complete name of a group that will control access to applications, save this information, and then click **Next**.
 
     **Note**  
     You can also enter the first few characters of the name of a group that will control access to applications, click **Next**, and on the **Select Default Provider Group** screen, select the group in the list. Then save this information and click **Next**.
 
-     
+     
 
 12. On the **Installation Wizard Completed** page, to close the wizard, click **Finish**.
 
     **Important**  
     The installation can take a few minutes to finish. A status message will flash above the Windows desktop notification area, indicating whether the installation succeeded.
 
-     
+     
 
 ## Related topics
 
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md b/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md
index bd6c0e94d6..83e7e4b7d1 100644
--- a/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md
+++ b/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure the App-V Management Console for a More Secure Environment
 description: How to Install and Configure the App-V Management Console for a More Secure Environment
-author: jamiejdt
+author: dansimp
 ms.assetid: 9d89ef09-cdbf-48fc-99da-b24fc987ef8f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ The default installation of the App-V Management Console includes support for se
     **Important**  
     The name provided in the Web Service Host Name must match the common name on the certificate, or the connection will fail.
 
-     
+     
 
 4.  Select the appropriate login credentials, and click **OK**.
 
@@ -36,9 +39,9 @@ The default installation of the App-V Management Console includes support for se
 
 [Configuring Certificates to Support the App-V Web Management Service](configuring-certificates-to-support-the-app-v-web-management-service.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-and-configure-the-default-application.md b/mdop/appv-v4/how-to-install-and-configure-the-default-application.md
index 3ab24bffab..c5bb0dbe54 100644
--- a/mdop/appv-v4/how-to-install-and-configure-the-default-application.md
+++ b/mdop/appv-v4/how-to-install-and-configure-the-default-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure the Default Application
 description: How to Install and Configure the Default Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 5c5d5ad1-af40-4f83-8234-39e972f2c29a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ Use the following procedures to publish the default application and to stream it
     **Note**  
     You can also use **localhost** for the Web Service Host name if it is installed on the Management Server.
 
-     
+     
 
 6.  In the App-V Management Console, right-click the **Server** node, and click **System Options**.
 
@@ -42,7 +45,7 @@ Use the following procedures to publish the default application and to stream it
     **Important**  
     Use the FQDN for the server name so that the client can resolve the name correctly.
 
-     
+     
 
 8.  In the App-V Management Console, in the navigation pane, expand the **Server** node, and then click **Applications**.
 
@@ -55,7 +58,7 @@ Use the following procedures to publish the default application and to stream it
     **Important**  
     Ensure that the values in both the **OSD Path** and **Icon Path** boxes are in UNC format (for example, \\\\<Server Name>\\Content\\DefaultApp.ico), and point to the Content folder you created when installing the server. Do not use **localhost** or a file path containing a drive letter such as C:\\Program Files\\..\\..\\Content.
 
-     
+     
 
 12. Select the DefaultApp.osd file, and click **Open**.
 
@@ -71,11 +74,11 @@ Use the following procedures to publish the default application and to stream it
 
 18. Locate the line that contains the **HREF** tag, and change it to the following code:
 
-         `CODEBASEHREF=”RTSP://:554/DefaultApp.sft”`
+         `CODEBASEHREF=”RTSP://:554/DefaultApp.sft”`
 
     Or, if you are using RTSPS:
 
-         `CODEBASEHREF=”RTSPS://:322/DefaultApp.sft”`
+         `CODEBASEHREF=”RTSPS://:322/DefaultApp.sft”`
 
 19. Close the DefaultApp.osd file, and save the changes.
 
@@ -92,9 +95,9 @@ Use the following procedures to publish the default application and to stream it
 
 [How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-application-virtualization-management-server.md b/mdop/appv-v4/how-to-install-application-virtualization-management-server.md
index 1ce9715315..0dd33e3482 100644
--- a/mdop/appv-v4/how-to-install-application-virtualization-management-server.md
+++ b/mdop/appv-v4/how-to-install-application-virtualization-management-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install Application Virtualization Management Server
 description: How to Install Application Virtualization Management Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 8184be79-8c27-4328-a3c1-183791b5556c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,10 +21,10 @@ The Application Virtualization Management Server publishes its applications to c
 
 If you have designated a target computer on the network, with a login account having local Administrator privileges, you can use the following procedure to install the Application Virtualization Management Server and assign it to the appropriate server group.
 
-**Note**  
+**Note**  
 The Installation Wizard can create a server group record, if one does not exist, as well as a record of the Application Virtualization Management Server's membership in this group.
 
- 
+
 
 After you complete the installation process, reboot the server.
 
@@ -39,40 +42,42 @@ After you complete the installation process, reboot the server.
 
 6.  On the **Setup Type** page, select **Custom**. Click **Next**. On the **Custom Setup** page, deselect all Application Virtualization System components except **Application Virtualization Server**, and then click **Next**.
 
-    **Caution**  
+    **Caution**  
     If a component is already installed on the computer, when you deselect it in the **Custom Setup** window, the component is automatically uninstalled.
 
-     
+
 
 7.  On the **Configuration Database** page, select a database server from the list of available servers or add a server by selecting **Use the following host name** and specifying the **Server Name** and **Port Number** data. Click **Next**.
 
-    **Note**  
+    **Note**  
     The Application Virtualization Management Server does not support case sensitive SQL.
 
-     
 
-    If a database is available, click the radio button, select the database from the list, and then click **Next**. Setup will upgrade it to this newer version. If the name does not appear in the list, enter the name in the space provided.
 
-    **Note**  
-    When naming a server, do not use the backslash character (/) in the server name.
+~~~
+If a database is available, click the radio button, select the database from the list, and then click **Next**. Setup will upgrade it to this newer version. If the name does not appear in the list, enter the name in the space provided.
 
-    If you need to install a database, see [How to Install a Database](how-to-install-a-database.md). If you would like to create a new database for this version, select **Create a new database** and specify the name that will be assigned to the new database. You can also specify a new location for the database by selecting the check box and entering the path.
+**Note**  
+When naming a server, do not use the backslash character (/) in the server name.
 
-     
+If you need to install a database, see [How to Install a Database](how-to-install-a-database.md). If you would like to create a new database for this version, select **Create a new database** and specify the name that will be assigned to the new database. You can also specify a new location for the database by selecting the check box and entering the path.
+~~~
 
-8.  On the **Connection Security Mode** page, select the desired certificate from the drop-down list. Click **Next**.
 
-    **Note**  
-    The **Secure Connection Mode** setting requires the server to have a server certificate provisioned to it from a public key infrastructure. If a server certificate is not installed on the server, this option is unavailable and cannot be selected. You must grant the Network Service account read access to the certificate being used.
 
-     
+8. On the **Connection Security Mode** page, select the desired certificate from the drop-down list. Click **Next**.
 
-9.  On the **TCP Port Configuration** page, to use the default port (554), select **Use default port (554)**. To specify a custom port, select **Use custom port** and specify the port number that will be used. Click **Next**.
+   **Note**  
+   The **Secure Connection Mode** setting requires the server to have a server certificate provisioned to it from a public key infrastructure. If a server certificate is not installed on the server, this option is unavailable and cannot be selected. You must grant the Network Service account read access to the certificate being used.
+
+
+
+9. On the **TCP Port Configuration** page, to use the default port (554), select **Use default port (554)**. To specify a custom port, select **Use custom port** and specify the port number that will be used. Click **Next**.
+
+   **Note**  
+   When you install the server in a nonsecure environment, you can use the default port (554) or you can define a custom port.
 
-    **Note**  
-    When you install the server in a nonsecure environment, you can use the default port (554) or you can define a custom port.
 
-     
 
 10. On the **Administrator Group** page, specify the name of the security group authorized to manage this server in **Group Name**. Click **Next**. Confirm the group specified and click **Next**.
 
@@ -80,37 +85,37 @@ After you complete the installation process, reboot the server.
 
 12. On the **Content Path** page, specify the location on the target computer where SFT files will be saved, and then click **Next**.
 
-    **Note**  
-    If the HTTP or RTSP port for the Management Server is already allocated, you will be prompted to choose a new port. Select the desired port, and then click **Next**.
+   **Note**  
+   If the HTTP or RTSP port for the Management Server is already allocated, you will be prompted to choose a new port. Select the desired port, and then click **Next**.
+
 
-     
 
 13. On the **Ready to Install the Program** page, to install the Application Virtualization Management Server, click **Install**.
 
-    **Note**  
-    If error 25120 is displayed when you try to complete this step, you need to enable IIS **Management Scripts and Tools**. To enable this Windows feature, open the **Programs and Features** control panel, select **Turn Windows features on or off**, and navigate to **Internet Information Services.**
+   **Note**  
+   If error 25120 is displayed when you try to complete this step, you need to enable IIS **Management Scripts and Tools**. To enable this Windows feature, open the **Programs and Features** control panel, select **Turn Windows features on or off**, and navigate to **Internet Information Services.**
+
+   Under **Web Management Tools**, enable **IIS Management Scripts and Tools**.
 
-    Under **Web Management Tools**, enable **IIS Management Scripts and Tools**.
 
-     
 
 14. On the **Installation Wizard Completed** screen, to close the wizard, click **Finish**.
 
-    **Important**  
-    The installation can take a few minutes to finish. A status message will flash above the Windows desktop notification area, indicating that the installation succeeded.
+   **Important**  
+   The installation can take a few minutes to finish. A status message will flash above the Windows desktop notification area, indicating that the installation succeeded.
+
+   It is not necessary to reboot the computer when prompted. However, to optimize system performance, a reboot is recommended.
 
-    It is not necessary to reboot the computer when prompted. However, to optimize system performance, a reboot is recommended.
 
-     
 
 ## Related topics
 
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md
index 39fa69f86b..e2f80c72dd 100644
--- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md
+++ b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V Client by Using Setup.exe
 description: How to Install the App-V Client by Using Setup.exe
-author: jamiejdt
+author: dansimp
 ms.assetid: 106a5d97-b5f6-4a16-bf52-a84f4d558c74
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
index 66e297f4d5..f5b25c5517 100644
--- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
+++ b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V Client by Using Setup.msi
 description: How to Install the App-V Client by Using Setup.msi
-author: jamiejdt
+author: dansimp
 ms.assetid: 7221f384-36d6-409a-94a2-86f54fd75322
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,22 +27,22 @@ You can use the following procedures to install the prerequisite software. You c
 **Note**  
 The x86 versions of the following software are required for both x86 and x64 versions of the App-V client.
 
- 
+ 
 
 **To install Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**
 
-1.  Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=119961). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
+1. Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
 
-2.  To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
+2. To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
 
-3.  To install the software by using the vcredist\_x86.msi file, use the command-line option “/C /T:<fullpathtofolder>” to extract the files vcredist.msi and vcredis1.cab from vcredist\_x86.exe to a temporary folder. To install silently, use the command-line option /quiet—for example, **msiexec /i vcredist.msi** /quiet.
+3. To install the software by using the vcredist\_x86.msi file, use the command-line option “/C /T:<fullpathtofolder>” to extract the files vcredist.msi and vcredis1.cab from vcredist\_x86.exe to a temporary folder. To install silently, use the command-line option /quiet—for example, **msiexec /i vcredist.msi** /quiet.
 
 ### To install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
 
 **Important**  
 For version 4.6 and later of the App-V client, you must also install the Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update.
 
- 
+ 
 
 ****
 
@@ -62,7 +65,7 @@ When installing Microsoft Application Error Reporting, you must use the *APPGUID
 **Important**  
 For App-V 4.6 SP2 and later, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V now uses Microsoft Error Reporting.
 
- 
+ 
 
 @@ -126,14 +129,14 @@ For App-V 4.6 SP2 and later, you no longer need to install Microsoft Applicati
 
    
 

 
    
 
- 
+ 
 
 ¹ App-V “Languages” release.
 
 **Note**  
 If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](https://go.microsoft.com/fwlink/?LinkId=150008) (https://go.microsoft.com/fwlink/?LinkId=150008).
 
- 
+ 
 
 ****
 
@@ -141,7 +144,7 @@ If you need to find the product code, you can use the Orca.exe database editor o
 
 2.  To install the software, run the following command:
 
-         **msiexec /i dw20shared.msi APPGUID={valuefromtable} REBOOT=Suppress REINSTALL=ALL REINSTALLMODE=vomus**
+         **msiexec /i dw20shared.msi APPGUID={valuefromtable} REBOOT=Suppress REINSTALL=ALL REINSTALLMODE=vomus**
 
 ## Installing the App-V Client by Using the Setup.msi Program
 
@@ -167,16 +170,16 @@ Use the following procedure to install the App-V client. Ensure that any necessa
 
     -   To turn on installation logging, use the msiexec switch **/l\*v filename.log**.
 
-     
+     
 
 ## Related topics
 
 
 [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md b/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md
index 07a3629e4f..d9c4fb364b 100644
--- a/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Application Virtualization Sequencer
 description: How to Install the Application Virtualization Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 89cdf60d-18b0-4204-aa9f-b402610f8f0e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ You must have administrative rights on the computer you are using to sequence th
 **Important**  
 After you have sequenced an application, before you can properly sequence a new application you must reinstall the operating system and the Sequencer on the computer you are using to sequence applications.
 
- 
+ 
 
 **To install the Microsoft Application Virtualization Sequencer**
 
@@ -46,9 +49,9 @@ After you have sequenced an application, before you can properly sequence a new
 
 [Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md b/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md
index 7f24b3d96d..0cd8731539 100644
--- a/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md
+++ b/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Application Virtualization Streaming Server
 description: How to Install the Application Virtualization Streaming Server
-author: jamiejdt
+author: dansimp
 ms.assetid: a3065257-fb5a-4d92-98f8-7ef996c61db9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you have designated a target computer on the network, with a logon account ha
 **Note**  
 The Installation Wizard can create a server group record, if one does not exist, and a record of the Application Virtualization Streaming Server membership in this group.
 
- 
+ 
 
 After you complete the installation process, restart the server.
 
@@ -32,7 +35,7 @@ After you complete the installation process, restart the server.
     **Important**  
     Make sure that the App-V Management Server is not installed on this computer. The two products cannot be installed on the same computer.
 
-     
+     
 
 2.  Navigate to the location of the Application Virtualization System Setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click the **Setup.exe** file.
 
@@ -49,21 +52,21 @@ After you complete the installation process, restart the server.
     **Note**  
     The **Secure Connection Mode** setting requires the server to have a server certificate provisioned to it from a public key infrastructure. If a server certificate is not installed on the server, this option is unavailable and cannot be selected. You must grant the Network Service account read access to the certificate being used.
 
-     
+     
 
 8.  On the **TCP Port Configuration** page, to use the standard port (554), select **Use default port (554)**. To specify a custom port, select **Use custom port**, specify the port number in the field provided, and then click **Next**.
 
     **Note**  
     When you install the server in a nonsecure scenario, you can use the default port (554), or you can define a custom port.
 
-     
+     
 
 9.  On the **Content Root** page, specify the location on the target computer where SFT files will be saved, and then click **Next**.
 
     **Note**  
     If the HTTP or RTSP port for the Virtual Application Streaming Server is already allocated, you will be prompted to select a new port. Specify the desired port, and then click **Next**.
 
-     
+     
 
 10. On the **Advanced Setting** screen, enter the following information:
 
@@ -90,7 +93,7 @@ After you complete the installation process, restart the server.
     **Note**  
     The App-V Streaming Server uses NTFS file system permissions to control access to the applications under the Content share. Use **Enable User authentication** and **Enable User authorization** to control whether the server checks and enforces those access control lists (ACLs) or not.
 
-     
+     
 
 11. On the **Ready to Install the Program** page, to start the installation, click **Install**.
 
@@ -101,7 +104,7 @@ After you complete the installation process, restart the server.
 
     It is not required to restart the computer when you are prompted. However, to optimize system performance, we recommend a restart.
 
-     
+     
 
 13. Repeat Steps 1–12 for each Virtual Application Server that you have to install.
 
@@ -110,9 +113,9 @@ After you complete the installation process, restart the server.
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
index a5d11fe84d..ab7c6ff130 100644
--- a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
+++ b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Client by Using the Command Line
 description: How to Install the Client by Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: ed372403-64ff-48ff-a3cd-a46cad04a4d5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,21 +24,21 @@ You can use optional command-line parameters to apply specific configuration set
 **Note**  
 When you install the App-V client to use with a read-only cache, for example with a VDI server implementation, you must set the *AUTOLOADTARGET* parameter to NONE to prevent the client from trying to update applications when the cache is read-only.
 
- 
+ 
 
 For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=169355) (https://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide.
 
 **Note**  
 If a configuration setting on the user’s computer depends on the client installation path, note that the Application Virtualization (App-V) 4.5 client copies its installation files to a different folder than previous versions did. By default, a new installation of the App-V 4.5 client will copy its installation files to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, running the App-V 4.5 client installer will perform an upgrade of the existing client using the existing installation folder.
 
- 
+ 
 
 \[Template Token Value\]
 
 **Note**  
 For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is copied to the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is copied to the Windows\\SysWOW64 directory.
 
- 
+ 
 
 \[Template Token Value\]
 
@@ -61,9 +64,9 @@ Provides step-by-step procedures for installing any prerequisite software and al
 
 [How to Uninstall the App-V Client](how-to-uninstall-the-app-v-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-management-console.md b/mdop/appv-v4/how-to-install-the-management-console.md
index ceca43b0e3..1f584040a8 100644
--- a/mdop/appv-v4/how-to-install-the-management-console.md
+++ b/mdop/appv-v4/how-to-install-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Management Console
 description: How to Install the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 586d99c8-bca6-42e2-a39c-a696053142f1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,14 +40,14 @@ Before you can complete this procedure, you must install the Application Virtual
     **Note**  
     If a component is already installed on the computer, by deselecting it on the Custom Setup screen, it will automatically be uninstalled.
 
-     
+     
 
 8.  On the **Ready to Modify the Program** screen, click **Install**.
 
     **Note**  
     If this is the first component you install, the **Ready to Install the Program** page is displayed. To start the installation, click **Install**.
 
-     
+     
 
 9.  On the **Installation Wizard Completed** screen, click **Finish**. Click **Okay** to restart the computer and complete the installation.
 
@@ -61,9 +64,9 @@ Before you can complete this procedure, you must install the Application Virtual
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-management-web-service.md b/mdop/appv-v4/how-to-install-the-management-web-service.md
index 798238bc4a..66cdda0365 100644
--- a/mdop/appv-v4/how-to-install-the-management-web-service.md
+++ b/mdop/appv-v4/how-to-install-the-management-web-service.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Management Web Service
 description: How to Install the Management Web Service
-author: jamiejdt
+author: dansimp
 ms.assetid: cac296f5-8ca0-4ce7-afdb-859ae207d2f1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,21 +36,21 @@ Use the following procedure to install the Application Virtualization Management
     **Note**  
     If this is not the first component you installed on this computer, the **Program Maintenance** page is displayed. On the **Program Maintenance** page, click **Modify**.
 
-     
+     
 
 7.  On the **Custom Setup** page, clear all Application Virtualization System components except **App Virt Management Service**, and then click **Next**.
 
     **Note**  
     If a component is already installed on the computer, by clearing it on the **Custom Setup** page, you will automatically uninstall it.
 
-     
+     
 
 8.  On the **Database Server** page, click **Connect to available database**, and then click **Next**.
 
     **Note**  
     In a production environment, Microsoft assumes that you will connect to an existing database. If you want to install a database, see [How to Install a Database](how-to-install-a-database.md). After installing the database, continue with step 13.
 
-     
+     
 
 9.  On the **Database Server Type** page, select a database type from the list, and then click **Next**.
 
@@ -62,7 +65,7 @@ Use the following procedure to install the Application Virtualization Management
     **Note**  
     If this is the first component you install, the **Ready to Install the Program** page is displayed. On the page, click **Install**.
 
-     
+     
 
 14. On the **Installation Wizard Completed** page, click **Finish**.
 
@@ -71,9 +74,9 @@ Use the following procedure to install the Application Virtualization Management
 
 [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md b/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md
index 497af4346f..ce132d4f49 100644
--- a/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Sequencer (App-V 4.6 SP1)
 description: How to Install the Sequencer (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: fe8eb876-28fb-46ae-b592-da055107e639
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,10 +21,10 @@ The Microsoft Application Virtualization (App-V) Sequencer monitors and records
 
 You must have administrative credentials on the computer you are using to sequence the application, and the computer must not be running any version of App-V client. Creating a virtual application by using the App-V Sequencer requires multiple operations, so it is important that you install the Sequencer on a computer that meets or exceeds the [Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md).
 
-**Note**  
+**Note**  
 Running the App-V sequencer in Safe Mode is not supported.
 
- 
+
 
 **To install the Microsoft Application Virtualization Sequencer**
 
@@ -37,38 +40,40 @@ Running the App-V sequencer in Safe Mode is not supported.
 
 6.  On the **Virtual Drive** page, to configure the Application Virtualization default drive **Q:\\** (default) as the drive that all sequenced applications will run from, click **Next**. If you want to specify a different drive letter, use the list and select the drive letter that you want to use by selecting the appropriate drive letter, and then click **Next**.
 
-    **Important**  
+    **Important**  
     The Application Virtualization drive letter specified with this step is the drive letter that virtual applications will be run from on target computers. The drive letter specified must be available, and not currently in use on the computers running the App-V client. If the specified drive is already in use, the virtual application fails on the target computer.
 
-     
+
 
 7.  On the **Ready to Install the Program** page, to start the installation, click **Install**.
 
 8.  On the **InstallShield Wizard Completed** page, to close the installation wizard and open the App-V Sequencer, click **Finish**. To close the installation wizard without opening the Sequencer, clear **Launch the program**, and then click **Finish**.
 
-    **Note**  
+    **Note**  
     If you installed the App-V Sequencer on a computer running a virtual environment, for example a virtual machine, you must now take a snapshot. After you sequence an application, you can revert to this image, so you can sequence the next application.
 
-     
 
-    When you uninstall the Sequencer, the following registry keys are not removed from the computer that the Sequencer was installed on. Additionally, you must restart the computer after you have uninstalled the Sequencer so that all associated drivers can be stopped and the operation can be completed.
 
-    -   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid**
+~~~
+When you uninstall the Sequencer, the following registry keys are not removed from the computer that the Sequencer was installed on. Additionally, you must restart the computer after you have uninstalled the Sequencer so that all associated drivers can be stopped and the operation can be completed.
 
-    -   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5**
+-   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid**
 
-    -   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard**
+-   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5**
 
-    -   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\SecKey**
+-   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard**
+
+-   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\SecKey**
+~~~
 
 ## Related topics
 
 
 [Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)](configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-install-the-sequencer.md b/mdop/appv-v4/how-to-install-the-sequencer.md
index 664a0a4e21..411a6c5b05 100644
--- a/mdop/appv-v4/how-to-install-the-sequencer.md
+++ b/mdop/appv-v4/how-to-install-the-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Sequencer
 description: How to Install the Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 2cd16427-a0ba-4870-82d1-3e3c79e1959b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-install-the-servers-and-system-components.md b/mdop/appv-v4/how-to-install-the-servers-and-system-components.md
index adc9632f14..a5fa8f0893 100644
--- a/mdop/appv-v4/how-to-install-the-servers-and-system-components.md
+++ b/mdop/appv-v4/how-to-install-the-servers-and-system-components.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Servers and System Components
 description: How to Install the Servers and System Components
-author: jamiejdt
+author: dansimp
 ms.assetid: c6f5fef0-522a-4ef1-8585-05b292d0289b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Before you can deliver applications to users, you must install the Microsoft App
 **Note**  
 The procedures in this section take you through a customized installation, where you pick and choose components to install on separate computers, as recommended in a production environment. However, your operating procedures might dictate a different approach, and during the installation process you might want to group components together. Regardless of where you install the components, you can install them in any order.
 
- 
+ 
 
 ## In This Section
 
@@ -51,9 +54,9 @@ Provides step-by-step procedures to remove all or selected Application Virtualiz
 
 [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-load-files-and-packages.md b/mdop/appv-v4/how-to-load-files-and-packages.md
index 3c2911f088..21dc909c70 100644
--- a/mdop/appv-v4/how-to-load-files-and-packages.md
+++ b/mdop/appv-v4/how-to-load-files-and-packages.md
@@ -1,8 +1,11 @@
 ---
 title: How to Load Files and Packages
 description: How to Load Files and Packages
-author: jamiejdt
+author: dansimp
 ms.assetid: f86f5bf1-99a4-44d7-ae2f-e6049c482f68
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to load files and packages on Application Vi
 **Note**  
 During the installation process, you specified the location of the \\Content directory on the **Content Path** page. This directory should be created and configured as a standard file share before you point to its location.
 
- 
+ 
 
 **To load files and packages**
 
@@ -38,16 +41,16 @@ During the installation process, you specified the location of the \\Content dir
 
         The App-V Clients must be properly configured to retrieve applications and packages from Web servers and file servers. For more information, see [How to Configure the Client for Application Package Retrieval](how-to-configure-the-client-for-application-package-retrieval.md).
 
-         
+         
 
 ## Related topics
 
 
 [Application Virtualization Server](application-virtualization-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-load-or-unload-an-application.md b/mdop/appv-v4/how-to-load-or-unload-an-application.md
index de88b69c47..94fce4808b 100644
--- a/mdop/appv-v4/how-to-load-or-unload-an-application.md
+++ b/mdop/appv-v4/how-to-load-or-unload-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Load or Unload an Application
 description: How to Load or Unload an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 8c149761-c591-433f-972b-91793a69c654
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedures to load or unload an application from the c
 **Note**  
 When you load or unload a package, all the applications in the package are loaded into or removed from cache. When loading a package, if you do not have adequate space in cache to load the applications, increase your cache size. For more information about cache size, see [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md).
 
- 
+ 
 
 **To load an application**
 
@@ -38,9 +41,9 @@ When you load or unload a package, all the applications in the package are loade
 
 [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md
index 1268f7e43e..6443110c20 100644
--- a/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md
+++ b/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md
@@ -1,8 +1,11 @@
 ---
 title: How to Load Virtual Applications from the Desktop Notification Area
 description: How to Load Virtual Applications from the Desktop Notification Area
-author: jamiejdt
+author: dansimp
 ms.assetid: f52758eb-8b81-4b3c-9bc3-adcf7c00c238
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ The applications are loaded one application at a time. The progress bar shows yo
 **Note**  
 If your system encounters an error while loading an application, it reports the error to you. You must dismiss the error dialog before it will load the next application.
 
- 
+ 
 
 **To load all applications**
 
@@ -46,9 +49,9 @@ If your system encounters an error while loading an application, it reports the
 
 [How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-lock-or-unlock-an-application.md b/mdop/appv-v4/how-to-lock-or-unlock-an-application.md
index 8231f3d1b1..8913276ecd 100644
--- a/mdop/appv-v4/how-to-lock-or-unlock-an-application.md
+++ b/mdop/appv-v4/how-to-lock-or-unlock-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Lock or Unlock an Application
 description: How to Lock or Unlock an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: 8c65d4fd-f336-447f-8c0a-6d65aec9fd00
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md
index 0f94beae1e..67680da087 100644
--- a/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Application Groups in the Server Management Console
 description: How to Manage Application Groups in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 46997971-bdc8-4565-aefd-f47e90d6d7a6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ You can create a group, place it where you would like in the console's **Applica
 **Note**  
 Moving applications into groups does not affect the locations of their files (SFT, OSD, or SPRJ) on the server's file system.
 
- 
+ 
 
 ## In This Section
 
@@ -55,9 +58,9 @@ Provides step-by-step instructions for removing or deleting an application group
 
 [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md
index b08b55ef46..279a9aaa89 100644
--- a/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Application Licenses in the Server Management Console
 description: How to Manage Application Licenses in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 48503b04-0de7-48de-98ee-4623a712a341
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Application Virtualization Server Management Console is the interface you us
 **Important**  
 If the App-V client Application Source Root (ASR) setting is configured to use any type of streaming source other than the Management Server, for example a Streaming Server, an IIS server, or a File server, then the Management Server is unable to enforce its licensing policy.
 
- 
+ 
 
 ## In This Section
 
@@ -50,9 +53,9 @@ Provides a procedure for creating a new unlimited license group, allowing specif
 
 [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md b/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md
index 2a5d5c75b8..5c28780e12 100644
--- a/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md
+++ b/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Applications in the Client Management Console
 description: How to Manage Applications in the Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 15cb5133-539b-499d-adca-ed02da20194a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md
index 2f8009de9e..636e572699 100644
--- a/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Applications in the Server Management Console
 description: How to Manage Applications in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 21139a77-9f0f-4787-8173-a7766966ff7f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md
index 88410561d7..59097cac45 100644
--- a/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Packages in the Server Management Console
 description: How to Manage Packages in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: d13d3896-8575-4d2a-8bb4-1fe15d79c390
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
index 28716cef38..a8f2d9bbe5 100644
--- a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Reports in the Server Management Console
 description: How to Manage Reports in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 28d99620-6339-43f6-9288-4aa958607c59
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md
index 0c860be72f..2717afbee8 100644
--- a/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Servers in the Server Management Console
 description: How to Manage Servers in the Server Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 6e851c74-ea86-4fef-bb0c-e690e8e7e7eb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md b/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md
index 2776040187..1f9c00705d 100644
--- a/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md
+++ b/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage the App-V Client Cache Using Performance Counters
 description: How to Manage the App-V Client Cache Using Performance Counters
-author: jamiejdt
+author: dansimp
 ms.assetid: 49d6c3f2-68b8-4c69-befa-7598a8737d05
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,16 +32,16 @@ You can use the following procedure to determine how much free space is availabl
     **Important**  
     The App-V performance counters are implemented in a 32-bit DLL, so to see them, you must use the following command to start the 32-bit version of Performance Monitor: **mmc /32 perfmon.msc**. This command must be run directly on the computer being monitored and cannot be used to monitor a remote computer running a 64-bit operating system.
 
-     
+     
 
 ## Related topics
 
 
 [How to Manage Virtual Applications by Using the Command Line](how-to-manage-virtual-applications-by-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md b/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md
index b684e13c53..3002ee21c9 100644
--- a/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Virtual Applications by Using the Command Line
 description: How to Manage Virtual Applications by Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: 88c61c20-5243-4862-83eb-5b30825f8bbf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-manually.md b/mdop/appv-v4/how-to-manage-virtual-applications-manually.md
index 0d70f51823..9b3d5d2637 100644
--- a/mdop/appv-v4/how-to-manage-virtual-applications-manually.md
+++ b/mdop/appv-v4/how-to-manage-virtual-applications-manually.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Virtual Applications Manually
 description: How to Manage Virtual Applications Manually
-author: jamiejdt
+author: dansimp
 ms.assetid: 583c5255-d3f4-4197-85cd-2a59868d85de
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ You can use the following procedures to load or unload an application from the c
 **Note**  
 When you load or unload a package, all the applications in the package are loaded into or removed from cache. When loading a package, if you do not have adequate space in cache to load the applications, increase your cache size. For more information about cache size, see [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md).
 
- 
+ 
 
 **To load an App-V application**
 
@@ -46,7 +49,7 @@ You can clear an application from the console directly from the **Results** pane
 **Note**  
 When you clear an application from the console, you can no longer use that application. However, the application remains in cache and is still available to other users on the same system. After a publishing refresh, the cleared applications will again become available to you. If there are multiple applications in a package, the user's settings are not removed until all of the applications are cleared.
 
- 
+ 
 
 **To clear an application from the console**
 
@@ -81,7 +84,7 @@ You can use the following procedure to import an application into the cache dire
     **Note**  
     If you have already configured an import search path or if the SFT file is in the same path as the last successful import, step 2 is not required.
 
-     
+     
 
 ## How to lock or unlock an App-V application
 
@@ -110,7 +113,7 @@ When you delete an application, the selected application will no longer be avail
 
 After a publishing refresh, the deleted applications will again become available to you.
 
- 
+ 
 
 **To delete an application**
 
@@ -228,9 +231,9 @@ You can use the following procedure to delete a file type association. The **Fil
 
 [Application Virtualization Client](application-virtualization-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md b/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md
index b9add15307..4048f3c6ba 100644
--- a/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Virtual Applications Using the Command Line
 description: How to Manage Virtual Applications Using the Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: 9394f34d-2b1e-4ea7-bf6f-1f56101ab4de
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manually-add-an-application.md b/mdop/appv-v4/how-to-manually-add-an-application.md
index 0065407e6b..965954b973 100644
--- a/mdop/appv-v4/how-to-manually-add-an-application.md
+++ b/mdop/appv-v4/how-to-manually-add-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manually Add an Application
 description: How to Manually Add an Application
-author: jamiejdt
+author: dansimp
 ms.assetid: c635b07a-5c7f-4ab2-ba18-366457146cb9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
index 3d83f8c071..014d912472 100644
--- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
+++ b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manually Install the Application Virtualization Client
 description: How to Manually Install the Application Virtualization Client
-author: jamiejdt
+author: dansimp
 ms.assetid: bb67f70b-d525-4317-b254-e4f084c717ab
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,19 +17,19 @@ ms.date: 08/30/2016
 # How to Manually Install the Application Virtualization Client
 
 
-There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md).
+There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md).
 
-**Note**  
-1.  If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md).
+**Note**  
+1.  If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md).
 
-2.  If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder.
+2.  If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder.
 
- 
 
-**Note**  
-For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory.
 
- 
+**Note**  
+For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory.
+
+
 
 **To manually install Application Virtualization Desktop Client**
 
@@ -40,30 +43,32 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
 
 5.  The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them:
 
-    -   Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
+    -   Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
 
-    -   Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
+    -   Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
 
     -   Microsoft Application Error Reporting
 
-    **Note**  
-    For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
+    **Note**  
+    For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
 
-    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see  (https://go.microsoft.com/fwlink/?LinkId=150700).
+    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see  (https://go.microsoft.com/fwlink/?LinkId=150700).
 
-     
 
-    If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
 
-6.  When the **Microsoft Application Virtualization Desktop Client – InstallShield Wizard** is displayed, click **Next**.
+~~~
+If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
+~~~
 
-7.  The **License Agreement** screen is displayed. Read the license agreement, and if you agree, click **I accept the terms in the license agreement** and then click **Next**.
+6. When the **Microsoft Application Virtualization Desktop Client – InstallShield Wizard** is displayed, click **Next**.
 
-    Optionally, you can click the button to read the Privacy Statement. You must be connected to the Internet to access the Privacy Statement.
+7. The **License Agreement** screen is displayed. Read the license agreement, and if you agree, click **I accept the terms in the license agreement** and then click **Next**.
 
-8.  On the **Setup Type** screen, select the setup type. Click **Typical** to use the default program values, or click **Custom** if you want to configure the program settings during installation.
+   Optionally, you can click the button to read the Privacy Statement. You must be connected to the Internet to access the Privacy Statement.
 
-9.  If you choose **Typical**, the next screen displays **Ready to Install the Program**. Click **Install** to begin the installation.
+8. On the **Setup Type** screen, select the setup type. Click **Typical** to use the default program values, or click **Custom** if you want to configure the program settings during installation.
+
+9. If you choose **Typical**, the next screen displays **Ready to Install the Program**. Click **Install** to begin the installation.
 
 10. If you choose **Custom**, the **Destination Folder** screen appears.
 
@@ -71,71 +76,75 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
 
 12. On the **Application Virtualization Data Location** screen, click **Next** to accept the default data locations or complete the following actions to change where the data is stored:
 
-    1.  Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data.
+   1.  Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data.
 
-    2.  If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list.
+   2.  If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list.
 
-    3.  Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications.
+   3.  Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications.
 
-        **Note**  
-        This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user.
+       **Note**  
+       This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user.
 
-         
 
-    4.  When you have finished making the changes, click **Next**.
+
+   4.  When you have finished making the changes, click **Next**.
 
 13. On the **Cache Size Settings** screen, you can accept or change the default cache size. Click one of the following radio buttons to choose how to manage the cache space:
 
-    1.  **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache.
+   1.  **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache.
 
-    2.  **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused.
+   2.  **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused.
 
-    **Important**  
-    To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**.
+   **Important**  
+   To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**.
 
-     
 
-    Click **Next** to continue.
+
+~~~
+Click **Next** to continue.
+~~~
 
 14. In the following sections of the **Runtime Package Policy Configuration** screen, you can change the parameters that affect how the Application Virtualization client behaves during runtime:
 
-    1.  **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file.
+   1.  **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file.
 
-    2.  **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application.
+   2.  **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application.
 
-    3.  **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share.
+   3.  **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share.
 
-    4.  **Automatically Load Application**. Controls when and how automatic background loading of applications occurs.
+   4.  **Automatically Load Application**. Controls when and how automatic background loading of applications occurs.
 
-        **Note**  
-        When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache.
+       **Note**  
+       When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache.
 
-         
 
-    Click **Next** to continue.
+
+~~~
+Click **Next** to continue.
+~~~
 
 15. On the **Publishing Server** screen, select the **Set up a Publishing Server now** check box if you want to define a publishing server, or click **Next** if you want to complete this later. To define a publishing server, specify the following information:
 
-    1.  **Display Name**—Enter the name you want to display for the server.
+   1.  **Display Name**—Enter the name you want to display for the server.
 
-    2.  **Type**—Select the server type from the drop-down list of server types.
+   2.  **Type**—Select the server type from the drop-down list of server types.
 
-    3.  **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs.
+   3.  **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs.
 
-    4.  **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active.
+   4.  **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active.
 
-    5.  **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client.
+   5.  **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client.
 
-    6.  When finished with the configuration steps, click **Next**.
+   6.  When finished with the configuration steps, click **Next**.
 
 16. On the **Ready to Install the Program** screen, click **Install**. A screen is displayed that shows the progress of the installation.
 
 17. On the **Install Wizard Completed** screen, click **Finish**.
 
-    **Note**  
-    If the installation fails for any reason, you might need to restart the computer before trying the install again.
+   **Note**  
+   If the installation fails for any reason, you might need to restart the computer before trying the install again.
+
 
-     
 
 ## Related topics
 
@@ -144,9 +153,9 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
 
 [Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md b/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md
index 77867470cd..e681bb817e 100644
--- a/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md
+++ b/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manually Manage Applications in the Client Management Console
 description: How to Manually Manage Applications in the Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: e29caa22-325d-457b-a177-a11f8a8ad57c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md b/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md
index 337d7e6c61..f2489eb2f5 100644
--- a/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md
+++ b/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Migrate the App-V SQL Database to a Different SQL Server
 description: How to Migrate the App-V SQL Database to a Different SQL Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 353892a1-9327-4489-a19c-4ec7bd1b736f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following procedures describe in detail how to migrate the SQL database of t
 **Important**  
 This procedure requires that the App-V server service is stopped and this will prevent end-users from using their applications.
 
- 
+ 
 
 **To back up the App-V SQL database**
 
@@ -107,9 +110,9 @@ This procedure requires that the App-V server service is stopped and this will p
 
 7.  Open the App-V Management Console, right-click the **Applications** node and select **Refresh**. The list of applications should be displayed as before.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md b/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md
index 2c20fd4f76..be75e8d6aa 100644
--- a/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md
+++ b/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify a Virtual Application Package (App-V 4.6)
 description: How to Modify a Virtual Application Package (App-V 4.6)
-author: jamiejdt
+author: eavena
 ms.assetid: 346ec470-3822-48a7-95e7-61f46eb38dc2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md b/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md
index b60b6bbe41..af10891ff9 100644
--- a/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)
 description: How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)
-author: jamiejdt
+author: dansimp
 ms.assetid: f43a9927-4325-4b2d-829f-3068e4e84349
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Important**  
     If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files are added to the package.
 
-     
+     
 
 6.  On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
@@ -48,7 +51,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Note**  
     The sequencer monitors all changes and installations to the computer running the sequencer, including the changes and installations that are performed outside of the sequencing wizard.
 
-     
+     
 
 8.  On the **Installation Report** page, you can review information about the virtual application you just updated. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
@@ -57,7 +60,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Note**  
     If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop**, and then click one of the following options, **Stop all applications** or **Stop this application only**, depending on what you want.
 
-     
+     
 
 10. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. When you select this option, the package in the Sequencer console opens so that you can modify the package before it is saved. Click **Next**.
 
@@ -118,7 +121,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Important**  
     If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files can be added to the package.
 
-     
+     
 
 6.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
@@ -127,7 +130,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Note**  
     All changes and installations to the computer running the sequencer are monitored by the sequencer, including the changes and installations that are performed outside of the sequencing wizard.
 
-     
+     
 
 8.  On the **Configure Software** page, optionally run the programs contained in the package. This step helps complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**.
 
@@ -148,7 +151,7 @@ You must have the App-V Sequencer installed to modify a virtual application pack
     **Note**  
     If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop** and select either the **Stop all applications** or the **Stop this application only** check box, depending on what you want.
 
-     
+     
 
 13. On the **Create Package** page, select the **Continue to modify package without saving using the package editor** check box, to modify the package without saving it. When you select this option, the package in the sequencer console opens so that you can modify the package before it is saved. Click **Next**.
 
@@ -161,9 +164,9 @@ You must have the App-V Sequencer installed to modify a virtual application pack
 
 [Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md b/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md
index e43a82d37f..0ac39a2bb7 100644
--- a/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md
+++ b/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify Attributes of Embedded Services
 description: How to Modify Attributes of Embedded Services
-author: jamiejdt
+author: dansimp
 ms.assetid: b4057d3f-2e8f-4b1f-9ed5-b65f3da8631a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-file-mapping-information.md b/mdop/appv-v4/how-to-modify-file-mapping-information.md
index dcd62ff3c3..650d2c5a16 100644
--- a/mdop/appv-v4/how-to-modify-file-mapping-information.md
+++ b/mdop/appv-v4/how-to-modify-file-mapping-information.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify File-Mapping Information
 description: How to Modify File-Mapping Information
-author: jamiejdt
+author: eavena
 ms.assetid: d3a9d10a-6cc8-4399-9479-b20f729c4dd9
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
index f60177eccf..c5b952309a 100644
--- a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify Private Key Permissions to Support Management Server or Streaming Server
 description: How to Modify Private Key Permissions to Support Management Server or Streaming Server
-author: jamiejdt
+author: eavena
 ms.assetid: 1ebe86fa-0fbc-4512-aebc-0a5da991cd43
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ In Windows Server 2008, the process of changing the ACLs on the private key is
 **Note**  
 The default security context is Network Service; however, a domain account can be used instead.
 
- 
+ 
 
 **To manage private keys in Windows Server 2003**
 
@@ -54,9 +57,9 @@ The default security context is Network Service; however, a domain account can b
 
 [Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md b/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md
index 6df2be98dd..8b1a2d787a 100644
--- a/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md
+++ b/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Files Included in a Package
 description: How to Modify the Files Included in a Package
-author: jamiejdt
+author: eavena
 ms.assetid: e331ac85-1c9c-49be-9d96-5444de38fd56
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md b/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md
index 330446289e..9992f353aa 100644
--- a/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md
+++ b/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Location of the Log Directory
 description: How to Modify the Location of the Log Directory
-author: jamiejdt
+author: eavena
 ms.assetid: 8e222d29-6f58-43bb-9ea7-da9a2ebfa48c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md b/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md
index b8509091f4..b4a00900c6 100644
--- a/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md
+++ b/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Location of the Scratch Directory
 description: How to Modify the Location of the Scratch Directory
-author: jamiejdt
+author: eavena
 ms.assetid: 25ebc2fa-d532-4800-9825-9d08306fc2e0
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-modify-the-log-directory-location.md b/mdop/appv-v4/how-to-modify-the-log-directory-location.md
index e2a090e08c..9b4accadbf 100644
--- a/mdop/appv-v4/how-to-modify-the-log-directory-location.md
+++ b/mdop/appv-v4/how-to-modify-the-log-directory-location.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Log Directory Location
 description: How to Modify the Log Directory Location
-author: jamiejdt
+author: eavena
 ms.assetid: 203c674f-8d46-4d42-9af0-245a2681fc0f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The log directory location is where the Application Virtualization (App-V) Seque
 **Important**  
 The log location directory must be located on the computer running the App-V Sequencer.
 
- 
+ 
 
 Use the following procedure to change the location of the directory where the App-V Sequencer will save associated logs.
 
@@ -38,9 +41,9 @@ Use the following procedure to change the location of the directory where the Ap
 
 [How to Configure the App-V Sequencer](how-to-configure-the-app-v-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md b/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md
index 37e0ab9951..f3aa20ff3b 100644
--- a/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md
+++ b/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Operating Systems Associated With an Existing Windows Installer File
 description: How to Modify the Operating Systems Associated With an Existing Windows Installer File
-author: jamiejdt
+author: eavena
 ms.assetid: 0633f7e2-aebf-4e00-be02-35bc59dec420
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ Use the following procedure to modify the operating system versions associated w
     **Note**  
     If you select **Tools** / **Create MSI** to create a new Windows Installer file, you can skip **Step 6** of this procedure.
 
-     
+     
 
 6.  To save the virtual application package, select **Package** / **Save**.
 
@@ -42,9 +45,9 @@ Use the following procedure to modify the operating system versions associated w
 
 [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md b/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md
index 77bd3c7642..582f590f01 100644
--- a/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md
+++ b/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify the Scratch Directory Location
 description: How to Modify the Scratch Directory Location
-author: jamiejdt
+author: eavena
 ms.assetid: 61ecb379-85be-4316-8023-a2c1811504e5
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The scratch directory is used by the App-V Sequencer to save temporary files dur
 **Important**  
 The specified scratch directory location should be located on the computer running the App-V Sequencer.
 
- 
+ 
 
 Use the following procedure to modify the scratch directory location.
 
@@ -40,9 +43,9 @@ Use the following procedure to modify the scratch directory location.
 
 [How to Modify the Log Directory Location](how-to-modify-the-log-directory-location.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md b/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md
index 8edd38239f..a858d13e4d 100644
--- a/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md
+++ b/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify Virtual Registry Key Information
 description: How to Modify Virtual Registry Key Information
-author: jamiejdt
+author: eavena
 ms.assetid: cf2559f2-a8cc-4fc7-916e-8368843c7ebc
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-move-an-application-group.md b/mdop/appv-v4/how-to-move-an-application-group.md
index 2f8c8462a5..13f84cae13 100644
--- a/mdop/appv-v4/how-to-move-an-application-group.md
+++ b/mdop/appv-v4/how-to-move-an-application-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move an Application Group
 description: How to Move an Application Group
-author: jamiejdt
+author: eavena
 ms.assetid: 7f9f9f2e-f394-4ad3-8615-4237a7dcfb95
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ In the Application Virtualization Server Management Console, you can use the fol
     **Note**  
     You can select and move multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group.
 
-     
+     
 
 ## Related topics
 
@@ -42,9 +45,9 @@ In the Application Virtualization Server Management Console, you can use the fol
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-move-an-application.md b/mdop/appv-v4/how-to-move-an-application.md
index 8a0747f2dd..891de6a2a0 100644
--- a/mdop/appv-v4/how-to-move-an-application.md
+++ b/mdop/appv-v4/how-to-move-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move an Application
 description: How to Move an Application
-author: jamiejdt
+author: eavena
 ms.assetid: 3ebbf30c-b435-4a69-a0ba-2313aaf0017c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ If you have application groups under the **Applications** node in the Applicatio
 **Important**  
 You must have one or more application groups under the **Applications** node to move applications.
 
- 
+ 
 
 **To move an application**
 
@@ -38,7 +41,7 @@ You must have one or more application groups under the **Applications** node to
     **Note**  
     You can select and move multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group.
 
-     
+     
 
 ## Related topics
 
@@ -47,9 +50,9 @@ You must have one or more application groups under the **Applications** node to
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md b/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md
index c8771fb948..9a25b5de7e 100644
--- a/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Open a Sequenced Application Using the Command Line
 description: How to Open a Sequenced Application Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: dc23ee65-8aea-470e-bb3f-a2f2b06cb241
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,16 +46,16 @@ Use the following procedure to open sequenced application packages using the com
     **Note**  
     If the installer or Windows Installer package has a graphical user interface, it will be displayed after you specify the command-line parameters.
 
-     
+     
 
 ## Related topics
 
 
 [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md b/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md
index 6fb913d4cc..b155413d62 100644
--- a/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md
+++ b/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Perform Administrative Tasks in the Application Virtualization Server Management Console
 description: How to Perform Administrative Tasks in the Application Virtualization Server Management Console
-author: jamiejdt
+author: eavena
 ms.assetid: b80e39eb-4b2a-4f66-8c85-dd5712efed33
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md
index 8d97b663dc..884e42b049 100644
--- a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md
+++ b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Perform General Administrative Tasks in the App-V Client Management Console
 description: How to Perform General Administrative Tasks in the App-V Client Management Console
-author: jamiejdt
+author: eavena
 ms.assetid: 22abdb1e-ab35-440d-bf74-d358dd1a6558
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md
index 78917db58c..72d7607e31 100644
--- a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md
+++ b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Perform General Administrative Tasks in the Client Management Console
 description: How to Perform General Administrative Tasks in the Client Management Console
-author: jamiejdt
+author: eavena
 ms.assetid: 90bb7101-1075-4654-8a5e-ad08374e381f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-print-a-reportserver.md b/mdop/appv-v4/how-to-print-a-reportserver.md
index b218ebf38b..c691eb95df 100644
--- a/mdop/appv-v4/how-to-print-a-reportserver.md
+++ b/mdop/appv-v4/how-to-print-a-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Print a Report
 description: How to Print a Report
-author: jamiejdt
+author: eavena
 ms.assetid: 9cb3a2f1-69bf-47b2-b2cf-8afdcd77138f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md
index 4cc324ceb2..d91ae838c7 100644
--- a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md
+++ b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish a Virtual Application on the Client
 description: How to Publish a Virtual Application on the Client
-author: jamiejdt
+author: eavena
 ms.assetid: 90af843e-b5b3-4a71-a3a1-fa5f4c087f28
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ When you deploy Application Virtualization by using an electronic software distr
     **Important**  
     For OVERRIDEURL all backslash characters must be escaped using a preceding backslash, or the OVERRIDEURL path will not be parsed correctly. Also, properties and values must be entered as uppercase except where the value is a path to a file.
 
-     
+     
 
 **To publish a package using SFTMIME**
 
@@ -58,9 +61,9 @@ When you deploy Application Virtualization by using an electronic software distr
 
 [Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-publish-application-shortcuts.md b/mdop/appv-v4/how-to-publish-application-shortcuts.md
index 2ba65d4ece..8098674b69 100644
--- a/mdop/appv-v4/how-to-publish-application-shortcuts.md
+++ b/mdop/appv-v4/how-to-publish-application-shortcuts.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish Application Shortcuts
 description: How to Publish Application Shortcuts
-author: jamiejdt
+author: eavena
 ms.assetid: fc5efe86-1bbe-438b-b7d8-4f9b815cc58e
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-refresh-the-publishing-servers.md b/mdop/appv-v4/how-to-refresh-the-publishing-servers.md
index 8988ef2dff..54494a77f0 100644
--- a/mdop/appv-v4/how-to-refresh-the-publishing-servers.md
+++ b/mdop/appv-v4/how-to-refresh-the-publishing-servers.md
@@ -1,8 +1,11 @@
 ---
 title: How to Refresh the Publishing Servers
 description: How to Refresh the Publishing Servers
-author: jamiejdt
+author: eavena
 ms.assetid: 92e1d7b0-10ee-4531-9049-1056b44934e2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ After you request access to additional applications and permission is granted by
 **Note**  
 By default, publishing information is refreshed on user log in.
 
- 
+ 
 
 **To refresh the publishing information**
 
@@ -34,7 +37,7 @@ By default, publishing information is refreshed on user log in.
 
     -   Right-click the server in the **Results** pane, and then select **Properties** from the pop-up menu. Select the **Refresh** tab, and then click the **Refresh** button.
 
-     
+     
 
 ## Related topics
 
@@ -43,9 +46,9 @@ By default, publishing information is refreshed on user log in.
 
 [How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md
index 10249a9edc..29ab05d2dd 100644
--- a/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md
+++ b/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md
@@ -1,8 +1,11 @@
 ---
 title: How to Refresh Virtual Applications from the Desktop Notification Area
 description: How to Refresh Virtual Applications from the Desktop Notification Area
-author: jamiejdt
+author: eavena
 ms.assetid: 801610d9-e89c-48bb-972c-20e37b945a02
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md b/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md
index 2a6072d5a0..4673705119 100644
--- a/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove a Package by Using the Command Line
 description: How to Remove a Package by Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: 47697ec7-20e5-4258-8865-a0a710d41d5a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-remove-a-server-group.md b/mdop/appv-v4/how-to-remove-a-server-group.md
index 82ad51b5ad..20cab42326 100644
--- a/mdop/appv-v4/how-to-remove-a-server-group.md
+++ b/mdop/appv-v4/how-to-remove-a-server-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove a Server Group
 description: How to Remove a Server Group
-author: jamiejdt
+author: eavena
 ms.assetid: 3017f4f4-614b-4db4-834c-b6fd9b45f10c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-remove-a-server.md b/mdop/appv-v4/how-to-remove-a-server.md
index 7121490f2c..bda6da9484 100644
--- a/mdop/appv-v4/how-to-remove-a-server.md
+++ b/mdop/appv-v4/how-to-remove-a-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove a Server
 description: How to Remove a Server
-author: jamiejdt
+author: eavena
 ms.assetid: afb2a889-733c-4058-9a50-caa2ca10bd58
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md b/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md
index c7cfee67ca..28cf02fc30 100644
--- a/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md
+++ b/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove an Application from a License Group
 description: How to Remove an Application from a License Group
-author: jamiejdt
+author: eavena
 ms.assetid: 973dfb11-b4d1-4b79-8f6a-aaea3e52b04f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,18 +30,18 @@ You can use the following procedure to remove an application from its assigned l
 4.  Click **OK**.
 
     **Note**  
-      You can alter the **Properties** tab of one application at a time.
+      You can alter the **Properties** tab of one application at a time.
 
-     
+     
 
 ## Related topics
 
 
 [How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-remove-an-application-group.md b/mdop/appv-v4/how-to-remove-an-application-group.md
index 15c7303af5..9971b36c80 100644
--- a/mdop/appv-v4/how-to-remove-an-application-group.md
+++ b/mdop/appv-v4/how-to-remove-an-application-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove an Application Group
 description: How to Remove an Application Group
-author: jamiejdt
+author: eavena
 ms.assetid: 3016b373-f5a0-4c82-96e8-e5e7960f0cc4
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedures to remove an application group in the Appli
 **Caution**  
 Deleting a group with its applications deletes those applications from the Application Virtualization Management Server. When you try to do this, you must confirm the deletion in a pop-up window.
 
- 
+ 
 
 **To empty and then delete an application group**
 
@@ -46,7 +49,7 @@ Deleting a group with its applications deletes those applications from the Appli
     **Note**  
     You can select and remove multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group.
 
-     
+     
 
 ## Related topics
 
@@ -55,9 +58,9 @@ Deleting a group with its applications deletes those applications from the Appli
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-remove-an-application-license-group.md b/mdop/appv-v4/how-to-remove-an-application-license-group.md
index 148b0478fb..108f41917f 100644
--- a/mdop/appv-v4/how-to-remove-an-application-license-group.md
+++ b/mdop/appv-v4/how-to-remove-an-application-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove an Application License Group
 description: How to Remove an Application License Group
-author: jamiejdt
+author: eavena
 ms.assetid: 35830916-7015-44cd-829b-23599a5029a7
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ In the Application Virtualization Server Management Console, you can use the fol
 **Important**  
 Before you can remove a license group, you must remove any licenses associated with the group.
 
- 
+ 
 
 **To remove a license group**
 
@@ -48,9 +51,9 @@ Before you can remove a license group, you must remove any licenses associated w
 
 [How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md b/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md
index ce153c734b..2d2274110c 100644
--- a/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md
+++ b/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md
@@ -1,8 +1,11 @@
 ---
 title: How to Remove the Application Virtualization System Components
 description: How to Remove the Application Virtualization System Components
-author: jamiejdt
+author: eavena
 ms.assetid: 45bb1e43-8708-48b7-9169-e3659f32686f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-rename-an-application-group.md b/mdop/appv-v4/how-to-rename-an-application-group.md
index c70f4209a8..55b03cd556 100644
--- a/mdop/appv-v4/how-to-rename-an-application-group.md
+++ b/mdop/appv-v4/how-to-rename-an-application-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Rename an Application Group
 description: How to Rename an Application Group
-author: jamiejdt
+author: eavena
 ms.assetid: 4dfd3336-ea9a-4a56-91e1-7e9d742c7b9a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-rename-an-application.md b/mdop/appv-v4/how-to-rename-an-application.md
index ea630b5cea..d16fc9a6e9 100644
--- a/mdop/appv-v4/how-to-rename-an-application.md
+++ b/mdop/appv-v4/how-to-rename-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Rename an Application
 description: How to Rename an Application
-author: jamiejdt
+author: eavena
 ms.assetid: 983136b7-66bf-49f6-8dea-8933b622072d
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,16 +30,16 @@ You can rename an application through the Application Virtualization Server Mana
     **Note**  
     You can also highlight the application in the right pane and press **F2**.
 
-     
+     
 
 ## Related topics
 
 
 [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-repair-an-application.md b/mdop/appv-v4/how-to-repair-an-application.md
index c987f06230..21b8d3a5ef 100644
--- a/mdop/appv-v4/how-to-repair-an-application.md
+++ b/mdop/appv-v4/how-to-repair-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Repair an Application
 description: How to Repair an Application
-author: jamiejdt
+author: eavena
 ms.assetid: 80b08416-ad86-4ed6-966a-b943e3efb951
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-reset-the-filesystem-cache.md b/mdop/appv-v4/how-to-reset-the-filesystem-cache.md
index 4b81dcaf6a..8f50c720f3 100644
--- a/mdop/appv-v4/how-to-reset-the-filesystem-cache.md
+++ b/mdop/appv-v4/how-to-reset-the-filesystem-cache.md
@@ -1,8 +1,11 @@
 ---
 title: How to Reset the FileSystem Cache
 description: How to Reset the FileSystem Cache
-author: jamiejdt
+author: eavena
 ms.assetid: 7777259d-8c21-4c06-9384-9599b69f9828
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-run-a-reportserver.md b/mdop/appv-v4/how-to-run-a-reportserver.md
index e21fd21621..feb8ffd3aa 100644
--- a/mdop/appv-v4/how-to-run-a-reportserver.md
+++ b/mdop/appv-v4/how-to-run-a-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run a Report
 description: How to Run a Report
-author: jamiejdt
+author: eavena
 ms.assetid: 72a5419b-aa65-4e60-b23e-3751186b7aed
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The process for running a report is the same regardless of the report type. When
 **Note**  
 Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run a report is determined by the amount of data collected in the data store.
 
- 
+ 
 
 **To run a report**
 
@@ -52,9 +55,9 @@ Reports are not run automatically; you must run them explicitly to generate outp
 
 [How to Print a Report](how-to-print-a-reportserver.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md
index 7704dc4006..69b8fe0655 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)
 description: How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 2c018215-66e5-4301-8481-159891a6b35b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to create a new add-on or plug-in virtual application package by using the Application Virtualization (App-V) Sequencer. An add-on or plug-in application is an application that extends the functionality of an application, for example, a plug-in for Microsoft Excel. For more information about the types of applications you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md).
 
-**Important**  
+**Important**  
 Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
 
- 
+
 
 You can also use an existing virtual application package as the parent application. To use an existing virtual application package, use the following procedure before sequencing the new add-on or plug-in.
 
@@ -37,10 +40,10 @@ You can also use an existing virtual application package as the parent applicati
 
 3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information displayed, click **Refresh**. After you have resolved all potential issues, click **Next**.
 
-    **Important**  
+    **Important**  
     If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files could be added to the package.
 
-     
+
 
 4.  On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
 
@@ -50,59 +53,63 @@ You can also use an existing virtual application package as the parent applicati
 
 6.  On the **Select Primary** page, click **Browse** and specify the parent application.
 
-    **Important**  
+    **Important**  
     If the parent application that the add-on or plug-in you are installing is going to support has not been installed locally, stop here and install the application on the computer running the sequencer. For example, the **Excel.exe** program file must be installed locally for a Microsoft Excel plug-in.
 
-     
 
-    Click **Next**.
 
-7.  On the **Package Name** page, specify a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will also be displayed in the App-V management console. The **Installation Location** displays the Application Virtualization path where the application will be installed. To edit this location, select **Edit (Advanced)**.
+~~~
+Click **Next**.
+~~~
 
-    **Important**  
-    Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path.
+7. On the **Package Name** page, specify a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will also be displayed in the App-V management console. The **Installation Location** displays the Application Virtualization path where the application will be installed. To edit this location, select **Edit (Advanced)**.
 
-     
+   **Important**  
+   Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path.
 
-    Click **Next**.
 
-8.  On the **Installation** page, when the sequencer and application installer are ready, install the plug-in or add-in application so the sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+~~~
+Click **Next**.
+~~~
+
+8. On the **Installation** page, when the sequencer and application installer are ready, install the plug-in or add-in application so the sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
 10. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. If you want to customize any of the items in the following list, select **Customize**.
 
-    -   Edit the file type associations associated with an application.
+   -   Edit the file type associations associated with an application.
 
-    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+   -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 11. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application that you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. Under the application, select **Shortcuts** to review the shortcut information associated with an application. In the **Location** pane, you can review the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**.
 
 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
 
-    **Note**  
-    If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop** and select one of the check boxes, **Stop all applications** or **Stop this application only**.
+   **Note**  
+   If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop** and select one of the check boxes, **Stop all applications** or **Stop this application only**.
+
 
-     
 
 13. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
 
 14. On the **Create Package** page, to modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select the default **Save the package now**. Optionally, select **Comments** to add comments that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
+   To save the package immediately, select the default **Save the package now**. Optionally, select **Comments** to add comments that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
 
 15. On the **Completion** page, after you have reviewed the information that is displayed in the **Successful Virtual Application Package Report** pane, click **Close**. The information displayed in the **Successful Virtual Application Package Report** pane is also available in the directory specified in step 14 of this procedure, in a file named **Reports.xml**.
 
-    The package is now available in the sequencer. Click **Edit \[Package Name\]** to edit the package properties. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md).
+   The package is now available in the sequencer. Click **Edit \[Package Name\]** to edit the package properties. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md).
+
+   **Important**  
+   After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-    **Important**  
-    After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
 
 ## Related topics
 
@@ -111,9 +118,9 @@ You can also use an existing virtual application package as the parent applicati
 
 [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md b/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md
index 25445965d8..8cf0f80add 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application (App-V 4.6)
 description: How to Sequence a New Application (App-V 4.6)
-author: jamiejdt
+author: eavena
 ms.assetid: f2c398c6-9200-4be3-b502-e00386fcd150
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,19 +19,19 @@ ms.date: 06/16/2016
 
 Use the following procedure to create a new virtual application by using the Application Virtualization (App-V) Sequencer. You can also use the App-V Sequencer to configure which files and configurations are applicable to all users and which files and configurations users can customize. After you successfully sequence the application, it is available in the App-V Sequencer.
 
-**Important**  
-During sequencing, if the computer running the sequencer is running Windows Vista or Windows 7, and a restart is initiated outside of the virtual environment, for example, by clicking **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation will fail, and the computer will restart. When you click **Cancel**, the sequencer successfully records the restart while the application is being sequenced.
+**Important**  
+During sequencing, if the computer running the sequencer is running Windows Vista or Windows 7, and a restart is initiated outside of the virtual environment, for example, by clicking **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation will fail, and the computer will restart. When you click **Cancel**, the sequencer successfully records the restart while the application is being sequenced.
+
 
- 
 
 **To sequence a new application**
 
 1.  To create the App-V drive, configure drive Q as the location that can be used to save files while you are sequencing an application. You must then create individual directories for each application that you plan to sequence on drive Q. You can create the virtual application targeted folders before you sequence an application, or you can create them in step 5 of this procedure.
 
-    **Note**  
+    **Note**  
     The App-V drive you specify must be accessible on targeted computers. If drive Q is not accessible, you can choose a different drive letter.
 
-     
+
 
 2.  To start the App-V Sequencer Console, on the computer that is running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. To start the Sequencing Wizard, click **Create a Package**.
 
@@ -38,34 +41,36 @@ During sequencing, if the computer running the sequencer is running Windows Vis
 
 5.  On the **Monitor Installation** page, when you are ready to install the application, click **Begin Monitoring**, and in the **Browse for Folder** dialog box, specify the directory on drive Q where the application will be installed. If you did not configure drive Q and used a different drive letter for the application virtualization drive, select the drive letter you specified in step 1 of this procedure. To install the application to a folder that has not been created on the application virtualization drive, click **Make New Folder**. After you specify the folder, wait while the Sequencer configures the computer for sequencing.
 
-    **Important**  
+    **Important**  
     You must install each application that you sequence into a separate directory on the virtual application drive, and the associated folder name must not be longer than eight characters.
 
-     
 
-    After the computer has been configured for sequencing, install the application so that the App-V Sequencer can monitor the installation; when you are finished, click **Stop Monitoring**, and then click **Next**.
 
-6.  On the **Configure Applications** page, if necessary, configure the shortcuts and file type associations that will be associated with the virtual application. To add a new file type association or shortcut, click **Add**, and in the **Add Application** dialog box, specify the new element. To remove an existing shortcut or file type association, click **Remove**. To edit an existing element, select the element you want to modify, and then click **Edit**. Specify the configurations in the **Edit Application** dialog box. Click **Save**, and then click **Next**.
+~~~
+After the computer has been configured for sequencing, install the application so that the App-V Sequencer can monitor the installation; when you are finished, click **Stop Monitoring**, and then click **Next**.
+~~~
 
-7.  On the **Launch Applications** page, to start the application to ensure that the package has been installed correctly and is optimized for streaming, select the package, and then click **Launch**. This step is useful for configuring how the application initially runs on targeted computers and for accepting any associated license agreements before the package becomes available to App-V clients. If multiple applications are associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
+6. On the **Configure Applications** page, if necessary, configure the shortcuts and file type associations that will be associated with the virtual application. To add a new file type association or shortcut, click **Add**, and in the **Add Application** dialog box, specify the new element. To remove an existing shortcut or file type association, click **Remove**. To edit an existing element, select the element you want to modify, and then click **Edit**. Specify the configurations in the **Edit Application** dialog box. Click **Save**, and then click **Next**.
 
-8.  After you have successfully created the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the virtual drive location where the package will be saved.
+7. On the **Launch Applications** page, to start the application to ensure that the package has been installed correctly and is optimized for streaming, select the package, and then click **Launch**. This step is useful for configuring how the application initially runs on targeted computers and for accepting any associated license agreements before the package becomes available to App-V clients. If multiple applications are associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
 
-    You can optionally create an associated Windows Installer file (**.msi**) to install the virtual application package on targeted computers. To create a Windows Installer file, open the package in the Sequencer and select **Tools** / **Create MSI**. The Windows Installer file will be created and saved in the directory where the virtual application package is saved.
+8. After you have successfully created the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the virtual drive location where the package will be saved.
+
+   You can optionally create an associated Windows Installer file (**.msi**) to install the virtual application package on targeted computers. To create a Windows Installer file, open the package in the Sequencer and select **Tools** / **Create MSI**. The Windows Installer file will be created and saved in the directory where the virtual application package is saved.
+
+   **Important**  
+   After you have successfully created a virtual application package, you cannot run the virtual application package on the computer running the sequencer.
 
-    **Important**  
-    After you have successfully created a virtual application package, you cannot run the virtual application package on the computer running the sequencer.
 
-     
 
 ## Related topics
 
 
 [How to Upgrade a Virtual Application Package (App-V 4.6)](how-to-upgrade-a-virtual-application-package--app-v-46-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md
index 14a90fff05..8df7b3d92a 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application by Using the Command Line
 description: How to Sequence a New Application by Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: c3b5c842-6a91-4d0a-9a22-c7b8d1aeb09a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 You can use a command line to sequence a new application. Using a command line is useful when you have to create a large number of virtual applications or when you need to create sequenced applications on a recurring basis.
 
-**Important**  
+**Important**  
 Command-line sequencing allows for default sequencing only. If you need to change default installation settings for the application you are sequencing, you must either manually modify the virtual application or update the virtual application by using the Application Virtualization (App-V) Sequencer. For more information about updating a virtual application by using the App-V Sequencer, see [How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md).
 
- 
+
 
 Use the following procedure to create a virtual application by using the command line.
 
@@ -33,43 +36,45 @@ Use the following procedure to create a virtual application by using the command
 
     `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"`
 
-    **Note**  
+    **Note**  
     You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md).
 
-     
 
-    Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ValueDescription
    pathtoMSI
    Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.
    pathtopackageroot
    Specify the package root directory.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
+Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-     
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ValueDescription
    pathtoMSI
    Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.
    pathtopackageroot
    Specify the package root directory.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
 
-4.  Press **Enter**.
+
+
+4. Press **Enter**.
 
 ## Related topics
 
@@ -80,9 +85,9 @@ Use the following procedure to create a virtual application by using the command
 
 [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md
index 1c45f57281..65432aa68a 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application Package Using the Command Line
 description: How to Sequence a New Application Package Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: de72912b-d9e7-45b5-a601-12528f1a4cac
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 You can use a command line to sequence a new application. Using a command line is useful when you have to create a large number of virtual applications or when you need to create sequenced applications on a recurring basis.
 
-**Important**  
+**Important**  
 Command-line sequencing allows for default sequencing only. If you need to change default installation settings for the application you are sequencing, you must either manually modify the virtual application or update the virtual application by using the Application Virtualization (App-V) Sequencer. For more information about updating a virtual application by using the App-V Sequencer, see [How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md).
 
- 
+
 
 Use the following procedure to create a virtual application by using the command line.
 
@@ -33,52 +36,54 @@ Use the following procedure to create a virtual application by using the command
 
     `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"`
 
-    **Note**  
+    **Note**  
     You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md).
 
-     
 
-    Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ValueDescription
    pathtoMSI
    Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.
    pathtopackageroot
    Specifies the package root directory.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
+Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-     
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ValueDescription
    pathtoMSI
    Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.
    pathtopackageroot
    Specifies the package root directory.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
 
-4.  Press **Enter**.
+
+
+4. Press **Enter**.
 
 ## Related topics
 
 
 [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-application.md b/mdop/appv-v4/how-to-sequence-a-new-application.md
index efd21ec2e3..3d05d35761 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-application.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application
 description: How to Sequence a New Application
-author: jamiejdt
+author: eavena
 ms.assetid: e01e98cd-2378-478f-9739-f72c465bf79a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,29 +31,31 @@ After you successfully sequence the application, it is available in the App-V Se
 
 3.  On the **Package Information** page, specify the **Package Name** that will be assigned to the virtual application. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application. To display the **Advanced Options** page, select **Show Advanced Monitoring Options**. Click **Next**.
 
-    **Note**  
+    **Note**  
     To display the **Advanced Options** page, you must select **Show Advanced Monitoring Options**. If you do not require the **Advanced Options** page, skip to step 4.
 
-     
+
 
 4.  On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Terminal Server scenarios. Click **Next**.
 
 5.  On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been ccreated, click **Make New Folder**. You must install each application that you sequence into a separate directory.
 
-    **Important**  
+    **Important**  
     The folder name you specify must not be longer than 8 characters.
 
-     
 
-    Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring** and then click **Next**.
 
-6.  On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add, and click **Open**. To clear existing files that have been added, click **Reset** and then click **Next**.
+~~~
+Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring** and then click **Next**.
+~~~
 
-7.  On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element you want to update, and then click **Edit Locations**. Specify the configurations in the **Shortcut Locations** dialog box. Click **OK** and then click **Next**.
+6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add, and click **Open**. To clear existing files that have been added, click **Reset** and then click **Next**.
 
-8.  On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
+7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element you want to update, and then click **Edit Locations**. Specify the configurations in the **Shortcut Locations** dialog box. Click **OK** and then click **Next**.
 
-9.  On the **Sequence Package** page, to close the wizard, click **Finish**.
+8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
+
+9. On the **Sequence Package** page, to close the wizard, click **Finish**.
 
 10. After you have successfully created the package, to save the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the location where the package will be saved.
 
@@ -59,9 +64,9 @@ After you successfully sequence the application, it is available in the App-V Se
 
 [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
index dde25d7e12..4f5f815988 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Middleware Application (App-V 4.6 SP1)
 description: How to Sequence a New Middleware Application (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 304045c2-5e5e-4c91-b59e-a91fdf2500fb
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,10 +21,10 @@ Use the following procedure to create a new middleware virtual application packa
 
 Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409).
 
-**Important**  
-During sequencing, if the computer running the App-V Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, App-V Sequencer successfully records the restart while the application is being sequenced.
+**Important**  
+During sequencing, if the computer running the App-V Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, App-V Sequencer successfully records the restart while the application is being sequenced.
+
 
- 
 
 **To sequence a new middleware application**
 
@@ -31,10 +34,10 @@ During sequencing, if the computer running the App-V Sequencer is running Window
 
 3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information displayed, click **Refresh**. After you have resolved all potential issues, click **Next**.
 
-    **Important**  
+    **Important**  
     If you are required to disable virus scanning software, you must scan the computer running the App-VSequencer to ensure that no unwanted or malicious files can be added to the package.
 
-     
+
 
 4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
@@ -44,33 +47,35 @@ During sequencing, if the computer running the App-V Sequencer is running Window
 
 6.  On the **Package Name** page, specify a name that will be associated with the package. The name helps identify the purpose and version of the application that will be added to the package. The package name is also displayed in the App-V Management Console. The **Installation Location** displays the application virtualization path where the application will be installed. To edit this location, select **Edit (Advanced)**.
 
-    **Important**  
+    **Important**  
     Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path.
 
-     
 
-    Click **Next**.
 
-7.  On the **Installation** page, when the Sequencer and middleware application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+~~~
+Click **Next**.
+~~~
 
-8.  On the **Installation** page, wait while the Sequencer configures the virtual application package.
+7. On the **Installation** page, when the Sequencer and middleware application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+8. On the **Installation** page, wait while the Sequencer configures the virtual application package.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
 10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
 
 11. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select the default, the **Save the package now** check box. Add optional comments in the **Comments** box that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse**, and then specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
+   To save the package immediately, select the default, the **Save the package now** check box. Add optional comments in the **Comments** box that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse**, and then specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
 
 12. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**. The information displayed in the **Virtual Application Package Report** pane is also available in the directory specified in step 11 of this procedure, in a file named **Report.xml**.
 
-    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md)
+   The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md)
+
+   **Important**  
+   After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the Sequencer.
 
-    **Important**  
-    After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the Sequencer.
 
-     
 
 ## Related topics
 
@@ -79,9 +84,9 @@ During sequencing, if the computer running the App-V Sequencer is running Window
 
 [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md
index ba0cbf5519..0811b151cb 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Standard Application (App-V 4.6 SP1)
 description: How to Sequence a New Standard Application (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: c4a2eb33-def8-4535-b93a-3d2de21ce29f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,15 +19,15 @@ ms.date: 06/16/2016
 
 Use the following procedure to create a new standard virtual application package by using the Application Virtualization (App-V) Sequencer. This procedure applies to most applications that you sequence. For more information about the types of applications you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). You must run the sequencer (**SFTSequencer.exe**) using an account that has administrator privileges because of the changes the sequencer makes to the local system. These changes can include writing files to the **C:\\Program Files** directory, making registry changes, starting and stopping services, updating security descriptors for files, and changing permissions.
 
-**Important**  
-During sequencing, if the computer running the Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows Vista or Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, the Sequencer successfully records the restart while the application is being sequenced.
+**Important**  
+During sequencing, if the computer running the Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows Vista or Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, the Sequencer successfully records the restart while the application is being sequenced.
 
- 
 
-**Note**  
+
+**Note**  
 Running the App-V sequencer in Safe Mode is not supported.
 
- 
+
 
 **To sequence a new standard application**
 
@@ -34,10 +37,10 @@ Running the App-V sequencer in Safe Mode is not supported.
 
 3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information that is displayed, click **Refresh**. After you have resolved all potential issues, click **Next**.
 
-    **Important**  
+    **Important**  
     If you are required to disable virus scanning software, scan the computer running the Sequencer to ensure that no unwanted or malicious files could be added to the package.
 
-     
+
 
 4.  On the **Type of Application** page, click **Standard Application (default)** check box, and then click **Next**.
 
@@ -47,59 +50,61 @@ Running the App-V sequencer in Safe Mode is not supported.
 
 6.  On the **Package Name** page, specify a name that will be associated with the package. The name helps identify the purpose and version of the application that are added to the package. The package name is also displayed in the App-V management console. The **Primary Virtual Application Directory** displays the Application Virtualization path where the application will be installed on target computers. To edit this location, select **Edit (Advanced)**.
 
-    **Important**  
+    **Important**  
     Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, the default path is recommended.
 
-     
 
-    Click **Next**.
 
-7.  On the **Installation** page, when the Sequencer and application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+~~~
+Click **Next**.
+~~~
 
-8.  On the **Installation** page, wait while the Sequencer configures the virtual application package.
+7. On the **Installation** page, when the Sequencer and application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
 
-9.  On the **Configure Software** page, optionally run the programs contained in the package. This step helps complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+8. On the **Installation** page, wait while the Sequencer configures the virtual application package.
+
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step helps complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**.
 
 10. On the **Installation Report** page, you can review information about the virtual application package you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
 11. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 15 of this procedure. If you want to customize any of the items in the following list, select **Customize**.
 
-    -   Edit the file type associations and the icons associated with an application.
+   -   Edit the file type associations and the icons associated with an application.
 
-    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+   -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 12. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) and shortcut locations that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. To review the shortcut information associated with an application, under the application, select **Shortcuts**, and in the **Location** pane, you can edit the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**.
 
 13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
 
-    **Note**  
-    If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop**, and select one of the check boxes, **Stop all applications** or **Stop this application only**, depending on what you want.
+   **Note**  
+   If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop**, and select one of the check boxes, **Stop all applications** or **Stop this application only**, depending on what you want.
+
 
-     
 
 14. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and specify the operating systems that can run this package. Click **Next**.
 
-    **Important**  
-    The operating systems specified during this step reflect the operating systems on target computers that are enabled to run the package. You must ensure that the operating systems specified are supported by the application you are sequencing.
+   **Important**  
+   The operating systems specified during this step reflect the operating systems on target computers that are enabled to run the package. You must ensure that the operating systems specified are supported by the application you are sequencing.
+
 
-     
 
 15. On the **Create Package** page, to modify the package without saving it, select **Continue to modify package without saving using the package editor**. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select the default **Save the package now**. Add optional **Comments** that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
+   To save the package immediately, select the default **Save the package now**. Add optional **Comments** that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**.
 
 16. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**. The information displayed in the **Virtual Application Package Report** pane is also available in the directory specified in step 15 of this procedure, in a file named **Report.xml**.
 
     The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md)
 
-    **Important**  
+    **Important**  
     After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the Sequencer.
 
-     
+
 
 ## Related topics
 
@@ -108,9 +113,9 @@ Running the App-V sequencer in Safe Mode is not supported.
 
 [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-sequence-an-application.md b/mdop/appv-v4/how-to-sequence-an-application.md
index c527198805..6e4b78a2d3 100644
--- a/mdop/appv-v4/how-to-sequence-an-application.md
+++ b/mdop/appv-v4/how-to-sequence-an-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence an Application
 description: How to Sequence an Application
-author: jamiejdt
+author: eavena
 ms.assetid: bd643dd6-dbf6-4469-bc70-c43ad9c69da9
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,29 +31,31 @@ After you successfully sequence the application, it is available in the App-V Se
 
 3.  On the **Package Information** page, specify the **Package Name** that will be assigned to the virtual application. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application. To display the **Advanced Options** page, select **Show Advanced Monitoring Options**. Click **Next**.
 
-    **Note**  
+    **Note**  
     To display the **Advanced Options** page, you must select **Show Advanced Monitoring Options**. If you do not require the **Advanced Options** page, skip to step 4.
 
-     
 
-4.  On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Remote Desktop Session Host (RD Session Host) Server scenarios. Click **Next**.
+
+4.  On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Remote Desktop Session Host (RD Session Host) Server scenarios. Click **Next**.
 
 5.  On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been created, click **Make New Folder**. You must install each application that you sequence into a separate directory.
 
-    **Important**  
+    **Important**  
     The folder name you specify must not be longer than 8 characters.
 
-     
 
-    Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring**, and then click **Next**.
 
-6.  On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add and click **Open**. To clear existing files that have been added, click **Reset**, and then click **Next**.
+~~~
+Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring**, and then click **Next**.
+~~~
 
-7.  On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element that you want to update, and then click **Edit Locations**. Specify the configurations in the Shortcut Locations dialog box. Click **OK**, and then click **Next**.
+6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add and click **Open**. To clear existing files that have been added, click **Reset**, and then click **Next**.
 
-8.  On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
+7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element that you want to update, and then click **Edit Locations**. Specify the configurations in the Shortcut Locations dialog box. Click **OK**, and then click **Next**.
 
-9.  On the **Sequence Package** page, to close the wizard, click **Finish**.
+8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**.
+
+9. On the **Sequence Package** page, to close the wizard, click **Finish**.
 
 10. After you have successfully created the package, to save the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the location where the package will be saved.
 
@@ -61,9 +66,9 @@ After you successfully sequence the application, it is available in the App-V Se
 
 [How to Sequence a New Application by Using the Command Line](how-to-sequence-a-new-application-by-using-the-command-line.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md b/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md
index 105387f44b..e70a585f56 100644
--- a/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md
+++ b/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up a Concurrent License Group
 description: How to Set Up a Concurrent License Group
-author: jamiejdt
+author: eavena
 ms.assetid: 031abcf6-d8ed-49be-bddb-91b2c695d411
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-set-up-a-named-license-group.md b/mdop/appv-v4/how-to-set-up-a-named-license-group.md
index 3dba8deeea..3384f53bc7 100644
--- a/mdop/appv-v4/how-to-set-up-a-named-license-group.md
+++ b/mdop/appv-v4/how-to-set-up-a-named-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up a Named License Group
 description: How to Set Up a Named License Group
-author: jamiejdt
+author: eavena
 ms.assetid: 8ef6716c-0cb7-4706-ad3b-ac6f27b2e7ad
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md b/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md
index b03f41cc86..ad12a9daea 100644
--- a/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md
+++ b/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up an Unlimited License Group
 description: How to Set Up an Unlimited License Group
-author: jamiejdt
+author: eavena
 ms.assetid: 0c37c7b7-aba9-4c03-9e0e-94c966f874cf
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md b/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md
index c6dbf15e3b..330c8fd3c2 100644
--- a/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md
+++ b/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up and Enable or Disable Authentication
 description: How to Set Up and Enable or Disable Authentication
-author: jamiejdt
+author: eavena
 ms.assetid: 1e43d0c5-a467-4a8b-b656-93f75d7deb82
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,9 +20,9 @@ ms.date: 06/16/2016
 The Application Virtualization Server Management Console lets you enable or disable Windows authentication, which lets you to define who has access to the system. You can use the following procedures to set up and disable authentication from the **Provider Policies Results** pane of the console.
 
 **Note**  
-  Normally, you set up authentication when you add a provider policy through the New Provider Policy Wizard.
+  Normally, you set up authentication when you add a provider policy through the New Provider Policy Wizard.
 
- 
+ 
 
 **To set up authentication**
 
@@ -50,9 +53,9 @@ The Application Virtualization Server Management Console lets you enable or disa
 
 [How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md b/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md
index 441ee67f73..24f021a1d7 100644
--- a/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md
+++ b/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up or Disable Application Licensing
 description: How to Set Up or Disable Application Licensing
-author: jamiejdt
+author: eavena
 ms.assetid: 7c00b531-ec41-4970-b0fc-d84225ce3bb2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-set-up-or-disable-database-size.md b/mdop/appv-v4/how-to-set-up-or-disable-database-size.md
index a9d6e881df..80082bec49 100644
--- a/mdop/appv-v4/how-to-set-up-or-disable-database-size.md
+++ b/mdop/appv-v4/how-to-set-up-or-disable-database-size.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up or Disable Database Size
 description: How to Set Up or Disable Database Size
-author: jamiejdt
+author: eavena
 ms.assetid: 4abaf349-132d-4186-8873-a0e515593b93
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ When the size of the stored data reaches 95% (the high watermark) of the specifi
 **Note**  
 The **No Size Limit** and **Keep All Usage** options are provided so that you can disable usage reporting and database cleanup. Selecting these items will clean up the database transaction log as well. (All committed Microsoft SQL Server transactions will be removed from the database log.)
 
- 
+ 
 
 **To set up database size**
 
@@ -52,9 +55,9 @@ The **No Size Limit** and **Keep All Usage** options are provided so that you ca
 
 [How to Set Up or Disable Usage Reporting](how-to-set-up-or-disable-usage-reporting.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md b/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md
index b50b3a12e4..cc5904c915 100644
--- a/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md
+++ b/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up or Disable Usage Reporting
 description: How to Set Up or Disable Usage Reporting
-author: jamiejdt
+author: eavena
 ms.assetid: 8587003a-128d-4b5d-ac70-5b9eddddd3dc
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,9 +20,9 @@ ms.date: 06/16/2016
 You can use the following procedures in the Application Virtualization Server Management Console to specify the duration (in months) of Application Virtualization System usage information you want to store in the database.
 
 **Note**  
- To store usage information, you must select the **Log Usage Information** check box on the **Provider Pipeline** tab. To display this tab, right-click the provider policy in the **Provider Policies Results** pane and select **Properties**.
+ To store usage information, you must select the **Log Usage Information** check box on the **Provider Pipeline** tab. To display this tab, right-click the provider policy in the **Provider Policies Results** pane and select **Properties**.
 
- 
+ 
 
 **To set up usage reporting**
 
@@ -52,9 +55,9 @@ You can use the following procedures in the Application Virtualization Server Ma
 
 [How to Set Up or Disable Database Size](how-to-set-up-or-disable-database-size.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md b/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md
index 43c71f8bf4..7c062516ea 100644
--- a/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md
+++ b/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up Periodic Publishing Refresh
 description: How to Set Up Periodic Publishing Refresh
-author: jamiejdt
+author: eavena
 ms.assetid: c358c765-cb88-4881-b4e7-0a2e87304870
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use the following procedure to configure the client to periodically refr
 **Note**  
 After you have performed this procedure, the publishing information will be refreshed according to the new settings after the first refresh at login. When this first refresh occurs, the server might override the computer settings with different settings, depending on how it is configured. The **Refresh** tab in the **Properties** dialog box shows the locally configured client computer settings and any settings that might have been configured for the user by the publishing server.
 
- 
+ 
 
 **To periodically refresh the publishing information from the Application Virtualization Servers**
 
@@ -32,7 +35,7 @@ After you have performed this procedure, the publishing information will be refr
     **Note**  
     This setting will cause the client to refresh publishing information every time the configured period elapses. If the user is not logged in when it's time to do a refresh, the refresh will take place when the user next logs in. The timer is then started again for the next period.
 
-     
+     
 
 4.  Click **Apply** to change the configuration.
 
@@ -43,9 +46,9 @@ After you have performed this procedure, the publishing information will be refr
 
 [How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md b/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md
index ec0a6741d4..00463ee498 100644
--- a/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md
+++ b/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up Publishing Refresh on Login
 description: How to Set Up Publishing Refresh on Login
-author: jamiejdt
+author: eavena
 ms.assetid: 196448db-7645-4fd5-a854-ef6405b15db4
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-set-up-publishing-servers.md b/mdop/appv-v4/how-to-set-up-publishing-servers.md
index 65f0e68880..cc298754ab 100644
--- a/mdop/appv-v4/how-to-set-up-publishing-servers.md
+++ b/mdop/appv-v4/how-to-set-up-publishing-servers.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up Publishing Servers
 description: How to Set Up Publishing Servers
-author: jamiejdt
+author: eavena
 ms.assetid: 2111f079-c202-4c49-b2a6-f4237068b2dc
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-uninstall-the-app-v-client.md b/mdop/appv-v4/how-to-uninstall-the-app-v-client.md
index d4c419ebb5..32cefce588 100644
--- a/mdop/appv-v4/how-to-uninstall-the-app-v-client.md
+++ b/mdop/appv-v4/how-to-uninstall-the-app-v-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Uninstall the App-V Client
 description: How to Uninstall the App-V Client
-author: jamiejdt
+author: eavena
 ms.assetid: 07591270-9651-4bb5-a5b3-e0fc009bd9e2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,14 +28,14 @@ Use the following procedure to uninstall the Application Virtualization Client f
     **Important**  
     The uninstall process cannot be canceled or interrupted.
 
-     
+     
 
 3.  When a message stating that the Microsoft Application Virtualization Client Tray application must be closed before continuing appears, right-click the App-V icon in the notification area and select **Exit** to close the application. Then click **Retry** to continue with the uninstall process.
 
     **Important**  
     You might see a message stating that one or more virtual applications are in use. Close any open applications and save your data before you continue. Then click **OK** to continue with the uninstall process.
 
-     
+     
 
 4.  A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process.
 
@@ -47,7 +50,7 @@ Use the following procedure to uninstall the Application Virtualization Client f
 
     -   HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\SecKey
 
-     
+     
 
 ## Related topics
 
@@ -58,9 +61,9 @@ Use the following procedure to uninstall the Application Virtualization Client f
 
 [How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md b/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md
index 1ac62d003e..6084e10e78 100644
--- a/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md
+++ b/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Package Using the Open Package Command
 description: How to Upgrade a Package Using the Open Package Command
-author: jamiejdt
+author: eavena
 ms.assetid: 67c10440-de8a-4547-a34b-f83206d0cc3b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,16 +30,16 @@ Use the Open Package command to upgrade or apply an update to a sequenced applic
     **Important**  
     Updating the file name with the package version is essential to successfully completing the upgrade.
 
-     
+     
 
 ## Related topics
 
 
 [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-package.md b/mdop/appv-v4/how-to-upgrade-a-package.md
index 687cb1246b..503f8d897c 100644
--- a/mdop/appv-v4/how-to-upgrade-a-package.md
+++ b/mdop/appv-v4/how-to-upgrade-a-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Package
 description: How to Upgrade a Package
-author: jamiejdt
+author: eavena
 ms.assetid: 831c7556-6f6c-4b3a-aefb-26889094dc1a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ When you upgrade a package with a new version, you can leave the existing versio
     **Note**  
     If resequencing did not add features that changed the Open Software Descriptor (OSD), icon (ICO), or Sequencer Project (SPRJ) files, you do not need to copy those. You can include these files if you want all these files to display the same date.
 
-     
+     
 
 2.  In left pane of the Application Virtualization Server Management Console, expand **Packages**.
 
@@ -44,9 +47,9 @@ When you upgrade a package with a new version, you can leave the existing versio
 
 [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md
index ac16495e5e..3ed3a2cdfc 100644
--- a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Sequenced Application Package Using the Command Line
 description: How to Upgrade a Sequenced Application Package Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: 682fac46-c71d-4731-831b-81bfd5032764
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,56 +29,58 @@ Use the following procedure to upgrade a virtual application by using a command
 
     `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"`
 
-    **Note**  
+    **Note**  
     You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Command-Line Parameters](command-line-parameters.md).
 
-     
 
-    Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ValueDescription
    pathtosourceSPRJ
    Specifies the directory location of the virtual application to be upgraded.
    pathtoUpgradeInstaller
    Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.
    pathtodecodefolder
    Specify the directory in which to unpack the SFT file.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
+Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-     
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ValueDescription
    pathtosourceSPRJ
    Specifies the directory location of the virtual application to be upgraded.
    pathtoUpgradeInstaller
    Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.
    pathtodecodefolder
    Specify the directory in which to unpack the SFT file.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
 
-4.  Press **Enter**.
+
+
+4. Press **Enter**.
 
 ## Related topics
 
 
 [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md
index 06734f2891..74d9705ad4 100644
--- a/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md
+++ b/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Sequenced Virtual Application Package
 description: How to Upgrade a Sequenced Virtual Application Package
-author: jamiejdt
+author: eavena
 ms.assetid: ffa989f3-6621-4c59-9599-e3c3b3332f67
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can upgrade an existing virtual application to a new version by using the Ap
 **Caution**  
 You should not reference a previous version of the Windows Installer (.msi) file when you upgrade an existing virtual application package because the previous version of the .sft file will be modified during the upgrade.
 
- 
+ 
 
 Use the following procedure to upgrade an existing virtual application.
 
@@ -34,7 +37,7 @@ Use the following procedure to upgrade an existing virtual application.
     **Important**  
     The directory that you specify must be located in the package root directory on the Q:\\ drive. You can create a new folder, or you can create a subfolder under the directory where the original virtual application is saved. The name assigned to the new folder must not be longer than 8 eight characters.
 
-     
+     
 
 4.  To open the Sequencing Wizard, select **Tools**/**Sequencing Wizard**. On the **Package Information** page, optionally specify the new **Package Name** and add optional comments that will be associated with the updated virtual application. Click **Next**.
 
@@ -55,9 +58,9 @@ Use the following procedure to upgrade an existing virtual application.
 
 [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md
index a2983eaa8f..30f369aa2b 100644
--- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Virtual Application by Using the Command Line
 description: How to Upgrade a Virtual Application by Using the Command Line
-author: jamiejdt
+author: eavena
 ms.assetid: 83c97767-6ea1-42aa-b411-ccc9fa61cf81
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,47 +29,49 @@ Use the following procedure to upgrade a virtual application by using a command
 
     `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"`
 
-    **Note**  
+    **Note**  
     You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md).
 
-     
 
-    Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ValueDescription
    pathtosourceSPRJ
    Specifies the directory location of the virtual application to be upgraded.
    pathtoUpgradeInstaller
    Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.
    pathtodecodefolder
    Specify the directory in which to unpack the SFT file.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
+Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.
 
-     
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ValueDescription
    pathtosourceSPRJ
    Specifies the directory location of the virtual application to be upgraded.
    pathtoUpgradeInstaller
    Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.
    pathtodecodefolder
    Specify the directory in which to unpack the SFT file.
    pathtodestinationSPRJ
    Specifies the path and file name of the SPRJ file that will be created.
    
+~~~
 
-4.  Press **Enter**.
+
+
+4. Press **Enter**.
 
 ## Related topics
 
@@ -77,9 +82,9 @@ Use the following procedure to upgrade a virtual application by using a command
 
 [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md
index 75d9da6514..a1184994e7 100644
--- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md
+++ b/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade a Virtual Application Package (App-V 4.6)
 description: How to Upgrade a Virtual Application Package (App-V 4.6)
-author: jamiejdt
+author: eavena
 ms.assetid: 3566227e-f3dc-4c32-af1f-e0211588118c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ Use the following procedure to upgrade an existing virtual application by using
     **Warning**  
     You must specify the root folder of the existing virtual application. Do not manually create a subfolder or the upgrade will fail.
 
-     
+     
 
 3.  On the **Package Information** page, specify the **Package Name** that will be assigned to the updated package. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application—for example, a version number. To display the **Advanced Options** page, select **Show Advanced Monitoring Options** and click **Next**; otherwise, proceed to step 5.
 
@@ -48,9 +51,9 @@ Use the following procedure to upgrade an existing virtual application by using
 
 [How to Sequence a New Application (App-V 4.6)](how-to-sequence-a-new-application--app-v-46-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md b/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md
index ba0dbd48c9..acf753d0fd 100644
--- a/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md
+++ b/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade an Existing Virtual Application
 description: How to Upgrade an Existing Virtual Application
-author: jamiejdt
+author: eavena
 ms.assetid: ec531576-2423-4c2c-9b9f-da74174a6858
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md
index 340821d1cc..f2acf0f9d6 100644
--- a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md
+++ b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade the Application Virtualization Client
 description: How to Upgrade the Application Virtualization Client
-author: jamiejdt
+author: eavena
 ms.assetid: 2a75d8b5-da88-456c-85bb-f5bd3d470f7f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,12 +22,12 @@ You can use the following procedures to upgrade the Application Virtualization (
 **Note**  
 During the upgrade to Application Virtualization (App-V) 4.5 or later versions, the permissions to the HKCU registry key are changed. Because of this, users will lose user configurations that were set previously, such as user-configured Disconnected Mode settings. If the user is not actively restricted from configuring client user interface behavior through a permission lockdown, the user can reset these preferences after a publishing refresh.
 
- 
+ 
 
 **Important**  
 When upgrading to version 4.6 or a later version of the App-V Client, you must use the correct installer for the computer’s operating system, 32-bit or 64-bit. The installation will fail and an error message will be displayed if you use the wrong installer.
 
- 
+ 
 
 **To upgrade the Application Virtualization Desktop Client**
 
@@ -47,7 +50,7 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
 
     -   Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
 
-     
+     
 
 5.  Click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
 
@@ -60,14 +63,14 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
     **Warning**  
     If you did not shut down the client program in step 1, you might see a **Files In Use** warning displayed. If this happens, right-click the App-V Client icon displayed in the desktop notification area and select **Exit** to shut down the existing client. Then click **Retry** to continue.
 
-     
+     
 
 9.  When the installation completes successfully, you will be prompted to restart the computer. You need to restart the computer to complete the installation.
 
     **Caution**  
     If the upgrade fails for any reason, you will need to restart the computer before attempting the upgrade again.
 
-     
+     
 
 **To upgrade the Application Virtualization Client by Using the Command Line**
 
@@ -78,7 +81,7 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
 
     -   For App-V version 4.6, command-line parameters cannot be used during an upgrade and will be ignored.
 
-     
+     
 
 2.  The following command-line example uses the setup.msi file to upgrade the App-V Client. You will need to use the correct client installer program depending on whether you are upgrading the App-V Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services).
 
@@ -87,7 +90,7 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
     **Important**  
     The quotation marks are required only when the value contains a space. For consistency, all instances in the preceding example are shown as having quotation marks.
 
-     
+     
 
 **To upgrade the Application Virtualization Client for Remote Desktop Services**
 
@@ -98,7 +101,7 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
     **Note**  
     In App-V version 4.6 and later, in addition to using the command line to upgrade the client, you can also use a Remote Desktop session. No special parameters are required to start the Remote Desktop session.
 
-     
+     
 
 3.  After the Client for Remote Desktop Services upgrade is complete, restart and log in to the RD Session Host.
 
@@ -107,16 +110,16 @@ When upgrading to version 4.6 or a later version of the App-V Client, you must
     **Caution**  
     If the upgrade fails for any reason, you will need to restart the computer before attempting the upgrade again.
 
-     
+     
 
 ## Related topics
 
 
 [Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md
index 6673dc69ab..d120506886 100644
--- a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade the Application Virtualization Sequencer
 description: How to Upgrade the Application Virtualization Sequencer
-author: jamiejdt
+author: eavena
 ms.assetid: 7f85f140-5034-4227-85ef-81f205e722ef
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md b/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md
index 4987d0aa3d..3724881e5b 100644
--- a/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md
+++ b/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upgrade the Servers and System Components
 description: How to Upgrade the Servers and System Components
-author: jamiejdt
+author: eavena
 ms.assetid: 7d8374fe-5897-452e-923e-556a854b2024
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ Use the following procedure to upgrade software components installed on all Appl
 
 -   You can upgrade to Microsoft Application Virtualization (App-V) 4.5 only from Microsoft Application Virtualization (App-V) 4.1 or 4.1 SP1. App-V 4.0 and earlier must be uninstalled or upgraded to 4.1 or 4.1 SP1 before upgrading to App-V 4.5.
 
- 
+ 
 
 **To upgrade software components on Application Virtualization System computers**
 
@@ -48,7 +51,7 @@ Use the following procedure to upgrade software components installed on all Appl
 
     When you want to restore a database with VSS, you must first stop the App-V Server Service on the Management Server. This should be done on every Management server if there is more than one server connected to the same database.
 
-     
+     
 
 9.  On the first **Package Validation** page, read the content and then click **Next**.
 
@@ -67,9 +70,9 @@ Use the following procedure to upgrade software components installed on all Appl
 
 [Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-use-dynamic-suite-composition.md b/mdop/appv-v4/how-to-use-dynamic-suite-composition.md
index e2b0d5259f..a92d326172 100644
--- a/mdop/appv-v4/how-to-use-dynamic-suite-composition.md
+++ b/mdop/appv-v4/how-to-use-dynamic-suite-composition.md
@@ -1,8 +1,11 @@
 ---
 title: How To Use Dynamic Suite Composition
 description: How To Use Dynamic Suite Composition
-author: jamiejdt
+author: eavena
 ms.assetid: 24147feb-a0a8-4791-a8e5-cbe5fe13c762
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ If you plan to make several primary applications dependent on a single middlewar
 **Important**  
 Package dependencies can be specified as mandatory for a primary application. If a secondary package is flagged as mandatory and it cannot be accessed for some reason during loading, the load of the secondary package will fail. Also, the primary application will fail when the user tries to start it.
 
- 
+ 
 
 You can use the following procedures to create a secondary package, for either a plug-in or a middleware component, and then you can use the final procedure to define the dependency in the OSD file of the secondary package.
 
@@ -44,7 +47,7 @@ You can use the following procedures to create a secondary package, for either a
     **Important**  
     You must specify a new package root for the secondary package.
 
-     
+     
 
 5.  Start the sequencer monitoring phase.
 
@@ -59,7 +62,7 @@ You can use the following procedures to create a secondary package, for either a
     **Note**  
     To assist with management of secondary packages, it is recommended that the package name include the term “Secondary package” to emphasize that this is a package that will not function as a stand-alone application—for example, **\[Plug In Name\] Secondary package**.
 
-     
+     
 
 **To create a secondary package for middleware by using Dynamic Suite Composition**
 
@@ -84,56 +87,56 @@ You can use the following procedures to create a secondary package, for either a
     **Note**  
     To assist with management of secondary packages, it is recommended that the package name include the term “Secondary package” to emphasize that this is a package that will not function as a stand-alone application—for example, **\[Middleware Name\] Secondary package**.
 
-     
+     
 
 **To define the dependency in the primary package**
 
-1.  On the server, open the OSD file of the secondary package for editing. (It is a good idea to use an XML editor to make changes to the OSD file; however, you can use Notepad as an alternative.)
+1. On the server, open the OSD file of the secondary package for editing. (It is a good idea to use an XML editor to make changes to the OSD file; however, you can use Notepad as an alternative.)
 
-2.  Copy the **CODEBASE HREF** line from that file.
+2. Copy the **CODEBASE HREF** line from that file.
 
-3.  Open the OSD file of the primary package for editing.
+3. Open the OSD file of the primary package for editing.
 
-4.  Insert the **<DEPENDENCIES>**tag after the close of **</ENVLIST>** tag at the end of the **<VIRTUALENV>** section just before the **</VIRTUALENV>** tag.
+4. Insert the <DEPENDENCIES>tag after the close of **</ENVLIST>** tag at the end of the **<VIRTUALENV>** section just before the **</VIRTUALENV>** tag.
 
-5.  Paste the **CODEBASE HREF** line from the secondary package after the **<DEPENDENCIES>** tag you just created.
+5. Paste the **CODEBASE HREF** line from the secondary package after the **<DEPENDENCIES>** tag you just created.
 
-6.  If the secondary package is a mandatory package, which means that it must be started before the primary package is started, add the **MANDATORY=”TRUE”** property inside the **CODEBASE** tag. If it is not mandatory, the property can be omitted.
+6. If the secondary package is a mandatory package, which means that it must be started before the primary package is started, add the **MANDATORY=”TRUE”** property inside the **CODEBASE** tag. If it is not mandatory, the property can be omitted.
 
-7.  Close the **<DEPENDENCIES>** tag by inserting the following:
+7. Close the **<DEPENDENCIES>** tag by inserting the following:
 
-    **</DEPENDENCIES>**
+   **</DEPENDENCIES>**
 
-8.  Review the changes that you made to the OSD file, and then save and close the file. The following example shows how the added section should appear. The tag values shown here are for example only.
+8. Review the changes that you made to the OSD file, and then save and close the file. The following example shows how the added section should appear. The tag values shown here are for example only.
 
-    **<VIRTUALENV>**
+   **<VIRTUALENV>**
 
-         **<ENVLIST>**
+        **<ENVLIST>**
 
-    **…**
+   **…**
 
-         **</ENVLIST>**
+        **</ENVLIST>**
 
-         **<DEPENDENCIES>**
+        **<DEPENDENCIES>**
 
-              **<CODEBASE HREF="rtsp://virt\_apps/package.1/package.1.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.1\\osguard.cp"/>**
+             **<CODEBASE HREF="rtsp://virt\_apps/package.1/package.1.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.1\\osguard.cp"/>**
 
-              **<CODEBASE HREF="rtsp://sample\_apps/package.2/sample.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.2\\osguard.cp" MANDATORY="TRUE" />**
+             **<CODEBASE HREF="rtsp://sample\_apps/package.2/sample.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.2\\osguard.cp" MANDATORY="TRUE" />**
 
-         **</DEPENDENCIES>**
+        **</DEPENDENCIES>**
 
-    **</VIRTUALENV>**
+   **</VIRTUALENV>**
 
-9.  If the secondary package has any entries in the **<ENVLIST>** section of the OSD file, you must copy those entries to the same section in the primary package.
+9. If the secondary package has any entries in the **<ENVLIST>** section of the OSD file, you must copy those entries to the same section in the primary package.
 
 ## Related topics
 
 
 [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md b/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md
index 6432a2ff86..5c1a2d616f 100644
--- a/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md
+++ b/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Cache Space Management Feature
 description: How to Use the Cache Space Management Feature
-author: jamiejdt
+author: eavena
 ms.assetid: 60965660-c015-46a8-88ac-54cbc050fe33
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ More than one package is deleted if necessary. Packages that are locked are not
 **Note**  
 To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly.
 
- 
+ 
 
 The cache space management feature is controlled by the UnloadLeastRecentlyUsed registry value. A value of 1 enables the feature, and a value of 0 (zero) disables it.
 
@@ -40,16 +43,16 @@ The cache space management feature is controlled by the UnloadLeastRecentlyUsed
     **Caution**  
     The maximum value for this registry key is 0x00011111. Larger values will prevent the correct operation of the cache space management feature.
 
-     
+     
 
 ## Related topics
 
 
 [How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md b/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md
index 8cb669a1da..47ad3bd18b 100644
--- a/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md
+++ b/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Desktop Notification Area for Application Virtualization Client Management
 description: How to Use the Desktop Notification Area for Application Virtualization Client Management
-author: jamiejdt
+author: eavena
 ms.assetid: 75b2e636-7669-4e1e-8368-8b9fca567a84
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/how-to-use-the-differential-sft-file.md b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
index 347d12e4ce..ee2cad8104 100644
--- a/mdop/appv-v4/how-to-use-the-differential-sft-file.md
+++ b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Differential SFT File
 description: How to Use the Differential SFT File
-author: jamiejdt
+author: eavena
 ms.assetid: 607e30fd-2f0e-4e2f-b669-0b3f010aebb0
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ For more information about upgrading a package, see “How to Upgrade an Existin
 **Note**  
 As a prerequisite, all user computers being targeted by the ESD must have the V1.sft file fully loaded into their local cache, and file streaming must be enabled on all computers.
 
- 
+ 
 
 **To use the Differential SFT file**
 
@@ -52,16 +55,16 @@ As a prerequisite, all user computers being targeted by the ESD must have the V1
 
 -   The **Generate Microsoft Windows Installer (MSI) Package** capability in the Sequencer cannot be used with the Differential SFT file.
 
- 
+ 
 
 ## Related topics
 
 
 [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md b/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md
index 67f46a3539..2600e02b87 100644
--- a/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md
+++ b/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md
@@ -1,8 +1,11 @@
 ---
 title: How to Work Offline or Online with Application Virtualization
 description: How to Work Offline or Online with Application Virtualization
-author: jamiejdt
+author: eavena
 ms.assetid: aa532b37-8a00-4db4-9b51-e1e8354b2495
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ If you plan to be disconnected from the network for an extended period of time,
 **Note**  
 By default, **Work Offline** is disabled for the Client for Remote Desktop Services (formerly Terminal Services). Your system administrator must change your user permissions to allow you to use this setting on a Client for Remote Desktop Services.
 
- 
+ 
 
 **To work offline**
 
@@ -34,9 +37,9 @@ By default, **Work Offline** is disabled for the Client for Remote Desktop Servi
 
 [How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/i b/mdop/appv-v4/i
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/mdop/appv-v4/improving-security-during-app-v-sequencing.md b/mdop/appv-v4/improving-security-during-app-v-sequencing.md
index 534b8b9a09..25d280c294 100644
--- a/mdop/appv-v4/improving-security-during-app-v-sequencing.md
+++ b/mdop/appv-v4/improving-security-during-app-v-sequencing.md
@@ -1,8 +1,11 @@
 ---
 title: Improving Security During App-V Sequencing
 description: Improving Security During App-V Sequencing
-author: jamiejdt
+author: eavena
 ms.assetid: f30206dd-5749-4a27-bbaf-61fc21b9c663
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,13 +34,13 @@ This feature also enables the sequencing engineer to capture the security settin
 **Important**  
 Although the sequencer captures the NTFS ACLs while monitoring the installation phase of sequencing, it does not capture the ACLs for the registry. Users have full access to all registry keys for virtual applications except for services. However, if a user modifies the registry of a virtual application, that change is stored in a specific location (`uservol_sftfs_v1.pkg`) and won’t affect other users.
 
- 
+ 
 
 During the installation phase, a sequencing engineer can modify the default permissions of the files if necessary. After the sequencing process is complete, but before saving the package, the sequencing engineer can then choose to enforce security descriptors that were captured during the installation phase. It is a best practice to enforce security descriptors if no other solution allows the application to run properly once virtualized.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md
index 056b30d465..c02fae6064 100644
--- a/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Incompatible Installer Dialog Box (App-V 4.6 SP1)
 description: Incompatible Installer Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 45d465b1-ee49-4274-8234-71dd031a07b6
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/installation-files-page.md b/mdop/appv-v4/installation-files-page.md
index 7a91f8eec1..01386f3df3 100644
--- a/mdop/appv-v4/installation-files-page.md
+++ b/mdop/appv-v4/installation-files-page.md
@@ -1,8 +1,11 @@
 ---
 title: Installation Files Page
 description: Installation Files Page
-author: jamiejdt
+author: eavena
 ms.assetid: b0aad26f-b143-4f09-87a1-9f016a23cb62
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ Click **Browse** to specify the installation files that have been installed loca
 **Note**  
 The default installation location you provide depends on the following conditions:
 
- 
+ 
 
 -   The package root specified when the package was originally created.
 
@@ -46,9 +49,9 @@ When you create a package using a package accelerator, each file in the package,
 
 [Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/installation-page--learn-more-.md b/mdop/appv-v4/installation-page--learn-more-.md
index a943280834..16497b85eb 100644
--- a/mdop/appv-v4/installation-page--learn-more-.md
+++ b/mdop/appv-v4/installation-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Installation Page (Learn More)
 description: Installation Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: a53b8330-dfc3-4540-b147-7c10529f403a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/installation-report-page--learn-more-.md b/mdop/appv-v4/installation-report-page--learn-more-.md
index 62b09d8cdf..343d0b17fd 100644
--- a/mdop/appv-v4/installation-report-page--learn-more-.md
+++ b/mdop/appv-v4/installation-report-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Installation Report Page (Learn More)
 description: Installation Report Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: 499cf4db-a39c-4dcf-b1cf-85fd7da11701
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
index 1d396e4a37..a57d3fd5ef 100644
--- a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
+++ b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
@@ -1,8 +1,11 @@
 ---
 title: Installing App-V Management Server or Streaming Server Securely
 description: Installing App-V Management Server or Streaming Server Securely
-author: jamiejdt
+author: eavena
 ms.assetid: d2a51a81-a80f-427c-a727-611e1eb74f02
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The topics in this section provide information for installing an enhanced securi
 **Note**  
 Installing or configuring an App-V Management or Streaming Server to use enhanced security (for example, Transport Layer Security, or TLS) requires that an X.509 V3 certificate has been provisioned to the App-V server.
 
- 
+ 
 
 When you prepare to install or configure a secure Management or Streaming Server, consider the following technical requirements:
 
@@ -32,7 +35,7 @@ When you prepare to install or configure a secure Management or Streaming Server
     **Note**  
     If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see .
 
-     
+     
 
 -   The client and the server need to trust the root CA—The CA issuing the certificate to the App-V server must by trusted by the client connecting to the server. If not, the client ends the connection.
 
@@ -50,9 +53,9 @@ Provides procedures you can use to modify keys in Windows Server 2003 and Windo
 [Configuring Certificates to Support App-V Management Server or Streaming Server](configuring-certificates-to-support-app-v-management-server-or-streaming-server.md)  
 Provides information about configuring certificates for the App-V Management or Streaming Servers, including information about configuring certificates for Network Load Balancing environments.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md b/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md
index 68a52aba6d..d6386c9039 100644
--- a/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md
+++ b/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md
@@ -1,8 +1,11 @@
 ---
 title: Internet-Facing Considerations for App-V Clients
 description: Internet-Facing Considerations for App-V Clients
-author: jamiejdt
+author: eavena
 ms.assetid: 261acde3-7112-492e-8b11-934ae45adc5f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
index c8b49013da..08a864e1ad 100644
--- a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
+++ b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
@@ -1,8 +1,11 @@
 ---
 title: Internet-Facing Server Scenarios for Perimeter Networks
 description: Internet-Facing Server Scenarios for Perimeter Networks
-author: jamiejdt
+author: eavena
 ms.assetid: 8a4da6e6-82c7-49e5-b9b1-1666cba02f65
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ Place the following servers in the perimeter network:
 **Note**  
 It is a best practice to place the Management Server and IIS server on separate computers.
 
- 
+ 
 
 Place the following servers in the internal network:
 
@@ -77,7 +80,7 @@ The following tables list the traffic requirements for communication from the In
 
 
 
- 
+ 
 
 @@ -114,11 +117,11 @@ The following tables list the traffic requirements for communication from the In
 
    
 

 
    
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
index d6d324ec9d..fb9336a35c 100644
--- a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
+++ b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
@@ -1,8 +1,11 @@
 ---
 title: Introduction to the Application Virtualization Security Guide
 description: Introduction to the Application Virtualization Security Guide
-author: jamiejdt
+author: eavena
 ms.assetid: 50e1d220-7a95-45b8-933b-3dadddebe26f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ This Microsoft Application Virtualization (App-V) security guide provides instru
 **Note**  
 This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at .
 
- 
+ 
 
 As an App-V administrator using this guide, you should be familiar with the following security-related technologies:
 
@@ -45,7 +48,7 @@ For more information about App-V infrastructure models, see the following docume
 
 -   [Infrastructure Planning and Design Guide Series](https://go.microsoft.com/fwlink/?LinkId=151986)
 
- 
+ 
 
 These models utilize some but possibly not all of the App-V components depicted in the following illustration.
 
@@ -72,9 +75,9 @@ The App-V Sequencer monitors and captures the installation of applications and c
 Application Virtualization (App-V) Client  
 The App-V Client is installed on the App-V Desktop Client computer or on the App-V Terminal Services Client computer. It provides the virtual environment for the virtual application packages. The App-V Client manages the package streaming to the cache, virtual application publishing refresh, and interaction with the Application Virtualization Servers.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/load-app.md b/mdop/appv-v4/load-app.md
index bb9d56c819..e76ab3bbfd 100644
--- a/mdop/appv-v4/load-app.md
+++ b/mdop/appv-v4/load-app.md
@@ -1,8 +1,11 @@
 ---
 title: LOAD APP
 description: LOAD APP
-author: jamiejdt
+author: eavena
 ms.assetid: 7b727d0c-5423-419d-92ef-7ebbc6343e79
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Loads the specified application and all other applications in the package into t
 **Note**  
 The **LOAD APP** command starts the load process and a progress bar is displayed in the Desktop Notification Area. The command exits immediately after starting this process, so any load errors are displayed in the same location. Use the **LOAD PACKAGE** command if you want to start the load process from the command line without using the Desktop Notification Area.
 
- 
+ 
 
 `SFTMIME LOAD APP:application [/LOG log-pathname | /GUI]`
 
@@ -50,7 +53,7 @@ The **LOAD APP** command starts the load process and a progress bar is displayed
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -67,16 +70,16 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/load-package.md b/mdop/appv-v4/load-package.md
index fd38513dc7..a5b0ab5872 100644
--- a/mdop/appv-v4/load-package.md
+++ b/mdop/appv-v4/load-package.md
@@ -1,8 +1,11 @@
 ---
 title: LOAD PACKAGE
 description: LOAD PACKAGE
-author: jamiejdt
+author: eavena
 ms.assetid: eb19116d-e5d0-445c-b2f0-3116a09384d7
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ Loads the specified package into the file system cache.
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -70,23 +73,23 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Note**  
 If no SFTPATH is specified, the client will load the package by using the path it has been configured to use, based on the OSD file, the ApplicationSourceRoot registry key value, or the OverrideURL setting.
 
 The **LOAD PACKAGE** command performs a synchronous load and will not be complete until the package is fully loaded or until it encounters an error condition.
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/lock-app.md b/mdop/appv-v4/lock-app.md
index 818c7e2da7..e33f3dccae 100644
--- a/mdop/appv-v4/lock-app.md
+++ b/mdop/appv-v4/lock-app.md
@@ -1,8 +1,11 @@
 ---
 title: LOCK APP
 description: LOCK APP
-author: jamiejdt
+author: eavena
 ms.assetid: 30673433-4364-499f-8116-cb135fe2716f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/log-file-for-the-application-virtualization-client.md b/mdop/appv-v4/log-file-for-the-application-virtualization-client.md
index d8dab66cef..0d0fbf2b4d 100644
--- a/mdop/appv-v4/log-file-for-the-application-virtualization-client.md
+++ b/mdop/appv-v4/log-file-for-the-application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: Log File for the Application Virtualization Client
 description: Log File for the Application Virtualization Client
-author: jamiejdt
+author: eavena
 ms.assetid: ac4b3e4a-a220-4c06-bd60-af7dc318b3a9
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md b/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md
index ddc703ef03..62fe4015f9 100644
--- a/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: Log Files for the Application Virtualization Sequencer
 description: Log Files for the Application Virtualization Sequencer
-author: jamiejdt
+author: eavena
 ms.assetid: 1a296544-eab4-46f9-82ce-3136f8b578af
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
index df41075652..9842c91c7b 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement
 description: Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement
-author: jamiejdt
+author: eavena
 ms.assetid: e82c57ea-885d-4761-96db-4d80b1c3e1ae
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
index 41caf5044b..91f7d0618e 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement
 description: Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement
-author: jamiejdt
+author: eavena
 ms.assetid: 4ee569b2-7711-475a-9f17-70247f00b1b7
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -65,7 +68,7 @@ The remainder of this document will address the following specific features:
 **Note**  
 This section is divided into two parts: (1) features in all versions of App-V and (2) features in App-V 4.6 SP1 and later.
 
- 
+ 
 
 ### Microsoft Error Reporting
 
@@ -214,9 +217,9 @@ No information is sent to Microsoft through customers’ use of the Application
 
 [About Microsoft Application Virtualization 4.6 SP2](about-microsoft-application-virtualization-46-sp2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
index 9e2c944136..8b5c8b1759 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization Client Management Help
 description: Microsoft Application Virtualization Client Management Help
-author: jamiejdt
+author: eavena
 ms.assetid: 449eebda-70eb-48b7-855a-db965a680923
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md b/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md
index c2189264f6..d581ace524 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization Getting Started Guide
 description: Microsoft Application Virtualization Getting Started Guide
-author: jamiejdt
+author: eavena
 ms.assetid: 6cd9a212-e270-4d7c-bd0a-bd6af9a5c3ba
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
index 1b0d7df769..1e8882dde6 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization Management System Release Notes 4.5 SP1
 description: Microsoft Application Virtualization Management System Release Notes 4.5 SP1
-author: jamiejdt
+author: eavena
 ms.assetid: 5d6b11ea-7b87-4084-9a7c-0d831f247aa3
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Important**  
 Read these Release Notes thoroughly before you install the Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. These Release Notes contain information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative.
 
- 
+ 
 
 For updated information about known issues, please visit the Microsoft TechNet Library at .
 
@@ -72,16 +75,16 @@ When this has been completed, install the App-V 4.5 SP1 client by using setup.ms
 
 When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP1 Desktop client:
 
-    msiexec /i dw20shared.msi APPGUID={93468B43-C19D-44F9-8BCC-114076DB0443}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
+    msiexec /i dw20shared.msi APPGUID={93468B43-C19D-44F9-8BCC-114076DB0443}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
 
 Alternatively, if you are installing or upgrading to the App-V 4.5 SP1 Client for Remote Desktop Services (formerly Terminal Services), use the following command:
 
-    msiexec /i dw20shared.msi APPGUID={0042AD3C-99A4-4E58-B5F0-744D5AD96E1C} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
+    msiexec /i dw20shared.msi APPGUID={0042AD3C-99A4-4E58-B5F0-744D5AD96E1C} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
 
 **Note**  
 The APPGUID parameter references the product code of the App-V client that you install or upgrade. The product code is unique for each setup.msi. You can use the Orca database editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP1.
 
- 
+ 
 
 ### Improving performance when sequencing the .NET Framework
 
@@ -208,9 +211,9 @@ Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and W
 
 All other trademarks are property of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
index 726ac5b392..34494bd042 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization Management System Release Notes
 description: Microsoft Application Virtualization Management System Release Notes
-author: jamiejdt
+author: eavena
 ms.assetid: e1a4d5ee-53c7-4b48-814c-a34ce0e698dc
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Important**  
 Read these Release Notes thoroughly before you install the Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative. These Release Notes supersede the content included with this product.
 
- 
+ 
 
 For updated information about known issues, please visit the Microsoft TechNet Library at .
 
@@ -33,7 +36,7 @@ These Release Notes have been updated to reflect the changes introduced with Mic
     **Important**  
     Running App-V 4.5 CU1 on any version of Windows 7 or Windows Server 2008 R2 in a live operating environment is not supported.
 
-     
+     
 
 -   Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at .
 
@@ -71,16 +74,16 @@ When this has been completed, install the App-V 4.5 CU1 client by using setup.m
 
 When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 CU1 Desktop client:
 
-    msiexec /i dw20shared.msi APPGUID={FE495DBC-6D42-4698-B61F-86E655E0796D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
+    msiexec /i dw20shared.msi APPGUID={FE495DBC-6D42-4698-B61F-86E655E0796D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
 
 Alternatively, if you are installing or upgrading to the App-V 4.5 CU1 Terminal Services client, use the following command:
 
-    msiexec /i dw20shared.msi APPGUID={8A97C241-D92A-47DC-B360-E716C1AAA929} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
+    msiexec /i dw20shared.msi APPGUID={8A97C241-D92A-47DC-B360-E716C1AAA929} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus
 
 **Note**  
 The APPGUID parameter references the product code of the App-V client that you install or upgrade to. The product code is unique for each setup.msi. You can use the Orca database editor or similar tool to examine Windows Installer files and determine the product code. This step is required for all installs or upgrades to App-V 4.5 CU1.
 
- 
+ 
 
 ### Some applications might fail to install during the monitoring phase when sequencing on Windows 7 Beta
 
@@ -88,12 +91,12 @@ When sequencing on Windows 7 Beta or on a computer with Windows Installer 5.0,
 
 WORKAROUND   You must manually grant the Everyone group Full Control permissions to the following registry key:
 
-    HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\SystemGuard
+    HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\SystemGuard
 
 **Important**  
 You must use the **Advanced** button to set the “Include inheritable permissions from this object’s parent” option.
 
- 
+ 
 
 ### Unable to save packages when sequencing on Windows 7 Beta
 
@@ -232,7 +235,7 @@ WORKAROUND   After installing the application on the sequencing computer, whi
 **Important**  
 This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1.
 
- 
+ 
 
 ### When the server installer is run in silent mode, it does not correctly check for MSXML6
 
@@ -259,7 +262,7 @@ When using Symantec Endpoint Protection with the Application and Device Control
 **Important**  
 This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1.
 
- 
+ 
 
 ## Release Notes Copyright Information
 
@@ -274,9 +277,9 @@ Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, an
 
 The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-security-guide.md b/mdop/appv-v4/microsoft-application-virtualization-security-guide.md
index b2f5e6cfb6..c57610a611 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-security-guide.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-security-guide.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization Security Guide
 description: Microsoft Application Virtualization Security Guide
-author: jamiejdt
+author: eavena
 ms.assetid: 5e794316-cc4f-459e-90ef-79fc9841ba4e
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/monitoring-application-virtualization-servers.md b/mdop/appv-v4/monitoring-application-virtualization-servers.md
index 13acd7523b..9058c5bf3d 100644
--- a/mdop/appv-v4/monitoring-application-virtualization-servers.md
+++ b/mdop/appv-v4/monitoring-application-virtualization-servers.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring Application Virtualization Servers
 description: Monitoring Application Virtualization Servers
-author: jamiejdt
+author: eavena
 ms.assetid: d84355ae-4fe4-41d9-ac3a-3eaa32d9a61f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/online-help-for-application-virtualization.md b/mdop/appv-v4/online-help-for-application-virtualization.md
index 6b7275ca50..5607572347 100644
--- a/mdop/appv-v4/online-help-for-application-virtualization.md
+++ b/mdop/appv-v4/online-help-for-application-virtualization.md
@@ -1,8 +1,11 @@
 ---
 title: Online Help for Application Virtualization
 description: Online Help for Application Virtualization
-author: jamiejdt
+author: eavena
 ms.assetid: 261ede48-976f-473c-84bc-452577efdcdf
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md b/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md
index faa4d4f1c4..cf155ad5c7 100644
--- a/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md
+++ b/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Open Package Wizard (AppV 4.6 SP1)
 description: Open Package Wizard (AppV 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 26bdef59-2ea3-4e30-9095-0ee0d0085b2d
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
index 0ec87c9cbc..7537dd9052 100644
--- a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
+++ b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
@@ -1,8 +1,11 @@
 ---
 title: Operations Guide for the Application Virtualization System
 description: Operations Guide for the Application Virtualization System
-author: jamiejdt
+author: eavena
 ms.assetid: 686f2b75-7fba-4410-89b2-a539984b6ef2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/osd-file-elements.md b/mdop/appv-v4/osd-file-elements.md
index a01ed85d98..77e35c6c8f 100644
--- a/mdop/appv-v4/osd-file-elements.md
+++ b/mdop/appv-v4/osd-file-elements.md
@@ -1,8 +1,11 @@
 ---
 title: OSD File Elements
 description: OSD File Elements
-author: jamiejdt
+author: eavena
 ms.assetid: 8211b562-7549-4331-8321-144f52574e99
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/osd-tab-keep.md b/mdop/appv-v4/osd-tab-keep.md
index f2675560d4..256b47eed2 100644
--- a/mdop/appv-v4/osd-tab-keep.md
+++ b/mdop/appv-v4/osd-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: OSD Tab
 description: OSD Tab
-author: jamiejdt
+author: eavena
 ms.assetid: e66f1384-1753-4216-b9ee-77e99af93c74
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md
index dfa346490a..e088b5a477 100644
--- a/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Oversized Package Dialog Box (App-V 4.6 SP1)
 description: Oversized Package Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 8973a493-6509-4d52-afb6-a9f47d1c5c26
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/overview-of-application-virtualization.md b/mdop/appv-v4/overview-of-application-virtualization.md
index 65979abce4..60b9846d7a 100644
--- a/mdop/appv-v4/overview-of-application-virtualization.md
+++ b/mdop/appv-v4/overview-of-application-virtualization.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of Application Virtualization
 description: Overview of Application Virtualization
-author: jamiejdt
+author: eavena
 ms.assetid: 80545ef4-cf4c-420c-88d6-48e9f226051f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md b/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md
index e9b5960aed..cdd61b6351 100644
--- a/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md
+++ b/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of the Application Virtualization System Components
 description: Overview of the Application Virtualization System Components
-author: jamiejdt
+author: eavena
 ms.assetid: 75d88ef7-44d8-4fa7-b7f5-9153f37e570d
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/package-name-page---learn-more-.md b/mdop/appv-v4/package-name-page---learn-more-.md
index 279d0a351d..2ec6a13682 100644
--- a/mdop/appv-v4/package-name-page---learn-more-.md
+++ b/mdop/appv-v4/package-name-page---learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Package Name Page (Learn More)
 description: Package Name Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: ee75b8f0-bd9d-4460-a256-016ff97c2386
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the **Package Name** page to specify a name for the virtual application pack
 **Note**  
 Editing the primary virtual application directory is an advanced task.
 
- 
+ 
 
 This page contains the following elements:
 
@@ -34,9 +37,9 @@ Select this option to change the location of where the virtual application will
 
 [Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/package-name-page--app-v-46-sp1.md b/mdop/appv-v4/package-name-page--app-v-46-sp1.md
index 302e29a5e0..d6a33e85ab 100644
--- a/mdop/appv-v4/package-name-page--app-v-46-sp1.md
+++ b/mdop/appv-v4/package-name-page--app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Package Name Page
 description: Package Name Page
-author: jamiejdt
+author: eavena
 ms.assetid: 1cea36b7-737d-4c5e-9294-5feba02a3e7d
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/package-results-pane-columns.md b/mdop/appv-v4/package-results-pane-columns.md
index 301daf9c68..2197976bc7 100644
--- a/mdop/appv-v4/package-results-pane-columns.md
+++ b/mdop/appv-v4/package-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Package Results Pane Columns
 description: Package Results Pane Columns
-author: jamiejdt
+author: eavena
 ms.assetid: 4ed3a06a-656d-497a-b62d-21684396e2b0
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/package-results-pane.md b/mdop/appv-v4/package-results-pane.md
index 1b446b15ad..d9670bd51d 100644
--- a/mdop/appv-v4/package-results-pane.md
+++ b/mdop/appv-v4/package-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Package Results Pane
 description: Package Results Pane
-author: jamiejdt
+author: eavena
 ms.assetid: 07b7f737-f26f-4feb-88aa-3d8009c5622d
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/packages-node.md b/mdop/appv-v4/packages-node.md
index 8e706f35fd..548eea3031 100644
--- a/mdop/appv-v4/packages-node.md
+++ b/mdop/appv-v4/packages-node.md
@@ -1,8 +1,11 @@
 ---
 title: Packages Node
 description: Packages Node
-author: jamiejdt
+author: eavena
 ms.assetid: 3465168c-012f-4e9f-905d-611418d2975a
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/packaging-method--learn-more-.md b/mdop/appv-v4/packaging-method--learn-more-.md
index 4a504de42d..b1016bf355 100644
--- a/mdop/appv-v4/packaging-method--learn-more-.md
+++ b/mdop/appv-v4/packaging-method--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Packaging Method (Learn More)
 description: Packaging Method (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: 3975a640-1ffd-4b4c-95fd-608469f4c205
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/packaging-method-page--learn-more-.md b/mdop/appv-v4/packaging-method-page--learn-more-.md
index 5b23c4cee1..dade78cf81 100644
--- a/mdop/appv-v4/packaging-method-page--learn-more-.md
+++ b/mdop/appv-v4/packaging-method-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Packaging Method Page (Learn More)
 description: Packaging Method Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: f405a293-bcd4-48a1-b4d9-b5e4cf73c5f4
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/parse-items-tab-keep.md b/mdop/appv-v4/parse-items-tab-keep.md
index a1a69ede9c..04e254d387 100644
--- a/mdop/appv-v4/parse-items-tab-keep.md
+++ b/mdop/appv-v4/parse-items-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Parse Items Tab
 description: Parse Items Tab
-author: jamiejdt
+author: eavena
 ms.assetid: bdf3fe0d-404a-4745-af52-f415fa321564
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md
index af83104855..3e3b86e643 100644
--- a/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md
+++ b/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md
@@ -1,8 +1,11 @@
 ---
 title: Planning and Deployment Guide for the Application Virtualization System
 description: Planning and Deployment Guide for the Application Virtualization System
-author: jamiejdt
+author: eavena
 ms.assetid: 6c012e33-9ac6-4cd8-84ff-54f40973833f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md b/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md
index c068f230fa..71f4d2d740 100644
--- a/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md
+++ b/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Application Virtualization Client Deployment
 description: Planning for Application Virtualization Client Deployment
-author: jamiejdt
+author: eavena
 ms.assetid: a352f80f-f0f9-4fbf-ac10-24c510b2d6be
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md b/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md
index 52e5568752..c76572d411 100644
--- a/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md
+++ b/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Application Virtualization System Deployment
 description: Planning for Application Virtualization System Deployment
-author: jamiejdt
+author: eavena
 ms.assetid: 8215269f-c083-468a-bf0b-886b0d2dd69e
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md
index 279b96234d..6050d3895b 100644
--- a/mdop/appv-v4/planning-for-client-security.md
+++ b/mdop/appv-v4/planning-for-client-security.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Client Security
 description: Planning for Client Security
-author: jamiejdt
+author: eavena
 ms.assetid: 4840a60f-4c91-489c-ad0b-6671882abf9b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,9 +38,9 @@ By default, the installation of the client registers file type associations (FTA
 
 Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown:
 
-    Create HKEY\_CLASSES\_ROOT\\.osd with a default value of SoftGrid.osd.File
+    Create HKEY\_CLASSES\_ROOT\\.osd with a default value of SoftGrid.osd.File
 
-    Under HKEY\_LOCAL\_MACHINE\\software\\classes\\Softgrid.osd.file, create a string value named AppUserModelID with a data value of Microsoft.AppV.Client.Tray
+    Under HKEY\_LOCAL\_MACHINE\\software\\classes\\Softgrid.osd.file, create a string value named AppUserModelID with a data value of Microsoft.AppV.Client.Tray
 
 ### Authorization
 
@@ -63,7 +66,7 @@ When the client communicates with the server to perform a publishing refresh, it
 **Note**  
 If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients.
 
- 
+ 
 
 ### Package Streaming
 
@@ -72,7 +75,7 @@ When a user launches an application for the first time, or if auto-loading param
 **Note**  
 If you are using IIS to publish packages (SFT files), configure a MIME type for SFT=Binary; otherwise, IIS will refuse to serve the SFT files to clients.
 
- 
+ 
 
 ### Roaming Profiles and Folder Redirection
 
@@ -96,9 +99,9 @@ If a user is home-based and the computer is not joined to the company domain, Ap
 
 [Planning for Security and Protection](planning-for-security-and-protection.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/planning-for-migration-from-previous-versions.md b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
index b30d38e1cc..c999a32a70 100644
--- a/mdop/appv-v4/planning-for-migration-from-previous-versions.md
+++ b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Migration from Previous Versions
 description: Planning for Migration from Previous Versions
-author: jamiejdt
+author: eavena
 ms.assetid: 62967bf1-542f-41b0-838f-c62f3430ac73
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ To help ensure a successful migration, the Application Virtualization system com
     **Note**  
     If you have more than one server sharing access to the Application Virtualization database, all those servers must be taken offline while the database is being upgraded. You should follow your normal business practices for the database upgrade, but it is highly advisable that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the other servers.
 
-     
+     
 
 3.  **Microsoft Application Virtualization Management Web Service.** This step applies only if the Management Web Service is on a separate server, which would require that you run the server installer program on that separate server to upgrade the Web service. Otherwise, the previous server upgrade step will automatically upgrade the Management Web Service.
 
@@ -84,14 +87,14 @@ You can deploy packages created in previous versions of App-V to App-V 4.6 Clie
 
 
 
- 
+ 
 
 To run a newly created 32-bit package, you must sequence the application on a computer running a 32-bit operating system with the App-V 4.6 Sequencer installed. After you have sequenced the application, in the Sequencer console, select the **Deployment** tab and then specify the appropriate operating system and chip architecture as required.
 
 **Important**  
 Applications sequenced on a computer running a 64-bit operating system must be deployed to computers running a 64-bit operating system. New 32-bit packages created by using the App-V 4.6 Sequencer will not run on computers running the App-V 4.5 Client.
 
- 
+ 
 
 To run new 64-bit packages on the App-V 4.6 Client, you must sequence the application on a computer running the App-V 4.6 Sequencer and that is running a 64-bit operating system. After you have sequenced the application, in the Sequencer console, select the **Deployment** tab and then specify the appropriate operating system and chip architecture as required.
 
@@ -176,7 +179,7 @@ The following table lists which client versions will run packages created by usi
 
 
 
- 
+ 
 
 ¹Applies to all versions of the App-V 4.5 Client, including App-V 4.5, App-V 4.5 CU1 and App-V 4.5 SP1.
 
@@ -192,7 +195,7 @@ If the App-V 4.2 Client has already been upgraded to 4.5, it is possible to us
 
 "GlobalDataDirectory"="C:\\\\Documents and Settings\\\\All Users\\\\Documents\\\\" (a globally writeable location)
 
- 
+ 
 
 Windows Installer files generated by the App-V 4.5 Sequencer display the error message "This package requires Microsoft Application Virtualization Client 4.5 or later" when you try to run them on an App-V 4.6 Client. Open the old package with either the App-V 4.5 SP1 Sequencer or the App-V 4.6 Sequencer and generate a new .msi for the package.
 
@@ -205,9 +208,9 @@ For additional information about upgrading from previous versions, see [Upgradin
 
 [Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/planning-for-security-and-protection.md b/mdop/appv-v4/planning-for-security-and-protection.md
index 8abc6fa6fa..b750a27dca 100644
--- a/mdop/appv-v4/planning-for-security-and-protection.md
+++ b/mdop/appv-v4/planning-for-security-and-protection.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Security and Protection
 description: Planning for Security and Protection
-author: jamiejdt
+author: eavena
 ms.assetid: d0e2ef81-c197-4020-ad85-8d66fe5c178f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/planning-for-sequencer-security.md b/mdop/appv-v4/planning-for-sequencer-security.md
index 36681dd4e6..d3ad4052ec 100644
--- a/mdop/appv-v4/planning-for-sequencer-security.md
+++ b/mdop/appv-v4/planning-for-sequencer-security.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Sequencer Security
 description: Planning for Sequencer Security
-author: jamiejdt
+author: eavena
 ms.assetid: 8043cb02-476d-4c28-a850-903a8ac5b2d3
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Incorporate recommended implementation practices as early as possible when configuring Application Virtualization (App-V) so that your Sequencer implementation is functional and more secure. If you have already configured the Sequencer, use the following best-practice guidelines to revisit your design decisions and analyze them from a security perspective.
 
-**Important**  
+**Important**  
 The App-V Sequencer collects and deploys all application information recorded on the computer running the sequencer. You should ensure that all users accessing the computer running the Sequencer have administrative credentials. Users with user account credentials should not have access to control package contents and package files. If you are sequencing on a computer running Remote Desktop Services (formerly Terminal Services), make sure it is a computer that is dedicated to sequencing and that users with user account credentials are not connected to it during sequencing.
 
- 
+
 
 ## Sequencer Security Best Practices
 
@@ -28,19 +31,21 @@ Consider the following scenarios and the associated best practices when implemen
 
 -   **Virus scanning on the computer running the Sequencer**—It is recommended that you scan the computer running the Sequencer for viruses and then disable all antivirus and malware detection software on the computer running the Sequencer during the sequencing process. This will speed the sequencing process and prevent the antivirus and anti-malware software components from interfering with the sequencing process. Next install the sequenced package on a computer not running the Sequencer, and after successful installation, scan that computer for viruses. If viruses are found, the manufacturer of the software should be contacted to inform them of the infected source files and request an updated installation source without viruses. Optionally, the Sequencer could be scanned after the installation phase and if a virus is found, the software manufacturer should be contacted as mentioned above.
 
-    **Note**  
+    **Note**  
     If a virus is detected in an application, the application should not be deployed to target computers.
 
-     
+
 
 -   **Capturing access control lists (ACLs) on NTFS files**—The App-V Sequencer captures NTFS file system permissions for the files that are monitored during the installation of the product. This capability allows you to more accurately replicate the intended behavior of the application, as if it were installed locally and not virtualized. In some scenarios, an application might store information that users were not intended to access within the application files. For example, an application could store credentials information in a file inside of the application. If ACLs are not enforced on the package, a user could potentially view and then use this information outside of the application.
 
-    **Note**  
+    **Note**  
     You should not sequence applications that store unencrypted security-specific information, such as passwords, and so on.
 
-     
 
-    During the installation phase, you can modify the default permissions of the files if necessary. After completion of the sequencing process, but before saving the package, you can choose whether to enforce security descriptors that were captured during the installation of the application. By default, App-V will enforce the security descriptors specified during the installation of the application. If you turn off security descriptor enforcement, you should test the application to ensure the removal of associated Access Control Lists (ACL) will not cause the application to perform unexpectedly.
+
+~~~
+During the installation phase, you can modify the default permissions of the files if necessary. After completion of the sequencing process, but before saving the package, you can choose whether to enforce security descriptors that were captured during the installation of the application. By default, App-V will enforce the security descriptors specified during the installation of the application. If you turn off security descriptor enforcement, you should test the application to ensure the removal of associated Access Control Lists (ACL) will not cause the application to perform unexpectedly.
+~~~
 
 -   **Sequencer doesn’t capture registry ACLs**—Although the Sequencer captures the NTFS file system ACLs during the installation phase of sequencing, it does not capture the ACLs for the registry. Users will have full access to all registry keys for virtual applications except for services. However, if a user modifies the registry of a virtual application, the change will be stored in a specific store (**uservol\_sftfs\_v1.pkg**) and will not affect other users.
 
@@ -55,9 +60,9 @@ Consider the following scenarios and the associated best practices when implemen
 
 [Planning for Security and Protection](planning-for-security-and-protection.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v4/planning-for-server-security.md b/mdop/appv-v4/planning-for-server-security.md
index 501abea4b3..7f51cc0fc6 100644
--- a/mdop/appv-v4/planning-for-server-security.md
+++ b/mdop/appv-v4/planning-for-server-security.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Server Security
 description: Planning for Server Security
-author: jamiejdt
+author: eavena
 ms.assetid: c7cd8227-b359-41e7-a8ae-d0d5718a76a2
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -68,7 +71,7 @@ Installing or configuring an App-V Management Server or Streaming Server to use
     **Note**  
     If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see  (https://go.microsoft.com/fwlink/?LinkId=133228).
 
-     
+     
 
 -   The CA issuing the certificate to the App-V server must be trusted by the client connecting to the server. Otherwise, the client terminates the connection.
 
@@ -77,7 +80,7 @@ Installing or configuring an App-V Management Server or Streaming Server to use
     **Note**  
     For information about configuring a public key infrastructure (PKI), see  (https://go.microsoft.com/fwlink/?LinkId=133229).
 
-     
+     
 
 ### Configuring IIS Servers with HTTPS
 
@@ -86,7 +89,7 @@ App-V might use IIS servers in certain infrastructure configurations. For more i
 **Note**  
 If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients.
 
- 
+ 
 
 ### Application-Level Security
 
@@ -112,9 +115,9 @@ For the infrastructure to operate correctly, separating the App-V Management Con
 
 [Planning for Security and Protection](planning-for-security-and-protection.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md b/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md
index c5983a16c9..fe295dc2f6 100644
--- a/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md
+++ b/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md
@@ -1,8 +1,11 @@
 ---
 title: Planning the Application Virtualization Sequencer Implementation
 description: Planning the Application Virtualization Sequencer Implementation
-author: jamiejdt
+author: eavena
 ms.assetid: 052f32fe-ad13-4921-a8ce-4a657eb2b2bf
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,7 +28,7 @@ For step-by-step information about installing the Sequencer, see [How to Install
 **Important**  
 The entire sequencing process plan should be reviewed and approved by your corporate security team. Sequencer operations would usually be kept separate from the production environment in a lab. This can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers will need connectivity to the corporate network to copy finished packages over to the production servers. However, because they are typically operated without antivirus protection, they must not be on the corporate network unprotected—for example, you might be able to operate behind a firewall or on an isolated network segment. Using Virtual Machines configured to share an isolated virtual network might also be an acceptable approach. Follow your corporate security policies to safely address this situation.
 
- 
+ 
 
 Key steps for planning the sequencing process include the following:
 
@@ -38,7 +41,7 @@ Key steps for planning the sequencing process include the following:
     **Important**  
     Running the App-V sequencer in Safe Mode is not supported.
 
-     
+     
 
 -   Verify that you understand the sequenced application’s operating environment, including integration elements such as Microsoft Office or the Java Runtime Environment, because this will often determine whether anything has to be installed on the sequencing computer prior to sequencing the application.
 
@@ -61,9 +64,9 @@ Key steps for planning the sequencing process include the following:
 
 [Security and Protection Overview](security-and-protection-overview.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md b/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md
index 6fc72f141d..15a00e586c 100644
--- a/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md
+++ b/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md
@@ -1,8 +1,11 @@
 ---
 title: Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation
 description: Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation
-author: jamiejdt
+author: eavena
 ms.assetid: 3a57306e-5c54-4fde-8593-fe3b788f18d3
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ The supported options include using a file server, an IIS server, or an Applicat
 **Note**  
 The active upgrade feature enables a new version of an application to be added to an App-V Management Server or Streaming Server without affecting users currently running the application. The App-V clients will automatically receive the latest version of the application from the App-V Management Server or Streaming Server the next time the user starts the application. Use of the RTSP(S) protocol is required for this feature.
 
- 
+ 
 
 @@ -50,7 +53,7 @@ The active upgrade feature enables a new version of an application to be added t
 
-
+
@@ -66,7 +69,7 @@ The active upgrade feature enables a new version of an application to be added t
 
  • Need to manage IIS
  • No active upgrade
    • 
-
+
@@ -80,7 +83,7 @@ The active upgrade feature enables a new version of an application to be added t
 
  • Dual infrastructure
  • Server administration requirement
    • 
-
+
@@ -94,12 +97,12 @@ The active upgrade feature enables a new version of an application to be added t
 
  • Dual infrastructure
  • Server administration requirement
    • 
-
+
    
 

      
 
    • No active upgrade
      • 
 
    [How to Configure the File Server](how-to-configure-the-file-server.md)
    How to Configure the File Server
    		
 
    
 
    
 
    IIS server
    		
 
 
    [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)
    How to Configure the Server for IIS
    		
 
    
 
    
 
    Application Virtualization Streaming Server
    		
 
 
    [How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md)
    How to Configure the Application Virtualization Streaming Servers
    		
 
    
 
    
 
    Application Virtualization Management Server
    		
 
 
    [How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md)
    How to Configure the Application Virtualization Management Servers
    		
 
    
     
 
    
 
- 
+ 
 
 ## Related topics
 
@@ -110,9 +113,9 @@ The active upgrade feature enables a new version of an application to be added t
 
 [Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md b/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md
index d71b6f8d26..a166551ed1 100644
--- a/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md
+++ b/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md
@@ -1,8 +1,11 @@
 ---
 title: Planning Your Streaming Solution in an Electronic Software Distribution Implementation
 description: Planning Your Streaming Solution in an Electronic Software Distribution Implementation
-author: jamiejdt
+author: eavena
 ms.assetid: bc18772a-f169-486f-adb1-7af1a31845aa
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ The Application Virtualization Streaming Server provides support for the active
 **Note**  
 Access to the applications is controlled by means of Security Groups in Active Directory Domain Services, so you will need to plan a process for setting up a security group for each virtual application and for managing which users are added to each group. The Application Virtualization system administrator configures each streaming server to use these Active Directory groups by applying ACLs to the application directories under the CONTENT share, which controls access to the packages based on Active Directory group membership.
 
- 
+ 
 
 The characteristics of the available streaming options are summarized in the following table.
 
@@ -52,7 +55,7 @@ The characteristics of the available streaming options are summarized in the fol
 
      
 
    • No active upgrade
      • 
 
    
-
    [How to Configure the File Server](how-to-configure-the-file-server.md)
    
+
    How to Configure the File Server
    
 
 
 
    IIS server
    
@@ -68,7 +71,7 @@ The characteristics of the available streaming options are summarized in the fol
 
  • Need to manage IIS
    • 
 
  • No active upgrade
    • 
 

-
[How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md)

+
How to Configure the Server for IIS

 
 
 
Application Virtualization Streaming Server

@@ -82,12 +85,12 @@ The characteristics of the available streaming options are summarized in the fol
 
  • Dual infrastructure
    • 
 
  • Server administration requirement
    • 
 
-
    [How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md)
    
+
    How to Configure the Application Virtualization Management Servers
    
 
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -98,9 +101,9 @@ The characteristics of the available streaming options are summarized in the fol
 
 [Publishing Virtual Applications Using Electronic Software Distribution](publishing-virtual-applications-using-electronic-software-distribution.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/prepare-computer-page--learn-more-.md b/mdop/appv-v4/prepare-computer-page--learn-more-.md
index 485921ad56..d1b9f19800 100644
--- a/mdop/appv-v4/prepare-computer-page--learn-more-.md
+++ b/mdop/appv-v4/prepare-computer-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Prepare Computer Page (Learn More)
 description: Prepare Computer Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: a401ce3d-b8f7-4b3f-9be9-ecf6d8b544fd
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/properties-tab-keep.md b/mdop/appv-v4/properties-tab-keep.md
index 069cef4a9a..f6f72144b0 100644
--- a/mdop/appv-v4/properties-tab-keep.md
+++ b/mdop/appv-v4/properties-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Properties Tab
 description: Properties Tab
-author: jamiejdt
+author: eavena
 ms.assetid: 6ff20678-6766-4f0d-8bbb-f19b224682a1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/provider-policies-node.md b/mdop/appv-v4/provider-policies-node.md
index 01a6e311b7..38f417e3a1 100644
--- a/mdop/appv-v4/provider-policies-node.md
+++ b/mdop/appv-v4/provider-policies-node.md
@@ -1,8 +1,11 @@
 ---
 title: Provider Policies Node
 description: Provider Policies Node
-author: jamiejdt
+author: eavena
 ms.assetid: 89b47076-7732-4128-93cc-8e6d5b671c8e
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/provider-policies-results-pane-columns.md b/mdop/appv-v4/provider-policies-results-pane-columns.md
index 88b603b18e..2b83fbccc2 100644
--- a/mdop/appv-v4/provider-policies-results-pane-columns.md
+++ b/mdop/appv-v4/provider-policies-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Provider Policies Results Pane Columns
 description: Provider Policies Results Pane Columns
-author: jamiejdt
+author: eavena
 ms.assetid: f9456f17-3106-4e5a-9a8c-df3af66986e1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/provider-policies-results-pane.md b/mdop/appv-v4/provider-policies-results-pane.md
index 77b7329e95..8bad9dc1e4 100644
--- a/mdop/appv-v4/provider-policies-results-pane.md
+++ b/mdop/appv-v4/provider-policies-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Provider Policies Results Pane
 description: Provider Policies Results Pane
-author: jamiejdt
+author: eavena
 ms.assetid: 17ea0836-bfb5-4966-8778-155444d81e64
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/publish-app.md b/mdop/appv-v4/publish-app.md
index 42499aefdb..365bd869f4 100644
--- a/mdop/appv-v4/publish-app.md
+++ b/mdop/appv-v4/publish-app.md
@@ -1,8 +1,11 @@
 ---
 title: PUBLISH APP
 description: PUBLISH APP
-author: jamiejdt
+author: eavena
 ms.assetid: f25f06a8-ca23-435b-a0c2-16a5f39b6b97
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/publish-package.md b/mdop/appv-v4/publish-package.md
index 03c251ae5e..0ddf0d20e8 100644
--- a/mdop/appv-v4/publish-package.md
+++ b/mdop/appv-v4/publish-package.md
@@ -1,8 +1,11 @@
 ---
 title: PUBLISH PACKAGE
 description: PUBLISH PACKAGE
-author: jamiejdt
+author: eavena
 ms.assetid: a33e72dd-194f-4283-8e99-4584ab13de53
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -57,7 +60,7 @@ Publishes the contents of an entire package.
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -74,7 +77,7 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Important**  
 The package must already have been added to the Application Virtualization Client, and the manifest file is required.
@@ -87,16 +90,16 @@ Publishing with the **GLOBAL** parameter adds the file types and shortcuts liste
 
 If the package is not global before the call and the **GLOBAL** parameter is used, the package is made global and available to all users.
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/publishing-servers-node.md b/mdop/appv-v4/publishing-servers-node.md
index 1c7fe00539..bc9ef99098 100644
--- a/mdop/appv-v4/publishing-servers-node.md
+++ b/mdop/appv-v4/publishing-servers-node.md
@@ -1,8 +1,11 @@
 ---
 title: Publishing Servers Node
 description: Publishing Servers Node
-author: jamiejdt
+author: eavena
 ms.assetid: b5823c6c-15bc-4e8d-aeeb-acc366ffedd1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/publishing-servers-results-pane-columns.md b/mdop/appv-v4/publishing-servers-results-pane-columns.md
index 206754d680..ef1b0fcca5 100644
--- a/mdop/appv-v4/publishing-servers-results-pane-columns.md
+++ b/mdop/appv-v4/publishing-servers-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Publishing Servers Results Pane Columns
 description: Publishing Servers Results Pane Columns
-author: jamiejdt
+author: eavena
 ms.assetid: ad875715-50b3-4881-a6b3-586238d12527
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The **Publishing Servers Results** pane can display a variety of columns. **Name
 **Note**  
 You can add or remove a column simply by right-clicking in the **Results** pane, selecting **View**, then selecting **Add/Remove Columns**.
 
- 
+ 
 
 The list can be sorted by any of the columns. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text (for example, **Next Refresh**), dates and times are considered to come before any other text.
 
@@ -62,9 +65,9 @@ The last time a refresh happened from this server for any user.
 
 [Publishing Servers Results Pane](publishing-servers-results-pane.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/publishing-servers-results-pane.md b/mdop/appv-v4/publishing-servers-results-pane.md
index 690a189e79..9ed534f85d 100644
--- a/mdop/appv-v4/publishing-servers-results-pane.md
+++ b/mdop/appv-v4/publishing-servers-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Publishing Servers Results Pane
 description: Publishing Servers Results Pane
-author: jamiejdt
+author: eavena
 ms.assetid: ee0662e8-9623-4a7c-b6dc-657fa3f56161
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md b/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md
index e6db0bd239..8b19e64174 100644
--- a/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md
+++ b/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md
@@ -1,8 +1,11 @@
 ---
 title: Publishing Virtual Applications Using Application Virtualization Management Servers
 description: Publishing Virtual Applications Using Application Virtualization Management Servers
-author: jamiejdt
+author: eavena
 ms.assetid: f3d79284-3f82-4ca3-b741-1a80b61490da
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,14 +22,14 @@ In an Application Virtualization Server-based deployment, virtual application pa
 **Note**  
 The CONTENT share should be located on the server’s attached disk storage. Using a network storage device such as a SAN or a DFS share should be considered carefully because of the network impact.
 
- 
+ 
 
 Applications are provisioned to Active Directory groups. Typically, the Application Virtualization administrator will create Active Directory groups for each virtual application to be published and then add the appropriate users to those groups. When the users log on to their workstations, the Application Virtualization Client, by default, performs a publishing refresh using the credentials of the logged on user. The user can then start applications from wherever the shortcuts have been placed. The Application Virtualization administrator determines where and how many shortcuts are located on the client system during the sequencing of the application.
 
 **Note**  
 A *publishing refresh* is a call to the Application Virtualization Server that is defined on the Application Virtualization Client, to determine which virtual application shortcuts are sent to the client for use by the end user.
 
- 
+ 
 
 ## Related topics
 
@@ -39,9 +42,9 @@ A *publishing refresh* is a call to the Application Virtualization Server that i
 
 [Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md b/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md
index 963307349a..7587f1b537 100644
--- a/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md
+++ b/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md
@@ -1,8 +1,11 @@
 ---
 title: Publishing Virtual Applications Using Electronic Software Distribution
 description: Publishing Virtual Applications Using Electronic Software Distribution
-author: jamiejdt
+author: eavena
 ms.assetid: 295fbc1d-ed1c-43b4-aeee-0df384d4e630
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/query-obj.md b/mdop/appv-v4/query-obj.md
index b77dad4ab4..21de4d2dc6 100644
--- a/mdop/appv-v4/query-obj.md
+++ b/mdop/appv-v4/query-obj.md
@@ -1,8 +1,11 @@
 ---
 title: QUERY OBJ
 description: QUERY OBJ
-author: jamiejdt
+author: eavena
 ms.assetid: 55abf0d1-c779-4172-8357-552ab010933b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -65,7 +68,7 @@ Returns a tab-delimited list of current applications, packages, file type associ
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -82,7 +85,7 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Note**  
 In version 4.6, a new column has been added to the output of SFTMIME QUERY OBJ:APP \[/GLOBAL\]. The last column of the output is a numeric value that indicates whether an application is published or not.
@@ -93,7 +96,7 @@ PUBLISHED=0 means the application has not been published or it is no longer publ
 
 If you use the /GLOBAL parameter, the PUBLISHED state will be 1 for applications that were published globally and 0 for those applications that were published under user contexts. Without the /GLOBAL parameter, a PUBLISHED state of 1 is returned for applications published in the context of the user running the command, and a state of 0 is returned for those applications that are published globally.
 
- 
+ 
 
 The SFTMIME QUERY OBJ command can be used to query for information on all of the objects shown above—applications, packages, file type associations, and servers. To show how you might use the SFTMIME QUERY OBJ command in your normal operations tasks, the following example demonstrates the process you would follow if you wanted to set the OVERRIDEURL parameter value for a specific package to specify a new path to the package content. 
 
@@ -122,16 +125,16 @@ For version 4.6 SP2, the following option has been added.
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/refresh-server.md b/mdop/appv-v4/refresh-server.md
index ba5ac10b8c..bb227a1cc9 100644
--- a/mdop/appv-v4/refresh-server.md
+++ b/mdop/appv-v4/refresh-server.md
@@ -1,8 +1,11 @@
 ---
 title: REFRESH SERVER
 description: REFRESH SERVER
-author: jamiejdt
+author: eavena
 ms.assetid: 232df842-a160-46cd-b60b-f464cd9a0086
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/repair-app.md b/mdop/appv-v4/repair-app.md
index 144b56ec51..7d6f2d1ea2 100644
--- a/mdop/appv-v4/repair-app.md
+++ b/mdop/appv-v4/repair-app.md
@@ -1,8 +1,11 @@
 ---
 title: REPAIR APP
 description: REPAIR APP
-author: jamiejdt
+author: eavena
 ms.assetid: 892b556b-612d-4531-890e-4cfc2ac88d9f
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/reports-node.md b/mdop/appv-v4/reports-node.md
index 42b885058a..8ba7e786a8 100644
--- a/mdop/appv-v4/reports-node.md
+++ b/mdop/appv-v4/reports-node.md
@@ -1,8 +1,11 @@
 ---
 title: Reports Node
 description: Reports Node
-author: jamiejdt
+author: eavena
 ms.assetid: b7fdc52d-f112-4a65-af25-134398810e9b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/reports-results-pane-columns.md b/mdop/appv-v4/reports-results-pane-columns.md
index 178f13e230..760dc1d0cf 100644
--- a/mdop/appv-v4/reports-results-pane-columns.md
+++ b/mdop/appv-v4/reports-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Reports Results Pane Columns
 description: Reports Results Pane Columns
-author: jamiejdt
+author: eavena
 ms.assetid: 907360ca-6a55-4e42-88d2-db1a24cd2a28
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/reports-results-pane.md b/mdop/appv-v4/reports-results-pane.md
index 909e77a1e8..c885db722e 100644
--- a/mdop/appv-v4/reports-results-pane.md
+++ b/mdop/appv-v4/reports-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Reports Results Pane
 description: Reports Results Pane
-author: jamiejdt
+author: eavena
 ms.assetid: 66beac62-fa55-4ab9-ac19-b9e1772e2d20
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md
index 6bdc90eb7b..38956d73ff 100644
--- a/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Restart Task Failure Dialog Box (App-V 4.6 SP1)
 description: Restart Task Failure Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 1933fe71-8aa0-4e43-b6f7-060050001edd
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md b/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md
index 088399c940..14baba4904 100644
--- a/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md
+++ b/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Run Each Program Page
 description: Run Each Program Page
-author: jamiejdt
+author: eavena
 ms.assetid: 4f09a64e-9545-47aa-bc43-fda0089f7adb
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/security-and-protection-overview.md b/mdop/appv-v4/security-and-protection-overview.md
index a729904347..fc4bd7ab49 100644
--- a/mdop/appv-v4/security-and-protection-overview.md
+++ b/mdop/appv-v4/security-and-protection-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Protection Overview
 description: Security and Protection Overview
-author: jamiejdt
+author: eavena
 ms.assetid: a43e1c53-7936-4d48-a110-0be26c8e9d97
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-files-page.md b/mdop/appv-v4/select-files-page.md
index 1501a9fa3b..01baa300ba 100644
--- a/mdop/appv-v4/select-files-page.md
+++ b/mdop/appv-v4/select-files-page.md
@@ -1,8 +1,11 @@
 ---
 title: Select Files Page
 description: Select Files Page
-author: jamiejdt
+author: eavena
 ms.assetid: 6d1524ca-6306-4a28-b65f-3ded9d487e75
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-guidance-page--package-accelerators-.md b/mdop/appv-v4/select-guidance-page--package-accelerators-.md
index 8db0ff9e08..77b089953b 100644
--- a/mdop/appv-v4/select-guidance-page--package-accelerators-.md
+++ b/mdop/appv-v4/select-guidance-page--package-accelerators-.md
@@ -1,8 +1,11 @@
 ---
 title: Select Guidance Page (Package Accelerators)
 description: Select Guidance Page (Package Accelerators)
-author: jamiejdt
+author: eavena
 ms.assetid: 608b8823-6eac-40c0-a6dc-2f0bfc0d42a1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md b/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md
index f981faa4fd..69735eb53e 100644
--- a/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md
+++ b/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Select Installation Files Page
 description: Select Installation Files Page
-author: jamiejdt
+author: eavena
 ms.assetid: 4c8cd49e-ba39-4918-9863-5b3c315d14a5
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-installer-page--learn-more-.md b/mdop/appv-v4/select-installer-page--learn-more-.md
index 99ba482afa..56c3d2df7d 100644
--- a/mdop/appv-v4/select-installer-page--learn-more-.md
+++ b/mdop/appv-v4/select-installer-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Select Installer Page (Learn More)
 description: Select Installer Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: da05e756-d23e-4557-8ff6-313d695a78a1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-package--learn-more--page.md b/mdop/appv-v4/select-package--learn-more--page.md
index 7f2a535b4c..c23544c5fb 100644
--- a/mdop/appv-v4/select-package--learn-more--page.md
+++ b/mdop/appv-v4/select-package--learn-more--page.md
@@ -1,8 +1,11 @@
 ---
 title: Select Package (Learn More) Page
 description: Select Package (Learn More) Page
-author: jamiejdt
+author: eavena
 ms.assetid: 0b3d4ca4-ff65-4aa5-87a9-61cbe2ffc8be
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-package-accelerator--learn-more--page.md b/mdop/appv-v4/select-package-accelerator--learn-more--page.md
index 9f52d39fdd..3e387a8a14 100644
--- a/mdop/appv-v4/select-package-accelerator--learn-more--page.md
+++ b/mdop/appv-v4/select-package-accelerator--learn-more--page.md
@@ -1,8 +1,11 @@
 ---
 title: Select Package Accelerator (Learn More) Page
 description: Select Package Accelerator (Learn More) Page
-author: jamiejdt
+author: eavena
 ms.assetid: 2db51514-8695-4b5e-b3e5-1e96e3ee4cc7
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-package-accelerator-page.md b/mdop/appv-v4/select-package-accelerator-page.md
index 930ca2149a..8969a6ffaf 100644
--- a/mdop/appv-v4/select-package-accelerator-page.md
+++ b/mdop/appv-v4/select-package-accelerator-page.md
@@ -1,8 +1,11 @@
 ---
 title: Select Package Accelerator Page
 description: Select Package Accelerator Page
-author: jamiejdt
+author: eavena
 ms.assetid: 865c2702-4dfd-41ae-8cfc-3514d5f41f76
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-primary-page--learn-more-.md b/mdop/appv-v4/select-primary-page--learn-more-.md
index 75982776db..1a1ed7a346 100644
--- a/mdop/appv-v4/select-primary-page--learn-more-.md
+++ b/mdop/appv-v4/select-primary-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Select Primary Page (Learn More)
 description: Select Primary Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: 17c779da-f683-4967-b136-94fe65373c1b
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/select-task-page--learn-more-.md b/mdop/appv-v4/select-task-page--learn-more-.md
index ebbcacc034..1f5037a3e4 100644
--- a/mdop/appv-v4/select-task-page--learn-more-.md
+++ b/mdop/appv-v4/select-task-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Select Task Page (Learn More)
 description: Select Task Page (Learn More)
-author: jamiejdt
+author: eavena
 ms.assetid: 09534c40-bf6c-4b3f-be9a-8624965c9c18
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sequencer-command-line-error-codes.md b/mdop/appv-v4/sequencer-command-line-error-codes.md
index 493850e7d8..a328fb293d 100644
--- a/mdop/appv-v4/sequencer-command-line-error-codes.md
+++ b/mdop/appv-v4/sequencer-command-line-error-codes.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Command-Line Error Codes
 description: Sequencer Command-Line Error Codes
-author: jamiejdt
+author: eavena
 ms.assetid: 3d491314-4923-45fd-9839-c541c5e620bd
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following list to help identify errors that are related to sequencing ap
 **Note**  
 Multiple errors can occur during sequencing, and if this happens, the error code that is displayed might be the sum of two error codes. For example, if the */InstallPath* and */OutputFile* parameters are missing, the App-V Sequencer will return **96**—the sum of the two error codes.
 
- 
+ 
 
 01  
 There is an unspecified error.
@@ -88,9 +91,9 @@ The package name is not specified.
 
 [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/sequencer-command-line-parameters.md b/mdop/appv-v4/sequencer-command-line-parameters.md
index 34d6c40fc7..f0a873d666 100644
--- a/mdop/appv-v4/sequencer-command-line-parameters.md
+++ b/mdop/appv-v4/sequencer-command-line-parameters.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Command-Line Parameters
 description: Sequencer Command-Line Parameters
-author: jamiejdt
+author: eavena
 ms.assetid: 28fb875a-c302-4d95-b2e0-8dc0c5dbb0f8
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sequencer-console.md b/mdop/appv-v4/sequencer-console.md
index bede974fb1..075bbf4f05 100644
--- a/mdop/appv-v4/sequencer-console.md
+++ b/mdop/appv-v4/sequencer-console.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Console
 description: Sequencer Console
-author: jamiejdt
+author: eavena
 ms.assetid: 69e0202d-be2c-41cc-99cb-2a08a034e804
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sequencer-dialog-boxes.md b/mdop/appv-v4/sequencer-dialog-boxes.md
index ba699cc4c5..796ed43e5a 100644
--- a/mdop/appv-v4/sequencer-dialog-boxes.md
+++ b/mdop/appv-v4/sequencer-dialog-boxes.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Dialog Boxes
 description: Sequencer Dialog Boxes
-author: jamiejdt
+author: eavena
 ms.assetid: f660d56b-0244-4167-b077-96ad482e6b36
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sequencer-hardware-and-software-requirements.md b/mdop/appv-v4/sequencer-hardware-and-software-requirements.md
index 5ff8f33421..47e3854169 100644
--- a/mdop/appv-v4/sequencer-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/sequencer-hardware-and-software-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Hardware and Software Requirements
 description: Sequencer Hardware and Software Requirements
-author: jamiejdt
+author: eavena
 ms.assetid: 36084e12-831d-452f-a4a4-45f07f9ce471
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,7 +38,7 @@ The following list outlines the recommended hardware requirements for running th
     **Note**  
     Sequencing requires heavy disk usage. A fast disk speed can decrease the sequencing time.
 
-     
+     
 
 ### Software Requirements
 
@@ -78,14 +81,14 @@ The following list outlines the supported operating systems for running the Sequ
 
 
 
- 
+ 
 
 ¹Supported for App-V 4.5 with SP1 or SP2, and App-V 4.6 only
 
 **Note**  
 The Application Virtualization (App-V) 4.6 Sequencer supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 You should configure computers running the Sequencer with the same applications that are installed on target computers.
 
@@ -128,21 +131,21 @@ You should configure computers running the Sequencer with the same applications
 
 
 
- 
+ 
 
 **Note**  
 Application Virtualization (App-V) 4.6 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems.
 
- 
+ 
 
 ## Related topics
 
 
 [Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md b/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md
index 3c4e950712..49a306d35f 100644
--- a/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md
+++ b/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)
 description: Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)
-author: jamiejdt
+author: eavena
 ms.assetid: 1f75f5ba-0707-48fb-b0b8-ba94a5159e36
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sequencing-wizard.md b/mdop/appv-v4/sequencing-wizard.md
index f20d1ba841..b439b83d0a 100644
--- a/mdop/appv-v4/sequencing-wizard.md
+++ b/mdop/appv-v4/sequencing-wizard.md
@@ -1,8 +1,11 @@
 ---
 title: Sequencing Wizard
 description: Sequencing Wizard
-author: jamiejdt
+author: eavena
 ms.assetid: 81e2f4fa-b06e-4cbe-aeb8-6ceb8f0543a5
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-groups-node.md b/mdop/appv-v4/server-groups-node.md
index e2c59ab9f1..449204c5da 100644
--- a/mdop/appv-v4/server-groups-node.md
+++ b/mdop/appv-v4/server-groups-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Groups Node
 description: Server Groups Node
-author: jamiejdt
+author: eavena
 ms.assetid: 6b2ed086-9100-47d0-be7f-0c5fb4fa55c6
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-groups-results-pane-columns.md b/mdop/appv-v4/server-groups-results-pane-columns.md
index 90cae8a935..33042df361 100644
--- a/mdop/appv-v4/server-groups-results-pane-columns.md
+++ b/mdop/appv-v4/server-groups-results-pane-columns.md
@@ -1,8 +1,11 @@
 ---
 title: Server Groups Results Pane Columns
 description: Server Groups Results Pane Columns
-author: jamiejdt
+author: eavena
 ms.assetid: e91b1b9b-e58c-4274-ad18-8b157936b9be
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-groups-results-pane.md b/mdop/appv-v4/server-groups-results-pane.md
index 85b8195f67..4b07de6c20 100644
--- a/mdop/appv-v4/server-groups-results-pane.md
+++ b/mdop/appv-v4/server-groups-results-pane.md
@@ -1,8 +1,11 @@
 ---
 title: Server Groups Results Pane
 description: Server Groups Results Pane
-author: jamiejdt
+author: eavena
 ms.assetid: ac7b0525-5946-4728-9cf1-c65007852ebe
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-about-dialog-boxes.md b/mdop/appv-v4/server-management-console-about-dialog-boxes.md
index 8670b79892..5ab178a36b 100644
--- a/mdop/appv-v4/server-management-console-about-dialog-boxes.md
+++ b/mdop/appv-v4/server-management-console-about-dialog-boxes.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console About Dialog Boxes
 description: Server Management Console About Dialog Boxes
-author: jamiejdt
+author: eavena
 ms.assetid: b5fdee0b-4269-4a48-98a0-ed3f06cff041
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-administrators-node.md b/mdop/appv-v4/server-management-console-administrators-node.md
index 14d560d133..9394274f33 100644
--- a/mdop/appv-v4/server-management-console-administrators-node.md
+++ b/mdop/appv-v4/server-management-console-administrators-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Administrators Node
 description: Server Management Console Administrators Node
-author: jamiejdt
+author: eavena
 ms.assetid: ab421454-69d1-4c10-8f58-2a35ae89c8b1
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-application-licenses-node.md b/mdop/appv-v4/server-management-console-application-licenses-node.md
index eeba65a481..2a8a97906f 100644
--- a/mdop/appv-v4/server-management-console-application-licenses-node.md
+++ b/mdop/appv-v4/server-management-console-application-licenses-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Application Licenses Node
 description: Server Management Console Application Licenses Node
-author: jamiejdt
+author: eavena
 ms.assetid: ad3fa486-2b3c-4efd-91f5-507e9c5057d5
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-application-virtualization-system-node.md b/mdop/appv-v4/server-management-console-application-virtualization-system-node.md
index b60114b7c2..527349e8e6 100644
--- a/mdop/appv-v4/server-management-console-application-virtualization-system-node.md
+++ b/mdop/appv-v4/server-management-console-application-virtualization-system-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Application Virtualization System Node
 description: Server Management Console Application Virtualization System Node
-author: jamiejdt
+author: eavena
 ms.assetid: 9450832e-335c-41e7-af24-fddb8ffc327c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,19 +24,19 @@ You can right-click the Application Virtualization System node to display the fo
 **Configure Connection**  
 In this dialog box, you can modify the following settings:
 
--   **Web Service Host Name**—Enables you to enter the name of the Application Virtualization System to which you want to connect, or you can enter **localhost** to connect to the local computer.
+- **Web Service Host Name**—Enables you to enter the name of the Application Virtualization System to which you want to connect, or you can enter **localhost** to connect to the local computer.
 
--   **Use Secure Connection**—Select if you want to connect to the server with a secure connection.
+- **Use Secure Connection**—Select if you want to connect to the server with a secure connection.
 
--   **Port**—Enables you to enter the port number you want to use for the connection. 80 is the default regular port number, and 443 is default secure port number.
+- **Port**—Enables you to enter the port number you want to use for the connection. 80 is the default regular port number, and 443 is default secure port number.
 
--   **Use Current Windows Account**—Select to use the current Windows account credentials.
+- **Use Current Windows Account**—Select to use the current Windows account credentials.
 
--   **Specify Windows Account**—Select when you want to connect to the server as a different user.
+- **Specify Windows Account**—Select when you want to connect to the server as a different user.
 
--   **Name**—Enables you to enter the name of the new user by using either the *DOMAIN\\username* or the *username@domain* format.
+- **Name**—Enables you to enter the name of the new user by using either the *DOMAIN\\username* or the username@domain format.
 
--   **Password**—Enables you to enter the password that corresponds to the new user.
+- **Password**—Enables you to enter the password that corresponds to the new user.
 
 **System Options**  
 On the following tabs on this dialog box, you can modify the associated settings:
@@ -59,9 +62,9 @@ Starts the management console help file.
 
 [Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/server-management-console-applications-node.md b/mdop/appv-v4/server-management-console-applications-node.md
index 0200cecd03..4b4463745a 100644
--- a/mdop/appv-v4/server-management-console-applications-node.md
+++ b/mdop/appv-v4/server-management-console-applications-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Applications Node
 description: Server Management Console Applications Node
-author: jamiejdt
+author: eavena
 ms.assetid: e465f816-032d-4824-9924-f2dcf30f2a2c
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-file-type-associations-node.md b/mdop/appv-v4/server-management-console-file-type-associations-node.md
index 11b009c969..e40517eb0a 100644
--- a/mdop/appv-v4/server-management-console-file-type-associations-node.md
+++ b/mdop/appv-v4/server-management-console-file-type-associations-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console File Type Associations Node
 description: Server Management Console File Type Associations Node
-author: jamiejdt
+author: eavena
 ms.assetid: c22168be-6601-4154-b36b-9ca0fa87e5e0
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-packages-node.md b/mdop/appv-v4/server-management-console-packages-node.md
index aa19449087..2bd20d93df 100644
--- a/mdop/appv-v4/server-management-console-packages-node.md
+++ b/mdop/appv-v4/server-management-console-packages-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Packages Node
 description: Server Management Console Packages Node
-author: jamiejdt
+author: eavena
 ms.assetid: 458424f6-d586-4fa8-bf61-44c5028a4490
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-provider-policies-node.md b/mdop/appv-v4/server-management-console-provider-policies-node.md
index 1a1bcfbe28..6d899befab 100644
--- a/mdop/appv-v4/server-management-console-provider-policies-node.md
+++ b/mdop/appv-v4/server-management-console-provider-policies-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Provider Policies Node
 description: Server Management Console Provider Policies Node
-author: jamiejdt
+author: eavena
 ms.assetid: a5b99158-9af8-45bb-b3b8-61e220529e14
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-reports-node.md b/mdop/appv-v4/server-management-console-reports-node.md
index a44430f7e2..1b6808031b 100644
--- a/mdop/appv-v4/server-management-console-reports-node.md
+++ b/mdop/appv-v4/server-management-console-reports-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Reports Node
 description: Server Management Console Reports Node
-author: jamiejdt
+author: eavena
 ms.assetid: 9dde6332-5882-40dd-8a8f-857216df80ed
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/server-management-console-server-groups-node.md b/mdop/appv-v4/server-management-console-server-groups-node.md
index e375e14026..7b3cc68876 100644
--- a/mdop/appv-v4/server-management-console-server-groups-node.md
+++ b/mdop/appv-v4/server-management-console-server-groups-node.md
@@ -1,8 +1,11 @@
 ---
 title: Server Management Console Server Groups Node
 description: Server Management Console Server Groups Node
-author: jamiejdt
+author: eavena
 ms.assetid: 83b86fc5-3f77-4470-985a-cf0bb8686067
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sftmime--command-reference.md b/mdop/appv-v4/sftmime--command-reference.md
index 96c8d95e2d..1f2d7d6407 100644
--- a/mdop/appv-v4/sftmime--command-reference.md
+++ b/mdop/appv-v4/sftmime--command-reference.md
@@ -1,8 +1,11 @@
 ---
 title: SFTMIME Command Reference
 description: SFTMIME Command Reference
-author: jamiejdt
+author: manikadhiman
 ms.assetid: a4a69228-9dd3-4623-b773-899d03c0cf10
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sfttray-command-reference.md b/mdop/appv-v4/sfttray-command-reference.md
index 3e36ea9f21..0b72c8c94c 100644
--- a/mdop/appv-v4/sfttray-command-reference.md
+++ b/mdop/appv-v4/sfttray-command-reference.md
@@ -1,8 +1,11 @@
 ---
 title: SFTTRAY Command Reference
 description: SFTTRAY Command Reference
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 6fa3a939-b047-4d6c-bd1d-dfb93e065eb2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,28 +26,28 @@ By default, the icon is displayed whenever a virtual application is started, alt
 
 The list of commands and command-line switches can be displayed by running the following command from a command window.
 
-**Note**  
+**Note**  
 There is only one Application Virtualization Client Tray instance for each user context, so if you start a new SFTTRAY command, it will be passed to the program that is already running.
 
- 
 
-`     Sfttray.exe /?`
+
+`     Sfttray.exe /?`
 
 ### Command Usage
 
-`     Sfttray.exe [/HIDE | /SHOW]`
+`     Sfttray.exe [/HIDE | /SHOW]`
 
-`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] [/EXE alternate-exe] /LAUNCH app [args]`
+`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] [/EXE alternate-exe] /LAUNCH app [args]`
 
-`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOAD app [/SFTFILE sft]`
+`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOAD app [/SFTFILE sft]`
 
-`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOADALL`
+`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOADALL`
 
-`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /REFRESHALL`
+`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /REFRESHALL`
 
-`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LAUNCHRESULT   /LAUNCH app [args]`
+`     Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LAUNCHRESULT   /LAUNCH app [args]`
 
-`     Sfttray.exe /EXIT`
+`     Sfttray.exe /EXIT`
 
 ### Command-Line Switches
 
@@ -78,22 +81,20 @@ The SFTTRAY command-line switches are described in the following table.
 
    /EXE <alternate-exe>
    
 
    Used with /LAUNCH to specify that an executable program is to be started in the virtual environment when a virtual application is started in place of the target file specified in the OSD.
    
 
    
-Note  
-
    For example, use “SFTTRAY.EXE /EXE REGEDIT.EXE /LAUNCH <app>” to enable you to examine the registry of the virtual environment in which the application is running.
    
+Note
    For example, use “SFTTRAY.EXE /EXE REGEDIT.EXE /LAUNCH <app>” to enable you to examine the registry of the virtual environment in which the application is running.
    
 
    
 
    
- 
+
 
    
 
 
 
    /LAUNCH <app> [<args>]
    
 
    Starts a virtual application. Specify the name and version of an application or the path to an OSD file. Optionally, command-line arguments can be passed to the virtual application.
    
 
    
-Note  
-
    Use the command “SFTMIME.EXE /QUERY OBJ:APP /SHORT” to obtain a list of the names and versions of available virtual applications.
    
+Note
    Use the command “SFTMIME.EXE /QUERY OBJ:APP /SHORT” to obtain a list of the names and versions of available virtual applications.
    
 
    
 
    
- 
+
 
    
 
 
@@ -123,20 +124,20 @@ The SFTTRAY command-line switches are described in the following table.
 
 
 
- 
 
-**Note**  
+
+**Note**  
 ¹ The */LAUNCHRESULT* command line parameter provides a means for the process that launches sfttray.exe to specify the root name for a global event and a memory mapped file that are used to return the launch result code to the process. The unique identifier name should start with “SFT-” to prevent the event name from getting virtualized when the launching process is invoked within a virtual environment. The memory mapped region will be 64 bits in size.
 
 To use this parameter, the launching process creates an event with the name “<UNIQUE ID>-result\_event”, a memory mapped file with the name “<UNIQUE ID>-result\_value”, and optionally an event with the name “<UNIQUE ID>-shutdown\_event”, and then the launching process launches sfttray.exe and waits on the event to be signaled. After the event “<UNIQUE ID>-result\_event” is signaled, the launching process retrieves the 64-bit return code from the memory mapped region.
 
 If the optional event “<UNIQUE ID>-shutdown\_event” exists when the virtual application exits, sfttray.exe opens and signals the event. The launching process waits on this shutdown event if it needs to determine when the virtual application exits.
 
- 
-
- 
-
- 
+
+
+
+
+
 
 
 
diff --git a/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md
index 8244897419..2148e9742b 100644
--- a/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1)
 description: Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: bcdb9b82-b53d-4a36-9f5d-71c021d4be28
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/software-audit-reportserver.md b/mdop/appv-v4/software-audit-reportserver.md
index 0570d32c39..4d147072ea 100644
--- a/mdop/appv-v4/software-audit-reportserver.md
+++ b/mdop/appv-v4/software-audit-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: Software Audit Report
 description: Software Audit Report
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 55a49ed2-f331-40d3-add6-8e5fcd6816fd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md b/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md
index 436e56486a..ca951538f7 100644
--- a/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md
+++ b/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md
@@ -1,8 +1,11 @@
 ---
 title: Stand-Alone Delivery Scenario for Application Virtualization Clients
 description: Stand-Alone Delivery Scenario for Application Virtualization Clients
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 7545b468-f58a-4504-a6d5-3c2d303731c4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Stand-Alone Delivery Scenario enables you to realize the benefits of Microso
 **Note**  
 It is assumed that you have already installed the Application Virtualization Sequencer in preparation for the stand-alone scenario. For more information, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md).
 
- 
+ 
 
 ## In This Section
 
@@ -45,9 +48,9 @@ Provides command-line procedures for publishing an application package, using ei
 
 [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/stand-alone-delivery-scenario-overview.md b/mdop/appv-v4/stand-alone-delivery-scenario-overview.md
index 899574396e..7ac815d680 100644
--- a/mdop/appv-v4/stand-alone-delivery-scenario-overview.md
+++ b/mdop/appv-v4/stand-alone-delivery-scenario-overview.md
@@ -1,8 +1,11 @@
 ---
 title: Stand-Alone Delivery Scenario Overview
 description: Stand-Alone Delivery Scenario Overview
-author: jamiejdt
+author: manikadhiman
 ms.assetid: b109f309-f3c1-43af-996f-2a9b138dd171
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/streaming-page-learn-more.md b/mdop/appv-v4/streaming-page-learn-more.md
index d0a4723be5..690d651a6b 100644
--- a/mdop/appv-v4/streaming-page-learn-more.md
+++ b/mdop/appv-v4/streaming-page-learn-more.md
@@ -1,8 +1,11 @@
 ---
 title: Streaming Page
 description: Streaming Page
-author: jamiejdt
+author: manikadhiman
 ms.assetid: a69a57a0-1bbe-4604-840d-bfa87ec463e1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the **Streaming** page to optimize the virtual application package. During t
 **Note**  
 You only have to perform the following tasks if you plan to stream the package across the network.
 
- 
+ 
 
 This page contains the following elements:
 
@@ -34,9 +37,9 @@ Runs all the programs saved in the virtual application package.
 
 [Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/support-for-client-reporting-over-http.md b/mdop/appv-v4/support-for-client-reporting-over-http.md
index b4123e148c..85014b79b4 100644
--- a/mdop/appv-v4/support-for-client-reporting-over-http.md
+++ b/mdop/appv-v4/support-for-client-reporting-over-http.md
@@ -1,8 +1,11 @@
 ---
 title: Support for Client Reporting over HTTP
 description: Support for Client Reporting over HTTP
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 4a26ac80-1fb5-4c05-83de-4d06793f7bf2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md
index 002369e7a1..03fc10a7d3 100644
--- a/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md
+++ b/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: SXS Conflict Detected Dialog Box (App-V 4.6 SP1)
 description: SXS Conflict Detected Dialog Box (App-V 4.6 SP1)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 7cbb67ba-cc11-4f10-b903-4a6af233eacb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/system-error-reportserver.md b/mdop/appv-v4/system-error-reportserver.md
index 1e805f67c3..a981fa9bd2 100644
--- a/mdop/appv-v4/system-error-reportserver.md
+++ b/mdop/appv-v4/system-error-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: System Error Report
 description: System Error Report
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 4081db2f-92a6-4928-a26b-757048159094
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/system-utilization-reportserver.md b/mdop/appv-v4/system-utilization-reportserver.md
index 2fd1a565ee..7251ff513b 100644
--- a/mdop/appv-v4/system-utilization-reportserver.md
+++ b/mdop/appv-v4/system-utilization-reportserver.md
@@ -1,8 +1,11 @@
 ---
 title: System Utilization Report
 description: System Utilization Report
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 4d490d15-2d1f-4f2c-99bb-0685447c0672
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ After you run a report and the output is displayed in the Application Virtualiza
 **Note**  
 The App-V server name reported from the clients must be part of the Default Server Group in order for the System Utilization report to show data. For example, if you are using multiple servers with a Network Load Balancer (NLB), you must add the NLB cluster name to the Default Server Group.
 
- 
+ 
 
 ## Related topics
 
@@ -54,9 +57,9 @@ The App-V server name reported from the clients must be part of the Default Serv
 
 [How to Run a Report](how-to-run-a-reportserver.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/target-os-page-learn-more.md b/mdop/appv-v4/target-os-page-learn-more.md
index 5d51c3d8b4..ef9fb2aa79 100644
--- a/mdop/appv-v4/target-os-page-learn-more.md
+++ b/mdop/appv-v4/target-os-page-learn-more.md
@@ -1,8 +1,11 @@
 ---
 title: Target OS Page
 description: Target OS Page
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 003fd992-0a7e-494e-9e75-4dd5e0927e15
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the **Target OS** page to specify which operating systems in your environmen
 **Note**  
 The operating systems specified on this page can only run this virtual application package if the application you are sequencing supports the operating systems specified. Review the supported operating systems for the application you are sequencing to ensure compatibility.
 
- 
+ 
 
 This page contains the following elements:
 
@@ -34,9 +37,9 @@ Enables the virtual application package to be installed and run only on the sele
 
 [Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md
index 527ef48d61..d7a550ba6b 100644
--- a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md
+++ b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)
 description: Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 58597af9-6a62-4588-ab41-dbf6b7026267
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md
index 6bccc3ba96..736d4abb06 100644
--- a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: Tasks for the Application Virtualization Sequencer
 description: Tasks for the Application Virtualization Sequencer
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 398018f4-297a-440d-b614-23f0ab03e7bd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md b/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md
index 44bf05fc2b..d518b6dd1c 100644
--- a/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md
+++ b/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Application Virtualization Sequencer Issues
 description: Troubleshooting Application Virtualization Sequencer Issues
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 2712094b-a0bc-4643-aced-5415535f3fec
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/troubleshooting-certificate-permission-issues.md b/mdop/appv-v4/troubleshooting-certificate-permission-issues.md
index a78bc7639b..62d5a6e274 100644
--- a/mdop/appv-v4/troubleshooting-certificate-permission-issues.md
+++ b/mdop/appv-v4/troubleshooting-certificate-permission-issues.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Certificate Permission Issues
 description: Troubleshooting Certificate Permission Issues
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 06b8cbbc-93fd-44aa-af39-2d780792d3c3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md
index d4f6f401e0..37f2f88e78 100644
--- a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md
+++ b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Information for the Application Virtualization Client
 description: Troubleshooting Information for the Application Virtualization Client
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 260a8dad-847f-4ec0-b7dd-6e6bc52017ed
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md
index ee3056a9fb..80485a8023 100644
--- a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md
+++ b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting Information for the Application Virtualization Server
 description: Troubleshooting Information for the Application Virtualization Server
-author: jamiejdt
+author: manikadhiman
 ms.assetid: e9d43d9b-84f2-4d1b-bb90-a13740151e0c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md b/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md
index 09784812cd..de5af9194f 100644
--- a/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md
+++ b/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting the Application Virtualization Sequencer
 description: Troubleshooting the Application Virtualization Sequencer
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 12ea8367-0b84-44e1-a885-e0539486556b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/type-of-application-page--learn-more-.md b/mdop/appv-v4/type-of-application-page--learn-more-.md
index 1087abc616..72e6772aa9 100644
--- a/mdop/appv-v4/type-of-application-page--learn-more-.md
+++ b/mdop/appv-v4/type-of-application-page--learn-more-.md
@@ -1,8 +1,11 @@
 ---
 title: Type of Application Page (Learn More)
 description: Type of Application Page (Learn More)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: d1262d16-7b14-441e-8500-7974bf68d196
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/unload-app.md b/mdop/appv-v4/unload-app.md
index d52bd595cc..a2748ee100 100644
--- a/mdop/appv-v4/unload-app.md
+++ b/mdop/appv-v4/unload-app.md
@@ -1,8 +1,11 @@
 ---
 title: UNLOAD APP
 description: UNLOAD APP
-author: jamiejdt
+author: manikadhiman
 ms.assetid: f0d729ae-8772-498b-be11-1a4b35499c53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/unload-package.md b/mdop/appv-v4/unload-package.md
index f3bf99f1c4..03039cbbfe 100644
--- a/mdop/appv-v4/unload-package.md
+++ b/mdop/appv-v4/unload-package.md
@@ -1,8 +1,11 @@
 ---
 title: UNLOAD PACKAGE
 description: UNLOAD PACKAGE
-author: jamiejdt
+author: manikadhiman
 ms.assetid: a076eb5a-ce3d-49e4-ac7a-4d4df10e3477
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/unlock-app.md b/mdop/appv-v4/unlock-app.md
index 7668634ac9..8d20a7f7a3 100644
--- a/mdop/appv-v4/unlock-app.md
+++ b/mdop/appv-v4/unlock-app.md
@@ -1,8 +1,11 @@
 ---
 title: UNLOCK APP
 description: UNLOCK APP
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 91fc8ceb-b4f5-4a06-8193-05189f830943
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/unpublish-package.md b/mdop/appv-v4/unpublish-package.md
index 1097aeefc7..4111a75383 100644
--- a/mdop/appv-v4/unpublish-package.md
+++ b/mdop/appv-v4/unpublish-package.md
@@ -1,8 +1,11 @@
 ---
 title: UNPUBLISH PACKAGE
 description: UNPUBLISH PACKAGE
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1651427c-72a5-4701-bb57-71e14a7a3803
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -57,7 +60,7 @@ Enables you to remove the shortcuts and file types for an entire package.
 
 
 
- 
+ 
 
 For version 4.6, the following option has been added.
 
@@ -74,7 +77,7 @@ For version 4.6, the following option has been added.
 
 
 
- 
+ 
 
 **Important**  
 Before you can run the **UNPUBLISH PACKAGE** command, the package must already have been added to the Application Virtualization Client.
@@ -89,16 +92,16 @@ Using **UNPUBLISH PACKAGE** without **GLOBAL** removes the user shortcuts and fi
 
 **UNPUBLISH PACKAGE** always clears all the user settings, shortcuts, and file types regardless of the use of the /CLEAR switch.
 
- 
+ 
 
 ## Related topics
 
 
 [SFTMIME Command Reference](sftmime--command-reference.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md b/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md
index 6d952a7c1c..37f72f87ed 100644
--- a/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md
+++ b/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md
@@ -1,8 +1,11 @@
 ---
 title: User Access Permissions in Application Virtualization Client
 description: User Access Permissions in Application Virtualization Client
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 7459374c-810c-45e3-b205-fdd1f8514f80
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ On the **Permissions** tab on the **Properties** dialog box, accessible by right
 **Note**  
 Before changing users permissions, ensure that any permissions changes are consistent with the organization's guidelines for granting user permissions.
 
- 
+ 
 
 The following table lists and describes the permissions that can be granted to users.
 
@@ -114,16 +117,16 @@ The following table lists and describes the permissions that can be granted to u
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [How to Change User Access Permissions](how-to-change-user-access-permissions.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md b/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md
index 9f9e1977c9..11a9533a37 100644
--- a/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md
+++ b/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md
@@ -1,8 +1,11 @@
 ---
 title: Using Application Virtualization Servers as a Package Management Solution
 description: Using Application Virtualization Servers as a Package Management Solution
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 41597355-e7bb-45e2-b300-7b1724419975
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ If you do not have an existing ESD system to deploy your Application Virtualizat
 **Note**  
 Access to the applications is controlled by means of Security Groups in Active Directory Domain Services, so you will need to plan a process to set up a security group for each virtualized application and for managing which users are added to each group. The Application Virtualization Management Server administrator configures the server to use these Active Directory groups, and the server then automatically controls access to the packages based on Active Directory group membership.
 
- 
+ 
 
 ## In This Section
 
@@ -40,9 +43,9 @@ Describes available options for using Application Virtualization Streaming Serve
 
 [Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md b/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md
index 953ee3e0bf..6f8e379deb 100644
--- a/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md
+++ b/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md
@@ -1,8 +1,11 @@
 ---
 title: Using Electronic Software Distribution as a Package Management Solution
 description: Using Electronic Software Distribution as a Package Management Solution
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 7d96ea70-3e7e-49fa-89cc-586804a10657
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/verify-applications-page--package-accelerators-.md b/mdop/appv-v4/verify-applications-page--package-accelerators-.md
index 804e90f8de..6cb0bdd47e 100644
--- a/mdop/appv-v4/verify-applications-page--package-accelerators-.md
+++ b/mdop/appv-v4/verify-applications-page--package-accelerators-.md
@@ -1,8 +1,11 @@
 ---
 title: Verify Applications Page (Package Accelerators)
 description: Verify Applications Page (Package Accelerators)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: e58a37db-d042-453f-aa0d-2f324600a35b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/virtual-application-package-additional-components.md b/mdop/appv-v4/virtual-application-package-additional-components.md
index 759bd861cf..e44d919586 100644
--- a/mdop/appv-v4/virtual-application-package-additional-components.md
+++ b/mdop/appv-v4/virtual-application-package-additional-components.md
@@ -1,8 +1,11 @@
 ---
 title: Virtual Application Package Additional Components
 description: Virtual Application Package Additional Components
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 476b0f40-ebd6-4296-92fa-61fa9495c03c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/virtual-file-system-tab-keep.md b/mdop/appv-v4/virtual-file-system-tab-keep.md
index 30fb804f15..9d50f3a15c 100644
--- a/mdop/appv-v4/virtual-file-system-tab-keep.md
+++ b/mdop/appv-v4/virtual-file-system-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Virtual File System Tab
 description: Virtual File System Tab
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 9d084e2a-720d-4a25-9cd5-d0d70868b413
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/virtual-registry-tab-keep.md b/mdop/appv-v4/virtual-registry-tab-keep.md
index fb51eca7dc..ab7b437cfd 100644
--- a/mdop/appv-v4/virtual-registry-tab-keep.md
+++ b/mdop/appv-v4/virtual-registry-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Virtual Registry Tab
 description: Virtual Registry Tab
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 25833383-24c4-40a1-b34c-73b2bd3f11e1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/virtual-services-tab-keep.md b/mdop/appv-v4/virtual-services-tab-keep.md
index 0f572ad4cc..2314727dbd 100644
--- a/mdop/appv-v4/virtual-services-tab-keep.md
+++ b/mdop/appv-v4/virtual-services-tab-keep.md
@@ -1,8 +1,11 @@
 ---
 title: Virtual Services Tab
 description: Virtual Services Tab
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 9fc4679d-ccb5-4df7-99de-dd7d3a367ecc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v4/wizard-pages--appv-46-sp1-.md b/mdop/appv-v4/wizard-pages--appv-46-sp1-.md
index ee5b03c3a0..8ea9090de2 100644
--- a/mdop/appv-v4/wizard-pages--appv-46-sp1-.md
+++ b/mdop/appv-v4/wizard-pages--appv-46-sp1-.md
@@ -1,8 +1,11 @@
 ---
 title: Wizard Pages (AppV 4.6 SP1)
 description: Wizard Pages (AppV 4.6 SP1)
-author: jamiejdt
+author: manikadhiman
 ms.assetid: dadab8cf-fe6d-4cff-8f6c-e9676f244872
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md b/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
index 87c3a92fd0..103b44d92c 100644
--- a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
+++ b/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0 Dynamic Configuration
 description: About App-V 5.0 Dynamic Configuration
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 88afaca1-68c5-45c4-a074-9371c56b5804
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +35,7 @@ The previous .xml files specify package settings and allow for packages to be cu
 **Note**  
 The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements.
 
- 
+ 
 
 ### Dynamic Configuration file contents
 
@@ -55,7 +58,7 @@ All of the additions, deletions, and updates in the configuration files need to
 
 
 
- 
+ 
 
 The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults.
 
@@ -99,477 +102,477 @@ The structure of the App-V 5.0 Dynamic Configuration file is explained in the fo
 
 **Header** - the header of a dynamic user configuration file is as follows:
 
-<?xml version="1.0" encoding="utf-8"?><UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+<?xml version="1.0" encoding="utf-8"?><UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
 
 The **PackageId** is the same value as exists in the Manifest file.
 
 **Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body:
 
-1.  **Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
+1. **Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
 
-    <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+   <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
 
-    <Applications>
+   <Applications>
 
-    <!-- No new application can be defined in policy. AppV Client will ignore any application ID that is not also in the Manifest file -->
+   <!-- No new application can be defined in policy. AppV Client will ignore any application ID that is not also in the Manifest file -->
 
-    <Application Id="{a56fa627-c35f-4a01-9e79-7d36aed8225a}" Enabled="false">
+   <Application Id="{a56fa627-c35f-4a01-9e79-7d36aed8225a}" Enabled="false">
 
-    </Application>
+   </Application>
 
-    </Applications>
+   </Applications>
 
-    …
+   …
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-2.  **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>:
+2. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>:
 
-    <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+   <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
 
-    <Subsystems>
+   <Subsystems>
 
-    ..
+   ..
 
-    </Subsystems>
+   </Subsystems>
 
-    ..
+   ..
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-    Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples.
+   Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples.
 
-    **Extensions:**
+   **Extensions:**
 
-    Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
+   Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
 
-    Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an <Extensions> node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file.
+   Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an <Extensions> node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file.
 
-    Example using the shortcuts subsystem:
+   Example using the shortcuts subsystem:
 
-    1.  If the user defined this in either the dynamic or deployment config file:
+   1.  If the user defined this in either the dynamic or deployment config file:
 
-                                     **<Shortcuts  Enabled="true">**
+                                    **<Shortcuts  Enabled="true">**
 
-                                                 **<Extensions>**
+                                                **<Extensions>**
 
-                                                  ...
+                                                 ...
 
-                                                 **</Extensions>**
+                                                **</Extensions>**
 
-                                     **</Shortcuts>**
+                                    **</Shortcuts>**
 
-                          Content in the manifest will be ignored.   
+                         Content in the manifest will be ignored.   
 
-    2.  If the user defined only the following:
+   2.  If the user defined only the following:
 
-                                    **<Shortcuts  Enabled="true"/>**
+                                   **<Shortcuts  Enabled="true"/>**
 
-                          Then the content in the Manifest will be integrated during publishing.
+                         Then the content in the Manifest will be integrated during publishing.
 
-    3.  If the user defines the following
+   3.  If the user defines the following
 
-                                   **<Shortcuts  Enabled="true">**
+                                  **<Shortcuts  Enabled="true">**
 
-                                                 **<Extensions/>**
+                                                **<Extensions/>**
 
-                                     **</Shortcuts>**
+                                    **</Shortcuts>**
 
-    Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated.
+   Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated.
 
-    The supported Extension Subsystems are:
+   The supported Extension Subsystems are:
 
-    **Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts:
+   **Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts:
 
-    <Subsystems>
+   <Subsystems>
 
-    <Shortcuts Enabled="true">
+   <Shortcuts Enabled="true">
 
-      <Extensions>
+     <Extensions>
 
-        <Extension Category="AppV.Shortcut">
+       <Extension Category="AppV.Shortcut">
 
-          <Shortcut>
+         <Shortcut>
 
-            <File>\[{Common Programs}\]\\Microsoft Contoso\\Microsoft ContosoApp Filler 2010.lnk</File>
+           <File>\[{Common Programs}\]\\Microsoft Contoso\\Microsoft ContosoApp Filler 2010.lnk</File>
 
-            <Target>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</Target>
+           <Target>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</Target>
 
-            <Icon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\inficon.exe</Icon>
+           <Icon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\inficon.exe</Icon>
 
-            <Arguments />
+           <Arguments />
 
-            <WorkingDirectory />
+           <WorkingDirectory />
 
-            <AppUserModelId>ContosoApp.Filler.3</AppUserModelId>
+           <AppUserModelId>ContosoApp.Filler.3</AppUserModelId>
 
-            <Description>Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp.</Description>
+           <Description>Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp.</Description>
 
-            <Hotkey>0</Hotkey>
+           <Hotkey>0</Hotkey>
 
-            <ShowCommand>1</ShowCommand>
+           <ShowCommand>1</ShowCommand>
 
-            <ApplicationId>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</ApplicationId>
+           <ApplicationId>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</ApplicationId>
 
-          </Shortcut>
+         </Shortcut>
 
-      </Extension>
+     </Extension>
 
-      <Extension Category="AppV.Shortcut">
+     <Extension Category="AppV.Shortcut">
 
-        <Shortcut>
+       <Shortcut>
 
-          <File>\[{AppData}\]\\Microsoft\\Contoso\\Recent\\Templates.LNK</File>
+         <File>\[{AppData}\]\\Microsoft\\Contoso\\Recent\\Templates.LNK</File>
 
-          <Target>\[{AppData}\]\\Microsoft\\Templates</Target>
+         <Target>\[{AppData}\]\\Microsoft\\Templates</Target>
 
-          <Icon />
+         <Icon />
 
-          <Arguments />
+         <Arguments />
 
-          <WorkingDirectory />
+         <WorkingDirectory />
 
-          <AppUserModelId />
+         <AppUserModelId />
 
-          <Description />
+         <Description />
 
-          <Hotkey>0</Hotkey>
+         <Hotkey>0</Hotkey>
 
-          <ShowCommand>1</ShowCommand>
+         <ShowCommand>1</ShowCommand>
 
-          <!-- Note the ApplicationId is optional -->
+         <!-- Note the ApplicationId is optional -->
 
-        </Shortcut>
+       </Shortcut>
 
-      </Extension>
-
-     </Extensions>
-
-    </Shortcuts>
-
-    **File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below:
-
-    <FileTypeAssociations Enabled="true">
-
-    <Extensions>
-
-      <Extension Category="AppV.FileTypeAssociation">
-
-        <FileTypeAssociation>
-
-          <FileExtension MimeAssociation="true">
-
-          <Name>.docm</Name>
-
-          <ProgId>contosowordpad.DocumentMacroEnabled.12</ProgId>
-
-          <PerceivedType>document</PerceivedType>
-
-          <ContentType>application/vnd.ms-contosowordpad.document.macroEnabled.12</ContentType>
-
-          <OpenWithList>
-
-            <ApplicationName>wincontosowordpad.exe</ApplicationName>
-
-          </OpenWithList>
-
-         <OpenWithProgIds>
-
-            <ProgId>contosowordpad.8</ProgId>
-
-          </OpenWithProgIds>
-
-          <ShellNew>
-
-            <Command />
-
-            <DataBinary />
-
-            <DataText />
-
-            <FileName />
-
-            <NullFile>true</NullFile>
-
-            <ItemName />
-
-            <IconPath />
-
-            <MenuText />
-
-            <Handler />
-
-          </ShellNew>
-
-        </FileExtension>
-
-        <ProgId>
-
-           <Name>contosowordpad.DocumentMacroEnabled.12</Name>
-
-            <DefaultIcon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\contosowordpadicon.exe,15</DefaultIcon>
-
-            <Description>Blah Blah Blah</Description>
-
-            <FriendlyTypeName>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,9182</FriendlyTypeName>
-
-            <InfoTip>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,1424</InfoTip>
-
-            <EditFlags>0</EditFlags>
-
-            <ShellCommands>
-
-              <DefaultCommand>Open</DefaultCommand>
-
-              <ShellCommand>
-
-                 <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
-
-                 <Name>Edit</Name>
-
-                 <FriendlyName>&Edit</FriendlyName>
-
-                 <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /vu "%1"</CommandLine>
-
-              </ShellCommand>
-
-              </ShellCommand>
-
-                <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
-
-                <Name>Open</Name>
-
-                <FriendlyName>&Open</FriendlyName>
-
-                <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /n "%1"</CommandLine>
-
-                <DropTargetClassId />
-
-                <DdeExec>
-
-                  <Application>mscontosowordpad</Application>
-
-                  <Topic>ShellSystem</Topic>
-
-                  <IfExec>\[SHELLNOOP\]</IfExec>
-
-                  <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
-
-                </DdeExec>
-
-              </ShellCommand>
-
-            </ShellCommands>
-
-          </ProgId>
-
-         </FileTypeAssociation>
-
-       </Extension>
-
-      </Extensions>
-
-      </FileTypeAssociations>
-
-    **URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”.
-
-    <URLProtocols Enabled="true">
-
-    <Extensions>
-
-    <Extension Category="AppV.URLProtocol">
-
-    <URLProtocol>
-
-      <Name>mailto</Name>
-
-      <ApplicationURLProtocol>
-
-      <DefaultIcon>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE,-9403</DefaultIcon>
-
-      <EditFlags>2</EditFlags>
-
-      <Description />
-
-      <AppUserModelId />
-
-      <FriendlyTypeName />
-
-      <InfoTip />
-
-    <SourceFilter />
-
-      <ShellFolder />
-
-      <WebNavigableCLSID />
-
-      <ExplorerFlags>2</ExplorerFlags>
-
-      <CLSID />
-
-      <ShellCommands>
-
-      <DefaultCommand>open</DefaultCommand>
-
-      <ShellCommand>
-
-      <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
-
-      <Name>open</Name>
-
-      <CommandLine>\[{ProgramFilesX86}\\Microsoft Contoso\\Contoso\\contosomail.EXE" -c OEP.Note /m "%1"</CommandLine>
-
-      <DropTargetClassId />
-
-      <FriendlyName />
-
-      <Extended>0</Extended>
-
-      <LegacyDisable>0</LegacyDisable>
-
-      <SuppressionPolicy>2</SuppressionPolicy>
-
-       <DdeExec>
-
-      <NoActivateHandler />
-
-      <Application>contosomail</Application>
-
-      <Topic>ShellSystem</Topic>
-
-      <IfExec>\[SHELLNOOP\]</IfExec>
-
-      <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
-
-      </DdeExec>
-
-      </ShellCommand>
-
-      </ShellCommands>
-
-      </ApplicationURLProtocol>
-
-      </URLProtocol>
-
-      </Extension>
-
-      </Extension>
-
-      </URLProtocols>
-
-    **Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client.
-
-    <SoftwareClients Enabled="true">
-
-      <ClientConfiguration EmailEnabled="false" />
-
-    </SoftwareClients>
-
-    AppPaths:- If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe.
-
-    <AppPaths Enabled="true">
-
-    <Extensions>
-
-    <Extension Category="AppV.AppPath">
-
-    <AppPath>
-
-      <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
-
-      <Name>contosomail.exe</Name>
-
-      <ApplicationPath>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationPath>
-
-      <PATHEnvironmentVariablePrefix />
-
-      <CanAcceptUrl>false</CanAcceptUrl>
-
-      <SaveUrl />
-
-    </AppPath>
-
-    </Extension>
+     </Extension>
 
     </Extensions>
 
-    </AppPaths>
+   </Shortcuts>
 
-    **COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol.
+   **File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below:
 
-    <COM Mode="Isolated"/>
+   <FileTypeAssociations Enabled="true">
 
-    **Other Settings**:
+   <Extensions>
 
-    In addition to Extensions, other subsystems can be enabled/disabled and edited:
+     <Extension Category="AppV.FileTypeAssociation">
 
-    **Virtual Kernel Objects**:
+       <FileTypeAssociation>
 
-    <Objects Enabled="false" />
+         <FileExtension MimeAssociation="true">
 
-    **Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU
+         <Name>.docm</Name>
 
-    <Registry Enabled="true">
+         <ProgId>contosowordpad.DocumentMacroEnabled.12</ProgId>
 
-    <Include>
+         <PerceivedType>document</PerceivedType>
 
-    <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\ABC">
+         <ContentType>application/vnd.ms-contosowordpad.document.macroEnabled.12</ContentType>
 
-    <Value Type="REG\_SZ" Name="Bar" Data="NewValue" />
+         <OpenWithList>
 
-     </Key>
+           <ApplicationName>wincontosowordpad.exe</ApplicationName>
 
-      <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\EmptyKey" />
+         </OpenWithList>
 
-     </Include>
+        <OpenWithProgIds>
 
-    <Delete>
+           <ProgId>contosowordpad.8</ProgId>
 
-      </Registry>
+         </OpenWithProgIds>
 
-    **Virtual File System**
+         <ShellNew>
 
-          <FileSystem Enabled="true" />
+           <Command />
 
-    **Virtual Fonts**
+           <DataBinary />
 
-          <Fonts Enabled="false" />
+           <DataText />
 
-    **Virtual Environment Variables**
+           <FileName />
 
-    <EnvironmentVariables Enabled="true">
+           <NullFile>true</NullFile>
 
-    <Include>
+           <ItemName />
 
-           <Variable Name="UserPath" Value="%path%;%UserProfile%" />
+           <IconPath />
 
-           <Variable Name="UserLib" Value="%UserProfile%\\ABC" />
+           <MenuText />
 
-           </Include>
+           <Handler />
 
-          <Delete>
+         </ShellNew>
 
-           <Variable Name="lib" />
+       </FileExtension>
 
-            </Delete>
+       <ProgId>
 
-            </EnvironmentVariables>
+          <Name>contosowordpad.DocumentMacroEnabled.12</Name>
 
-    **Virtual services**
+           <DefaultIcon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\contosowordpadicon.exe,15</DefaultIcon>
 
-          <Services Enabled="false" />
+           <Description>Blah Blah Blah</Description>
 
-3.  **UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used.
+           <FriendlyTypeName>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,9182</FriendlyTypeName>
 
-4.  **ManagingAuthority** – Can be used when 2 versions of your package are co-existing on the same machine, one deployed to App-V 4.6 and the other deployed on App-V 5.0. To Allow App-V vNext to take over App-V 4.6 extension points for the named package enter the following in the UserConfig file (where PackageName is the Package GUID in App-V 4.6:
+           <InfoTip>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,1424</InfoTip>
 
-    <ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName="032630c0-b8e2-417c-acef-76fc5297fe81" />
+           <EditFlags>0</EditFlags>
+
+           <ShellCommands>
+
+             <DefaultCommand>Open</DefaultCommand>
+
+             <ShellCommand>
+
+                <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
+
+                <Name>Edit</Name>
+
+                <FriendlyName>&Edit</FriendlyName>
+
+                <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /vu "%1"</CommandLine>
+
+             </ShellCommand>
+
+             </ShellCommand>
+
+               <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
+
+               <Name>Open</Name>
+
+               <FriendlyName>&Open</FriendlyName>
+
+               <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /n "%1"</CommandLine>
+
+               <DropTargetClassId />
+
+               <DdeExec>
+
+                 <Application>mscontosowordpad</Application>
+
+                 <Topic>ShellSystem</Topic>
+
+                 <IfExec>\[SHELLNOOP\]</IfExec>
+
+                 <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
+
+               </DdeExec>
+
+             </ShellCommand>
+
+           </ShellCommands>
+
+         </ProgId>
+
+        </FileTypeAssociation>
+
+      </Extension>
+
+     </Extensions>
+
+     </FileTypeAssociations>
+
+   **URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”.
+
+   <URLProtocols Enabled="true">
+
+   <Extensions>
+
+   <Extension Category="AppV.URLProtocol">
+
+   <URLProtocol>
+
+     <Name>mailto</Name>
+
+     <ApplicationURLProtocol>
+
+     <DefaultIcon>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE,-9403</DefaultIcon>
+
+     <EditFlags>2</EditFlags>
+
+     <Description />
+
+     <AppUserModelId />
+
+     <FriendlyTypeName />
+
+     <InfoTip />
+
+   <SourceFilter />
+
+     <ShellFolder />
+
+     <WebNavigableCLSID />
+
+     <ExplorerFlags>2</ExplorerFlags>
+
+     <CLSID />
+
+     <ShellCommands>
+
+     <DefaultCommand>open</DefaultCommand>
+
+     <ShellCommand>
+
+     <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
+
+     <Name>open</Name>
+
+     <CommandLine>\[{ProgramFilesX86}\\Microsoft Contoso\\Contoso\\contosomail.EXE" -c OEP.Note /m "%1"</CommandLine>
+
+     <DropTargetClassId />
+
+     <FriendlyName />
+
+     <Extended>0</Extended>
+
+     <LegacyDisable>0</LegacyDisable>
+
+     <SuppressionPolicy>2</SuppressionPolicy>
+
+      <DdeExec>
+
+     <NoActivateHandler />
+
+     <Application>contosomail</Application>
+
+     <Topic>ShellSystem</Topic>
+
+     <IfExec>\[SHELLNOOP\]</IfExec>
+
+     <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
+
+     </DdeExec>
+
+     </ShellCommand>
+
+     </ShellCommands>
+
+     </ApplicationURLProtocol>
+
+     </URLProtocol>
+
+     </Extension>
+
+     </Extension>
+
+     </URLProtocols>
+
+   **Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client.
+
+   <SoftwareClients Enabled="true">
+
+     <ClientConfiguration EmailEnabled="false" />
+
+   </SoftwareClients>
+
+   AppPaths:- If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe.
+
+   <AppPaths Enabled="true">
+
+   <Extensions>
+
+   <Extension Category="AppV.AppPath">
+
+   <AppPath>
+
+     <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
+
+     <Name>contosomail.exe</Name>
+
+     <ApplicationPath>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationPath>
+
+     <PATHEnvironmentVariablePrefix />
+
+     <CanAcceptUrl>false</CanAcceptUrl>
+
+     <SaveUrl />
+
+   </AppPath>
+
+   </Extension>
+
+   </Extensions>
+
+   </AppPaths>
+
+   **COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol.
+
+   <COM Mode="Isolated"/>
+
+   **Other Settings**:
+
+   In addition to Extensions, other subsystems can be enabled/disabled and edited:
+
+   **Virtual Kernel Objects**:
+
+   <Objects Enabled="false" />
+
+   **Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU
+
+   <Registry Enabled="true">
+
+   <Include>
+
+   <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\ABC">
+
+   <Value Type="REG\_SZ" Name="Bar" Data="NewValue" />
+
+    </Key>
+
+     <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\EmptyKey" />
+
+    </Include>
+
+   <Delete>
+
+     </Registry>
+
+   **Virtual File System**
+
+         <FileSystem Enabled="true" />
+
+   **Virtual Fonts**
+
+         <Fonts Enabled="false" />
+
+   **Virtual Environment Variables**
+
+   <EnvironmentVariables Enabled="true">
+
+   <Include>
+
+          <Variable Name="UserPath" Value="%path%;%UserProfile%" />
+
+          <Variable Name="UserLib" Value="%UserProfile%\\ABC" />
+
+          </Include>
+
+         <Delete>
+
+          <Variable Name="lib" />
+
+           </Delete>
+
+           </EnvironmentVariables>
+
+   **Virtual services**
+
+         <Services Enabled="false" />
+
+3. **UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used.
+
+4. **ManagingAuthority** – Can be used when 2 versions of your package are co-existing on the same machine, one deployed to App-V 4.6 and the other deployed on App-V 5.0. To Allow App-V vNext to take over App-V 4.6 extension points for the named package enter the following in the UserConfig file (where PackageName is the Package GUID in App-V 4.6:
+
+   <ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName="032630c0-b8e2-417c-acef-76fc5297fe81" />
 
 ### Dynamic Deployment Configuration file
 
 **Header** - The header of a Deployment Configuration file is as follows:
 
-<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
+<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
 
 The **PackageId** is the same value as exists in the manifest file.
 
@@ -579,11 +582,11 @@ The **PackageId** is the same value as exists in the manifest file.
 
 -   Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS.
 
-<DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
+<DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
 
 <UserConfiguration>
 
-  ..
+  ..
 
 </UserConfiguration>
 
@@ -607,11 +610,11 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <MachineConfiguration>
 
-      <Subsystems>
+      <Subsystems>
 
-      ..
+      ..
 
-      </Subsystems>
+      </Subsystems>
 
     ..
 
@@ -627,65 +630,65 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <ApplicationCapabilities Enabled="true">
 
-      <Extensions>
+      <Extensions>
 
-       <Extension Category="AppV.ApplicationCapabilities">
+       <Extension Category="AppV.ApplicationCapabilities">
 
-        <ApplicationCapabilities>
+        <ApplicationCapabilities>
 
-         <ApplicationId>\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe</ApplicationId>
+         <ApplicationId>\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe</ApplicationId>
 
-         <Reference>
+         <Reference>
 
-          <Name>LitView Browser</Name>
+          <Name>LitView Browser</Name>
 
-          <Path>SOFTWARE\\LitView\\Browser\\Capabilities</Path>
+          <Path>SOFTWARE\\LitView\\Browser\\Capabilities</Path>
 
-         </Reference>
+         </Reference>
 
-       <CapabilityGroup>
+       <CapabilityGroup>
 
-        <Capabilities>
+        <Capabilities>
 
-         <Name>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345</Name>
+         <Name>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345</Name>
 
-         <Description>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346</Description>
+         <Description>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346</Description>
 
-         <Hidden>0</Hidden>
+         <Hidden>0</Hidden>
 
-         <EMailSoftwareClient>Lit View E-Mail Client</EMailSoftwareClient>
+         <EMailSoftwareClient>Lit View E-Mail Client</EMailSoftwareClient>
 
-         <FileAssociationList>
+         <FileAssociationList>
 
-          <FileAssociation Extension=".htm" ProgID="LitViewHTML" />
+          <FileAssociation Extension=".htm" ProgID="LitViewHTML" />
 
-          <FileAssociation Extension=".html" ProgID="LitViewHTML" />
+          <FileAssociation Extension=".html" ProgID="LitViewHTML" />
 
-          <FileAssociation Extension=".shtml" ProgID="LitViewHTML" />
+          <FileAssociation Extension=".shtml" ProgID="LitViewHTML" />
 
-         </FileAssociationList>
+         </FileAssociationList>
 
-         <MIMEAssociationList>
+         <MIMEAssociationList>
 
-          <MIMEAssociation Type="audio/mp3" ProgID="LitViewHTML" />
+          <MIMEAssociation Type="audio/mp3" ProgID="LitViewHTML" />
 
-          <MIMEAssociation Type="audio/mpeg" ProgID="LitViewHTML" />
+          <MIMEAssociation Type="audio/mpeg" ProgID="LitViewHTML" />
 
-         </MIMEAssociationList>
+         </MIMEAssociationList>
 
-        <URLAssociationList>
+        <URLAssociationList>
 
-          <URLAssociation Scheme="http" ProgID="LitViewHTML.URL.http" />
+          <URLAssociation Scheme="http" ProgID="LitViewHTML.URL.http" />
 
-         </URLAssociationList>
+         </URLAssociationList>
 
-         </Capabilities>
+         </Capabilities>
 
-      </CapabilityGroup>
+      </CapabilityGroup>
 
-       </ApplicationCapabilities>
+       </ApplicationCapabilities>
 
-      </Extension>
+      </Extension>
 
     </Extensions>
 
@@ -701,15 +704,15 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <Include>
 
-      <Key Path="\\REGISTRY\\Machine\\Software\\ABC">
+      <Key Path="\\REGISTRY\\Machine\\Software\\ABC">
 
-        <Value Type="REG\_SZ" Name="Bar" Data="Baz" />
+        <Value Type="REG\_SZ" Name="Bar" Data="Baz" />
 
-       </Key>
+       </Key>
 
-      <Key Path="\\REGISTRY\\Machine\\Software\\EmptyKey" />
+      <Key Path="\\REGISTRY\\Machine\\Software\\EmptyKey" />
 
-     </Include>
+     </Include>
 
     <Delete>
 
@@ -721,9 +724,9 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <NotIsolate>
 
-       <Object Name="testObject" />
+       <Object Name="testObject" />
 
-     </NotIsolate>
+     </NotIsolate>
 
     </Objects>
 
@@ -731,11 +734,11 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <MachineConfiguration>
 
-      .. 
+      .. 
 
-      <ProductSourceURLOptOut Enabled="true" />
+      <ProductSourceURLOptOut Enabled="true" />
 
-      ..
+      ..
 
     </MachineConfiguration>
 
@@ -745,19 +748,19 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
 
     <MachineConfiguration>
 
-      ..   
+      ..   
 
-      <TerminateChildProcesses>
+      <TerminateChildProcesses>
 
-        <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" />
+        <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" />
 
-        <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" />
+        <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" />
 
-        <Application Path="\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE" />
+        <Application Path="\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE" />
 
-      </TerminateChildProcesses>
+      </TerminateChildProcesses>
 
-      ..
+      ..
 
     </MachineConfiguration>
 
@@ -852,7 +855,7 @@ The following table describes the various script events and the context under wh
 
 
 
- 
+ 
 
 ### Create a Dynamic Configuration file using an App-V 5.0 Manifest file
 
@@ -876,9 +879,9 @@ To create the file manually, the information above in previous sections can be c
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-50-reporting.md b/mdop/appv-v5/about-app-v-50-reporting.md
index e8d03cb385..a050c4a164 100644
--- a/mdop/appv-v5/about-app-v-50-reporting.md
+++ b/mdop/appv-v5/about-app-v-50-reporting.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0 Reporting
 description: About App-V 5.0 Reporting
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 27c33dda-f017-41e3-8a78-1b681543ec4f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -38,7 +41,7 @@ The following list displays the end–to-end high-level workflow for reporting i
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.0, most reports are generated from Configuration Manager rather than from App-V 5.0.
 
-     
+     
 
 4.  After importing the App-V 5.0 PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V 5.0 client. This sample PowerShell cmdlet enables App-V 5.0 reporting:
 
@@ -57,9 +60,11 @@ The following list displays the end–to-end high-level workflow for reporting i
     **Note**  
     By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
 
-     
+     
 
-    If the App-V 5.0 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
+~~~
+If the App-V 5.0 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
+~~~
 
 ###  App-V 5.0 reporting server frequently asked questions
 
@@ -107,24 +112,23 @@ The following table displays answers to common questions about App-V 5.0 reporti
 
    Yes. Besides manually sending reporting using PowerShell Cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
    
 
      
 
    1. Using PowerShell cmdlets - Set-AppvClientConfiguration. For example:
      
-
      Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting
      
+
      Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting
      
 
      
-
      For a complete list of client configuration settings see [About Client Configuration Settings](about-client-configuration-settings.md) and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.
      
+
      For a complete list of client configuration settings see About Client Configuration Settings and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.
      
 
      2. 
 
    2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
      
 
      
-Note  
-
      Group Policy settings override local settings configured using PowerShell.
      
+Note
      Group Policy settings override local settings configured using PowerShell.
      
 
      
 
      
- 
+
 
      3. 
 
    
 
 
 
+ 
 
- 
 
 ##  App-V 5.0 Client Reporting
 
@@ -135,10 +139,10 @@ To use App-V 5.0 reporting you must install and configure the App-V 5.0 client.
 
 The following examples show how PowerShell parameters can configure the reporting features of the App-V 5.0 client.
 
-**Note**  
+**Note**  
 The following configuration task can also be configured using Group Policy settings in the App-V 5.0 ADMX template. For more information about using the ADMX template, see [How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md).
+ 
 
- 
 
 **To enable reporting and to initiate data collection on the computer running the App-V 5.0 client**:
 
@@ -152,7 +156,7 @@ Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPor
 
 `-ReportingInterval 1 -ReportingRandomDelay 30`
 
-This example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+This example configures the client to automatically send the reporting data to the reporting server URL http://MyReportingServer:MyPort/. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
 
 **To limit the size of the data cache on the client**:
 
@@ -221,8 +225,8 @@ The following table displays the types of information you can collect by using A
 
 
 
+ 
 
- 
 
 The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
 
@@ -267,20 +271,19 @@ You can also use the **Send-AppVClientReport** cmdlet to manually collect data.
 
 
    If you have an existing App-V 5.0 reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.
    
 
    If you do not have an existing App-V 5.0 reporting Server, use the –URL parameter to send the data to a specified share. For example:
    
-
    Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess
    
-
    The previous example will send the reporting data to \\MyShare\MyData\ location indicated by the -URL parameter. After the data has been sent, the cache is cleared.
    
+
    Send-AppVClientReport –URL \Myshare\MyData\ -DeleteOnSuccess
    
+
    The previous example will send the reporting data to \MyShare\MyData</strong> location indicated by the -URL parameter. After the data has been sent, the cache is cleared.
    
 
    
-Note  
-
    If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.
    
+Note
    If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.
    
 
    
 
    
- 
+ 
 
    
 
 
 
 
- 
+ 
 
 ### Creating Reports
 
@@ -314,9 +317,9 @@ You should also ensure that the reporting server web service’s **Maximum Concu
 
 [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-50-sp1.md b/mdop/appv-v5/about-app-v-50-sp1.md
index 7abef85fc1..d77515d490 100644
--- a/mdop/appv-v5/about-app-v-50-sp1.md
+++ b/mdop/appv-v5/about-app-v-50-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0 SP1
 description: About App-V 5.0 SP1
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 2848a51b-452e-4c70-b465-f6717cfa667f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,7 +32,7 @@ This service pack contains the following changes:
 
     -   Reporting - **HKEY\_LOCAL\_MACHINE** \\ **SOFTWARE** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ReportingService** \\ **REPORTING\_DB\_NAME**
 
-     
+     
 
 ## How to Get MDOP Technologies
 
@@ -48,9 +51,9 @@ App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is p
 
 [Release Notes for App-V 5.0 SP1](release-notes-for-app-v-50-sp1.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-50-sp2.md b/mdop/appv-v5/about-app-v-50-sp2.md
index bf06ad558b..9da2057ae1 100644
--- a/mdop/appv-v5/about-app-v-50-sp2.md
+++ b/mdop/appv-v5/about-app-v-50-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0 SP2
 description: About App-V 5.0 SP2
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 16ca8452-cef2-464e-b4b5-c10d4630fa6a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -58,7 +61,7 @@ Tasks that have been placed in a pending state will be performed according to th
 
 
 
- 
+ 
 
 When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows:
 
@@ -85,7 +88,7 @@ When a task is placed in a pending state, the App-V client also generates a regi
 
 
 
- 
+ 
 
 ### Virtualizing Microsoft Office 2013 and Microsoft Office 2010 using App-V 5.0
 
@@ -96,7 +99,7 @@ Use the following link for more information about App-V 5.0 supported Microsoft
 **Note**  
 This document focuses on creating a Microsoft Office 2013 App-V 5.0 Package. However, it also provides information about scenarios for Microsoft Office 2010 with App-V 5.0.
 
- 
+ 
 
 ###  App-V 5.0 Client Management User Interface Application
 
@@ -170,9 +173,9 @@ App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is p
 
 [Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md
index 17c1fbf0a3..c7b6ad9dc3 100644
--- a/mdop/appv-v5/about-app-v-50-sp3.md
+++ b/mdop/appv-v5/about-app-v-50-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0 SP3
 description: About App-V 5.0 SP3
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 67b5268b-edc1-4027-98b0-b3937dd70a6b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -56,17 +59,17 @@ See the following links for the App-V 5.0 SP3 software prerequisites and support
 
 
 
-
    [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md)
    
+
    App-V 5.0 SP3 Prerequisites
    
 
    Prerequisite software that you must install before starting the App-V 5.0 SP3 installation
    
 
 
-
    [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md)
    
+
    App-V 5.0 SP3 Supported Configurations
    
 
    Supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client components
    
 
 
 
 
- 
+
 
 ## Migrating to App-V 5.0 SP3
 
@@ -98,11 +101,10 @@ Review the following information before you start the upgrade:
 
  • Connection groups
    • 
 
 
    
-Note  
-
    To use the App-V client user interface, download the existing version from [Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/download/details.aspx?id=41186).
    
+Note
    To use the App-V client user interface, download the existing version from Microsoft Application Virtualization 5.0 Client UI Application.
    
 
    
 
    
- 
+
 
    
 
 
@@ -110,8 +112,8 @@ Review the following information before you start the upgrade:
 
    You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.0 SP3.
    
 
    For more information, see:
    
 
 
    
 
@@ -132,7 +134,7 @@ Review the following information before you start the upgrade:
 
 
 
- 
+
 
 ### Steps to upgrade the App-V infrastructure
 
@@ -154,15 +156,14 @@ Complete the following steps to upgrade each component of the App-V infrastructu
 
    Step 1: Upgrade the App-V Server.
    
 
    If you are not using the App-V Server, skip this step and go to the next step.
    
 
    
-Note  
-
    The App-V 5.0 SP3 client is compatible with the App-V 5.0 SP1 Server.
    
+Note
    The App-V 5.0 SP3 client is compatible with the App-V 5.0 SP1 Server.
    
 
    
 
    
- 
+
 
    
 
    Follow these steps:
    
 
      
-
    1. Review the [Release Notes for App-V 5.0 SP3](release-notes-for-app-v-50-sp3.md) for issues that may affect the App-V Server installation.
      2. 
+
    2. Review the Release Notes for App-V 5.0 SP3 for issues that may affect the App-V Server installation.
      3. 
 
    3. Do one of the following, depending on the method you are using to upgrade the Management database and/or Reporting database:
      
 @@ -190,35 +191,35 @@ Complete the following steps to upgrade each component of the App-V infrastructu
 
-
+
-
+
      
 

 
      
 
      Management database
      To install or upgrade, see [SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail](https://support.microsoft.com/kb/3031340).
      To install or upgrade, see SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail.
      		
 
      
 
      
 
      Reporting database
      Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md).
      Follow the steps in How to Deploy the App-V Databases by Using SQL Scripts.
      		
 
      
       
 
      
-
       
      
+
       
      
 
 
 
-
       
      4. 
-
    4. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).
      5. 
-
    5. Follow the steps in [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md).
      6. 
+
       
      
+
    6. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section Check registry keys after installing the App-V 5.0 SP3 Server.
      7. 
+
    7. Follow the steps in How to Deploy the App-V 5.0 Server.
      8. 
 
    
 
 
 
    Step 2: Upgrade the App-V Sequencer.
    
-
    See [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md).
    
+
    See How to Install the Sequencer.
    
 
 
 
    Step 3: Upgrade the App-V client or App-V RDS client.
    
-
    See [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md).
    
+
    See How to Deploy the App-V Client.
    
 
 
 
 
- 
+
 
 ### Check registry keys before installing the App-V 5.0 SP3 Server
 
@@ -249,7 +250,7 @@ This is step 3 from the previous table.
 
 
 
- 
+
 
 **ManagementDatabase key**
 
@@ -317,7 +318,7 @@ If you are installing the Management database, set these registry keys under `HK
 
 
 
- 
+
 
 **ManagementService key**
 
@@ -352,7 +353,7 @@ If you are installing the Management server, set these registry keys under `HKLM
 
 
 
- 
+
 
 **ReportingDatabase key**
 
@@ -420,7 +421,7 @@ If you are installing the Reporting database, set these registry keys under `HKL
 
 
 
- 
+
 
 **ReportingService key**
 
@@ -451,7 +452,7 @@ If you are installing the Reporting server, set these registry keys under `HKLM\
 
 
 
- 
+
 
 ## Manually created connection group xml file requires update to schema
 
@@ -486,27 +487,27 @@ You can manage connection groups more easily by using optional packages and othe
 
    Including optional packages in a connection group enables you to dynamically determine which applications will be included in the connection group’s virtual environment, based on the applications that users are entitled to.
    
 
    You don’t need to manage as many connection groups because you can mix optional and non-optional packages in the same connection group. Mixing packages allows different groups of users to use the same connection group, even though users might have only one package in common.
    
 
    Example: You can enable a package with Microsoft Office for all users, but enable different optional packages, which contain different Office plug-ins, to different subsets of users.
    
-
    [How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups.md#bkmk-apps-plugs-optional)
    
+
    How to Use Optional Packages in Connection Groups
    
 
 
 
    Unpublish or delete an optional package without changing the connection group
    
 
    Unpublish or delete, or unpublish and republish an optional package, which is in a connection group, without having to disable or re-enable the connection group on the App-V client.
    
-
    [How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups.md#bkmk-apps-plugs-optional)
    
+
    How to Use Optional Packages in Connection Groups
    
 
 
 
    Publish connection groups that contain user-published and globally published packages
    
 
    Create a user-published connection group that contains user-published and globally published packages.
    
-
    [How to Create a Connection Group with User-Published and Globally Published Packages](how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md)
    
+
    How to Create a Connection Group with User-Published and Globally Published Packages
    
 
 
 
    Make a connection group ignore the package version
    
 
    Configure a connection group to accept any version of a package, which enables you to upgrade a package without having to disable the connection group. In addition, if there is an optional package with an incorrect version in the connection group, the package is ignored and won’t block the connection group’s virtual environment from being created.
    
-
    [How to Make a Connection Group Ignore the Package Version](how-to-make-a-connection-group-ignore-the-package-version.md)
    
+
    How to Make a Connection Group Ignore the Package Version
    
 
 
 
    Limit end users’ publishing capabilities
    
 
    Enable only administrators (not end users) to publish packages and to enable connection groups.
    
-
    For information about connection groups, see [How to Allow Only Administrators to Enable Connection Groups](how-to-allow-only-administrators-to-enable-connection-groups.md)
    
+
    For information about connection groups, see How to Allow Only Administrators to Enable Connection Groups
    
 
    For information about packages, see the following articles:
    
 @@ -522,19 +523,19 @@ You can manage connection groups more easily by using optional packages and othe
 
-
+
-
+
-
+
    
 

 
    
 
    Management console
    [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md)
    How to Publish a Package by Using the Management Console
    		
 
    
 
    
 
    PowerShell
    [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admin-only-posh-topic-cg)
    How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
    		
 
    
 
    
 
    Third-party electronic software delivery system
    [How to Enable Only Administrators to Publish Packages by Using an ESD](how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md)
    How to Enable Only Administrators to Publish Packages by Using an ESD
    		
 
    
     
 
    
-
     
    
+
     
    
 
 
 
    Enable or disable a connection group for a specific user
    
@@ -543,18 +544,18 @@ You can manage connection groups more easily by using optional packages and othe
 
  • Enable-AppVClientConnectionGroup
    • 
 
  • Disable-AppVClientConnectionGroup
    • 
 
-
    [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md#bkmk-enable-cg-for-user-poshtopic)
    
+
    How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
    
 
 
 
    Merging identical package paths into one virtual directory in connection groups
    
 
    If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment.
    
 
    This merging of paths allows an application in one package to access files that are in a different package.
    
-
    [About the Connection Group Virtual Environment](about-the-connection-group-virtual-environment.md#bkmk-merged-root-ve-exp)
    
+
    About the Connection Group Virtual Environment
    
 
 
 
 
- 
+
 
 ## Administrators can publish and unpublish packages for a specific user
 
@@ -588,7 +589,7 @@ Administrators can use the following cmdlets to publish or unpublish packages fo
 
 
 
- 
+
 
 ## Enable only administrators to publish and unpublish packages
 
@@ -615,12 +616,12 @@ You can enable only administrators (not end users) to publish and unpublish pack
 
 
 
    PowerShell
    
-
    [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs)
    
+
    How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell
    
 
 
 
 
- 
+
 
 ## RunVirtual registry key supports packages that are published to the user
 
@@ -652,7 +653,7 @@ New Windows PowerShell cmdlets for the App-V Server have been added to help you
 
 
 
    Add-AppvServerConnectionGroupPackage
    
-
    Appends a package to the end of a connection group's package list and enables you to configure the package as optional and/or with no version within the connection group.
    
+
    Appends a package to the end of a connection group's package list and enables you to configure the package as optional and/or with no version within the connection group.
    
 
 
 
    Set-AppvServerConnectionGroupPackage
    
@@ -665,7 +666,7 @@ New Windows PowerShell cmdlets for the App-V Server have been added to help you
 
 
 
- 
+
 
 ### Getting help for the PowerShell cmdlets
 
@@ -716,16 +717,16 @@ Cmdlet help is available in the following formats:
 
 
 
-
     
    
+
     
    
 
 
 
    On TechNet as web pages
    
-
    See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
    
+
    See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.
    
 
 
 
 
- 
+
 
 For more information, see [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md).
 
@@ -755,11 +756,10 @@ The primary virtual application directory (PVAD) is hidden in App-V 5.0 SP3, but
 
      
 
    1. In the Registry Editor, navigate to: HKLM\SOFTWARE\Microsoft\AppV\Sequencer\Compatibility
      
 
      
-Note  
-
      If the Compatability subkey doesn’t exist, you must create it.
      
+Note
      If the Compatability subkey doesn’t exist, you must create it.
      
 
      
 
      
- 
+
 
      2. 
 
    2. Create a DWORD Value named EnablePVADControl, and set the value to 1.
      
 
      A value of 0 means that PVAD is hidden.
      3. 
@@ -768,7 +768,7 @@ The primary virtual application directory (PVAD) is hidden in App-V 5.0 SP3, but
 
 
 
- 
+
 
 **More about PVAD:** When you use the Sequencer to create a package, you can enter any installation path for the package. In past versions of App-V, you were required to specify the primary virtual application directory (PVAD) of the application as the path. PVAD is the directory to which you would typically install an application on your local computer if you weren’t using App-V. For example, if you were installing Office on a computer, the PVAD typically would be C:\\Program Files\\Microsoft Office\\.
 
@@ -801,7 +801,7 @@ In App-V 5.0 SP3, you must provide the following values in the address when you
 
 
 
- 
+
 
 For syntax and examples of this query, see [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md).
 
@@ -829,9 +829,9 @@ App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part
 
 [Release Notes for App-V 5.0 SP3](release-notes-for-app-v-50-sp3.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/about-app-v-50.md b/mdop/appv-v5/about-app-v-50.md
index 53a5118e94..76b86ac82d 100644
--- a/mdop/appv-v5/about-app-v-50.md
+++ b/mdop/appv-v5/about-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.0
 description: About App-V 5.0
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 5799141b-44bc-4033-afcc-212235e15f00
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ The following table displays some of the differences between App-V 4.6 and App-V
 
 
 
-
      Must Use a dedicated drive letter (Q:\).
      
+
      Must Use a dedicated drive letter (Q:</strong>).
      
 
      No dedicated drive letter required.
      
 
 
@@ -66,7 +69,7 @@ The following table displays some of the differences between App-V 4.6 and App-V
 
 
 
      Dynamic Suite Composition enabled interaction with middleware applications.
      
-
      Peer applications are shared using connection groups. For more information about connection groups see, [Managing Connection Groups](managing-connection-groups.md).
      
+
      Peer applications are shared using connection groups. For more information about connection groups see, Managing Connection Groups.
      
 
 
 
      VDI/RDS environments required a read-only shared cache.
      
@@ -83,7 +86,7 @@ The following table displays some of the differences between App-V 4.6 and App-V
 
 
 
- 
+ 
 
 ## How to Get MDOP Technologies
 
@@ -100,9 +103,9 @@ App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is p
 
 [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-51-dynamic-configuration.md b/mdop/appv-v5/about-app-v-51-dynamic-configuration.md
index b208eda474..b66bfce583 100644
--- a/mdop/appv-v5/about-app-v-51-dynamic-configuration.md
+++ b/mdop/appv-v5/about-app-v-51-dynamic-configuration.md
@@ -1,14 +1,16 @@
 ---
 title: About App-V 5.1 dynamic configuration
 description: You can use the dynamic configuration to customize an App-V 5.1 package for a user. Use the following information to create or edit an existing dynamic configuration file.
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 35bc9908-d502-4a9c-873f-8ee17b6d9d74
+ms.reviewer: 
+manager: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 08/28/2018
-ms.author: pashort
+ms.author: dansimp
 ---
 
 # About App-V 5.1 dynamic configuration 
@@ -48,10 +50,10 @@ The **PackageId** is the same value as exists in the manifest file.
 
 The body of the dynamic user configuration file can include all the app extension points defined in the manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body:
 
-1.	**[Applications](#applications)** 
-2.	**[Subsystems](#subsystems)**
-3.	**[UserScripts](#userscripts)**
-4.	**[ManagingAuthority](#managingauthority)**
+1.  **[Applications](#applications)** 
+2.  **[Subsystems](#subsystems)**
+3.  **[UserScripts](#userscripts)**
+4.  **[ManagingAuthority](#managingauthority)**
 
 #### Applications
 
@@ -73,7 +75,6 @@ All app-extensions contained in the manifest file within a package have an Appli
 ..
 
 
-
 ```
 
 #### Subsystems
@@ -92,7 +93,6 @@ AppExtensions and other subsystems arranged as subnodes.
 ..
 
 
-
 ```
 
 You can enable or disable each subsystem using the **Enabled** attribute.
@@ -105,40 +105,37 @@ Extension subsystems can be enabled and disabled independently of the content. F
 
 _**Examples:**_ 
 
--	If you define this in either the user or deployment config file, the content in the manifest gets ignored.
+- If you define this in either the user or deployment config file, the content in the manifest gets ignored.
 
-   ```XML
+  ```XML
 
-   
+  
 
-   
+  
 
-   ...
+  ...
 
-   
+  
 
-   
+  
+  ```
+- If you define only the following, the content in the manifest gets integrated during publishing.
 
-   ```
--	If you define only the following, the content in the manifest gets integrated during publishing.
-   
-   ```XML
+  ```XML
 
-   
+  
+  ```
 
-   ```
+- If you define the following, all Shortcuts within the manifest still get ignored. In other words, no Shortcuts get integrated.
 
--	If you define the following, all Shortcuts within the manifest still get ignored. In other words, no Shortcuts get integrated.
+  ```XML
 
-   ```XML
+  
 
-   
+     
 
-       
-
-   
-
-   ```
+  
+  ```
 
 _**Supported extension subsystems:**_ 
 
@@ -160,7 +157,7 @@ _**Supported extension subsystems:**_
 
         [{PackageRoot}]\Contoso\ContosoApp.EXE
 
- 
+
       [{Windows}]\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
 
         
@@ -174,7 +171,7 @@ _**Supported extension subsystems:**_
         0
 
         1
- 
+
       [{PackageRoot}]\Contoso\ContosoApp.EXE
 
       
@@ -184,7 +181,7 @@ _**Supported extension subsystems:**_
   
 
     
- 
+
     [{AppData}]\Microsoft\Contoso\Recent\Templates.LNK
 
       [{AppData}]\Microsoft\Templates
@@ -212,7 +209,6 @@ _**Supported extension subsystems:**_
  
 
 
-
 ```
 
 **File-Type Associates** extension subsystem associates file types with programs to open by default as well as set up the context menu. 
@@ -237,7 +233,7 @@ _**Supported extension subsystems:**_
       contosowordpad.DocumentMacroEnabled.12
 
       document
- 
+
     application/vnd.ms-contosowordpad.document.macroEnabled.12
 
       
@@ -279,7 +275,7 @@ _**Supported extension subsystems:**_
     
 
        contosowordpad.DocumentMacroEnabled.12
- 
+
       [{Windows}]\Installer\{90140000-0011-0000-0000-000000FF1CE}\contosowordpadicon.exe,15
 
         Blah Blah Blah
@@ -295,19 +291,19 @@ _**Supported extension subsystems:**_
           Open
 
           
- 
+
            {e56fa627-c35f-4a01-9e79-7d36aed8225a}
 
              Edit
 
              &Edit
- 
+
            "[{PackageRoot}]\Contoso\WINcontosowordpad.EXE" /vu "%1"
 
           
 
           
- 
+
           {e56fa627-c35f-4a01-9e79-7d36aed8225a}
 
             Open
@@ -343,7 +339,6 @@ _**Supported extension subsystems:**_
   
 
   
-
 ```
 
 **URL Protocols** extension subsystem controls the URL protocols integrated into the local registry of the client machine, for example, _mailto:_. 
@@ -433,7 +428,6 @@ _**Supported extension subsystems:**_
   
 
   
-
 ```
 
 **Software Clients** extension subsystem allows the app to register as an email client, news reader, media player and makes the app visible in the Set program access and Computer defaults UI. In most cases, you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client.
@@ -445,7 +439,6 @@ _**Supported extension subsystems:**_
   
 
 
-
 ```
 
 **AppPaths** extension subsystem opens apps registered with an application path. For example, if contoso.exe has an apppath name of _myapp_, users can type _myapp_ from the run menu, opening contoso.exe.
@@ -479,19 +472,17 @@ _**Supported extension subsystems:**_
 
 
 
-
 ```
 
 **COM** extensions subsystem allows an application registered to local COM servers. The mode can be:
 
--	Integration
--	Isolated 
--	Off
+-   Integration
+-   Isolated 
+-   Off
 
 ```XML
 
 
-
 ```
 
 **Virtual Kernel Objects**
@@ -499,7 +490,6 @@ _**Supported extension subsystems:**_
 ```XML
 
 
-
 ```
 
 **Virtual Registry** sets a registry in the virtual registry within HKCU.
@@ -523,7 +513,6 @@ _**Supported extension subsystems:**_
 
 
 
-
 ```
 
 **Virtual File System**
@@ -531,7 +520,6 @@ _**Supported extension subsystems:**_
 ```XML
 
     
-
 ```
 
 **Virtual Fonts**
@@ -539,7 +527,6 @@ _**Supported extension subsystems:**_
 ```XML
 
       
-
 ```
 
 **Virtual Environment Variables**
@@ -563,7 +550,6 @@ _**Supported extension subsystems:**_
         
 
         
-
 ```
 
 **Virtual services**
@@ -571,7 +557,6 @@ _**Supported extension subsystems:**_
 ```XML
 
       
-
 ```
 
 #### UserScripts
@@ -586,7 +571,6 @@ Use ManagingAuthority when two versions of your package co-exist on the same mac
 ```XML
 
 
-
 ```
 
 ## Deployment configuration file (DeploymentConfig.xml)
@@ -641,7 +625,6 @@ The body of the dynamic deployment configuration file includes two sections:
 
 
 
-
 ```
 
 ### UserConfiguration
@@ -652,10 +635,10 @@ Refer to [User configuration file contents (UserConfig.xml)](#user-configuration
 
 Use the MachineConfiguration section to configure information for an entire machine; not for a specific user on the computer. For example, HKEY_LOCAL_MACHINE registry keys in the virtual registry. There are four subsections allowed in under this element:
 
-1.	**[Subsystems](#subsystems-1)**
-2.	**[ProductSourceURLOptOut](#productsourceurloptout)**
-3.	**[MachineScripts](#machinescripts)**
-4.	**[TerminateChildProcess](#terminatechildprocess)**
+1.  **[Subsystems](#subsystems-1)**
+2.  **[ProductSourceURLOptOut](#productsourceurloptout)**
+3.  **[MachineScripts](#machinescripts)**
+4.  **[TerminateChildProcess](#terminatechildprocess)**
 
 #### Subsystems
 
@@ -674,7 +657,6 @@ AppExtensions and other subsystems arranged as subnodes.
 …
 
 
-
 ```
 
 You can enable or disable each subsystem using the **Enabled** attribute.
@@ -701,7 +683,7 @@ This extension also makes the virtual application visible in the Set default pro
 
     
 
- 
+
    [{PackageRoot}]\LitView\LitViewBrowser.exe
 
      
@@ -716,10 +698,10 @@ This extension also makes the virtual application visible in the Set default pro
 
     
 
- 
+
    @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12345
 
- 
+
    @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12346
 
      0
@@ -761,7 +743,6 @@ This extension also makes the virtual application visible in the Set default pro
 
 
 
-
 ```
 
 _**Supported extension subsystems:**_ 
@@ -787,7 +768,6 @@ _**Supported extension subsystems:**_
 
 
 
-
 ```
 
 **Machine Wide Virtual Kernel Objects**
@@ -803,7 +783,6 @@ _**Supported extension subsystems:**_
  
 
 
-
 ```
 
 #### ProductSourceURLOptOut
@@ -821,7 +800,6 @@ Use ProductSourceURLOptOut to indicate that the URL for the package can be modif
   ...
 
 
-
 ```
 
 #### MachineScripts
@@ -853,7 +831,6 @@ An application executable can be specified, whose child processes get terminated
   ...
 
 
-
 ```
 
 
@@ -888,11 +865,11 @@ ScriptRunner.exe application. The application then runs each script separately,
 along with the arguments that you specify for each script. Use only one script
 (ScriptRunner.exe) per trigger.
 
->[!NOTE]
-
->We recommended that you run the multi-script line from a command prompt
-first to make sure that all arguments are built correctly before adding them to
-the deployment configuration file.
+> [!NOTE]
+> 
+> We recommended that you run the multi-script line from a command prompt
+> first to make sure that all arguments are built correctly before adding them to
+> the deployment configuration file.
 
 ### Example script and parameter descriptions
 
@@ -924,9 +901,9 @@ Name of the event trigger for which you are running a script, such as adding a p
 
 The script launcher application that is installed as part of the App-V client installation.
 
->[!NOTE]
-
->Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:FilesApplication Virtualizationfolder.
+> [!NOTE]
+> 
+> Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:FilesApplication Virtualizationfolder.
 
 #### \
 
@@ -973,4 +950,4 @@ To create the file manually, the information above in previous sections can be c
 
 - [Operations for App-V 5.1](operations-for-app-v-51.md)
 
----
\ No newline at end of file
+---
diff --git a/mdop/appv-v5/about-app-v-51-reporting.md b/mdop/appv-v5/about-app-v-51-reporting.md
index f4114c9174..05c85668ea 100644
--- a/mdop/appv-v5/about-app-v-51-reporting.md
+++ b/mdop/appv-v5/about-app-v-51-reporting.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.1 Reporting
 description: About App-V 5.1 Reporting
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 385dca00-7178-4e35-8d86-c58867ebd65c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -38,7 +41,7 @@ The following list displays the end–to-end high-level workflow for reporting i
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.1, most reports are generated from Configuration Manager rather than from App-V 5.1.
 
-     
+     
 
 4.  After importing the App-V 5.1 PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V 5.1 client. This sample PowerShell cmdlet enables App-V 5.1 reporting:
 
@@ -57,9 +60,11 @@ The following list displays the end–to-end high-level workflow for reporting i
     **Note**  
     By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
 
-     
+     
 
-    If the App-V 5.1 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
+~~~
+If the App-V 5.1 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
+~~~
 
 ###  App-V 5.1 reporting server frequently asked questions
 
@@ -107,24 +112,23 @@ The following table displays answers to common questions about App-V 5.1 reporti
 
      Yes. Besides manually sending reporting using PowerShell Cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
      
 
        
 
      1. Using PowerShell cmdlets - Set-AppvClientConfiguration. For example:
        
-
        Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting
        
+
        Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting
        
 
        
-
        For a complete list of client configuration settings see [About Client Configuration Settings](about-client-configuration-settings51.md) and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.
        
+
        For a complete list of client configuration settings see About Client Configuration Settings and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.
        
 
        2. 
 
      2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
        
 
        
-Note  
-
        Group Policy settings override local settings configured using PowerShell.
        
+Note
        Group Policy settings override local settings configured using PowerShell.
        
 
        
 
        
- 
+
 
        3. 
 
      
 
 
 
+ 
 
- 
 
 ##  App-V 5.1 Client Reporting
 
@@ -135,10 +139,10 @@ To use App-V 5.1 reporting you must install and configure the App-V 5.1 client.
 
 The following examples show how PowerShell parameters can configure the reporting features of the App-V 5.1 client.
 
-**Note**  
+**Note**  
 The following configuration task can also be configured using Group Policy settings in the App-V 5.1 ADMX template. For more information about using the ADMX template, see [How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md).
+ 
 
- 
 
 **To enable reporting and to initiate data collection on the computer running the App-V 5.1 client**:
 
@@ -152,7 +156,7 @@ Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPor
 
 `-ReportingInterval 1 -ReportingRandomDelay 30`
 
-This example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+This example configures the client to automatically send the reporting data to the reporting server URL http://MyReportingServer:MyPort/. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
 
 **To limit the size of the data cache on the client**:
 
@@ -221,8 +225,8 @@ The following table displays the types of information you can collect by using A
 
 
 
+ 
 
- 
 
 The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
 
@@ -267,20 +271,19 @@ You can also use the **Send-AppVClientReport** cmdlet to manually collect data.
 
 
      If you have an existing App-V 5.1 reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.
      
 
      If you do not have an existing App-V 5.1 reporting Server, use the –URL parameter to send the data to a specified share. For example:
      
-
      Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess
      
-
      The previous example will send the reporting data to \\MyShare\MyData\ location indicated by the -URL parameter. After the data has been sent, the cache is cleared.
      
+
      Send-AppVClientReport –URL \Myshare\MyData\ -DeleteOnSuccess
      
+
      The previous example will send the reporting data to \MyShare\MyData</strong> location indicated by the -URL parameter. After the data has been sent, the cache is cleared.
      
 
      
-Note  
-
      If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.
      
+Note
      If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.
      
 
      
 
      
- 
+ 
 
      
 
 
 
 
- 
+ 
 
 ### Creating Reports
 
@@ -314,9 +317,9 @@ You should also ensure that the reporting server web service’s **Maximum Concu
 
 [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md
index c942fd6e40..199fc19259 100644
--- a/mdop/appv-v5/about-app-v-51.md
+++ b/mdop/appv-v5/about-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: About App-V 5.1
 description: About App-V 5.1
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 35bc9908-d502-4a9c-873f-8ee17b6d9d74
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -52,17 +55,17 @@ See the following links for the App-V 5.1 software prerequisites and supported c
 
 
 
-
      [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
      
+
      App-V 5.1 Prerequisites
      
 
      Prerequisite software that you must install before starting the App-V 5.1 installation
      
 
 
-
      [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md)
      
+
      App-V 5.1 Supported Configurations
      
 
      Supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client components
      
 
 
 
 
- 
+
 
 **Support for using Configuration Manager with App-V:** App-V 5.1 supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager and Configuration Manager.
 
@@ -95,19 +98,18 @@ Review the following information before you start the upgrade:
 
    3. App-V Client or App-V Remote Desktop Services (RDS) Client
      4. 
 
    
 
    
-Note  
-
    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/download/details.aspx?id=41186).
    
+Note
    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from Application Virtualization 5.0 Client UI Application.
    
 
    
 
    
- 
+
 
    
 
 
 
    Upgrading from App-V 4.x
    
 
    You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.1. For more information, see:
    
 
 
    
 
@@ -126,7 +128,7 @@ Review the following information before you start the upgrade:
 
 
 
- 
+
 
 ### Steps to upgrade the App-V infrastructure
 
@@ -147,11 +149,10 @@ Complete the following steps to upgrade each component of the App-V infrastructu
 
 
    Step 1: Upgrade the App-V Server.
    
 
    
-Note  
-
    If you are not using the App-V Server, skip this step and go to the next step.
    
+Note
    If you are not using the App-V Server, skip this step and go to the next step.
    
 
    
 
    
- 
+
 
    
 
    Follow these steps:
    
 
      
@@ -174,36 +175,36 @@ Complete the following steps to upgrade each component of the App-V infrastructu
 
 
 
      SQL scripts
      
-
      Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md).
      
+
      Follow the steps in How to Deploy the App-V Databases by Using SQL Scripts.
      
 
 
 
-
    1. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](check-reg-key-svr.md).
      2. 
-
    2. Follow the steps in [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)
      3. 
-
       
      
+
    3. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section Check registry keys after installing the App-V 5.0 SP3 Server.
      4. 
+
    4. Follow the steps in How to Deploy the App-V 5.1 Server
      5. 
+
       
      
 
    
 
 
 
    Step 2: Upgrade the App-V Sequencer.
    
-
    See [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md).
    
+
    See How to Install the Sequencer.
    
 
 
 
    Step 3: Upgrade the App-V Client or App-V RDS Client.
    
-
    See [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md).
    
+
    See How to Deploy the App-V Client.
    
 
 
 
 
- 
+
 
 ### Converting packages created using a prior version of App-V
 
 Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion.
 
-**Note**  
+**Note**  
 App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V 5.1 packages.
 
- 
+
 
 ## What’s New in App-V 5.1
 
@@ -246,7 +247,7 @@ The following table lists the Windows 10 support for App-V. Windows 10 is not su
 
 
 
- 
+
 
 ### App-V Management Console Changes
 
@@ -291,7 +292,7 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
 
 
 
- 
+
 
 ### Console pages are now separate URLs
 
@@ -315,7 +316,7 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
 
 
 
- 
+
 
 ### New, separate CONNECTION GROUPS page and menu option
 
@@ -338,7 +339,7 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
 
 
 
- 
+
 
 ### Menu options for packages have changed
 
@@ -394,7 +395,7 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
 
 
 
- 
+
 
 ### Icons in left pane have new colors and text
 
@@ -414,10 +415,10 @@ You can import and export the AppxManifest.xml file. To export the manifest file
 
 After you make your changes, click **Import...** and select the file you edited. After you successfully import it back in, the manifest file is immediately updated within the package editor.
 
-**Caution**  
+**Caution**  
 When you import the file, your changes are validated against the XML schema. If the file is not valid, you will receive an error. Be aware that it is possible to import a file that is validated against the XML schema, but that might still fail to run for other reasons.
 
- 
+
 
 ### Addition of Windows 10 to operating systems list
 
@@ -516,9 +517,9 @@ App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part
 
 [Release Notes for App-V 5.1](release-notes-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/about-client-configuration-settings.md b/mdop/appv-v5/about-client-configuration-settings.md
index 11e4f02114..ab80cd454a 100644
--- a/mdop/appv-v5/about-client-configuration-settings.md
+++ b/mdop/appv-v5/about-client-configuration-settings.md
@@ -1,8 +1,11 @@
 ---
 title: About Client Configuration Settings
 description: About Client Configuration Settings
-author: jamiejdt
+author: manikadhiman
 ms.assetid: cc7ae28c-b2ac-4f68-b992-5ccdbd5316a4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -124,153 +127,143 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    Name
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    PUBLISHINGSERVERNAME
    
 
    Displays the name of publishing server.
    
 
    String
    
-
    Publishing\Servers\{serverId}\FriendlyName
    
+
    Publishing\Servers{serverId}\FriendlyName
    
 
    Policy value not written (same as Not Configured)
    
 
 
 
    URL
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    PUBLISHINGSERVERURL
    
 
    Displays the URL of publishing server.
    
 
    String
    
-
    Publishing\Servers\{serverId}\URL
    
+
    Publishing\Servers{serverId}\URL
    
 
    Policy value not written (same as Not Configured)
    
 
 
 
    GlobalRefreshEnabled
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    GLOBALREFRESHENABLED
    
 
    Enables global publishing refresh (Boolean)
    
 
    True(enabled); False(Disabled state)
    
-
    Publishing\Servers\{serverId}\GlobalEnabled
    
+
    Publishing\Servers{serverId}\GlobalEnabled
    
 
    False
    
 
 
 
    GlobalRefreshOnLogon
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    GLOBALREFRESHONLOGON
    
 
    Triggers a global publishing refresh on logon. ( Boolean)
    
 
    True(enabled); False(Disabled state)
    
-
    Publishing\Servers\{serverId}\GlobalLogonRefresh
    
+
    Publishing\Servers{serverId}\GlobalLogonRefresh
    
 
    False
    
 
 
 
    GlobalRefreshInterval
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
-
    GLOBALREFRESHINTERVAL  
    
+
    GLOBALREFRESHINTERVAL  
    
 
    Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
    
 
    Integer (0-744
    
-
    Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval
    
+
    Publishing\Servers{serverId}\GlobalPeriodicRefreshInterval
    
 
    0
    
 
 
 
    GlobalRefreshIntervalUnit
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    GLOBALREFRESHINTERVALUNI
    
-
    Specifies the interval unit (Hour 0-23, Day 0-31). 
    
+
    Specifies the interval unit (Hour 0-23, Day 0-31). 
    
 
    0 for hour, 1 for day
    
-
    Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit
    
+
    Publishing\Servers{serverId}\GlobalPeriodicRefreshIntervalUnit
    
 
    1
    
 
 
 
    UserRefreshEnabled
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
-
    USERREFRESHENABLED 
    
+
    USERREFRESHENABLED 
    
 
    Enables user publishing refresh (Boolean)
    
 
    True(enabled); False(Disabled state)
    
-
    Publishing\Servers\{serverId}\UserEnabled
    
+
    Publishing\Servers{serverId}\UserEnabled
    
 
    False
    
 
 
 
    UserRefreshOnLogon
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
 
    USERREFRESHONLOGON
    
 
    Triggers a user publishing refresh onlogon. ( Boolean)
    
 
    Word count (with spaces): 60
    
 
    True(enabled); False(Disabled state)
    
-
    Publishing\Servers\{serverId}\UserLogonRefresh
    
+
    Publishing\Servers{serverId}\UserLogonRefresh
    
 
    False
    
 
 
 
    UserRefreshInterval
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
-
    USERREFRESHINTERVAL     
    
+
    USERREFRESHINTERVAL     
    
 
    Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
    
 
    Word count (with spaces): 85
    
 
    Integer (0-744 Hours)
    
-
    Publishing\Servers\{serverId}\UserPeriodicRefreshInterval
    
+
    Publishing\Servers{serverId}\UserPeriodicRefreshInterval
    
 
    0
    
 
 
 
    UserRefreshIntervalUnit
    
 
    
-Note  
-
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
+Note
    This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.
    
 
    
 
    
- 
+
 
    
-
    USERREFRESHINTERVALUNIT  
    
-
    Specifies the interval unit (Hour 0-23, Day 0-31). 
    
+
    USERREFRESHINTERVALUNIT  
    
+
    Specifies the interval unit (Hour 0-23, Day 0-31). 
    
 
    0 for hour, 1 for day
    
-
    Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit
    
+
    Publishing\Servers{serverId}\UserPeriodicRefreshIntervalUnit
    
 
    1
    
 
 
@@ -300,7 +293,7 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    RoamingFileExclusions
    
 
    ROAMINGFILEEXCLUSIONS
    
-
    Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'
    
+
    Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'
    
 
    
 
    
 
    
@@ -308,7 +301,7 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    RoamingRegistryExclusions
    
 
    ROAMINGREGISTRYEXCLUSIONS
    
-
    Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients
    
+
    Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients
    
 
    String
    
 
    Integration\RoamingReglstryExclusions
    
 
    Policy value not written (same as Not Configured)
    
@@ -334,7 +327,7 @@ The following table displays information about the App-V 5.0 client configuratio
 
    Not available.
    
 
    A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.
    
 
    When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the RunVirtual command line parameter will be added, and the application will run virtually.
    
-
    For more information about the RunVirtual parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md).
    
+
    For more information about the RunVirtual parameter, see Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications.
    
 
    String
    
 
    Integration\VirtualizableExtensions
    
 
    Policy value not written
    
@@ -376,11 +369,10 @@ The following table displays information about the App-V 5.0 client configuratio
 
    Not available.
    
 
    Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the ReportingStartTime will start on the current day at 10 P.M.or 22.
    
 
    
-Note  
-
    You should configure this setting to a time when computers running the App-V 5.0 client are least likely to be offline.
    
+Note
    You should configure this setting to a time when computers running the App-V 5.0 client are least likely to be offline.
    
 
    
 
    
- 
+
 
    
 
    Integer (0 – 23)
    
 
    Reporting\ StartTime
    
@@ -405,11 +397,10 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    EnableDynamicVirtualization
    
 
    
-Important  
-
    This setting is available only with App-V 5.0 SP2 or later.
    
+Important
    This setting is available only with App-V 5.0 SP2 or later.
    
 
    
 
    
- 
+
 
    
 
    Not available.
    
 
    Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.
    
@@ -420,11 +411,10 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    EnablePublishingRefreshUI
    
 
    
-Important  
-
    This setting is available only with App-V 5.0 SP2.
    
+Important
    This setting is available only with App-V 5.0 SP2.
    
 
    
 
    
- 
+
 
    
 
    Not available.
    
 
    Enables the publishing refresh progress bar for the computer running the App-V 5.0 Client.
    
@@ -435,11 +425,10 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
    HideUI
    
 
    
-Important  
-
    This setting is available only with App-V 5.0 SP2.
    
+Important
    This setting is available only with App-V 5.0 SP2.
    
 
    
 
    
- 
+
 
    
 
    Not available.
    
 
    Hides the publishing refresh progress bar.
    
@@ -458,7 +447,7 @@ The following table displays information about the App-V 5.0 client configuratio
 
 
 
- 
+
 
 
 
@@ -474,9 +463,9 @@ The following table displays information about the App-V 5.0 client configuratio
 
 [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/about-client-configuration-settings51.md b/mdop/appv-v5/about-client-configuration-settings51.md
index 8ec20efe37..608b86b707 100644
--- a/mdop/appv-v5/about-client-configuration-settings51.md
+++ b/mdop/appv-v5/about-client-configuration-settings51.md
@@ -1,8 +1,11 @@
 ---
 title: About Client Configuration Settings
 description: About Client Configuration Settings
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 18bb307a-7eda-4dd6-a83e-6afaefd99470
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/about-the-connection-group-file.md b/mdop/appv-v5/about-the-connection-group-file.md
index 3719b1a019..a46bdbf5ea 100644
--- a/mdop/appv-v5/about-the-connection-group-file.md
+++ b/mdop/appv-v5/about-the-connection-group-file.md
@@ -1,8 +1,11 @@
 ---
 title: About the Connection Group File
 description: About the Connection Group File
-author: jamiejdt
+author: manikadhiman
 ms.assetid: bfeb6013-a7ca-4e36-9fe3-229702e83f0d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -44,12 +47,12 @@ ms.date: 06/16/2016
 
 
 
    Example file path
    
-
    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.
    
+
    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups{6CCC7575-162E-4152-9407-ED411DA138F4}{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.
    
 
 
 
 
- 
+ 
 
 ## Structure of the connection group XML file
 
@@ -84,7 +87,7 @@ The following table describes the parameters in the XML file that define the con
 
    Schema name
    
 
    Name of the schema.
    
 
    Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
    
-
    xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
    
+
    xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
    
 
 
 
    AppConnectionGroupId
    
@@ -109,7 +112,7 @@ The following table describes the parameters in the XML file that define the con
 
 
 
- 
+ 
 
 ### Parameters that define the packages in the connection group
 
@@ -143,24 +146,66 @@ In the <Packages> section of the connection group XML file, you list the m
 
  • “true” – package is optional in the connection group
    • 
 
  • “false” – package is required in the connection group
    • 
 
-
    See [How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups.md).
    
+
    See How to Use Optional Packages in Connection Groups.
    
 
 
 
 
- 
+ 
 
 ### App-V 5.0 SP3 example connection group XML file
 
 The following example connection group XML file shows examples of the fields in the previous tables and highlights the items that are new for App-V 5.0 SP3.
 
-`````  ``    ``    ``  `
+```XML
+
+
+   
+          
+       
+   
+
+```
 
 ### App-V 5.0 through App-V 5.0 SP2 example connection group XML file
 
 The following example connection group XML file applies to App-V 5.0 through App-V 5.0 SP2. It shows examples of the fields in the previous table, but it excludes the changes described above for App-V 5.0 SP3.
 
-`````  ``    ``    ``  `
+```XML
+
+
+   
+      
+      
+   
+Configuring the priority of packages in a connection group
 
@@ -176,7 +221,7 @@ You can use the connection group file to configure each connection group by usin
     **Note**  
     Priority is required only if the package is associated with more than one connection group.
 
-     
+     
 
 -   Specify package precedence within the connection group.
 
@@ -271,7 +316,7 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 
 
- 
+ 
 
 
 
@@ -283,9 +328,9 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 [Managing Connection Groups](managing-connection-groups.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-the-connection-group-file51.md b/mdop/appv-v5/about-the-connection-group-file51.md
index 4d840f5286..f8949ce649 100644
--- a/mdop/appv-v5/about-the-connection-group-file51.md
+++ b/mdop/appv-v5/about-the-connection-group-file51.md
@@ -1,8 +1,11 @@
 ---
 title: About the Connection Group File
 description: About the Connection Group File
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1f4df515-f5f6-4b58-91a8-c71598cb3ea4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -44,12 +47,12 @@ ms.date: 06/16/2016
 
 
 
    Example file path
    
-
    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.
    
+
    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups{6CCC7575-162E-4152-9407-ED411DA138F4}{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.
    
 
 
 
 
- 
+ 
 
 ## Structure of the connection group XML file
 
@@ -84,7 +87,7 @@ The following table describes the parameters in the XML file that define the con
 
    Schema name
    
 
    Name of the schema.
    
 
    Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
    
-
    xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
    
+
    xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
    
 
 
 
    AppConnectionGroupId
    
@@ -109,7 +112,7 @@ The following table describes the parameters in the XML file that define the con
 
 
 
- 
+ 
 
 ### Parameters that define the packages in the connection group
 
@@ -143,24 +146,66 @@ In the <Packages> section of the connection group XML file, you list the m
 
  • “true” – package is optional in the connection group
    • 
 
  • “false” – package is required in the connection group
    • 
 
-
    See [How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups51.md).
    
+
    See How to Use Optional Packages in Connection Groups.
    
 
 
 
 
- 
+ 
 
 ### App-V example connection group XML file
 
 The following example connection group XML file shows examples of the fields in the previous tables and highlights the items that are new starting in App-V 5.0 SP3.
 
-`````  ``    ``    ``  `
+```XML
+
+
+      
+    
+      
+  
+
+```
 
 ### App-V 5.0 through App-V 5.0 SP2 example connection group XML file
 
 The following example connection group XML file applies to App-V 5.0 through App-V 5.0 SP2. It shows examples of the fields in the previous table, but it excludes the changes described above for App-V 5.0 SP3.
 
-`````  ``    ``    ``  `
+```XML
+
+
+  
+    
+    
+ 
+
+```
 
 ## Configuring the priority of packages in a connection group
 
@@ -176,7 +221,7 @@ You can use the connection group file to configure each connection group by usin
     **Note**  
     Priority is required only if the package is associated with more than one connection group.
 
-     
+     
 
 -   Specify package precedence within the connection group.
 
@@ -271,7 +316,7 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 
 
- 
+ 
 
 
 
@@ -283,9 +328,9 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/about-the-connection-group-virtual-environment.md b/mdop/appv-v5/about-the-connection-group-virtual-environment.md
index d53f043ea0..34358bc9b5 100644
--- a/mdop/appv-v5/about-the-connection-group-virtual-environment.md
+++ b/mdop/appv-v5/about-the-connection-group-virtual-environment.md
@@ -1,8 +1,11 @@
 ---
 title: About the Connection Group Virtual Environment
 description: About the Connection Group Virtual Environment
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 535fa640-cbd9-425e-8437-94650a70c264
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/about-the-connection-group-virtual-environment51.md b/mdop/appv-v5/about-the-connection-group-virtual-environment51.md
index 860efa5550..4e889a147b 100644
--- a/mdop/appv-v5/about-the-connection-group-virtual-environment51.md
+++ b/mdop/appv-v5/about-the-connection-group-virtual-environment51.md
@@ -1,8 +1,11 @@
 ---
 title: About the Connection Group Virtual Environment
 description: About the Connection Group Virtual Environment
-author: jamiejdt
+author: manikadhiman
 ms.assetid: b7bb0e3d-8cd5-45a9-b84e-c9ab4196a18c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/accessibility-for-app-v-50.md b/mdop/appv-v5/accessibility-for-app-v-50.md
index 409f0e4558..1f11859823 100644
--- a/mdop/appv-v5/accessibility-for-app-v-50.md
+++ b/mdop/appv-v5/accessibility-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for App-V 5.0
 description: Accessibility for App-V 5.0
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 56696523-6332-4bbe-8ddf-32b1dfe38131
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,7 +25,7 @@ Microsoft is committed to making its products and services easier for everyone t
 **Important**  
 The information in this section only applies to the App-V 5.0 sequencer. For specific information about the App-V 5.0 server, see the Keyboard Shortcuts for the App-V 5.0 Management Server section of this document.
 
- 
+ 
 
 Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key:
 
@@ -35,7 +38,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Keyboard Shortcuts for the App-V 5.0 Management Server
 
@@ -77,7 +80,7 @@ Keyboard Shortcuts for the App-V 5.0 Management Server:
 
 
 
- 
+ 
 
 ## Documentation in Alternative Formats
 
@@ -111,13 +114,13 @@ For information about the availability of Microsoft product documentation and bo
 
    (609) 987-8116
    
 
 
-
    [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
    
+
    http://www.learningally.org/
    
 
    Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
    
 
 
 
 
- 
+ 
 
 ## Customer Service for People with Hearing Impairments
 
@@ -140,9 +143,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/accessibility-for-app-v-51.md b/mdop/appv-v5/accessibility-for-app-v-51.md
index bf57157a1d..bae1242c01 100644
--- a/mdop/appv-v5/accessibility-for-app-v-51.md
+++ b/mdop/appv-v5/accessibility-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for App-V 5.1
 description: Accessibility for App-V 5.1
-author: jamiejdt
+author: manikadhiman
 ms.assetid: ef3f7742-f2e9-4748-ad60-74e0961b1bd9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Following are the keyboard Shortcuts for the App-V 5.1 Management Server:
 
 
 
- 
+ 
 
 ## Keyboard Shortcuts for the App-V 5.1 Sequencer
 
@@ -78,14 +81,14 @@ Following are the keyboard shortcuts for the Virtual Registry tab in the package
 
 
 
- 
+ 
 
 ### Access Any Command with a Few Keystrokes
 
 **Important**  
 The information in this section only applies to the App-V 5.1 sequencer. For specific information about the App-V 5.1 server, see the Keyboard Shortcuts for the App-V 5.1 Management Server section of this document.
 
- 
+ 
 
 Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key:
 
@@ -98,7 +101,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in Alternative Formats
 
@@ -132,13 +135,13 @@ For information about the availability of Microsoft product documentation and bo
 
    (609) 987-8116
    
 
 
-
    [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
    
+
    http://www.learningally.org/
    
 
    Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
    
 
 
 
 
- 
+ 
 
 ## Customer Service for People with Hearing Impairments
 
@@ -161,9 +164,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with App-V 5.1](getting-started-with-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
index 9a03e5912d..cb135d1d39 100644
--- a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Administering App-V 5.0 Virtual Applications by Using the Management Console
 description: Administering App-V 5.0 Virtual Applications by Using the Management Console
-author: jamiejdt
+author: manikadhiman
 ms.assetid: e9280dbd-782b-493a-b495-daab25247795
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/administering-app-v-51-by-using-powershell.md b/mdop/appv-v5/administering-app-v-51-by-using-powershell.md
index 9bc74c04be..877702cf37 100644
--- a/mdop/appv-v5/administering-app-v-51-by-using-powershell.md
+++ b/mdop/appv-v5/administering-app-v-51-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Administering App-V 5.1 by Using PowerShell
 description: Administering App-V 5.1 by Using PowerShell
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 9e10ff07-2cd9-4dc1-9e99-582f90c36081
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -34,54 +37,54 @@ Use the following PowerShell procedures to perform various App-V 5.1 tasks.
 
 
 
-
    [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md)
    
+
    How to Load the PowerShell Cmdlets and Get Cmdlet Help
    
 
    Describes how to install the PowerShell cmdlets and find cmdlet help and examples.
    
 
 
-
    [How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md)
    
+
    How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell
    
 
    Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.
    
 
 
-
    [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md)
    
+
    How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
    
 
    Describes how to manage connection groups using PowerShell.
    
 
 
-
    [How to Modify Client Configuration by Using PowerShell](how-to-modify-client-configuration-by-using-powershell51.md)
    
+
    How to Modify Client Configuration by Using PowerShell
    
 
    Describes how to modify the client using PowerShell.
    
 
 
-
    [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell51.md)
    
+
    How to Apply the User Configuration File by Using PowerShell
    
 
    Describes how to apply a user configuration file using PowerShell.
    
 
 
-
    [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md)
    
+
    How to Apply the Deployment Configuration File by Using PowerShell
    
 
    Describes how to apply a deployment configuration file using PowerShell.
    
 
 
-
    [How to Sequence a Package by Using PowerShell](how-to-sequence-a-package--by-using-powershell-51.md)
    
+
    How to Sequence a Package by Using PowerShell
    
 
    Describes how to create a new package using PowerShell.
    
 
 
-
    [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell51.md)
    
+
    How to Create a Package Accelerator by Using PowerShell
    
 
    Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.
    
 
 
-
    [How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md)
    
+
    How to Enable Reporting on the App-V 5.1 Client by Using PowerShell
    
 
    Describes how to enable the computer running the App-V 5.1 to send reporting information.
    
 
 
-
    [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md)
    
+
    How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
    
 
    Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.
    
 
 
 
 
- 
+ 
 
 **Important**  
 Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for PowerShell.
 
- 
+ 
 
 ## PowerShell Error Handling
 
@@ -118,7 +121,7 @@ Use the following table for information about App-V 5.1 PowerShell error handlin
 
 
 
- 
+ 
 
 
 
@@ -130,9 +133,9 @@ Use the following table for information about App-V 5.1 PowerShell error handlin
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
index cdba1e3c73..72a7e81f82 100644
--- a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Administering App-V 5.1 Virtual Applications by Using the Management Console
 description: Administering App-V 5.1 Virtual Applications by Using the Management Console
-author: jamiejdt
+author: manikadhiman
 ms.assetid: a4d078aa-ec54-4fa4-9463-bfb3b971d724
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -86,12 +89,12 @@ The main elements of the App-V 5.1 Management Console are:
 
 
 
- 
+ 
 
 **Important**  
 JavaScript must be enabled on the browser that opens the Web Management Console.
 
- 
+ 
 
 
 
@@ -105,9 +108,9 @@ JavaScript must be enabled on the browser that opens the Web Management Console.
 
 -   [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/administering-app-v-by-using-powershell.md b/mdop/appv-v5/administering-app-v-by-using-powershell.md
index 2e57a49140..42d3dcaa27 100644
--- a/mdop/appv-v5/administering-app-v-by-using-powershell.md
+++ b/mdop/appv-v5/administering-app-v-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Administering App-V by Using PowerShell
 description: Administering App-V by Using PowerShell
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1ff4686a-1e19-4eff-b648-ada091281094
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -34,49 +37,49 @@ Use the following PowerShell procedures to perform various App-V 5.0 tasks.
 
 
 
-
    [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md)
    
+
    How to Load the PowerShell Cmdlets and Get Cmdlet Help
    
 
    Describes how to install the PowerShell cmdlets and find cmdlet help and examples.
    
 
 
-
    [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md)
    
+
    How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell
    
 
    Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.
    
 
 
-
    [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md)
    
+
    How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
    
 
    Describes how to manage connection groups using PowerShell.
    
 
 
-
    [How to Modify Client Configuration by Using PowerShell](how-to-modify-client-configuration-by-using-powershell.md)
    
+
    How to Modify Client Configuration by Using PowerShell
    
 
    Describes how to modify the client using PowerShell.
    
 
 
-
    [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell.md)
    
+
    How to Apply the User Configuration File by Using PowerShell
    
 
    Describes how to apply a user configuration file using PowerShell.
    
 
 
-
    [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell.md)
    
+
    How to Apply the Deployment Configuration File by Using PowerShell
    
 
    Describes how to apply a deployment configuration file using PowerShell.
    
 
 
-
    [How to Sequence a Package by Using PowerShell](how-to-sequence-a-package--by-using-powershell-50.md)
    
+
    How to Sequence a Package by Using PowerShell
    
 
    Describes how to create a new package using PowerShell.
    
 
 
-
    [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell.md)
    
+
    How to Create a Package Accelerator by Using PowerShell
    
 
    Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.
    
 
 
-
    [How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md)
    
+
    How to Enable Reporting on the App-V 5.0 Client by Using PowerShell
    
 
    Describes how to enable the computer running the App-V 5.0 to send reporting information.
    
 
 
-
    [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md)
    
+
    How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
    
 
    Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.
    
 
 
 
 
- 
+ 
 
 ## PowerShell Error Handling
 
@@ -113,7 +116,7 @@ Use the following table for information about App-V 5.0 PowerShell error handlin
 
 
 
- 
+ 
 
 
 
@@ -125,9 +128,9 @@ Use the following table for information about App-V 5.0 PowerShell error handlin
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-50-capacity-planning.md b/mdop/appv-v5/app-v-50-capacity-planning.md
index f390bd34b8..457f754602 100644
--- a/mdop/appv-v5/app-v-50-capacity-planning.md
+++ b/mdop/appv-v5/app-v-50-capacity-planning.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Capacity Planning
 description: App-V 5.0 Capacity Planning
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 56f48b00-cd91-4280-9481-5372a0e2e792
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following recommendations can be used as a baseline to help determine capaci
 **Important**  
 Use the information in this section only as a general guide for planning your App-V 5.0 deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
 
- 
+ 
 
 ## Determine the Project Scope
 
@@ -49,7 +52,7 @@ Before you design the App-V 5.0 infrastructure, you must determine the project
 
 
 
- 
+ 
 
 ## Determine Which App-V 5.0 Infrastructure is Required
 
@@ -59,7 +62,7 @@ Both of the following models require the App-V 5.0 client to be installed on the
 
 You can also manage your App-V 5.0 environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md).
 
- 
+ 
 
 -   **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V 5.0 in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
 
@@ -74,7 +77,7 @@ You can also manage your App-V 5.0 environment using an Electronic Software Dist
     **Important**  
     The App-V 5.0 full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
 
-     
+     
 
     -   When you want to use the Management Server to publish the application to target computers.
 
@@ -90,7 +93,7 @@ The following section provides information about end-to-end App-V 5.0 sizing and
 **Note**  
 Round trip response time on the client is the time taken by the computer running the App-V 5.0 client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
 
- 
+ 
 
 -   20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds)
 
@@ -104,7 +107,7 @@ The App-V 5.0 publishing servers require the management server for package refre
 **Note**  
 The default refresh time on the App-V 5.0 publishing server is ten minutes.
 
- 
+ 
 
 When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
 
@@ -119,7 +122,7 @@ The following table displays more information about each factor that impacts rou
 **Note**  
 Round trip response time is the time taken by the computer running the App-V 5.0 publishing server to receive a successful package metadata update from the management server.
 
- 
+ 
 
 @@ -163,7 +166,7 @@ Round trip response time is the time taken by the computer running the App-V 5.0
 
    
 

 
    
 
- 
+ 
 
 The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V 5.0management server.
 
@@ -356,7 +359,7 @@ The following table displays sample values for each of the previous factors. In
 
 
 
- 
+ 
 
 The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
 
@@ -457,7 +460,7 @@ Using a geographically distributed deployment, where the management server & pub
 
 
 
- 
+ 
 
 Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
 
@@ -469,7 +472,7 @@ App-V 5.0 clients send reporting data to the reporting server. The reporting ser
 **Note**  
 Round trip response time is the time taken by the computer running the App-V 5.0 client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
 
- 
+ 
 
 @@ -515,7 +518,7 @@ Round trip response time is the time taken by the computer running the App-V 5.0
 
    
 

 
    
 
- 
+ 
 
 **Calculating random delay**:
 
@@ -539,7 +542,7 @@ The following list displays the main factors to consider when setting up the App
 
 -   The available network bandwidth in your environment between the client and the App-V 5.0 publishing server.
 
- 
+ 
 
 @@ -582,12 +585,12 @@ The following list displays the main factors to consider when setting up the App
 
    
 

 
    
 
- 
+ 
 
 **Note**  
 The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
 
- 
+ 
 
 @@ -729,7 +732,7 @@ The publishing server CPU usage is always high during the time interval when it
 
    
 

 
    
 
- 
+ 
 
 ##  App-V 5.0 Streaming Capacity Planning Recommendations
 
@@ -745,7 +748,7 @@ The following list identifies the main factors to consider when setting up the A
 
 -   The available network bandwidth in your environment between the client and the streaming server.
 
- 
+ 
 
 @@ -785,7 +788,7 @@ The following list identifies the main factors to consider when setting up the A
 
    
 

 
    
 
- 
+ 
 
 The following table displays sample values for each of the factors in the previous list:
 
@@ -914,14 +917,14 @@ The following table displays sample values for each of the factors in the previo
 
 
 
- 
+ 
 
 Each App-V 5.0 streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
 
 **Note**  
 The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
 
- 
+ 
 
 For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
 
@@ -950,9 +953,9 @@ Although there are a number of fault-tolerance strategies and technologies avail
 
 [Planning to Deploy App-V](planning-to-deploy-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-50-deployment-checklist.md b/mdop/appv-v5/app-v-50-deployment-checklist.md
index 07e3aaa3b1..811e99527d 100644
--- a/mdop/appv-v5/app-v-50-deployment-checklist.md
+++ b/mdop/appv-v5/app-v-50-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Deployment Checklist
 description: App-V 5.0 Deployment Checklist
-author: jamiejdt
+author: manikadhiman
 ms.assetid: d6d93152-82b4-4b02-8b11-ed21d3331f00
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 This checklist can be used to help you during Microsoft Application Virtualization (App-V) 5.0 deployment.
 
-**Note**  
+**Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V 5.0 features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+
 
 @@ -40,37 +43,36 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
    
 

    
 Checklist box
 
    Complete the planning phase to prepare the computing environment for App-V 5.0 deployment.
    [App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md)
    App-V 5.0 Planning Checklist
    		
 
    		
 
    
 
    
 Checklist box
 
    Review the App-V 5.0 supported configurations information to make sure selected client and server computers are supported for App-V 5.0 feature installation.
    [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)
    App-V 5.0 Supported Configurations
    		
 
    		
 
    
 
    
 Checklist box
 
    Run App-V 5.0 Setup to deploy the required App-V 5.0 features for your environment.
    
 
    
-Note  
-
    Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.
    
+Note
    Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.
    
 
    
 
    
- 
+
 
    		
 
    
     		
 
    		
 
    
     
 
    
 
- 
+
 
 
 
@@ -82,9 +84,9 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 [Deploying App-V 5.0](deploying-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-50-planning-checklist.md b/mdop/appv-v5/app-v-50-planning-checklist.md
index 58eeb4965b..4dbf695034 100644
--- a/mdop/appv-v5/app-v-50-planning-checklist.md
+++ b/mdop/appv-v5/app-v-50-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Planning Checklist
 description: App-V 5.0 Planning Checklist
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 81d3fa62-3c9e-4de7-a9da-cd13112b0862
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V 5.0 deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -40,43 +43,43 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
-
+
-
+
-
+
    
 

    
 Checklist box
 
    Review the getting started information about App-V 5.0 to gain a basic understanding of the product before beginning deployment planning.
    [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md)
    Getting Started with App-V 5.0
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for App-V 5.0 1.0 Deployment Prerequisites and prepare your computing environment.
    [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
    App-V 5.0 Prerequisites
    		
 
    		
 
    
 
    
 Checklist box
 
    If you plan to use the App-V 5.0 management server, plan for the required roles.
    [Planning for the App-V 5.0 Server Deployment](planning-for-the-app-v-50-server-deployment.md)
    Planning for the App-V 5.0 Server Deployment
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for the App-V 5.0 sequencer and client so you to create and run virtualized applications.
    [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md)
    Planning for the App-V 5.0 Sequencer and Client Deployment
    		
 
    		
 
    
 
    
 Checklist box
 
    If applicable, review the options and steps for migrating from a previous version of App-V.
    [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md)
    Planning for Migrating from a Previous Version of App-V
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for running App-V 5.0 clients using in shared content store mode.
    [How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md)
    How to Install the App-V 5.0 Client for Shared Content Store Mode
    		
 
    		
 
    
     
 
    
 
- 
+ 
 
 
 
@@ -88,9 +91,9 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 [Planning for App-V 5.0](planning-for-app-v-50-rc.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md
index 122f51ecd4..2ecd8abb24 100644
--- a/mdop/appv-v5/app-v-50-prerequisites.md
+++ b/mdop/appv-v5/app-v-50-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Prerequisites
 description: App-V 5.0 Prerequisites
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 9756b571-c785-4ce6-a95c-d4e134e89429
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,7 +19,7 @@ ms.date: 08/30/2016
 
 Before you begin the Microsoft Application Virtualization (App-V) 5.0 Setup, you should make sure that you have met the prerequisites to install the product. This topic contains information to help you successfully plan for preparing your computing environment before you deploy the App-V 5.0 features.
 
-**Important**  
+**Important**  
 **The prerequisites in this article apply only to App-V 5.0**. For additional prerequisites that apply to App-V 5.0 Service Packs, see the following web pages:
 
 -   [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md)
@@ -25,7 +28,7 @@ Before you begin the Microsoft Application Virtualization (App-V) 5.0 Setup, you
 
 -   [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md)
 
- 
+
 
 The following table lists prerequisite information that pertains to specific operating systems.
 
@@ -50,7 +53,7 @@ The following table lists prerequisite information that pertains to specific ope
 
    The following prerequisites are already installed:
    
 
      
 
    • Microsoft .NET Framework 4.5 – you do not need Microsoft .NET Framework 4
      • 
-
    • Windows PowerShell 3.0
      • 
+
    • Windows PowerShell 3.0
      • 
 
    
 
 
@@ -60,21 +63,21 @@ The following table lists prerequisite information that pertains to specific ope
 
  • Windows Server 2008
    • 
 
 
    You may want to download the following KB:
    
-
    [Microsoft Security Advisory: Insecure library loading could allow remote code execution](https://support.microsoft.com/kb/2533623)
    
+
    Microsoft Security Advisory: Insecure library loading could allow remote code execution
    
 
    Be sure to check for subsequent KBs that have superseded this one, and note that some KBs may require that you uninstall previous updates.
    
 
 
 
 
- 
+
 
 ## Installation prerequisites for App-V 5.0
 
 
-**Note**  
-The following prerequisites are already installed for computers that run Windows 8.
+**Note**  
+The following prerequisites are already installed for computers that run Windows 8.
+
 
- 
 
 Each of the App-V 5.0 features have specific prerequisites that must be met before the App-V 5.0 features can be successfully installed.
 
@@ -97,48 +100,46 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
 
 
    Software requirements
    
 
 
 
 
 
- 
+
 
 ### Prerequisites for the App-V 5.0 Remote Desktop Services client
 
-**Note**  
-The following prerequisites are already installed for computers that run Windows Server 2012.
+**Note**  
+The following prerequisites are already installed for computers that run Windows Server 2012.
+
 
- 
 
 The following table lists the installation prerequisites for the App-V 5.0 Remote Desktop Services client:
 
@@ -157,55 +158,53 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
 
 
    Software requirements
    
 
 
 
 
 
- 
+
 
 ### Prerequisites for the App-V 5.0 Sequencer
 
-**Note**  
-The following prerequisites are already installed for computers that run Windows 8 and Windows Server 2012.
+**Note**  
+The following prerequisites are already installed for computers that run Windows 8 and Windows Server 2012.
+
 
- 
 
 The following table lists the installation prerequisites for the App-V 5.0 Sequencer. If possible, the computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
 
-**Note**  
+**Note**  
 If the system requirements of a locally installed application exceed the requirements of the Sequencer, you must meet the requirements of that application. Additionally, because the sequencing process is system resource-intensive, we recommend that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
 
- 
+
 
 @@ -222,62 +221,61 @@ If the system requirements of a locally installed application exceed the require
 
    
 

    
 
    Software requirements
    		
 
 
    
     
 
    
 
- 
+
 
 ### Prerequisites for the App-V 5.0 server
 
-**Note**  
-The following prerequisites are already installed for computers that run Windows Server 2012:
+**Note**  
+The following prerequisites are already installed for computers that run Windows Server 2012:
 
 -   Microsoft .NET Framework 4.5. This eliminates the Microsoft .NET Framework 4 requirement.
 
--   Windows PowerShell 3.0
+-   Windows PowerShell 3.0
 
 -   Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)
 
-    **Important**  
+    **Important**  
     You can still download install the previous KB. However, it may have been replaced with a more recent version.
 
-     
 
- 
+
+
 
 The following table lists the installation prerequisites for the App-V 5.0 server. The account that you use to install the server components must have administrative rights on the computer that you are installing on. This account must also have the ability to query Active Directory Directory Services. Before you install and configure the App-V 5.0 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to the specified ports.
 
-**Note**  
+**Note**  
 Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
 
- 
+
 
 The App-V 5.0 server is supported for a standalone deployment, where all the components are deployed on the same server, and a distributed deployment. Depending on the topology that you use to deploy the App-V 5.0 server, the data that you will need for each component will slightly change.
 
-**Important**  
+**Important**  
 The installation of the App-V 5.0 server on a computer that runs any previous version or component of App-V is not supported. Additionally, the installation of the server components on a computer that runs Server Core or a Domain Controller is also not supported.
 
- 
+
 
 @@ -294,27 +292,25 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
@@ -420,7 +412,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
    
 

    
 
    Management Server
    		
 
 
    The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management server.
    
@@ -323,11 +319,10 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
  • Location of the App-V 5.0 management database - SQL Server Name, SQL Instance Name, Database Name.
    • 
 
  • Access rights for the App-V 5.0 management console - This is the user or the group that should be granted access to the management console at the end of the deployment. After the deployment, only these users will have access to the management console until additional administrators are added through the management console.
    
 
    
-Note  
-
    Security groups and single users are not supported. You must specify an AD DS group.
    
+Note
    Security groups and single users are not supported. You must specify an AD DS group.
    
 
    
 
    
- 
+
 
    • 
 
  • App-V 5.0 management service website name – specify a name for the website or use the default name.
    • 
 
  • App-V 5.0 management service port binding - this should be a unique port number that is not used by another website on the computer.
    • 
@@ -338,15 +333,14 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
    Management Database
    		
 
    
 
    
-Note  
-
    The database is required only when using the App-V 5.0 management server.
    
+Note
    The database is required only when using the App-V 5.0 management server.
    
 
    
 
    
- 
+
 
    
 
 
    The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.
    
 
      
@@ -355,20 +349,19 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
    • Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the management database is AppVManagement.
      • 
 
    • App-V 5.0 management server location – specifies the machine account on which the management server is deployed. This should be specified in the following format Domain\MachineAccount.
      • 
 
    • App-V 5.0 management server installation administrator - specifies the account that will be used to install the App-V 5.0 management server. You should use the following format: Domain\AdministratorLoginName.
      • 
-
    • Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](https://go.microsoft.com/fwlink/?LinkId=273725) (https://go.microsoft.com/fwlink/?LinkId=273725).
      • 
+
    • Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see Configure SQL Server Agent to Restart Services Automatically (https://go.microsoft.com/fwlink/?LinkId=273725).
      • 
 
    		
 
    
 
    
 
    Reporting Server
    		
 
      
-
    • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)
      • 
-
    • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)
      • 
+
    • Microsoft .NET Framework 4 (Full Package) (http://www.microsoft.com/download/details.aspx?id=17718)
      • 
+
    • Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)(https://go.microsoft.com/fwlink/?LinkId=267110)
      • 
 
    • 
-Note  
-
      To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.
      
+Note
      To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.
      
 
      
 
      
- 
+
 
      
 
      Windows Web Server with the IIS role with the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console)
      • 
 
    • 64-bit ASP.NET registration
      • 
@@ -381,15 +374,14 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
    Reporting Database
    		
 
    
 
    
-Note  
-
    The database is required only when using the App-V 5.0 reporting server.
    
+Note
    The database is required only when using the App-V 5.0 reporting server.
    
 
    
 
    
- 
+
 
    
 
 
    The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.
    
 
      
@@ -404,15 +396,15 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
    
 
    Publishing Server
    		
 
 
    The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 publishing server.
    
 
      
 
    • Installation location - by default this component is installed to %PROGRAMFILES%\Microsoft Application Virtualization Server.
      • 
-
    • App-V 5.0 management service URL – specifies the URL of the App-V 5.0 management service. This is the port that the publishing server communicates with, and it should be specified using the following format: http://localhost:12345.
      • 
+
    • App-V 5.0 management service URL – specifies the URL of the App-V 5.0 management service. This is the port that the publishing server communicates with, and it should be specified using the following format: http://localhost:12345.
      • 
 
    • App-V 5.0 publishing service website name – specifies the name of the website or the default name that will be used.
      • 
 
    • App-V 5.0 publishing service port binding - This should be a unique port number that is not already used by another website that runs on the computer.
      • 
 
    
 
    
 
- 
+
 
 
 
@@ -434,9 +426,9 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 
 [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-50-security-considerations.md b/mdop/appv-v5/app-v-50-security-considerations.md
index bc02f92332..3359e49b81 100644
--- a/mdop/appv-v5/app-v-50-security-considerations.md
+++ b/mdop/appv-v5/app-v-50-security-considerations.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Security Considerations
 description: App-V 5.0 Security Considerations
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1e7292a0-7972-4b4f-85a9-eaf33f6c563a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 08/30/2016
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for App-V 5.0.
 
-**Important**  
+**Important**  
 App-V 5.0 is not a security product and does not provide any guarantees for a secure environment.
 
- 
+
 
 ## PackageStoreAccessControl (PSAC) feature has been deprecated
 
@@ -42,14 +45,14 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V 5.0 local groups on the App-V 5.0 servers.
 
-**Note**  
+**Note**  
 App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
 
- 
+
 
 ###  App-V 5.0 server security
 
-No groups are created automatically during App-V 5.0 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.0 server operations.
+No groups are created automatically during App-V 5.0 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.0 server operations.
 
 @@ -67,11 +70,10 @@ No groups are created automatically during App-V 5.0 Setup. You should create th
 
@@ -81,38 +83,36 @@ No groups are created automatically during App-V 5.0 Setup. You should create th
 
    
 

    App-V Management Admin group
    		
 
    Used to manage the App-V 5.0 management server. This group is created during the App-V 5.0 Management Server installation.
    
 
    
-Important  
-
    There is no method to create the group using the management console after you have completed the installation.
    
+Important
    There is no method to create the group using the management console after you have completed the installation.
    
 
    
 
    
- 
+
 
    		
 
    
 
    
 
    App-V Management Service install admin account
    
 
    
-Note  
-
    This is only required if management database is being installed separately from the service.
    
+Note
    This is only required if management database is being installed separately from the service.
    
 
    
 
    
- 
+
 
    		
 
    Provides public access to schema-version table in management database. This account should be created during the App-V 5.0 management database installation.
    		
 
    
 
    
 
    App-V Reporting Service install admin account
    
 
    
-Note  
-
    This is only required if reporting database is being installed separately from the service.
    
+Note
    This is only required if reporting database is being installed separately from the service.
    
 
    
 
    
- 
+
 
    		
 
    Public access to schema-version table in reporting database. This account should be created during the App-V 5.0 reporting database installation.
    		
 
    
     
 
    
 
- 
+
 
 Consider the following additional information:
 
 -   Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
 
-    **Note**  
+    **Note**  
     In previous versions of App-V, package share was referred to as content share.
 
-     
+
 
 -   Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
 
@@ -150,9 +150,9 @@ During App-V 5.0 Setup, setup log files are created in the **%temp%** folder of
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-50-sp3-prerequisites.md b/mdop/appv-v5/app-v-50-sp3-prerequisites.md
index b3b1e67d35..fb281d9f9f 100644
--- a/mdop/appv-v5/app-v-50-sp3-prerequisites.md
+++ b/mdop/appv-v5/app-v-50-sp3-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 SP3 Prerequisites
 description: App-V 5.0 SP3 Prerequisites
-author: jamiejdt
+author: manikadhiman
 ms.assetid: fa8d5578-3a53-4e8a-95c7-e7a5f6e4a31c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,13 +48,12 @@ The following table indicates the software that is already installed for differe
 
    The following prerequisite software is already installed:
    
 
      
 
    • Microsoft .NET Framework 4.5
      • 
-
    • Windows PowerShell 3.0
      
+
    • Windows PowerShell 3.0
      
 
      
-Note  
-
      Installing PowerShell 3.0 requires a restart.
      
+Note
      Installing PowerShell 3.0 requires a restart.
      
 
      
 
      
- 
+
 
      • 
 
    
 
@@ -62,7 +64,7 @@ The following table indicates the software that is already installed for differe
 
 
 
- 
+
 
 ## App-V Server prerequisite software
 
@@ -114,7 +116,7 @@ Install the required prerequisite software for the App-V 5.0 SP3 Server componen
 
 
 
- 
+
 
 ### Management server prerequisite software
 
@@ -132,22 +134,22 @@ Install the required prerequisite software for the App-V 5.0 SP3 Server componen
 
 
 
    Supported version of SQL Server
    
-
    For supported versions, see [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md).
    
+
    For supported versions, see App-V 5.0 SP3 Supported Configurations.
    
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Windows PowerShell 3.0
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    Download and install [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    Download and install KB2533623
    
 
    Applies to Windows 7 only.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -213,7 +215,7 @@ Install the required prerequisite software for the App-V 5.0 SP3 Server componen
 
 
 
- 
+
 
 ### Management server database prerequisite software
 
@@ -232,11 +234,11 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -266,12 +268,12 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
    Microsoft SQL Server Service Agent
    
-
    Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](https://technet.microsoft.com/magazine/gg313742.aspx).
    
+
    Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see Configure SQL Server Agent to Restart Services Automatically.
    
 
 
 
 
- 
+
 
 ### Publishing server prerequisite software
 
@@ -288,11 +290,11 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -352,15 +354,15 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
    Management server and Publishing server are installed on the same server
    
-
    http://localhost:12345
    
+
    http://localhost:12345
    
 
 
 
    Management server and Publishing server are installed on different servers
    
-
    http://MyAppvServer.MyDomain.com
    
+
    http://MyAppvServer.MyDomain.com
    
 
 
 
-
     
    
+
     
    
 
    
 
 
@@ -374,7 +376,7 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
- 
+
 
 ### Reporting server prerequisite software
 
@@ -392,14 +394,14 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
    Supported version of SQL Server
    
-
    For supported versions, see [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md).
    
+
    For supported versions, see App-V 5.0 SP3 Supported Configurations.
    
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -454,7 +456,7 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana
 
 
 
- 
+
 
 ### Reporting database prerequisite software
 
@@ -473,11 +475,11 @@ The Reporting database is required only if you are using the App-V 5.0 SP3 Repor
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -512,7 +514,7 @@ The Reporting database is required only if you are using the App-V 5.0 SP3 Repor
 
 
 
- 
+
 
 ## App-V client prerequisite software
 
@@ -532,26 +534,26 @@ Install the following prerequisite software for the App-V client.
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
 
 
- 
+
 
 ## Remote Desktop Services client prerequisite software
 
@@ -571,26 +573,26 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
 
 
- 
+
 
 ## Sequencer prerequisite software
 
@@ -614,26 +616,26 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
 
 
- 
+
 
 
 
@@ -647,9 +649,9 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
index 92d0906da7..ce1e2700d6 100644
--- a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 SP3 Supported Configurations
 description: App-V 5.0 SP3 Supported Configurations
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 08ced79a-0ed3-43c3-82e7-de01c1f33e81
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -44,7 +47,7 @@ The following table lists the operating systems that are supported for the App-V
 **Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
- 
+ 
 
 @@ -78,12 +81,12 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
    
 
- 
+ 
 
 **Important**  
 Deployment of the Management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported.
 
- 
+ 
 
 ### Management server hardware requirements
 
@@ -129,7 +132,7 @@ The following table lists the SQL Server versions that are supported for the App
 
 
 
- 
+ 
 
 ### Publishing server operating system requirements
 
@@ -167,7 +170,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Publishing server hardware requirements
 
@@ -215,7 +218,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Reporting server hardware requirements
 
@@ -263,7 +266,7 @@ The following table lists the SQL Server versions that are supported for the App
 
 
 
- 
+ 
 
 ## App-V client system requirements
 
@@ -302,7 +305,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 The following App-V client installation scenarios are not supported, except as noted:
 
@@ -359,7 +362,7 @@ The following table lists the operating systems that are supported for App-V 5.0
 
 
 
- 
+ 
 
 ### Remote Desktop Services client hardware requirements
 
@@ -423,7 +426,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Sequencer hardware requirements
 
@@ -454,9 +457,9 @@ For more information about how Configuration Manager integrates with App-V, see
 
 [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-50-supported-configurations.md b/mdop/appv-v5/app-v-50-supported-configurations.md
index f2e59289eb..d8aebe5e0d 100644
--- a/mdop/appv-v5/app-v-50-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.0 Supported Configurations
 description: App-V 5.0 Supported Configurations
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 3787ff63-7ce7-45a8-8f01-81b4b6dced34
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,7 +19,7 @@ ms.date: 08/30/2016
 
 This topic specifies the requirements that are necessary to install and run Microsoft Application Virtualization (App-V) 5.0 in your environment.
 
-**Important**  
+**Important**  
 **The supported configurations in this article apply only to App-V 5.0**. For supported configurations that apply to App-V 5.0 Service Packs, see the following web pages:
 
 -   [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md)
@@ -25,24 +28,24 @@ This topic specifies the requirements that are necessary to install and run Micr
 
 -   [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md)
 
- 
+
 
 ##  App-V 5.0 server system requirements
 
 
-**Important**  
+**Important**  
 The App-V 5.0 server does not support the following scenarios:
 
- 
+
 
 -   Deployment to a computer that runs Microsoft Windows Server Core.
 
 -   Deployment to a computer that runs a previous version of App-V 5.0 server components.
 
-    **Note**  
-    You can install App-V 5.0 side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V 5.0 side-by-side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported.
+    **Note**  
+    You can install App-V 5.0 side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V 5.0 side-by-side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported.
+
 
-     
 
 -   Deployment to a computer that runs Microsoft SQL Server Express edition.
 
@@ -56,10 +59,10 @@ The App-V 5.0 server does not support the following scenarios:
 
 The following table lists the operating systems that are supported for the App-V 5.0 management server installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -78,19 +81,19 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
-
+
@@ -98,12 +101,12 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    		
 
    R2
    		
 
    SP1 and higher
    		
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    		
 
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    R2
    		
 
 
    64-bit
    
 
    
 
- 
 
-**Important**  
+
+**Important**  
 Deployment of the management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported.
 
- 
+
 
 ### Management Server hardware requirements
 
@@ -117,10 +120,10 @@ Deployment of the management server role to a computer with Remote Desktop Shari
 
 The following table lists the operating systems that are supported for the App-V 5.0 publishing server installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -139,19 +142,19 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
-
+
@@ -159,7 +162,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    		
 
    R2
    		
 
    		
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    		
 
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    R2
    		
 
 
    64-bit
    
 
    
 
- 
+
 
 ### Publishing Server hardware requirements
 
@@ -173,10 +176,10 @@ Microsoft provides support for the current service pack and, in some cases, the
 
 The following table lists the operating systems that are supported for the App-V 5.0 reporting server installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -195,19 +198,19 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
-
+
@@ -215,7 +218,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)
    		
 
    R2
    		
 
    		
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    		
 
 
    64-bit
    		
 
    
 
    Microsoft Windows Server 2012 (Standard, Datacenter)
    Microsoft Windows Server 2012 (Standard, Datacenter)
    		
 
    R2
    		
 
 
    64-bit
    
 
    
 
- 
+
 
 ### Reporting Server hardware requirements
 
@@ -225,9 +228,9 @@ Microsoft provides support for the current service pack and, in some cases, the
 
 -   Disk space—200 MB available hard disk space
 
-### SQL Server database requirements
+### SQL Server database requirements
 
-The following table lists the SQL Server versions that are supported for the App-V 5.0 database and server installation.
+The following table lists the SQL Server versions that are supported for the App-V 5.0 database and server installation.
 
 @@ -249,7 +252,7 @@ The following table lists the SQL Server versions that are supported for the Ap
 
-
@@ -257,7 +260,7 @@ The following table lists the SQL Server versions that are supported for the Ap
 
-
@@ -265,7 +268,7 @@ The following table lists the SQL Server versions that are supported for the Ap
 
-
@@ -274,17 +277,17 @@ The following table lists the SQL Server versions that are supported for the Ap
 
    
 

 
    
 
    Management / Reporting
    Microsoft SQL Server 2008
    
+
    Microsoft SQL Server 2008
    
 
    (Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)
    		
 
    		
 
    
 
    
 
    Management / Reporting
    Microsoft SQL Server 2008 
    
+
    Microsoft SQL Server 2008 
    
 
    (Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)
    		
 
    R2
    		
 
    SP2
    
 
    
 
    Management / Reporting
    Microsoft SQL Server 2012
    
+
    Microsoft SQL Server 2012
    
 
    (Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)
    		
 
    		
 
    
 
    
 
- 
+
 
 ##  App-V 5.0 client system requirements
 
 
 The following table lists the operating systems that are supported for the App-V 5.0 client installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -301,22 +304,21 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
@@ -325,13 +327,13 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Microsoft Windows 7
    Microsoft Windows 7
    		
 
    SP1
    		
 
    32-bit or 64-bit
    		
 
    
 
    Microsoft Windows 8
    Microsoft Windows 8
    		
 
    		
 
    32-bit or 64-bit
    		
 
    
 
    
 
    
-Important  
-
    Windows 8.1 is only supported by App-V 5.0 SP2
    
+Important
    Windows 8.1 is only supported by App-V 5.0 SP2
    
 
    
 
    
- 
+
 
    
 
    Windows 8.1
    		
 
    
 
    
 
- 
+
 
 The following App-V client installation scenarios are not supported, except as noted:
 
 -   Computers that run Windows Server
 
--   Computers that run App-V 4.6 SP1 or earlier versions
+-   Computers that run App-V 4.6 SP1 or earlier versions
 
 -   The App-V 5.0 Remote Desktop services client is supported only for RDS-enabled servers
 
@@ -350,34 +352,34 @@ The following list displays the supported hardware configuration for the App-V 5
 
 The following table lists the operating systems that are supported for App-V 5.0 Remote Desktop client installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 Operating system
 Edition
 Service pack
-Microsoft Windows Server 2008
+Microsoft Windows Server 2008
 
 R2
 
 SP1
 
-Microsoft Windows Server 2012
+Microsoft Windows Server 2012
 
-**Important**  
-Windows Server 2012 R2 is only supported by App-V 5.0 SP2
+**Important**  
+Windows Server 2012 R2 is only supported by App-V 5.0 SP2
 
- 
 
-Microsoft Windows Server 2012 (Standard, Datacenter)
+
+Microsoft Windows Server 2012 (Standard, Datacenter)
 
 R2
 
 64-bit
 
- 
+
 
 ### Remote Desktop client hardware requirements
 
@@ -394,10 +396,10 @@ The following list displays the supported hardware configuration for the App-V 5
 
 The following table lists the operating systems that are supported for App-V 5.0 Sequencer installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -416,24 +418,23 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
@@ -441,26 +442,25 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
+
    Microsoft Windows Server 2012
    
@@ -468,12 +468,12 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Microsoft Windows 7
    Microsoft Windows 7
    		
 
 
    SP1
    		
 
    32-bit and 64-bit
    		
 
    
 
    Microsoft Windows 8
    Microsoft Windows 8
    		
 
 
    		
 
    32-bit and 64-bit
    		
 
    
 
    
 
    
-Important  
-
    Windows 8.1 is only supported by App-V 5.0 SP2
    
+Important
    Windows 8.1 is only supported by App-V 5.0 SP2
    
 
    
 
    
- 
+
 
    
 
    Windows 8.1
    		
 
    32-bit or 64-bit
    		
 
    
 
    Microsoft Windows Server 2008
    Microsoft Windows Server 2008
    		
 
    R2
    		
 
    SP1
    		
 
    32-bit and 64-bit
    		
 
    
 
    Microsoft Windows Server 2012
    Microsoft Windows Server 2012
    		
 
 
    		
 
    32-bit and 64-bit
    		
 
    
 
    
 
    
-Important  
-
    Windows Server 2012 R2 is only supported by App-V 5.0 SP2
    
+Important
    Windows Server 2012 R2 is only supported by App-V 5.0 SP2
    
 
    
 
    
- 
+
 
    
-
    Microsoft Windows Server 2012
    		
 
    R2
    		
 
 
    64-bit
    
 
    
 
- 
+
 
 ## Supported versions of System Center Configuration Manager
 
 
-You can use Microsoft System Center 2012 Configuration Manager or System Center 2012 R2 Configuration Manager to manage App-V virtual applications, reporting, and other functions. The following table lists the supported versions of Configuration Manager for each applicable version of App-V.
+You can use Microsoft System Center 2012 Configuration Manager or System Center 2012 R2 Configuration Manager to manage App-V virtual applications, reporting, and other functions. The following table lists the supported versions of Configuration Manager for each applicable version of App-V.
 
 @@ -488,7 +488,7 @@ You can use Microsoft System Center 2012 Configuration Manager or System Cen
 
-
+
    
 

 
 
    Microsoft System Center 2012 Configuration Manager
    Microsoft System Center 2012 Configuration Manager
    		
 
      
 
    • App-V 5.0
      • 
 
    • App-V 5.0 SP1
      • 
@@ -506,7 +506,7 @@ You can use Microsoft System Center 2012 Configuration Manager or System Cen
 
    
 
    
 
- 
+
 
 For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx).
 
@@ -522,9 +522,9 @@ For more information about how Configuration Manager integrates with App-V, see
 
 [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-51-capacity-planning.md b/mdop/appv-v5/app-v-51-capacity-planning.md
index 7a95357504..81fe9f8d6c 100644
--- a/mdop/appv-v5/app-v-51-capacity-planning.md
+++ b/mdop/appv-v5/app-v-51-capacity-planning.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Capacity Planning
 description: App-V 5.1 Capacity Planning
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 7a98062f-5a60-49d6-ab40-dc6057e1dd5a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following recommendations can be used as a baseline to help determine capaci
 **Important**  
 Use the information in this section only as a general guide for planning your App-V 5.1 deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
 
- 
+ 
 
 ## Determine the Project Scope
 
@@ -49,7 +52,7 @@ Before you design the App-V 5.1 infrastructure, you must determine the project
 
 
 
- 
+ 
 
 ## Determine Which App-V 5.1 Infrastructure is Required
 
@@ -59,7 +62,7 @@ Both of the following models require the App-V 5.1 client to be installed on the
 
 You can also manage your App-V 5.1 environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V 5.1 Packages Using Electronic Software Distribution](how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md).
 
- 
+ 
 
 -   **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V 5.1 in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
 
@@ -74,7 +77,7 @@ You can also manage your App-V 5.1 environment using an Electronic Software Dist
     **Important**  
     The App-V 5.1 full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).
 
-     
+     
 
     -   When you want to use the Management Server to publish the application to target computers.
 
@@ -90,7 +93,7 @@ The following section provides information about end-to-end App-V 5.1 sizing and
 **Note**  
 Round trip response time on the client is the time taken by the computer running the App-V 5.1 client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
 
- 
+ 
 
 -   20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds)
 
@@ -104,7 +107,7 @@ The App-V 5.1 publishing servers require the management server for package refre
 **Note**  
 The default refresh time on the App-V 5.1 publishing server is ten minutes.
 
- 
+ 
 
 When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
 
@@ -119,7 +122,7 @@ The following table displays more information about each factor that impacts rou
 **Note**  
 Round trip response time is the time taken by the computer running the App-V 5.1 publishing server to receive a successful package metadata update from the management server.
 
- 
+ 
 
 @@ -163,7 +166,7 @@ Round trip response time is the time taken by the computer running the App-V 5.1
 
    
 

 
    
 
- 
+ 
 
 The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V 5.1management server.
 
@@ -356,7 +359,7 @@ The following table displays sample values for each of the previous factors. In
 
 
 
- 
+ 
 
 The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
 
@@ -457,7 +460,7 @@ Using a geographically distributed deployment, where the management server & pub
 
 
 
- 
+ 
 
 Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
 
@@ -469,7 +472,7 @@ App-V 5.1 clients send reporting data to the reporting server. The reporting ser
 **Note**  
 Round trip response time is the time taken by the computer running the App-V 5.1 client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
 
- 
+ 
 
 @@ -515,7 +518,7 @@ Round trip response time is the time taken by the computer running the App-V 5.1
 
    
 

 
    
 
- 
+ 
 
 **Calculating random delay**:
 
@@ -539,7 +542,7 @@ The following list displays the main factors to consider when setting up the App
 
 -   The available network bandwidth in your environment between the client and the App-V 5.1 publishing server.
 
- 
+ 
 
 @@ -582,12 +585,12 @@ The following list displays the main factors to consider when setting up the App
 
    
 

 
    
 
- 
+ 
 
 **Note**  
 The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
 
- 
+ 
 
 @@ -729,7 +732,7 @@ The publishing server CPU usage is always high during the time interval when it
 
    
 

 
    
 
- 
+ 
 
 ##  App-V 5.1 Streaming Capacity Planning Recommendations
 
@@ -745,7 +748,7 @@ The following list identifies the main factors to consider when setting up the A
 
 -   The available network bandwidth in your environment between the client and the streaming server.
 
- 
+ 
 
 @@ -785,7 +788,7 @@ The following list identifies the main factors to consider when setting up the A
 
    
 

 
    
 
- 
+ 
 
 The following table displays sample values for each of the factors in the previous list:
 
@@ -914,14 +917,14 @@ The following table displays sample values for each of the factors in the previo
 
 
 
- 
+ 
 
 Each App-V 5.1 streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
 
 **Note**  
 The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
 
- 
+ 
 
 For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
 
@@ -950,9 +953,9 @@ Although there are a number of fault-tolerance strategies and technologies avail
 
 [Planning to Deploy App-V](planning-to-deploy-app-v51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-51-deployment-checklist.md b/mdop/appv-v5/app-v-51-deployment-checklist.md
index 2ba65578f0..59236f1c84 100644
--- a/mdop/appv-v5/app-v-51-deployment-checklist.md
+++ b/mdop/appv-v5/app-v-51-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Deployment Checklist
 description: App-V 5.1 Deployment Checklist
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 44bed85a-e4f5-49d7-a308-a2b681f76372
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 This checklist can be used to help you during Microsoft Application Virtualization (App-V) 5.1 deployment.
 
-**Note**  
+**Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V 5.1 features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+
 
 @@ -40,37 +43,36 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
    
 

    
 Checklist box
 
    Complete the planning phase to prepare the computing environment for App-V 5.1 deployment.
    [App-V 5.1 Planning Checklist](app-v-51-planning-checklist.md)
    App-V 5.1 Planning Checklist
    		
 
    		
 
    
 
    
 Checklist box
 
    Review the App-V 5.1 supported configurations information to make sure selected client and server computers are supported for App-V 5.1 feature installation.
    [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md)
    App-V 5.1 Supported Configurations
    		
 
    		
 
    
 
    
 Checklist box
 
    Run App-V 5.1 Setup to deploy the required App-V 5.1 features for your environment.
    
 
    
-Note  
-
    Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.
    
+Note
    Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.
    
 
    
 
    
- 
+
 
    		
 
    
     		
 
    		
 
    
     
 
    
 
- 
+
 
 
 
@@ -82,9 +84,9 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 [Deploying App-V 5.1](deploying-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-51-planning-checklist.md b/mdop/appv-v5/app-v-51-planning-checklist.md
index e5b4625455..c662fbb94c 100644
--- a/mdop/appv-v5/app-v-51-planning-checklist.md
+++ b/mdop/appv-v5/app-v-51-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Planning Checklist
 description: App-V 5.1 Planning Checklist
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1e26a861-0612-43a6-972f-375a40a8dcbc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V 5.1 deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -40,43 +43,43 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
-
+
-
+
-
+
    
 

    
 Checklist box
 
    Review the getting started information about App-V 5.1 to gain a basic understanding of the product before beginning deployment planning.
    [Getting Started with App-V 5.1](getting-started-with-app-v-51.md)
    Getting Started with App-V 5.1
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for App-V 5.1 1.0 Deployment Prerequisites and prepare your computing environment.
    [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
    App-V 5.1 Prerequisites
    		
 
    		
 
    
 
    
 Checklist box
 
    If you plan to use the App-V 5.1 management server, plan for the required roles.
    [Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md)
    Planning for the App-V 5.1 Server Deployment
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for the App-V 5.1 sequencer and client so you to create and run virtualized applications.
    [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md)
    Planning for the App-V 5.1 Sequencer and Client Deployment
    		
 
    		
 
    
 
    
 Checklist box
 
    If applicable, review the options and steps for migrating from a previous version of App-V.
    [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md)
    Planning for Migrating from a Previous Version of App-V
    		
 
    		
 
    
 
    
 Checklist box
 
    Plan for running App-V 5.1 clients using in shared content store mode.
    [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md)
    How to Install the App-V 5.1 Client for Shared Content Store Mode
    		
 
    		
 
    
     
 
    
 
- 
+ 
 
 
 
@@ -88,9 +91,9 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 [Planning for App-V 5.1](planning-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/app-v-51-prerequisites.md b/mdop/appv-v5/app-v-51-prerequisites.md
index d1b12390d3..037f317f8d 100644
--- a/mdop/appv-v5/app-v-51-prerequisites.md
+++ b/mdop/appv-v5/app-v-51-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Prerequisites
 description: App-V 5.1 Prerequisites
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 1bfa03c1-a4ae-45ec-8a2b-b10c2b94bfb0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,11 +46,10 @@ The following table indicates the software that is already installed for differe
 
    Windows 8.1
    
 
    All of the prerequisite software is already installed.
    
 
    
-Note  
-
    If you are running Windows 8, upgrade to Windows 8.1 before using App-V 5.1.
    
+Note
    If you are running Windows 8, upgrade to Windows 8.1 before using App-V 5.1.
    
 
    
 
    
- 
+
 
    
 
 
@@ -55,13 +57,12 @@ The following table indicates the software that is already installed for differe
 
    The following prerequisite software is already installed:
    
 
      
 
    • Microsoft .NET Framework 4.5
      • 
-
    • Windows PowerShell 3.0
      
+
    • Windows PowerShell 3.0
      
 
      
-Note  
-
      Installing PowerShell 3.0 requires a restart.
      
+Note
      Installing PowerShell 3.0 requires a restart.
      
 
      
 
      
- 
+
 
      • 
 
    
 
@@ -72,7 +73,7 @@ The following table indicates the software that is already installed for differe
 
 
 
- 
+
 
 ## App-V Server prerequisite software
 
@@ -124,7 +125,7 @@ Install the required prerequisite software for the App-V 5.1 Server components.
 
 
 
- 
+
 
 ### Management server prerequisite software
 
@@ -142,22 +143,22 @@ Install the required prerequisite software for the App-V 5.1 Server components.
 
 
 
    Supported version of SQL Server
    
-
    For supported versions, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).
    
+
    For supported versions, see App-V 5.1 Supported Configurations.
    
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Windows PowerShell 3.0
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    Download and install [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    Download and install KB2533623
    
 
    Applies to Windows 7 only.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -219,12 +220,12 @@ Install the required prerequisite software for the App-V 5.1 Server components.
 
 
 
- 
 
-**Important**  
+
+**Important**  
 JavaScript must be enabled on the browser that opens the Web Management Console.
 
- 
+
 
 ### Management server database prerequisite software
 
@@ -243,11 +244,11 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -277,12 +278,12 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
    Microsoft SQL Server Service Agent
    
-
    Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](https://technet.microsoft.com/magazine/gg313742.aspx).
    
+
    Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see Configure SQL Server Agent to Restart Services Automatically.
    
 
 
 
 
- 
+
 
 ### Publishing server prerequisite software
 
@@ -299,11 +300,11 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -363,15 +364,15 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
    Management server and Publishing server are installed on the same server
    
-
    http://localhost:12345
    
+
    http://localhost:12345
    
 
 
 
    Management server and Publishing server are installed on different servers
    
-
    http://MyAppvServer.MyDomain.com
    
+
    http://MyAppvServer.MyDomain.com
    
 
 
 
-
     
    
+
     
    
 
    
 
 
@@ -385,7 +386,7 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
- 
+
 
 ### Reporting server prerequisite software
 
@@ -403,14 +404,14 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
    Supported version of SQL Server
    
-
    For supported versions, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).
    
+
    For supported versions, see App-V 5.1 Supported Configurations.
    
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -465,7 +466,7 @@ The Management database is required only if you are using the App-V 5.1 Manageme
 
 
 
- 
+
 
 ### Reporting database prerequisite software
 
@@ -484,11 +485,11 @@ The Reporting database is required only if you are using the App-V 5.1 Reporting
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
@@ -523,7 +524,7 @@ The Reporting database is required only if you are using the App-V 5.1 Reporting
 
 
 
- 
+
 
 ## App-V client prerequisite software
 
@@ -543,26 +544,26 @@ Install the following prerequisite software for the App-V client.
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
 
 
- 
+
 
 ## Remote Desktop Services client prerequisite software
 
@@ -582,26 +583,26 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
-
    [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)
    
+
    Visual C++ Redistributable Packages for Visual Studio 2013
    
 
    
 
 
 
 
- 
+
 
 ## Sequencer prerequisite software
 
@@ -625,22 +626,22 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 
 
-
    [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)
    
+
    Microsoft .NET Framework 4.5.1 (Web Installer)
    
 
    
 
 
-
    [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)
    
+
    Windows PowerShell 3.0
    
 
    
-
    Installing PowerShell 3.0 requires a restart.
    
+
    Installing PowerShell 3.0 requires a restart.
    
 
 
-
    [KB2533623](https://support.microsoft.com/kb/2533623)
    
+
    KB2533623
    
 
    Applies to Windows 7 only: Download and install the KB.
    
 
 
 
 
- 
+
 
 
 
@@ -654,9 +655,9 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 
 [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-51-security-considerations.md b/mdop/appv-v5/app-v-51-security-considerations.md
index 0129e9c720..dac917b699 100644
--- a/mdop/appv-v5/app-v-51-security-considerations.md
+++ b/mdop/appv-v5/app-v-51-security-considerations.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Security Considerations
 description: App-V 5.1 Security Considerations
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 6bc6c1fc-f813-47d4-b763-06fd4faf6a72
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 08/30/2016
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V) 5.1.
 
-**Important**  
+**Important**  
 App-V 5.1 is not a security product and does not provide any guarantees for a secure environment.
 
- 
+
 
 ## PackageStoreAccessControl (PSAC) feature has been deprecated
 
@@ -42,14 +45,14 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V 5.1 local groups on the App-V 5.1 servers.
 
-**Note**  
+**Note**  
 App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
 
- 
+
 
 ###  App-V 5.1 server security
 
-No groups are created automatically during App-V 5.1 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.1 server operations.
+No groups are created automatically during App-V 5.1 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.1 server operations.
 
 @@ -67,11 +70,10 @@ No groups are created automatically during App-V 5.1 Setup. You should create th
 
@@ -81,38 +83,36 @@ No groups are created automatically during App-V 5.1 Setup. You should create th
 
    
 

    App-V Management Admin group
    		
 
    Used to manage the App-V 5.1 management server. This group is created during the App-V 5.1 Management Server installation.
    
 
    
-Important  
-
    There is no method to create the group using the management console after you have completed the installation.
    
+Important
    There is no method to create the group using the management console after you have completed the installation.
    
 
    
 
    
- 
+
 
    		
 
    
 
    
 
    App-V Management Service install admin account
    
 
    
-Note  
-
    This is only required if management database is being installed separately from the service.
    
+Note
    This is only required if management database is being installed separately from the service.
    
 
    
 
    
- 
+
 
    		
 
    Provides public access to schema-version table in management database. This account should be created during the App-V 5.1 management database installation.
    		
 
    
 
    
 
    App-V Reporting Service install admin account
    
 
    
-Note  
-
    This is only required if reporting database is being installed separately from the service.
    
+Note
    This is only required if reporting database is being installed separately from the service.
    
 
    
 
    
- 
+
 
    		
 
    Public access to schema-version table in reporting database. This account should be created during the App-V 5.1 reporting database installation.
    		
 
    
     
 
    
 
- 
+
 
 Consider the following additional information:
 
 -   Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
 
-    **Note**  
+    **Note**  
     In previous versions of App-V, package share was referred to as content share.
 
-     
+
 
 -   Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
 
@@ -137,9 +137,9 @@ During App-V 5.1 Setup, setup log files are created in the **%temp%** folder of
 
 [Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md
index edb7f51bfb..8b83ac6fad 100644
--- a/mdop/appv-v5/app-v-51-supported-configurations.md
+++ b/mdop/appv-v5/app-v-51-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: App-V 5.1 Supported Configurations
 description: App-V 5.1 Supported Configurations
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 8b8db63b-f71c-4ae9-80e7-a6752334e1f6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ The following table lists the operating systems that are supported for the App-V
 **Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
- 
+ 
 
 @@ -81,12 +84,12 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
    
 
- 
+ 
 
 **Important**  
 Deployment of the Management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported.
 
- 
+ 
 
 ### Management server hardware requirements
 
@@ -132,7 +135,7 @@ The following table lists the SQL Server versions that are supported for the App
 
 
 
- 
+ 
 
 ### Publishing server operating system requirements
 
@@ -175,7 +178,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Publishing server hardware requirements
 
@@ -228,7 +231,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Reporting server hardware requirements
 
@@ -276,7 +279,7 @@ The following table lists the SQL Server versions that are supported for the App
 
 
 
- 
+ 
 
 ## App-V client system requirements
 
@@ -317,7 +320,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 The following App-V client installation scenarios are not supported, except as noted:
 
@@ -379,7 +382,7 @@ The following table lists the operating systems that are supported for App-V 5.1
 
 
 
- 
+ 
 
 ### Remote Desktop Services client hardware requirements
 
@@ -448,7 +451,7 @@ The following table lists the operating systems that are supported for the App-V
 
 
 
- 
+ 
 
 ### Sequencer hardware requirements
 
@@ -516,7 +519,7 @@ The following App-V and System Center Configuration Manager version matrix shows
 
 
 
- 
+ 
 
 For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx).
 
@@ -532,9 +535,9 @@ For more information about how Configuration Manager integrates with App-V, see
 
 [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md
index 8671541943..17dee15c45 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction.md
@@ -1,8 +1,11 @@
 ---
 title: Application Publishing and Client Interaction
 description: Application Publishing and Client Interaction
-author: jamiejdt
+author: manikadhiman
 ms.assetid: c69a724a-85d1-4e2d-94a2-7ffe0b47d971
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -91,7 +94,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 
 
 
- 
+ 
 
 For information about sequencing, see [Application Virtualization 5.0 Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760).
 
@@ -161,7 +164,7 @@ The appv file contains the following folder and files, which are used when creat
 
 
 
- 
+ 
 
 ## App-V client data storage locations
 
@@ -230,7 +233,7 @@ The App-V client performs tasks to ensure that virtual applications run properly
 
 
 
- 
+ 
 
 Additional details for the table are provided in the section below and throughout the document.
 
@@ -253,7 +256,7 @@ If the App-V Client is configured in Shared Content Store mode, no data is writt
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
 
- 
+ 
 
 ### Package catalogs
 
@@ -279,7 +282,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
    Default storage location
    
-
    %programdata%\Microsoft\AppV\Client\Catalog\
    
+
    %programdata%\Microsoft\AppV\Client\Catalog</code>
    
 
    This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.
    
 
 
@@ -306,7 +309,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
- 
+ 
 
 ### User catalog
 
@@ -345,7 +348,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
- 
+ 
 
 ### Shortcut backups
 
@@ -380,12 +383,12 @@ When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file
 
 
    Registry.dat from Package Store
    
 
     > 
    
-
    %ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat
    
+
    %ProgramData%\Microsoft\AppV\Client\Vreg{VersionGuid}.dat
    
 
 
 
 
- 
+ 
 
 When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation.
 
@@ -439,9 +442,9 @@ There are two package registry locations and two connection group locations wher
 
 
 
- 
+ 
 
- 
+ 
 
 **Connection Group VReg:**
 
@@ -479,9 +482,9 @@ There are two package registry locations and two connection group locations wher
 
 
 
- 
+ 
 
- 
+ 
 
 There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first.
 
@@ -566,9 +569,9 @@ The App-V Client can be configured to change the default behavior of streaming.
 
 
 
- 
+ 
 
- 
+ 
 
 These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained:
 
@@ -620,7 +623,7 @@ Together, these files and registry settings represent the user’s catalog, so e
 **Note**  
 The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%.
 
- 
+ 
 
 ### Registry-based data
 
@@ -642,8 +645,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 
    Applications that are run as standard users
    
 
    When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:
    
 
      
-
    • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
      • 
-
    • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE
      • 
+
    • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
      • 
+
    • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\REGISTRY\USER{UserSID}\SOFTWARE
      • 
 
    
 
    The locations are enabled for roaming based on the operating system settings.
    
 
@@ -656,14 +659,14 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 
 
    In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:
    
 
      
-
    • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOFTWARE
      • 
-
    • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE
      • 
+
    • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}{UserSID}\REGISTRY\MACHINE\SOFTWARE
      • 
+
    • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\Registry\User{UserSID}\SOFTWARE
      • 
 
    
 
 
 
 
- 
+ 
 
 ### App-V and folder redirection
 
@@ -687,30 +690,30 @@ The following table shows local and roaming locations, when folder redirection h
 
 
 
    ProgramFilesX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86
    
 
 
 
    SystemX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86
    
 
 
 
    Windows
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows
    
 
 
 
    appv_ROOT
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv_ROOT
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT
    
 
 
 
    AppData
    
-
    C:\users\jsmith\AppData\Roaming\Microsoft\AppV\Client\VFS\<GUID>\AppData
    
+
    C:\users\jsmith\AppData<strong>Roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData
    
 
 
 
 
- 
+ 
 
- 
+ 
 
 The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location).
 
@@ -728,30 +731,30 @@ The following table shows local and roaming locations, when folder redirection h
 
 
 
    ProgramFilesX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86
    
 
 
 
    SystemX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86
    
 
 
 
    Windows
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows
    
 
 
 
    appv_ROOT
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv_ROOT
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT
    
 
 
 
    AppData
    
-
    \\Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS\<GUID>\AppData
    
+
    \Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData
    
 
 
 
 
- 
+ 
 
- 
+ 
 
 The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are:
 
@@ -885,7 +888,7 @@ Adding an App-V package to the client is the first step of the publishing refres
     **Note**  
     This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
 
-     
+     
 
 6.  Invoke background load mounting based on client configuration.
 
@@ -894,7 +897,7 @@ Adding an App-V package to the client is the first step of the publishing refres
     **Note**  
     This condition occurs as a product of removal without unpublishing with background addition of the package.
 
-     
+     
 
 This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user).
 
@@ -923,7 +926,7 @@ During the Publishing Refresh operation, the specific publishing operation (Publ
         **Note**  
         This enables restore extension points if the package is unpublished.
 
-         
+         
 
     3.  Run scripts targeted for publishing timing.
 
@@ -1014,7 +1017,7 @@ The App-V 5 package upgrade process differs from the older versions of App-V. Ap
 
 
 
- 
+ 
 
 When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows:
 
@@ -1041,7 +1044,7 @@ When a task is placed in a pending state, the App-V client also generates a regi
 
 
 
- 
+ 
 
 The following operations must be completed before users can use the newer version of the package:
 
@@ -1068,7 +1071,7 @@ The following operations must be completed before users can use the newer versio
 
 
 
- 
+ 
 
 Use the following example scenarios as a guide for updating packages.
 
@@ -1098,7 +1101,7 @@ Use the following example scenarios as a guide for updating packages.
 
 
 
- 
+ 
 
 ### Global vs user publishing
 
@@ -1237,7 +1240,7 @@ In this example:
 
 -   `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable
 
- 
+ 
 
 ### Shell extensions
 
@@ -1304,7 +1307,7 @@ The following table displays the supported shell extensions.
 
 
 
- 
+ 
 
 ### COM
 
@@ -1369,7 +1372,7 @@ In this example:
 
 -   `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration
 
- 
+ 
 
 ### URL Protocol handler
 
@@ -1490,7 +1493,7 @@ Extension points are not all published the same way, where some extension points
 
 
 
- 
+ 
 
 ## Dynamic configuration processing
 
@@ -1593,7 +1596,7 @@ During publishing of an App-V package with SxS assemblies the App-V Client will
 **Note**  
 UnPublishing or removing a package with an assembly does not remove the assemblies for that package.
 
- 
+ 
 
 ## Client logging
 
@@ -1607,7 +1610,7 @@ In App-V 5.0 SP3, some logs have been consolidated and moved to the following lo
 
 For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
 
- 
+ 
 
 There are three specific categories of events recorded described below.
 
@@ -1622,9 +1625,9 @@ There are three specific categories of events recorded described below.
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md
index 0f95287f8c..66b1ace5e5 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction51.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction51.md
@@ -1,8 +1,11 @@
 ---
 title: Application Publishing and Client Interaction
 description: Application Publishing and Client Interaction
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 36a4bf6f-a917-41a6-9856-6248686df352
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -91,7 +94,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 
 
 
- 
+ 
 
 For information about sequencing, see [Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkID=269810).
 
@@ -161,7 +164,7 @@ The appv file contains the following folder and files, which are used when creat
 
 
 
- 
+ 
 
 ## App-V client data storage locations
 
@@ -230,7 +233,7 @@ The App-V client performs tasks to ensure that virtual applications run properly
 
 
 
- 
+ 
 
 Additional details for the table are provided in the section below and throughout the document.
 
@@ -253,7 +256,7 @@ If the App-V Client is configured in Shared Content Store mode, no data is writt
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
 
- 
+ 
 
 ### Package catalogs
 
@@ -279,7 +282,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
    Default storage location
    
-
    %programdata%\Microsoft\AppV\Client\Catalog\
    
+
    %programdata%\Microsoft\AppV\Client\Catalog</code>
    
 
    This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.
    
 
 
@@ -306,7 +309,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
- 
+ 
 
 ### User catalog
 
@@ -345,7 +348,7 @@ The App-V Client manages the following two file-based locations:
 
 
 
- 
+ 
 
 ### Shortcut backups
 
@@ -380,12 +383,12 @@ When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file
 
 
    Registry.dat from Package Store
    
 
     > 
    
-
    %ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat
    
+
    %ProgramData%\Microsoft\AppV\Client\Vreg{VersionGuid}.dat
    
 
 
 
 
- 
+ 
 
 When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation.
 
@@ -439,9 +442,9 @@ There are two package registry locations and two connection group locations wher
 
 
 
- 
+ 
 
- 
+ 
 
 **Connection Group VReg:**
 
@@ -479,9 +482,9 @@ There are two package registry locations and two connection group locations wher
 
 
 
- 
+ 
 
- 
+ 
 
 There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first.
 
@@ -566,9 +569,9 @@ The App-V Client can be configured to change the default behavior of streaming.
 
 
 
- 
+ 
 
- 
+ 
 
 These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained:
 
@@ -620,7 +623,7 @@ Together, these files and registry settings represent the user’s catalog, so e
 **Note**  
 The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%.
 
- 
+ 
 
 ### Registry-based data
 
@@ -642,8 +645,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 
    Applications that are run as standard users
    
 
    When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:
    
 
      
-
    • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
      • 
-
    • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE
      • 
+
    • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
      • 
+
    • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\REGISTRY\USER{UserSID}\SOFTWARE
      • 
 
    
 
    The locations are enabled for roaming based on the operating system settings.
    
 
@@ -656,14 +659,14 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 
 
    In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:
    
 
      
-
    • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOFTWARE
      • 
-
    • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE
      • 
+
    • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}{UserSID}\REGISTRY\MACHINE\SOFTWARE
      • 
+
    • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\Registry\User{UserSID}\SOFTWARE
      • 
 
    
 
 
 
 
- 
+ 
 
 ### App-V and folder redirection
 
@@ -687,30 +690,30 @@ The following table shows local and roaming locations, when folder redirection h
 
 
 
    ProgramFilesX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86
    
 
 
 
    SystemX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86
    
 
 
 
    Windows
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows
    
 
 
 
    appv_ROOT
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv_ROOT
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT
    
 
 
 
    AppData
    
-
    C:\users\jsmith\AppData\Roaming\Microsoft\AppV\Client\VFS\<GUID>\AppData
    
+
    C:\users\jsmith\AppData<strong>Roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData
    
 
 
 
 
- 
+ 
 
- 
+ 
 
 The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location).
 
@@ -728,30 +731,30 @@ The following table shows local and roaming locations, when folder redirection h
 
 
 
    ProgramFilesX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86
    
 
 
 
    SystemX86
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86
    
 
 
 
    Windows
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows
    
 
 
 
    appv_ROOT
    
-
    C:\users\jsmith\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv_ROOT
    
+
    C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT
    
 
 
 
    AppData
    
-
    \\Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS\<GUID>\AppData
    
+
    \Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData
    
 
 
 
 
- 
+ 
 
- 
+ 
 
 The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are:
 
@@ -885,7 +888,7 @@ Adding an App-V package to the client is the first step of the publishing refres
     **Note**  
     This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
 
-     
+     
 
 6.  Invoke background load mounting based on client configuration.
 
@@ -894,7 +897,7 @@ Adding an App-V package to the client is the first step of the publishing refres
     **Note**  
     This condition occurs as a product of removal without unpublishing with background addition of the package.
 
-     
+     
 
 This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user).
 
@@ -923,7 +926,7 @@ During the Publishing Refresh operation, the specific publishing operation (Publ
         **Note**  
         This enables restore extension points if the package is unpublished.
 
-         
+         
 
     3.  Run scripts targeted for publishing timing.
 
@@ -1014,7 +1017,7 @@ The App-V 5 package upgrade process differs from the older versions of App-V. Ap
 
 
 
- 
+ 
 
 When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows:
 
@@ -1041,7 +1044,7 @@ When a task is placed in a pending state, the App-V client also generates a regi
 
 
 
- 
+ 
 
 The following operations must be completed before users can use the newer version of the package:
 
@@ -1068,7 +1071,7 @@ The following operations must be completed before users can use the newer versio
 
 
 
- 
+ 
 
 Use the following example scenarios as a guide for updating packages.
 
@@ -1098,7 +1101,7 @@ Use the following example scenarios as a guide for updating packages.
 
 
 
- 
+ 
 
 ### Global vs user publishing
 
@@ -1237,7 +1240,7 @@ In this example:
 
 -   `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable
 
- 
+ 
 
 ### Shell extensions
 
@@ -1304,7 +1307,7 @@ The following table displays the supported shell extensions.
 
 
 
- 
+ 
 
 ### COM
 
@@ -1369,7 +1372,7 @@ In this example:
 
 -   `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration
 
- 
+ 
 
 ### URL Protocol handler
 
@@ -1490,7 +1493,7 @@ Extension points are not all published the same way, where some extension points
 
 
 
- 
+ 
 
 ## Dynamic configuration processing
 
@@ -1593,7 +1596,7 @@ During publishing of an App-V package with SxS assemblies the App-V Client will
 **Note**  
 UnPublishing or removing a package with an assembly does not remove the assemblies for that package.
 
- 
+ 
 
 ## Client logging
 
@@ -1607,7 +1610,7 @@ In App-V 5.0 SP3, some logs were consolidated and moved to the following locatio
 
 For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
 
- 
+ 
 
 There are three specific categories of events recorded described below.
 
@@ -1622,9 +1625,9 @@ There are three specific categories of events recorded described below.
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/check-reg-key-svr.md b/mdop/appv-v5/check-reg-key-svr.md
index ec6c292ca4..84fc0d654a 100644
--- a/mdop/appv-v5/check-reg-key-svr.md
+++ b/mdop/appv-v5/check-reg-key-svr.md
@@ -1,12 +1,15 @@
 ---
 title: Check Registry Keys before installing App-V 5.x Server
 description: Check Registry Keys before installing App-V 5.x Server
-author: jamiejdt
+author: manikadhiman
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/16/2016
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ---
 
 
diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
index 354f623a8c..89f4fc49d7 100644
--- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
@@ -1,8 +1,11 @@
 ---
 title: Creating and Managing App-V 5.0 Virtualized Applications
 description: Creating and Managing App-V 5.0 Virtualized Applications
-author: jamiejdt
+author: manikadhiman
 ms.assetid: 66bab403-d7e0-4e7b-bc8f-a29a98a7160a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ After you have properly deployed the Microsoft Application Virtualization (App-V
 **Note**  
 For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
 
- 
+ 
 
 ## Sequencing an application
 
@@ -35,7 +38,7 @@ You can use the App-V 5.0 Sequencer to perform the following tasks:
     **Note**  
     You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.0 client.
 
-     
+     
 
 -   Convert existing virtual packages.
 
@@ -56,7 +59,7 @@ When you use the sequencer to create a new virtual application, the following li
 **Important**  
 You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.
 
- 
+ 
 
 The **Options** dialog box in the sequencer console contains the following tabs:
 
@@ -65,7 +68,7 @@ The **Options** dialog box in the sequencer console contains the following tabs:
     **Important**  
     Package Accelerators created using App-V 4.6 are not supported by App-V 5.0.
 
-     
+     
 
 -   **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
 
@@ -143,7 +146,7 @@ The following table lists the supported shell extensions:
 
 
 
- 
+ 
 
 ## Copy on Write (CoW) file extension support
 
@@ -270,7 +273,7 @@ The following table displays the file types that can exist in a virtual package
 
 .wsh
 
- 
+ 
 
 ## Modifying an existing virtual application package
 
@@ -302,7 +305,7 @@ A template can specify and store multiple settings as follows:
 **Note**  
 Package accelerators created using a previous version of App-V must be recreated using App-V 5.0.
 
- 
+ 
 
 You can use App-V 5.0 package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
 
@@ -331,9 +334,9 @@ You can also find additional information about sequencing errors using the Windo
 
 -   [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
index 4062dd1379..c781eb4fea 100644
--- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
@@ -1,8 +1,11 @@
 ---
 title: Creating and Managing App-V 5.1 Virtualized Applications
 description: Creating and Managing App-V 5.1 Virtualized Applications
-author: jamiejdt
+author: dansimp
 ms.assetid: 26be4331-88eb-4cfb-9d82-e63d7ee54576
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,7 +38,7 @@ You can use the App-V 5.1 Sequencer to perform the following tasks:
 
     **Note**  
     You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.1 client.
- 
+ 
 -   Convert existing virtual packages.
 
 The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
diff --git a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
index ff5df535b5..4490ab666a 100644
--- a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)
 description: Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)
-author: jamiejdt
+author: dansimp
 ms.assetid: d1d74af4-229f-4578-8c95-554a3d7cd2f3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/deploying-app-v-50.md b/mdop/appv-v5/deploying-app-v-50.md
index 770bd500c6..5f13c3d291 100644
--- a/mdop/appv-v5/deploying-app-v-50.md
+++ b/mdop/appv-v5/deploying-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying App-V 5.0
 description: Deploying App-V 5.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 77cb19d7-00e6-4b39-b35a-e8a8ca0b807b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
index 04909d257a..de4772c416 100644
--- a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)
 description: Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)
-author: jamiejdt
+author: dansimp
 ms.assetid: c2e4d176-460d-44ca-9a1d-69d2a733aa42
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/deploying-app-v-51.md b/mdop/appv-v5/deploying-app-v-51.md
index 0ba705d646..719dc32571 100644
--- a/mdop/appv-v5/deploying-app-v-51.md
+++ b/mdop/appv-v5/deploying-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying App-V 5.1
 description: Deploying App-V 5.1
-author: jamiejdt
+author: dansimp
 ms.assetid: af8742bf-e24b-402a-bcf4-0f2297f26bc4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
index b079ba6b69..88c3436957 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V
 description: Deploying Microsoft Office 2010 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 0a9e496e-82a1-4dc0-a496-7b21eaa00f53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -67,7 +70,7 @@ The following table shows the App-V versions, methods of Office package creation
 
 
 
- 
+ 
 
 ## Creating Office 2010 App-V 5.0 using the sequencer
 
@@ -179,7 +182,7 @@ The following table provides a full list of supported integration points for Off
 
 
 
    Active X Controls:
    
-
    For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).
    
+
    For more information on ActiveX controls, refer to ActiveX Control API Reference.
    
 
    
 
 
@@ -270,7 +273,7 @@ The following table provides a full list of supported integration points for Off
 
 
 
- 
+ 
 
 ## Additional resources
 
@@ -302,9 +305,9 @@ The following table provides a full list of supported integration points for Off
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
index add55ebcc0..8e68496eec 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V
 description: Deploying Microsoft Office 2010 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: ae0b0459-c0d6-4946-b62d-ff153f52d1fb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -68,7 +71,7 @@ The following table shows the App-V versions, methods of Office package creation
 
 
 
- 
+ 
 
 ## Creating Office 2010 App-V 5.1 using the sequencer
 
@@ -180,7 +183,7 @@ The following table provides a full list of supported integration points for Off
 
 
 
    Active X Controls:
    
-
    For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).
    
+
    For more information on ActiveX controls, refer to ActiveX Control API Reference.
    
 
    
 
 
@@ -271,7 +274,7 @@ The following table provides a full list of supported integration points for Off
 
 
 
- 
+ 
 
 ## Additional resources
 
@@ -303,9 +306,9 @@ The following table provides a full list of supported integration points for Off
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
index 4563729fa2..cd697fed7c 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V
 description: Deploying Microsoft Office 2013 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 02df5dc8-79e2-4c5c-8398-dbfb23344ab3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Use the following table to get information about supported versions of Office an
 
 
 
-
    [Planning for Using App-V with Office](planning-for-using-app-v-with-office.md#bkmk-office-vers-supp-appv)
    
+
    Planning for Using App-V with Office
    
 
      
 
    • Supported versions of Office
      • 
 
    • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
      • 
@@ -56,13 +59,13 @@ Use the following table to get information about supported versions of Office an
 
    
 
 
-
    [Planning for Using App-V with Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)
    
+
    Planning for Using App-V with Office
    
 
    Considerations for installing different versions of Office on the same computer
    
 
 
 
 
- 
+
 
 ### Packaging, publishing, and deployment requirements
 
@@ -85,7 +88,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
      
 
    • All of the Office applications that you want to deploy to users must be in a single package.
      • 
 
    • In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
      • 
-
    • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).
      • 
+
    • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2013 and Project 2013 with Office.
      • 
 
    
 
 
@@ -102,7 +105,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
  • Visio Pro for Office 365
    • 
 
  • Project Pro for Office 365
    • 
 
-
    You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).
    
+
    You must enable shared computer activation.
    
 
    You don’t use shared computer activation if you’re deploying a volume licensed product, such as:
    
 
      
 
    • Office Professional Plus 2013
      • 
@@ -113,7 +116,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
 
 
- 
+
 
 ### Excluding Office applications from a package
 
@@ -135,27 +138,27 @@ The following table describes the recommended methods for excluding specific Off
 
      Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.
      
 
        
 
      • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
        • 
-
      • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        • 
+
      • For more information, see ExcludeApp element.
        • 
 
      
 
 
 
      Modify the DeploymentConfig.xml file
      
 
        
 
      • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
        • 
-
      • For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).
        • 
+
      • For more information, see Disabling Office 2013 applications.
        • 
 
      
 
 
 
 
- 
+
 
 ## Creating an Office 2013 package for App-V with the Office Deployment Tool
 
 
 Complete the following steps to create an Office 2013 package for App-V 5.0 or later.
 
-**Important**  
+**Important**  
 In App-V 5.0 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
 
 
@@ -190,9 +193,9 @@ The computer on which you are installing the Office Deployment Tool must have:
 
 
 
-**Note**  
+**Note**  
 In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
- 
+
 
 ### Create Office 2013 App-V Packages Using Office Deployment Tool
 
@@ -218,120 +221,120 @@ After you download the Office Deployment Tool, you can use it to get the latest
 
 The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
-1.  **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
 
-    1.  Open the sample XML file in Notepad or your favorite text editor.
+   1. Open the sample XML file in Notepad or your favorite text editor.
 
-    2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
+   2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
 
-        ``` syntax
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
+      ``` syntax
+      
+         
+          
+            
+          
+          
+            
+          
+        
+      
+      ```
 
-        **Note**  
-        The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
+      **Note**  
+      The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
 
-        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
+      The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
      




      InputDescriptionExample
      Add element
      Specifies the products and languages to include in the package.
      N/A
      OfficeClientEdition (attribute of Add element)
      Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
      OfficeClientEdition="32"
      
-        
      OfficeClientEdition="64"
      Product element
      Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.
      Product ID ="O365ProPlusRetail "
      
-        
      Product ID ="VisioProRetail"
      
-        
      Product ID ="ProjectProRetail"
      
-        
      Product ID ="ProPlusVolume"
      
-        
      Product ID ="VisioProVolume"
      
-        
      Product ID = "ProjectProVolume"
      Language element
      Specifies the language supported in the applications
      Language ID="en-us"
      Version (attribute of Add element)
      Optional. Specifies a build to use for the package
      
-        
      Defaults to latest advertised build (as defined in v32.CAB at the Office source).
      15.1.2.3
      SourcePath (attribute of Add element)
      Specifies the location in which the applications will be saved to.
      Sourcepath = "\\Server\Office2013”
      
+      
+      +      +      +      +      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
      




      InputDescriptionExample
      Add element
      Specifies the products and languages to include in the package.
      N/A
      OfficeClientEdition (attribute of Add element)
      Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
      OfficeClientEdition="32"
      
+      
      OfficeClientEdition="64"
      Product element
      Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.
      Product ID ="O365ProPlusRetail "
      
+      
      Product ID ="VisioProRetail"
      
+      
      Product ID ="ProjectProRetail"
      
+      
      Product ID ="ProPlusVolume"
      
+      
      Product ID ="VisioProVolume"
      
+      
      Product ID = "ProjectProVolume"
      Language element
      Specifies the language supported in the applications
      Language ID="en-us"
      Version (attribute of Add element)
      Optional. Specifies a build to use for the package
      
+      
      Defaults to latest advertised build (as defined in v32.CAB at the Office source).
      15.1.2.3
      SourcePath (attribute of Add element)
      Specifies the location in which the applications will be saved to.
      Sourcepath = "\Server\Office2013”
      
 
-        After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+      After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
 
-2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
 
-    ``` syntax
-    \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
-    ```
+   ``` syntax
+   \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
+   ```
 
-    In the example:
+   In the example:
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      \server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /download
      downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.
      \server\Office2013\Customconfig.xml
      passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2013.
      
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
      



      \\server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /download
      downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.
      \\server\Office2013\Customconfig.xml
      passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.
      
 
-     
 
 ### Convert the Office applications into an App-V package
 
@@ -383,180 +386,181 @@ After you download the Office 2013 applications through the Office Deployment To
 
 
 
- 
+
 
 **How to convert the Office applications into an App-V package**
 
-1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
      



      ParameterWhat to change the value to
      SourcePath
      Point to the Office applications downloaded earlier.
      ProductID
      Specify the type of licensing, as shown in the following examples:
      
-    
        
-    
      • Subscription Licensing
        
-    
        <Configuration>
-       <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
-        <Product ID="O365ProPlusRetail">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProRetail">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration> 
        
-    
        In this example, the following changes were made to create a package with Subscription licensing:
        
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to O365ProPlusRetail.
        Product ID
        for Visio was changed to VisioProRetail.
        
-    
         
        
-    
        • 
-    
      • Volume Licensing
        
-    
        <Configuration>
-       <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
-        <Product ID="ProPlusVolume">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProVolume">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration>
        
-    
        In this example, the following changes were made to create a package with Volume licensing:
        
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to ProPlusVolume.
        Product ID
        for Visio was changed to VisioProVolume.
        
-    
         
        
-    
        • 
-    
      ExcludeApp (optional)
      Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
      PACKAGEGUID (optional)
      By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
      
-    
      An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
      
-    
      
-    Note  
-    
      Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
      
-    
      
-    
      
-     
-    
      
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      ParameterWhat to change the value to
      SourcePath
      Point to the Office applications downloaded earlier.
      ProductID
      Specify the type of licensing, as shown in the following examples:
      
+   
        
+   
      • Subscription Licensing
        
+   
        <Configuration>
+      <Add SourcePath= "\server\Office 2013" OfficeClientEdition="32" >
+       <Product ID="O365ProPlusRetail">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProRetail">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration> 
        
+   
        In this example, the following changes were made to create a package with Subscription licensing:
        
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to O365ProPlusRetail.
        Product ID
        for Visio was changed to VisioProRetail.
        
+   
         
        
+   
        • 
+   
      • Volume Licensing
        
+   
        <Configuration>
+      <Add SourcePath= "\Server\Office2013" OfficeClientEdition="32" >
+       <Product ID="ProPlusVolume">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProVolume">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration>
        
+   
        In this example, the following changes were made to create a package with Volume licensing:
        
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to ProPlusVolume.
        Product ID
        for Visio was changed to VisioProVolume.
        
+   
         
        
+   
        • 
+   
      ExcludeApp (optional)
      Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
      PACKAGEGUID (optional)
      By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
      
+   
      An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
      
+   
      
+   Note
      Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
      
+   
      
+   
      
 
-     
+   
      
 
-2.  Use the /packager command to convert the Office applications to an Office 2013 App-V package.
 
-    For example:
 
-    ``` syntax
-    \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
-    ```
+2. Use the /packager command to convert the Office applications to an Office 2013 App-V package.
 
-    In the example:
+   For example:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
      



      \\server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /packager
      creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.
      \\server\Office2013\Customconfig.xml
      passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
      \\server\share\Office 2013AppV
      specifies the location of the newly created Office App-V package.
      
+   ``` syntax
+   \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
+   ```
 
-     
+   In the example:
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      \server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /packager
      creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.
      \server\Office2013\Customconfig.xml
      passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
      \server\share\Office 2013AppV
      specifies the location of the newly created Office App-V package.
      
 
-    -   **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
 
-    -   **WorkingDir**
 
-    **Note**  
-    To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
+After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-     
+-   **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
 
-3.  Verify that the Office 2013 App-V package works correctly:
+-   **WorkingDir**
 
-    1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
+**Note**  
+To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
 
-    2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
+
+
+3. Verify that the Office 2013 App-V package works correctly:
+
+   1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
+
+   2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
 
 ## Publishing the Office package for App-V 5.0
 
@@ -601,7 +605,7 @@ Deploy the App-V package for Office 2013 by using the same methods you use for a
 
 
 
- 
+
 
 ### How to publish an Office package
 
@@ -644,10 +648,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 5.  Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-    **Important**  
+    **Important**  
     The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
 
-     
+
 
 6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
 
@@ -667,10 +671,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
 
-**Note**  
+**Note**  
 To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx).
 
- 
+
 
 **To disable an Office 2013 application**
 
@@ -755,14 +759,14 @@ To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a
 
 1.  Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    **Note**  
+    **Note**  
     Office App-V packages have two Version IDs:
 
     -   An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
 
     -   A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
 
-     
+
 
 2.  Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
 
@@ -805,7 +809,7 @@ The following table describes the requirements and options for deploying Visio 2
 
 
      How do I package and publish Visio 2013 and Project 2013 with Office?
      
 
      You must include Visio 2013 and Project 2013 in the same package with Office.
      
-
      If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow [Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md).
      
+
      If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow Deploying Microsoft Office 2010 by Using App-V.
      
 
 
 
      How can I deploy Visio 2013 and Project 2013 to specific users?
      
@@ -836,17 +840,17 @@ The following table describes the requirements and options for deploying Visio 2
 
        
 
      1. Create a package that contains Office, Visio, and Project.
        2. 
 
      2. Deploy the package to all users.
        3. 
-
      3. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.
        4. 
+
      4. Use Microsoft AppLocker to prevent specific users from using Visio and Project.
        5. 
 
      
 
 
 
-
       
      
+
       
      
 
 
 
 
- 
+
 
 ## Additional resources
 
@@ -880,9 +884,9 @@ The following table describes the requirements and options for deploying Visio 2
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
index 8ff13f6470..a5afa4ef90 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V
 description: Deploying Microsoft Office 2013 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 9a7be05e-2a7a-4874-af25-09c0f5037876
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Use the following table to get information about supported versions of Office an
 
 
 
-
      [Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-office-vers-supp-appv)
      
+
      Planning for Using App-V with Office
      
 
        
 
      • Supported versions of Office
        • 
 
      • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
        • 
@@ -56,13 +59,13 @@ Use the following table to get information about supported versions of Office an
 
      
 
 
-
      [Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-plan-coexisting)
      
+
      Planning for Using App-V with Office
      
 
      Considerations for installing different versions of Office on the same computer
      
 
 
 
 
- 
+
 ### Packaging, publishing, and deployment requirements
 
 Before you deploy Office by using App-V, review the following requirements.
@@ -84,7 +87,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
        
 
      • All of the Office applications that you want to deploy to users must be in a single package.
        • 
 
      • In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
        • 
-
      • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).
        • 
+
      • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2013 and Project 2013 with Office.
        • 
 
      
 
 
@@ -101,7 +104,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
    • Visio Pro for Office 365
      • 
 
    • Project Pro for Office 365
      • 
 
    
-
    You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).
    
+
    You must enable shared computer activation.
    
 
    You don’t use shared computer activation if you’re deploying a volume licensed product, such as:
    
 
      
 
    • Office Professional Plus 2013
      • 
@@ -112,7 +115,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
 
 
- 
+
 
 ### Excluding Office applications from a package
 
@@ -134,30 +137,30 @@ The following table describes the recommended methods for excluding specific Off
 
      Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.
      
 
        
 
      • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
        • 
-
      • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        • 
+
      • For more information, see ExcludeApp element.
        • 
 
      
 
 
 
      Modify the DeploymentConfig.xml file
      
 
        
 
      • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
        • 
-
      • For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).
        • 
+
      • For more information, see Disabling Office 2013 applications.
        • 
 
      
 
 
 
 
- 
+
 
 ## Creating an Office 2013 package for App-V with the Office Deployment Tool
 
 
 Complete the following steps to create an Office 2013 package for App-V 5.1 or later.
 
-**Important**  
+**Important**  
 In App-V 5.1 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
 
- 
+
 
 ### Review prerequisites for using the Office Deployment Tool
 
@@ -189,12 +192,12 @@ The computer on which you are installing the Office Deployment Tool must have:
 
 
 
- 
 
-**Note**  
+
+**Note**  
 In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
 
- 
+
 
 ### Create Office 2013 App-V Packages Using Office Deployment Tool
 
@@ -239,105 +242,107 @@ The XML file that is included in the Office Deployment Tool specifies the produc
         
         ```
 
-        **Note**  
+        **Note**  
         The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
 
-         
 
-        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
      




      InputDescriptionExample
      Add element
      Specifies the products and languages to include in the package.
      N/A
      OfficeClientEdition (attribute of Add element)
      Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
      OfficeClientEdition="32"
      
-        
      OfficeClientEdition="64"
      Product element
      Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.
      Product ID ="O365ProPlusRetail "
      
-        
      Product ID ="VisioProRetail"
      
-        
      Product ID ="ProjectProRetail"
      
-        
      Product ID ="ProPlusVolume"
      
-        
      Product ID ="VisioProVolume"
      
-        
      Product ID = "ProjectProVolume"
      Language element
      Specifies the language supported in the applications
      Language ID="en-us"
      Version (attribute of Add element)
      Optional. Specifies a build to use for the package
      
-        
      Defaults to latest advertised build (as defined in v32.CAB at the Office source).
      15.1.2.3
      SourcePath (attribute of Add element)
      Specifies the location in which the applications will be saved to.
      Sourcepath = "\\Server\Office2013”
      
-
-         
-
-        After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
-
-2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
-
-    ``` syntax
-    \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
-    ```
-
-    In the example:
+~~~
+    The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
 
     -    -    +    +    +    
+    
+    
+    
+    
+    
+    
+    
-    
-    
+    
+    
+    
-    
-    
+    
+    
+    
-    
-    
+    
+    
+    
-    
-    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
      
     





     
      InputDescriptionExample
      
     
     
      \\server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Add element
      Specifies the products and languages to include in the package.
      N/A
      		
     
      
     
      Setup.exe
      is the Office Deployment Tool.
      OfficeClientEdition (attribute of Add element)
      Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
      OfficeClientEdition="32"
      
+    
      OfficeClientEdition="64"
      		
     
      
     
      /download
      downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.
      Product element
      Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.
      Product ID ="O365ProPlusRetail "
      
+    
      Product ID ="VisioProRetail"
      
+    
      Product ID ="ProjectProRetail"
      
+    
      Product ID ="ProPlusVolume"
      
+    
      Product ID ="VisioProVolume"
      
+    
      Product ID = "ProjectProVolume"
      		
     
      
     
      \\server\Office2013\Customconfig.xml
      passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.
      Language element
      Specifies the language supported in the applications
      Language ID="en-us"
      Version (attribute of Add element)
      Optional. Specifies a build to use for the package
      
+    
      Defaults to latest advertised build (as defined in v32.CAB at the Office source).
      15.1.2.3
      SourcePath (attribute of Add element)
      Specifies the location in which the applications will be saved to.
      Sourcepath = "\\Server\Office2013”
      		
     
      
           
     
      
 
-     
+
+
+    After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+~~~
+
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
+
+   ``` syntax
+   \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
+   ```
+
+   In the example:
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      \server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /download
      downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.
      \server\Office2013\Customconfig.xml
      passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2013.
      
+
+
 
 ### Convert the Office applications into an App-V package
 
@@ -389,180 +394,181 @@ After you download the Office 2013 applications through the Office Deployment To
 
 
 
- 
+
 
 **How to convert the Office applications into an App-V package**
 
-1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
      



      ParameterWhat to change the value to
      SourcePath
      Point to the Office applications downloaded earlier.
      ProductID
      Specify the type of licensing, as shown in the following examples:
      
-    
        
-    
      • Subscription Licensing
        
-    
        <Configuration>
-       <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
-        <Product ID="O365ProPlusRetail">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProRetail">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration> 
        
-    
        In this example, the following changes were made to create a package with Subscription licensing:
        
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to O365ProPlusRetail.
        Product ID
        for Visio was changed to VisioProRetail.
        
-    
         
        
-    
        • 
-    
      • Volume Licensing
        
-    
        <Configuration>
-       <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
-        <Product ID="ProPlusVolume">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProVolume">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration>
        
-    
        In this example, the following changes were made to create a package with Volume licensing:
        
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to ProPlusVolume.
        Product ID
        for Visio was changed to VisioProVolume.
        
-    
         
        
-    
        • 
-    
      ExcludeApp (optional)
      Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
      PACKAGEGUID (optional)
      By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
      
-    
      An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
      
-    
      
-    Note  
-    
      Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
      
-    
      
-    
      
-     
-    
      
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      ParameterWhat to change the value to
      SourcePath
      Point to the Office applications downloaded earlier.
      ProductID
      Specify the type of licensing, as shown in the following examples:
      
+   
        
+   
      • Subscription Licensing
        
+   
        <Configuration>
+      <Add SourcePath= "\server\Office 2013" OfficeClientEdition="32" >
+       <Product ID="O365ProPlusRetail">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProRetail">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration> 
        
+   
        In this example, the following changes were made to create a package with Subscription licensing:
        
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to O365ProPlusRetail.
        Product ID
        for Visio was changed to VisioProRetail.
        
+   
         
        
+   
        • 
+   
      • Volume Licensing
        
+   
        <Configuration>
+      <Add SourcePath= "\Server\Office2013" OfficeClientEdition="32" >
+       <Product ID="ProPlusVolume">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProVolume">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration>
        
+   
        In this example, the following changes were made to create a package with Volume licensing:
        
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        



        SourcePath
        is the path, which was changed to point to the Office applications that were downloaded earlier.
        Product ID
        for Office was changed to ProPlusVolume.
        Product ID
        for Visio was changed to VisioProVolume.
        
+   
         
        
+   
        • 
+   
      ExcludeApp (optional)
      Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
      PACKAGEGUID (optional)
      By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
      
+   
      An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
      
+   
      
+   Note
      Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
      
+   
      
+   
      
 
-     
+   
      
 
-2.  Use the /packager command to convert the Office applications to an Office 2013 App-V package.
 
-    For example:
 
-    ``` syntax
-    \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
-    ```
+2. Use the /packager command to convert the Office applications to an Office 2013 App-V package.
 
-    In the example:
+   For example:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
      



      \\server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /packager
      creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.
      \\server\Office2013\Customconfig.xml
      passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
      \\server\share\Office 2013AppV
      specifies the location of the newly created Office App-V package.
      
+   ``` syntax
+   \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
+   ```
 
-     
+   In the example:
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
      



      \server\Office2013
      is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
      Setup.exe
      is the Office Deployment Tool.
      /packager
      creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.
      \server\Office2013\Customconfig.xml
      passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
      \server\share\Office 2013AppV
      specifies the location of the newly created Office App-V package.
      
 
-    -   **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
 
-    -   **WorkingDir**
 
-    **Note**  
-    To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
+After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-     
+-   **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
 
-3.  Verify that the Office 2013 App-V package works correctly:
+-   **WorkingDir**
 
-    1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
+**Note**  
+To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
 
-    2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
+
+
+3. Verify that the Office 2013 App-V package works correctly:
+
+   1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
+
+   2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
 
 ## Publishing the Office package for App-V 5.1
 
@@ -607,7 +613,7 @@ Deploy the App-V package for Office 2013 by using the same methods you use for a
 
 
 
- 
+
 
 ### How to publish an Office package
 
@@ -650,10 +656,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 5.  Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-    **Important**  
+    **Important**  
     The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
 
-     
+
 
 6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
 
@@ -673,10 +679,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
 
-**Note**  
+**Note**  
 To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx).
 
- 
+
 
 **To disable an Office 2013 application**
 
@@ -761,14 +767,14 @@ To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a
 
 1.  Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    **Note**  
+    **Note**  
     Office App-V packages have two Version IDs:
 
     -   An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
 
     -   A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
 
-     
+
 
 2.  Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
 
@@ -811,7 +817,7 @@ The following table describes the requirements and options for deploying Visio 2
 
 
      How do I package and publish Visio 2013 and Project 2013 with Office?
      
 
      You must include Visio 2013 and Project 2013 in the same package with Office.
      
-
      If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow [Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md).
      
+
      If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow Deploying Microsoft Office 2010 by Using App-V.
      
 
 
 
      How can I deploy Visio 2013 and Project 2013 to specific users?
      
@@ -842,17 +848,17 @@ The following table describes the requirements and options for deploying Visio 2
 
        
 
      1. Create a package that contains Office, Visio, and Project.
        2. 
 
      2. Deploy the package to all users.
        3. 
-
      3. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.
        4. 
+
      4. Use Microsoft AppLocker to prevent specific users from using Visio and Project.
        5. 
 
      
 
 
 
-
       
      
+
       
      
 
 
 
 
- 
+
 
 ## Additional resources
 
@@ -886,9 +892,9 @@ The following table describes the requirements and options for deploying Visio 2
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
index dc3be9799d..b60166ff33 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying Microsoft Office 2016 by Using App-V
 description: Deploying Microsoft Office 2016 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: cc675cde-cb8d-4b7c-a700-6104b78f1d89
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Use the following table to get information about supported versions of Office an
 
 
 
-
      [Supported versions of Microsoft Office](planning-for-using-app-v-with-office.md#bkmk-office-vers-supp-appv)
      
+
      Supported versions of Microsoft Office
      
 
        
 
      • Supported versions of Office
        • 
 
      • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
        • 
@@ -56,13 +59,13 @@ Use the following table to get information about supported versions of Office an
 
      
 
 
-
      [Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)
      
+
      Planning for Using App-V with coexisting versions of Office
      
 
      Considerations for installing different versions of Office on the same computer
      
 
 
 
 
- 
+
 
 ### Packaging, publishing, and deployment requirements
 
@@ -86,7 +89,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
        
 
      • All of the Office applications that you want to deploy to users must be in a single package.
        • 
 
      • In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
        • 
-
      • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).
        • 
+
      • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2016 and Project 2016 with Office.
        • 
 
      
 
 
@@ -103,13 +106,13 @@ Before you deploy Office by using App-V, review the following requirements.
 
    • Visio Pro for Office 365
      • 
 
    • Project Pro for Office 365
      • 
 
    
-
    You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).
    
+
    You must enable shared computer activation.
    
 
 
 
 
 
- 
+
 
 ### Excluding Office applications from a package
 
@@ -131,20 +134,20 @@ The following table describes the recommended methods for excluding specific Off
 
    Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.
    
 
      
 
    • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
      • 
-
    • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
      • 
+
    • For more information, see ExcludeApp element.
      • 
 
    
 
 
 
    Modify the DeploymentConfig.xml file
    
 
      
 
    • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
      • 
-
    • For more information, see [Disabling Office 2016 applications](#bkmk-disable-office-apps).
      • 
+
    • For more information, see Disabling Office 2016 applications.
      • 
 
    
 
 
 
 
- 
+
 
 ## Creating an Office 2016 package for App-V with the Office Deployment Tool
 
@@ -185,8 +188,8 @@ The computer on which you are installing the Office Deployment Tool must have:
 
 
 
->**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
- 
+>**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
+
 
 ### Create Office 2016 App-V Packages Using Office Deployment Tool
 
@@ -200,12 +203,12 @@ Office 2016 App-V Packages are created using the Office Deployment Tool, which g
 
 1.  Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
 
->**Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
-2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+> **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+> 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
 
     Example: \\\\Server\\Office2016
 
-3.  Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
 
 ### Download Office 2016 applications
 
@@ -213,125 +216,125 @@ After you download the Office Deployment Tool, you can use it to get the latest
 
 The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
-1.  **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
 
-    1.  Open the sample XML file in Notepad or your favorite text editor.
+   1. Open the sample XML file in Notepad or your favorite text editor.
 
-    2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
+   2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
 
-        ``` syntax
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
+      ``` syntax
+      
+         
+          
+            
+          
+          
+            
+          
+        
+      
+      ```
 
-        >**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
+      >**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
 
-        The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
+      The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
    




    InputDescriptionExample
    Add element
    Specifies the products and languages to include in the package.
    N/A
    OfficeClientEdition (attribute of Add element)
    Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
    OfficeClientEdition="32"
    
-        
    OfficeClientEdition="64"
    Product element
    Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
+      
+      +      +      +      +      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
    




    InputDescriptionExample
    Add element
    Specifies the products and languages to include in the package.
    N/A
    OfficeClientEdition (attribute of Add element)
    Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
    OfficeClientEdition="32"
    
+      
    OfficeClientEdition="64"
    Product element
    Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
 
-        For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
-        
    Product ID ="O365ProPlusRetail "
    
-        
    Product ID ="VisioProRetail"
    
-        
    Product ID ="ProjectProRetail"
    
-        
    Language element
    Specifies the language supported in the applications
    Language ID="en-us"
    Version (attribute of Add element)
    Optional. Specifies a build to use for the package
    
-        
    Defaults to latest advertised build (as defined in v32.CAB at the Office source).
    16.1.2.3
    SourcePath (attribute of Add element)
    Specifies the location in which the applications will be saved to.
    Sourcepath = "\\Server\Office2016”
    Channel (attribute of Add element)
    Optional. Specifies the update channel for the product that you want to download or install. 
    For more information about update channels, see Overview of update channels for Office 365 ProPlus.
    Channel="Deferred"
    
+      For more information about the product IDs, see Product IDs that are supported by the Office Deployment Tool for Click-to-Run
+      
    Product ID ="O365ProPlusRetail "
    
+      
    Product ID ="VisioProRetail"
    
+      
    Product ID ="ProjectProRetail"
    
+      
    Language element
    Specifies the language supported in the applications
    Language ID="en-us"
    Version (attribute of Add element)
    Optional. Specifies a build to use for the package
    
+      
    Defaults to latest advertised build (as defined in v32.CAB at the Office source).
    16.1.2.3
    SourcePath (attribute of Add element)
    Specifies the location in which the applications will be saved to.
    Sourcepath = "\Server\Office2016”
    Channel (attribute of Add element)
    Optional. Specifies the update channel for the product that you want to download or install. 
    For more information about update channels, see Overview of update channels for Office 365 ProPlus.
    Channel="Deferred"
    
 
-        After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+      After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
 
-2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
 
-    ``` syntax
-    \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
-    ```
+   ``` syntax
+   \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
+   ```
 
-    In the example:
+   In the example:
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    \server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /download
    downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.
    \server\Office2016\Customconfig.xml
    passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2016.
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    \\server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /download
    downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.
    \\server\Office2016\Customconfig.xml
    passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2016.
    
 
-     
 
 ### Convert the Office applications into an App-V package
 
@@ -377,135 +380,137 @@ After you download the Office 2016 applications through the Office Deployment To
 
 
 
- 
+
 
 **How to convert the Office applications into an App-V package**
 
-1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterWhat to change the value to
    SourcePath
    Point to the Office applications downloaded earlier.
    ProductID
    Specify Subscription licensing, as shown in the following example:
    
-    
    <Configuration>
-       <Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
-        <Product ID="O365ProPlusRetail">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProRetail">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration> 
    
-    
    In this example, the following changes were made to create a package with Subscription licensing:
    
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    SourcePath
    is the path, which was changed to point to the Office applications that were downloaded earlier.
    Product ID
    for Office was changed to O365ProPlusRetail.
    Product ID
    for Visio was changed to VisioProRetail.
    
-    
    
-    
    ExcludeApp (optional)
    Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
    PACKAGEGUID (optional)
    By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
    
-    
    An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
    
->**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
-    
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    ParameterWhat to change the value to
    SourcePath
    Point to the Office applications downloaded earlier.
    ProductID
    Specify Subscription licensing, as shown in the following example:
    
+   
    <Configuration>
+      <Add SourcePath= "\server\Office 2016" OfficeClientEdition="32" >
+       <Product ID="O365ProPlusRetail">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProRetail">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration> 
    
+   
    In this example, the following changes were made to create a package with Subscription licensing:
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    SourcePath
    is the path, which was changed to point to the Office applications that were downloaded earlier.
    Product ID
    for Office was changed to O365ProPlusRetail.
    Product ID
    for Visio was changed to VisioProRetail.
    
+   
    
+   
    ExcludeApp (optional)
    Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
    PACKAGEGUID (optional)
    By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
    
+   
    An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
    
+   >Note Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+   
    
 
-     
 
-2.  Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
-    For example:
+2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
-    ``` syntax
-    \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml  \\server\share\Office2016AppV
-    ```
+   For example:
 
-    In the example:
+   ``` syntax
+   \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml  \\server\share\Office2016AppV
+   ```
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    \\server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /packager
    creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.
    \\server\Office2016\Customconfig.xml
    passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
    \\server\share\Office 2016AppV
    specifies the location of the newly created Office App-V package.
    
+   In the example:
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    \server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /packager
    creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.
    \server\Office2016\Customconfig.xml
    passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
    \server\share\Office 2016AppV
    specifies the location of the newly created Office App-V package.
    
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-    -   **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
 
-    -   **WorkingDir**
+~~~
+After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-    **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+-   **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
 
-     
+-   **WorkingDir**
 
-3.  Verify that the Office 2016 App-V package works correctly:
+**Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
 
-    1.  Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
 
-    2.  Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
+
+3. Verify that the Office 2016 App-V package works correctly:
+
+   1.  Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
+
+   2.  Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
 
 ## Publishing the Office package for App-V
 
@@ -550,7 +555,7 @@ Deploy the App-V package for Office 2016 by using the same methods you use for a
 
 
 
- 
+
 
 ### How to publish an Office package
 
@@ -591,9 +596,9 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 5.  Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-    >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+    >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+
 
-     
 
 6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package.
 
@@ -613,8 +618,8 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
 
->**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
- 
+>**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
+
 
 **To disable an Office 2016 application**
 
@@ -690,18 +695,18 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
 
 **How to upgrade a previously deployed Office 2016 package**
 
-1.  Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    >**Note** Office App-V packages have two Version IDs:
-    
      
-    
    • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
      • 
-    
    • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
      • 
-    
    
-     
+   > **Note** Office App-V packages have two Version IDs:
+   > 
      
+   > 
    • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
      • 
+   > 
    • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
      • 
+   > 
    
 
-2.  Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
 
-3.  Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
+2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
+
+3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
 
 
 ### Deploying Visio 2016 and Project 2016 with Office
@@ -754,17 +759,17 @@ The following table describes the requirements and options for deploying Visio 2
 
      
 
    1. Create a package that contains Office, Visio, and Project.
      2. 
 
    2. Deploy the package to all users.
      3. 
-
    3. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.
      4. 
+
    4. Use Microsoft AppLocker to prevent specific users from using Visio and Project.
      5. 
 
    
 
 
 
-
     
    
+
     
    
 
 
 
 
- 
+
 
 ## Additional resources
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
index be3dcbac56..e13e27d1f9 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
@@ -1,8 +1,11 @@
----
+---
 title: Deploying Microsoft Office 2016 by Using App-V
 description: Deploying Microsoft Office 2016 by Using App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: e0f4876-da99-4b89-977e-2fb6e89ea3d3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Use the following table to get information about supported versions of Office an
 
 
 
-
    [Supported versions of Microsoft Office](planning-for-using-app-v-with-office.md#bkmk-office-vers-supp-appv)
    
+
    Supported versions of Microsoft Office
    
 
      
 
    • Supported versions of Office
      • 
 
    • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
      • 
@@ -56,13 +59,13 @@ Use the following table to get information about supported versions of Office an
 
    
 
 
-
    [Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)
    
+
    Planning for Using App-V with coexisting versions of Office
    
 
    Considerations for installing different versions of Office on the same computer
    
 
 
 
 
- 
+
 
 ### Packaging, publishing, and deployment requirements
 
@@ -86,7 +89,7 @@ Before you deploy Office by using App-V, review the following requirements.
 
      
 
    • All of the Office applications that you want to deploy to users must be in a single package.
      • 
 
    • In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
      • 
-
    • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).
      • 
+
    • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2016 and Project 2016 with Office.
      • 
 
    
 
 
@@ -103,13 +106,13 @@ Before you deploy Office by using App-V, review the following requirements.
 
  • Visio Pro for Office 365
    • 
 
  • Project Pro for Office 365
    • 
 
-
    You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).
    
+
    You must enable shared computer activation.
    
 
 
 
 
 
- 
+
 
 ### Excluding Office applications from a package
 
@@ -131,20 +134,20 @@ The following table describes the recommended methods for excluding specific Off
 
    Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.
    
 
      
 
    • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
      • 
-
    • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
      • 
+
    • For more information, see ExcludeApp element.
      • 
 
    
 
 
 
    Modify the DeploymentConfig.xml file
    
 
      
 
    • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
      • 
-
    • For more information, see [Disabling Office 2016 applications](#bkmk-disable-office-apps).
      • 
+
    • For more information, see Disabling Office 2016 applications.
      • 
 
    
 
 
 
 
- 
+
 
 ## Creating an Office 2016 package for App-V with the Office Deployment Tool
 
@@ -185,8 +188,8 @@ The computer on which you are installing the Office Deployment Tool must have:
 
 
 
->**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
- 
+>**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
+
 
 ### Create Office 2016 App-V Packages Using Office Deployment Tool
 
@@ -200,12 +203,12 @@ Office 2016 App-V Packages are created using the Office Deployment Tool, which g
 
 1.  Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
 
->**Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
-2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+> **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+> 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
 
     Example: \\\\Server\\Office2016
 
-3.  Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
 
 ### Download Office 2016 applications
 
@@ -213,125 +216,125 @@ After you download the Office Deployment Tool, you can use it to get the latest
 
 The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
-1.  **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
 
-    1.  Open the sample XML file in Notepad or your favorite text editor.
+   1. Open the sample XML file in Notepad or your favorite text editor.
 
-    2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
+   2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
 
-        ``` syntax
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
+      ``` syntax
+      
+         
+          
+            
+          
+          
+            
+          
+        
+      
+      ```
 
-        >**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
+      >**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
 
-        The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
+      The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
    




    InputDescriptionExample
    Add element
    Specifies the products and languages to include in the package.
    N/A
    OfficeClientEdition (attribute of Add element)
    Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
    OfficeClientEdition="32"
    
-        
    OfficeClientEdition="64"
    Product element
    Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
+      
+      +      +      +      +      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
    




    InputDescriptionExample
    Add element
    Specifies the products and languages to include in the package.
    N/A
    OfficeClientEdition (attribute of Add element)
    Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
    OfficeClientEdition="32"
    
+      
    OfficeClientEdition="64"
    Product element
    Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
 
-        For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
-        
    Product ID ="O365ProPlusRetail "
    
-        
    Product ID ="VisioProRetail"
    
-        
    Product ID ="ProjectProRetail"
    
-        
    Language element
    Specifies the language supported in the applications
    Language ID="en-us"
    Version (attribute of Add element)
    Optional. Specifies a build to use for the package
    
-        
    Defaults to latest advertised build (as defined in v32.CAB at the Office source).
    16.1.2.3
    SourcePath (attribute of Add element)
    Specifies the location in which the applications will be saved to.
    Sourcepath = "\\Server\Office2016”
    Branch (attribute of Add element)
    Optional. Specifies the update branch for the product that you want to download or install. 
    For more information about update branches, see Overview of update branches for Office 365 ProPlus.
    Branch = "Business"
    
+      For more information about the product IDs, see Product IDs that are supported by the Office Deployment Tool for Click-to-Run
+      
    Product ID ="O365ProPlusRetail "
    
+      
    Product ID ="VisioProRetail"
    
+      
    Product ID ="ProjectProRetail"
    
+      
    Language element
    Specifies the language supported in the applications
    Language ID="en-us"
    Version (attribute of Add element)
    Optional. Specifies a build to use for the package
    
+      
    Defaults to latest advertised build (as defined in v32.CAB at the Office source).
    16.1.2.3
    SourcePath (attribute of Add element)
    Specifies the location in which the applications will be saved to.
    Sourcepath = "\Server\Office2016”
    Branch (attribute of Add element)
    Optional. Specifies the update branch for the product that you want to download or install. 
    For more information about update branches, see Overview of update branches for Office 365 ProPlus.
    Branch = "Business"
    
 
-        After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+      After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
 
-2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
 
-    ``` syntax
-    \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
-    ```
+   ``` syntax
+   \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
+   ```
 
-    In the example:
+   In the example:
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    \server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /download
    downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.
    \server\Office2016\Customconfig.xml
    passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2016.
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    \\server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /download
    downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.
    \\server\Office2016\Customconfig.xml
    passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2016.
    
 
-     
 
 ### Convert the Office applications into an App-V package
 
@@ -377,135 +380,137 @@ After you download the Office 2016 applications through the Office Deployment To
 
 
 
- 
+
 
 **How to convert the Office applications into an App-V package**
 
-1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
+   
+   
+   
    



    ParameterWhat to change the value to
    SourcePath
    Point to the Office applications downloaded earlier.
    ProductID
    Specify Subscription licensing, as shown in the following example:
    
-    
    <Configuration>
-       <Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
-        <Product ID="O365ProPlusRetail">
-          <Language ID="en-us" />
-        </Product>
-        <Product ID="VisioProRetail">
-          <Language ID="en-us" />
-        </Product>
-      </Add>
-    </Configuration> 
    
-    
    In this example, the following changes were made to create a package with Subscription licensing:
    
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    SourcePath
    is the path, which was changed to point to the Office applications that were downloaded earlier.
    Product ID
    for Office was changed to O365ProPlusRetail.
    Product ID
    for Visio was changed to VisioProRetail.
    
-    
    
-    
    ExcludeApp (optional)
    Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
    PACKAGEGUID (optional)
    By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
    
-    
    An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
-    
-    
-    
    



    ParameterWhat to change the value to
    SourcePath
    Point to the Office applications downloaded earlier.
    ProductID
    Specify Subscription licensing, as shown in the following example:
    
+   
    <Configuration>
+      <Add SourcePath= "\server\Office 2016" OfficeClientEdition="32" >
+       <Product ID="O365ProPlusRetail">
+         <Language ID="en-us" />
+       </Product>
+       <Product ID="VisioProRetail">
+         <Language ID="en-us" />
+       </Product>
+     </Add>
+   </Configuration> 
    
+   
    In this example, the following changes were made to create a package with Subscription licensing:
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    SourcePath
    is the path, which was changed to point to the Office applications that were downloaded earlier.
    Product ID
    for Office was changed to O365ProPlusRetail.
    Product ID
    for Visio was changed to VisioProRetail.
    
+   
    
+   
    ExcludeApp (optional)
    Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
    PACKAGEGUID (optional)
    By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
    
+   
    An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
    
 
-    >**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
-    
    
+   >Note Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+   
    
 
-     
-2.  Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
-    For example:
+2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
-    ``` syntax
-    \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml  \\server\share\Office2016AppV
-    ```
+   For example:
 
-    In the example:
+   ``` syntax
+   \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml  \\server\share\Office2016AppV
+   ```
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    \\server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /packager
    creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.
    \\server\Office2016\Customconfig.xml
    passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
    \\server\share\Office 2016AppV
    specifies the location of the newly created Office App-V package.
    
+   In the example:
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    \server\Office2016
    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
    Setup.exe
    is the Office Deployment Tool.
    /packager
    creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.
    \server\Office2016\Customconfig.xml
    passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
    \server\share\Office 2016AppV
    specifies the location of the newly created Office App-V package.
    
 
-    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-    -   **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
 
-    -   **WorkingDir**
+~~~
+After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
-    **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+-   **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
 
-     
+-   **WorkingDir**
 
-3.  Verify that the Office 2016 App-V package works correctly:
+**Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+~~~
 
-    1.  Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
 
-    2.  Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
+
+3. Verify that the Office 2016 App-V package works correctly:
+
+   1.  Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
+
+   2.  Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
 
 ## Publishing the Office package for App-V
 
@@ -550,7 +555,7 @@ Deploy the App-V package for Office 2016 by using the same methods you use for a
 
 
 
- 
+
 
 ### How to publish an Office package
 
@@ -591,9 +596,9 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 5.  Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-    >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+    >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+
 
-     
 
 6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package.
 
@@ -613,8 +618,8 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
 
->**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
- 
+>**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
+
 
 **To disable an Office 2016 application**
 
@@ -690,18 +695,18 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
 
 **How to upgrade a previously deployed Office 2016 package**
 
-1.  Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    >**Note** Office App-V packages have two Version IDs:
-    
      
-    
    • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
      • 
-    
    • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
      • 
-    
    
-     
+   > **Note** Office App-V packages have two Version IDs:
+   > 
      
+   > 
    • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
      • 
+   > 
    • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
      • 
+   > 
    
 
-2.  Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
 
-3.  Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
+2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
+
+3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
 
 
 ### Deploying Visio 2016 and Project 2016 with Office
@@ -754,12 +759,12 @@ The following table describes the requirements and options for deploying Visio 2
 
      
 
    1. Create a package that contains Office, Visio, and Project.
      2. 
 
    2. Deploy the package to all users.
      3. 
-
    3. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.
      4. 
+
    4. Use Microsoft AppLocker to prevent specific users from using Visio and Project.
      5. 
 
    
 
 
 
-
     
    
+
     
    
 
 
 
diff --git a/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md b/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md
index 9124dd0305..1ad01a6915 100644
--- a/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md
+++ b/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the App-V 5.0 Sequencer and Client
 description: Deploying the App-V 5.0 Sequencer and Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 84cc84bd-5bc0-41aa-9519-0ded2932c078
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ You can use the Microsoft ADMX template to configure the client settings for the
 **Important**  
 You can obtain the App-V 5.0 ADMX template from the Microsoft Download Center.
 
- 
+ 
 
 After you download and install the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
 
@@ -64,7 +67,7 @@ The App-V 5.0 Shared Content Store (SCS) mode enables the SCS App-V 5.0 clients
 **Important**  
 If the App-V 5.0 client is configured to run in the SCS mode, the location where the App-V 5.0 packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V 5.0 client in the SCS mode across the internet.
 
- 
+ 
 
 Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V 5.0 client to stream the required virtualized package data across the network.
 
@@ -112,9 +115,9 @@ In App-V 5.0 SP3, some logs have been consolidated. See [About App-V 5.0 SP3](ab
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/deploying-the-app-v-50-server.md b/mdop/appv-v5/deploying-the-app-v-50-server.md
index 5381037f48..a9c5cecc6e 100644
--- a/mdop/appv-v5/deploying-the-app-v-50-server.md
+++ b/mdop/appv-v5/deploying-the-app-v-50-server.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the App-V 5.0 Server
 description: Deploying the App-V 5.0 Server
-author: jamiejdt
+author: dansimp
 ms.assetid: a47f0dc8-2971-4e4d-8d57-6b69bbed4b63
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ For information about deploying the App-V 5.0 SP3 Server, see [About App-V 5.0 S
 **Important**  
 Before you install and configure the App-V 5.0 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
 
- 
+ 
 
 ##  App-V 5.0 Server overview
 
@@ -70,7 +73,7 @@ You can also deploy the App-V 5.0 clients and packages by using an ESD without h
 **Note**  
 The App-V 5.0 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.0 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
 
- 
+ 
 
 [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md)
 
@@ -116,9 +119,9 @@ Use the following link for more information [About App-V 5.0 Reporting](about-ap
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md b/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md
index 4e19a4e5ab..0811cc8ca8 100644
--- a/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md
+++ b/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the App-V 5.1 Sequencer and Client
 description: Deploying the App-V 5.1 Sequencer and Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 74f32794-4c76-436f-a542-f9e95d89063d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ You can use the Microsoft ADMX template to configure the client settings for the
 **Important**  
 You can obtain the App-V 5.1 ADMX template from the Microsoft Download Center.
 
- 
+ 
 
 After you download and install the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
 
@@ -64,7 +67,7 @@ The App-V 5.1 Shared Content Store (SCS) mode enables the SCS App-V 5.1 clients
 **Important**  
 If the App-V 5.1 client is configured to run in the SCS mode, the location where the App-V 5.1 packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V 5.1 client in the SCS mode across the internet.
 
- 
+ 
 
 Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V 5.1 client to stream the required virtualized package data across the network.
 
@@ -110,9 +113,9 @@ You can use the App-V 5.1 Sequencer log information to help troubleshoot the Seq
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/deploying-the-app-v-51-server.md b/mdop/appv-v5/deploying-the-app-v-51-server.md
index aff7bdb99b..10380a684e 100644
--- a/mdop/appv-v5/deploying-the-app-v-51-server.md
+++ b/mdop/appv-v5/deploying-the-app-v-51-server.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the App-V 5.1 Server
 description: Deploying the App-V 5.1 Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 987b61dc-00d6-49ba-8f1b-92d7b948e702
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ For information about deploying the App-V Server, see [About App-V 5.1](about-ap
 **Important**  
 Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
 
- 
+ 
 
 ##  App-V 5.1 Server overview
 
@@ -70,7 +73,7 @@ You can also deploy the App-V 5.1 clients and packages by using an ESD without h
 **Note**  
 The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
 
- 
+ 
 
 [Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md)
 
@@ -116,9 +119,9 @@ Use the following link for more information [About App-V 5.1 Reporting](about-ap
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/evaluating-app-v-50.md b/mdop/appv-v5/evaluating-app-v-50.md
index 972342d307..1b2cc2ac24 100644
--- a/mdop/appv-v5/evaluating-app-v-50.md
+++ b/mdop/appv-v5/evaluating-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Evaluating App-V 5.0
 description: Evaluating App-V 5.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 0b4a6b12-559d-429f-9659-dc8f4883feab
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/evaluating-app-v-51.md b/mdop/appv-v5/evaluating-app-v-51.md
index 41aad1077c..84facb34f4 100644
--- a/mdop/appv-v5/evaluating-app-v-51.md
+++ b/mdop/appv-v5/evaluating-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Evaluating App-V 5.1
 description: Evaluating App-V 5.1
-author: jamiejdt
+author: dansimp
 ms.assetid: 92d80b23-3eca-4be3-a771-e700ad1470db
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
index 621eb9a3f4..861662bca5 100644
--- a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
+++ b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with App-V 5.0
 description: Getting Started with App-V 5.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 3e16eafb-ce95-4d06-b214-fe0f4b1b495f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ App-V consists of the following elements:
 
  • Retrieves virtual applications
    • 
 
  • Publishes the applications on the clients
    • 
 
  • Automatically sets up and manages virtual environments at runtime on Windows endpoints.
    • 
-
  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.
    • 
+
  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.
    • 
 
 
 
@@ -75,7 +78,7 @@ App-V consists of the following elements:
 
 
 
- 
+ 
 
 For more information about these elements, see [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md).
 
@@ -84,7 +87,7 @@ If you are new to this product, we recommend that you read the documentation tho
 **Note**  
 A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at  (https://go.microsoft.com/fwlink/?LinkId=272491).
 
- 
+ 
 
 This section of the App-V 5.0 Administrator’s Guide includes high-level information about App-V 5.0 to provide you with a basic understanding of the product before you begin the deployment planning.
 
@@ -137,9 +140,9 @@ This section of the App-V 5.0 Administrator’s Guide includes high-level inform
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/getting-started-with-app-v-51.md b/mdop/appv-v5/getting-started-with-app-v-51.md
index 5729e3b1ac..f508e2c3a6 100644
--- a/mdop/appv-v5/getting-started-with-app-v-51.md
+++ b/mdop/appv-v5/getting-started-with-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with App-V 5.1
 description: Getting Started with App-V 5.1
-author: jamiejdt
+author: dansimp
 ms.assetid: 49a20e1f-0566-4e53-a417-1521393fc974
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ App-V consists of the following elements:
 
  • Retrieves virtual applications
    • 
 
  • Publishes the applications on the clients
    • 
 
  • Automatically sets up and manages virtual environments at runtime on Windows endpoints.
    • 
-
  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.
    • 
+
  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.
    • 
 
 
 
@@ -75,7 +78,7 @@ App-V consists of the following elements:
 
 
 
- 
+ 
 
 For more information about these elements, see [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md).
 
@@ -84,7 +87,7 @@ If you are new to this product, we recommend that you read the documentation tho
 **Note**  
 A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at  (https://go.microsoft.com/fwlink/?LinkId=272491).
 
- 
+ 
 
 This section of the App-V 5.1 Administrator’s Guide includes high-level information about App-V 5.1 to provide you with a basic understanding of the product before you begin the deployment planning.
 
@@ -127,9 +130,9 @@ This section of the App-V 5.1 Administrator’s Guide includes high-level inform
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/high-level-architecture-for-app-v-50.md b/mdop/appv-v5/high-level-architecture-for-app-v-50.md
index 3f7b38c37a..e23df5f0a1 100644
--- a/mdop/appv-v5/high-level-architecture-for-app-v-50.md
+++ b/mdop/appv-v5/high-level-architecture-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: High Level Architecture for App-V 5.0
 description: High Level Architecture for App-V 5.0
-author: jamiejdt
+author: dansimp
 ms.assetid: fdf8b841-918f-4672-b352-0f2b9519581b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -61,12 +64,12 @@ A typical App-V 5.0 implementation consists of the following elements.
 
 
 
- 
+ 
 
 **Note**  
 If you are using App-V 5.0 with Electronic Software Distribution (ESD) you are not required to use the App-V 5.0 Management server, however you can still utilize the reporting and streaming functionality of App-V 5.0.
 
- 
+ 
 
 
 
@@ -78,9 +81,9 @@ If you are using App-V 5.0 with Electronic Software Distribution (ESD) you are n
 
 [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/high-level-architecture-for-app-v-51.md b/mdop/appv-v5/high-level-architecture-for-app-v-51.md
index dc5140b458..af616233b3 100644
--- a/mdop/appv-v5/high-level-architecture-for-app-v-51.md
+++ b/mdop/appv-v5/high-level-architecture-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: High Level Architecture for App-V 5.1
 description: High Level Architecture for App-V 5.1
-author: jamiejdt
+author: dansimp
 ms.assetid: 90406361-55b8-40b7-85c0-449436789d4c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -61,12 +64,12 @@ A typical App-V 5.1 implementation consists of the following elements.
 
 
 
- 
+ 
 
 **Note**  
 If you are using App-V 5.1 with Electronic Software Distribution (ESD) you are not required to use the App-V 5.1 Management server, however you can still utilize the reporting and streaming functionality of App-V 5.1.
 
- 
+ 
 
 
 
@@ -78,9 +81,9 @@ If you are using App-V 5.1 with Electronic Software Distribution (ESD) you are n
 
 [Getting Started with App-V 5.1](getting-started-with-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-access-the-client-management-console.md b/mdop/appv-v5/how-to-access-the-client-management-console.md
index 0e5f9cbf10..1e5fc68d4b 100644
--- a/mdop/appv-v5/how-to-access-the-client-management-console.md
+++ b/mdop/appv-v5/how-to-access-the-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Access the Client Management Console
 description: How to Access the Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 3f6303c7-f953-4623-8211-c20d1faa846b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the App-V 5.0 client management console to manage packages on the computer r
 **Note**  
 To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V 5.0 client.
 
- 
+ 
 
 Use the following procedure to access the client management console.
 
@@ -30,7 +33,7 @@ Use the following procedure to access the client management console.
     **Note**  
     For computers running the App-V 5.0 Remote Desktop Services client version, to access client management console follow step 1 of this procedure on the server running the client.
 
-     
+     
 
 2.  When the App-V 5.0 client management console is displayed, click the tab you want to review and perform any required tasks. For more information about the client management console tasks see, [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md).
 
@@ -41,9 +44,9 @@ Use the following procedure to access the client management console.
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-access-the-client-management-console51.md b/mdop/appv-v5/how-to-access-the-client-management-console51.md
index 8e275a30ff..e98a45a0a3 100644
--- a/mdop/appv-v5/how-to-access-the-client-management-console51.md
+++ b/mdop/appv-v5/how-to-access-the-client-management-console51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Access the Client Management Console
 description: How to Access the Client Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 22131251-acd5-44e7-a30b-7d389c518b6f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the App-V 5.1 client management console to manage packages on the computer r
 **Note**  
 To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V 5.1 client.
 
- 
+ 
 
 Use the following procedure to access the client management console.
 
@@ -30,7 +33,7 @@ Use the following procedure to access the client management console.
     **Note**  
     For computers running the App-V 5.1 Remote Desktop Services client version, to access client management console follow step 1 of this procedure on the server running the client.
 
-     
+     
 
 2.  When the App-V 5.1 client management console is displayed, click the tab you want to review and perform any required tasks. For more information about the client management console tasks see, [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md).
 
@@ -41,9 +44,9 @@ Use the following procedure to access the client management console.
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md
index 480ef440af..d62e802902 100644
--- a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md
+++ b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add or Remove an Administrator by Using the Management Console
 description: How to Add or Remove an Administrator by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 0e8ab443-1931-4b1a-95df-6ccbecc9efc5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md
index 0d4f699331..e4d9c802e9 100644
--- a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md
+++ b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add or Remove an Administrator by Using the Management Console
 description: How to Add or Remove an Administrator by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 7ff8c436-9d2e-446a-9ea2-bbab7e25bf21
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md
index 26833153ad..0d643c8054 100644
--- a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md
+++ b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add or Upgrade Packages by Using the Management Console
 description: How to Add or Upgrade Packages by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 62417b63-06b2-437c-8584-523e1dea97c3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ You can the following procedure to add or upgrade a package to the App-V 5.1 Man
     **Important**  
     You must select a package with the **.appv** file name extension.
 
-     
+     
 
 4.  The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported.
 
@@ -46,9 +49,9 @@ You can the following procedure to add or upgrade a package to the App-V 5.1 Man
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md
index 716eda585a..6ffae20774 100644
--- a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md
+++ b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add or Upgrade Packages by Using the Management Console
 description: How to Add or Upgrade Packages by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 4e389d7e-f402-44a7-bc4c-42c2a8440573
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ You can the following procedure to add or upgrade a package to the App-V 5.0 Man
     **Important**  
     You must select a package with the **.appv** file name extension.
 
-     
+     
 
 4.  The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported.
 
@@ -46,9 +49,9 @@ You can the following procedure to add or upgrade a package to the App-V 5.0 Man
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md
index 765b4e34da..a04d25f7ae 100644
--- a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md
+++ b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md
@@ -1,8 +1,11 @@
 ---
 title: How to Allow Only Administrators to Enable Connection Groups
 description: How to Allow Only Administrators to Enable Connection Groups
-author: jamiejdt
+author: dansimp
 ms.assetid: 60e62426-624f-4f26-851e-41cd78520883
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can configure the App-V client so that only administrators (not end users) c
 **Note**  
 **This feature is supported starting in App-V 5.0 SP3.**
 
- 
+ 
 
 Use one of the following methods to allow only administrators to enable or disable connection groups.
 
@@ -53,7 +56,7 @@ Use one of the following methods to allow only administrators to enable or disab
 
 
 
- 
+ 
 
 **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
@@ -62,9 +65,9 @@ Use one of the following methods to allow only administrators to enable or disab
 
 [Managing Connection Groups](managing-connection-groups.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md
index 09f8061b96..1a6a35f007 100644
--- a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md
+++ b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Allow Only Administrators to Enable Connection Groups
 description: How to Allow Only Administrators to Enable Connection Groups
-author: jamiejdt
+author: dansimp
 ms.assetid: 42ca3157-5d85-467b-a148-09404f8f737a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can configure the App-V client so that only administrators (not end users) c
 **Note**  
 **This feature is supported starting in App-V 5.0 SP3.**
 
- 
+ 
 
 Use one of the following methods to allow only administrators to enable or disable connection groups.
 
@@ -53,7 +56,7 @@ Use one of the following methods to allow only administrators to enable or disab
 
 
 
- 
+ 
 
 **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
@@ -62,9 +65,9 @@ Use one of the following methods to allow only administrators to enable or disab
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md
index 9ac359896e..8e30f21d57 100644
--- a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply the Deployment Configuration File by Using PowerShell
 description: How to Apply the Deployment Configuration File by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 5df5d5bc-6c72-4087-8b93-d6d4b502a1f4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,23 +29,25 @@ The dynamic deployment configuration file is applied when a package is added or
 
     **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
 
-    **Note**  
+    **Note**  
     This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document:
 
     **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md
index b1549d824b..dac9fedce1 100644
--- a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply the Deployment Configuration File by Using PowerShell
 description: How to Apply the Deployment Configuration File by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 78fe0f15-4a36-41e3-96d6-7d5aa77c1e06
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,23 +29,25 @@ The dynamic deployment configuration file is applied when a package is added or
 
     **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
 
-    **Note**  
+    **Note**  
     This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document:
 
     **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md
index a156f5e21d..0aa5bd5e31 100644
--- a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply the User Configuration File by Using PowerShell
 description: How to Apply the User Configuration File by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: f7d7c595-4fdd-4096-b53d-9eead111c339
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md
index 7846cdfac7..9ef045bf7b 100644
--- a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply the User Configuration File by Using PowerShell
 description: How to Apply the User Configuration File by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 986e638c-4a0c-4a7e-be73-f4615e8b8000
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md
index 80248ff8ea..2afafa6b63 100644
--- a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md
+++ b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Access to Packages by Using the Management Console
 description: How to Configure Access to Packages by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 8f4c91e4-f4e6-48cf-aa94-6085a054e8f7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,7 +38,7 @@ Use the following procedure to configure access to virtualized packages.
         **Note**  
         Ensure that you provide an associated domain name for the group that you are searching for.
 
-         
+         
 
 3.  To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane.
 
@@ -64,9 +67,9 @@ Use the following procedure to configure access to virtualized packages.
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md
index d722e69366..b7683c7b78 100644
--- a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Access to Packages by Using the Management Console
 description: How to Configure Access to Packages by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 4fd39bc2-d814-46de-a108-1c21fa404e8a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,7 +38,7 @@ Use the following procedure to configure access to virtualized packages.
         **Note**  
         Ensure that you provide an associated domain name for the group that you are searching for.
 
-         
+         
 
 3.  To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane.
 
@@ -64,9 +67,9 @@ Use the following procedure to configure access to virtualized packages.
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md
index ad12ad980d..8e6b0c9389 100644
--- a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md
+++ b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
 description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 23b2d03a-20ce-4973-99ee-748f3b682207
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Use the following steps to configure the App-V 5.1 client to receive updates fro
 **Note**  
 For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**.
 
- 
+ 
 
 **To configure the App-V 5.1 client to receive updates from the publishing server**
 
@@ -74,9 +77,9 @@ For the following procedures the management server was installed on a computer n
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md
index 1577651cb6..9120a87f6f 100644
--- a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md
+++ b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
 description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
-author: jamiejdt
+author: dansimp
 ms.assetid: f5dfd96d-4b63-468c-8d93-9dfdf47c28fd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Use the following steps to configure the App-V 5.0 client to receive updates fro
 **Note**  
 For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**.
 
- 
+ 
 
 **To configure the App-V 5.0 client to receive updates from the publishing server**
 
@@ -74,9 +77,9 @@ For the following procedures the management server was installed on a computer n
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-connect-to-the-management-console-51.md b/mdop/appv-v5/how-to-connect-to-the-management-console-51.md
index f9cabe35af..b6144f08ac 100644
--- a/mdop/appv-v5/how-to-connect-to-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-connect-to-the-management-console-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Connect to the Management Console
 description: How to Connect to the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 5a15ed86-7db7-4df3-80ca-bde26f3285e1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md b/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md
index 0558f39097..3fdbfba946 100644
--- a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md
+++ b/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md
@@ -1,8 +1,11 @@
 ---
 title: How to Connect to the Management Console
 description: How to Connect to the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 67dfdfa1-e7dd-4c5e-aa50-f016bd1dc643
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
index a3969a0d7f..2c1debb1f6 100644
--- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
+++ b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: How to Convert a Package Created in a Previous Version of App-V
 description: How to Convert a Package Created in a Previous Version of App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: b092a5f8-cc5f-4df8-a5a2-0a68fd7bd5b2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,19 +19,19 @@ ms.date: 06/16/2016
 
 You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
 
-**Note**  
+**Note**  
 If you are running a computer with a 64-bit architecture, you must use the x86 version of PowerShell.
 
- 
 
-The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion.
+
+The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion.
 
 The following information provides direction for converting existing virtual application packages.
 
-**Important**  
+**Important**  
 You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process.
 
- 
+
 
 **Getting started**
 
@@ -40,39 +43,41 @@ You must configure the package converter to always save the package ingredients
 Import-Module AppVPkgConverter
 ```
 
-3.  
+3. 
 
-    The following cmdlets are available:
+   The following cmdlets are available:
 
-    -   Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.
+   -   Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.
 
-    -   ConvertFrom-AppvLegacyPackage – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V 5.0 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used for the App-V 5.0 filename.
+   -   ConvertFrom-AppvLegacyPackage – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V 5.0 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used for the App-V 5.0 filename.
 
-        Additionally, the package converter optimizes performance of packages in App-V 5.0 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+       Additionally, the package converter optimizes performance of packages in App-V 5.0 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
 
-        **Note**  
-        Before you specify the output directory, you must create the output directory.
+       **Note**  
+       Before you specify the output directory, you must create the output directory.
 
-         
 
-    **Advanced Conversion Tips**
 
-    -   Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.0 client.
+~~~
+**Advanced Conversion Tips**
 
-    -   Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
+-   Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.0 client.
 
-    -   Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter.
+-   Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+-   Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter.
+
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md
index 8a07e352fe..b146f4dd7f 100644
--- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md
+++ b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Convert a Package Created in a Previous Version of App-V
 description: How to Convert a Package Created in a Previous Version of App-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 3366d399-2891-491d-8de1-f8cfdf39bbab
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,19 +19,19 @@ ms.date: 06/16/2016
 
 You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
 
-**Note**  
+**Note**  
 If you are running a computer with a 64-bit architecture, you must use the x86 version of PowerShell.
 
- 
 
-The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion.
+
+The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion.
 
 The following information provides direction for converting existing virtual application packages.
 
-**Important**  
+**Important**  
 You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process.
 
- 
+
 
 **App-V 4.6 installation folder is redirected to virtual file system root**
 
@@ -50,31 +53,33 @@ Prior to App-V 5.1, the 4.6 root folder was not recognized and could not be acce
 
     -   ConvertFrom-AppvLegacyPackage – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V 5.1 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used for the App-V 5.1 filename.
 
-        Additionally, the package converter optimizes performance of packages in App-V 5.1 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+        Additionally, the package converter optimizes performance of packages in App-V 5.1 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
 
-        **Note**  
+        **Note**  
         Before you specify the output directory, you must create the output directory.
 
-         
 
-    **Advanced Conversion Tips**
 
-    -   Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.1 client.
+~~~
+**Advanced Conversion Tips**
 
-    -   Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
+-   Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.1 client.
 
-    -   Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter.
+-   Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+-   Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter.
+
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 92dcf1e47a..85916b88c8 100644
--- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Connection Group with User-Published and Globally Published Packages
 description: How to Create a Connection Group with User-Published and Globally Published Packages
-author: jamiejdt
+author: dansimp
 ms.assetid: 82f7ea7f-7b14-4506-8940-fdcd6c3e117f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md
index cc25866145..7df286b807 100644
--- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md
+++ b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Connection Group with User-Published and Globally Published Packages
 description: How to Create a Connection Group with User-Published and Globally Published Packages
-author: jamiejdt
+author: dansimp
 ms.assetid: 851b8742-0283-4aa6-b3a3-f7f6289824c3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-create-a-connection-group.md b/mdop/appv-v5/how-to-create-a-connection-group.md
index 090d7acfdc..b9ab2dc072 100644
--- a/mdop/appv-v5/how-to-create-a-connection-group.md
+++ b/mdop/appv-v5/how-to-create-a-connection-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Connection Group
 description: How to Create a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 9d272052-2d28-4e41-989c-89610482a0ca
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ When you place packages in a connection group, their package root paths are merg
     **Important**  
     By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
 
-     
+     
 
 7.  After adding all the applications and configuring Active Directory access, click **Apply**.
 
@@ -52,9 +55,9 @@ When you place packages in a connection group, their package root paths are merg
 
 [Managing Connection Groups](managing-connection-groups.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-connection-group51.md b/mdop/appv-v5/how-to-create-a-connection-group51.md
index 1e55e23904..f5605affe1 100644
--- a/mdop/appv-v5/how-to-create-a-connection-group51.md
+++ b/mdop/appv-v5/how-to-create-a-connection-group51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Connection Group
 description: How to Create a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 221e2eed-7ebb-42e3-b3d6-11c37c0578e6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ When you place packages in a connection group, their package root paths are merg
     **Important**  
     By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
 
-     
+     
 
 6.  After adding all the applications and configuring Active Directory access, click **Apply**.
 
@@ -50,9 +53,9 @@ When you place packages in a connection group, their package root paths are merg
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md
index c247febbaf..42efe03dad 100644
--- a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md
+++ b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Custom Configuration File by Using the App-V 5.0 Management Console
 description: How to Create a Custom Configuration File by Using the App-V 5.0 Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 0d1f6768-be30-4682-8eeb-aa95918b24c3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md
index 094206053c..eb1da74435 100644
--- a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md
+++ b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Custom Configuration File by Using the App-V 5.1 Management Console
 description: How to Create a Custom Configuration File by Using the App-V 5.1 Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: f5ab426a-f49a-47b3-93f3-b9d60aada8f4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,21 +31,23 @@ Use the following procedure to create a Dynamic User Configuration file by using
 
 4.  Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user.
 
-    **Note**  
+    **Note**  
     To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md
index 5432331c70..484ac45489 100644
--- a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Package Accelerator by Using PowerShell
 description: How to Create a Package Accelerator by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 8e527363-d961-4153-826a-446a4ad8d980
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md
index 50aeafba9b..ef6e767d58 100644
--- a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Package Accelerator by Using PowerShell
 description: How to Create a Package Accelerator by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 0cb98394-4477-4193-8c5f-1c1773c7263a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator.md b/mdop/appv-v5/how-to-create-a-package-accelerator.md
index f535031df4..3ca349472c 100644
--- a/mdop/appv-v5/how-to-create-a-package-accelerator.md
+++ b/mdop/appv-v5/how-to-create-a-package-accelerator.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Package Accelerator
 description: How to Create a Package Accelerator
-author: jamiejdt
+author: dansimp
 ms.assetid: dfe305e5-7cf8-498f-9581-4805ffc722bd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,81 +19,87 @@ ms.date: 06/16/2016
 
 App-V 5.0 package accelerators automatically generate new virtual application packages.
 
-**Note**  
+**Note**  
 You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell.md).
 
- 
+
 
 Use the following procedure to create a package accelerator.
 
-**Important**  
+**Important**  
 Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.0 Package Accelerator is applied.
 
- 
 
-**Important**  
+
+**Important**  
 Before you begin the following procedure, you should perform the following:
 
 -   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
 
 -   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
 
- 
+
 
 **To create a package accelerator**
 
-1.  **Important**  
+1.  **Important**  
     The App-V 5.0 Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V 5.0 Sequencer.
 
-     
 
-    To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  To start the App-V 5.0 **Create Package Accelerator** wizard, in the App-V 5.0 sequencer console, click **Tools** / **Create Accelerator**.
+~~~
+To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+~~~
 
-3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
+2. To start the App-V 5.0 **Create Package Accelerator** wizard, in the App-V 5.0 sequencer console, click **Tools** / **Create Accelerator**.
 
-    **Tip**  
-    Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
+3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
 
-     
+   **Tip**  
+   Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
 
-    Click **Next**.
 
-4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-    **Tip**  
-    Copy the folder that contains the required installation files to the computer running the Sequencer.
+~~~
+Click **Next**.
+~~~
 
-     
+4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-5.  If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
+   **Tip**  
+   Copy the folder that contains the required installation files to the computer running the Sequencer.
 
-6.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-    **Note**  
-    You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-     
+5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
 
-7.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-8.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+   **Note**  
+   You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-    If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
 
-9.  On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+
+7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+
+8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+
+   If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
+
+9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
 
 10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
 
 11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
 
-    **Important**  
-    To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
+   **Important**  
+   To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
@@ -99,9 +108,9 @@ Before you begin the following procedure, you should perform the following:
 
 [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator51.md b/mdop/appv-v5/how-to-create-a-package-accelerator51.md
index 9c192fc0ac..45092fa865 100644
--- a/mdop/appv-v5/how-to-create-a-package-accelerator51.md
+++ b/mdop/appv-v5/how-to-create-a-package-accelerator51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Package Accelerator
 description: How to Create a Package Accelerator
-author: jamiejdt
+author: dansimp
 ms.assetid: b61f3581-7933-443e-b872-a96bed9ff8d7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,81 +19,87 @@ ms.date: 06/16/2016
 
 App-V 5.1 package accelerators automatically generate new virtual application packages.
 
-**Note**  
+**Note**  
 You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell51.md).
 
- 
+
 
 Use the following procedure to create a package accelerator.
 
-**Important**  
+**Important**  
 Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.1 Package Accelerator is applied.
 
- 
 
-**Important**  
+
+**Important**  
 Before you begin the following procedure, you should perform the following:
 
 -   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
 
 -   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
 
- 
+
 
 **To create a package accelerator**
 
-1.  **Important**  
+1.  **Important**  
     The App-V 5.1 Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V 5.1 Sequencer.
 
-     
 
-    To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  To start the App-V 5.1 **Create Package Accelerator** wizard, in the App-V 5.1 sequencer console, click **Tools** / **Create Accelerator**.
+~~~
+To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+~~~
 
-3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
+2. To start the App-V 5.1 **Create Package Accelerator** wizard, in the App-V 5.1 sequencer console, click **Tools** / **Create Accelerator**.
 
-    **Tip**  
-    Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
+3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
 
-     
+   **Tip**  
+   Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
 
-    Click **Next**.
 
-4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-    **Tip**  
-    Copy the folder that contains the required installation files to the computer running the Sequencer.
+~~~
+Click **Next**.
+~~~
 
-     
+4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-5.  If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
+   **Tip**  
+   Copy the folder that contains the required installation files to the computer running the Sequencer.
 
-6.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-    **Note**  
-    You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-     
+5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
 
-7.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-8.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+   **Note**  
+   You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-    If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
 
-9.  On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+
+7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+
+8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+
+   If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
+
+9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
 
 10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
 
 11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
 
-    **Important**  
-    To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
+   **Important**  
+   To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
@@ -99,9 +108,9 @@ Before you begin the following procedure, you should perform the following:
 
 [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md
index e5a5e52e28..5520322085 100644
--- a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md
+++ b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Virtual Application Package Using an App-V Package Accelerator
 description: How to Create a Virtual Application Package Using an App-V Package Accelerator
-author: jamiejdt
+author: dansimp
 ms.assetid: 715e7526-e100-419c-8fc1-75cbfe433835
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,17 +17,17 @@ ms.date: 06/16/2016
 # How to Create a Virtual Application Package Using an App-V Package Accelerator
 
 
-**Important**  
+**Important**  
 The App-V 5.0 Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V 5.0 Sequencer.
 
- 
+
 
 Use the following procedure to create a virtual application package with the App-V 5.0 Package Accelerator.
 
-**Note**  
+**Note**  
 Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V 5.0 Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure.
 
- 
+
 
 **To create a virtual application package with an App-V 5.0 Package Accelerator**
 
@@ -34,10 +37,10 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
 3.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
 
-    **Important**  
+    **Important**  
     If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
 
-     
+
 
 4.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
@@ -45,7 +48,7 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
 
-    **Note**  
+    **Note**  
     You can specify the following types of supported installation files:
 
     -   Windows Installer files (**.msi**)
@@ -58,44 +61,46 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
 
-     
 
-    If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
 
-6.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
+~~~
+If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
+~~~
 
-7.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
+6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
 
-    To create the package, click **Create**. After the package is created, click **Next**.
+7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
 
-8.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+   To create the package, click **Create**. After the package is created, click **Next**.
 
-    If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
+8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
 
-    -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
+   If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
 
-    -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+   -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
 
-    -   **Save Package**. The Sequencer saves the package.
+   -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
 
-    -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
+   -   **Save Package**. The Sequencer saves the package.
 
-    If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+   -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
 
-9.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
+   If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
 
-    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md).
+9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md).
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md
index 9e32de10cc..2552432acc 100644
--- a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md
+++ b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Virtual Application Package Using an App-V Package Accelerator
 description: How to Create a Virtual Application Package Using an App-V Package Accelerator
-author: jamiejdt
+author: dansimp
 ms.assetid: eae1e4f8-f14f-4bc8-9867-052561c37297
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,17 +17,17 @@ ms.date: 06/16/2016
 # How to Create a Virtual Application Package Using an App-V Package Accelerator
 
 
-**Important**  
+**Important**  
 The App-V 5.1 Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V 5.1 Sequencer.
 
- 
+
 
 Use the following procedure to create a virtual application package with the App-V 5.1 Package Accelerator.
 
-**Note**  
+**Note**  
 Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V 5.1 Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure.
 
- 
+
 
 **To create a virtual application package with an App-V 5.1 Package Accelerator**
 
@@ -34,10 +37,10 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
 3.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
 
-    **Important**  
+    **Important**  
     If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
 
-     
+
 
 4.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
@@ -45,7 +48,7 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
 
-    **Note**  
+    **Note**  
     You can specify the following types of supported installation files:
 
     -   Windows Installer files (**.msi**)
@@ -58,44 +61,46 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
 
-     
 
-    If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
 
-6.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
+~~~
+If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
+~~~
 
-7.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
+6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
 
-    To create the package, click **Create**. After the package is created, click **Next**.
+7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
 
-8.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+   To create the package, click **Create**. After the package is created, click **Next**.
 
-    If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
+8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
 
-    -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
+   If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
 
-    -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+   -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
 
-    -   **Save Package**. The Sequencer saves the package.
+   -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
 
-    -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
+   -   **Save Package**. The Sequencer saves the package.
 
-    If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+   -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
 
-9.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
+   If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
 
-    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md).
+9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md).
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template.md b/mdop/appv-v5/how-to-create-and-use-a-project-template.md
index 89e44e559b..199c3b09bf 100644
--- a/mdop/appv-v5/how-to-create-and-use-a-project-template.md
+++ b/mdop/appv-v5/how-to-create-and-use-a-project-template.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create and Use a Project Template
 description: How to Create and Use a Project Template
-author: jamiejdt
+author: dansimp
 ms.assetid: 2063f0b3-47a1-4090-bf99-0f26b107331c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,10 +33,10 @@ Use the following procedures to create and apply a new template.
 **Note**  
     If the virtual application package is currently open in the App-V 5.0 Sequencer console, skip to step 3 of this procedure.
 
-2.  To open the existing virtual application package that contains the settings you want to save with the App-V 5.0 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
+2. To open the existing virtual application package that contains the settings you want to save with the App-V 5.0 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
 
-3.  In the App-V 5.0 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.0 project template. Click Save.
-The new App-V 5.0 project template is saved in the directory specified in step 3 of this procedure.
+3. In the App-V 5.0 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.0 project template. Click Save.
+   The new App-V 5.0 project template is saved in the directory specified in step 3 of this procedure.
 
 **To apply a project template**
 
diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template51.md b/mdop/appv-v5/how-to-create-and-use-a-project-template51.md
index 4d518b4889..cc1d47dba3 100644
--- a/mdop/appv-v5/how-to-create-and-use-a-project-template51.md
+++ b/mdop/appv-v5/how-to-create-and-use-a-project-template51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create and Use a Project Template
 description: How to Create and Use a Project Template
-author: jamiejdt
+author: dansimp
 ms.assetid: e5ac1dc8-a88f-4b16-8e3c-df07ef5e4c3b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 You can use an App-V 5.1 project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages.
 
-**Note**  
+**Note**  
 You can, and often should apply an App-V 5.1 project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
 
- 
+
 
 App-V 5.1 project templates differ from App-V 5.1 Application Accelerators because App-V 5.1 Application Accelerators are application-specific, and App-V 5.1 project templates can be applied to multiple applications.
 
@@ -29,42 +32,46 @@ Use the following procedures to create and apply a new template.
 
 1.  To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  **Note**  
+2.  **Note**  
     If the virtual application package is currently open in the App-V 5.1 Sequencer console, skip to step 3 of this procedure.
 
-     
 
-    To open the existing virtual application package that contains the settings you want to save with the App-V 5.1 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
 
-3.  In the App-V 5.1 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.1 project template. Click Save.
+~~~
+To open the existing virtual application package that contains the settings you want to save with the App-V 5.1 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
+~~~
 
-    The new App-V 5.1 project template is saved in the directory specified in step 3 of this procedure.
+3. In the App-V 5.1 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.1 project template. Click Save.
+
+   The new App-V 5.1 project template is saved in the directory specified in step 3 of this procedure.
 
 **To apply a project template**
 
-1.  **Important**  
+1.  **Important**  
     Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
 
-     
 
-    To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  To create or upgrade a new virtual application package by using an App-V 5.1 project template, click **File** / **New From Template**.
+~~~
+To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+~~~
 
-3.  To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**.
+2. To create or upgrade a new virtual application package by using an App-V 5.1 project template, click **File** / **New From Template**.
 
-    Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating.
+3. To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md
index 73b2d6cd58..ba34780c3d 100644
--- a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md
+++ b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
 description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 4f249ee3-cc2d-4b1e-afe5-d1cbf9cabd88
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md
index 1f1e5a0d91..4d7754f265 100644
--- a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md
+++ b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
 description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: dd71df05-512f-4eb4-a55f-e5b93601323d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-delete-a-connection-group.md b/mdop/appv-v5/how-to-delete-a-connection-group.md
index 2a5eb2b2c9..99c4502ead 100644
--- a/mdop/appv-v5/how-to-delete-a-connection-group.md
+++ b/mdop/appv-v5/how-to-delete-a-connection-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Connection Group
 description: How to Delete a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 92654019-a5ad-4ed7-8c39-45f658f60196
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-delete-a-connection-group51.md b/mdop/appv-v5/how-to-delete-a-connection-group51.md
index 9d5bb1f3a0..90aec39b89 100644
--- a/mdop/appv-v5/how-to-delete-a-connection-group51.md
+++ b/mdop/appv-v5/how-to-delete-a-connection-group51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Connection Group
 description: How to Delete a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: dfdfb507-8891-4f17-9125-5759c9b74483
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md
index c059473a85..51e1ae3be1 100644
--- a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Package in the Management Console
 description: How to Delete a Package in the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 4a2be40b-bbb8-4fab-992d-7466df432858
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md
index c9d9c559c5..5717b7c75f 100644
--- a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md
+++ b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a Package in the Management Console
 description: How to Delete a Package in the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: d780aafb-4097-4417-8ecc-30efac73c33a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
index e7312a70b2..cb240b0114 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
@@ -1,8 +1,11 @@
 ---
 title: How to deploy App-V 5.0 Packages Using Electronic Software Distribution
 description: How to deploy App-V 5.0 Packages Using Electronic Software Distribution
-author: jamiejdt
+author: dansimp
 ms.assetid: 08e5e05b-dbb8-4be7-b2d8-721ef627da81
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,12 +45,12 @@ Use one of the following methods to publish packages to App-V client computers w
 
 
 
    PowerShell
    
-
    Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.0, see [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md).
    
+
    Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.0, see Administering App-V by Using PowerShell.
    
 
 
 
 
- 
+ 
 
 **To deploy App-V 5.0 packages by using an ESD**
 
@@ -66,9 +69,9 @@ Use one of the following methods to publish packages to App-V client computers w
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
index 209ec60d49..6171caac63 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
@@ -1,8 +1,11 @@
 ---
 title: How to deploy App-V 5.1 Packages Using Electronic Software Distribution
 description: How to deploy App-V 5.1 Packages Using Electronic Software Distribution
-author: jamiejdt
+author: dansimp
 ms.assetid: e1957a5a-1f18-42da-b2c1-a5ae5a4cca7a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,12 +45,12 @@ Use one of the following methods to publish packages to App-V client computers w
 
 
 
    PowerShell
    
-
    Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.1, see [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md).
    
+
    Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.1, see Administering App-V 5.1 by Using PowerShell.
    
 
 
 
 
- 
+ 
 
 **To deploy App-V 5.1 packages by using an ESD**
 
@@ -66,9 +69,9 @@ Use one of the following methods to publish packages to App-V client computers w
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md
index b9dfd5d542..15023aec87 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md
@@ -2,7 +2,10 @@
 title: How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer
 description: How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer
 ms.assetid: 5b7e27e4-4360-464c-b832-f1c7939e5485
-author: jamiejdt
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+author: dansimp
 ms.date: 06/21/2016
 ---
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md
index e617718801..90cb9db9a7 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md
@@ -2,7 +2,10 @@
 title: How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer
 description: How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer
 ms.assetid: 498d50c7-f13d-4fbb-8ea1-b959ade26fdf
-author: jamiejdt
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md
index e58de2e0a9..4c309e2617 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V 5.0 Server
 description: How to Deploy the App-V 5.0 Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 4f8f16af-7d74-42b4-84b8-b04ce668225d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,126 +33,126 @@ Use the following procedure to install the App-V 5.0 server. For information abo
 
 **To install the App-V 5.0 server**
 
-1.  Copy the App-V 5.0 server installation files to the computer on which you want to install it.
+1. Copy the App-V 5.0 server installation files to the computer on which you want to install it.
 
-2.  Start the App-V 5.0 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+2. Start the App-V 5.0 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
 
-3.  Review and accept the license terms, and choose whether to enable Microsoft updates.
+3. Review and accept the license terms, and choose whether to enable Microsoft updates.
 
-4.  On the **Feature Selection** page, select all of the following components.
+4. On the **Feature Selection** page, select all of the following components.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ComponentDescription
    Management server
    Provides overall management functionality for the App-V infrastructure.
    Management database
    Facilitates database predeployments for App-V management.
    Publishing server
    Provides hosting and streaming functionality for virtual applications.
    Reporting server
    Provides App-V 5.0 reporting services.
    Reporting database
    Facilitates database predeployments for App-V reporting.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    ComponentDescription
    Management server
    Provides overall management functionality for the App-V infrastructure.
    Management database
    Facilitates database predeployments for App-V management.
    Publishing server
    Provides hosting and streaming functionality for virtual applications.
    Reporting server
    Provides App-V 5.0 reporting services.
    Reporting database
    Facilitates database predeployments for App-V reporting.
    
 
-     
+     
 
-5.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
 
-6.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
-    
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
-    
    Not supported: A server name using the format ServerName\INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
-    
    The database name must be unique, or the installation will fail.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
+   
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
+   
    Not supported: A server name using the format ServerName<strong>INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
+   
    The database name must be unique, or the installation will fail.
    
 
-     
+     
 
-7.  On the **Configure** page, accept the default value **Use this local computer**.
+7. On the **Configure** page, accept the default value **Use this local computer**.
 
-    **Note**  
-    If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+   **Note**  
+   If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
-     
+     
 
-8.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
-    
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
-    
    Not supported: A server name using the format ServerName\INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
-    
    The database name must be unique, or the installation will fail.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
+   
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
+   
    Not supported: A server name using the format ServerName<strong>INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
+   
    The database name must be unique, or the installation will fail.
    
 
-     
+     
 
-9.  On the **Configure** page, accept the default value: **Use this local computer**.
+9. On the **Configure** page, accept the default value: **Use this local computer**.
 
-    **Note**  
-    If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+   **Note**  
+   If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
-     
+     
 
 10. On the **Configure** (Management Server Configuration) page, specify the following:
 
@@ -182,7 +185,7 @@ Use the following procedure to install the App-V 5.0 server. For information abo
     
     
 
-     
+     
 
 11. On the **Configure** **Publishing Server Configuration** page, specify the following:
 
@@ -200,7 +203,7 @@ Use the following procedure to install the App-V 5.0 server. For information abo
     
     
     
    Specify the URL for the management service.
    
-    
    Example: http://localhost:12345
    
+    
    Example: http://localhost:12345
    
     
     
     
    Website name: Specify the custom name that will be used to run the publishing service.
    
@@ -214,7 +217,7 @@ Use the following procedure to install the App-V 5.0 server. For information abo
     
     
 
-     
+     
 
 12. On the **Reporting Server** page, specify the following:
 
@@ -242,7 +245,7 @@ Use the following procedure to install the App-V 5.0 server. For information abo
     
     
 
-     
+     
 
 13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
 
@@ -267,9 +270,9 @@ Use the following procedure to install the App-V 5.0 server. For information abo
 
 [How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
index 403b4c37a9..3132a01373 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V 5.0 Server Using a Script
 description: How to Deploy the App-V 5.0 Server Using a Script
-author: jamiejdt
+author: dansimp
 ms.assetid: b91a35c8-df9e-4065-9187-abafbe565b84
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,8 +21,8 @@ In order to complete the **appv\_server\_setup.exe** Server setup successfully u
 
 Use the following tables for more information about installing the App-V 5.0 server using the command line.
 
->[!NOTE]  
->The information in the following tables can also be accessed using the command line by typing the following command:
+>[!NOTE]
+> The information in the following tables can also be accessed using the command line by typing the following command:
 >```
 > appv\_server\_setup.exe /?
 >```
@@ -66,7 +69,7 @@ Use the following tables for more information about installing the App-V 5.0 ser
     
     
     
-     
+     
 @@ -148,7 +151,7 @@ Use the following tables for more information about installing the App-V 5.0 ser
     
    
     
     

     
     
    
-    
+    
 @@ -620,7 +623,7 @@ Use the following tables for more information about installing the App-V 5.0 ser
     
    
     
     

     
    
 
-     
+     
 
 ### Parameters for using an Existing Reporting Server Database
 
@@ -645,11 +648,11 @@ Use the following tables for more information about installing the App-V 5.0 ser
     
    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"
    
     
     
-    
    /EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT
    
+    
    /EXISTING_ REPORTING DB_SQLINSTANCE_USE_DEFAULT
    
     
    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.
    
     
     
-    
    /EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE
    
+    
    /EXISTING REPORTING_DB_CUSTOM_SQLINSTANCE
    
     
    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"
    
     
     
@@ -734,19 +737,19 @@ Use the following tables for more information about installing the App-V 5.0 ser
     
    /EXISTING_MANAGEMENT_DB_NAME
    
     
    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    
     
    
-    
    Got a suggestion for App-V? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
    
+    
    Got a suggestion for App-V? Add or vote on suggestions here. Got an App-V issue? Use the App-V TechNet Forum.
    
 
 
 
-  
+  
 
 ## Related topics
 
 [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md
index 3eb5565576..597cd51d2b 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V 5.1 Server Using a Script
 description: How to Deploy the App-V 5.1 Server Using a Script
-author: jamiejdt
+author: dansimp
 ms.assetid: 15c33d7b-9b61-4dbc-8674-399bb33e5f7e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,770 +23,772 @@ In order to complete the **appv\_server\_setup.exe** Server setup successfully u
 
 -   Use the following tables for more information about installing the App-V 5.1 server using the command line.
 
-    **Note**  
+    **Note**  
     The information in the following tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
 
-     
 
-    **Common parameters and Examples**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Management server and Management database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /MANAGEMENT_SERVER
    
-    
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
-    
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
-    
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
-    
    /DB_PREDEPLOY_MANAGEMENT
    
-    
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
+~~~
+**Common parameters and Examples**
 
-     
+
++++
+
+
+
+
+
+
+
    



    To Install the Management server and Management database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /MANAGEMENT_SERVER
    
+
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
+
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
+
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
+
    /DB_PREDEPLOY_MANAGEMENT
    
+
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Management server using an existing Management database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
      • 
-    
    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
      • 
-    
    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /MANAGEMENT_SERVER
    
-    
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
-    
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
-    
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
-    
    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
    
-    
    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”
    
-    
    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To install the Management server using an existing Management database on a remote machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
      • 
-    
    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /MANAGEMENT_SERVER
      • 
-    
    • /MANAGEMENT_ADMINACCOUNT
      • 
-    
    • /MANAGEMENT_WEBSITE_NAME
      • 
-    
    • /MANAGEMENT_WEBSITE_PORT
      • 
-    
    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
      • 
-    
    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /MANAGEMENT_SERVER
    
-    
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
-    
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
-    
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
-    
    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”
    
-    
    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”
    
-    
    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”
    
+
++++
+
+
+
+
+
+
+
    



    To Install the Management server using an existing Management database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
      • 
+
    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
      • 
+
    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
+
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /MANAGEMENT_SERVER
    
+
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
+
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
+
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
+
    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
    
+
    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”
    
+
    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Management database and the Management Server on the same computer.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
      • 
-    
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
      • 
-    
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /DB_PREDEPLOY_MANAGEMENT
    
-    
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
-    
    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
    
-    
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To install the Management server using an existing Management database on a remote machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
      • 
+
    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /MANAGEMENT_SERVER
      • 
+
    • /MANAGEMENT_ADMINACCOUNT
      • 
+
    • /MANAGEMENT_WEBSITE_NAME
      • 
+
    • /MANAGEMENT_WEBSITE_PORT
      • 
+
    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
      • 
+
    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
+
    • /EXISTING_MANAGEMENT_DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /MANAGEMENT_SERVER
    
+
    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”
    
+
    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”
    
+
    /MANAGEMENT_WEBSITE_PORT=”8080”
    
+
    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”
    
+
    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”
    
+
    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To install the Management database on a different computer than the Management server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
-    
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_MANAGEMENT
      • 
-    
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /MANAGEMENT_DB_NAME
      • 
-    
    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
-    
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /DB_PREDEPLOY_MANAGEMENT
    
-    
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
-    
    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”
    
-    
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the publishing server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /PUBLISHING_SERVER
      • 
-    
    • /PUBLISHING_MGT_SERVER
      • 
-    
    • /PUBLISHING_WEBSITE_NAME
      • 
-    
    • /PUBLISHING_WEBSITE_PORT
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /PUBLISHING_SERVER
    
-    
    /PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”
    
-    
    /PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”
    
-    
    /PUBLISHING_WEBSITE_PORT=”8081”
    
+
++++
+
+
+
+
+
+
+
    



    To Install the Management database and the Management Server on the same computer.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
      • 
+
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
      • 
+
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /DB_PREDEPLOY_MANAGEMENT
    
+
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
+
    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
    
+
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Reporting server and Reporting database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _ADMINACCOUNT
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
      
-    
    • /appv_server_setup.exe /QUIET
      • 
-    
    • /REPORTING_SERVER
      • 
-    
    • /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
      • 
-    
    • /REPORTING_WEBSITE_PORT=”8082”
      • 
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
      • 
-    
    • /REPORTING_DB_NAME=”AppVReporting”
      • 
-    
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To install the Management database on a different computer than the Management server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
+
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /DB_PREDEPLOY_MANAGEMENT
      • 
+
    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
      • 
+
    • /MANAGEMENT_DB_NAME
      • 
+
    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
+
    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /DB_PREDEPLOY_MANAGEMENT
    
+
    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /MANAGEMENT_DB_NAME=”AppVManagement”
    
+
    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”
    
+
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Reporting server and using an existing Reporting database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
      • 
-    
    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /EXISTING_REPORTING _DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _ADMINACCOUNT
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
      • 
-    
    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /EXISTING_REPORTING _DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /REPORTING_SERVER
    
-    
    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
    
-    
    /REPORTING_WEBSITE_PORT=”8082”
    
-    
    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
    
-    
    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /EXITING_REPORTING_DB_NAME=”AppVReporting”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To Install the Reporting server using an existing Reporting database on a remote machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
      • 
-    
    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /EXISTING_REPORTING _DB_NAME
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /REPORTING _SERVER
      • 
-    
    • /REPORTING _ADMINACCOUNT
      • 
-    
    • /REPORTING _WEBSITE_NAME
      • 
-    
    • /REPORTING _WEBSITE_PORT
      • 
-    
    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
      • 
-    
    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /EXISTING_REPORTING _DB_NAME
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /REPORTING_SERVER
    
-    
    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
    
-    
    /REPORTING_WEBSITE_PORT=”8082”
    
-    
    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”
    
-    
    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /EXITING_REPORTING_DB_NAME=”AppVReporting”
    
+
++++
+
+
+
+
+
+
+
    



    To Install the publishing server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /PUBLISHING_SERVER
      • 
+
    • /PUBLISHING_MGT_SERVER
      • 
+
    • /PUBLISHING_WEBSITE_NAME
      • 
+
    • /PUBLISHING_WEBSITE_PORT
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /PUBLISHING_SERVER
    
+
    /PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”
    
+
    /PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”
    
+
    /PUBLISHING_WEBSITE_PORT=”8081”
    
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To install the Reporting database on the same computer as the Reporting server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    • /REPORTING_SERVER_MACHINE_USE_LOCAL
      • 
-    
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    • /REPORTING_SERVER_MACHINE_USE_LOCAL
      • 
-    
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /DB_PREDEPLOY_REPORTING
    
-    
    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /REPORTING_DB_NAME=”AppVReporting”
    
-    
    /REPORTING_SERVER_MACHINE_USE_LOCAL
    
-    
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To Install the Reporting server and Reporting database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _ADMINACCOUNT
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
      
+
    • /appv_server_setup.exe /QUIET
      • 
+
    • /REPORTING_SERVER
      • 
+
    • /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
      • 
+
    • /REPORTING_WEBSITE_PORT=”8082”
      • 
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
      • 
+
    • /REPORTING_DB_NAME=”AppVReporting”
      • 
+
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
    



    To install the Reporting database on a different computer than the Reporting server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
-    
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
-    
      
-    
    • /DB_PREDEPLOY_REPORTING
      • 
-    
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
-    
    • /REPORTING _DB_NAME
      • 
-    
    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
-    
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
-    
    
-    
    Using a custom instance of Microsoft SQL Server example:
    
-    
    /appv_server_setup.exe /QUIET
    
-    
    /DB_PREDEPLOY_REPORTING
    
-    
    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
-    
    /REPORTING_DB_NAME=”AppVReporting”
    
-    
    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”
    
-    
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-     
 
-    **Parameter Definitions**
+
++++
+
+
+
+
+
+
+
    



    To Install the Reporting server and using an existing Reporting database on a local machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
      • 
+
    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /EXISTING_REPORTING _DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _ADMINACCOUNT
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
      • 
+
    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
+
    • /EXISTING_REPORTING _DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /REPORTING_SERVER
    
+
    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
    
+
    /REPORTING_WEBSITE_PORT=”8082”
    
+
    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
    
+
    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /EXITING_REPORTING_DB_NAME=”AppVReporting”
    
 
-    **General Parameters**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /QUIET
    Specifies silent install.
    /UNINSTALL
    Specifies an uninstall.
    /LAYOUT
    Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.
    /LAYOUTDIR
    Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”
    /INSTALLDIR
    Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”
    /MUOPTIN
    Enables Microsoft Update. No value is expected
    /ACCEPTEULA
    Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To Install the Reporting server using an existing Reporting database on a remote machine.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
      • 
+
    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /EXISTING_REPORTING _DB_NAME
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /REPORTING _SERVER
      • 
+
    • /REPORTING _ADMINACCOUNT
      • 
+
    • /REPORTING _WEBSITE_NAME
      • 
+
    • /REPORTING _WEBSITE_PORT
      • 
+
    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
      • 
+
    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
+
    • /EXISTING_REPORTING _DB_NAME
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /REPORTING_SERVER
    
+
    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”
    
+
    /REPORTING_WEBSITE_PORT=”8082”
    
+
    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”
    
+
    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /EXITING_REPORTING_DB_NAME=”AppVReporting”
    
 
-    **Management Server Installation Parameters**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /MANAGEMENT_SERVER
    Specifies that the management server will be installed. No value is expected
    /MANAGEMENT_ADMINACCOUNT
    Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: /MANAGEMENT_ADMINACCOUNT=”mydomain\admin”. If /MANAGEMENT_SERVER is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, /MANAGEMENT_ADMINACCOUNT="mydomain\admin".
    /MANAGEMENT_WEBSITE_NAME
    Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”
    MANAGEMENT_WEBSITE_PORT
    Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To install the Reporting database on the same computer as the Reporting server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    • /REPORTING_SERVER_MACHINE_USE_LOCAL
      • 
+
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    • /REPORTING_SERVER_MACHINE_USE_LOCAL
      • 
+
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /DB_PREDEPLOY_REPORTING
    
+
    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /REPORTING_DB_NAME=”AppVReporting”
    
+
    /REPORTING_SERVER_MACHINE_USE_LOCAL
    
+
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-    **Parameters for the Management Server Database**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /DB_PREDEPLOY_MANAGEMENT
    Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected
    /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance should be used. No value is expected.
    /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.
    /MANAGEMENT_DB_NAME
    Specifies the name of the new management database that should be created. Example usage: /MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.
    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
    Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.
    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
    Specifies the machine account of the remote machine that the management server will be installed on. Example usage: /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
    Indicates the Administrator account that will be used to install the management server. Example usage: /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”
    
 
-     
+
++++
+
+
+
+
+
+
+
    



    To install the Reporting database on a different computer than the Reporting server.
    To use the default instance of Microsoft SQL Server, use the following parameters:
    
+
      
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
+
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    To use a custom instance of Microsoft SQL Server, use these parameters:
    
+
      
+
    • /DB_PREDEPLOY_REPORTING
      • 
+
    • /REPORTING _DB_CUSTOM_SQLINSTANCE
      • 
+
    • /REPORTING _DB_NAME
      • 
+
    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
      • 
+
    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
      • 
+
    
+
    Using a custom instance of Microsoft SQL Server example:
    
+
    /appv_server_setup.exe /QUIET
    
+
    /DB_PREDEPLOY_REPORTING
    
+
    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”
    
+
    /REPORTING_DB_NAME=”AppVReporting”
    
+
    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”
    
+
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”
    
 
-    **Parameters for Installing Publishing Server**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /PUBLISHING_SERVER
    Specifies that the Publishing Server will be installed. No value is expected
    /PUBLISHING_MGT_SERVER
    Specifies the URL to Management Service the Publishing server will connect to. Example usage: http://<management server name>:<Management server port number>. If /PUBLISHING_SERVER is not used, this parameter will be ignored
    /PUBLISHING_WEBSITE_NAME
    Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”
    /PUBLISHING_WEBSITE_PORT
    Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83
    
 
-     
+**Parameter Definitions**
 
-    **Parameters for Reporting Server**
+**General Parameters**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /REPORTING_SERVER
    Specifies that the Reporting Server will be installed. No value is expected
    /REPORTING_WEBSITE_NAME
    Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"
    /REPORTING_WEBSITE_PORT
    Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82
    
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /QUIET
    Specifies silent install.
    /UNINSTALL
    Specifies an uninstall.
    /LAYOUT
    Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.
    /LAYOUTDIR
    Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”
    /INSTALLDIR
    Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”
    /MUOPTIN
    Enables Microsoft Update. No value is expected
    /ACCEPTEULA
    Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.
    
 
-     
 
-    **Parameters for using an Existing Reporting Server Database**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
    Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.
    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"
    /EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.
    /EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"
    /EXISTING_ REPORTING _DB_NAME
    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"
    
+**Management Server Installation Parameters**
 
-     
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /MANAGEMENT_SERVER
    Specifies that the management server will be installed. No value is expected
    /MANAGEMENT_ADMINACCOUNT
    Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: /MANAGEMENT_ADMINACCOUNT=”mydomain\admin”. If /MANAGEMENT_SERVER is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, /MANAGEMENT_ADMINACCOUNT="mydomain\admin".
    /MANAGEMENT_WEBSITE_NAME
    Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”
    MANAGEMENT_WEBSITE_PORT
    Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.
    
 
-    **Parameters for installing Reporting Server Database**
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /DB_PREDEPLOY_REPORTING
    Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected
    /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"
    /REPORTING_DB_NAME
    Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB"
    /REPORTING_SERVER_MACHINE_USE_LOCAL
    Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.
    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
    Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
    Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"
    
 
-     
+**Parameters for the Management Server Database**
 
-    **Parameters for using an existing Management Server Database**
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /DB_PREDEPLOY_MANAGEMENT
    Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected
    /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance should be used. No value is expected.
    /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.
    /MANAGEMENT_DB_NAME
    Specifies the name of the new management database that should be created. Example usage: /MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.
    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
    Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.
    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
    Specifies the machine account of the remote machine that the management server will be installed on. Example usage: /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”
    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
    Indicates the Administrator account that will be used to install the management server. Example usage: /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”
    
+
+
+
+**Parameters for Installing Publishing Server**
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /PUBLISHING_SERVER
    Specifies that the Publishing Server will be installed. No value is expected
    /PUBLISHING_MGT_SERVER
    Specifies the URL to Management Service the Publishing server will connect to. Example usage: http://<management server name>:<Management server port number>. If /PUBLISHING_SERVER is not used, this parameter will be ignored
    /PUBLISHING_WEBSITE_NAME
    Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”
    /PUBLISHING_WEBSITE_PORT
    Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83
    
+
+
+
+**Parameters for Reporting Server**
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /REPORTING_SERVER
    Specifies that the Reporting Server will be installed. No value is expected
    /REPORTING_WEBSITE_NAME
    Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"
    /REPORTING_WEBSITE_PORT
    Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82
    
+
+
+
+**Parameters for using an Existing Reporting Server Database**
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
    Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.
    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"
    /EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.
    /EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"
    /EXISTING_ REPORTING _DB_NAME
    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"
    
+
+
+
+**Parameters for installing Reporting Server Database**
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /DB_PREDEPLOY_REPORTING
    Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected
    /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"
    /REPORTING_DB_NAME
    Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB"
    /REPORTING_SERVER_MACHINE_USE_LOCAL
    Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.
    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
    Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"
    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
    Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"
    
+
+
+
+**Parameters for using an existing Management Server Database**
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    ParameterInformation
    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
    Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"
    /EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that will be used. Example usage /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_NAME
    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    
+
    
+
    Got a suggestion for App-V? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
    
+~~~
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ParameterInformation
    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
    Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"
    /EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE
    Specifies the name of the custom SQL instance that will be used. Example usage /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    /EXISTING_MANAGEMENT_DB_NAME
    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.
    
-    
    
-    
    Got a suggestion for App-V? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
    
 
-     
 
 ## Related topics
 
 
 [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md
index 544fdab456..97b1877022 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V 5.1 Server
 description: How to Deploy the App-V 5.1 Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 4729beda-b98f-481b-ae74-ad71c59b1d69
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,126 +33,126 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 **To install the App-V 5.1 server**
 
-1.  Copy the App-V 5.1 server installation files to the computer on which you want to install it.
+1. Copy the App-V 5.1 server installation files to the computer on which you want to install it.
 
-2.  Start the App-V 5.1 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+2. Start the App-V 5.1 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
 
-3.  Review and accept the license terms, and choose whether to enable Microsoft updates.
+3. Review and accept the license terms, and choose whether to enable Microsoft updates.
 
-4.  On the **Feature Selection** page, select all of the following components.
+4. On the **Feature Selection** page, select all of the following components.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    ComponentDescription
    Management server
    Provides overall management functionality for the App-V infrastructure.
    Management database
    Facilitates database predeployments for App-V management.
    Publishing server
    Provides hosting and streaming functionality for virtual applications.
    Reporting server
    Provides App-V 5.1 reporting services.
    Reporting database
    Facilitates database predeployments for App-V reporting.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    ComponentDescription
    Management server
    Provides overall management functionality for the App-V infrastructure.
    Management database
    Facilitates database predeployments for App-V management.
    Publishing server
    Provides hosting and streaming functionality for virtual applications.
    Reporting server
    Provides App-V 5.1 reporting services.
    Reporting database
    Facilitates database predeployments for App-V reporting.
    
 
-     
+     
 
-5.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
 
-6.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
-    
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
-    
    Not supported: A server name using the format ServerName\INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
-    
    The database name must be unique, or the installation will fail.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
+   
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
+   
    Not supported: A server name using the format ServerName<strong>INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
+   
    The database name must be unique, or the installation will fail.
    
 
-     
+     
 
-7.  On the **Configure** page, accept the default value **Use this local computer**.
+7. On the **Configure** page, accept the default value **Use this local computer**.
 
-    **Note**  
-    If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+   **Note**  
+   If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
-     
+     
 
-8.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
-    
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
-    
    Not supported: A server name using the format ServerName\INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
-    
    The database name must be unique, or the installation will fail.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    MethodWhat you need to do
    You are using a custom Microsoft SQL Server instance.
    Select Use the custom instance, and type the name of the instance.
    
+   
    Use the format INSTANCENAME. The assumed installation location is the local computer.
    
+   
    Not supported: A server name using the format ServerName<strong>INSTANCE.
    You are using a custom database name.
    Select Custom configuration and type the database name.
    
+   
    The database name must be unique, or the installation will fail.
    
 
-     
+     
 
-9.  On the **Configure** page, accept the default value: **Use this local computer**.
+9. On the **Configure** page, accept the default value: **Use this local computer**.
 
-    **Note**  
-    If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+   **Note**  
+   If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
-     
+     
 
 10. On the **Configure** (Management Server Configuration) page, specify the following:
 
@@ -182,7 +185,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
+     
 
 11. On the **Configure** **Publishing Server Configuration** page, specify the following:
 
@@ -200,7 +203,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
     
    Specify the URL for the management service.
    
-    
    Example: http://localhost:12345
    
+    
    Example: http://localhost:12345
    
     
     
     
    Website name: Specify the custom name that will be used to run the publishing service.
    
@@ -214,7 +217,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
+     
 
 12. On the **Reporting Server** page, specify the following:
 
@@ -242,7 +245,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
+     
 
 13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
 
@@ -265,9 +268,9 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 [How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md
index 644225452a..f89ee280f9 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V Client
 description: How to Deploy the App-V Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 981f57c9-56c3-45da-8261-0972bfad3e5b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,36 +21,36 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 **What to do before you start**
 
-1.  Review and install the software prerequisites:
+1. Review and install the software prerequisites:
 
-    Install the prerequisite software that corresponds to the version of App-V that you are installing:
+   Install the prerequisite software that corresponds to the version of App-V that you are installing:
 
-    -   [About App-V 5.1](about-app-v-51.md)
+   -   [About App-V 5.1](about-app-v-51.md)
 
-    -   [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
+   -   [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
 
-2.  Review the client coexistence and unsupported scenarios, as applicable to your installation:
+2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    Deploying coexisting App-V clients
    [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md)
    Unsupported or limited installation scenarios
    See the client section in [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md)
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    Deploying coexisting App-V clients
    Planning for the App-V 5.1 Sequencer and Client Deployment
    Unsupported or limited installation scenarios
    See the client section in App-V 5.1 Supported Configurations
    
 
-     
 
-3.  Review the locations for client registry, log, and troubleshooting information:
+
+3. Review the locations for client registry, log, and troubleshooting information:
 
 @@ -73,9 +76,9 @@ Use the following procedure to install the Microsoft Application Virtualization
 
    Event logs / Applications and Services Logs / Microsoft / AppV
  • In App-V 5.0 SP3, some logs were consolidated and moved to the following location:
    
 
    Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog
    
-
    For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
    • 
+
    For a list of the moved logs, see About App-V 5.0 SP3.
  • Packages that are currently stored on computers that run the App-V 5.1 Client are saved to the following location:
    
-
    C:\ProgramData\App-V\<package id>\<version id>
    • 
+
    C:\ProgramData\App-V&lt;package id>&lt;version id>
    
@@ -85,7 +88,7 @@ Use the following procedure to install the Microsoft Application Virtualization
 
    
 

 
 
 
 
 
    
 
    
 
- 
+
 
 **To install the App-V 5.1 Client**
 
@@ -114,7 +117,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
+
 
 2.  Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.1 Prerequisites](app-v-51-prerequisites.md).
 
@@ -130,151 +133,151 @@ Use the following procedure to install the Microsoft Application Virtualization
 
     -   **language pack**
 
-        **Note**  
+        **Note**  
         After the installation, only the .exe file can be uninstalled.
 
-         
+
 
 **To install the App-V 5.1 client using a script**
 
-1.  Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
+1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
 
-2.  To use a script to install the App-V 5.1 client, use the following parameters with **appv\_client\_setup.exe**.
+2. To use a script to install the App-V 5.1 client, use the following parameters with **appv\_client\_setup.exe**.
 
-    **Note**  
-    The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
+   **Note**  
+   The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    /INSTALLDIR
    Specifies the installation directory. Example usage: /INSTALLDIR=C:\Program Files\AppV Client
    /CEIPOPTIN
    Enables participation in the Customer Experience Improvement Program. Example usage: /CEIPOPTIN=[0|1]
    /MUOPTIN
    Enables Microsoft Update. Example usage: /MUOPTIN=[0|1]
    /PACKAGEINSTALLATIONROOT
    Specifies the directory in which to install all new applications and updates. Example usage: /PACKAGEINSTALLATIONROOT='C:\App-V Packages'
    /PACKAGESOURCEROOT
    Overrides the source location for downloading package content. Example usage: /PACKAGESOURCEROOT='http://packageStore'
    /AUTOLOAD
    Specifies how new packages will be loaded by App-V 5.1 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].Example usage: /AUTOLOAD=[0|1|2]
    /SHAREDCONTENTSTOREMODE
    Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: /SHAREDCONTENTSTOREMODE=[0|1]
    /MIGRATIONMODE
    Allows the App-V 5.1 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: /MIGRATIONMODE=[0|1]
    /ENABLEPACKAGESCRIPTS
    Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: /ENABLEPACKAGESCRIPTS=[0|1]
    /ROAMINGREGISTRYEXCLUSIONS
    Specifies the registry paths that will not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients
    /ROAMINGFILEEXCLUSIONS
    Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS 'desktop;my pictures'
    /S[1-5]PUBLISHINGSERVERNAME
    Displays the name of the publishing server. Example usage: /S2PUBLISHINGSERVERNAME=MyPublishingServer
    /S[1-5]PUBLISHINGSERVERURL
    Displays the URL of the publishing server. Example usage: /S2PUBLISHINGSERVERURL=\pubserver
    /S[1-5]GLOBALREFRESHENABLED -
    Enables a global publishing refresh. Example usage: /S2GLOBALREFRESHENABLED=[0|1]
    /S[1-5]GLOBALREFRESHONLOGON
    Initiates a global publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]
    /S[1-5]GLOBALREFRESHINTERVAL -
    Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]
    /S[1-5]GLOBALREFRESHINTERVALUNIT
    Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2GLOBALREFRESHINTERVALUNIT=[0|1]
    /S[1-5]USERREFRESHENABLED
    Enables user publishing refresh. Example usage: /S2USERREFRESHENABLED=[0|1]
    /S[1-5]USERREFRESHONLOGON
    Initiates a user publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]
    /S[1-5]USERREFRESHINTERVAL -
    Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]
    /S[1-5]USERREFRESHINTERVALUNIT
    Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2USERREFRESHINTERVALUNIT=[0|1]
    /Log
    Specifies a location where the log information is saved. The default location is %Temp%. Example usage: /log C:\logs\log.log
    /q
    Specifies an unattended installation.
    /REPAIR
    Repairs a previous client installation.
    /NORESTART
    Prevents the computer from rebooting after the client installation.
    
+   
    The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.1 and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V.
    /UNINSTALL
    Uninstalls the client.
    /ACCEPTEULA
    Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.
    /LAYOUT
    Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.1. No value is expected.
    /LAYOUTDIR
    Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.
    /?, /h, /help
    Requests help about the previous installation parameters.
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    /INSTALLDIR
    Specifies the installation directory. Example usage: /INSTALLDIR=C:\Program Files\AppV Client
    /CEIPOPTIN
    Enables participation in the Customer Experience Improvement Program. Example usage: /CEIPOPTIN=[0|1]
    /MUOPTIN
    Enables Microsoft Update. Example usage: /MUOPTIN=[0|1]
    /PACKAGEINSTALLATIONROOT
    Specifies the directory in which to install all new applications and updates. Example usage: /PACKAGEINSTALLATIONROOT='C:\App-V Packages'
    /PACKAGESOURCEROOT
    Overrides the source location for downloading package content. Example usage: /PACKAGESOURCEROOT='http://packageStore'
    /AUTOLOAD
    Specifies how new packages will be loaded by App-V 5.1 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].Example usage: /AUTOLOAD=[0|1|2]
    /SHAREDCONTENTSTOREMODE
    Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: /SHAREDCONTENTSTOREMODE=[0|1]
    /MIGRATIONMODE
    Allows the App-V 5.1 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: /MIGRATIONMODE=[0|1]
    /ENABLEPACKAGESCRIPTS
    Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: /ENABLEPACKAGESCRIPTS=[0|1]
    /ROAMINGREGISTRYEXCLUSIONS
    Specifies the registry paths that will not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients
    /ROAMINGFILEEXCLUSIONS
    Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS 'desktop;my pictures'
    /S[1-5]PUBLISHINGSERVERNAME
    Displays the name of the publishing server. Example usage: /S2PUBLISHINGSERVERNAME=MyPublishingServer
    /S[1-5]PUBLISHINGSERVERURL
    Displays the URL of the publishing server. Example usage: /S2PUBLISHINGSERVERURL=\\pubserver
    /S[1-5]GLOBALREFRESHENABLED -
    Enables a global publishing refresh. Example usage: /S2GLOBALREFRESHENABLED=[0|1]
    /S[1-5]GLOBALREFRESHONLOGON
    Initiates a global publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]
    /S[1-5]GLOBALREFRESHINTERVAL -
    Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]
    /S[1-5]GLOBALREFRESHINTERVALUNIT
    Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2GLOBALREFRESHINTERVALUNIT=[0|1]
    /S[1-5]USERREFRESHENABLED
    Enables user publishing refresh. Example usage: /S2USERREFRESHENABLED=[0|1]
    /S[1-5]USERREFRESHONLOGON
    Initiates a user publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]
    /S[1-5]USERREFRESHINTERVAL -
    Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]
    /S[1-5]USERREFRESHINTERVALUNIT
    Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2USERREFRESHINTERVALUNIT=[0|1]
    /Log
    Specifies a location where the log information is saved. The default location is %Temp%. Example usage: /log C:\logs\log.log
    /q
    Specifies an unattended installation.
    /REPAIR
    Repairs a previous client installation.
    /NORESTART
    Prevents the computer from rebooting after the client installation.
    
-    
    The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.1 and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V.
    /UNINSTALL
    Uninstalls the client.
    /ACCEPTEULA
    Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.
    /LAYOUT
    Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.1. No value is expected.
    /LAYOUTDIR
    Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.
    /?, /h, /help
    Requests help about the previous installation parameters.
    
 
-     
 
 **To install the App-V 5.1 client by using the Windows Installer (.msi) file**
 
@@ -311,7 +314,7 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
+
 
 4.  Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
 
@@ -346,9 +349,11 @@ Use the following procedure to install the Microsoft Application Virtualization
     
     
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
@@ -359,9 +364,9 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 [How to Uninstall the App-V 5.1 Client](how-to-uninstall-the-app-v-51-client.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
index 143ee0777c..930cf3c6f7 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
@@ -1,9 +1,11 @@
 ---
 title: How to Deploy the App-V Client
 description: How to Deploy the App-V Client
-ms.author: pashort
-author: jamiejdt
+ms.author: dansimp
+author: dansimp
 ms.assetid: 9c4e67ae-ddaf-4e23-8c16-72d029a74a27
+ms.reviewer: 
+manager: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,30 +33,36 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
 
-   | | |
-   |---|---|
-   |Deploying coexisting App-V clients |[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) |
-   |Unsupported or limited installation scenarios |[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) |
+
+   |                                               |                                                                                                                            |
+   |-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
+   |      Deploying coexisting App-V clients       | [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) |
+   | Unsupported or limited installation scenarios |                         [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)                         |
+
    ---
-   
+
 3. Review the locations for client registry, log, and troubleshooting information:
 
-   | | |
-   |---|---|
-   |Client registry information |
    • By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT
    • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:
      C:\ProgramData\App-V
      However, you can reconfigure this location with the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT
     |
-   |Client log files |
    • For log file information that is associated with the App-V 5.0 Client, search in the following log:
      Event logs/Applications and Services Logs/Microsoft/AppV
    • In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:
      Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog
      For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
    • Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:
      C:\ProgramData\App-V\<_package id_>\<_version id_>
     |
-   |Client installation troubleshooting information |See the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**. |
+
+   |                                                 |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+   |-------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+   |           Client registry information           |                                    
    • By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT
    • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:
      C:\ProgramData\App-V
      However, you can reconfigure this location with the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT
                                        |
+   |                Client log files                 | 
    • For log file information that is associated with the App-V 5.0 Client, search in the following log:
      Event logs/Applications and Services Logs/Microsoft/AppV
    • In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:
      Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog
      For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
    • Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:
      C:\ProgramData\App-V\<package id>\<version id>
     |
+   | Client installation troubleshooting information |                                                                                                                                                                                                                                                                                   See the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**.                                                                                                                                                                                                                                                                                   |
+
    ---
-   
+
 
 **To install the App-V 5.0 Client**
 
 1. Copy the App-V 5.0 client installation file to the computer on which it will be installed.
    Choose from the following client types:
 
-   |Client type |File to use |
-   |---|---|
-   |Standard version of the client   |**appv_client_setup.exe**  |
-   |Remote Desktop Services version of the client   |**appv_client_setup_rds.exe**   |
+
+   |                  Client type                  |          File to use          |
+   |-----------------------------------------------|-------------------------------|
+   |        Standard version of the client         |   **appv_client_setup.exe**   |
+   | Remote Desktop Services version of the client | **appv_client_setup_rds.exe** |
+
    ---
 
 2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md).
@@ -70,7 +78,7 @@ Use the following procedure to install the Microsoft Application Virtualization
    -   **.msi**
 
    -   **language pack**
-   
+
    >[!NOTE]
    >After the installation, only the .exe file can be uninstalled.
 
@@ -84,38 +92,39 @@ Use the following procedure to install the Microsoft Application Virtualization
    >[!NOTE]
    >The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
 
-   | | |
-   |---|---|
-   |/INSTALLDIR |Specifies the installation directory. Example usage:
    **/INSTALLDIR=C:\Program Files\AppV Client** |
-   |/CEIPOPTIN |Enables participation in the Customer Experience Improvement Program. Example usage:
    **/CEIPOPTIN=[0\|1\]** |
-   |/MUOPTIN |Enables Microsoft Update. Example usage:
    **/MUOPTIN=[0\|1\]** |
-   |/PACKAGEINSTALLATIONROOT |Specifies the directory in which to install all new applications and updates. Example usage: 
    **/PACKAGEINSTALLATIONROOT='C:\App-V Packages'** |
-   |/PACKAGESOURCEROOT |Overrides the source location for downloading package content. Example usage:
    **/PACKAGESOURCEROOT='http://packageStore'** |
-   |/AUTOLOAD |Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:
    **/AUTOLOAD=[0\|1\|2\]** |
-   |/SHAREDCONTENTSTOREMODE |Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: 
    **/SHAREDCONTENTSTOREMODE=[0\|1\]** |
-   |/MIGRATIONMODE |Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:
    **/MIGRATIONMODE=[0\|1\]** |
-   |/ENABLEPACKAGESCRIPTS |Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:
    **/ENABLEPACKAGESCRIPTS=[0\|1\]** |
-   |/ROAMINGREGISTRYEXCLUSIONS |Specifies the registry paths that will not roam with a user profile. Example usage:
    **/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients** |
-   |/ROAMINGFILEEXCLUSIONS |Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: 
    **/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'** |
-   |/S[1-5]PUBLISHINGSERVERNAME |Displays the name of the publishing server. Example usage:
    **/S2PUBLISHINGSERVERNAME=MyPublishingServer** |
-   |/S[1-5]PUBLISHINGSERVERURL |Displays the URL of the publishing server. Example usage:
    **/S2PUBLISHINGSERVERURL=\\pubserver** |
-   |/S[1-5]GLOBALREFRESHENABLED|Enables a global publishing refresh. Example usage:
    **/S2GLOBALREFRESHENABLED=[0\|1\]** |
-   |/S[1-5]GLOBALREFRESHONLOGON |Initiates a global publishing refresh when a user logs on. Example usage:
    **/S2LOGONREFRESH=[0\|1\]** |
-   |/S[1-5]GLOBALREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
-   |/S[1-5]GLOBALREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:
    **/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]** |
-   |/S[1-5]USERREFRESHENABLED |Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]** |
-   |/S[1-5]USERREFRESHONLOGON |Initiates a user publishing refresh when a user logs on. Example usage:
    **/S2LOGONREFRESH=[0\|1\]** |
-   |/S[1-5]USERREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
-   |/S[1-5]USERREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:
    **/S2USERREFRESHINTERVALUNIT=[0\|1\]** |
-   |/Log |Specifies a location where the log information is saved. The default location is %Temp%. Example usage:
    **/log C:\logs\log.log** |
-   |/q |Specifies an unattended installation. |
-   |/REPAIR |Repairs a previous client installation. |
-   |/NORESTART |Prevents the computer from rebooting after the client installation.
    The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. |
-   |/UNINSTALL |Uninstalls the client. |
-   |/ACCEPTEULA |Accepts the license agreement. This is required for an unattended installation. Example usage:
    **/ACCEPTEULA** or **/ACCEPTEULA=1** |
-   |/LAYOUT |Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. |
-   |/LAYOUTDIR |Specifies the layout directory. Requires a string value. Example usage:
    **/LAYOUTDIR=”C:\Application Virtualization Client”** |
-   |/?, /h, /help |Requests help about the previous installation parameters. |
+   |                                  |                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+   |----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+   |           /INSTALLDIR            |                                                                                                                                                               Specifies the installation directory. Example usage:
    **/INSTALLDIR=C:\Program Files\AppV Client**                                                                                                                                                                |
+   |            /CEIPOPTIN            |                                                                                                                                                          Enables participation in the Customer Experience Improvement Program. Example usage:
    **/CEIPOPTIN=[0\|1\]**                                                                                                                                                           |
+   |             /MUOPTIN             |                                                                                                                                                                                 Enables Microsoft Update. Example usage:
    **/MUOPTIN=[0\|1\]**                                                                                                                                                                                  |
+   |     /PACKAGEINSTALLATIONROOT     |                                                                                                                                         Specifies the directory in which to install all new applications and updates. Example usage: 
    **/PACKAGEINSTALLATIONROOT='C:\App-V Packages'**                                                                                                                                         |
+   |        /PACKAGESOURCEROOT        |                                                                                                                                                  Overrides the source location for downloading package content. Example usage:
    **/PACKAGESOURCEROOT=''**                                                                                                                                                  |
+   |            /AUTOLOAD             |                                                                                           Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:
    **/AUTOLOAD=[0\|1\|2\]**                                                                                           |
+   |     /SHAREDCONTENTSTOREMODE      |                                                                                                                                           Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: 
    **/SHAREDCONTENTSTOREMODE=[0\|1\]**                                                                                                                                            |
+   |          /MIGRATIONMODE          |                                                                                                                     Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:
    **/MIGRATIONMODE=[0\|1\]**                                                                                                                     |
+   |      /ENABLEPACKAGESCRIPTS       |                                                                                                                                   Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:
    **/ENABLEPACKAGESCRIPTS=[0\|1\]**                                                                                                                                   |
+   |    /ROAMINGREGISTRYEXCLUSIONS    |                                                                                                                                      Specifies the registry paths that will not roam with a user profile. Example usage:
    **/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients**                                                                                                                                      |
+   |      /ROAMINGFILEEXCLUSIONS      |                                                                                                                                  Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: 
    **/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'**                                                                                                                                   |
+   |   /S[1-5]PUBLISHINGSERVERNAME    |                                                                                                                                                           Displays the name of the publishing server. Example usage:
    **/S2PUBLISHINGSERVERNAME=MyPublishingServer**                                                                                                                                                            |
+   |    /S[1-5]PUBLISHINGSERVERURL    |                                                                                                                                                                Displays the URL of the publishing server. Example usage:
    **/S2PUBLISHINGSERVERURL=\\pubserver**                                                                                                                                                                |
+   |   /S[1-5]GLOBALREFRESHENABLED    |                                                                                                                                                                    Enables a global publishing refresh. Example usage:
    **/S2GLOBALREFRESHENABLED=[0\|1\]**                                                                                                                                                                     |
+   |   /S[1-5]GLOBALREFRESHONLOGON    |                                                                                                                                                             Initiates a global publishing refresh when a user logs on. Example usage:
    **/S2LOGONREFRESH=[0\|1\]**                                                                                                                                                              |
+   |   /S[1-5]GLOBALREFRESHINTERVAL   |                                                                                                                                         Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]**                                                                                                                                         |
+   | /S[1-5]GLOBALREFRESHINTERVALUNIT |                                                                                                                                                            Specifies the interval unit (Hours[0], Days[1]). Example usage:
    **/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]**                                                                                                                                                            |
+   |    /S[1-5]USERREFRESHENABLED     |                                                                                                                                                                          Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]**                                                                                                                                                                          |
+   |    /S[1-5]USERREFRESHONLOGON     |                                                                                                                                                              Initiates a user publishing refresh when a user logs on. Example usage:
    **/S2LOGONREFRESH=[0\|1\]**                                                                                                                                                               |
+   |    /S[1-5]USERREFRESHINTERVAL    |                                                                                                                                         Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]**                                                                                                                                         |
+   |  /S[1-5]USERREFRESHINTERVALUNIT  |                                                                                                                                                             Specifies the interval unit (Hours[0], Days[1]). Example usage:
    **/S2USERREFRESHINTERVALUNIT=[0\|1\]**                                                                                                                                                             |
+   |               /Log               |                                                                                                                                                Specifies a location where the log information is saved. The default location is %Temp%. Example usage:
    **/log C:\logs\log.log**                                                                                                                                                |
+   |                /q                |                                                                                                                                                                                                Specifies an unattended installation.                                                                                                                                                                                                |
+   |             /REPAIR              |                                                                                                                                                                                               Repairs a previous client installation.                                                                                                                                                                                               |
+   |            /NORESTART            | Prevents the computer from rebooting after the client installation.
    The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. |
+   |            /UNINSTALL            |                                                                                                                                                                                                       Uninstalls the client.                                                                                                                                                                                                        |
+   |           /ACCEPTEULA            |                                                                                                                                              Accepts the license agreement. This is required for an unattended installation. Example usage:
    **/ACCEPTEULA** or **/ACCEPTEULA=1**                                                                                                                                               |
+   |             /LAYOUT              |                                                                                                                               Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected.                                                                                                                                |
+   |            /LAYOUTDIR            |                                                                                                                                                 Specifies the layout directory. Requires a string value. Example usage:
    **/LAYOUTDIR=”C:\Application Virtualization Client”**                                                                                                                                                  |
+   |          /?, /h, /help           |                                                                                                                                                                                      Requests help about the previous installation parameters.                                                                                                                                                                                      |
+
    ---
 
 **To install the App-V 5.0 client by using the Windows Installer (.msi) file**
@@ -126,13 +135,15 @@ Use the following procedure to install the Microsoft Application Virtualization
 
 3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer.
 
-   |Type of deployment |Deploy this file |
-   |---|---|
-   |Computer is running a 32-bit Microsoft Windows operating system |appv_client_MSI_x86.msi |
-   |Computer is running a 64-bit Microsoft Windows operating system |appv_client_MSI_x64.msi |
-   |You are deploying the App-V 5.0 Remote Desktop Services client |appv_client_rds_MSI_x64.msi |
+
+   |                       Type of deployment                        |      Deploy this file       |
+   |-----------------------------------------------------------------|-----------------------------|
+   | Computer is running a 32-bit Microsoft Windows operating system |   appv_client_MSI_x86.msi   |
+   | Computer is running a 64-bit Microsoft Windows operating system |   appv_client_MSI_x64.msi   |
+   | You are deploying the App-V 5.0 Remote Desktop Services client  | appv_client_rds_MSI_x64.msi |
+
    ---
- 
+
 4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
 
    **What to know before you start:** 
@@ -143,12 +154,13 @@ Use the following procedure to install the Microsoft Application Virtualization
 
    -  To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**.
 
-   |Type of deployment |Deploy this file |
-   |---|---|
-   |Computer is running a 32-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x86.msi |
-   |Computer is running a 64-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x64.msi |
+   |                       Type of deployment                        |       Deploy this file       |
+   |-----------------------------------------------------------------|------------------------------|
+   | Computer is running a 32-bit Microsoft Windows operating system | appv_client_LP_xxxx_ x86.msi |
+   | Computer is running a 64-bit Microsoft Windows operating system | appv_client_LP_xxxx_ x64.msi |
+
    ---
-   
+
    **Got a suggestion for App-V**? Add or vote on [suggestions](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). 
    **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md
index cfd6725e5d..d203c1c67e 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts
 description: How to Deploy the App-V Databases by Using SQL Scripts
-author: jamiejdt
+author: dansimp
 ms.assetid: 23637936-475f-4ca5-adde-76bb27d2372b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,49 +25,50 @@ Use the following instructions to use SQL scripts, rather than the Windows Insta
 
 **How to install the App-V databases by using SQL scripts**
 
-1.  Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
+1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
 
-2.  Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
+2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
 
-3.  From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
+3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
 
-    Example: appv\_server\_setup.exe /layout c:\\<temporary location path>
+   Example: appv\_server\_setup.exe /layout c:\\<temporary location path>
 
-4.  Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
+4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    DatabaseLocation of Readme.txt file to use
    Management database
    ManagementDatabase subfolder
    
-    
    
-    Important  
-    
    If you are upgrading to or installing the App-V 5.0 SP3 Management database, see [SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail](https://support.microsoft.com/kb/3031340).
    
-    
    
-    
    
-     
-    
    Reporting database
    ReportingDatabase subfolder
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    DatabaseLocation of Readme.txt file to use
    Management database
    ManagementDatabase subfolder
    
+   
    
+   Important
    If you are upgrading to or installing the App-V 5.0 SP3 Management database, see SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail.
    
+   
    
+   
    
 
-     
+   
    Reporting database
    ReportingDatabase subfolder
    
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
@@ -73,9 +77,9 @@ Use the following instructions to use SQL scripts, rather than the Windows Insta
 
 [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md
index 7ecebe1f65..c8faae6bae 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts
 description: How to Deploy the App-V Databases by Using SQL Scripts
-author: jamiejdt
+author: dansimp
 ms.assetid: 1183b1bc-d4d7-4914-a049-06e82bf2d96d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,10 +23,10 @@ Use the following instructions to use SQL scripts, rather than the Windows Insta
 
 -   Upgrade the App-V databases to a later version
 
-**Note**  
+**Note**  
 If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1.
 
- 
+
 
 **How to install the App-V databases by using SQL scripts**
 
@@ -60,19 +63,21 @@ If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not
     
     
 
-     
 
-    **Caution**  
-    The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
 
-     
+~~~
+**Caution**  
+The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
 
-    **Important**  
-    The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
 
-    The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
 
-     
+**Important**  
+The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
+
+The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
+~~~
+
+
 
 **Updated management database README file content**
 
@@ -206,7 +211,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
 
  2. Run the following scripts against the "AppVReporting" database using the 
     same account as above in order.
-    
+
     CreateTables.sql
     CreateReportingStoredProcs.sql
     CreateStoredProcs.sql
@@ -226,9 +231,9 @@ Steps to install "AppVReporting" schema in SQL SERVER.
 
 [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md
index 03d2cad8f2..a865bd7718 100644
--- a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md
+++ b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md
@@ -1,8 +1,11 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD
 description: How to Enable Only Administrators to Publish Packages by Using an ESD
-author: jamiejdt
+author: dansimp
 ms.assetid: 03367b26-83d5-4299-ad52-b9177b9cf9a8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md
index 8025404b55..475dc5d892 100644
--- a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md
+++ b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD
 description: How to Enable Only Administrators to Publish Packages by Using an ESD
-author: jamiejdt
+author: dansimp
 ms.assetid: bbc9fda2-fc09-4d72-8d9a-e83d2fcfe234
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md
index 30f1331680..34ed292cca 100644
--- a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Enable Reporting on the App-V 5.0 Client by Using PowerShell
 description: How to Enable Reporting on the App-V 5.0 Client by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: a7aaf553-0f83-4cd0-8df8-93a5f1ebe497
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,76 +21,75 @@ Use the following procedure to configure the App-V 5.0 for reporting.
 
 **To configure the computer running the App-V 5.0 client for reporting**
 
-1.  Install the App-V 5.0 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md).
+1. Install the App-V 5.0 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md).
 
-2.  After you have installed the App-V 5.0 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings:
+2. After you have installed the App-V 5.0 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.
    
-    
    
-    Note  
-    
    This is the port number that was assigned during the Reporting Server setup
    
-    
    
-    
    
-     
-    
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.
    
+   
    
+   Note
    This is the port number that was assigned during the Reporting Server setup
    
+   
    
+   
    
 
-     
+   
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
 
-3.  After the appropriate settings have been configured, the computer running the App-V 5.0 client will automatically collect data and will send the data back to the reporting server.
 
-    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+3. After the appropriate settings have been configured, the computer running the App-V 5.0 client will automatically collect data and will send the data back to the reporting server.
+
+   Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md
index 89e9b127d9..0bbe4ac487 100644
--- a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Enable Reporting on the App-V 5.1 Client by Using PowerShell
 description: How to Enable Reporting on the App-V 5.1 Client by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: c4c58be6-cc50-44f6-bf4f-8346fc5d0c0e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,76 +21,75 @@ Use the following procedure to configure the App-V 5.1 for reporting.
 
 **To configure the computer running the App-V 5.1 client for reporting**
 
-1.  Install the App-V 5.1 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md).
+1. Install the App-V 5.1 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md).
 
-2.  After you have installed the App-V 5.1 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings:
+2. After you have installed the App-V 5.1 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.
    
-    
    
-    Note  
-    
    This is the port number that was assigned during the Reporting Server setup
    
-    
    
-    
    
-     
-    
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.
    
+   
    
+   Note
    This is the port number that was assigned during the Reporting Server setup
    
+   
    
+   
    
 
-     
+   
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
 
-3.  After the appropriate settings have been configured, the computer running the App-V 5.1 client will automatically collect data and will send the data back to the reporting server.
 
-    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+3. After the appropriate settings have been configured, the computer running the App-V 5.1 client will automatically collect data and will send the data back to the reporting server.
+
+   Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
index c30e3a75b1..f4f3e227c2 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V 5.0 Client for Shared Content Store Mode
 description: How to Install the App-V 5.0 Client for Shared Content Store Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: 88f09e6f-19e7-48ea-965a-907052d1a02f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to install the Microsoft Application Virtualization
 **Note**  
 Before performing this procedure if necessary uninstall any existing version of the App-V 5.0 client.
 
- 
+ 
 
 For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
@@ -34,7 +37,7 @@ For more information about SCS mode, see [Shared Content Store in Microsoft App-
         **Important**  
         You must perform a silent installation or the installation will fail.
 
-         
+         
 
 2.  After you have completed the installation you can deploy packages to the computer running the client and all package contents will be streamed across the network.
 
@@ -45,9 +48,9 @@ For more information about SCS mode, see [Shared Content Store in Microsoft App-
 
 [Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
index 318c5b853a..25741ffb48 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V 5.1 Client for Shared Content Store Mode
 description: How to Install the App-V 5.1 Client for Shared Content Store Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: 6f3ecb1b-b5b5-4ae0-8de9-b4ffdfd2c216
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to install the Microsoft Application Virtualization
 **Note**  
 Before performing this procedure if necessary uninstall any existing version of the App-V 5.1 client.
 
- 
+ 
 
 For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
@@ -34,7 +37,7 @@ For more information about SCS mode, see [Shared Content Store in Microsoft App-
         **Important**  
         You must perform a silent installation or the installation will fail.
 
-         
+         
 
 2.  After you have completed the installation you can deploy packages to the computer running the client and all package contents will be streamed across the network.
 
@@ -45,9 +48,9 @@ For more information about SCS mode, see [Shared Content Store in Microsoft App-
 
 [Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md
index 2714943e8a..e0ab454188 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 9399342b-1ea7-41df-b988-33e302f9debe
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -34,357 +37,357 @@ Before attempting this procedure, you should read and understand the information
 
 **To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
 
-1.  Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
+1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
 
-2.  To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
+2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
 
-    ``` syntax
-    <#
-    ```
+   ``` syntax
+   <#
+   ```
 
-    ``` syntax
-    .SYNOPSIS
-    ```
+   ``` syntax
+   .SYNOPSIS
+   ```
 
-    ``` syntax
-    This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
-    ```
+   ``` syntax
+   This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
+   ```
 
-    ``` syntax
-    .DESCRIPTION
-    ```
+   ``` syntax
+   .DESCRIPTION
+   ```
 
-    ``` syntax
-    This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
-    ```
+   ``` syntax
+   This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
+   ```
 
-    ``` syntax
-    .INPUTS
-    ```
+   ``` syntax
+   .INPUTS
+   ```
 
-    ``` syntax
-    The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
-    ```
+   ``` syntax
+   The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
+   ```
 
-    ``` syntax
-    .OUTPUTS
-    ```
+   ``` syntax
+   .OUTPUTS
+   ```
 
-    ``` syntax
-    A list of account names with the corresponding SID in standard and hexadecimal formats
-    ```
+   ``` syntax
+   A list of account names with the corresponding SID in standard and hexadecimal formats
+   ```
 
-    ``` syntax
-    .EXAMPLE
-    ```
+   ``` syntax
+   .EXAMPLE
+   ```
 
-    ``` syntax
-    .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
-    ```
+   ``` syntax
+   .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
+   ```
 
-    ``` syntax
-    .EXAMPLE
-    ```
+   ``` syntax
+   .EXAMPLE
+   ```
 
-    ``` syntax
-    $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
-    ```
+   ``` syntax
+   $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
+   ```
 
-    ``` syntax
-    .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
-    ```
+   ``` syntax
+   .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
+   ```
 
-    ``` syntax
-#>
-    ```
+   ``` syntax
+   #>
+   ```
 
-    ``` syntax
-    ```
+   ``` syntax
+   ```
 
-    []()  
+   []()  
 
-    []()  
+   []()  
 
-    ``` syntax
-    function ConvertSIDToHexFormat
-    ```
+   ``` syntax
+   function ConvertSIDToHexFormat
+   ```
 
-    {
+   {
 
-       param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
+      param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
 
-    ``` syntax
-    ```
+   ``` syntax
+   ```
 
-    ``` syntax
-       $sb = New-Object System.Text.StringBuilder
-    ```
+   ``` syntax
+      $sb = New-Object System.Text.StringBuilder
+   ```
 
-    ``` syntax
-        [int] $binLength = $sidToConvert.BinaryLength
-    ```
+   ``` syntax
+       [int] $binLength = $sidToConvert.BinaryLength
+   ```
 
-    ``` syntax
-        [Byte[]] $byteArray = New-Object Byte[] $binLength
-    ```
+   ``` syntax
+       [Byte[]] $byteArray = New-Object Byte[] $binLength
+   ```
 
-    ``` syntax
-       $sidToConvert.GetBinaryForm($byteArray, 0)
-    ```
+   ``` syntax
+      $sidToConvert.GetBinaryForm($byteArray, 0)
+   ```
 
-    ``` syntax
-       foreach($byte in $byteArray)
-    ```
+   ``` syntax
+      foreach($byte in $byteArray)
+   ```
 
-    ``` syntax
-       {
-    ```
+   ``` syntax
+      {
+   ```
 
-    ``` syntax
-       $sb.Append($byte.ToString("X2")) |Out-Null
-    ```
+   ``` syntax
+      $sb.Append($byte.ToString("X2")) |Out-Null
+   ```
 
-    ``` syntax
-       }
-    ```
+   ``` syntax
+      }
+   ```
 
-    ``` syntax
-       return $sb.ToString()
-    ```
+   ``` syntax
+      return $sb.ToString()
+   ```
 
-    ``` syntax
-    }
-    ```
+   ``` syntax
+   }
+   ```
 
-    ``` syntax
-     [string[]]$myArgs = $args
-    ```
+   ``` syntax
+    [string[]]$myArgs = $args
+   ```
 
-    ``` syntax
-    if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
-    ```
+   ``` syntax
+   if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
+   ```
 
-    {
+   {
 
-    ``` syntax
-     [string]::Format("{0}====== Description ======{0}{0}" +
-    ```
+   ``` syntax
+    [string]::Format("{0}====== Description ======{0}{0}" +
+   ```
 
-    ``` syntax
-    "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
-    ```
+   ``` syntax
+   "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
+   ```
 
-    ``` syntax
-                   "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
-    ```
+   ``` syntax
+                  "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
+   ```
 
-    ``` syntax
-                   "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
-    ```
+   ``` syntax
+                  "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
+   ```
 
-    ``` syntax
-                   "  And can be written out to a file using standard PowerShell redirection{0}" +
-    ```
+   ``` syntax
+                  "  And can be written out to a file using standard PowerShell redirection{0}" +
+   ```
 
-    ``` syntax
-                   "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
-    ```
+   ``` syntax
+                  "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
+   ```
 
-    ``` syntax
-                   "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
-    ```
+   ``` syntax
+                  "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
+   ```
 
-    ``` syntax
-                   "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
-    ```
+   ``` syntax
+                  "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
+   ```
 
-    ``` syntax
-                   "{0}====== Arguments ======{0}" +
-    ```
+   ``` syntax
+                  "{0}====== Arguments ======{0}" +
+   ```
 
-    ``` syntax
-                   "{0}  /?    Show this help message", [Environment]::NewLine) 
-    ```
+   ``` syntax
+                  "{0}  /?    Show this help message", [Environment]::NewLine) 
+   ```
 
-    ``` syntax
-    {
-    ```
+   ``` syntax
+   {
+   ```
 
-    ``` syntax
-    else
-    ```
+   ``` syntax
+   else
+   ```
 
-    ``` syntax
-    {  
-        #If an array was passed in, try to split it
-    ```
+   ``` syntax
+   {  
+       #If an array was passed in, try to split it
+   ```
 
-    ``` syntax
-        if($myArgs.Length -eq 1)
-    ```
+   ``` syntax
+       if($myArgs.Length -eq 1)
+   ```
 
-    ``` syntax
-        {
-    ```
+   ``` syntax
+       {
+   ```
 
-    ``` syntax
-            $myArgs = $myArgs.Split(' ')
-    ```
+   ``` syntax
+           $myArgs = $myArgs.Split(' ')
+   ```
 
-    ``` syntax
-        }
-    ```
+   ``` syntax
+       }
+   ```
 
-    ``` syntax
+   ``` syntax
 
-        #Parse the arguments for account names
-    ```
+       #Parse the arguments for account names
+   ```
 
-    ``` syntax
-        foreach($accountName in $myArgs)
-    ```
+   ``` syntax
+       foreach($accountName in $myArgs)
+   ```
 
-    ``` syntax
-        {    
-    ```
+   ``` syntax
+       {    
+   ```
 
-    ``` syntax
-            [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
-    ```
+   ``` syntax
+           [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
+   ```
 
-    ``` syntax
-            if($splitString.Length -ne 2)
-    ```
+   ``` syntax
+           if($splitString.Length -ne 2)
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
-    ```
+   ``` syntax
+               $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
+   ```
 
-    ``` syntax
-                Write-Error -Message $message
-    ```
+   ``` syntax
+               Write-Error -Message $message
+   ```
 
-    ``` syntax
-                continue
-    ```
+   ``` syntax
+               continue
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
-            
-    ```
+   ``` syntax
+            
+   ```
 
-    ``` syntax
-            #Convert any account names to SIDs
-    ```
+   ``` syntax
+           #Convert any account names to SIDs
+   ```
 
-    ``` syntax
-            try
-    ```
+   ``` syntax
+           try
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
-    ```
+   ``` syntax
+               [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
+   ```
 
-    ``` syntax
-                [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
-    ```
+   ``` syntax
+               [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
-            catch [System.Security.Principal.IdentityNotMappedException]
-    ```
+   ``` syntax
+           catch [System.Security.Principal.IdentityNotMappedException]
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
-    ```
+   ``` syntax
+               $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
+   ```
 
-    ``` syntax
-                Write-Error -Message $message
-    ```
+   ``` syntax
+               Write-Error -Message $message
+   ```
 
-    ``` syntax
-                continue
-    ```
+   ``` syntax
+               continue
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
+   ``` syntax
 
-            #Convert regular SID to binary format used by SQL
-    ```
+           #Convert regular SID to binary format used by SQL
+   ```
 
-    ``` syntax
-            $hexSIDString = ConvertSIDToHexFormat $SID
-    ```
+   ``` syntax
+           $hexSIDString = ConvertSIDToHexFormat $SID
+   ```
 
-    ``` syntax
-            
-            $SIDs = New-Object PSObject
-    ```
+   ``` syntax
+            
+           $SIDs = New-Object PSObject
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty Account $accountName
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty Account $accountName
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty SID $SID.ToString()
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty SID $SID.ToString()
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
+   ```
 
-    ``` syntax
+   ``` syntax
 
-            Write-Output $SIDs
-    ```
+           Write-Output $SIDs
+   ```
 
-    ``` syntax
-        }
-    ```
+   ``` syntax
+       }
+   ```
 
-    ``` syntax
-    }
-    ```
+   ``` syntax
+   }
+   ```
 
-3.  Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
+3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
 
-    For example,
+   For example,
 
-    **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
+   **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
 
-    **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
+   **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md
index 36dd8b94c1..d40e38cbd7 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 2be6fb72-f3a6-4550-bba1-6defa78ca08a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -34,357 +37,357 @@ Before attempting this procedure, you should read and understand the information
 
 **To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
 
-1.  Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
+1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
 
-2.  To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
+2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
 
-    ``` syntax
-    <#
-    ```
+   ``` syntax
+   <#
+   ```
 
-    ``` syntax
-    .SYNOPSIS
-    ```
+   ``` syntax
+   .SYNOPSIS
+   ```
 
-    ``` syntax
-    This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
-    ```
+   ``` syntax
+   This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
+   ```
 
-    ``` syntax
-    .DESCRIPTION
-    ```
+   ``` syntax
+   .DESCRIPTION
+   ```
 
-    ``` syntax
-    This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
-    ```
+   ``` syntax
+   This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
+   ```
 
-    ``` syntax
-    .INPUTS
-    ```
+   ``` syntax
+   .INPUTS
+   ```
 
-    ``` syntax
-    The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
-    ```
+   ``` syntax
+   The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
+   ```
 
-    ``` syntax
-    .OUTPUTS
-    ```
+   ``` syntax
+   .OUTPUTS
+   ```
 
-    ``` syntax
-    A list of account names with the corresponding SID in standard and hexadecimal formats
-    ```
+   ``` syntax
+   A list of account names with the corresponding SID in standard and hexadecimal formats
+   ```
 
-    ``` syntax
-    .EXAMPLE
-    ```
+   ``` syntax
+   .EXAMPLE
+   ```
 
-    ``` syntax
-    .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
-    ```
+   ``` syntax
+   .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
+   ```
 
-    ``` syntax
-    .EXAMPLE
-    ```
+   ``` syntax
+   .EXAMPLE
+   ```
 
-    ``` syntax
-    $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
-    ```
+   ``` syntax
+   $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
+   ```
 
-    ``` syntax
-    .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
-    ```
+   ``` syntax
+   .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
+   ```
 
-    ``` syntax
-#>
-    ```
+   ``` syntax
+   #>
+   ```
 
-    ``` syntax
-    ```
+   ``` syntax
+   ```
 
-    []()  
+   []()  
 
-    []()  
+   []()  
 
-    ``` syntax
-    function ConvertSIDToHexFormat
-    ```
+   ``` syntax
+   function ConvertSIDToHexFormat
+   ```
 
-    {
+   {
 
-       param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
+      param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
 
-    ``` syntax
-    ```
+   ``` syntax
+   ```
 
-    ``` syntax
-       $sb = New-Object System.Text.StringBuilder
-    ```
+   ``` syntax
+      $sb = New-Object System.Text.StringBuilder
+   ```
 
-    ``` syntax
-        [int] $binLength = $sidToConvert.BinaryLength
-    ```
+   ``` syntax
+       [int] $binLength = $sidToConvert.BinaryLength
+   ```
 
-    ``` syntax
-        [Byte[]] $byteArray = New-Object Byte[] $binLength
-    ```
+   ``` syntax
+       [Byte[]] $byteArray = New-Object Byte[] $binLength
+   ```
 
-    ``` syntax
-       $sidToConvert.GetBinaryForm($byteArray, 0)
-    ```
+   ``` syntax
+      $sidToConvert.GetBinaryForm($byteArray, 0)
+   ```
 
-    ``` syntax
-       foreach($byte in $byteArray)
-    ```
+   ``` syntax
+      foreach($byte in $byteArray)
+   ```
 
-    ``` syntax
-       {
-    ```
+   ``` syntax
+      {
+   ```
 
-    ``` syntax
-       $sb.Append($byte.ToString("X2")) |Out-Null
-    ```
+   ``` syntax
+      $sb.Append($byte.ToString("X2")) |Out-Null
+   ```
 
-    ``` syntax
-       }
-    ```
+   ``` syntax
+      }
+   ```
 
-    ``` syntax
-       return $sb.ToString()
-    ```
+   ``` syntax
+      return $sb.ToString()
+   ```
 
-    ``` syntax
-    }
-    ```
+   ``` syntax
+   }
+   ```
 
-    ``` syntax
-     [string[]]$myArgs = $args
-    ```
+   ``` syntax
+    [string[]]$myArgs = $args
+   ```
 
-    ``` syntax
-    if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
-    ```
+   ``` syntax
+   if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
+   ```
 
-    {
+   {
 
-    ``` syntax
-     [string]::Format("{0}====== Description ======{0}{0}" +
-    ```
+   ``` syntax
+    [string]::Format("{0}====== Description ======{0}{0}" +
+   ```
 
-    ``` syntax
-    "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
-    ```
+   ``` syntax
+   "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
+   ```
 
-    ``` syntax
-                   "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
-    ```
+   ``` syntax
+                  "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
+   ```
 
-    ``` syntax
-                   "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
-    ```
+   ``` syntax
+                  "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
+   ```
 
-    ``` syntax
-                   "  And can be written out to a file using standard PowerShell redirection{0}" +
-    ```
+   ``` syntax
+                  "  And can be written out to a file using standard PowerShell redirection{0}" +
+   ```
 
-    ``` syntax
-                   "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
-    ```
+   ``` syntax
+                  "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
+   ```
 
-    ``` syntax
-                   "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
-    ```
+   ``` syntax
+                  "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
+   ```
 
-    ``` syntax
-                   "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
-    ```
+   ``` syntax
+                  "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
+   ```
 
-    ``` syntax
-                   "{0}====== Arguments ======{0}" +
-    ```
+   ``` syntax
+                  "{0}====== Arguments ======{0}" +
+   ```
 
-    ``` syntax
-                   "{0}  /?    Show this help message", [Environment]::NewLine) 
-    ```
+   ``` syntax
+                  "{0}  /?    Show this help message", [Environment]::NewLine) 
+   ```
 
-    ``` syntax
-    {
-    ```
+   ``` syntax
+   {
+   ```
 
-    ``` syntax
-    else
-    ```
+   ``` syntax
+   else
+   ```
 
-    ``` syntax
-    {  
-        #If an array was passed in, try to split it
-    ```
+   ``` syntax
+   {  
+       #If an array was passed in, try to split it
+   ```
 
-    ``` syntax
-        if($myArgs.Length -eq 1)
-    ```
+   ``` syntax
+       if($myArgs.Length -eq 1)
+   ```
 
-    ``` syntax
-        {
-    ```
+   ``` syntax
+       {
+   ```
 
-    ``` syntax
-            $myArgs = $myArgs.Split(' ')
-    ```
+   ``` syntax
+           $myArgs = $myArgs.Split(' ')
+   ```
 
-    ``` syntax
-        }
-    ```
+   ``` syntax
+       }
+   ```
 
-    ``` syntax
+   ``` syntax
 
-        #Parse the arguments for account names
-    ```
+       #Parse the arguments for account names
+   ```
 
-    ``` syntax
-        foreach($accountName in $myArgs)
-    ```
+   ``` syntax
+       foreach($accountName in $myArgs)
+   ```
 
-    ``` syntax
-        {    
-    ```
+   ``` syntax
+       {    
+   ```
 
-    ``` syntax
-            [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
-    ```
+   ``` syntax
+           [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
+   ```
 
-    ``` syntax
-            if($splitString.Length -ne 2)
-    ```
+   ``` syntax
+           if($splitString.Length -ne 2)
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
-    ```
+   ``` syntax
+               $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
+   ```
 
-    ``` syntax
-                Write-Error -Message $message
-    ```
+   ``` syntax
+               Write-Error -Message $message
+   ```
 
-    ``` syntax
-                continue
-    ```
+   ``` syntax
+               continue
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
-            
-    ```
+   ``` syntax
+            
+   ```
 
-    ``` syntax
-            #Convert any account names to SIDs
-    ```
+   ``` syntax
+           #Convert any account names to SIDs
+   ```
 
-    ``` syntax
-            try
-    ```
+   ``` syntax
+           try
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
-    ```
+   ``` syntax
+               [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
+   ```
 
-    ``` syntax
-                [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
-    ```
+   ``` syntax
+               [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
-            catch [System.Security.Principal.IdentityNotMappedException]
-    ```
+   ``` syntax
+           catch [System.Security.Principal.IdentityNotMappedException]
+   ```
 
-    ``` syntax
-            {
-    ```
+   ``` syntax
+           {
+   ```
 
-    ``` syntax
-                $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
-    ```
+   ``` syntax
+               $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
+   ```
 
-    ``` syntax
-                Write-Error -Message $message
-    ```
+   ``` syntax
+               Write-Error -Message $message
+   ```
 
-    ``` syntax
-                continue
-    ```
+   ``` syntax
+               continue
+   ```
 
-    ``` syntax
-            }
-    ```
+   ``` syntax
+           }
+   ```
 
-    ``` syntax
+   ``` syntax
 
-            #Convert regular SID to binary format used by SQL
-    ```
+           #Convert regular SID to binary format used by SQL
+   ```
 
-    ``` syntax
-            $hexSIDString = ConvertSIDToHexFormat $SID
-    ```
+   ``` syntax
+           $hexSIDString = ConvertSIDToHexFormat $SID
+   ```
 
-    ``` syntax
-            
-            $SIDs = New-Object PSObject
-    ```
+   ``` syntax
+            
+           $SIDs = New-Object PSObject
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty Account $accountName
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty Account $accountName
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty SID $SID.ToString()
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty SID $SID.ToString()
+   ```
 
-    ``` syntax
-            $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
-    ```
+   ``` syntax
+           $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
+   ```
 
-    ``` syntax
+   ``` syntax
 
-            Write-Output $SIDs
-    ```
+           Write-Output $SIDs
+   ```
 
-    ``` syntax
-        }
-    ```
+   ``` syntax
+       }
+   ```
 
-    ``` syntax
-    }
-    ```
+   ``` syntax
+   }
+   ```
 
-3.  Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
+3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
 
-    For example,
+   For example,
 
-    **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
+   **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
 
-    **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
+   **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md
index 9add857c73..dd19ea6161 100644
--- a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md
+++ b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
 description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-author: jamiejdt
+author: dansimp
 ms.assetid: 02afd6d6-4c33-4c0b-bd88-ae167b786fdf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
 
-**Note**  
+**Note**  
 After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
 
- 
+
 
 **To install the management database and the management server on separate computers**
 
@@ -41,14 +44,16 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 7.  On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
 
-    **Note**  
+    **Note**  
     If you plan to deploy the management server on the same computer you must select **Use this local computer**.
 
-     
 
-    Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
 
-8.  To start the installation, click **Install**.
+~~~
+Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+~~~
+
+8. To start the installation, click **Install**.
 
 **To install the reporting database and the reporting server on separate computers**
 
@@ -70,14 +75,16 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
 
-    **Note**  
+    **Note**  
     If you plan to deploy the reporting server on the same computer you must select **Use this local computer**.
 
-     
 
-    Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
 
-8.  To start the installation, click **Install**.
+~~~
+Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+~~~
+
+8. To start the installation, click **Install**.
 
 **To install the management and reporting databases using App-V 5.0 database scripts**
 
@@ -95,10 +102,10 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 4.  For each database, copy the scripts to a share and modify them following the instructions in the readme file.
 
-    **Note**  
+    **Note**  
     For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md).
 
-     
+
 
 5.  Run the scripts on the computer running Microsoft SQL Server.
 
@@ -109,9 +116,9 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 [Deploying App-V 5.0](deploying-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md
index b1b3b394b9..77c7a3fd6a 100644
--- a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md
+++ b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
 description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-author: jamiejdt
+author: dansimp
 ms.assetid: 2a67402e-3119-40ea-a247-24d166af1ced
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
 
-**Note**  
+**Note**  
 After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
 
- 
+
 
 **To install the management database and the management server on separate computers**
 
@@ -41,14 +44,16 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 7.  On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
 
-    **Note**  
+    **Note**  
     If you plan to deploy the management server on the same computer you must select **Use this local computer**.
 
-     
 
-    Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
 
-8.  To start the installation, click **Install**.
+~~~
+Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+~~~
+
+8. To start the installation, click **Install**.
 
 **To install the reporting database and the reporting server on separate computers**
 
@@ -70,14 +75,16 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
 
-    **Note**  
+    **Note**  
     If you plan to deploy the reporting server on the same computer you must select **Use this local computer**.
 
-     
 
-    Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
 
-8.  To start the installation, click **Install**.
+~~~
+Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+~~~
+
+8. To start the installation, click **Install**.
 
 **To install the management and reporting databases using App-V 5.1 database scripts**
 
@@ -95,10 +102,10 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 4.  For each database, copy the scripts to a share and modify them following the instructions in the readme file.
 
-    **Note**  
+    **Note**  
     For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md).
 
-     
+
 
 5.  Run the scripts on the computer running Microsoft SQL Server.
 
@@ -109,9 +116,9 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 [Deploying App-V 5.1](deploying-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md
index 24cf9266b8..05a849b30c 100644
--- a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md
+++ b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md
@@ -1,8 +1,11 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: jamiejdt
+author: dansimp
 ms.assetid: 95281287-cb56-4117-befd-854268ea147c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,33 +33,35 @@ Use the following procedure to install the management server on a standalone com
 
 6.  On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
 
-    **Note**  
+    **Note**  
     If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
 
-     
 
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-    Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+~~~
+For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-7.  On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+~~~
 
-    Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
+7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
 
-8.  Click **Install**.
+   Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
 
-9.  To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console.html if the installation was successful you should see the **Silverlight Management Console** appear without any error messages or warnings being displayed.
+8. Click **Install**.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console.html if the installation was successful you should see the **Silverlight Management Console** appear without any error messages or warnings being displayed.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Deploying App-V 5.0](deploying-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
index 9b6f45ddf2..988a91b3ff 100644
--- a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
+++ b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
@@ -1,8 +1,11 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: jamiejdt
+author: dansimp
 ms.assetid: 3f83c335-d976-4abd-b8f8-d7f5e50b4318
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,33 +33,35 @@ Use the following procedure to install the management server on a standalone com
 
 6.  On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
 
-    **Note**  
+    **Note**  
     If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
 
-     
 
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-    Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+~~~
+For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-7.  On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+~~~
 
-    Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
+7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
 
-8.  Click **Install**.
+   Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
 
-9.  To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
+8. Click **Install**.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Deploying App-V 5.1](deploying-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md
index f82ddf86a2..22a42e002d 100644
--- a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md
+++ b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Publishing Server on a Remote Computer
 description: How to Install the Publishing Server on a Remote Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 37970706-54ff-4799-9485-b9b49fd50f37
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,62 +21,62 @@ Use the following procedure to install the publishing server on a separate compu
 
 **To install the publishing server on a separate computer**
 
-1.  Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
 
-4.  On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
+4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
 
-5.  On the **Installation Location** page, accept the default location and click **Next**.
+5. On the **Installation Location** page, accept the default location and click **Next**.
 
-6.  On the **Configure Publishing Server Configuration** page, specify the following items:
+6. On the **Configure Publishing Server Configuration** page, specify the following items:
 
-    -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+   -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
 
-    -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
+   -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
 
-    -   For the **Port Binding**, specify a unique port number that will be used by App-V 5.0, for example **54321**.
+   -   For the **Port Binding**, specify a unique port number that will be used by App-V 5.0, for example **54321**.
 
-7.  On the **Ready to Install** page, click **Install**.
+7. On the **Ready to Install** page, click **Install**.
 
-8.  After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.0 management console, use the following steps to register the server:
+8. After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.0 management console, use the following steps to register the server:
 
-    1.  Open the App-V 5.0 management server console.
+   1.  Open the App-V 5.0 management server console.
 
-    2.  In the left pane, select **Servers**, and then select **Register New Server**.
+   2.  In the left pane, select **Servers**, and then select **Register New Server**.
 
-    3.  Type the name of this server and a description (if required) and click **Add**.
+   3.  Type the name of this server and a description (if required) and click **Add**.
 
-9.  To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
+9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: http://publishingserver:pubport. If the server is running correctly information similar to the following will be displayed:
 
-    ``
+   ``
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    ``
+   ``
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Deploying App-V 5.0](deploying-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md
index 36ac999bb7..b304366dd1 100644
--- a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md
+++ b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Publishing Server on a Remote Computer
 description: How to Install the Publishing Server on a Remote Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 1c903f78-0558-458d-a149-d5f6fb55aefb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,62 +21,62 @@ Use the following procedure to install the publishing server on a separate compu
 
 **To install the publishing server on a separate computer**
 
-1.  Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
 
-2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
 
-3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
 
-4.  On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
+4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
 
-5.  On the **Installation Location** page, accept the default location and click **Next**.
+5. On the **Installation Location** page, accept the default location and click **Next**.
 
-6.  On the **Configure Publishing Server Configuration** page, specify the following items:
+6. On the **Configure Publishing Server Configuration** page, specify the following items:
 
-    -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+   -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
 
-    -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
+   -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
 
-    -   For the **Port Binding**, specify a unique port number that will be used by App-V 5.1, for example **54321**.
+   -   For the **Port Binding**, specify a unique port number that will be used by App-V 5.1, for example **54321**.
 
-7.  On the **Ready to Install** page, click **Install**.
+7. On the **Ready to Install** page, click **Install**.
 
-8.  After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.1 management console, use the following steps to register the server:
+8. After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.1 management console, use the following steps to register the server:
 
-    1.  Open the App-V 5.1 management server console.
+   1.  Open the App-V 5.1 management server console.
 
-    2.  In the left pane, select **Servers**, and then select **Register New Server**.
+   2.  In the left pane, select **Servers**, and then select **Register New Server**.
 
-    3.  Type the name of this server and a description (if required) and click **Add**.
+   3.  Type the name of this server and a description (if required) and click **Add**.
 
-9.  To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
+9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: http://publishingserver:pubport. If the server is running correctly information similar to the following will be displayed:
 
-    ``
+   ``
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    `  `
+   `  `
 
-    ``
+   ``
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Deploying App-V 5.1](deploying-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md
index 00465edd97..6cd9f15218 100644
--- a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md
+++ b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md
@@ -1,8 +1,11 @@
 ---
 title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
 description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-author: jamiejdt
+author: dansimp
 ms.assetid: d186bdb7-e522-4124-bc6d-7d5a41ba8266
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
 
-**Important**  
+**Important**  
 Before performing the following procedure you should read and understand [About App-V 5.0 Reporting](about-app-v-50-reporting.md).
 
- 
+
 
 **To install the reporting server on a standalone computer and connect it to the database**
 
@@ -35,24 +38,26 @@ Before performing the following procedure you should read and understand [About
 
 6.  On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
 
-    **Note**  
+    **Note**  
     If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
 
-     
 
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-    Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+~~~
+For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-7.  On the **Configure Reporting Server Configuration** page.
+Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+~~~
 
-    -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
+7. On the **Configure Reporting Server Configuration** page.
 
-    -   For the **Port binding**, specify a unique port number that will be used by App-V 5.0, for example **55555**. You should also ensure that the port specified is not being used by another website.
+   -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
 
-8.  Click **Install**.
+   -   For the **Port binding**, specify a unique port number that will be used by App-V 5.0, for example **55555**. You should also ensure that the port specified is not being used by another website.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+8. Click **Install**.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
@@ -63,9 +68,9 @@ Before performing the following procedure you should read and understand [About
 
 [How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
index c8b4f8739e..4d6223aabf 100644
--- a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
+++ b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md
@@ -1,8 +1,11 @@
 ---
 title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
 description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-author: jamiejdt
+author: dansimp
 ms.assetid: 11f07750-4045-4c8d-a583-7d70c9e9aa7b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
 
-**Important**  
+**Important**  
 Before performing the following procedure you should read and understand [About App-V 5.1 Reporting](about-app-v-51-reporting.md).
 
- 
+
 
 **To install the reporting server on a standalone computer and connect it to the database**
 
@@ -35,24 +38,26 @@ Before performing the following procedure you should read and understand [About
 
 6.  On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
 
-    **Note**  
+    **Note**  
     If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
 
-     
 
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-    Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+~~~
+For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
 
-7.  On the **Configure Reporting Server Configuration** page.
+Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+~~~
 
-    -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
+7. On the **Configure Reporting Server Configuration** page.
 
-    -   For the **Port binding**, specify a unique port number that will be used by App-V 5.1, for example **55555**. You should also ensure that the port specified is not being used by another website.
+   -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
 
-8.  Click **Install**.
+   -   For the **Port binding**, specify a unique port number that will be used by App-V 5.1, for example **55555**. You should also ensure that the port specified is not being used by another website.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+8. Click **Install**.
+
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
@@ -63,9 +68,9 @@ Before performing the following procedure you should read and understand [About
 
 [How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md b/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md
index b4a5e6540a..dac6a4e3dc 100644
--- a/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md
+++ b/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Sequencer
 description: How to Install the Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: 5e8f1696-9bc0-4f44-8cb7-b809b2daae10
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Upgrading a previous installation of the App-V sequencer is not supported.
 **Important**  
 For a full list of the sequencer requirements see sequencer sections of [App-V 5.1 Prerequisites](app-v-51-prerequisites.md) and [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).
 
- 
+ 
 
 You can also use the command line to install the App-V 5.1 sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
 
@@ -76,7 +79,7 @@ You can also use the command line to install the App-V 5.1 sequencer. The follow
 
 
 
- 
+ 
 
 **To install the App-V 5.1 sequencer**
 
@@ -101,9 +104,9 @@ You can also use the command line to install the App-V 5.1 sequencer. The follow
 
 [Planning to Deploy App-V](planning-to-deploy-app-v51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md b/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md
index fdab9d8ec3..3f7e638081 100644
--- a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md
+++ b/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the Sequencer
 description: How to Install the Sequencer
-author: jamiejdt
+author: dansimp
 ms.assetid: a122caf0-f408-458c-b119-dc84123c1d58
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Upgrading a previous installation of the App-V sequencer is not supported.
 **Important**  
 For a full list of the sequencer requirements see sequencer sections of [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) and [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
 
- 
+ 
 
 You can also use the command line to install the App-V 5.0 sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
 
@@ -76,7 +79,7 @@ You can also use the command line to install the App-V 5.0 sequencer. The follow
 
 
 
- 
+ 
 
 **To install the App-V 5.0 sequencer**
 
@@ -101,9 +104,9 @@ You can also use the command line to install the App-V 5.0 sequencer. The follow
 
 [Planning to Deploy App-V](planning-to-deploy-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md
index c552e9a3a8..e24a590f0a 100644
--- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md
+++ b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: How to Load the PowerShell Cmdlets and Get Cmdlet Help
 description: How to Load the PowerShell Cmdlets and Get Cmdlet Help
-author: jamiejdt
+author: dansimp
 ms.assetid: 0624495b-943e-485b-9e54-b50e4ee6591c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,9 +48,9 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
    Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:
    
 
      
 
    • When you are deploying and configuring the App-V Server:
      
-
      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md).
      • 
+
      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See How to Deploy the App-V 5.0 Server.
      
 
    • After you’ve deployed the App-V Server:
      
-
      Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](how-to-add-or-remove-an-administrator-by-using-the-management-console.md).
      • 
+
      Use the App-V Management console to add an additional Active Directory group or user. See How to Add or Remove an Administrator by Using the Management Console.
      
 
    
 
 
@@ -88,13 +91,13 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
 
    Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.
    
 
 
 
 
    Enable the “Require publish as administrator” Group Policy setting for App-V Clients.
    
-
    [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md) 
    
+
    How to Publish a Package by Using the Management Console 
    
 
 
 
@@ -103,7 +106,7 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
 
 
- 
+ 
 
 ## Loading the PowerShell cmdlets
 To load the PowerShell cmdlet modules:
@@ -139,7 +142,7 @@ To load the PowerShell cmdlet modules:
 
 
 
- 
+ 
 
 ## Getting help for the PowerShell cmdlets
 Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
@@ -193,12 +196,12 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 
 
 
    On TechNet as web pages
    
-
    See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
    
+
    See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.
    
 
 
 
 
- 
+ 
 
 ## Displaying the help for a PowerShell cmdlet
 To display help for a specific PowerShell cmdlet:
@@ -209,9 +212,9 @@ To display help for a specific PowerShell cmdlet:
 
 **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue**? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md
index 253c7dc664..c8f34160ab 100644
--- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md
+++ b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Load the PowerShell Cmdlets and Get Cmdlet Help
 description: How to Load the PowerShell Cmdlets and Get Cmdlet Help
-author: jamiejdt
+author: dansimp
 ms.assetid: b6ae5460-2c3a-4030-b132-394d9d5a541e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,9 +48,9 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
    Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:
    
 
      
 
    • When you are deploying and configuring the App-V Server:
      
-
      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md).
      • 
+
      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See How to Deploy the App-V 5.1 Server.
      
 
    • After you’ve deployed the App-V Server:
      
-
      Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](how-to-add-or-remove-an-administrator-by-using-the-management-console51.md).
      • 
+
      Use the App-V Management console to add an additional Active Directory group or user. See How to Add or Remove an Administrator by Using the Management Console.
      
 
    
 
 
@@ -88,13 +91,13 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
 
    Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.
    
 
 
 
 
    Enable the “Require publish as administrator” Group Policy setting for App-V Clients.
    
-
    [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md)
    
+
    How to Publish a Package by Using the Management Console
    
 
 
 
@@ -103,7 +106,7 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 
 
 
- 
+ 
 
 ## Loading the PowerShell cmdlets
 
@@ -192,7 +195,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 
 
 
    On TechNet as web pages
    
-
    See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
    
+
    See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.
    
 
 
 
@@ -206,9 +209,9 @@ To display help for a specific PowerShell cmdlet:
 
 **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md
index ab28dd48a0..5cfa258188 100644
--- a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md
+++ b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md
@@ -1,8 +1,11 @@
 ---
 title: How to Make a Connection Group Ignore the Package Version
 description: How to Make a Connection Group Ignore the Package Version
-author: jamiejdt
+author: dansimp
 ms.assetid: 6ebc1bff-d190-4f4c-a6da-e09a4cca7874
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -58,7 +61,7 @@ To upgrade a package in earlier versions of App-V, you had to perform several st
 
  • Click EDIT in the CONNECTED PACKAGES pane.
    • 
 
  • Select Use Any Version check box next to the package name, and click Apply.
    • 
 
-
    For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md).
    
+
    For more about adding or upgrading packages, see How to Add or Upgrade Packages by Using the Management Console.
    
 
 
 
    App-V Client on a Stand-alone computer
    
@@ -76,8 +79,8 @@ To upgrade a package in earlier versions of App-V, you had to perform several st
 
 
    For more information, see:
    
 
 
 
@@ -87,7 +90,7 @@ To upgrade a package in earlier versions of App-V, you had to perform several st
 
 
 
- 
+ 
 
 
 
@@ -99,9 +102,9 @@ To upgrade a package in earlier versions of App-V, you had to perform several st
 
 [Managing Connection Groups](managing-connection-groups.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md
index 13df4fafc6..dd0494ceee 100644
--- a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md
+++ b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Make a Connection Group Ignore the Package Version
 description: How to Make a Connection Group Ignore the Package Version
-author: jamiejdt
+author: dansimp
 ms.assetid: db16b095-dbe2-42c7-863d-b0d5d91b2f4c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -58,7 +61,7 @@ To upgrade a package in some earlier versions of App-V, you had to perform sever
 
  • Click EDIT in the CONNECTED PACKAGES pane.
    • 
 
  • Select Use Any Version check box next to the package name, and click Apply.
    • 
 
-
    For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md).
    
+
    For more about adding or upgrading packages, see How to Add or Upgrade Packages by Using the Management Console.
    
 
 
 
    App-V Client on a Stand-alone computer
    
@@ -76,8 +79,8 @@ To upgrade a package in some earlier versions of App-V, you had to perform sever
 
 
    For more information, see:
    
 
 
 
@@ -87,7 +90,7 @@ To upgrade a package in some earlier versions of App-V, you had to perform sever
 
 
 
- 
+ 
 
 
 
@@ -99,9 +102,9 @@ To upgrade a package in some earlier versions of App-V, you had to perform sever
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 69d1542e03..08c7e04567 100644
--- a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell
 description: How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 1d6c2d25-81ec-4ff8-9262-6b4cf484a376
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ Use the following information to add a package to a computer.
 **Important**  
 This example only adds a package. It does not publish the package to the user or the computer.
 
- 
+ 
 
 **Cmdlet**: Add-AppvClientPackage
 
@@ -91,7 +94,7 @@ Use the following information to publish a package that has been added to a spec
 
 
 
- 
+ 
 
 ## To publish a package to a specific user
 
@@ -99,7 +102,7 @@ Use the following information to publish a package that has been added to a spec
 **Note**  
 You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
- 
+ 
 
 An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
 
@@ -141,7 +144,7 @@ Use the following information to unpublish a package which has been entitled to
 **Note**  
 You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
- 
+ 
 
 An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
 
@@ -171,7 +174,7 @@ Use the following information to remove a package from the computer.
 **Note**  
 App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
- 
+ 
 
 ## To enable only administrators to publish or unpublish packages
 
@@ -179,7 +182,7 @@ App-V cmdlets have been assigned to variables for the previous examples for clar
 **Note**  
 **This feature is supported starting in App-V 5.0 SP3.**
 
- 
+ 
 
 Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
 
@@ -206,7 +209,7 @@ Use the following cmdlet and parameter to enable only administrators (not end us
 
 
 
- 
+ 
 
 To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md).
 
@@ -246,7 +249,7 @@ To use the App-V Management console to set this configuration, see [How to Publi
 
 
 
- 
+ 
 
 The pending task will run later, according to the following rules:
 
@@ -273,7 +276,7 @@ The pending task will run later, according to the following rules:
 
 
 
- 
+ 
 
 For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks).
 
@@ -286,9 +289,9 @@ For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-
 
 [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 9fff909058..fe66e53ac9 100644
--- a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell
 description: How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: c3fd06f6-102f-43d1-a577-d5ced6ac537d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ Use the following information to add a package to a computer.
 **Important**  
 This example only adds a package. It does not publish the package to the user or the computer.
 
- 
+ 
 
 **Cmdlet**: Add-AppvClientPackage
 
@@ -91,7 +94,7 @@ Use the following information to publish a package that has been added to a spec
 
 
 
- 
+ 
 
 ## To publish a package to a specific user
 
@@ -99,7 +102,7 @@ Use the following information to publish a package that has been added to a spec
 **Note**  
 You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
- 
+ 
 
 An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
 
@@ -141,7 +144,7 @@ Use the following information to unpublish a package which has been entitled to
 **Note**  
 You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
- 
+ 
 
 An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
 
@@ -171,7 +174,7 @@ Use the following information to remove a package from the computer.
 **Note**  
 App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
- 
+ 
 
 ## To enable only administrators to publish or unpublish packages
 
@@ -179,7 +182,7 @@ App-V cmdlets have been assigned to variables for the previous examples for clar
 **Note**  
 **This feature is supported starting in App-V 5.0 SP3.**
 
- 
+ 
 
 Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
 
@@ -206,7 +209,7 @@ Use the following cmdlet and parameter to enable only administrators (not end us
 
 
 
- 
+ 
 
 To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md).
 
@@ -246,7 +249,7 @@ To use the App-V Management console to set this configuration, see [How to Publi
 
 
 
- 
+ 
 
 The pending task will run later, according to the following rules:
 
@@ -273,7 +276,7 @@ The pending task will run later, according to the following rules:
 
 
 
- 
+ 
 
 For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks).
 
@@ -286,9 +289,9 @@ For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-
 
 [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md
index 77f184b695..8c1781f985 100644
--- a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
 description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: b73ae74d-8a6f-4bb3-b1f2-0067c7bd5212
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md
index f1f5f5dd83..fb63bd845f 100644
--- a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
 description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: e1589eff-d306-40fb-a0ae-727190dafe26
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -125,9 +128,11 @@ This topic explains the following procedures:
     
     
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
@@ -136,9 +141,9 @@ This topic explains the following procedures:
 
 [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
index 801f596755..75bb7066c4 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
@@ -2,7 +2,10 @@
 title: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer
 description: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer
 ms.assetid: 3ae9996f-71d9-4ca1-9aab-25b599158e55
-author: jamiejdt
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,43 +22,43 @@ Use the following procedure to migrate extension points from an App-V 4.6 pack
 **Note**  
 The following procedure does not require an App-V 5.0 management server.
 
- 
+ 
 
 **To migrate extension points from a package from an App-V 4.6 package to a converted App-V 5.0 package using the deployment configuration file**
 
-1.  Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section:
+1. Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section:
 
-    **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**
+   **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**
 
-    The following is an example of content from a deployment configuration file:
+   The following is an example of content from a deployment configuration file:
 
-    <?xml version="1.0" ?>
+   <?xml version="1.0" ?>
 
-    <DeploymentConfiguration
+   <DeploymentConfiguration
 
-    xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration" PackageId=<Package ID> DisplayName=<Display Name>
+   xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
 
-    <MachineConfiguration/>
+   <MachineConfiguration/>
 
-    <UserConfiguration>
+   <UserConfiguration>
 
-    <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+   <ManagingAuthority TakeoverExtensionPointsFrom46="true"
 
-    PackageName=<Package ID>
+   PackageName=<Package ID>
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-    </DeploymentConfiguration>
+   </DeploymentConfiguration>
 
-2.  To add the App-V 5.0 package, in an elevated PowerShell command prompt type:
+2. To add the App-V 5.0 package, in an elevated PowerShell command prompt type:
 
-    PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file>
+   PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file>
 
-    PS>**Publish-AppVClientPackage $pkg**
+   PS>**Publish-AppVClientPackage $pkg**
 
-3.  To test the migration, open the virtual application using asscoaited FTAs or shortcuts. The application opens with App-V 5.0. Both, the App-V 4.6 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package.
+3. To test the migration, open the virtual application using asscoaited FTAs or shortcuts. The application opens with App-V 5.0. Both, the App-V 4.6 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
@@ -64,9 +67,9 @@ The following procedure does not require an App-V 5.0 management server.
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
index 8da5b9bf34..19ee17d2ed 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer
 description: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 4ef823a5-3106-44c5-aecc-29edf69c2fbb
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,43 +23,43 @@ Use the following procedure to migrate extension points from an App-V 4.6 packa
 This procedure assumes that you are running the latest version of App-V 4.6.  
 The following procedure does not require an App-V 5.1 management server.
 
- 
+ 
 
 **To migrate extension points from a package from an App-V 4.6 package to a converted App-V 5.1 package using the deployment configuration file**
 
-1.  Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section:
+1. Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section:
 
-    **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**
+   **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**
 
-    The following is an example of content from a deployment configuration file:
+   The following is an example of content from a deployment configuration file:
 
-    <?xml version="1.0" ?>
+   <?xml version="1.0" ?>
 
-    <DeploymentConfiguration
+   <DeploymentConfiguration
 
-    xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration" PackageId=<Package ID> DisplayName=<Display Name>
+   xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
 
-    <MachineConfiguration/>
+   <MachineConfiguration/>
 
-    <UserConfiguration>
+   <UserConfiguration>
 
-    <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+   <ManagingAuthority TakeoverExtensionPointsFrom46="true"
 
-    PackageName=<Package ID>
+   PackageName=<Package ID>
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-    </DeploymentConfiguration>
+   </DeploymentConfiguration>
 
-2.  To add the App-V 5.1 package, in an elevated PowerShell command prompt type:
+2. To add the App-V 5.1 package, in an elevated PowerShell command prompt type:
 
-    PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file>
+   PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file>
 
-    PS>**Publish-AppVClientPackage $pkg**
+   PS>**Publish-AppVClientPackage $pkg**
 
-3.  To test the migration, open the virtual application using associated FTAs or shortcuts. The application opens with App-V 5.1. Both, the App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package.
+3. To test the migration, open the virtual application using associated FTAs or shortcuts. The application opens with App-V 5.1. Both, the App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
@@ -65,9 +68,9 @@ The following procedure does not require an App-V 5.1 management server.
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
index 90045e1bab..d93b082e4b 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
@@ -2,7 +2,10 @@
 title: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User
 description: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User
 ms.assetid: dad25992-3c75-4b7d-b4c6-c2edf43baaea
-author: jamiejdt
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,40 +21,40 @@ Use the following procedure to migrate packages created with App-V using the use
 
 **To convert a package**
 
-1.  Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**.
+1. Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**.
 
-    The following is an example of a user configuration file:
+   The following is an example of a user configuration file:
 
-    <?xml version="1.0" ?>
+   <?xml version="1.0" ?>
 
-    <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
+   <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
 
-    xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration"> <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+   xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
 
-    PackageName=<Package ID>
+   PackageName=<Package ID>
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-2.  To add the App-V 5.0 package type the following in an elavted PowerShell command prompt:
+2. To add the App-V 5.0 package type the following in an elavted PowerShell command prompt:
 
-    PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location>
+   PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location>
 
-    PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file>
+   PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file>
 
-3.  Open the application using FTAs or shortcuts now. The application should open using App-V 5.0.
+3. Open the application using FTAs or shortcuts now. The application should open using App-V 5.0.
 
-    The App-V SP2 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package.
+   The App-V SP2 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
index 01138ec710..ddcc67a299 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
@@ -1,8 +1,11 @@
 ---
 title: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User
 description: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User
-author: jamiejdt
+author: dansimp
 ms.assetid: 19da3776-5ebe-41e1-9890-12b84ef3c1c7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,31 +24,31 @@ This procedure assumes that you are running the latest version of App-V 4.6.
 
 **To convert a package**
 
-1.  Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**.
+1. Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**.
 
-    The following is an example of a user configuration file:
+   The following is an example of a user configuration file:
 
-    <?xml version="1.0" ?>
+   <?xml version="1.0" ?>
 
-    <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
+   <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
 
-    xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration"> <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+   xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
 
-    PackageName=<Package ID>
+   PackageName=<Package ID>
 
-    </UserConfiguration>
+   </UserConfiguration>
 
-2.  To add the App-V 5.1 package, type the following in an elevated PowerShell command prompt window:
+2. To add the App-V 5.1 package, type the following in an elevated PowerShell command prompt window:
 
-    PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location>
+   PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location>
 
-    PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file>
+   PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file>
 
-3.  Open the application using FTAs or shortcuts now. The application should open using App-V 5.1.
+3. Open the application using FTAs or shortcuts now. The application should open using App-V 5.1.
 
-    The App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package.
+   The App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package.
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+   **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
 ## Related topics
 
@@ -54,9 +57,9 @@ This procedure assumes that you are running the latest version of App-V 4.6.
 
 [How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md
index 7f54cff991..8a537ea939 100644
--- a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md
+++ b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify an Existing Virtual Application Package
 description: How to Modify an Existing Virtual Application Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 6cdeec00-e4fe-4210-b4c7-6ca1ac643ddd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -155,9 +158,9 @@ This topic explains how to:
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md
index a7cc455490..db77297d82 100644
--- a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md
+++ b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify an Existing Virtual Application Package
 description: How to Modify an Existing Virtual Application Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 86b0fe21-52b0-4a9c-9a66-c78935fe74f1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -145,9 +148,9 @@ This topic explains how to:
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
index 03da949bdc..a70a6e6083 100644
--- a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy
 description: How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy
-author: jamiejdt
+author: dansimp
 ms.assetid: 79d03a2b-2586-4ca7-bbaa-bdeb0a694279
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the
     **Note**  
     Use the following link to download the App-V 5.0 **ADMX Templates**: .
 
-     
+     
 
 2.  On the computer where you manage group Policy, typically the domain controller, copy the template **.admx** file to the following directory: **<Installation Drive> \\ Windows \\ PolicyDefinitions**.
 
@@ -40,9 +43,9 @@ Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the
 
 [About Client Configuration Settings](about-client-configuration-settings.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
index 28801d394b..b316fe6660 100644
--- a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy
 description: How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy
-author: jamiejdt
+author: dansimp
 ms.assetid: 0d9cf13a-b29c-4c87-a776-15fea34027dd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ Use the Microsoft Application Virtualization (App-V) 5.1 ADMX template to config
     **Note**  
     Use the following link to download the App-V 5.1 **ADMX Templates**: .
 
-     
+     
 
 2.  On the computer where you manage group Policy, typically the domain controller, copy the template **.admx** file to the following directory: **<Installation Drive> \\ Windows \\ PolicyDefinitions**.
 
@@ -40,9 +43,9 @@ Use the Microsoft Application Virtualization (App-V) 5.1 ADMX template to config
 
 [About Client Configuration Settings](about-client-configuration-settings51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
index ded98a3926..dcf4b6386c 100644
--- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify Client Configuration by Using PowerShell
 description: How to Modify Client Configuration by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 53ccb2cf-ef81-4310-a853-efcb395f006e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
index af53d695b0..ba031caf40 100644
--- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Modify Client Configuration by Using PowerShell
 description: How to Modify Client Configuration by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: c3a59592-bb0d-43b6-8f4e-44f3a2d5b7ea
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md
index 46ca0c4f93..ba22fd6a3a 100644
--- a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md
+++ b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move the App-V Server to Another Computer
 description: How to Move the App-V Server to Another Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 4fda21be-4d6b-499c-a38a-5afd57b34a47
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md
index 32073ac0ea..65179dff17 100644
--- a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md
+++ b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move the App-V Server to Another Computer
 description: How to Move the App-V Server to Another Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 853af9eb-db5b-421d-a0fe-79ded8752cef
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-publish-a-connection-group.md b/mdop/appv-v5/how-to-publish-a-connection-group.md
index 34ff5d9a90..c94e8ce5e2 100644
--- a/mdop/appv-v5/how-to-publish-a-connection-group.md
+++ b/mdop/appv-v5/how-to-publish-a-connection-group.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish a Connection Group
 description: How to Publish a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: c61db00a-8393-485c-949e-af2098b9e258
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-publish-a-connection-group51.md b/mdop/appv-v5/how-to-publish-a-connection-group51.md
index 0fb2920e53..523eb51739 100644
--- a/mdop/appv-v5/how-to-publish-a-connection-group51.md
+++ b/mdop/appv-v5/how-to-publish-a-connection-group51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish a Connection Group
 description: How to Publish a Connection Group
-author: jamiejdt
+author: dansimp
 ms.assetid: fe89601c-23c6-4b7c-a61b-4ca50908f1b4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md
index 847b0ca33d..fb93be080c 100644
--- a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md
+++ b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish a Package by Using the Management Console
 description: How to Publish a Package by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 7c6930fc-5c89-4519-a901-512dae155fd2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to publish an App-V 5.0 package. Once you publish a
 **Note**  
 The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
 
- 
+ 
 
 **To publish an App-V 5.0 package**
 
@@ -48,9 +51,9 @@ The ability to enable only administrators to publish or unpublish packages (desc
 
 [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md
index 43bc2923ec..9a64b6ff65 100644
--- a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish a Package by Using the Management Console
 description: How to Publish a Package by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: e34d2bcf-15ac-4a75-9dc8-79380b36a25f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to publish an App-V 5.1 package. Once you publish a
 **Note**  
 The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
 
- 
+ 
 
 **To publish an App-V 5.1 package**
 
@@ -48,9 +51,9 @@ The ability to enable only administrators to publish or unpublish packages (desc
 
 [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md
index c972efc7b7..0a2288bf44 100644
--- a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md
+++ b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Register and Unregister a Publishing Server by Using the Management Console
 description: How to Register and Unregister a Publishing Server by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: c24f3b43-4888-41a9-9a39-973657f2b917
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md
index d039d54dac..7e06b09dbc 100644
--- a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md
+++ b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Register and Unregister a Publishing Server by Using the Management Console
 description: How to Register and Unregister a Publishing Server by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 69cef0a8-8102-4697-b1ba-f16e0f25216b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
index ab65dfde38..7c0d2eb7d4 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md
@@ -1,8 +1,8 @@
----
+ms.reviewer: 
 title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
 description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User
 ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a
-author: jamiejdt
+author: dansimp
 ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -19,7 +19,7 @@ Use the following procedure to revert an App-V 5.0 package to the App-V file for
 
 **To revert a package**
 
-1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md).
+1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md).
 
     In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>**
 
@@ -27,23 +27,28 @@ Use the following procedure to revert an App-V 5.0 package to the App-V file for
 
     PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath** <path to user configuration file>
 
-3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6 SP2.
+3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6 SP2.
 
-    **Note**  
+    **Note**  
     If you do not need the App-V 5.0 package anymore, you can unpublish the App-V 5.0 package and the extension points will automatically revert to App-V 4.6.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
index fd56229409..eb3e8e7dfb 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
@@ -2,7 +2,10 @@
 title: How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer
 description: How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer
 ms.assetid: 2a43ca1b-6847-4dd1-ade2-336ac4ac6af0
-author: jamiejdt
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,11 +17,11 @@ ms.date: 06/21/2016
 
 *Note:** App-V 4.6 has exited Mainstream support. The following assumes that the App-V 4.6 SP3 client is already installed.
 
-Use the following procedure to revert extension points from an App-V 5.0 package to the App-V 4.6 file format using the deployment configuration file.
+Use the following procedure to revert extension points from an App-V 5.0 package to the App-V 4.6 file format using the deployment configuration file.
 
 **To revert a package**
 
-1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md).
+1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md).
 
     In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>**
 
@@ -28,25 +31,27 @@ Use the following procedure to revert extension points from an App-V 5.0 package
 
     PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationType useDeploymentConfiguration**
 
-3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 SP2 package.
+3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 SP2 package.
 
     Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6.
 
-    **Note**  
-    If you do not need the App-V 5.0 package anymore, you can unpublish the App-V 5.0 package and the extension points will automatically revert to App-V 4.6.
+    **Note**  
+    If you do not need the App-V 5.0 package anymore, you can unpublish the App-V 5.0 package and the extension points will automatically revert to App-V 4.6.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md
index c977b9dc23..b62aea5290 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md
@@ -1,8 +1,11 @@
 ---
 title: How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User
 description: How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User
-author: jamiejdt
+author: dansimp
 ms.assetid: bd53c5d6-7fd2-4816-b03b-d59da0a35819
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,7 +21,7 @@ Use the following procedure to revert an App-V 5.1 package to the App-V file for
 
 **To revert a package**
 
-1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md).
+1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md).
 
     In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>**
 
@@ -26,23 +29,25 @@ Use the following procedure to revert an App-V 5.1 package to the App-V file for
 
     PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath** <path to user configuration file>
 
-3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6.
+3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6.
 
-    **Note**  
+    **Note**  
     If you do not need the App-V 5.1 package anymore, you can unpublish the App-V 5.1 package and the extension points will automatically revert to App-V 4.6.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
index 3046969544..7c6b1455cf 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer
 description: How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 64640b8e-de6b-4006-a33e-353d285af15e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,11 +17,11 @@ ms.date: 06/21/2016
 # How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer
 
 
-Use the following procedure to revert extension points from an App-V 5.1 package to the App-V 4.6 file format using the deployment configuration file.
+Use the following procedure to revert extension points from an App-V 5.1 package to the App-V 4.6 file format using the deployment configuration file.
 
 **To revert a package**
 
-1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md).
+1.  Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md).
 
     In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>**
 
@@ -28,25 +31,27 @@ Use the following procedure to revert extension points from an App-V 5.1 package
 
     PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationType useDeploymentConfiguration**
 
-3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 package.
+3.  Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 package.
 
     Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6.
 
-    **Note**  
-    If you do not need the App-V 5.1 package anymore, you can unpublish the App-V 5.1 package and the extension points will automatically revert to App-V 4.6.
+    **Note**  
+    If you do not need the App-V 5.1 package anymore, you can unpublish the App-V 5.1 package and the extension points will automatically revert to App-V 4.6.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md
index 8f7efaee49..5765532b2a 100644
--- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md
+++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application with App-V 5.0
 description: How to Sequence a New Application with App-V 5.0
-author: jamiejdt
+author: dansimp
 ms.assetid: a263fa84-cd6d-4219-a5c2-eb6a553b826c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,7 +48,7 @@ ms.date: 06/16/2016
     
     
 
-     
+
 
 2.  Copy all required installation files to the computer that is running the sequencer.
 
@@ -67,208 +70,224 @@ ms.date: 06/16/2016
 
 3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-    **Important**  
+    **Important**  
     If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-     
+
 
 4.  On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
 
 5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application.
 
-    **Note**  
+    **Note**  
     If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
 
-     
 
-    If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
+~~~
+If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**.
+~~~
 
-    The **Primary Virtual Application Directory** displays the path where the application will be installed on target computers. To specify this location, select **Browse**.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
 
-    **Note**  
-    Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden).
+   The **Primary Virtual Application Directory** displays the path where the application will be installed on target computers. To specify this location, select **Browse**.
 
-     
+   **Note**  
+   Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden).
 
-    **Important**  
-    The primary application virtual directory should match the installation location for the application that is being sequenced. For example, if you install Notepad to **C:\\Program Files\\Notepad**; you should configure **C:\\Program Files\\Notepad** as your primary virtual directory. Alternatively, you can choose to set **C:\\Notepad** as the primary virtual application directory, as long as during installation time, you configure the installer to install to **C:\\Notepad**. Editing the Application Virtualization path is an advanced configuration task. For most applications, the default path is recommended for the following reasons:
 
-    -   Application Compatibility. Some virtualized applications will not function correctly, or will fail to open if the directories are not configured with identical virtual directory paths.
 
-    -   Performance. Since no file system redirection is required, the runtime performance can improve.
+~~~
+**Important**  
+The primary application virtual directory should match the installation location for the application that is being sequenced. For example, if you install Notepad to **C:\\Program Files\\Notepad**; you should configure **C:\\Program Files\\Notepad** as your primary virtual directory. Alternatively, you can choose to set **C:\\Notepad** as the primary virtual application directory, as long as during installation time, you configure the installer to install to **C:\\Notepad**. Editing the Application Virtualization path is an advanced configuration task. For most applications, the default path is recommended for the following reasons:
 
-     
+-   Application Compatibility. Some virtualized applications will not function correctly, or will fail to open if the directories are not configured with identical virtual directory paths.
 
-    **Tip**  
-    It is recommended that prior to Sequencing an application, you open the associated installer to determine the default installation directory, and then configure that location as the **Primary Virtual Application Directory**.
+-   Performance. Since no file system redirection is required, the runtime performance can improve.
 
-     
 
-    Click **Next**.
 
-7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+**Tip**  
+It is recommended that prior to Sequencing an application, you open the associated installer to determine the default installation directory, and then configure that location as the **Primary Virtual Application Directory**.
 
-    **Important**  
-    You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
 
-     
 
-    Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+Click **Next**.
+~~~
 
-8.  On the **Installation** page, wait while the sequencer configures the virtualized application package.
+7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
 
-9.  On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+   **Important**  
+   You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
 
-    **Note**  
-    To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
 
-     
 
-    Click **Next**.
+~~~
+Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+~~~
+
+8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
+
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+   **Note**  
+   To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
+
+
+
+~~~
+Click **Next**.
+~~~
 
 10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
 
 11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+   -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
 
-    **Note**  
-    If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+   **Note**  
+   If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+
 
-     
 
 13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
 
-    **Important**  
-    Make sure that the operating systems you specify here are supported by the application you are sequencing.
+   **Important**  
+   Make sure that the operating systems you specify here are supported by the application you are sequencing.
+
 
-     
 
 14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
+   To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
 
-    **Important**  
-    The system does not support non-printable characters in **Comments** and **Descriptions**.
+   **Important**  
+   The system does not support non-printable characters in **Comments** and **Descriptions**.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
 
-    The package is now available in the sequencer.
+   The package is now available in the sequencer.
+
+   **Important**  
+   After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-    **Important**  
-    After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
 
 **To sequence an add-on or plug-in application**
 
 1.  
 
-    **Note**  
+    **Note**  
     Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
 
     For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
 
-     
 
-    On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
 
-2.  ****In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+~~~
+On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+~~~
 
-3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**.
 
-    **Important**  
-    If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
+3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-     
+   **Important**  
+   If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-4.  On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-6.  On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
 
-    Click **Next**.
+5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-7.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path, or click **Browse**.
+6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
 
-    **Note**  
-    Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden).
+   Click **Next**.
 
-     
+7. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path, or click **Browse**.
 
-    Click **Next**.
+   **Note**  
+   Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden).
 
-8.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+
+~~~
+Click **Next**.
+~~~
+
+8. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
 10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Optimize how the package will run across a slow or unreliable network.
+   -   Optimize how the package will run across a slow or unreliable network.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
 
-    **Note**  
-    If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+   **Note**  
+   If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+
 
-     
 
 12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
 
 13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
+   To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
 
-    **Important**  
-    The system does not support non-printable characters in Comments and Descriptions.
+   **Important**  
+   The system does not support non-printable characters in Comments and Descriptions.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 **To sequence a middleware application**
 
-1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
 
-2.  ****In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**.
 
-3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-    **Important**  
-    If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
+   **Important**  
+   If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
 
-     
 
-4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+4. On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path or click **Browse**.
+5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-    Click **Next**.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path or click **Browse**.
 
-7.  On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+   Click **Next**.
 
-8.  On the **Installation** page, wait while the sequencer configures the virtual application package.
+7. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+8. On the **Installation** page, wait while the sequencer configures the virtual application package.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
 
 10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
 
@@ -276,32 +295,36 @@ ms.date: 06/16/2016
 
     To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
 
-    **Important**  
+    **Important**  
     The system does not support non-printable characters in Comments and Descriptions.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
 
-    The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+   The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
 
-    **Important**  
-    After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+   **Important**  
+   After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
index fef2c2c8fd..5143059379 100644
--- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
+++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a New Application with App-V 5.1
 description: How to Sequence a New Application with App-V 5.1
-author: jamiejdt
+author: dansimp
 ms.assetid: 7d7699b1-0cb8-450d-94e7-5af937e16c21
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,7 +48,7 @@ ms.date: 06/16/2016
     
     
 
-     
+
 
 2.  Copy all required installation files to the computer that is running the sequencer.
 
@@ -68,145 +71,157 @@ ms.date: 06/16/2016
 
 3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-    > [!IMPORTANT]  
+    > [!IMPORTANT]
     > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-     
 
-    > [!NOTE]  
-    > There is currently no way to disable Windows Defender in Windows 10. If you receive a warning, you can safely ignore it. It is unlikely that Windows Defender will affect sequencing at all.
 
-     
+~~~
+> [!NOTE]  
+> There is currently no way to disable Windows Defender in Windows 10. If you receive a warning, you can safely ignore it. It is unlikely that Windows Defender will affect sequencing at all.
+~~~
 
-4.  On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application.
 
-    > [!NOTE]  
-    > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
+4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
 
-     
+5. On the **Select Installer** page, click **Browse** and specify the installation file for the application.
 
-    If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**.
+   > [!NOTE]  
+   > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
 
-    Click **Next**.
 
-7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+~~~
+If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**.
+~~~
 
-    > [!IMPORTANT]  
-    > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
 
-     
+   Click **Next**.
 
-    Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
 
-8.  On the **Installation** page, wait while the sequencer configures the virtualized application package.
+   > [!IMPORTANT]
+   > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
 
-9.  On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
 
-    > [!NOTE]  
-    > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
 
-     
+~~~
+Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+~~~
 
-    Click **Next**.
+8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
+
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+   > [!NOTE]  
+   > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
+
+
+
+~~~
+Click **Next**.
+~~~
 
 10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
 
 11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+   -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
 
-    > [!NOTE]  
-    > If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+   > [!NOTE]  
+   > If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+
 
-     
 
 13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
 
-    > [!IMPORTANT]  
-    > Make sure that the operating systems you specify here are supported by the application you are sequencing.
+   > [!IMPORTANT]
+   > Make sure that the operating systems you specify here are supported by the application you are sequencing.
+
 
-     
 
 14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
 
-    To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
+   To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
 
-    > [!IMPORTANT]  
-    > The system does not support non-printable characters in **Comments** and **Descriptions**.
+   > [!IMPORTANT]
+   > The system does not support non-printable characters in **Comments** and **Descriptions**.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
 
-    The package is now available in the sequencer.
+   The package is now available in the sequencer.
+
+   > [!IMPORTANT]
+   > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-    > [!IMPORTANT]  
-    > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
 
 **To sequence an add-on or plug-in application**
 
-1.  > [!NOTE]  
-    > Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
-    >
-    > For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
+1. > [!NOTE]  
+   > Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
+   >
+   > For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
 
-     
 
-    On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
 
-2.  ****In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+~~~
+On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+~~~
 
-3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**.
 
-    > [!IMPORTANT]  
-    > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
+3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-     
+   > [!IMPORTANT]
+   > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
 
-4.  On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-6.  On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
 
-    Click **Next**.
+5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-7.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console.
+6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
 
-    Click **Next**.
+   Click **Next**.
 
-8.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+7. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+   Click **Next**.
+
+8. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
 
 10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
 
-    -   Optimize how the package will run across a slow or unreliable network.
+   -   Optimize how the package will run across a slow or unreliable network.
 
-    -   Specify the operating systems that can run this package.
+   -   Specify the operating systems that can run this package.
 
-    Click **Next**.
+   Click **Next**.
 
 11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
 
     > [!NOTE]  
     > If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
 
-     
+
 
 12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
 
@@ -214,39 +229,41 @@ ms.date: 06/16/2016
 
     To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
 
-    > [!IMPORTANT]  
+    > [!IMPORTANT]
     > The system does not support non-printable characters in Comments and Descriptions.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 **To sequence a middleware application**
 
-1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
 
-2.  ****In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**.
 
-3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
-    > [!IMPORTANT]  
-    > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
+   > [!IMPORTANT]
+   > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
 
-     
 
-4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
-5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+4. On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
+5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-    Click **Next**.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
 
-7.  On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+   Click **Next**.
 
-8.  On the **Installation** page, wait while the sequencer configures the virtual application package.
+7. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
 
-9.  On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+8. On the **Installation** page, wait while the sequencer configures the virtual application package.
+
+9. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
 
 10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
 
@@ -254,32 +271,36 @@ ms.date: 06/16/2016
 
     To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
 
-    > [!IMPORTANT]  
+    > [!IMPORTANT]
     > The system does not support non-printable characters in Comments and Descriptions.
 
-     
 
-    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+~~~
+The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+~~~
 
 12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
 
-    The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+   The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
 
-    > [!IMPORTANT]  
-    > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+   > [!IMPORTANT]
+   > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md
index f4b088d730..17f4bffcb4 100644
--- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md
+++ b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a Package by Using PowerShell
 description: How to Sequence a Package by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: b41feed9-d1c5-48a3-940c-9a21d594f4f8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to create a new App-V 5.0 package using PowerShell.
 **Note**  
 Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md).
 
- 
+ 
 
 **To create a new virtual application using PowerShell**
 
@@ -64,9 +67,9 @@ Before you use this procedure you must copy the associated installer files to th
 
 [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md
index 998425d501..a4804fc73e 100644
--- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md
+++ b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Sequence a Package by Using PowerShell
 description: How to Sequence a Package by Using PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 6134c6be-937d-4609-a516-92d49154b290
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Use the following procedure to create a new App-V 5.1 package using PowerShell.
 **Note**  
 Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md).
 
- 
+ 
 
 **To create a new virtual application using PowerShell**
 
@@ -64,9 +67,9 @@ Before you use this procedure you must copy the associated installer files to th
 
 [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md
index 67e316e135..ab3d68c846 100644
--- a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md
+++ b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: d41d64a0-0333-4951-ab27-db595bf0f634
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md
index bf5b6f591c..17e0975836 100644
--- a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md
+++ b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: bf53f064-76ae-4eac-9266-d087c480cda7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md b/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md
index b2dde99a04..3923ff9ea3 100644
--- a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md
+++ b/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Uninstall the App-V 5.0 Client
 description: How to Uninstall the App-V 5.0 Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 7566fb19-8d52-439a-be42-e004d95fed6f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to uninstall the App-V 5.0 client from a computer. When you uninstall the App-V 5.0 client all packages published to the computer running the client are also removed. If the uninstall operation does not complete the packages will need to be re-published to the computer running the App-V 5.0 client.
 
-**Important**  
+**Important**  
 You should ensure that the App-V 5.0 client service is running prior to performing the uninstall procedure.
 
- 
+
 
 **To uninstall the App-V 5.0 Client**
 
@@ -27,28 +30,30 @@ You should ensure that the App-V 5.0 client service is running prior to performi
 
 2.  In the dialog box that appears, click **Yes** to continue with the uninstall process.
 
-    **Important**  
+    **Important**  
     The uninstall process cannot be canceled or interrupted.
 
-     
+
 
 3.  A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process.
 
-    **Note**  
+    **Note**  
     You can also use the command line to uninstall the App-V 5.0 client with the following switch: **/UNINSTALL**.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Deploying App-V 5.0](deploying-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md b/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md
index 5a77f880e1..119e3fda37 100644
--- a/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md
+++ b/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Uninstall the App-V 5.1 Client
 description: How to Uninstall the App-V 5.1 Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 21f2d946-fc9f-4cd3-899b-ac52b3fbc306
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 Use the following procedure to uninstall the Microsoft Application Virtualization (App-V) 5.1 client from a computer. When you uninstall the App-V 5.1 client all packages published to the computer running the client are also removed. If the uninstall operation does not complete the packages will need to be re-published to the computer running the App-V 5.1 client.
 
-**Important**  
+**Important**  
 You should ensure that the App-V 5.1 client service is running prior to performing the uninstall procedure.
 
- 
+
 
 **To uninstall the App-V 5.1 Client**
 
@@ -27,28 +30,30 @@ You should ensure that the App-V 5.1 client service is running prior to performi
 
 2.  In the dialog box that appears, click **Yes** to continue with the uninstall process.
 
-    **Important**  
+    **Important**  
     The uninstall process cannot be canceled or interrupted.
 
-     
+
 
 3.  A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process.
 
-    **Note**  
+    **Note**  
     You can also use the command line to uninstall the App-V 5.1 client with the following switch: **/UNINSTALL**.
 
-     
 
-    **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+
+~~~
+**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+~~~
 
 ## Related topics
 
 
 [Deploying App-V 5.1](deploying-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
index a22b03afe0..4781b2cf89 100644
--- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
+++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md
@@ -1,8 +1,8 @@
----
+ms.reviewer: 
 title: How to Use an App-V 4.6 Application From an App-V 5.0 Application
 description: How to Use an App-V 4.6 Application From an App-V 5.0 Application
 ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -42,3 +42,6 @@ Use the following procedure to run an App-V 4.6 application with App-V 5.0 appl
 
 
 
+
+
+
diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md
index e1f20fa65c..06eb564ecc 100644
--- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md
+++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use an App-V 4.6 Application From an App-V 5.1 Application
 description: How to Use an App-V 4.6 Application From an App-V 5.1 Application
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 909b4391-762b-4988-b0cf-32b67f1fcf0e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,9 +40,9 @@ This procedure assumes that you are running the latest version of App-V 4.6.
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
index 91b56c8a74..3f0e318e6e 100644
--- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
+++ b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use Optional Packages in Connection Groups
 description: How to Use Optional Packages in Connection Groups
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4d08a81b-55e5-471a-91dc-9a684fb3c9a1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Starting in Microsoft Application Virtualization (App-V) 5.0 SP3, you can add op
 **Note**  
 **Optional packages are supported only in App-V 5.0 SP3.**
 
- 
+ 
 
 Before using optional packages, see [Requirements for using optional packages in connection groups](#bkmk-reqs-using-cg).
 
@@ -36,19 +39,19 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
-
    [Use one connection group, with optional packages, for multiple users who have different packages entitled to them](#bkmk-apps-plugs-optional)
    
+
    Use one connection group, with optional packages, for multiple users who have different packages entitled to them
    
 
    Use a single connection group to make different groups of applications and plug-ins available to different end users.
    
 
    For example, you want to distribute Microsoft Office to all end users, but distribute different plug-ins to different subsets of users.
    
 
 
-
    [Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group](#bkmk-unpub-del-optl-pkg)
    
+
    Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group
    
 
    Unpublish, delete, or republish an optional package without having to disable, remove, edit, add, and re-enable the connection group on the App-V Client.
    
 
    You can also unpublish the optional package and republish it later without having to disable or republish the connection group.
    
 
 
 
 
- 
+ 
 
 ## Use one connection group, with optional packages, for multiple users with different packages entitled to them
 
@@ -116,7 +119,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
    Example connection group XML document with optional packages:
    
 
    <?xml version="1.0" ?>
 <AppConnectionGroup
-   xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
+   xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
    AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
    VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
    DisplayName="Contoso Software Connection Group" >
@@ -162,7 +165,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
- 
+ 
 
 ## Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group
 
@@ -210,7 +213,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
  • Unpublish-AppvClientPackage
    • 
 
  • Remove-AppvClientPackage
    • 
 
-
    For more information, see [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md).
    
+
    For more information, see How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell.
    
 
 
 
@@ -229,7 +232,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
- 
+ 
 
 ## Requirements for using optional packages in connection groups
 
@@ -276,7 +279,7 @@ Review the following requirements before using optional packages in connection g
 
 
 
- 
+ 
 
 
 
@@ -288,9 +291,9 @@ Review the following requirements before using optional packages in connection g
 
 [Managing Connection Groups](managing-connection-groups.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
index c43e18358d..d507575d2e 100644
--- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
+++ b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use Optional Packages in Connection Groups
 description: How to Use Optional Packages in Connection Groups
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 67666f18-b704-4852-a1e4-d13633bd2baf
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Starting in Microsoft Application Virtualization (App-V) 5.0 SP3, you can add op
 **Note**  
 **Optional packages are not supported in releases prior to App-V 5.0 SP3.**
 
- 
+ 
 
 Before using optional packages, see [Requirements for using optional packages in connection groups](#bkmk-reqs-using-cg).
 
@@ -36,19 +39,19 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
-
    [Use one connection group, with optional packages, for multiple users who have different packages entitled to them](#bkmk-apps-plugs-optional)
    
+
    Use one connection group, with optional packages, for multiple users who have different packages entitled to them
    
 
    Use a single connection group to make different groups of applications and plug-ins available to different end users.
    
 
    For example, you want to distribute Microsoft Office to all end users, but distribute different plug-ins to different subsets of users.
    
 
 
-
    [Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group](#bkmk-unpub-del-optl-pkg)
    
+
    Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group
    
 
    Unpublish, delete, or republish an optional package without having to disable, remove, edit, add, and re-enable the connection group on the App-V Client.
    
 
    You can also unpublish the optional package and republish it later without having to disable or republish the connection group.
    
 
 
 
 
- 
+ 
 
 ## Use one connection group, with optional packages, for multiple users with different packages entitled to them
 
@@ -115,7 +118,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
    Example connection group XML document with optional packages:
    
 
    <?xml version="1.0" ?>
 <AppConnectionGroup
-   xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
+   xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
    AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
    VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
    DisplayName="Contoso Software Connection Group" >
@@ -161,7 +164,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
- 
+ 
 
 ## Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group
 
@@ -209,7 +212,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
  • Unpublish-AppvClientPackage
    • 
 
  • Remove-AppvClientPackage
    • 
 
-
    For more information, see [How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md).
    
+
    For more information, see How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell.
    
 
 
 
@@ -228,7 +231,7 @@ Before using optional packages, see [Requirements for using optional packages in
 
 
 
- 
+ 
 
 ## Requirements for using optional packages in connection groups
 
@@ -275,7 +278,7 @@ Review the following requirements before using optional packages in connection g
 
 
 
- 
+ 
 
 
 
@@ -287,9 +290,9 @@ Review the following requirements before using optional packages in connection g
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
index 88eb54d480..0dbc87a5e6 100644
--- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
@@ -1,8 +1,11 @@
 ---
 title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1e1941d3-fb22-4077-8ec6-7a0cb80335d8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md
index c0c8af3a23..9b22eac2ef 100644
--- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md
+++ b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md
@@ -1,8 +1,11 @@
 ---
 title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c77e6662-7a18-4da1-8da8-b58068b65fa1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/maintaining-app-v-50.md b/mdop/appv-v5/maintaining-app-v-50.md
index 0abd36efa4..72362de20d 100644
--- a/mdop/appv-v5/maintaining-app-v-50.md
+++ b/mdop/appv-v5/maintaining-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Maintaining App-V 5.0
 description: Maintaining App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 66851ec3-c674-493b-ad6d-db8fcbf1956c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/maintaining-app-v-51.md b/mdop/appv-v5/maintaining-app-v-51.md
index 94b2057911..f972cbfdae 100644
--- a/mdop/appv-v5/maintaining-app-v-51.md
+++ b/mdop/appv-v5/maintaining-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Maintaining App-V 5.1
 description: Maintaining App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5abd17d3-e8af-4261-b914-741ae116b0e7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/managing-connection-groups.md b/mdop/appv-v5/managing-connection-groups.md
index a1c4180e77..baca427994 100644
--- a/mdop/appv-v5/managing-connection-groups.md
+++ b/mdop/appv-v5/managing-connection-groups.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Connection Groups
 description: Managing Connection Groups
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1a9c8f26-f421-4b70-b7e2-da8118e8198c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Connection groups enable the applications within a package to interact with each
 **Note**  
 In previous versions of App-V 5.0, connection groups were referred to as Dynamic Suite Composition.
 
- 
+ 
 
 **In this topic:**
 
@@ -30,33 +33,33 @@ In previous versions of App-V 5.0, connection groups were referred to as Dynamic
 
 
 
-
    [About the Connection Group Virtual Environment](about-the-connection-group-virtual-environment.md)
    
+
    About the Connection Group Virtual Environment
    
 
    Describes the connection group virtual environment.
    
 
 
-
    [About the Connection Group File](about-the-connection-group-file.md)
    
+
    About the Connection Group File
    
 
    Describes the connection group file.
    
 
 
-
    [How to Create a Connection Group](how-to-create-a-connection-group.md)
    
+
    How to Create a Connection Group
    
 
    Explains how to create a new connection group.
    
 
 
-
    [How to Create a Connection Group with User-Published and Globally Published Packages](how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md)
    
+
    How to Create a Connection Group with User-Published and Globally Published Packages
    
 
    Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.
    
 
 
-
    [How to Delete a Connection Group](how-to-delete-a-connection-group.md)
    
+
    How to Delete a Connection Group
    
 
    Explains how to delete a connection group.
    
 
 
-
    [How to Publish a Connection Group](how-to-publish-a-connection-group.md)
    
+
    How to Publish a Connection Group
    
 
    Explains how to publish a connection group.
    
 
 
 
 
- 
+ 
 
 
 
@@ -68,9 +71,9 @@ In previous versions of App-V 5.0, connection groups were referred to as Dynamic
 
 -   [Operations for App-V 5.0](operations-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/managing-connection-groups51.md b/mdop/appv-v5/managing-connection-groups51.md
index c325456217..06ecc8b46b 100644
--- a/mdop/appv-v5/managing-connection-groups51.md
+++ b/mdop/appv-v5/managing-connection-groups51.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Connection Groups
 description: Managing Connection Groups
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 22c9d3cb-7246-4173-9742-4ba1c24b0a6a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Connection groups enable the applications within a package to interact with each
 **Note**  
 In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition.
 
- 
+ 
 
 **In this topic:**
 
@@ -30,33 +33,33 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 
 
 
-
    [About the Connection Group Virtual Environment](about-the-connection-group-virtual-environment51.md)
    
+
    About the Connection Group Virtual Environment
    
 
    Describes the connection group virtual environment.
    
 
 
-
    [About the Connection Group File](about-the-connection-group-file51.md)
    
+
    About the Connection Group File
    
 
    Describes the connection group file.
    
 
 
-
    [How to Create a Connection Group](how-to-create-a-connection-group51.md)
    
+
    How to Create a Connection Group
    
 
    Explains how to create a new connection group.
    
 
 
-
    [How to Create a Connection Group with User-Published and Globally Published Packages](how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md)
    
+
    How to Create a Connection Group with User-Published and Globally Published Packages
    
 
    Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.
    
 
 
-
    [How to Delete a Connection Group](how-to-delete-a-connection-group51.md)
    
+
    How to Delete a Connection Group
    
 
    Explains how to delete a connection group.
    
 
 
-
    [How to Publish a Connection Group](how-to-publish-a-connection-group51.md)
    
+
    How to Publish a Connection Group
    
 
    Explains how to publish a connection group.
    
 
 
 
 
- 
+ 
 
 
 
@@ -68,9 +71,9 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 
 -   [Operations for App-V 5.1](operations-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md
index a1be89fa9a..bcad0aeea4 100644
--- a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md
+++ b/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization 5.0 Administrator's Guide
 description: Microsoft Application Virtualization 5.0 Administrator's Guide
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c46e94b5-32cd-4377-8dc3-8163539be897
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md
index 4df47b66b2..f854875229 100644
--- a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md
+++ b/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Application Virtualization 5.1 Administrator's Guide
 description: Microsoft Application Virtualization 5.1 Administrator's Guide
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3049996a-7253-4599-a29a-1b58f9ab14a4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
index 210fd210db..b990ad8485 100644
--- a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
+++ b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Migrating from a Previous Version
 description: Migrating from a Previous Version
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a13cd353-b22a-48f7-af1e-5d54ede2a7e5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Consider the following sections when you plan your migration strategy:
 **Note**  
 For more information about the differences between App-V 4.6 and App-V 5.0, see the **Differences between App-V 4.6 and App-V 5.0 section** of [About App-V 5.0](about-app-v-50.md).
 
- 
+ 
 
 ## Converting packages created using a prior version of App-V
 
@@ -31,7 +34,7 @@ Use the package converter utility to upgrade virtual application packages create
 **Important**  
 After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful.
 
- 
+ 
 
 **What to know before you convert existing packages**
 
@@ -57,7 +60,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
    Virtual packages using DSC are not linked after conversion.
    
-
    Link the packages using connection groups. See [Managing Connection Groups](managing-connection-groups.md).
    
+
    Link the packages using connection groups. See Managing Connection Groups.
    
 
 
 
    Environment variable conflicts are detected during conversion.
    
@@ -70,7 +73,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
- 
+ 
 
 When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be hard-coded path. Convert the path.
 
@@ -79,7 +82,7 @@ It is recommended that you use the App-V 5.0 sequencer for converting critical a
 
 If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V 5.0 sequencer.
 
- 
+ 
 
 [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md)
 
@@ -102,25 +105,25 @@ The following table displays the recommended method for upgrading clients.
 
 
 
    Upgrade your environment to App-V 4.6 SP2
    
-
    [Application Virtualization Deployment and Upgrade Considerations](../appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md).
    
+
    Application Virtualization Deployment and Upgrade Considerations.
    
 
 
 
    Install the App-V 5.0 client with co-existence enabled.
    
-
    [How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md).
    
+
    How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer.
    
 
 
 
    Sequence and roll out App-V 5.0 packages. As needed, unpublish App-V 4.6 packages.
    
-
    [How to Sequence a New Application with App-V 5.0](how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md).
    
+
    How to Sequence a New Application with App-V 5.0.
    
 
 
 
 
- 
+ 
 
 **Important**  
 You must be running App-V 4.6 SP3 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section.
 
- 
+ 
 
 ## Migrating the App-V 5.0 Server Full Infrastructure
 
@@ -141,15 +144,15 @@ There is no direct method to upgrade to a full App-V 5.0 infrastructure. Use the
 
 
 
    Upgrade your environment to App-V 4.6 SP3.
    
-
    [Application Virtualization Deployment and Upgrade Considerations](../appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md).
    
+
    Application Virtualization Deployment and Upgrade Considerations.
    
 
 
 
    Deploy App-V 5.0 version of the client.
    
-
    [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md).
    
+
    How to Deploy the App-V Client.
    
 
 
 
    Install App-V 5.0 server.
    
-
    [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md).
    
+
    How to Deploy the App-V 5.0 Server.
    
 
 
 
    Migrate existing packages.
    
@@ -158,7 +161,7 @@ There is no direct method to upgrade to a full App-V 5.0 infrastructure. Use the
 
 
 
- 
+ 
 
 ## Additional Migration tasks
 
@@ -186,9 +189,9 @@ You can also perform additional migration tasks such as reconfiguring end points
 
 [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
index 325d571bbf..33eb8f92b7 100644
--- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
+++ b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
@@ -1,8 +1,11 @@
 ---
 title: Migrating to App-V 5.1 from a Previous Version
 description: Migrating to App-V 5.1 from a Previous Version
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e7ee0edc-7544-4c0a-aaca-d922a33bc1bb
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,7 +25,7 @@ App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no
 
 For more information about the differences between App-V 4.6 and App-V 5.1, see the **Differences between App-V 4.6 and App-V 5.0 section** of [About App-V 5.0](about-app-v-50.md).
 
- 
+ 
 
 ## Improvements to the App-V 5.1 Package Converter
 
@@ -59,7 +62,7 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
 
 
 
- 
+ 
 
 ### Example conversion statement
 
@@ -165,7 +168,7 @@ ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\
 
 
 
- 
+ 
 
 ## Converting packages created using a prior version of App-V
 
@@ -175,7 +178,7 @@ Use the package converter utility to upgrade virtual application packages create
 **Important**  
 After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful.
 
- 
+ 
 
 **What to know before you convert existing packages**
 
@@ -193,7 +196,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
    Virtual packages using DSC are not linked after conversion.
    
-
    Link the packages using connection groups. See [Managing Connection Groups](managing-connection-groups51.md).
    
+
    Link the packages using connection groups. See Managing Connection Groups.
    
 
 
 
    Environment variable conflicts are detected during conversion.
    
@@ -206,7 +209,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
- 
+ 
 
 When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
 
@@ -215,7 +218,7 @@ It is recommended that you use the App-V 5.1 sequencer for converting critical a
 
 If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V 5.1 sequencer.
 
- 
+ 
 
 [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md)
 
@@ -238,25 +241,25 @@ The following table displays the recommended method for upgrading clients.
 
 
 
    Upgrade your environment to the latest version of App-V 4.6
    
-
    [Application Virtualization Deployment and Upgrade Considerations](../appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md).
    
+
    Application Virtualization Deployment and Upgrade Considerations.
    
 
 
 
    Install the App-V 5.1 client with co-existence enabled.
    
-
    [How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md).
    
+
    How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer.
    
 
 
 
    Sequence and roll out App-V 5.1 packages. As needed, unpublish App-V 4.6 packages.
    
-
    [How to Sequence a New Application with App-V 5.1](how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md).
    
+
    How to Sequence a New Application with App-V 5.1.
    
 
 
 
 
- 
+ 
 
 **Important**  
 You must be running the latest version of App-V 4.6 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section.
 
- 
+ 
 
 ## Migrating the App-V 5.1 Server Full Infrastructure
 
@@ -277,15 +280,15 @@ There is no direct method to upgrade to a full App-V 5.1 infrastructure. Use the
 
 
 
    Upgrade your environment to the latest version of App-V 4.6.
    
-
    [Application Virtualization Deployment and Upgrade Considerations](../appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md).
    
+
    Application Virtualization Deployment and Upgrade Considerations.
    
 
 
 
    Deploy App-V 5.1 version of the client.
    
-
    [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md).
    
+
    How to Deploy the App-V Client.
    
 
 
 
    Install App-V 5.1 server.
    
-
    [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md).
    
+
    How to Deploy the App-V 5.1 Server.
    
 
 
 
    Migrate existing packages.
    
@@ -294,7 +297,7 @@ There is no direct method to upgrade to a full App-V 5.1 infrastructure. Use the
 
 
 
- 
+ 
 
 ## Additional Migration tasks
 
@@ -322,9 +325,9 @@ You can also perform additional migration tasks such as reconfiguring end points
 
 [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/operations-for-app-v-50.md b/mdop/appv-v5/operations-for-app-v-50.md
index c5bd02a3de..040240cc28 100644
--- a/mdop/appv-v5/operations-for-app-v-50.md
+++ b/mdop/appv-v5/operations-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for App-V 5.0
 description: Operations for App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4d0d41a6-f7da-4a2f-8ac9-2d67cc18ea93
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/operations-for-app-v-51.md b/mdop/appv-v5/operations-for-app-v-51.md
index e289af08ec..4add886780 100644
--- a/mdop/appv-v5/operations-for-app-v-51.md
+++ b/mdop/appv-v5/operations-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for App-V 5.1
 description: Operations for App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: dd13b5c9-2d1e-442f-91e4-43dec7f17ea2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
index 538d1e5db2..1850499cde 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
@@ -1,8 +1,11 @@
 ---
 title: Performance Guidance for Application Virtualization 5.0
 description: Performance Guidance for Application Virtualization 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6b3a3255-b957-4b9b-8bfc-a93fe8438a81
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,10 +29,10 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization 5.0 Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
-**Note**  
-Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+**Note**  
+Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+
 
- 
 
 Finally, this document will provide you with the information to configure the computer running App-V 5.0 client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V 5.0 in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
 
@@ -52,7 +55,7 @@ Use the information in the following section for more information:
 
 -   Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach.
 
--   Use UE-V 2.0 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
+-   Use UE-V 2.0 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
 
 [User Experience Walk-through](#bkmk-uewt)
 
@@ -85,7 +88,7 @@ Deployment Environment
 
 
 
- 
+
 
 Expected Configuration
 
@@ -106,7 +109,7 @@ Expected Configuration
 
 
 
- 
+
 
 IT Administration
 
@@ -123,7 +126,7 @@ IT Administration
 
 
 
- 
+
 
 ### Usage Scenario
 
@@ -150,7 +153,7 @@ As you review the two scenarios, keep in mind that these approach the extremes.
 
 
 
- 
+
 
 ### Preparing your Environment
 
@@ -175,7 +178,7 @@ The following table displays the required steps to prepare the base image and th
 
      
 
    • Install the Hotfix Package 4 for Application Virtualization 5.0 SP2 client version of the client.
      • 
 
    • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
      • 
-
    • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md).
      • 
+
    • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.0 Client for Shared Content Store Mode.
      • 
 
    • Configure Preserve User Integrations on Login Registry DWORD.
      • 
 
    • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.
      • 
 
    • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.
      • 
@@ -195,7 +198,7 @@ The following table displays the required steps to prepare the base image and th
 
        
 
      • Install the Hotfix Package 4 for Application Virtualization 5.0 SP2 client version of the client.
        • 
 
      • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
        • 
-
      • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md).
        • 
+
      • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.0 Client for Shared Content Store Mode.
        • 
 
      • Configure Preserve User Integrations on Login Registry DWORD.
        • 
 
      • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.
        • 
 
      • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.
        • 
@@ -206,7 +209,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+
 
 **Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information:
 
@@ -248,7 +251,7 @@ The following table displays the required steps to prepare the base image and th
 
 
        MaxConcurrentPublishingRefresh
        
 
          
-
        • Configure in the Registry under HKEY_LOCAL_MACHINE \Software \ Microsoft \ AppV \Client \ Publishing.
          • 
+
        • Configure in the Registry under HKEY_LOCAL_MACHINE <strong>Software \ Microsoft \ AppV <strong>Client \ Publishing.
          • 
 
        • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.
          • 
 
        • The App-V client service and computer do not need to be restarted.
          • 
 
        
@@ -259,7 +262,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+
 
 ### Configure UE-V solution for App-V Approach
 
@@ -269,7 +272,7 @@ For more information see [Getting Started With User Experience Virtualization 2.
 
 In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458936.aspx).
 
-**Note**  
+**Note**  
 Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
 
 UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
@@ -278,12 +281,12 @@ UE-V will only support removing the .lnk file type from the exclusion list in th
 
 -   If a user has an application installed on one device but not another with .lnk files enabled.
 
- 
 
-**Important**  
+
+**Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+
 
 Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
 
@@ -398,7 +401,7 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
 
 
- 
+
 
 @@ -423,13 +426,13 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
        
 

 
        
 
- 
+
 
 ### Impact to Package Life Cycle
 
 Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section:
 
-App-V 5.0 SP2 introduced the concept of pending states. In the past,
+App-V 5.0 SP2 introduced the concept of pending states. In the past,
 
 -   If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail.
 
@@ -453,11 +456,11 @@ About NGEN technology
 
 Server Performance Tuning Guidelines for
 
--   [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+-   [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
 
--   [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+-   [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
 
--   [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+-   [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
 
 **Server Roles**
 
@@ -471,18 +474,18 @@ Server Performance Tuning Guidelines for
 
 **Windows Client (Guest OS) Performance Tuning Guidance**
 
--   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+-   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
 
 -   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
 
--   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+-   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
 
 -   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
 
 ## Sequencing Steps to Optimize Packages for Publishing Performance
 
 
-App-V 5.0 and App-V 5.0 SP2 provide significant value in their respective releases. Several features facilitate new scenarios or enabled new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations.
+App-V 5.0 and App-V 5.0 SP2 provide significant value in their respective releases. Several features facilitate new scenarios or enabled new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations.
 
 @@ -513,7 +516,7 @@ App-V 5.0 and App-V 5.0 SP2 provide significant value in their respective relea
 
        
 

 
        
 
- 
+
 
 ### Removing FB1
 
@@ -549,10 +552,10 @@ Removing FB1 does not require the original application installer. After completi
 
     "C:\\UpgradedPackages"
 
-    **Note**  
+    **Note**  
     This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
 
-     
+
 
 @@ -579,7 +582,7 @@ Removing FB1 does not require the original application installer. After completi
 
        
 

 
        
 
- 
+
 
 ### Creating a new virtual application package on the sequencer
 
@@ -587,7 +590,7 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins
 
 **Client Side**:
 
-When publishing a virtual application package, the App-V 5.0 SP2 Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
+When publishing a virtual application package, the App-V 5.0 SP2 Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
 
 @@ -616,7 +619,7 @@ When publishing a virtual application package, the App-V 5.0 SP2 Client will de
 
        
 

 
        
 
- 
+
 
 ### Disabling a Dynamic Configuration using Powershell
 
@@ -666,7 +669,7 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 
 
- 
+
 
 ### Determining what virtual fonts exist in the package
 
@@ -682,12 +685,14 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
     <appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"></appv:Font>
 
-    **Note**  
+    **Note**  
     If there are fonts marked as **DelayLoad**, those will not impact first launch.
 
-     
 
-    </appv:Fonts>
+
+~~~
+</appv:Fonts>
+~~~
 
 ### Excluding virtual fonts from the package
 
@@ -746,9 +751,9 @@ The following terms are used when describing concepts and actions related to App
 
 [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
index 978deed7ea..2833f23817 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
@@ -1,8 +1,11 @@
 ---
 title: Performance Guidance for Application Virtualization 5.1
 description: Performance Guidance for Application Virtualization 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5f2643c7-5cf7-4a29-adb7-45bf9f5b0364
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,10 +29,10 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
-**Note**  
-Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+**Note**  
+Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+
 
- 
 
 Finally, this document will provide you with the information to configure the computer running App-V 5.1 client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V 5.1 in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
 
@@ -52,7 +55,7 @@ Use the information in the following section for more information:
 
 -   Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach.
 
--   Use UE-V 2.1 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
+-   Use UE-V 2.1 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
 
 [User Experience Walk-through](#bkmk-uewt)
 
@@ -85,7 +88,7 @@ Deployment Environment
 
 
 
- 
+
 
 Expected Configuration
 
@@ -106,7 +109,7 @@ Expected Configuration
 
 
 
- 
+
 
 IT Administration
 
@@ -123,7 +126,7 @@ IT Administration
 
 
 
- 
+
 
 ### Usage Scenario
 
@@ -150,7 +153,7 @@ As you review the two scenarios, keep in mind that these approach the extremes.
 
 
 
- 
+
 
 ### Preparing your Environment
 
@@ -175,7 +178,7 @@ The following table displays the required steps to prepare the base image and th
 
          
 
        • Install the App-V 5.1 client version of the client.
          • 
 
        • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
          • 
-
        • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md).
          • 
+
        • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.1 Client for Shared Content Store Mode.
          • 
 
        • Configure Preserve User Integrations on Login Registry DWORD.
          • 
 
        • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.
          • 
 
        • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.
          • 
@@ -195,7 +198,7 @@ The following table displays the required steps to prepare the base image and th
 
            
 
          • Install the App-V 5.1 client version of the client.
            • 
 
          • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
            • 
-
          • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md).
            • 
+
          • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.1 Client for Shared Content Store Mode.
            • 
 
          • Configure Preserve User Integrations on Login Registry DWORD.
            • 
 
          • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.
            • 
 
          • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.
            • 
@@ -206,7 +209,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+
 
 **Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information:
 
@@ -248,7 +251,7 @@ The following table displays the required steps to prepare the base image and th
 
 
            MaxConcurrentPublishingRefresh
            
 
              
-
            • Configure in the Registry under HKEY_LOCAL_MACHINE \Software \ Microsoft \ AppV \Client \ Publishing.
              • 
+
            • Configure in the Registry under HKEY_LOCAL_MACHINE <strong>Software \ Microsoft \ AppV <strong>Client \ Publishing.
              • 
 
            • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.
              • 
 
            • The App-V client service and computer do not need to be restarted.
              • 
 
            
@@ -259,7 +262,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+
 
 ### Configure UE-V solution for App-V Approach
 
@@ -269,7 +272,7 @@ For more information see [Getting Started With User Experience Virtualization 2.
 
 In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx).
 
-**Note**  
+**Note**  
 Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
 
 UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
@@ -278,12 +281,12 @@ UE-V will only support removing the .lnk file type from the exclusion list in th
 
 -   If a user has an application installed on one device but not another with .lnk files enabled.
 
- 
 
-**Important**  
+
+**Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+
 
 Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
 
@@ -301,12 +304,12 @@ To enable an optimized login experience, for example the App-V 5.1 approach for
 
 -   Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations.
 
-    **Note**  
+    **Note**  
     App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
 
     App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders.
 
-     
+
 
 -   Capturing changes to the locations, which constitute the user integrations, prior to session logoff.
 
@@ -405,7 +408,7 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
 
 
- 
+
 
 @@ -430,13 +433,13 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
            
 

 
            
 
- 
+
 
 ### Impact to Package Life Cycle
 
 Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section:
 
-App-V 5.0 SP2 introduced the concept of pending states. In the past,
+App-V 5.0 SP2 introduced the concept of pending states. In the past,
 
 -   If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail.
 
@@ -460,11 +463,11 @@ About NGEN technology
 
 Server Performance Tuning Guidelines for
 
--   [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+-   [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
 
--   [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+-   [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
 
--   [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+-   [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
 
 **Server Roles**
 
@@ -478,11 +481,11 @@ Server Performance Tuning Guidelines for
 
 **Windows Client (Guest OS) Performance Tuning Guidance**
 
--   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+-   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
 
 -   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
 
--   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+-   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
 
 -   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
 
@@ -520,7 +523,7 @@ Several App-V features facilitate new scenarios or enable new customer deploymen
 
 
 
- 
+
 
 ### Removing FB1
 
@@ -556,10 +559,10 @@ Removing FB1 does not require the original application installer. After completi
 
     "C:\\UpgradedPackages"
 
-    **Note**  
+    **Note**  
     This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
 
-     
+
 
 @@ -586,7 +589,7 @@ Removing FB1 does not require the original application installer. After completi
 
            
 

 
            
 
- 
+
 
 ### Creating a new virtual application package on the sequencer
 
@@ -623,7 +626,7 @@ When publishing a virtual application package, the App-V Client will detect if a
 
 
 
- 
+
 
 ### Disabling a Dynamic Configuration using Powershell
 
@@ -673,7 +676,7 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 
 
- 
+
 
 ### Determining what virtual fonts exist in the package
 
@@ -689,12 +692,14 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
     <appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"></appv:Font>
 
-    **Note**  
+    **Note**  
     If there are fonts marked as **DelayLoad**, those will not impact first launch.
 
-     
 
-    </appv:Fonts>
+
+~~~
+</appv:Fonts>
+~~~
 
 ### Excluding virtual fonts from the package
 
@@ -753,9 +758,9 @@ The following terms are used when describing concepts and actions related to App
 
 [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/planning-for-app-v-50-rc.md b/mdop/appv-v5/planning-for-app-v-50-rc.md
index 79444cbce4..a9830b1c28 100644
--- a/mdop/appv-v5/planning-for-app-v-50-rc.md
+++ b/mdop/appv-v5/planning-for-app-v-50-rc.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for App-V 5.0
 description: Planning for App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 69df85b3-06c7-4123-af05-29d537a687ec
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-for-app-v-51.md b/mdop/appv-v5/planning-for-app-v-51.md
index d42ae9c0bf..c32ba654cf 100644
--- a/mdop/appv-v5/planning-for-app-v-51.md
+++ b/mdop/appv-v5/planning-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for App-V 5.1
 description: Planning for App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8d84e679-0bd3-4864-976b-a3cbe6eafba6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
index e342ac8d3b..b861440d22 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for High Availability with App-V 5.0
 description: Planning for High Availability with App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6d9a6492-23f8-465c-82e5-49c863594156
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ Review the following for more information about configuring IIS and Network Load
     **Note**  
     The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
-     
+     
 
 ## Support for clustered file servers when running (SCS) mode
 
@@ -108,7 +111,7 @@ Use the following steps to modify the connection string to include **failover pa
 **Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+ 
 
 1.  Login to the management server and open **regedit**.
 
@@ -121,7 +124,7 @@ This topic describes how to change the Windows registry by using Registry Editor
     **Note**  
     Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available with Microsoft SQL Server 2012.
 
-     
+     
 
 Click any of the following links for more information:
 
@@ -143,9 +146,9 @@ The App-V 5.0 management server database supports deployments to computers runni
 
 [Planning to Deploy App-V](planning-to-deploy-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
index f6b15844ca..c3e0e18888 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for High Availability with App-V 5.1
 description: Planning for High Availability with App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1f190a0e-10ee-4fbe-a602-7e807e943033
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ Review the following for more information about configuring IIS and Network Load
     **Note**  
     The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
-     
+     
 
 ## Support for clustered file servers when running (SCS) mode
 
@@ -108,7 +111,7 @@ Use the following steps to modify the connection string to include **failover pa
 **Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+ 
 
 1.  Login to the management server and open **regedit**.
 
@@ -121,7 +124,7 @@ This topic describes how to change the Windows registry by using Registry Editor
     **Note**  
     Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available with Microsoft SQL Server 2012.
 
-     
+     
 
 Click any of the following links for more information:
 
@@ -148,9 +151,9 @@ The App-V 5.1 management server database supports deployments to computers runni
 
 [Planning to Deploy App-V](planning-to-deploy-app-v51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md
index 054ef35b28..0413cff809 100644
--- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md
+++ b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Migrating from a Previous Version of App-V
 description: Planning for Migrating from a Previous Version of App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d4ca8f09-86fd-456f-8ec2-242ff94ae9a0
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -66,7 +69,7 @@ The following table shows the supported App-V coexistence scenarios. We recommen
 
 
 
- 
+ 
 
 ### Requirements for running coexisting clients
 
@@ -94,16 +97,16 @@ The following table provides link to the TechNet documentation about the release
 
 
 
            App-V 4.6 SP3
            
-
            [About Microsoft Application Virtualization 4.6 SP3](https://technet.microsoft.com/library/dn511019.aspx)
            
+
            About Microsoft Application Virtualization 4.6 SP3
            
 
 
 
            App-V 5.0 SP3
            
-
            [About Microsoft Application Virtualization 5.0 SP3](about-app-v-50-sp3.md)
            
+
            About Microsoft Application Virtualization 5.0 SP3
            
 
 
 
 
- 
+ 
 
 For more information about how to configure App-V 5.0 client coexistence, see:
 
@@ -132,9 +135,9 @@ For more information about using the package converter to convert a package, see
 
 [Planning to Deploy App-V](planning-to-deploy-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md
index 231df856fe..a895f50b35 100644
--- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md
+++ b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Migrating from a Previous Version of App-V
 description: Planning for Migrating from a Previous Version of App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4a058047-9674-41bc-8050-c58c97a80a9b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -66,7 +69,7 @@ The following table shows the supported App-V coexistence scenarios. We recommen
 
 
 
- 
+ 
 
 ### Requirements for running coexisting clients
 
@@ -79,7 +82,7 @@ To run coexisting clients, you must:
 **Note**  
 App-V 5.1 packages can run side by side with App-V 4.6 packages if you have coexisting installations of App-V 5.1 and 4.6. However, App-V 5.1 packages cannot interact with App-V 4.6 packages in the same virtual environment.
 
- 
+ 
 
 ### Client downloads and documentation
 
@@ -99,16 +102,16 @@ The following table provides links to the App-V 4.6 client downloads and to the
 
 
 
            App-V 4.6 SP3
            
-
            [About Microsoft Application Virtualization 4.6 SP3](https://technet.microsoft.com/library/dn511019.aspx)
            
+
            About Microsoft Application Virtualization 4.6 SP3
            
 
 
 
            App-V 4.6 SP3
            
-
            [About Microsoft Application Virtualization 5.1](about-app-v-51.md)
            
+
            About Microsoft Application Virtualization 5.1
            
 
 
 
 
- 
+ 
 
 For more information about how to configure App-V 5.1 client coexistence, see:
 
@@ -137,9 +140,9 @@ For more information about using the package converter to convert a package, see
 
 [Planning to Deploy App-V](planning-to-deploy-app-v51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md b/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md
index 04f45a5dbf..d27170ec67 100644
--- a/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md
+++ b/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for the App-V 5.0 Sequencer and Client Deployment
 description: Planning for the App-V 5.0 Sequencer and Client Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 57a604ad-90e1-4d32-86bb-eafff59aa43a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ App-V 5.0 uses a process called sequencing to create virtualized applications an
 **Note**  
 For information about the new functionality of App-V 5.0 sequencer, see the **Changes to the sequencer** section of [What's New in App-V 5.0](whats-new-in-app-v-50.md).
 
- 
+ 
 
 The computer that runs the App-V 5.0 sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
 
@@ -39,7 +42,7 @@ Ideally, you should install the sequencer on a computer running as a virtual mac
 **Important**  
 You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
 
- 
+ 
 
 [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md)
 
@@ -94,9 +97,9 @@ The following list displays some of the benefits of using the App-V 5.0 shared c
 
 [Planning to Deploy App-V](planning-to-deploy-app-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md b/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md
index 9099adcfe8..a86ccf90cc 100644
--- a/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md
+++ b/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for the App-V 5.0 Server Deployment
 description: Planning for the App-V 5.0 Server Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fd89b324-3961-471a-ad90-c8f9ae7a8155
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -51,7 +54,7 @@ The App-V 5.0 Management Server contains the repository of packages and their as
 **Note**  
 The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
 
- 
+ 
 
 ## Server-Related Protocols and External Features
 
@@ -94,7 +97,7 @@ The following displays information about server-related protocols used by the Ap
 
 
 
- 
+ 
 
 
 
@@ -108,9 +111,9 @@ The following displays information about server-related protocols used by the Ap
 
 [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md b/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md
index c99f940821..03e04d5ec3 100644
--- a/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md
+++ b/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for the App-V 5.1 Sequencer and Client Deployment
 description: Planning for the App-V 5.1 Sequencer and Client Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d92f8773-fa7d-4926-978a-433978f91202
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ App-V 5.1 uses a process called sequencing to create virtualized applications an
 **Note**  
 For information about the new functionality of App-V 5.1 sequencer, see the **Sequencer Improvements** section of [About App-V 5.1](about-app-v-51.md).
 
- 
+ 
 
 The computer that runs the App-V 5.1 sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).
 
@@ -39,7 +42,7 @@ Ideally, you should install the sequencer on a computer running as a virtual mac
 **Important**  
 You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
 
- 
+ 
 
 ## Planning for App-V 5.1 client deployment
 
@@ -97,9 +100,9 @@ The following list displays some of the benefits of using the App-V 5.1 shared c
 
 [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md b/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md
index 89bcb718f8..7d2ec754d2 100644
--- a/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md
+++ b/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for the App-V 5.1 Server Deployment
 description: Planning for the App-V 5.1 Server Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: eedd97c9-bee0-4749-9d1e-ab9528fba398
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -51,7 +54,7 @@ The App-V 5.1 Management Server contains the repository of packages and their as
 **Note**  
 The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
 
- 
+ 
 
 ## Server-Related Protocols and External Features
 
@@ -94,7 +97,7 @@ The following displays information about server-related protocols used by the Ap
 
 
 
- 
+ 
 
 
 
@@ -108,9 +111,9 @@ The following displays information about server-related protocols used by the Ap
 
 [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office.md b/mdop/appv-v5/planning-for-using-app-v-with-office.md
index e294521ae9..76440328d4 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Using App-V with Office
 description: Planning for Using App-V with Office
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c4371869-4bfc-4d13-9198-ef19f99fc192
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +35,7 @@ You can use the App-V 5.0 Sequencer to create plug-in packages for Language Pack
 **Note**  
 Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
 
- 
+ 
 
 ## Supported versions of Microsoft Office
 
@@ -102,7 +105,7 @@ The following table lists the versions of Microsoft Office that App-V supports,
 
 
 
- 
+ 
 
 ## Planning for using App-V with coexisting versions of Office
 
@@ -129,16 +132,16 @@ Before implementing Office coexistence, review the following Office documentatio
 
 
 
            Office 2013
            
-
            [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](https://support.microsoft.com/kb/2784668)
            
+
            Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office
            
 
 
 
            Office 2010
            
-
            [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](https://support.microsoft.com/kb/2121447)
            
+
            Information about how to use Office 2010 suites and programs on a computer that is running another version of Office
            
 
 
 
 
- 
+ 
 
 The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
 
@@ -149,7 +152,7 @@ The following tables summarize the supported coexistence scenarios. They are org
 **Note**  
 Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
 
- 
+ 
 
 ### Windows integrations & Office coexistence
 
@@ -182,7 +185,7 @@ The Windows Installer-based and Click-to-Run Office installation methods integra
 
 
 
- 
+ 
 
 Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
 
@@ -293,7 +296,7 @@ The Office 2013 App-V package supports the following integration points with the
 
 
 
            Active X Controls:
            
-
            For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).
            
+
            For more information on ActiveX controls, refer to ActiveX Control API Reference.
            
 
 
 
               Groove.SiteClient
            
@@ -378,16 +381,16 @@ The Office 2013 App-V package supports the following integration points with the
 
 
 
- 
+ 
 
 
 
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
index 7dc75eda7b..cb8f378a54 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Using App-V with Office
 description: Planning for Using App-V with Office
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e7a19b43-1746-469f-bad6-8e75cf4b3f67
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,14 +35,14 @@ You can use the App-V 5.1 Sequencer to create plug-in packages for Language Pack
 >**Note**  
 Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
 
- 
+ 
 
 ## Supported versions of Microsoft Office
 
 See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
 >**Note**  You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
 
- 
+ 
 
 ## Planning for using App-V with coexisting versions of Office
 
@@ -66,16 +69,16 @@ Before implementing Office coexistence, review the following Office documentatio
 
 
 
            Office 2013
            
-
            [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](https://support.microsoft.com/kb/2784668)
            
+
            Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office
            
 
 
 
            Office 2010
            
-
            [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](https://support.microsoft.com/kb/2121447)
            
+
            Information about how to use Office 2010 suites and programs on a computer that is running another version of Office
            
 
 
 
 
- 
+ 
 
 The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
 
@@ -86,7 +89,7 @@ The following tables summarize the supported coexistence scenarios. They are org
 >**Note**  
 Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
 
- 
+ 
 
 ### Windows integrations & Office coexistence
 
@@ -119,7 +122,7 @@ The Windows Installer-based and Click-to-Run Office installation methods integra
 
 
 
- 
+ 
 
 Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
 
@@ -230,7 +233,7 @@ The Office 2013 App-V package supports the following integration points with the
 
 
 
            Active X Controls:
            
-
            For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).
            
+
            For more information on ActiveX controls, refer to ActiveX Control API Reference.
            
 
 
 
               Groove.SiteClient
            
@@ -315,16 +318,16 @@ The Office 2013 App-V package supports the following integration points with the
 
 
 
- 
+ 
 
 
 
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
index 094d3b8da9..4b5ea563cd 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy App-V 5.0 with an Electronic Software Distribution System
 description: Planning to Deploy App-V 5.0 with an Electronic Software Distribution System
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8cd3f1fb-b84e-4260-9e72-a14d01e7cadf
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
index 4379f770b5..4a91a19040 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy App-V 5.1 with an Electronic Software Distribution System
 description: Planning to Deploy App-V 5.1 with an Electronic Software Distribution System
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c26602c2-5e8d-44e6-90df-adacc593607e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-to-deploy-app-v.md b/mdop/appv-v5/planning-to-deploy-app-v.md
index af61d99dc7..832c964236 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy App-V
 description: Planning to Deploy App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 28d3035c-3805-4339-90fc-6c3fd3b1123e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-to-deploy-app-v51.md b/mdop/appv-v5/planning-to-deploy-app-v51.md
index 08f3e2b722..55b4441b42 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v51.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy App-V
 description: Planning to Deploy App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 39cbf981-d9c6-457f-b047-f9046e1a6442
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md
index 965c5d7d71..e5be2f3b21 100644
--- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md
+++ b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Use Folder Redirection with App-V
 description: Planning to Use Folder Redirection with App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2a4deeed-fdc0-465c-b88a-3a2fbbf27436
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,11 +48,11 @@ This topic contains the following sections:
 
              
 
            • Files under %appdata%\Microsoft\AppV\Client\Catalog
              • 
 
            • Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
              
-
              For more detail, see [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
              • 
+
              For more detail, see Application Publishing and Client Interaction.
              
 
            
 
          • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:
            
 
              
-
            • %AppData% is configured to the desired network location (with or without [Offline Files](https://technet.microsoft.com/library/cc780552.aspx) support).
              • 
+
            • %AppData% is configured to the desired network location (with or without Offline Files support).
              • 
 
            • %LocalAppData% is configured to the desired local folder.
              • 
 
            • 
 
          
@@ -82,13 +85,13 @@ This topic contains the following sections:
 
 
 
-
           
          
+
           
          
 
        
 
 
 
 
- 
+
 
 ## How to configure folder redirection for use with App-V
 
@@ -123,23 +126,22 @@ The following table describes how folder redirection works when %AppData% is red
 
      • Entries to the AppData folder are made using the user context, not the system context.
        • 
 
      
 
      
-Note  
-
      The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See [Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md#bkmk-folderredirection).
      
+Note
      The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See Release Notes for App-V 5.0 SP2.
      
 
      
 
      
- 
+
 
      
 
 
 
      When the virtual environment shuts down
      
 
      The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:
      
-
      HKCU\Software\Microsoft\AppV\Client\Packages\<PACKAGE_GUID>\AppDataTime
      
+
      HKCU\Software\Microsoft\AppV\Client\Packages&lt;PACKAGE_GUID>\AppDataTime
      
 
      To provide redundancy, App-V 5.0 keeps the three most recent copies of the compressed data under %AppData%.
      
 
 
 
 
- 
+
 
 ## Overview of folder redirection
 
@@ -165,25 +167,25 @@ The following table describes how folder redirection works when %AppData% is red
 
 
 
      Usage example
      
-
      You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.
      
+
      You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.
      
 
 
 
      More resources
      
-
      [Folder redirection overview](https://technet.microsoft.com/library/cc778976.aspx)
      
+
      Folder redirection overview
      
 
 
 
 
- 
 
 
 
 
 
 
- 
-
- 
+
+
+
+
 
 
 
diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md
index 1da6047c3f..b64d421000 100644
--- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md
+++ b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Use Folder Redirection with App-V
 description: Planning to Use Folder Redirection with App-V
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6bea9a8f-a915-4d7d-be67-ef1cca1398ed
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,11 +48,11 @@ This topic contains the following sections:
 
        
 
      • Files under %appdata%\Microsoft\AppV\Client\Catalog
        • 
 
      • Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
        
-
        For more detail, see [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
        • 
+
        For more detail, see Application Publishing and Client Interaction.
        
 
      
 
    • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:
      
 
        
-
      • %AppData% is configured to the desired network location (with or without [Offline Files](https://technet.microsoft.com/library/cc780552.aspx) support).
        • 
+
      • %AppData% is configured to the desired network location (with or without Offline Files support).
        • 
 
      • %LocalAppData% is configured to the desired local folder.
        • 
 
      • 
 
    
@@ -82,13 +85,13 @@ This topic contains the following sections:
 
 
 
-
     
    
+
     
    
 
 
 
 
 
- 
+
 
 ## How to configure folder redirection for use with App-V
 
@@ -123,23 +126,22 @@ The following table describes how folder redirection works when %AppData% is red
 
  • Entries to the AppData folder are made using the user context, not the system context.
    • 
 
 
    
-Note  
-
    The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See [Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md#bkmk-folderredirection).
    
+Note
    The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See Release Notes for App-V 5.0 SP2.
    
 
    
 
    
- 
+
 
    
 
 
 
    When the virtual environment shuts down
    
 
    The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:
    
-
    HKCU\Software\Microsoft\AppV\Client\Packages\<PACKAGE_GUID>\AppDataTime
    
+
    HKCU\Software\Microsoft\AppV\Client\Packages&lt;PACKAGE_GUID>\AppDataTime
    
 
    To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.
    
 
 
 
 
- 
+
 
 ## Overview of folder redirection
 
@@ -165,25 +167,25 @@ The following table describes how folder redirection works when %AppData% is red
 
 
 
    Usage example
    
-
    You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.
    
+
    You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.
    
 
 
 
    More resources
    
-
    [Folder redirection overview](https://technet.microsoft.com/library/cc778976.aspx)
    
+
    Folder redirection overview
    
 
 
 
 
- 
 
 
 
 
 
 
- 
-
- 
+
+
+
+
 
 
 
diff --git a/mdop/appv-v5/preparing-your-environment-for-app-v-50.md b/mdop/appv-v5/preparing-your-environment-for-app-v-50.md
index 3bc788d92f..f20ba14b11 100644
--- a/mdop/appv-v5/preparing-your-environment-for-app-v-50.md
+++ b/mdop/appv-v5/preparing-your-environment-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing Your Environment for App-V 5.0
 description: Preparing Your Environment for App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 119d990e-a6c6-47b7-a7b0-52f88205e5ec
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/preparing-your-environment-for-app-v-51.md b/mdop/appv-v5/preparing-your-environment-for-app-v-51.md
index b72ed1d762..3cef8f78e3 100644
--- a/mdop/appv-v5/preparing-your-environment-for-app-v-51.md
+++ b/mdop/appv-v5/preparing-your-environment-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing Your Environment for App-V 5.1
 description: Preparing Your Environment for App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 64b2e1ac-1561-4c99-9815-b4688a0ff48a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
index 6074975fb7..2437a3abaa 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for App-V 5.0 SP1
 description: Release Notes for App-V 5.0 SP1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 21a859cd-41b4-4cc4-9c9c-7ba236084bb0
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ We are interested in your feedback on App-V 5.0. You can send your feedback to <
 **Note**  
 This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases.
 
- 
+ 
 
 For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
@@ -61,9 +64,9 @@ Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Win
 
 [About App-V 5.0](about-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
index c5b1e8f26c..5f24db040f 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for App-V 5.0 SP2
 description: Release Notes for App-V 5.0 SP2
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fe73139d-240c-4ed5-8e59-6ae76ee8e80c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ We are interested in your feedback on App-V 5.0. You can send your feedback to <
 **Note**  
 This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases.
 
- 
+ 
 
 For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
@@ -55,7 +58,7 @@ If the following folder exists, then you must delete it:
 **Note**  
 You must have elevated privileges to delete this folder.
 
- 
+ 
 
 To use a script, for each user account on the computer and for each package id that was published after installing Hotfix Package 4 for Application Virtualization 5.0 SP2:
 
@@ -157,9 +160,9 @@ Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Win
 
 [About App-V 5.0 SP2](about-app-v-50-sp2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md b/mdop/appv-v5/release-notes-for-app-v-50-sp3.md
index 10f588bb25..a00754bd10 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp3.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for App-V 5.0 SP3
 description: Release Notes for App-V 5.0 SP3
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bc4806e0-2aba-4c7b-9ecc-1b2cc54af1d0
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/release-notes-for-app-v-50.md b/mdop/appv-v5/release-notes-for-app-v-50.md
index 53b1e5ba8b..4e86811e9d 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for App-V 5.0
 description: Release Notes for App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 68a6a5a1-4b3c-4c09-b00c-9ca4237695d5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ We are interested in your feedback on App-V 5.0. You can send your feedback to <
 **Note**  
 This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases.
 
- 
+ 
 
 For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
@@ -73,9 +76,9 @@ Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Win
 
 [About App-V 5.0](about-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-51.md b/mdop/appv-v5/release-notes-for-app-v-51.md
index e74981af10..f6c42f34ad 100644
--- a/mdop/appv-v5/release-notes-for-app-v-51.md
+++ b/mdop/appv-v5/release-notes-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for App-V 5.1
 description: Release Notes for App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 62c5be3b-0a46-4512-93ed-97c23184f343
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -128,7 +131,7 @@ The Permissions.sql script should be updated according to **Step 2** in [KB arti
 **Important**  
 **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
 
- 
+ 
 
 ## Microsoft Visual Studio 2012 not supported
 
@@ -176,7 +179,7 @@ Occassionally when mounting a package, a "File Not Found" (0x80070002) error is
 
 Default
 5
    
-**Note**: this value is the default if the registry key is not defined or a value <=5 is specified.
+Note: this value is the default if the registry key is not defined or a value <=5 is specified.
 
 
 
@@ -192,9 +195,9 @@ Occassionally when mounting a package, a "File Not Found" (0x80070002) error is
 
 [About App-V 5.1](about-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md
index 09f1efd097..8fb9c2b17a 100644
--- a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md
+++ b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md
@@ -1,8 +1,11 @@
 ---
 title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a8affa46-f1f7-416c-8125-9595cfbfdbc7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -64,7 +67,7 @@ There is no Group Policy setting available to manage this registry key, so you h
 
 
 
- 
+ 
 
 ### Steps to create the subkey
 
@@ -109,7 +112,7 @@ There is no Group Policy setting available to manage this registry key, so you h
     
     
 
-     
+     
 
 2.  Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore.
 
@@ -138,7 +141,7 @@ Use the following example syntax, and substitute the name of your package for **
 
 `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe`
 
-If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*.
 
 ## Command line switch /appvpid:<PID>
 
@@ -168,7 +171,7 @@ To get the package GUID and version GUID of your application, run the **Get-Appv
 
 -   Version ID of the desired package
 
-If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*.
 
 This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
 
@@ -182,9 +185,9 @@ This method lets you launch any command within the context of an App-V package,
 
 [Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md
index 2dfb9a76cf..147684b66e 100644
--- a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md
+++ b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md
@@ -1,8 +1,11 @@
 ---
 title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 71baf193-a9e8-4ffa-aa7f-e0bffed2e4b2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -64,7 +67,7 @@ There is no Group Policy setting available to manage this registry key, so you h
 
 
 
- 
+ 
 
 ### Steps to create the subkey
 
@@ -109,7 +112,7 @@ There is no Group Policy setting available to manage this registry key, so you h
     
     
 
-     
+     
 
 2.  Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore.
 
@@ -138,7 +141,7 @@ Use the following example syntax, and substitute the name of your package for **
 
 `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe`
 
-If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*.
 
 ## Command line switch /appvpid:<PID>
 
@@ -168,7 +171,7 @@ To get the package GUID and version GUID of your application, run the **Get-Appv
 
 -   Version ID of the desired package
 
-If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*.
 
 This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
 
@@ -182,9 +185,9 @@ This method lets you launch any command within the context of an App-V package,
 
 [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/appv-v5/technical-reference-for-app-v-50.md b/mdop/appv-v5/technical-reference-for-app-v-50.md
index 0d8c094017..27f47f513c 100644
--- a/mdop/appv-v5/technical-reference-for-app-v-50.md
+++ b/mdop/appv-v5/technical-reference-for-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for App-V 5.0
 description: Technical Reference for App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: aa899158-41e8-47d3-882c-8c5b96018308
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/technical-reference-for-app-v-51.md b/mdop/appv-v5/technical-reference-for-app-v-51.md
index 54e325ba1a..7920671469 100644
--- a/mdop/appv-v5/technical-reference-for-app-v-51.md
+++ b/mdop/appv-v5/technical-reference-for-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for App-V 5.1
 description: Technical Reference for App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2b9e8b2b-4cd1-46f3-ba08-e3bc8d5c6127
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/troubleshooting-app-v-50.md b/mdop/appv-v5/troubleshooting-app-v-50.md
index 6e168ec818..4ec64fd490 100644
--- a/mdop/appv-v5/troubleshooting-app-v-50.md
+++ b/mdop/appv-v5/troubleshooting-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting App-V 5.0
 description: Troubleshooting App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a713b345-25b7-4cdf-ba55-66df672a1f3a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/troubleshooting-app-v-51.md b/mdop/appv-v5/troubleshooting-app-v-51.md
index 98f87e4069..f9c03ad8f8 100644
--- a/mdop/appv-v5/troubleshooting-app-v-51.md
+++ b/mdop/appv-v5/troubleshooting-app-v-51.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting App-V 5.1
 description: Troubleshooting App-V 5.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 435d0e56-0aa2-4168-b5a7-2f03a1f273d4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/using-the-app-v-50-client-management-console.md b/mdop/appv-v5/using-the-app-v-50-client-management-console.md
index 5895a83355..bc2bbc0a7d 100644
--- a/mdop/appv-v5/using-the-app-v-50-client-management-console.md
+++ b/mdop/appv-v5/using-the-app-v-50-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Using the App-V 5.0 Client Management Console
 description: Using the App-V 5.0 Client Management Console
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 36398307-57dd-40f3-9d4f-b09f44fd37c3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/using-the-app-v-51-client-management-console.md b/mdop/appv-v5/using-the-app-v-51-client-management-console.md
index a7c2241534..ec85b78997 100644
--- a/mdop/appv-v5/using-the-app-v-51-client-management-console.md
+++ b/mdop/appv-v5/using-the-app-v-51-client-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: Using the App-V 5.1 Client Management Console
 description: Using the App-V 5.1 Client Management Console
-author: jamiejdt
+author: msfttracyp
 ms.assetid: be6d4e35-5701-4f9a-ba8a-bede12662cf1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md b/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md
index 512ce4468b..ab6061698c 100644
--- a/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md
+++ b/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing App-V Server Publishing Metadata
 description: Viewing App-V Server Publishing Metadata
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 048dd42a-24d4-4cc4-81f6-7a919aadd9b2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ In App-V 5.0 SP3, you must provide the following values in the address when you
 
 
 
- 
+
 
 ## Query syntax for viewing publishing metadata
 
@@ -111,9 +114,9 @@ The following table provides the syntax and query examples.
 
 
 
-
     
    
+
     
    
 
    To get the name of the Publishing server and the port number (http://<PubServer>:<Publishing Port#>) from the App-V Client, look at the URL configuration of the Get-AppvPublishingServer PowerShell cmdlet.
    
-
    http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64
    
+
    http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64
    
 
    In the example:
    
 
      
 
    • A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.
      • 
@@ -124,20 +127,19 @@ The following table provides the syntax and query examples.
 
      App-V 5.0 through App-V 5.0 SP2
      
 
      http://<PubServer>:<Publishing Port#>/ 
      
 
      
-Note  
-
      ClientVersion and ClientOS are supported only in App-V 5.0 SP3.
      
+Note
      ClientVersion and ClientOS are supported only in App-V 5.0 SP3.
      
 
      
 
      
- 
+
 
      
 
      See the information for App-V 5.0 SP3.
      
-
      http://pubsvr01:2718
      
+
      http://pubsvr01:2718
      
 
      In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.
      
 
 
 
 
- 
+
 
 ## Query values for client operating system and version
 
@@ -221,7 +223,7 @@ In your publishing metadata query, enter the string values that correspond to th
 
 
 
- 
+
 
 ## Definition of publishing metadata
 
@@ -246,9 +248,9 @@ You can view the metadata for each request in an Internet browser by using a que
 
 [Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md b/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md
index f1506ca3e6..9d1b578f94 100644
--- a/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md
+++ b/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing App-V Server Publishing Metadata
 description: Viewing App-V Server Publishing Metadata
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d5fa9eb5-647c-478d-8a4d-0ecda018bce6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -55,7 +58,7 @@ In App-V 5.1, you must provide the following values in the address when you quer
 
 
 
- 
+
 
 ## Query syntax for viewing publishing metadata
 
@@ -111,9 +114,9 @@ The following table provides the syntax and query examples.
 
 
 
-
       
      
+
       
      
 
      To get the name of the Publishing server and the port number (http://<PubServer>:<Publishing Port#>) from the App-V Client, look at the URL configuration of the Get-AppvPublishingServer PowerShell cmdlet.
      
-
      http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64
      
+
      http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64
      
 
      In the example:
      
 
        
 
      • A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.
        • 
@@ -124,20 +127,19 @@ The following table provides the syntax and query examples.
 
        App-V 5.0 through App-V 5.0 SP2
        
 
        http://<PubServer>:<Publishing Port#>/ 
        
 
        
-Note  
-
        ClientVersion and ClientOS are supported only in App-V 5.0 SP3 and App-V 5.1.
        
+Note
        ClientVersion and ClientOS are supported only in App-V 5.0 SP3 and App-V 5.1.
        
 
        
 
        
- 
+
 
        
 
        See the information for App-V 5.0 SP3 and App-V 5.1.
        
-
        http://pubsvr01:2718
        
+
        http://pubsvr01:2718
        
 
        In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.
        
 
 
 
 
- 
+
 
 ## Query values for client operating system and version
 
@@ -231,7 +233,7 @@ In your publishing metadata query, enter the string values that correspond to th
 
 
 
- 
+
 
 ## Definition of publishing metadata
 
@@ -256,9 +258,9 @@ You can view the metadata for each request in an Internet browser by using a que
 
 [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/appv-v5/whats-new-in-app-v-50-sp1.md b/mdop/appv-v5/whats-new-in-app-v-50-sp1.md
index d2f510a0eb..01777e0e36 100644
--- a/mdop/appv-v5/whats-new-in-app-v-50-sp1.md
+++ b/mdop/appv-v5/whats-new-in-app-v-50-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: What's new in App-V 5.0 SP1
 description: What's new in App-V 5.0 SP1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e97c2dbb-7b40-46a0-8137-9ee4fc2bd071
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/appv-v5/whats-new-in-app-v-50.md b/mdop/appv-v5/whats-new-in-app-v-50.md
index 6b82f04ffb..6f816996a0 100644
--- a/mdop/appv-v5/whats-new-in-app-v-50.md
+++ b/mdop/appv-v5/whats-new-in-app-v-50.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in App-V 5.0
 description: What's New in App-V 5.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 79ff6e02-e926-4803-87d8-248a6b28099d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -107,13 +110,13 @@ The following table displays information about what has changed with the App-V 5
 
        If no stream optimization is performed, packages are stream faulted when they are requested by computers running the App-V 5.0 client until they can launch.
        
 
 
-
        Q:\
        
-
        App-V 5.0 uses the native file system and no longer requires a Q:\.
        
+
        Q:</p>
+
        App-V 5.0 uses the native file system and no longer requires a Q:.
        
 
 
 
 
- 
+ 
 
 ## Sequencing error detection
 
@@ -161,9 +164,9 @@ There is no file or application cache available with App-V 5.0.
 
 [About App-V 5.0](about-app-v-50.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/about-dart-10.md b/mdop/dart-v10/about-dart-10.md
index 009bacab2e..ad6c4560a0 100644
--- a/mdop/dart-v10/about-dart-10.md
+++ b/mdop/dart-v10/about-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: About DaRT 10
 description: About DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 02378035-58d1-4095-82fe-d60734a746fb
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -26,7 +29,7 @@ DaRT 10 includes the following enhancements and changes as described in this top
     **Note**  
     For earlier versions of the Windows operating systems, continue to use the earlier versions of DaRT.
 
-     
+     
 
 -   **Windows Defender**
 
@@ -42,7 +45,7 @@ DaRT 10 includes the following enhancements and changes as described in this top
     **Note**  
     Windows ADK 10.0 is not required if you are installing only Remote Connection Viewer or Crash Analyzer.
 
-     
+     
 
 -   **Windows 10 Debugging Tools**
 
@@ -85,9 +88,9 @@ DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is par
 
 [Release Notes for DaRT 10](release-notes-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/accessibility-for-dart-10.md b/mdop/dart-v10/accessibility-for-dart-10.md
index 448fd5f04f..7414466c4f 100644
--- a/mdop/dart-v10/accessibility-for-dart-10.md
+++ b/mdop/dart-v10/accessibility-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for DaRT 10
 description: Accessibility for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 61d7a30c-3551-440d-bdcd-36333052c7b4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in alternative formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
        (609) 987-8116
        
 
 
-
        [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
        
+
        http://www.learningally.org/
        
 
        Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
        
 
 
 
 
- 
+ 
 
 ## Customer service for people with hearing impairments
 
@@ -93,9 +96,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with DaRT 10](getting-started-with-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/administering-dart-10-using-powershell.md b/mdop/dart-v10/administering-dart-10-using-powershell.md
index ba22bf1a11..fb6f1d06b6 100644
--- a/mdop/dart-v10/administering-dart-10-using-powershell.md
+++ b/mdop/dart-v10/administering-dart-10-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Administering DaRT 10 Using PowerShell
 description: Administering DaRT 10 Using PowerShell
-author: jamiejdt
+author: msfttracyp
 ms.assetid: eefe992f-077b-4e4b-8a5d-45b451614d7b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/creating-the-dart-10-recovery-image.md b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
index d52b0749fb..3f47366774 100644
--- a/mdop/dart-v10/creating-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
@@ -1,8 +1,11 @@
 ---
 title: Creating the DaRT 10 Recovery Image
 description: Creating the DaRT 10 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 173556de-2f20-4ea6-9e29-fc5ccc71ebd7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -89,7 +92,7 @@ On the Drivers tab of the Advanced Options page, you can add additional device d
 **Important**  
 When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT.
 
- 
+ 
 
 **To add drivers to the recovery image**
 
@@ -102,7 +105,7 @@ When you select drivers to include, be aware that wireless connectivity (such as
     **Note**  
     The driver file is provided by the manufacturer of the storage or network controller.
 
-     
+     
 
 4.  Repeat Steps 2 and 3 for every driver that you want to include.
 
@@ -141,7 +144,7 @@ The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kit
 
 `%ProgramFilesX86%\Windows Kits\10.0\Debuggers\x86`
 
- 
+ 
 
 **To add the debugging tools for Crash Analyzer**
 
@@ -179,7 +182,7 @@ If you select the Edit Image check box on this page, you can customize the recov
     **Note**  
     The size of the image will vary, depending on the tools that you select and the files that you add in the wizard.
 
-     
+     
 
 2.  In the **Image name** box, enter a name for the DaRT recovery image, or accept the default name, which is DaRT10.
 
@@ -229,7 +232,7 @@ On the Create Bootable Media page, you can optionally copy the image file to a C
 **Note**  
 The Preboot execution environment (PXE) and local image deployment are not supported natively by this tool since they require additional enterprise tools, such as System Center Configuration Manager server and Microsoft Development Toolkit.
 
- 
+ 
 
 **To copy the recovery image to a CD, DVD, or USB**
 
@@ -240,7 +243,7 @@ The Preboot execution environment (PXE) and local image deployment are not suppo
     **Note**  
     If a drive is not recognized and you install a new drive, you can click **Refresh** to force the wizard to update the list of available drives.
 
-     
+     
 
 3.  Click the **Create Bootable Media** button.
 
@@ -253,9 +256,9 @@ The Preboot execution environment (PXE) and local image deployment are not suppo
 
 [Deploying DaRT 10](deploying-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/dart-10--c--page.md b/mdop/dart-v10/dart-10--c--page.md
index 32b6e4f24b..a0e3d60f0d 100644
--- a/mdop/dart-v10/dart-10--c--page.md
+++ b/mdop/dart-v10/dart-10--c--page.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10
 description: DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4f62abe6-d971-44b4-b1e7-9dcaf199ca31
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/dart-10-cover-page.md b/mdop/dart-v10/dart-10-cover-page.md
index 234835b57c..ab111cbe8e 100644
--- a/mdop/dart-v10/dart-10-cover-page.md
+++ b/mdop/dart-v10/dart-10-cover-page.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10
 description: DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 875f6dc4-13f4-4625-8c6a-38215c2daf01
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/dart-10-deployment-checklist.md b/mdop/dart-v10/dart-10-deployment-checklist.md
index fad8dd8688..3dfa45cfc5 100644
--- a/mdop/dart-v10/dart-10-deployment-checklist.md
+++ b/mdop/dart-v10/dart-10-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10 Deployment Checklist
 description: DaRT 10 Deployment Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a6b7ba27-a969-4da9-bef0-d019739413cc
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you during Microsoft Diagnostics and Recovery
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Decide on the best DaRT 10 deployment option for your requirements and deploy it.
        [Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md)
        Deploying DaRT 10 to Administrator Computers
        		
 
        
 
        
 Checklist box
 
        Use the DaRT Recovery Image wizard to create the DaRT recovery image ISO.
        [Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md)
        Creating the DaRT 10 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Decide on the best DaRT 10 recovery image deployment option for your requirements and deploy it.
        [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md)
        Deploying the DaRT Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying DaRT 10](deploying-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/dart-10-planning-checklist.md b/mdop/dart-v10/dart-10-planning-checklist.md
index a1c6877613..f7fc8ef40c 100644
--- a/mdop/dart-v10/dart-10-planning-checklist.md
+++ b/mdop/dart-v10/dart-10-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10 Planning Checklist
 description: DaRT 10 Planning Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d6482534-cdf3-4997-bec0-33d0edf6924a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Review the DaRT 10 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.
        [DaRT 10 Supported Configurations](dart-10-supported-configurations.md)
        DaRT 10 Supported Configurations
        		
 
        
 
        
 Checklist box
 
        Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.
        [Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md)
        Planning to Create the DaRT 10 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Determine which method, or methods, you will use to deploy the DaRT recovery image.
        [Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md)
        Planning How to Save and Deploy the DaRT 10 Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Planning for DaRT 10](planning-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/dart-10-privacy-statement.md b/mdop/dart-v10/dart-10-privacy-statement.md
index f6f0ede217..2b640d3109 100644
--- a/mdop/dart-v10/dart-10-privacy-statement.md
+++ b/mdop/dart-v10/dart-10-privacy-statement.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10 Privacy Statement
 description: DaRT 10 Privacy Statement
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 27ad36fe-6816-4fe8-8838-500c05b5b184
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/dart-10-supported-configurations.md b/mdop/dart-v10/dart-10-supported-configurations.md
index 993d899941..e700bfa7fa 100644
--- a/mdop/dart-v10/dart-10-supported-configurations.md
+++ b/mdop/dart-v10/dart-10-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 10 Supported Configurations
 description: DaRT 10 Supported Configurations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a07d6562-1fa9-499f-829c-9cc487ede0b7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -56,7 +59,7 @@ The following table lists the installation prerequisites for the administrator c
 
 
 
- 
+ 
 
 ### Help desk computer prerequisites
 
@@ -85,7 +88,7 @@ The following table lists the installation prerequisites for the help desk compu
 
 
 
- 
+ 
 
 ### End-user computer prerequisites
 
@@ -101,12 +104,12 @@ The following table lists the operating systems that are supported for the DaRT
 **Note**  
 Make sure that you allocate enough space for any additional tools that you want to install on the administrator computer.
 
- 
+ 
 
 **Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+ 
 
 @@ -147,7 +150,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 
        
 

 
        
 
- 
+ 
 
 ###  DaRT help desk computer system requirements
 
@@ -236,7 +239,7 @@ The following table lists the operating systems that are supported for the DaRT
 
 
 
- 
+ 
 
 DaRT also has the following minimum hardware requirements for the end-user computer:
 
@@ -287,16 +290,16 @@ The Diagnostics and Recovery Toolset window in DaRT 10 requires that the end-use
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
index 7897ed346a..0e84d83c2b 100644
--- a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
+++ b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 10 to Administrator Computers
 description: Deploying DaRT 10 to Administrator Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c1981cbe-10f8-41f6-8989-bcc9d57a2aa8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/deploying-dart-10.md b/mdop/dart-v10/deploying-dart-10.md
index 33031ba0bd..b2b9f2ace3 100644
--- a/mdop/dart-v10/deploying-dart-10.md
+++ b/mdop/dart-v10/deploying-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 10
 description: Deploying DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 92cf70fd-006f-4fdc-9fb3-78d9d223148d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md
index b4b30b9e06..6367ad326e 100644
--- a/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md
+++ b/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the DaRT Recovery Image
 description: Deploying the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2b859da6-e31a-4240-8868-93a754328cf2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ Extract the boot.wim file from the ISO image and deploy in the recovery partitio
 **Important**  
 The **DaRT Recovery Image Wizard** provides the option to burn the image to a CD, DVD or UFD, but the other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section.
 
- 
+ 
 
 ## Deploy the DaRT recovery image as part of a recovery partition
 
@@ -48,9 +51,9 @@ You can host the recovery image on a central network boot server, such as Window
 
 [Deploying DaRT 10](deploying-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md b/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md
index ad7d0e6dd6..0e168029e5 100644
--- a/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md
+++ b/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Diagnosing System Failures with Crash Analyzer
 description: Diagnosing System Failures with Crash Analyzer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7ebef49e-a294-4173-adb1-7e6994aa01ad
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md
index daca6358aa..634c9a9c74 100644
--- a/mdop/dart-v10/getting-started-with-dart-10.md
+++ b/mdop/dart-v10/getting-started-with-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with DaRT 10
 description: Getting Started with DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 593dd317-4fba-4d51-8a80-951590acede6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -16,11 +19,11 @@ ms.date: 08/30/2016
 
 Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. 
 
->[!NOTE]  
->A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
+>[!NOTE]
+> A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
 >
 >Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)
- 
+ 
 
 ## Getting started with DaRT 10
 
@@ -55,9 +58,9 @@ DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is par
 
 [Troubleshooting DaRT 10](troubleshooting-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md b/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md
index 56fa7d8505..166f07768a 100644
--- a/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md
+++ b/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change, Repair, or Remove DaRT 10
 description: How to Change, Repair, or Remove DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e7718c6f-06a1-48bb-b04b-1a0f659a0337
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/how-to-deploy-dart-10.md b/mdop/dart-v10/how-to-deploy-dart-10.md
index ede4cb677b..805de4c46d 100644
--- a/mdop/dart-v10/how-to-deploy-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy DaRT 10
 description: How to Deploy DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 13e8ba20-21c3-4870-94ed-6d3106d69f21
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following instructions explain how to deploy Microsoft Diagnostics and Recov
 **Important**  
 Before you install DaRT, see [DaRT 10 Supported Configurations](dart-10-supported-configurations.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 10.
 
- 
+ 
 
 You can install DaRT using one of two different configurations:
 
@@ -83,7 +86,7 @@ msiexec.exe /i MSDaRT.msi /l*v log.txt
 **Note**  
 You can add /qn or /qb to perform a silent installation.
 
- 
+ 
 
 **To validate the DaRT installation**
 
@@ -98,9 +101,9 @@ You can add /qn or /qb to perform a silent installation.
 
 [Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
index 880b638ebc..16d8853966 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as a Remote Partition
 description: How to Deploy the DaRT Recovery Image as a Remote Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 06a5e250-b992-4f6a-ad74-e7715f9e96e7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
         **Note**  
         If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image.
 
-         
+         
 
 2.  Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise.
 
@@ -44,9 +47,9 @@ For more information about how to deploy DaRT as a remote partition, see [Walkth
 
 [Planning for DaRT 10](planning-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
index 06c53b218f..4fa7467fc0 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
 description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0d2192c1-4058-49fb-b0b6-baf4699ac7f5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -31,7 +34,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
         **Note**  
         If you burned a CD, DVD, or USB of the recovery image, you can open the files on the removable media and copy the boot.wim file from the \\sources folder. If you copy boot.wim file, you don’t need to mount the image.
 
-         
+         
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
@@ -50,9 +53,9 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 [Planning for DaRT 10](planning-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md b/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md
index 18cda6691b..3eeda04d28 100644
--- a/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md
+++ b/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Ensure that Crash Analyzer Can Access Symbol Files
 description: How to Ensure that Crash Analyzer Can Access Symbol Files
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 39e307bd-5d21-4e44-bed6-bf532f580775
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md b/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md
index 71fc3577c2..6fda5d22e9 100644
--- a/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md
+++ b/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Perform DaRT Tasks by Using PowerShell Commands
 description: How to Perform DaRT Tasks by Using PowerShell Commands
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f5a5c5f9-d667-4c85-9e82-7baf0b2aec6e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md
index 5ee106b2af..688b37b172 100644
--- a/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md
+++ b/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Local Computers by Using the DaRT Recovery Image
 description: How to Recover Local Computers by Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a6adc717-827c-45e8-b9c3-06d0e919e0bd
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -36,18 +39,20 @@ Use these instructions to recover a computer when you are physically present at
 
 6.  Select the installation that you want to repair or diagnose, and then click **Next**.
 
-    **Note**  
+    **Note**  
     If the Windows Recovery Environment (WinRE) detects or suspects that Windows 10 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically.
 
-     
 
-    If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-7.  On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-    The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
+7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+
+   The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
 
 You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides.
 
@@ -55,41 +60,40 @@ For general information about any of the DaRT tools, see [Overview of the Tools
 
 **How to run DaRT at the command prompt**
 
--   To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters:
+- To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters:
+
+  
+  +  +  +  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
        



        Parameter
        Description
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages that ask the end user to specify whether to initialize the network and remap the drives.
        
+  
        
+  Warning
        The end user’s response to the prompt overrides the –network and –remount switches.
        
+  
        
+  
        
+
+  
        
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        Parameter
        Description
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages that ask the end user to specify whether to initialize the network and remap the drives.
        
-    
        
-    Warning  
-    
        The end user’s response to the prompt overrides the –network and –remount switches.
        
-    
        
-    
        
-     
-    
        
 
-     
 
 ## Related topics
 
@@ -98,9 +102,9 @@ For general information about any of the DaRT tools, see [Overview of the Tools
 
 [Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
index 9ced74cb37..1b7f39a897 100644
--- a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
+++ b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Remote Computers by Using the DaRT Recovery Image
 description: How to Recover Remote Computers by Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c0062208-39cd-4e01-adf8-36a11386e2ea
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -32,113 +35,116 @@ If you disabled the DaRT tools when you created the recovery image, you still ha
 
     Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user.
 
-    **Note**  
+    **Note**  
     Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
-     
 
-    As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears.
 
-2.  When you are asked whether you want to initialize network services, select one of the following:
+~~~
+As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears.
+~~~
 
-    **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
+2. When you are asked whether you want to initialize network services, select one of the following:
 
-    **No** - skip the network initialization process.
+   **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
 
-3.  Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
+   **No** - skip the network initialization process.
 
-4.  On the **System Recovery Options** dialog box, select a keyboard layout.
+3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
 
-5.  Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver.
+4. On the **System Recovery Options** dialog box, select a keyboard layout.
 
-6.  Select the installation that you want to repair or diagnose, and then click **Next**.
+5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver.
 
-    **Note**  
-    If the Windows Recovery Environment (WinRE) detects or suspects that Windows 10 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 10](troubleshooting-dart-10.md).
+6. Select the installation that you want to repair or diagnose, and then click **Next**.
 
-     
+   **Note**  
+   If the Windows Recovery Environment (WinRE) detects or suspects that Windows 10 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 10](troubleshooting-dart-10.md).
 
-    If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
 
-7.  On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-8.  On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-    The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
+7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**.
 
-9.  On the help desk computer, open the **DaRT Remote Connection Viewer**.
+8. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
+
+   The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
+
+9. On the help desk computer, open the **DaRT Remote Connection Viewer**.
 
 10. Click **Start**, click **All Programs**, click **Microsoft DaRT 10**, and then click **DaRT Remote Connection Viewer**.
 
 11. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information.
 
-    **Note**  
-    This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
+   **Note**  
+   This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
+
 
-     
 
 12. Click **Connect**.
 
 The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely.
 
-**Note**  
+**Note**  
 A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32.
 
- 
+
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
+1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
-    Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
+   Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
-    
-    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
-    
        
-    Important  
-    
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
-    
        
-    
        
-     
-    
        
+   
+   +   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
+   
        
+   Important
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
+   
        
+   
        
 
-     
+   
        
 
-2.  The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
 
-    ``` syntax
-    [LaunchApps]
-    "%windir%\system32\netstart.exe -network -remount"
-    "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
-    "%windir%\system32\WaitForConnection.exe"
-    "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
-    ```
+
+2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
+
+   ``` syntax
+   [LaunchApps]
+   "%windir%\system32\netstart.exe -network -remount"
+   "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
+   "%windir%\system32\WaitForConnection.exe"
+   "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
+   ```
 
 When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the RAM disk. This file contains connection information: IP address, port, and ticket number. You can copy this file to a network share to trigger a Help desk workflow. For example, a custom program can check the network share for connection files, and then create a support ticket or send email notifications.
 
@@ -173,14 +179,16 @@ When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the
     
     
 
-     
 
-    **Note**  
-    The variables for these parameters are created on the end-user computer and must be provided by the end user.
 
-     
+~~~
+**Note**  
+The variables for these parameters are created on the end-user computer and must be provided by the end user.
+~~~
 
-2.  If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
+
+
+2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
 
 ## Related topics
 
@@ -189,9 +197,9 @@ When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the
 
 [Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md
index 2f720d2d24..c84297c5bf 100644
--- a/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md
+++ b/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
 description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 27c1e1c6-123a-4f8a-b7d2-5bddc9ca3249
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
index 44d50c9191..7cf5e9a3d7 100644
--- a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
+++ b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer on an End-user Computer
 description: How to Run the Crash Analyzer on an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 10334800-ff8e-43ac-a9c2-d28807473ec2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md b/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md
index 3e9c97bec1..ef8ed9be21 100644
--- a/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md
+++ b/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use a PowerShell Script to Create the Recovery Image
 description: How to Use a PowerShell Script to Create the Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: cf5b0814-71a8-4f0b-b1f1-1ac6d8b51c4f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/operations-for-dart-10.md b/mdop/dart-v10/operations-for-dart-10.md
index 8923801ee1..fb618d7c09 100644
--- a/mdop/dart-v10/operations-for-dart-10.md
+++ b/mdop/dart-v10/operations-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for DaRT 10
 description: Operations for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1776d5ed-96c6-4841-a097-721d8cf5c7f7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/overview-of-the-tools-in-dart-10.md b/mdop/dart-v10/overview-of-the-tools-in-dart-10.md
index 3b04364d2d..61ca954cfa 100644
--- a/mdop/dart-v10/overview-of-the-tools-in-dart-10.md
+++ b/mdop/dart-v10/overview-of-the-tools-in-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of the Tools in DaRT 10
 description: Overview of the Tools in DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 752467dd-b646-4335-82ce-9090d4651f65
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ A description of the DaRT 10 tools follows.
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### Crash Analyzer
 
@@ -57,12 +60,12 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w
 **Warning**  
 We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table.
 
- 
+ 
 
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### Disk Wipe
 
@@ -71,7 +74,7 @@ You can use **Disk Wipe** to delete all data from a disk or volume, even the dat
 **Warning**  
 After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it.
 
- 
+ 
 
 ### Explorer
 
@@ -84,7 +87,7 @@ The **Explorer** tool lets you browse the computer’s file system and network s
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### File Search
 
@@ -101,7 +104,7 @@ We recommend that you uninstall only one hotfix at a time, even though the tool
 **Important**  
 Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix.
 
- 
+ 
 
 ### Locksmith
 
@@ -116,7 +119,7 @@ You can use **Registry Editor** to access and change the registry of the Windows
 **Warning**  
 Serious problems can occur if you change the registry incorrectly by using **Registry Editor**. These problems might require you to reinstall the operating system. Before you make changes to the registry, you should back up any valued data on the computer. Change the registry at your own risk.
 
- 
+ 
 
 ### SFC Scan
 
@@ -135,9 +138,9 @@ When you boot a problem computer into DaRT, it is set to automatically obtain it
 
 [Getting Started with DaRT 10](getting-started-with-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/planning-for-dart-10.md b/mdop/dart-v10/planning-for-dart-10.md
index 123f2b0c69..b8b88230b8 100644
--- a/mdop/dart-v10/planning-for-dart-10.md
+++ b/mdop/dart-v10/planning-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for DaRT 10
 description: Planning for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2ca0249a-6a9f-4b4e-91f1-f1b34be7b16c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md
index 5b0f70935e..0b4856b406 100644
--- a/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md
@@ -1,8 +1,11 @@
 ---
 title: Planning How to Save and Deploy the DaRT 10 Recovery Image
 description: Planning How to Save and Deploy the DaRT 10 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9a3e5413-2621-49ce-8bd2-992616691703
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -21,7 +24,7 @@ If your organization uses Active Directory Domain Services (AD DS), you may want
 **Note**  
 You may want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network.
 
- 
+ 
 
 The following table shows some advantages and disadvantages of each method of using DaRT in your organization.
 
@@ -77,16 +80,16 @@ The following table shows some advantages and disadvantages of each method of us
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
index 0ad9cb0ea7..25cd1696fb 100644
--- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Create the DaRT 10 Recovery Image
 description: Planning to Create the DaRT 10 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a0087d93-b88f-454b-81b2-3c7ce3718023
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -46,25 +49,25 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
        Windows Debugging Tools for your platform
        
-
        Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
        
+
        Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.
        
 
 
 
        Optional: Windows symbols files for use with Crash Analyzer
        
-
        Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md).
        
+
        Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see Diagnosing System Failures with Crash Analyzer.
        
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/planning-to-deploy-dart-10.md b/mdop/dart-v10/planning-to-deploy-dart-10.md
index 12f51c9595..8d3571fea4 100644
--- a/mdop/dart-v10/planning-to-deploy-dart-10.md
+++ b/mdop/dart-v10/planning-to-deploy-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy DaRT 10
 description: Planning to Deploy DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 32a39e97-a889-4aae-982c-b85cdc3d9134
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/recovering-computers-using-dart-10.md b/mdop/dart-v10/recovering-computers-using-dart-10.md
index c665c2754e..1d901afe01 100644
--- a/mdop/dart-v10/recovering-computers-using-dart-10.md
+++ b/mdop/dart-v10/recovering-computers-using-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Recovering Computers Using DaRT 10
 description: Recovering Computers Using DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2ad7fab0-c22d-4171-8b5a-b2b7d7c0ad2d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -31,7 +34,7 @@ Whichever method that you use to boot into DaRT, you must enable the boot device
 **Note**  
 Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
- 
+ 
 
 ## Recover a local computer by using the DaRT recovery image
 
@@ -48,7 +51,7 @@ The Remote Connection feature in DaRT lets an IT administrator run the DaRT tool
 **Important**  
 The two computers establishing a remote connection must be part of the same network.
 
- 
+ 
 
 The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**.
 
@@ -63,9 +66,9 @@ The IT administrator or help desk worker enters this information into the **DaRT
 
 [Operations for DaRT 10](operations-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/release-notes-for-dart-10.md b/mdop/dart-v10/release-notes-for-dart-10.md
index d7c7a58914..0308185c37 100644
--- a/mdop/dart-v10/release-notes-for-dart-10.md
+++ b/mdop/dart-v10/release-notes-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for DaRT 10
 description: Release Notes for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: eb996980-f9c4-42cb-bde9-6b3d4b82b58c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/security-and-privacy-for-dart-10.md b/mdop/dart-v10/security-and-privacy-for-dart-10.md
index 4ec961acaf..93b66f3a76 100644
--- a/mdop/dart-v10/security-and-privacy-for-dart-10.md
+++ b/mdop/dart-v10/security-and-privacy-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Privacy for DaRT 10
 description: Security and Privacy for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9ce5d555-c4e9-4482-a147-27b26579c935
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v10/security-considerations-for-dart-10.md b/mdop/dart-v10/security-considerations-for-dart-10.md
index 12a26a2faf..fc0621ba83 100644
--- a/mdop/dart-v10/security-considerations-for-dart-10.md
+++ b/mdop/dart-v10/security-considerations-for-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Security Considerations for DaRT 10
 description: Security Considerations for DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c653daf1-f12a-4667-98cc-f0c89fa38e3f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -35,7 +38,7 @@ You can even configure the DaRT image so that the option to start a remote conne
 **Important**  
 After the remote connection is established, all the tools that you included in the recovery image, including those unavailable to the end user, will become available to any help desk worker who is working on the end–user computer.
 
- 
+ 
 
 For more information about including tools in the DaRT recovery image, see [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md).
 
@@ -47,7 +50,7 @@ If you deploy the DaRT recovery image by saving it to a USB flash drive or by cr
 **Note**  
 DaRT 10 supports BitLocker natively.
 
- 
+ 
 
 To include drive encryption, add the encryption solution files when you create the recovery image. Your encryption solution must be able to run on WinPE. End users who boot from the ISO are then able to access that encryption solution and unblock the drive.
 
@@ -61,9 +64,9 @@ By default, the communication between two computers that have established a **Re
 
 [Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v10/troubleshooting-dart-10.md b/mdop/dart-v10/troubleshooting-dart-10.md
index d644576254..181fef10dd 100644
--- a/mdop/dart-v10/troubleshooting-dart-10.md
+++ b/mdop/dart-v10/troubleshooting-dart-10.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting DaRT 10
 description: Troubleshooting DaRT 10
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 76d42a00-3f6b-4730-8857-39fe49535d37
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v65.md b/mdop/dart-v65.md
index 21aca15b8d..050094ae6f 100644
--- a/mdop/dart-v65.md
+++ b/mdop/dart-v65.md
@@ -1,14 +1,17 @@
 ---
 title: Diagnostics and Recovery Toolset 6.5
 description: Diagnostics and Recovery Toolset 6.5
-author: jamiejdt
+author: eavena
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ---
 
 # Diagnostics and Recovery Toolset 6.5
 
-Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
\ No newline at end of file
+Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
diff --git a/mdop/dart-v7/about-dart-70-new-ia.md b/mdop/dart-v7/about-dart-70-new-ia.md
index 72f6ebf53f..944c2bd884 100644
--- a/mdop/dart-v7/about-dart-70-new-ia.md
+++ b/mdop/dart-v7/about-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: About DaRT 7.0
 description: About DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 217ffafc-6d73-4b80-88d9-71870460d4ab
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/accessibility-for-dart-70.md b/mdop/dart-v7/accessibility-for-dart-70.md
index 469929df6d..5335e76631 100644
--- a/mdop/dart-v7/accessibility-for-dart-70.md
+++ b/mdop/dart-v7/accessibility-for-dart-70.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for DaRT 7.0
 description: Accessibility for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 41f7bb72-4f1d-44fb-bc3f-8b66557fec2f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in Alternative Formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
        (609) 987-8116
        
 
 
-
        [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
        
+
        http://www.learningally.org/
        
 
        Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
        
 
 
 
 
- 
+ 
 
 ## Customer Service for People with Hearing Impairments
 
@@ -93,9 +96,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md
index c8bba81fae..0bb0012fb5 100644
--- a/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md
+++ b/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Creating the DaRT 7.0 Recovery Image
 description: Creating the DaRT 7.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ebb2ec58-0349-469d-a23f-3f944fe4c1fa
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -26,7 +29,7 @@ You can write the ISO to a recordable CD or DVD, save it to a USB flash drive, o
 **Note**  
 If your computer includes a CD-RW drive, the wizard offers to burn the ISO image to a blank CD or DVD. If your computer does not include a drive that is supported by the wizard, you can burn the ISO image onto a CD or DVD by using most programs that can burn a CD or DVD.
 
- 
+ 
 
 To create a bootable CD or DVD from the ISO image, you must have:
 
@@ -39,7 +42,7 @@ To create a bootable CD or DVD from the ISO image, you must have:
     **Important**  
     Test the CD or DVD that you create on all the different kinds of computers that you intend to support because some computers cannot start from all kinds of recordable media.
 
-     
+     
 
 To save the ISO image to a USB flash drive (UFD), you must have:
 
@@ -61,9 +64,9 @@ You can create a DaRT recovery image that can only be used for a certain number
 
 -   [Deploying DaRT 7.0](deploying-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md b/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md
index e489ffeed5..2a1c1e2596 100644
--- a/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md
+++ b/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 7.0 Deployment Checklist
 description: DaRT 7.0 Deployment Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2c68ec15-0624-4a75-8237-05c68b61ad07
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you during Microsoft Diagnostics and Recovery
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Decide on the best DaRT 7 deployment option for your requirements and deploy it.
        [Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md)
        Deploying DaRT 7.0 to Administrator Computers
        		
 
        
 
        
 Checklist box
 
        Use the DaRT Recovery Image Wizard to create the DaRT recovery image ISO.
        [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md)
        Creating the DaRT 7.0 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Decide on the best DaRT 7 recovery image deployment option for your requirements and deploy it.
        [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md)
        Deploying the DaRT 7.0 Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying DaRT 7.0](deploying-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/dart-70-planning-checklist-dart-7.md b/mdop/dart-v7/dart-70-planning-checklist-dart-7.md
index 33aa2a6df1..7612462738 100644
--- a/mdop/dart-v7/dart-70-planning-checklist-dart-7.md
+++ b/mdop/dart-v7/dart-70-planning-checklist-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 7.0 Planning Checklist
 description: DaRT 7.0 Planning Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f97a2318-6597-4774-a854-bb546279a8fd
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Review the DaRT 7 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.
        [DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md)
        DaRT 7.0 Supported Configurations
        		
 
        
 
        
 Checklist box
 
        Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.
        [Planning to Create the DaRT 7.0 Recovery Image](planning-to-create-the-dart-70-recovery-image.md)
        Planning to Create the DaRT 7.0 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Determine which method, or methods, you will use to deploy the DaRT recovery image.
        [Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md)
        Planning How to Save and Deploy the DaRT 7.0 Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/dart-70-supported-configurations-dart-7.md b/mdop/dart-v7/dart-70-supported-configurations-dart-7.md
index 835b955fa4..0bff4cebfc 100644
--- a/mdop/dart-v7/dart-70-supported-configurations-dart-7.md
+++ b/mdop/dart-v7/dart-70-supported-configurations-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 7.0 Supported Configurations
 description: DaRT 7.0 Supported Configurations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e9ee87b0-3254-4625-b178-17b2f5b8f8c8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/deploying-dart-70-new-ia.md b/mdop/dart-v7/deploying-dart-70-new-ia.md
index 54c3257e58..455cfa5388 100644
--- a/mdop/dart-v7/deploying-dart-70-new-ia.md
+++ b/mdop/dart-v7/deploying-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 7.0
 description: Deploying DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7bc99bce-b94f-4074-ba88-986ed76f8a6c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md b/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md
index 26e6517c66..fa4f19d3d6 100644
--- a/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md
+++ b/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 7.0 to Administrator Computers
 description: Deploying DaRT 7.0 to Administrator Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8baf26aa-b168-463c-810f-a165918b9d9f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
index 3ec80e4db5..fe84a514e2 100644
--- a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
+++ b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the DaRT 7.0 Recovery Image
 description: Deploying the DaRT 7.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6bba7bff-800f-44e4-bcfc-e143115607ca
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ After you have created the International Organization for Standardization (ISO)
 **Important**  
 The **DaRT Recovery Image Wizard** only provides the option to burn a CD or DVD. All other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section.
 
- 
+ 
 
 ## Deploy the DaRT Recovery Image Using a USB Flash Drive
 
@@ -55,9 +58,9 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
 
 -   [Deploying DaRT 7.0](deploying-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md b/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md
index fd668ac07b..77afc0423f 100644
--- a/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md
+++ b/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Diagnosing System Failures with Crash Analyzer
 description: Diagnosing System Failures with Crash Analyzer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 170d40ef-4edb-4a32-a349-c285c0ea5e56
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
index 178ece1f8e..ac081ea5fb 100644
--- a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
+++ b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with DaRT 7.0
 description: Getting Started with DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 796f52ce-0935-4d3d-9437-289b4c7b16c3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -21,7 +24,7 @@ This section provides general information for administrators who are evaluating
 **Note**  
 A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from .
 
- 
+ 
 
 ## Getting Started With DaRT 7
 
@@ -51,9 +54,9 @@ A downloadable version of this document and the DaRT 7 Evaluation Guide can be d
 
 -   [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md b/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md
index b9c284b714..a6b4c35913 100644
--- a/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md
+++ b/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change, Repair, or Remove DaRT 7.0
 description: How to Change, Repair, or Remove DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a65ff4f3-2b6d-4105-a7a0-67c87e8e7300
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md b/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md
index 4fb4b2d576..cadfb77d47 100644
--- a/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Time Limited Recovery Image
 description: How to Create a Time Limited Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d2e29cac-c24c-4239-997f-0320b8a830ae
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/how-to-deploy-dart-70.md b/mdop/dart-v7/how-to-deploy-dart-70.md
index 87fd57d726..32254f2c60 100644
--- a/mdop/dart-v7/how-to-deploy-dart-70.md
+++ b/mdop/dart-v7/how-to-deploy-dart-70.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy DaRT 7.0
 description: How to Deploy DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 30522441-40cb-4eca-99b4-dff758f5c647
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This topic provides instructions to deploy Microsoft Diagnostics and Recovery To
 **Important**  
 Before you install DaRT, ensure that the computer meets the minimum system requirements listed in [DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md).
 
- 
+ 
 
 **To install DaRT on an administrator computer**
 
@@ -74,16 +77,16 @@ Before you install DaRT, ensure that the computer meets the minimum system requi
 **Note**  
 You can add /qn or /qb to any of the DaRT installation command prompt options to perform a silent installation.
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
index 9d0f31bc17..ec9f029614 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as a Remote Partition
 description: How to Deploy the DaRT Recovery Image as a Remote Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 757c9340-8eac-42e8-85de-4302e436713a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
         **Note**  
         If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image.
 
-         
+         
 
 2.  Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise.
 
@@ -44,9 +47,9 @@ For more information about how to deploy DaRT as a remote partition, see the fol
 
 [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
index 59e87dc1ea..bb9b4e45b5 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
 description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 462f2d08-f03b-4a07-b2d3-c69205dc6f70
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -31,7 +34,7 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
         **Note**  
         If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image.
 
-         
+         
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
@@ -48,9 +51,9 @@ For more information about how to deploy a recovery solution to reinstall the fa
 
 [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
index 72dd6df1b7..8c9ec4eebf 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image Using a USB Flash Drive
 description: How to Deploy the DaRT Recovery Image Using a USB Flash Drive
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5b7aa843-731e-47e7-b5f9-48d08da732d6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -44,7 +47,7 @@ You can also manually copy the ISO image file to a UFD by following the steps pr
         **Note**  
         The previous code example assumes Disk 1 is the UFD. If it is necessary, replace DISK 1 with your disk number.
 
-         
+         
 
 2.  By using your company’s preferred method of mounting an image, mount the ISO image file that you created in the **Create Startup Image** dialog box of the **DaRT Recovery Image Wizard**. This requires that you have a method available to mount an image file.
 
@@ -53,16 +56,16 @@ You can also manually copy the ISO image file to a UFD by following the steps pr
     **Note**  
     If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the contents to the UFD. This lets you skip the need to mount the image.
 
-     
+     
 
 ## Related topics
 
 
 [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md b/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md
index 1535f0a13c..04e664b006 100644
--- a/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md
+++ b/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Ensure that Crash Analyzer Can Access Symbol Files
 description: How to Ensure that Crash Analyzer Can Access Symbol Files
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 150a2f88-68a5-40eb-8471-e5008488ab6e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md
index 5e017673f6..f24b5b6941 100644
--- a/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Local Computers Using the DaRT Recovery Image
 description: How to Recover Local Computers Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: be29b5a8-be08-4cf2-822e-77a51d3f3b65
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -14,30 +17,32 @@ ms.date: 06/16/2016
 # How to Recover Local Computers Using the DaRT Recovery Image
 
 
-To recover a local computer by using Microsoft Diagnostics and Recovery Toolset (DaRT) 7, you must be physically present at the end-user computer that is experiencing problems that require DaRT. You can also run DaRT remotely by following the instructions at [How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md).
+To recover a local computer by using Microsoft Diagnostics and Recovery Toolset (DaRT) 7, you must be physically present at the end-user computer that is experiencing problems that require DaRT. You can also run DaRT remotely by following the instructions at [How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md).
 
 **To recover a local computer by using DaRT**
 
 1.  As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. You are asked whether you want to initialize network services. If you click **Yes**, it is assumed that a DHCP server is present on the network and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
 
-    To skip the network initialization process, click **No**.
+    To skip the network initialization process, click **No**.
 
 2.  Following the network initialization dialog box, you are asked whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
 
 3.  Following the remapping dialog box, a **System Recovery Options** dialog box appears and asks you to select a keyboard layout. Then it displays the system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers. This prompts you to insert the installation media for the device and to select the driver. Select the installation that you want to repair or diagnose, and then click **Next**.
 
-    **Note**  
+    **Note**  
     If the Windows Recovery Environment (WinRE) detects or suspects that Windows 7 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically.
 
-     
 
-    If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available.
 
-4.  On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-    The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
+4. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+
+   The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
 
 You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides.
 
@@ -45,54 +50,53 @@ For general information about any of the DaRT tools, see [Overview of the Tools
 
 **To run DaRT at the command prompt**
 
-1.  You can run DaRT at the command prompt by specifying the **netstart.exe** command and by using any of the following parameters:
+1. You can run DaRT at the command prompt by specifying the **netstart.exe** command and by using any of the following parameters:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        ParameterDescription
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages asking the end user to specify whether to initialize the network and remap the drives.
        
-    
        
-    Important  
-    
        The end user’s response to the prompts overrides the -network and -remount switches.
        
-    
        
-    
        
-     
-    
        
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        



        ParameterDescription
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages asking the end user to specify whether to initialize the network and remap the drives.
        
+   
        
+   Important
        The end user’s response to the prompts overrides the -network and -remount switches.
        
+   
        
+   
        
 
-     
+   
        
 
-2.  You can customize DaRT so that a computer that boots into DaRT automatically opens the **Remote Connection** tool that is used to establish a remote connection with the help desk.
+
+
+2. You can customize DaRT so that a computer that boots into DaRT automatically opens the **Remote Connection** tool that is used to establish a remote connection with the help desk.
 
 ## Related topics
 
 
 [Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
index 6d02a0a311..2fac900255 100644
--- a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Remote Computers Using the DaRT Recovery Image
 description: How to Recover Remote Computers Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 66bc45fb-dc40-4d47-b583-5bb1ff5c97a7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -14,12 +17,12 @@ ms.date: 08/30/2016
 # How to Recover Remote Computers Using the DaRT Recovery Image
 
 
-The Remote Connection feature in Microsoft Diagnostics and Recovery Toolset (DaRT) 7 lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator or helpdesk agent can take control of the end user's computer and run the necessary DaRT tools remotely.
+The Remote Connection feature in Microsoft Diagnostics and Recovery Toolset (DaRT) 7 lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator or helpdesk agent can take control of the end user's computer and run the necessary DaRT tools remotely.
 
-**Important**  
+**Important**  
 The two computers establishing a remote connection must be part of the same network.
 
- 
+
 
 **To recover a remote computer by using DaRT**
 
@@ -35,105 +38,106 @@ The two computers establishing a remote connection must be part of the same netw
 
     Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user.
 
-    **Note**  
+    **Note**  
     Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
-     
+
 
 2.  As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. You are asked whether you want to initialize network services. If you click **Yes**, it is assumed that a DHCP server is present on the network and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
 
-    To skip the network initialization process, click **No**.
+    To skip the network initialization process, click **No**.
 
 3.  Following the network initialization dialog box, you are asked whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
 
 4.  Following the remapping dialog box, a **System Recovery Options** dialog box appears and asks you to select a keyboard layout. Then it displays the system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers. This prompts you to insert the installation media for the device and to select the driver. Select the installation that you want to repair or diagnose, and then click **Next**.
 
-    **Note**  
+    **Note**  
     If the Windows Recovery Environment (WinRE) detects or suspects that Windows 7 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about this situation including how to resolve it, see [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md).
 
-     
 
-    If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available.
 
-5.  On the **System Recovery Options** window, select **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset** window.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-6.  On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
+5. On the **System Recovery Options** window, select **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset** window.
 
-    The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
+6. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
 
-7.  On the helpdesk agent computer, open the **DaRT Remote Connection Viewer**.
+   The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
 
-    Click **Start**, click **All Programs**, click **Microsoft DaRT 7**, and then click **DaRT Remote Connection Viewer**.
+7. On the helpdesk agent computer, open the **DaRT Remote Connection Viewer**.
 
-8.  In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information.
+   Click **Start**, click **All Programs**, click **Microsoft DaRT 7**, and then click **DaRT Remote Connection Viewer**.
 
-    **Note**  
-    This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
+8. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information.
 
-     
+   **Note**  
+   This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
 
-9.  Click **Connect**.
+
+
+9. Click **Connect**.
 
 The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely.
 
-**Note**  
+**Note**  
 A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32.
 
- 
+
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
+1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
-    Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
+   Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
-    
-    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
-    
        
-    Important  
-    
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
-    
        
-    
        
-     
-    
        
+   
+   +   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
+   
        
+   Important
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
+   
        
+   
        
 
-     
+   
        
 
-2.  The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
 
-    ``` syntax
-    [LaunchApps]
-    "%windir%\system32\netstart.exe -network -remount"
-    "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
-    "%windir%\system32\WaitForConnection.exe"
-    "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
-    ```
+
+2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
+
+   ``` syntax
+   [LaunchApps]
+   "%windir%\system32\netstart.exe -network -remount"
+   "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
+   "%windir%\system32\WaitForConnection.exe"
+   "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
+   ```
 
 **To run the Remote Connection Viewer at the command prompt**
 
@@ -166,23 +170,25 @@ A file is provided that is named inv32.xml and contains remote connection inform
     
     
 
-     
 
-    **Note**  
-    The variables for these parameters are created on the end-user computer and must be provided by the end user.
 
-     
+~~~
+**Note**  
+The variables for these parameters are created on the end-user computer and must be provided by the end user.
+~~~
 
-2.  If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
+
+
+2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
 
 ## Related topics
 
 
 [Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md b/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md
index 3c84baa490..2000d0e0f8 100644
--- a/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md
+++ b/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
 description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 881d573f-2f18-4c5f-838e-2f5320179f94
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -33,7 +36,7 @@ If you cannot access the Microsoft Debugging Tools for Windows or the symbol fil
         **Note**  
         Use the Search tool in DaRT 7 to locate the copied crash dump file.
 
-         
+         
 
 3.  The **Crash Analyzer** scans the crash dump file and reports a probable cause of the crash. You can view more information about the crash, such as the specific crash message and description, the drivers loaded at the time of the crash, and the full output of the analysis.
 
@@ -44,9 +47,9 @@ If you cannot access the Microsoft Debugging Tools for Windows or the symbol fil
 
 [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md b/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md
index 6f232fa2e0..4a03441b10 100644
--- a/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md
+++ b/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer on an End-user Computer
 description: How to Run the Crash Analyzer on an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 40af4ead-6588-4a81-8eaa-3dc00c397e1d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -43,7 +46,7 @@ Typically, you run Microsoft Diagnostics and Recovery Toolset (DaRT) 7 Crash An
         **Note**  
         If you do not have access to the **System Properties** window, you can search for dump files on the end-user computer by using the **Search** tool in DaRT.
 
-         
+         
 
 3.  The **Crash Analyzer** scans the crash dump file and reports a probable cause of the crash. You can view more information about the crash, such as the specific crash message and description, the drivers loaded at the time of the crash, and the full output of the analysis.
 
@@ -54,9 +57,9 @@ Typically, you run Microsoft Diagnostics and Recovery Toolset (DaRT) 7 Crash An
 
 [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
index eab232ace9..64a13002bc 100644
--- a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the DaRT Recovery Image Wizard to Create the Recovery Image
 description: How to Use the DaRT Recovery Image Wizard to Create the Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1b8ef983-fff9-4d75-a2f6-53120c5c00c9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -39,7 +42,7 @@ The **DaRT Recovery Image Wizard** requires the following information:
 **Note**  
 The ISO image size can vary, depending on the tools that were selected in the **DaRT Recovery Image Wizard**.
 
- 
+ 
 
 ## To create the recovery image using the DaRT Recovery Image Wizard
 
@@ -71,7 +74,7 @@ You can either specify the location of the debugging tools on the computer where
 **Note**  
 If you include the **Crash Analyzer** in the ISO image, we recommend that you also include the Debugging Tools for Windows.
 
- 
+ 
 
 Follow these steps to add the Debugging Tools for Windows:
 
@@ -98,7 +101,7 @@ If you decide not to include the latest definitions on the recovery image, or if
 **Important**  
 You cannot scan if there are no definitions.
 
- 
+ 
 
 After you have finished, click **Next**.
 
@@ -107,14 +110,14 @@ After you have finished, click **Next**.
 **Caution**  
 By default, when you add a driver to the DaRT recovery image, all additional files and subfolders that are located in that folder are added into the recovery image. For more information, see [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md).
 
- 
+ 
 
 You should include additional drivers on the recovery image for DaRT 7 that you may need when repairing a computer. These may typically include storage or network controllers that are not included on the Windows DVD.
 
 **Important**  
 When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT.
 
- 
+ 
 
 **To add a storage or network controller driver to the recovery image**
 
@@ -125,7 +128,7 @@ When you select drivers to include, be aware that wireless connectivity (such as
     **Note**  
     The **driver** file is provided by the manufacturer of the storage or network controller.
 
-     
+     
 
 3.  Repeat Steps 1 and 2 for every driver that you want to include.
 
@@ -168,7 +171,7 @@ If the **DaRT Recovery Image Wizard** detects a compatible CD-RW drive on your c
     **Note**  
     If a drive is not recognized and you install a new drive, you can click **Refresh Drive List** to force the wizard to update the list of available drives.
 
-     
+     
 
 3.  Click **Next**.
 
@@ -177,9 +180,9 @@ If the **DaRT Recovery Image Wizard** detects a compatible CD-RW drive on your c
 
 [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/operations-for-dart-70-new-ia.md b/mdop/dart-v7/operations-for-dart-70-new-ia.md
index a7f3abd71c..4ab261ebe1 100644
--- a/mdop/dart-v7/operations-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/operations-for-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for DaRT 7.0
 description: Operations for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5566d817-fc14-4408-ba01-1d87fbc132d9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md b/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md
index ffbf551335..ccd74f662c 100644
--- a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md
+++ b/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of the Tools in DaRT 7.0
 description: Overview of the Tools in DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 67c5991e-cbe6-4ce9-9fe5-f1761369d1fe
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ You can use **Registry Editor** to access and change the registry of the Windows
 **Caution**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+ 
 
 ### Locksmith
 
@@ -67,7 +70,7 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w
 **Warning**  
 We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table.
 
- 
+ 
 
 ### Disk Wipe
 
@@ -76,7 +79,7 @@ You can use **Disk Wipe** to delete all data from a disk or volume, even the dat
 **Warning**  
 After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it.
 
- 
+ 
 
 ### Computer Management
 
@@ -103,7 +106,7 @@ We recommend that you uninstall only one hotfix at a time, even though the tool
 **Important**  
 Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix.
 
- 
+ 
 
 ### SFC Scan
 
@@ -120,7 +123,7 @@ The **Search** tool opens a **File Search** window that you can use to find docu
 **Important**  
 Environments with the Standalone System Sweeper deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Standalone System Sweeper tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images.
 
- 
+ 
 
 The **Standalone System Sweeper** can help detect malware and unwanted software and warn you of security risks. You can use this tool to scan a computer for and remove malware even when the installed Windows operating system is not running. When the **Standalone System Sweeper** detects malicious or unwanted software, it prompts you to remove, quarantine, or allow for each item.
 
@@ -133,16 +136,16 @@ The **Remote Connection** tool in DaRT lets you remotely run the DaRT tools on a
 **Important**  
 The two computers establishing a remote connection must be part of the same network.
 
- 
+ 
 
 ## Related topics
 
 
 [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/planning-for-dart-70-new-ia.md b/mdop/dart-v7/planning-for-dart-70-new-ia.md
index 98476abcaa..d4227b88d2 100644
--- a/mdop/dart-v7/planning-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/planning-for-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for DaRT 7.0
 description: Planning for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9a60cb08-5efb-40fe-b1e3-9ece831f3b43
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md
index 815111bfad..f99585b92a 100644
--- a/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md
+++ b/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md
@@ -1,8 +1,11 @@
 ---
 title: Planning How to Save and Deploy the DaRT 7.0 Recovery Image
 description: Planning How to Save and Deploy the DaRT 7.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d96e9363-6186-4fc3-9b83-ba15ed9694a5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -24,7 +27,7 @@ You can save and deploy the DaRT recovery image by using the following methods.
 **Note**  
 You might want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network.
 
- 
+ 
 
 The following table shows some advantages and disadvantages of each method of using DaRT in your organization.
 
@@ -68,16 +71,16 @@ The following table shows some advantages and disadvantages of each method of us
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
index dc60a82839..7c19fc8845 100644
--- a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
+++ b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Create the DaRT 7.0 Recovery Image
 description: Planning to Create the DaRT 7.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e5d49bee-ae4e-467b-9976-c1203f6355f9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/planning-to-deploy-dart-70.md b/mdop/dart-v7/planning-to-deploy-dart-70.md
index 2497dbc283..f1f21b158b 100644
--- a/mdop/dart-v7/planning-to-deploy-dart-70.md
+++ b/mdop/dart-v7/planning-to-deploy-dart-70.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy DaRT 7.0
 description: Planning to Deploy DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 05e97cdb-a8c2-46e4-9c75-a7d12fe26fe8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -48,7 +51,7 @@ Several methods can be used to save and deploy the DaRT recovery image. When you
 **Note**  
 You might want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network.
 
- 
+ 
 
 [Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md)
 
@@ -57,9 +60,9 @@ You might want to use more than one method in your organization. For example, yo
 
 [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md b/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md
index ddea601e88..35e35b8a3e 100644
--- a/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md
+++ b/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Recovering Computers Using DaRT 7.0
 description: Recovering Computers Using DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bcded7ca-237b-4971-ac34-4394b05cbc50
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -36,7 +39,7 @@ Whichever method that you use to boot into DaRT, you must enable the boot device
 **Note**  
 Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
- 
+ 
 
 [How to Recover Local Computers Using the DaRT Recovery Image](how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md)
 
@@ -48,7 +51,7 @@ The Remote Connection feature in DaRT lets an IT administrator run the DaRT tool
 **Important**  
 The two computers establishing a remote connection must be part of the same network.
 
- 
+ 
 
 The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**.
 
@@ -63,9 +66,9 @@ The IT administrator or helpdesk agent enters this information into the **DaRT R
 
 [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
index e1b35be047..87506ac590 100644
--- a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for DaRT 7.0
 description: Release Notes for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fad227d0-5c22-4efd-9187-0e5922f7250b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -105,9 +108,9 @@ All other trademarks are property of their respective owners.
 
 [About DaRT 7.0](about-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md b/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md
index 45d6ce5d29..7d51161f65 100644
--- a/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md
+++ b/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md
@@ -1,8 +1,11 @@
 ---
 title: Security Considerations for DaRT 7.0
 description: Security Considerations for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 52ad7e6c-c169-4ba4-aa76-56335a585eb8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -32,7 +35,7 @@ You can even configure the DaRT image so that the option to start a remote conne
 **Important**  
 After the remote connection is established, all the tools that you included in the recovery image, including those unavailable to the end user, will become available to the helpdesk agent working on the end–user computer.
 
- 
+ 
 
 For more information about including tools in the DaRT recovery image, see [How to Use the DaRT Recovery Image Wizard to Create the Recovery Image](how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md).
 
@@ -46,7 +49,7 @@ Your encryption method should be deployed and enabled in all computers.
 **Note**  
 DaRT 7 supports BitLocker natively.
 
- 
+ 
 
 ## To help maintain security between two computers during Remote Connection
 
@@ -58,9 +61,9 @@ By default, the communication between two computers that have established a **Re
 
 [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md b/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md
index 6436d50a4d..70e1a1fba6 100644
--- a/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for DaRT 7.0
 description: Technical Reference for DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f55c7e5e-713a-42d1-84c9-88370155f934
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
index a06dac4191..5e1d37af9e 100644
--- a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
+++ b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting DaRT 7.0
 description: Troubleshooting DaRT 7.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 24c50efa-e9ac-45c4-aca2-b1dcfe834fdd
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/about-dart-80-dart-8.md b/mdop/dart-v8/about-dart-80-dart-8.md
index 4cb8f87148..7de3d83f67 100644
--- a/mdop/dart-v8/about-dart-80-dart-8.md
+++ b/mdop/dart-v8/about-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: About DaRT 8.0
 description: About DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ce91efd6-7d78-44cb-bb8f-1f43f768ebaa
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 helps you troubleshoot and
 **Note**  
 DaRT does not support the recovery of dynamic disks.
 
- 
+ 
 
 DaRT also provides tools to help you fix a problem as soon as you determine the cause. For example, you can use the tools in DaRT to disable a faulty device driver, remove hotfixes, restore deleted files, and scan the computer for malware even when you cannot or should not start the installed Windows operating system.
 
@@ -70,9 +73,9 @@ This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDO
 
 [Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/about-dart-80-sp1.md b/mdop/dart-v8/about-dart-80-sp1.md
index 307f3a0c9c..9a2cf5c3a0 100644
--- a/mdop/dart-v8/about-dart-80-sp1.md
+++ b/mdop/dart-v8/about-dart-80-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About DaRT 8.0 SP1
 description: About DaRT 8.0 SP1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2e166444-4097-4b23-9f50-d8819f1f4960
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/about-dart-81.md b/mdop/dart-v8/about-dart-81.md
index ba9aa61695..a2d81ba1e5 100644
--- a/mdop/dart-v8/about-dart-81.md
+++ b/mdop/dart-v8/about-dart-81.md
@@ -1,8 +1,11 @@
 ---
 title: About DaRT 8.1
 description: About DaRT 8.1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: dcaddc57-0111-4a9d-8be9-f5ada0eefa7d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -33,10 +36,10 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 
     You can create DaRT images by using Windows Server 2012 R2 or Windows 8.1.
 
-    **Note**  
+    **Note**  
     For earlier versions of the Windows Server and Windows operating systems, continue to use the earlier versions of DaRT.
 
-     
+
 
 -   **Customer feedback**
 
@@ -49,16 +52,18 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 ## Requirements
 
 
--   **Windows Assessment and Development Kit 8.1**
+-   **Windows Assessment and Development Kit 8.1**
 
-    Windows Assessment and Development Kit (ADK) 8.1 is a required prerequisite for the DaRT Recovery Image Wizard. Windows ADK 8.1 contains deployment tools that are used to customize, deploy, and service Windows images. It also contains the Windows Preinstallation Environment (Windows PE).
+    Windows Assessment and Development Kit (ADK) 8.1 is a required prerequisite for the DaRT Recovery Image Wizard. Windows ADK 8.1 contains deployment tools that are used to customize, deploy, and service Windows images. It also contains the Windows Preinstallation Environment (Windows PE).
 
-    **Note**  
-    Windows ADK 8.1 is not required if you are installing only Remote Connection Viewer or Crash Analyzer.
+    **Note**  
+    Windows ADK 8.1 is not required if you are installing only Remote Connection Viewer or Crash Analyzer.
 
-     
 
-    To download Windows ADK 8.1, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1](https://www.microsoft.com/download/details.aspx?id=39982) in the Microsoft Download Center.
+
+~~~
+To download Windows ADK 8.1, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1](https://www.microsoft.com/download/details.aspx?id=39982) in the Microsoft Download Center.
+~~~
 
 -   **Microsoft .NET Framework 4.5.1**
 
@@ -107,9 +112,9 @@ DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is pa
 
 [Release Notes for DaRT 8.1](release-notes-for-dart-81.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
index 5ad466dbd1..936d93ea7d 100644
--- a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
+++ b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for DaRT 8.0
 description: Accessibility for DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 95f426de-222c-4ec0-9b9b-af817c7fff9b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in alternative formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
        (609) 987-8116
        
 
 
-
        [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
        
+
        http://www.learningally.org/
        
 
        Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
        
 
 
 
 
- 
+ 
 
 ## Customer service for people with hearing impairments
 
@@ -93,9 +96,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md b/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md
index f28d53a283..d400b3bd5d 100644
--- a/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md
+++ b/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Administering DaRT 8.0 Using PowerShell
 description: Administering DaRT 8.0 Using PowerShell
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 776430e0-d5c9-4919-877a-fab503451b37
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
index c055b3d88d..0dfd0b39f2 100644
--- a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Creating the DaRT 8.0 Recovery Image
 description: Creating the DaRT 8.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 39001b8e-86c0-45ef-8f34-2d6199f9922d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -89,7 +92,7 @@ On the Drivers tab of the Advanced Options page, you can add additional device d
 **Important**  
 When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT.
 
- 
+ 
 
 **To add drivers to the recovery image**
 
@@ -102,7 +105,7 @@ When you select drivers to include, be aware that wireless connectivity (such as
     **Note**  
     The driver file is provided by the manufacturer of the storage or network controller.
 
-     
+     
 
 4.  Repeat Steps 2 and 3 for every driver that you want to include.
 
@@ -141,7 +144,7 @@ The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kit
 
 `%ProgramFilesX86%\Windows Kits\8.0\Debuggers\x86`
 
- 
+ 
 
 **To add the debugging tools for Crash Analyzer**
 
@@ -177,7 +180,7 @@ On the Defender tab of the Advanced Options page, you add definitions, which are
         **Important**  
         You cannot scan if there are no definitions.
 
-         
+         
 
 3.  Click **Next**.
 
@@ -203,7 +206,7 @@ If you select the Edit Image check box on this page, you can customize the recov
     **Note**  
     The size of the image will vary, depending on the tools that you select and the files that you add in the wizard.
 
-     
+     
 
 2.  In the **Image name** box, enter a name for the DaRT recovery image, or accept the default name, which is DaRT8.
 
@@ -253,7 +256,7 @@ On the Create Bootable Media page, you can optionally copy the image file to a C
 **Note**  
 The Preboot execution environment (PXE) and local image deployment are not supported natively by this tool since they require additional enterprise tools, such as System Center Configuration Manager server and Microsoft Development Toolkit.
 
- 
+ 
 
 **To copy the recovery image to a CD, DVD, or USB**
 
@@ -264,7 +267,7 @@ The Preboot execution environment (PXE) and local image deployment are not suppo
     **Note**  
     If a drive is not recognized and you install a new drive, you can click **Refresh** to force the wizard to update the list of available drives.
 
-     
+     
 
 3.  Click the **Create Bootable Media** button.
 
@@ -277,9 +280,9 @@ The Preboot execution environment (PXE) and local image deployment are not suppo
 
 [Deploying DaRT 8.0](deploying-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md b/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md
index 7cf1797280..eca291304a 100644
--- a/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md
+++ b/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 8.0 Deployment Checklist
 description: DaRT 8.0 Deployment Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 74e071fb-697c-463f-adce-d09b8d86495f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you during Microsoft Diagnostics and Recovery
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Decide on the best DaRT 8.0 deployment option for your requirements and deploy it.
        [Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md)
        Deploying DaRT 8.0 to Administrator Computers
        		
 
        
 
        
 Checklist box
 
        Use the DaRT Recovery Image wizard to create the DaRT recovery image ISO.
        [Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md)
        Creating the DaRT 8.0 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Decide on the best DaRT 8.0 recovery image deployment option for your requirements and deploy it.
        [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md)
        Deploying the DaRT Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying DaRT 8.0](deploying-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/dart-80-planning-checklist-dart-8.md b/mdop/dart-v8/dart-80-planning-checklist-dart-8.md
index 1ebfd3d8b9..7e29d01395 100644
--- a/mdop/dart-v8/dart-80-planning-checklist-dart-8.md
+++ b/mdop/dart-v8/dart-80-planning-checklist-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 8.0 Planning Checklist
 description: DaRT 8.0 Planning Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0a0f5a71-b1d6-424c-8174-fc5aad506928
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -38,31 +41,31 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Review the DaRT 8.0 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.
        [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md)
        DaRT 8.0 Supported Configurations
        		
 
        
 
        
 Checklist box
 
        Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.
        [Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md)
        Planning to Create the DaRT 8.0 Recovery Image
        		
 
        
 
        
 Checklist box
 
        Determine which method, or methods, you will use to deploy the DaRT recovery image.
        [Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md)
        Planning How to Save and Deploy the DaRT 8.0 Recovery Image
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Planning for DaRT 8.0](planning-for-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
index 4a578cdb99..3446e85228 100644
--- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
+++ b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 8.0 Privacy Statement
 description: DaRT 8.0 Privacy Statement
-author: jamiejdt
+author: msfttracyp
 ms.assetid: db474241-e44e-4bca-9be4-3557a3614c2a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
index fe0e399bc8..1498448738 100644
--- a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
+++ b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: DaRT 8.0 Supported Configurations
 description: DaRT 8.0 Supported Configurations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 95d68e5c-d202-4f4a-adef-d2098328172e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -60,7 +63,7 @@ The following table lists the installation prerequisites for the administrator c
 
 
 
- 
+ 
 
 ### Help desk computer prerequisites
 
@@ -93,7 +96,7 @@ The following table lists the installation prerequisites for the help desk compu
 
 
 
- 
+ 
 
 ### End-user computer prerequisites
 
@@ -109,12 +112,12 @@ The following table lists the operating systems that are supported for the DaRT
 **Note**  
 Make sure that you allocate enough space for any additional tools that you want to install on the administrator computer.
 
- 
+ 
 
 **Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+ 
 
 @@ -163,7 +166,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 
        
 

 
        
 
- 
+ 
 
 ###  DaRT help desk computer system requirements
 
@@ -228,7 +231,7 @@ The following table lists the operating systems that are supported for the DaRT
 
 
 
- 
+ 
 
 DaRT also has the following minimum hardware requirements for the end-user computer:
 
@@ -287,16 +290,16 @@ The Diagnostics and Recovery Toolset window in DaRT requires that the end-user c
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/deploying-dart-80-dart-8.md b/mdop/dart-v8/deploying-dart-80-dart-8.md
index dc16ec45b6..36e9c02d25 100644
--- a/mdop/dart-v8/deploying-dart-80-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 8.0
 description: Deploying DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5a976d4e-3372-4ef6-9095-1b48e99af21b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
index 0a286d920a..ecd56e83ee 100644
--- a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying DaRT 8.0 to Administrator Computers
 description: Deploying DaRT 8.0 to Administrator Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f918ead8-742e-464a-8bf6-1fcedde66cae
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md
index 484bd4b007..99ebca995c 100644
--- a/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md
+++ b/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the DaRT Recovery Image
 description: Deploying the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: df5cb54a-be8c-4ed2-89ea-d3c67c2ef4d4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ Extract the boot.wim file from the ISO image and deploy in the recovery partitio
 **Important**  
 The **DaRT Recovery Image Wizard** provides the option to burn the image to a CD, DVD or UFD, but the other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section.
 
- 
+ 
 
 ## Deploy the DaRT recovery image as part of a recovery partition
 
@@ -48,9 +51,9 @@ You can host the recovery image on a central network boot server, such as Window
 
 [Deploying DaRT 8.0](deploying-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md b/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md
index b0d42098bf..d5e3945dc8 100644
--- a/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md
+++ b/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Diagnosing System Failures with Crash Analyzer
 description: Diagnosing System Failures with Crash Analyzer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ce3d3186-54fb-45b2-b5ce-9bb7841db28f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
index 13c8a6fb56..faa25ee39e 100644
--- a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
+++ b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with DaRT 8.0
 description: Getting Started with DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 579d18c5-7434-4a0e-9725-fb81ca5e3c6d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -21,7 +24,7 @@ A downloadable version of this administrator’s guide is not available. However
 
 Additional downloadable information about this product can also be found at .
 
- 
+ 
 
 ## Getting started with DaRT 8.0
 
@@ -56,9 +59,9 @@ DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is pa
 
 [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md b/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md
index 79b027f96c..0e90caab1d 100644
--- a/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md
+++ b/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Change, Repair, or Remove DaRT 8.0
 description: How to Change, Repair, or Remove DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a9737635-aaf5-45bd-861f-f9dff4f02336
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
index c681d10487..e31d87e179 100644
--- a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy DaRT 8.0
 description: How to Deploy DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ab772e7a-c02f-4847-acdf-8bd362769a77
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following instructions explain how to deploy Microsoft Diagnostics and Recov
 **Important**  
 Before you install DaRT, see [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 8 or Windows Server 2012.
 
- 
+ 
 
 You can install DaRT using one of two different configurations:
 
@@ -83,7 +86,7 @@ msiexec.exe /i MSDaRT80.msi /l*v log.txt
 **Note**  
 You can add /qn or /qb to perform a silent installation.
 
- 
+ 
 
 **To validate the DaRT installation**
 
@@ -98,9 +101,9 @@ You can add /qn or /qb to perform a silent installation.
 
 [Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
index 72eef6ae82..a717b3888e 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as a Remote Partition
 description: How to Deploy the DaRT Recovery Image as a Remote Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 58f4a6c6-6193-42bd-a095-0de868711af9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -27,7 +30,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
         **Note**  
         If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image.
 
-         
+         
 
 2.  Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise.
 
@@ -44,9 +47,9 @@ For more information about how to deploy DaRT as a remote partition, see [Walkth
 
 [Planning for DaRT 8.0](planning-for-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
index b9ed176f5e..c5d594b59c 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
 description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 07c5d539-51d9-4759-adc7-72b40d5d7bb3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -31,7 +34,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
         **Note**  
         If you burned a CD, DVD, or USB of the recovery image, you can open the files on the removable media and copy the boot.wim file from the \\sources folder. If you copy boot.wim file, you don’t need to mount the image.
 
-         
+         
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
@@ -50,9 +53,9 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 [Planning for DaRT 8.0](planning-for-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md b/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md
index 312fe03a19..afe2d17d1b 100644
--- a/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md
+++ b/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md
@@ -1,8 +1,11 @@
 ---
 title: How to Ensure that Crash Analyzer Can Access Symbol Files
 description: How to Ensure that Crash Analyzer Can Access Symbol Files
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 99839013-1cd8-44d1-8484-0e15261c5a4b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md b/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md
index d84f1001b3..c36fc90c84 100644
--- a/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md
+++ b/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Perform DaRT Tasks by Using PowerShell Commands
 description: How to Perform DaRT Tasks by Using PowerShell Commands
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bc788b00-38c7-4f57-a832-916b68264d89
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md
index 6fc91964ab..dca11766bc 100644
--- a/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md
+++ b/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Local Computers by Using the DaRT Recovery Image
 description: How to Recover Local Computers by Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f679d522-49ab-429c-93d0-294c3f3e5639
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -36,18 +39,20 @@ Use these instructions to recover a computer when you are physically present at
 
 6.  Select the installation that you want to repair or diagnose, and then click **Next**.
 
-    **Note**  
+    **Note**  
     If the Windows Recovery Environment (WinRE) detects or suspects that Windows 8 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically.
 
-     
 
-    If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-7.  On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-    The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
+7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**.
+
+   The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created.
 
 You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides.
 
@@ -55,41 +60,40 @@ For general information about any of the DaRT tools, see [Overview of the Tools
 
 **How to run DaRT at the command prompt**
 
--   To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters:
+- To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters:
+
+  
+  +  +  +  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
        



        Parameter
        Description
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages that ask the end user to specify whether to initialize the network and remap the drives.
        
+  
        
+  Warning
        The end user’s response to the prompt overrides the –network and –remount switches.
        
+  
        
+  
        
+
+  
        
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        



        Parameter
        Description
        -network
        Initializes the network services.
        -remount
        Remaps the drive letters.
        -prompt
        Displays messages that ask the end user to specify whether to initialize the network and remap the drives.
        
-    
        
-    Warning  
-    
        The end user’s response to the prompt overrides the –network and –remount switches.
        
-    
        
-    
        
-     
-    
        
 
-     
 
 ## Related topics
 
@@ -98,9 +102,9 @@ For general information about any of the DaRT tools, see [Overview of the Tools
 
 [Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
index e972616f19..ea9f968420 100644
--- a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
+++ b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover Remote Computers by Using the DaRT Recovery Image
 description: How to Recover Remote Computers by Using the DaRT Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 363ccd48-6820-4b5b-a43a-323c0b208a9d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -32,113 +35,116 @@ If you disabled the DaRT tools when you created the recovery image, you still ha
 
     Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user.
 
-    **Note**  
+    **Note**  
     Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
-     
 
-    As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears.
 
-2.  When you are asked whether you want to initialize network services, select one of the following:
+~~~
+As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears.
+~~~
 
-    **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
+2. When you are asked whether you want to initialize network services, select one of the following:
 
-    **No** - skip the network initialization process.
+   **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address.
 
-3.  Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
+   **No** - skip the network initialization process.
 
-4.  On the **System Recovery Options** dialog box, select a keyboard layout.
+3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process.
 
-5.  Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver.
+4. On the **System Recovery Options** dialog box, select a keyboard layout.
 
-6.  Select the installation that you want to repair or diagnose, and then click **Next**.
+5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver.
 
-    **Note**  
-    If the Windows Recovery Environment (WinRE) detects or suspects that Windows 8 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md).
+6. Select the installation that you want to repair or diagnose, and then click **Next**.
 
-     
+   **Note**  
+   If the Windows Recovery Environment (WinRE) detects or suspects that Windows 8 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md).
 
-    If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-    The **System Recovery Options** window appears and lists various recovery tools.
 
-7.  On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**.
+~~~
+If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available.
 
-8.  On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
+The **System Recovery Options** window appears and lists various recovery tools.
+~~~
 
-    The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
+7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**.
 
-9.  On the help desk computer, open the **DaRT Remote Connection Viewer**.
+8. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**.
+
+   The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information.
+
+9. On the help desk computer, open the **DaRT Remote Connection Viewer**.
 
 10. Click **Start**, click **All Programs**, click **Microsoft DaRT 8.0**, and then click **DaRT Remote Connection Viewer**.
 
 11. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information.
 
-    **Note**  
-    This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
+   **Note**  
+   This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer.
+
 
-     
 
 12. Click **Connect**.
 
 The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely.
 
-**Note**  
+**Note**  
 A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32.
 
- 
+
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
+1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
-    Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
+   Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
-    
-    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
-    
        
-    Important  
-    
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
-    
        
-    
        
-     
-    
        
+   
+   +   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
        




        CommandParameterDescription
        RemoteRecovery.exe
        -nomessage
        Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.
        WaitForConnection.exe
        none
        Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.
        
+   
        
+   Important
        This command serves no function if it is specified independently. It must be specified in a script to function correctly.
        
+   
        
+   
        
 
-     
+   
        
 
-2.  The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
 
-    ``` syntax
-    [LaunchApps]
-    "%windir%\system32\netstart.exe -network -remount"
-    "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
-    "%windir%\system32\WaitForConnection.exe"
-    "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
-    ```
+
+2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT:
+
+   ``` syntax
+   [LaunchApps]
+   "%windir%\system32\netstart.exe -network -remount"
+   "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
+   "%windir%\system32\WaitForConnection.exe"
+   "%SYSTEMDRIVE%\sources\recovery\recenv.exe"
+   ```
 
 When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the RAM disk. This file contains connection information: IP address, port, and ticket number. You can copy this file to a network share to trigger a Help desk workflow. For example, a custom program can check the network share for connection files, and then create a support ticket or send email notifications.
 
@@ -173,14 +179,16 @@ When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the
     
     
 
-     
 
-    **Note**  
-    The variables for these parameters are created on the end-user computer and must be provided by the end user.
 
-     
+~~~
+**Note**  
+The variables for these parameters are created on the end-user computer and must be provided by the end user.
+~~~
 
-2.  If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
+
+
+2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified.
 
 ## Related topics
 
@@ -189,9 +197,9 @@ When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the
 
 [Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md
index 56dbb996ef..ad3b05cceb 100644
--- a/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md
+++ b/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
 description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b2f87144-6379-478a-802b-9cfef5242f34
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
index 17f36999d6..c50f8d1d66 100644
--- a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
+++ b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Run the Crash Analyzer on an End-user Computer
 description: How to Run the Crash Analyzer on an End-user Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d36213e5-7719-44d7-be65-971c3ef7df2c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md b/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md
index d59e5a25bd..34c8202a73 100644
--- a/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md
+++ b/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use a PowerShell Script to Create the Recovery Image
 description: How to Use a PowerShell Script to Create the Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d0c71092-535e-43b1-9b1d-6ac819508348
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
index cff8d991a3..78b6e42da3 100644
--- a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
+++ b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
 description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 59678283-4b44-4d02-ba8f-0e7315efd5d1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/operations-for-dart-80-dart-8.md b/mdop/dart-v8/operations-for-dart-80-dart-8.md
index 9092e122c7..c495ff0ffd 100644
--- a/mdop/dart-v8/operations-for-dart-80-dart-8.md
+++ b/mdop/dart-v8/operations-for-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for DaRT 8.0
 description: Operations for DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a31615de-eb6e-41af-909c-d0b6f3eb3f2f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
index 04662c206f..7cffb8401b 100644
--- a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
+++ b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of the Tools in DaRT 8.0
 description: Overview of the Tools in DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1766c82e-c099-47d4-b186-4689b026a7e0
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -30,7 +33,7 @@ A description of the DaRT 8.0 tools follows.
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### Crash Analyzer
 
@@ -47,7 +50,7 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w
 **Important**  
 Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md).
 
- 
+ 
 
 **Defender** can help detect malware and unwanted software and warn you of security risks. You can use this tool to scan a computer for and remove malware even when the installed Windows operating system is not running. When **Defender** detects malicious or unwanted software, it prompts you to remove, quarantine, or allow for each item.
 
@@ -68,12 +71,12 @@ Malware that uses rootkits can mask itself from the running operating system. If
 **Warning**  
 We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table.
 
- 
+ 
 
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### Disk Wipe
 
@@ -82,7 +85,7 @@ You can use **Disk Wipe** to delete all data from a disk or volume, even the dat
 **Warning**  
 After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it.
 
- 
+ 
 
 ### Explorer
 
@@ -95,7 +98,7 @@ The **Explorer** tool lets you browse the computer’s file system and network s
 **Note**  
 The recovery of dynamic disks with DaRT is not supported.
 
- 
+ 
 
 ### File Search
 
@@ -112,7 +115,7 @@ We recommend that you uninstall only one hotfix at a time, even though the tool
 **Important**  
 Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix.
 
- 
+ 
 
 ### Locksmith
 
@@ -127,7 +130,7 @@ You can use **Registry Editor** to access and change the registry of the Windows
 **Warning**  
 Serious problems can occur if you change the registry incorrectly by using **Registry Editor**. These problems might require you to reinstall the operating system. Before you make changes to the registry, you should back up any valued data on the computer. Change the registry at your own risk.
 
- 
+ 
 
 ### SFC Scan
 
@@ -146,9 +149,9 @@ When you boot a problem computer into DaRT, it is set to automatically obtain it
 
 [Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/planning-for-dart-80-dart-8.md b/mdop/dart-v8/planning-for-dart-80-dart-8.md
index 310d58b028..a7ab30d88b 100644
--- a/mdop/dart-v8/planning-for-dart-80-dart-8.md
+++ b/mdop/dart-v8/planning-for-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for DaRT 8.0
 description: Planning for DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c8be3ab3-dc54-43b9-b9ff-fbd5e1ef29a7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md
index 50290559fc..4f95c0b2fa 100644
--- a/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Planning How to Save and Deploy the DaRT 8.0 Recovery Image
 description: Planning How to Save and Deploy the DaRT 8.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 939fbe17-0e30-4c85-8782-5b84d69442a7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -21,7 +24,7 @@ If your organization uses Active Directory Domain Services (AD DS), you may want
 **Note**  
 You may want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network.
 
- 
+ 
 
 The following table shows some advantages and disadvantages of each method of using DaRT in your organization.
 
@@ -77,16 +80,16 @@ The following table shows some advantages and disadvantages of each method of us
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
index 69a4a66f44..4acce8e180 100644
--- a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Create the DaRT 8.0 Recovery Image
 description: Planning to Create the DaRT 8.0 Recovery Image
-author: jamiejdt
+author: msfttracyp
 ms.assetid: cfd0e1e2-c379-4460-b545-3f7be9f33583
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -46,7 +49,7 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
        Windows Debugging Tools for your platform
        
-
        Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
        
+
        Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.
        
 
 
 
        Optional: Defender definitions
        
@@ -54,21 +57,21 @@ The following items are required or recommended for creating the DaRT recovery i
 
 
 
        Optional: Windows symbols files for use with Crash Analyzer
        
-
        Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md).
        
+
        Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see Diagnosing System Failures with Crash Analyzer.
        
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md
index 09ee54baf4..60c6e5d180 100644
--- a/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md
+++ b/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy DaRT 8.0
 description: Planning to Deploy DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 36f2babb-9ac5-4ea2-932c-12c6211f5be2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md b/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md
index e5c34aa044..10b50735d0 100644
--- a/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md
+++ b/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Recovering Computers Using DaRT 8.0
 description: Recovering Computers Using DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0caeb7d9-c1e6-4f32-bc27-157b91630989
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -31,7 +34,7 @@ Whichever method that you use to boot into DaRT, you must enable the boot device
 **Note**  
 Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization.
 
- 
+ 
 
 ## Recover a local computer by using the DaRT recovery image
 
@@ -48,7 +51,7 @@ The Remote Connection feature in DaRT lets an IT administrator run the DaRT tool
 **Important**  
 The two computers establishing a remote connection must be part of the same network.
 
- 
+ 
 
 The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**.
 
@@ -63,9 +66,9 @@ The IT administrator or help desk worker enters this information into the **DaRT
 
 [Operations for DaRT 8.0](operations-for-dart-80-dart-8.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
index ed6f807ef4..7ec6427eb0 100644
--- a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for DaRT 8.0
 description: Release Notes for DaRT 8.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e8b373c8-7aa5-4930-a8f9-743d26145dad
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop
 ms.mktglfcycl: support
 ms.sitesec: library
@@ -37,7 +40,7 @@ We are interested in your feedback on DaRT 8.0. You can send your feedback to AGPM 4.0 - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2
        
 
        AGPM 3.0- Windows Vista SP1, Windows Server 2008
        
 
        AGPM 2.5 - Windows Vista, Windows Server 2003
        
-
        [Overview of Microsoft Advanced Group Policy Management](agpm/index.md)
        
-
        [AGPM 4.0 SP3](agpm/whats-new-in-agpm-40-sp3.md)
        
-
        [AGPM 4.0 SP2](agpm/whats-new-in-agpm-40-sp2.md)
        
-
        [AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715)
        
-
        [AGPM 4.0](agpm/whats-new-in-agpm-40-sp1.md)
        
-
        [AGPM 3.0](agpm/whats-new-in-agpm-30.md)
        
-
        [AGPM 2.5](agpm/agpm-25-navengl.md)
        
-
        [AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275)
        
+
        Overview of Microsoft Advanced Group Policy Management
        
+
        AGPM 4.0 SP3
        
+
        AGPM 4.0 SP2
        
+
        AGPM 4.0 SP1 (https://go.microsoft.com/fwlink/p/?LinkId=286715)
        
+
        AGPM 4.0
        
+
        AGPM 3.0
        
+
        AGPM 2.5
        
+
        AGPM Whitepapers on the Microsoft Download Center
        
 
 
 
        Microsoft Application Virtualization (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.
        
-
        [Microsoft Application Virtualization 5.1 Administrator's Guide](appv-v5/microsoft-application-virtualization-51-administrators-guide.md)
        
-
        [About App-V 5.0 SP3](appv-v5/about-app-v-50-sp3.md)
        
-
        [About App-V 5.0 SP2](appv-v5/about-app-v-50-sp2.md)
        
-
        [About App-V 5.0 SP1](appv-v5/about-app-v-50-sp1.md)
        
-
        [Microsoft Application Virtualization 5.0 Administrator's Guide](appv-v5/microsoft-application-virtualization-50-administrators-guide.md)
        
-
        [About Microsoft Application Virtualization 4.6 SP3](appv-v4/about-microsoft-application-virtualization-46-sp3.md)
        
-
        [About Microsoft Application Virtualization 4.6 SP2](appv-v4/about-microsoft-application-virtualization-46-sp2.md)
        
-
        [About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md)
        
-
        [About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md)
        
-
        [About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md)
        
-
        [App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902)
        
-
        [App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570)
        
+
        Microsoft Application Virtualization 5.1 Administrator's Guide
        
+
        About App-V 5.0 SP3
        
+
        About App-V 5.0 SP2
        
+
        About App-V 5.0 SP1
        
+
        Microsoft Application Virtualization 5.0 Administrator's Guide
        
+
        About Microsoft Application Virtualization 4.6 SP3
        
+
        About Microsoft Application Virtualization 4.6 SP2
        
+
        About Microsoft Application Virtualization 4.6 SP1
        
+
        About Microsoft Application Virtualization 4.6
        
+
        About Microsoft Application Virtualization 4.5
        
+
        App-V Whitepapers on the Microsoft Download Center
        
+
        App-V 5.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309570)
        
 
 
 
        Microsoft BitLocker Administration and Monitoring (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.
        
-
        [Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md)
        
-
        [MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) 
        
-
        [About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md)
        
-
        [About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md)
        
-
        [Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md)
        
-
        [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](mbam-v1/index.md)
        
-
        [MBAM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231905) (https://go.microsoft.com/fwlink/p/?LinkId=231905)
        
-
        [MBAM 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309571) (https://go.microsoft.com/fwlink/p/?LinkId=309571)
        
+
        Microsoft BitLocker Administration and Monitoring 2.5
        
+
        MBAM 2.5 Video Demonstration: Deploying MBAM 2.5 
        
+
        About MBAM 2.5 SP1
        
+
        About MBAM 2.0 SP1
        
+
        Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
        
+
        Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
        
+
        MBAM Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=231905)
        
+
        MBAM 1.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309571)
        
 
 
 
        Microsoft Diagnostics and Recovery Toolset (DaRT) helps troubleshoot and repair Windows-based computers.
        
@@ -81,53 +81,53 @@ The following table provides links to the product documentation for the MDOP pro
 
        DaRT 6.5 - Windows 7, Windows Server 2008 R2
        
 
        DaRT 6.0 - Windows Vista, Windows Server 2008
        
 
        DaRT 5.0 - Windows 2000, Windows XP, Windows Server 2003
        
-
        [Diagnostics and Recovery Toolset 10](dart-v10/index.md)
        
-
        [About DaRT 8.1](dart-v8/about-dart-81.md)
        
-
        [About DaRT 8.0 SP1](dart-v8/about-dart-80-sp1.md)
        
-
        [Diagnostics and Recovery Toolset 8 Administrator's Guide](dart-v8/index.md)
        
-
        [Diagnostics and Recovery Toolset 7 Administrator's Guide](dart-v7/index.md)
        
-
        [DaRT 6.5](https://go.microsoft.com/fwlink/p/?LinkId=232983) (https://go.microsoft.com/fwlink/p/?LinkId=232983)
        
-
        [DaRT Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232274) (https://go.microsoft.com/fwlink/p/?LinkId=232274)
        
-
        [DaRT 8.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309573) (https://go.microsoft.com/fwlink/p/?LinkId=309573)
        
-
        [DaRT 7.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309572) (https://go.microsoft.com/fwlink/p/?LinkId=309572)
        
+
        Diagnostics and Recovery Toolset 10
        
+
        About DaRT 8.1
        
+
        About DaRT 8.0 SP1
        
+
        Diagnostics and Recovery Toolset 8 Administrator's Guide
        
+
        Diagnostics and Recovery Toolset 7 Administrator's Guide
        
+
        DaRT 6.5 (https://go.microsoft.com/fwlink/p/?LinkId=232983)
        
+
        DaRT Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=232274)
        
+
        DaRT 8.0 eBook (https://go.microsoft.com/fwlink/p/?LinkId=309573)
        
+
        DaRT 7.0 eBook (https://go.microsoft.com/fwlink/p/?LinkId=309572)
        
 
 
 
        Microsoft Desktop Enterprise Monitoring (DEM) monitors and reports enterprise-wide desktop application and system failures.
        
-
        [DEM 3.5](https://go.microsoft.com/fwlink/p/?LinkId=232985) (https://go.microsoft.com/fwlink/p/?LinkId=232985)
        
-
        [DEM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232276) (https://go.microsoft.com/fwlink/p/?LinkId=232276)
        
+
        DEM 3.5 (https://go.microsoft.com/fwlink/p/?LinkId=232985)
        
+
        DEM Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=232276)
        
 
 
 
        Microsoft Enterprise Desktop Virtualization (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization.
        
 
        MED-V 2.0 - Windows 7
        
 
        MED-V 1.0 SP1 - Windows 7, Windows Vista, Windows XP
        
 
        MED-V 1.0 - Windows Vista, Windows XP
        
-
        [Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md)
        
-
        [About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md)
        
-
        [Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md)
        
+
        Microsoft Enterprise Desktop Virtualization 2.0
        
+
        About MED-V 1.0 SP1
        
+
        Microsoft Enterprise Desktop Virtualization 1.0
        
 
 
 
 
        Microsoft User Experience Virtualization (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.
        
-
        [Microsoft User Experience Virtualization (UE-V) 2.x](uev-v2/index.md)
        
-
        [What's New in UE-V 2.1 SP1](uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md)
        
-
        [What's New in UE-V 2.1](uev-v2/whats-new-in-ue-v-21-new-uevv2.md)
        
-
        [What's New in UE-V 2.0](uev-v2/whats-new-in-ue-v-20-new-uevv2.md)
        
-
        [About User Experience Virtualization 1.0 SP1](uev-v1/about-user-experience-virtualization-10-sp1.md)
        
-
        [Microsoft User Experience Virtualization (UE-V) 1.0](uev-v1/index.md)
        
-
        [UE-V 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309574) (https://go.microsoft.com/fwlink/p/?LinkId=309574)
        
+
        Microsoft User Experience Virtualization (UE-V) 2.x
        
+
        What's New in UE-V 2.1 SP1
        
+
        What's New in UE-V 2.1
        
+
        What's New in UE-V 2.0
        
+
        About User Experience Virtualization 1.0 SP1
        
+
        Microsoft User Experience Virtualization (UE-V) 1.0
        
+
        UE-V 1.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309574)
        
 
 
-
        [MDOP Solutions and Scenarios](solutions/index.md)
        
-
        [Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0](solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md)
        
-
        [Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0](solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md)
        
-
        [Creating App-V 4.5 Databases Using SQL Scripting](solutions/creating-app-v-45-databases-using-sql-scripting.md)
        
-
        [Application Publishing and Client Interaction for App-V 5](solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md)
        
-
        [How to Download and Deploy MDOP Group Policy (.admx) Templates](solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md)
        
+
        MDOP Solutions and Scenarios
        
+
        Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0
        
+
        Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0
        
+
        Creating App-V 4.5 Databases Using SQL Scripting
        
+
        Application Publishing and Client Interaction for App-V 5
        
+
        How to Download and Deploy MDOP Group Policy (.admx) Templates
        
 
 
 
 
- 
+ 
 
 ## Supplemental MDOP Product Guidance
 
@@ -142,21 +142,21 @@ In addition to the product documentation available online, supplemental product
 
 
 
        MDOP Virtual Labs
        
-
        For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276).
        
+
        For a list of available MDOP virtual labs, go to Microsoft Desktop Optimization Pack (MDOP) Virtual Labs (https://go.microsoft.com/fwlink/p/?LinkId=234276).
        
 
 
 
        MDOP TechCenter
        
-
        For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=225286) (https://go.microsoft.com/fwlink/p/?LinkId=225286)
        
+
        For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to MDOP TechCenter (https://go.microsoft.com/fwlink/p/?LinkId=225286)
        
 
        
 
 
 
        MDOP Forums
        
-
        Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](https://go.microsoft.com/fwlink/p/?LinkId=286973) (https://go.microsoft.com/fwlink/p/?LinkId=286973).
        
+
        Join in the MDOP community where you can ask and answer questions at the MDOP TechNet Forum (https://go.microsoft.com/fwlink/p/?LinkId=286973).
        
 
 
 
 
- 
+ 
 
 ## How to Get MDOP
 
@@ -169,9 +169,9 @@ MDOP subscribers can download the software at the [Microsoft Volume Licensing we
 **Purchase MDOP**
 Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/about-mbam-10.md b/mdop/mbam-v1/about-mbam-10.md
index fad97c1223..6649ff16d7 100644
--- a/mdop/mbam-v1/about-mbam-10.md
+++ b/mdop/mbam-v1/about-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: About MBAM 1.0
 description: About MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 99254aaa-2b30-4b2e-8365-0d4b67a89a0c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ With Microsoft BitLocker Administration and Monitoring, you can select the BitLo
 **Note**  
 BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
- 
+ 
 
 The following groups might be interested in using MBAM to manage BitLocker:
 
@@ -43,9 +46,9 @@ For more information and for latest updates, see [Release Notes for MBAM 1.0](re
 
 [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/accessibility-for-mbam-10.md b/mdop/mbam-v1/accessibility-for-mbam-10.md
index 4fb9ce04ea..6e772a734a 100644
--- a/mdop/mbam-v1/accessibility-for-mbam-10.md
+++ b/mdop/mbam-v1/accessibility-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for MBAM 1.0
 description: Accessibility for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5c1bf1a3-76cf-458c-ac4a-cd343aace4de
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in Alternative Formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
        (609) 987-8116
        
 
 
-
        [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
        
+
        http://www.learningally.org/
        
 
        Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
        
 
 
 
 
- 
+ 
 
 ## Customer Service for People with Hearing Impairments
 
@@ -93,9 +96,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md b/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md
index a2e3aeb732..11d991351f 100644
--- a/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md
+++ b/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Administering MBAM 1.0 by Using PowerShell
 description: Administering MBAM 1.0 by Using PowerShell
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3bf2eca5-4ab7-4e84-9e80-c0c7d709647b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/administering-mbam-10-features.md b/mdop/mbam-v1/administering-mbam-10-features.md
index 9cfda1fe2a..86fabb6cde 100644
--- a/mdop/mbam-v1/administering-mbam-10-features.md
+++ b/mdop/mbam-v1/administering-mbam-10-features.md
@@ -1,8 +1,11 @@
 ---
 title: Administering MBAM 1.0 Features
 description: Administering MBAM 1.0 Features
-author: jamiejdt
+author: msfttracyp
 ms.assetid: dd9a9eff-f1ad-4af3-85d9-c19131a4ad22
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ The MBAM Hardware Compatibility feature can help you to ensure that only the com
 **Important**  
 When this feature is turned off, all computers where the MBAM policy is deployed will be encrypted.
 
- 
+ 
 
 MBAM can collect information on both the make and model of client computers if you deploy the “Allow Hardware Compatibility Checking” Group Policy. If you configure this policy, the MBAM agent reports the computer make and model information to the MBAM Server when the MBAM Client is deployed on a client computer.
 
@@ -58,9 +61,9 @@ If enabled through a Group Policy Objects (GPO), a custom MBAM control panel tha
 
 [Operations for MBAM 1.0](operations-for-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md b/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md
index 63a75e2f02..c6d78bd71f 100644
--- a/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md
+++ b/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 1.0 Group Policy Objects
 description: Deploying MBAM 1.0 Group Policy Objects
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2129291e-d2b2-41ed-b643-1e311c49fee7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/deploying-mbam-10.md b/mdop/mbam-v1/deploying-mbam-10.md
index 6e416db1e6..9c54063330 100644
--- a/mdop/mbam-v1/deploying-mbam-10.md
+++ b/mdop/mbam-v1/deploying-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 1.0
 description: Deploying MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ff952ed6-08b2-4ed0-97b8-bf89f22cccbc
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-client.md b/mdop/mbam-v1/deploying-the-mbam-10-client.md
index 833fa771de..3b9f55c539 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-client.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-client.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 1.0 Client
 description: Deploying the MBAM 1.0 Client
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f7ca233f-5035-4ff9-ab3a-f2453b4929d1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md b/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md
index c478873a50..1cf2e31d54 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 1.0 Language Release Update
 description: Deploying the MBAM 1.0 Language Release Update
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9dbd85c3-e470-4752-a90f-25754dd46dab
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
index 6ba49c968b..55c227b364 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 1.0 Server Infrastructure
 description: Deploying the MBAM 1.0 Server Infrastructure
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 90529379-b70e-4c92-b188-3d7aaf1844af
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -24,7 +27,7 @@ In this configuration, all MBAM features are installed on a single server. This
 **Important**  
 This configuration is supported, but we recommend it for testing only.
 
- 
+ 
 
 The procedures in this section describe the full installation of the MBAM features on a single server.
 
@@ -90,9 +93,9 @@ In this configuration, MBAM features are installed in the following configuratio
 
 [Deploying MBAM 1.0](deploying-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/evaluating-mbam-10.md b/mdop/mbam-v1/evaluating-mbam-10.md
index d61e8f68bd..a610d18cea 100644
--- a/mdop/mbam-v1/evaluating-mbam-10.md
+++ b/mdop/mbam-v1/evaluating-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Evaluating MBAM 1.0
 description: Evaluating MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: a1e2b674-eda9-4e1c-9b4c-e748470c71f2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -44,63 +47,62 @@ Even when you set up a non-production instance of MBAM to evaluate in a lab envi
 
 Checklist box
 
        Review the Getting Started information about MBAM to gain a basic understanding of the product before you begin your deployment planning.
        
-
        [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
        
+
        Getting Started with MBAM 1.0
        
 
        
 
 
 Checklist box
 
        
-
        Prepare your computing environment for the MBAM installation. To do so, you must enable the Transparent Data Encryption (TDE) on the SQL Server instances that will host MBAM databases. To enable TDE in your lab environment, you can create a .sql file to run against the master database that is hosted on the instance of the SQL Server that MBAM will use.
        
+
        Prepare your computing environment for the MBAM installation. To do so, you must enable the Transparent Data Encryption (TDE) on the SQL Server instances that will host MBAM databases. To enable TDE in your lab environment, you can create a .sql file to run against the master database that is hosted on the instance of the SQL Server that MBAM will use.
        
 
        
-Note  
-
        You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of C:\Backup\. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.
        
+Note
        You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of C:\Backup</em>. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.
        
 
        
 
        
- 
+
 
        
 
        USE master;
 GO
-CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'P@55w0rd';
+CREATE MASTER KEY ENCRYPTION BY PASSWORD = &amp;#39;P@55w0rd';
 GO
 CREATE CERTIFICATE tdeCert WITH SUBJECT = 'TDE Certificate';
 GO
 BACKUP CERTIFICATE tdeCert TO FILE = 'C:\Backup\TDECertificate.cer'
    WITH PRIVATE KEY (
          FILE = 'C:\Backup\TDECertificateKey.pvk',
-         ENCRYPTION BY PASSWORD = 'P@55w0rd');
+         ENCRYPTION BY PASSWORD = &amp;#39;P@55w0rd');
 GO
        
-
        [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
        
-
        [Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703)
        
+
        MBAM 1.0 Deployment Prerequisites
        
+
        Database Encryption in SQL Server 2008 Enterprise Edition
        
 
        
 
 
 Checklist box
 
        Plan for and configure MBAM Group Policy requirements.
        
-
        [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md)
        
+
        Planning for MBAM 1.0 Group Policy Requirements
        
 
        
 
 
 Checklist box
-
        Plan for and create the necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
        
-
        [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md)
        
+
        Plan for and create the necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
        
+
        Planning for MBAM 1.0 Administrator Roles
        
 
        
 
 
 Checklist box
 
        Plan for MBAM Server feature deployment.
        
-
        [Planning for MBAM 1.0 Server Deployment](planning-for-mbam-10-server-deployment.md)
        
+
        Planning for MBAM 1.0 Server Deployment
        
 
        
 
 
 Checklist box
 
        Plan for MBAM Client deployment.
        
-
        [Planning for MBAM 1.0 Client Deployment](planning-for-mbam-10-client-deployment.md)
        
+
        Planning for MBAM 1.0 Client Deployment
        
 
        
 
 
 
 
- 
+
 
 ### Perform an MBAM Evaluation Deployment
 
@@ -117,47 +119,47 @@ After you complete the necessary planning and software prerequisite installation
 
 Checklist box
 
        Review the MBAM supported configurations information to make sure that the selected client and server computers are supported for the MBAM feature installation.
        
-
        [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
        
+
        MBAM 1.0 Supported Configurations
        
 
        
 
 
 Checklist box
 
        Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes.
        
-
        [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md)
        
+
        How to Install and Configure MBAM on a Single Server
        
 
        
 
 
 Checklist box
-
        Add the Active Directory Domain Services security groups that you created during the planning phase to the appropriate local MBAM Server feature local groups on the new MBAM server.
        
-
        [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md) and [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-1.md)
        
+
        Add the Active Directory Domain Services security groups that you created during the planning phase to the appropriate local MBAM Server feature local groups on the new MBAM server.
        
+
        Planning for MBAM 1.0 Administrator Roles and How to Manage MBAM Administrator Roles
        
 
        
 
 
 Checklist box
 
        Create and deploy the required MBAM Group Policy Objects.
        
-
        [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
        
+
        Deploying MBAM 1.0 Group Policy Objects
        
 
        
 
 
 Checklist box
 
        Deploy the MBAM Client software.
        
-
        [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
        
+
        Deploying the MBAM 1.0 Client
        
 
        
 
 
 
 
- 
+
 
 ## Configure Lab Computers for MBAM Evaluation
 
 
 You can change the frequency settings on the MBAM Client status reporting by using Registry Editor. However, these modifications should be used for testing purposes only.
 
-**Warning**  
+**Warning**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+
 
 ### Modify the Frequency Settings on MBAM Client Status Reporting
 
@@ -172,9 +174,9 @@ In addition to the MBAM Client wakeup and status reporting frequencies, there is
 
 [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md
index 7964813ec1..b54f281bf6 100644
--- a/mdop/mbam-v1/getting-started-with-mbam-10.md
+++ b/mdop/mbam-v1/getting-started-with-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with MBAM 1.0
 description: Getting Started with MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4fab4e4a-d25e-4661-b235-2b45bf5ac3e4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you are new to this product, we recommend that you read the documentation tho
 **Note**  
 You can find a downloadable version of this documentation and the MBAM Evaluation Guide at .
 
- 
+ 
 
 This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at .
 
@@ -57,9 +60,9 @@ This section of the MBAM Administrator’s Guide includes high-level information
 
 -   [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/high-availability-for-mbam-10.md b/mdop/mbam-v1/high-availability-for-mbam-10.md
index 7e937b41e0..a7f2f2a89a 100644
--- a/mdop/mbam-v1/high-availability-for-mbam-10.md
+++ b/mdop/mbam-v1/high-availability-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: High Availability for MBAM 1.0
 description: High Availability for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5869ecf8-1056-4c32-aecb-838a37e05d39
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
index b401b20c7c..73dfbdd35b 100644
--- a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
+++ b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: High Level Architecture for MBAM 1.0
 description: High Level Architecture for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b1349196-88ed-4d6c-8a1d-998f18127b6b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ The following diagram displays the MBAM architecture. The single-server MBAM dep
 **Note**  
 At least a three-computer MBAM deployment topology is recommended for a production deployment. For more information about MBAM deployment topologies, see [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md).
 
- 
+ 
 
 ![mbam single server deployment topology](images/mbam-1-server.jpg)
 
@@ -55,9 +58,9 @@ At least a three-computer MBAM deployment topology is recommended for a producti
 
 [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
index c05f830a9d..a8ca4fbd5c 100644
--- a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
+++ b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Network Load Balancing for MBAM
 description: How to Configure Network Load Balancing for MBAM
-author: jamiejdt
+author: msfttracyp
 ms.assetid: df2208c3-352b-4a48-9722-237b0c8cd6a5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ To obtain the setup log files, you must install Microsoft BitLocker Administrati
 
 Additional setup log files are created in the %temp% folder of the user who installs MBAM.
 
- 
+ 
 
 The Network Load Balancing (NLB) clusters for the Administration and Monitoring Server feature provides scalability in MBAM and it should support more than 55,000 MBAM client computers.
 
@@ -38,7 +41,7 @@ All computers that will be part of a NLB cluster have the following requirements
 
 -   The NLB cluster requires a static IP address, and a host record must be manually created in the domain name system (DNS).
 
- 
+ 
 
 ## Configuring Network Load Balancing for MBAM Administration and Monitoring Servers
 
@@ -50,7 +53,7 @@ Before you begin the procedures described in this topic, you must have the MBAM
 **Note**  
 This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](https://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library.
 
- 
+ 
 
 **To configure an NLB Cluster Virtual Name and IP address for two MBAM Administration and Monitoring Servers**
 
@@ -59,7 +62,7 @@ This topic describes the basic process of using Network Load Balancing Manager t
     **Note**  
     If the NLB Manager is not present, you can install it as a Windows Server feature. You must install this feature on both MBAM Administration and Monitoring servers if you want to configure it into the NLB cluster.
 
-     
+     
 
 2.  On the menu bar, click **Cluster**, and then click **New** to open the **Cluster Parameters** dialog box.
 
@@ -80,7 +83,7 @@ This topic describes the basic process of using Network Load Balancing Manager t
     **Note**  
     Ensure that **Affinity** is set to **Single**.
 
-     
+     
 
 7.  On the **Connect** page, enter an MBAM Administration and Monitoring server instance host name that will be part of the NLB cluster in **Host**, and then click **Connect**.
 
@@ -91,7 +94,7 @@ This topic describes the basic process of using Network Load Balancing Manager t
     **Note**  
     The **Host Parameters** page also displays the NLB cluster host priority, which is 1 through 32. As new hosts are added to the NLB cluster, the host priority must differ from the previously added hosts. The priority is automatically incremented when you use the Network Load Balancing Manager.
 
-     
+     
 
 10. Click **<NLB cluster name>** and ensure that the NLB host interface **Status** displays **Converged** before you continue. This step might require that you refresh the NLB cluster display as the host TCP/IP configuration that is being modified by the NLB Manager.
 
@@ -106,9 +109,9 @@ This topic describes the basic process of using Network Load Balancing Manager t
 
 [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md b/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md
index eea98e59a1..d76d6481b6 100644
--- a/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md
+++ b/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client as Part of a Windows Deployment
 description: How to Deploy the MBAM Client as Part of a Windows Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8704bf33-535d-41da-b9b2-45b60754367e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,17 +19,17 @@ ms.date: 06/16/2016
 
 The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker Client can be integrated into an organization by enabling BitLocker management and encryption on client computers during the computer imaging and Windows deployment process.
 
-**Note**  
+**Note**  
 To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+
 
 Encryption of client computers with BitLocker during the initial imaging stage of a Windows deployment can lower the administrative overhead for MBAM implementation. This approach also ensures that every computer that is deployed already has BitLocker running and is configured correctly.
 
-**Warning**  
+**Warning**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+
 
 **To encrypt a computer as part of Windows deployment**
 
@@ -80,24 +83,26 @@ This topic describes how to change the Windows registry by using Registry Editor
 
     Example: http://<computer name>/MBAMRecoveryAndHardwareService/CoreService.svc.
 
-     
 
-    **Note**  
-    MBAM policy or registry values can be set here to override the previously set values.
 
-     
+~~~
+**Note**  
+MBAM policy or registry values can be set here to override the previously set values.
+~~~
 
-7.  The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator:
 
-    **net start mbamagent**
 
-8.  When the computers restarts and the BIOS prompts you to accept a TPM change, accept the change.
+7. The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator:
 
-9.  During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service. Then, to set start to **automatic**, open a command prompt as an administrator and run the following commands:
+   **net start mbamagent**
 
-    **sc config mbamagent start= auto**
+8. When the computers restarts and the BIOS prompts you to accept a TPM change, accept the change.
 
-    **net start mbamagent**
+9. During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service. Then, to set start to **automatic**, open a command prompt as an administrator and run the following commands:
+
+   **sc config mbamagent start= auto**
+
+   **net start mbamagent**
 
 10. Remove the bypass registry values. To do this, run regedit, browse to the HKLM\\SOFTWARE\\Microsoft registry entry, right-click the **MBAM** node, and then click **Delete**.
 
@@ -106,9 +111,9 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md b/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md
index bab36d4a01..ec94256a72 100644
--- a/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md
+++ b/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client to Desktop or Laptop Computers
 description: How to Deploy the MBAM Client to Desktop or Laptop Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f32927a2-4c05-4da8-acca-1108d1dfdb7e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables admi
 **Note**  
 To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 **To deploy the MBAM Client to desktop or laptop computers**
 
@@ -30,23 +33,23 @@ To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configura
     **Note**  
     You should not use Group Policy to deploy the Windows Installer package.
 
-     
+     
 
 3.  Configure the distribution settings or Group Policy to run the MBAM Client installation file. After successful installation, the MBAM Client applies the Group Policy settings that are received from a domain controller to begin BitLocker encryption and management functions. For more information about MBAM Group Policy settings, see [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md).
 
     **Important**  
     The MBAM Client will not start BitLocker encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed before BitLocker encryption will begin.
 
-     
+     
 
 ## Related topics
 
 
 [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md b/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md
index 0dca407a39..1951352a23 100644
--- a/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md
+++ b/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Determine the BitLocker Encryption State of a Lost Computers
 description: How to Determine the BitLocker Encryption State of a Lost Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9440890a-9c63-463b-9113-f46071446388
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) enables you to determin
     **Note**  
     The default address for the MBAM website is http://*<computername>*. Use the fully qualified server name for faster browsing results.
 
-     
+     
 
 2.  Select the **Report** node from the navigation pane, and then select the **Computer Compliance Report**.
 
@@ -34,16 +37,16 @@ Microsoft BitLocker Administration and Monitoring (MBAM) enables you to determin
     **Note**  
     Device compliance is determined by the deployed BitLocker policies. You should verify these deployed policies when you are trying to determine the BitLocker encryption state of a device.
 
-     
+     
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md b/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md
index 521cf77e97..f7b3f615a5 100644
--- a/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md
+++ b/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit MBAM 1.0 GPO Settings
 description: How to Edit MBAM 1.0 GPO Settings
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 03d12fbc-4302-43fc-9b38-440607d778a1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -64,21 +67,23 @@ The following steps describe how to configure the basic, recommended Group Polic
 
     Set **Choose how BitLocker-protected drives can be recovered** and **Allow data recovery agent**.
 
-     
 
-    **Important**  
-    Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md) for Group Policy configuration details for all of the available MBAM GPO policy options.
 
-     
+~~~
+**Important**  
+Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md) for Group Policy configuration details for all of the available MBAM GPO policy options.
+~~~
+
+
 
 ## Related topics
 
 
 [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md b/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md
index 19eacd4dfd..62464e8014 100644
--- a/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md
+++ b/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Generate MBAM Reports
 description: How to Generate MBAM Reports
-author: jamiejdt
+author: msfttracyp
 ms.assetid: cdf4ae76-040c-447c-8736-c9e57068d221
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) generates various repor
 **Note**  
 To run the reports, you must be a member of the **Report Users** role on the computers where you have installed the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports.
 
- 
+ 
 
 **To open the MBAM Administration website**
 
@@ -28,14 +31,14 @@ To run the reports, you must be a member of the **Report Users** role on the com
     **Note**  
     If the MBAM administration website was installed on a port other than port 80, you must specify that port number in the URL. For example, *http://<computername>:<port>*. If you specified a Host Name for the MBAM administration website during the installation, the URL would be *http://<hostname>*.
 
-     
+     
 
 2.  In the navigation pane, click **Reports**. In the main pane, click the tab for your report type: **Enterprise Compliance Report**, **Computer Compliance Report**, **Hardware Audit Report**, or **Recovery Audit Report**.
 
     **Note**  
     Historical MBAM Client data is retained in the compliance database. This retained data may be needed in case a computer is lost or stolen. When running enterprise reports, you should use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase the reporting data accuracy.
 
-     
+     
 
 **To generate an enterprise Compliance Report**
 
@@ -52,7 +55,7 @@ To run the reports, you must be a member of the **Report Users** role on the com
     **Note**  
     The Enterprise Compliance report is generated by a SQL job that runs every six hours. Therefore, the first time you try to view the report you may find that some data is missing.
 
-     
+     
 
 3.  To view information about a computer in the Computer Compliance Report, select the computer name.
 
@@ -73,7 +76,7 @@ To run the reports, you must be a member of the **Report Users** role on the com
     **Note**  
     An MBAM Client computer is considered compliant if the computer matches the requirements of the MBAM policy settings or the computer’s hardware model is set to incompatible. Therefore, when you are viewing detailed information about the disk volumes associated with the computer, computers that are exempt from BitLocker encryption due to hardware compatibility can be displayed as compliant even though their drive volume encryption status is displayed as noncompliant.
 
-     
+     
 
 **To generate the Hardware Compatibility Audit Report**
 
@@ -116,9 +119,9 @@ To run the reports, you must be a member of the **Report Users** role on the com
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md b/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md
index f9df0a1669..d10014b0d2 100644
--- a/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md
+++ b/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md
@@ -1,8 +1,11 @@
 ---
 title: How to Hide Default BitLocker Encryption in The Windows Control Panel
 description: How to Hide Default BitLocker Encryption in The Windows Control Panel
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c8503743-220c-497c-9785-e2feeca484d6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md
index 599eb04686..7761a0065c 100644
--- a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md
+++ b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure MBAM on a Single Server
 description: How to Install and Configure MBAM on a Single Server
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 55841c63-bad9-44e7-b7fd-ea7037febbd7
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ To obtain the setup log files, you must install MBAM by using the **msiexec** pa
 
 Additional setup log files are created in the %temp% folder of the user who is installing MBAM.
 
- 
+ 
 
 ## To install MBAM Server features on a single server
 
@@ -33,7 +36,7 @@ The following steps describe how to install general MBAM features.
 **Note**  
 Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers.
 
- 
+ 
 
 **To start MBAM Server features installation**
 
@@ -56,7 +59,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
     **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you must resolve the missing prerequisites, and then click **Check prerequisites again**. After all prerequisites are met, the installation resumes.
 
-     
+     
 
 4.  You are prompted to configure the network communication security. MBAM can encrypt the communication between the Recovery and Hardware Database, the Administration and Monitoring Server, and the clients. If you decide to encrypt the communication, you are asked to select the authority-provisioned certificate that will be used for encryption.
 
@@ -83,7 +86,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
     **Warning**  
     The port number that you specify must be an unused port number on the Administration and Monitoring server, unless a unique host header name is specified.
 
-     
+     
 
 8.  Click **Next** to continue.
 
@@ -114,7 +117,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
 
     To maintain identical memberships on all computers, you should create a domain security group and add that domain group to each local MBAM Report Users group. When you do this, you can manage the group memberships by using the domain group.
 
-     
+     
 
 ## Validating the MBAM Server feature installation
 
@@ -123,57 +126,57 @@ When the MBAM installation is complete, validate that the installation has succe
 
 **To validate MBAM Server feature installation**
 
-1.  On each server where an MBAM feature is deployed, open **Control Panel**. Click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
+1. On each server where an MBAM feature is deployed, open **Control Panel**. Click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
 
-    **Note**  
-    To validate the installation, you must use a Domain Account that has local computer administrative credentials on each server.
+   **Note**  
+   To validate the installation, you must use a Domain Account that has local computer administrative credentials on each server.
 
-     
+     
 
-2.  On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
+2. On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
 
-3.  On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance and Audit Database** is installed.
+3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance and Audit Database** is installed.
 
-4.  On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site.
+4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site.
 
-    The default Home location of a SQL Server Reporting Services site instance is at http://*<NameofMBAMReportsServer>*/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup.
+   The default Home location of a SQL Server Reporting Services site instance is at http://<NameofMBAMReportsServer>/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup.
 
-    Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source.
+   Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source.
 
-    **Note**  
-    If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
+   **Note**  
+   If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
 
-     
+     
 
-5.  On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and click **Internet Information Services (IIS) Manager**
+5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and click **Internet Information Services (IIS) Manager**
 
-6.  In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
+6. In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-7.  On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges, and then browse to the following locations in the MBAM website to verify that they load successfully:
+7. On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges, and then browse to the following locations in the MBAM website to verify that they load successfully:
 
-    -   *http://<computername>/default.aspx* and confirm each of the links for navigation and reports
+   -   *http://<computername>/default.aspx* and confirm each of the links for navigation and reports
 
-    -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
+   -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
 
-    -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
+   -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
 
-    -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+   -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
 
-    **Note**  
-    Typically, the services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://*<hostheadername>/*default.aspx.
+   **Note**  
+   Typically, the services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://<hostheadername>/default.aspx.
 
-    If the services are installed with network encryption, change http:// to https://.
+   If the services are installed with network encryption, change http:// to https://.
 
-     
+     
 
 ## Related topics
 
 
 [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md
index 385beb0d78..668966c147 100644
--- a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md
+++ b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure MBAM on Distributed Servers
 description: How to Install and Configure MBAM on Distributed Servers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9ee766aa-6339-422a-8d00-4f58e4646a5e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,22 +21,22 @@ The procedures in this topic describe the full installation of the Microsoft Bit
 
 Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). In addition, some features require that you provide certain information during the installation process to successfully deploy the feature.
 
-**Note**  
+**Note**  
 To obtain the setup log files, you have to install MBAM by using the **msiexec** package and the **/l <location>** option. Log files are created in the location that you specify.
 
 Additional setup log files are created in the %temp% folder of the user that runs the MBAM installation.
 
- 
+
 
 ## Deploy the MBAM Server features
 
 
 The following steps describe how to install the general MBAM features.
 
-**Note**  
+**Note**  
 Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers.
 
- 
+
 
 **To Deploy MBAM Server features**
 
@@ -53,107 +56,109 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
 
     -   MBAM Group Policy Template
 
-    **Note**  
+    **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation will resume.
 
-     
+
 
 4.  The MBAM Setup wizard will display the installation pages for the selected features. The following sections describe the installation procedures for each feature.
 
-    **Note**  
+    **Note**  
     Typically, each feature is installed on a separate server. If you want to install multiple features on a single server, you may change or eliminate some of the following steps.
 
-     
 
-    **To install the Recovery and Hardware Database**
 
-    1.  Choose an option for MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption.
+~~~
+**To install the Recovery and Hardware Database**
 
-    2.  Click **Next** to continue.
+1.  Choose an option for MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption.
 
-    3.  Specify the names of the computers that will be running the Administration and Monitoring Server feature, to configure access to the Recovery and Hardware Database.. Once the Administration and Monitoring Server feature is deployed, it connects to the database by using its domain account.
+2.  Click **Next** to continue.
 
-    4.  Click **Next** to continue.
+3.  Specify the names of the computers that will be running the Administration and Monitoring Server feature, to configure access to the Recovery and Hardware Database.. Once the Administration and Monitoring Server feature is deployed, it connects to the database by using its domain account.
 
-    5.  Specify the **Database Configuration** for the SQL Server instance that stores the recovery and hardware data. You must also specify where the database will be located and where the log information will be located.
+4.  Click **Next** to continue.
 
-    6.  Click **Next** to continue with the MBAM Setup wizard.
+5.  Specify the **Database Configuration** for the SQL Server instance that stores the recovery and hardware data. You must also specify where the database will be located and where the log information will be located.
 
-    **To install the Compliance and Audit Database**
+6.  Click **Next** to continue with the MBAM Setup wizard.
 
-    1.  Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Compliance and Audit Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that will be used for encryption.
+**To install the Compliance and Audit Database**
 
-    2.  Click **Next** to continue.
+1.  Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Compliance and Audit Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that will be used for encryption.
 
-    3.  Specify the user account that will be used to access the database for reports.
+2.  Click **Next** to continue.
 
-    4.  Click **Next** to continue.
+3.  Specify the user account that will be used to access the database for reports.
 
-    5.  Specify the computer names of the computers that you want to run the Administration and Monitoring Server and the Compliance and Audit Reports, to configure the access to the Compliance and Audit Database.. After the Administration and Monitoring and the Compliance and Audit Reports Server are deployed, they will connect to the databases by using their domain accounts.
+4.  Click **Next** to continue.
 
-    6.  Specify the **Database Configuration** for the SQL Server instance that will store the compliance and audit data. You must also specify where the database will be located and where the log information will be located.
+5.  Specify the computer names of the computers that you want to run the Administration and Monitoring Server and the Compliance and Audit Reports, to configure the access to the Compliance and Audit Database.. After the Administration and Monitoring and the Compliance and Audit Reports Server are deployed, they will connect to the databases by using their domain accounts.
 
-    7.  Click **Next** to continue with the MBAM Setup wizard.
+6.  Specify the **Database Configuration** for the SQL Server instance that will store the compliance and audit data. You must also specify where the database will be located and where the log information will be located.
 
-    **To install the Compliance and Audit Reports**
+7.  Click **Next** to continue with the MBAM Setup wizard.
 
-    1.  Specify the remote SQL Server instance. For example, *<ServerName>*,where the Compliance and Audit Database are installed.
+**To install the Compliance and Audit Reports**
 
-    2.  Specify the name of the Compliance and Audit Database. By default, the database name is “MBAM Compliance Status”, but you can change the name when you install the Compliance and Audit Database.
+1.  Specify the remote SQL Server instance. For example, *<ServerName>*,where the Compliance and Audit Database are installed.
 
-    3.  Click **Next** to continue.
+2.  Specify the name of the Compliance and Audit Database. By default, the database name is “MBAM Compliance Status”, but you can change the name when you install the Compliance and Audit Database.
 
-    4.  Select the SQL Server Reporting Services instance where the Compliance and Audit Reports will be installed. Provide the username and password used to access the compliance database.
+3.  Click **Next** to continue.
 
-    5.  Click **Next** to continue with the MBAM Setup wizard.
+4.  Select the SQL Server Reporting Services instance where the Compliance and Audit Reports will be installed. Provide the username and password used to access the compliance database.
 
-    **To install the Administration and Monitoring Server feature**
+5.  Click **Next** to continue with the MBAM Setup wizard.
 
-    1.  Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption.
+**To install the Administration and Monitoring Server feature**
 
-    2.  Click **Next** to continue.
+1.  Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption.
 
-    3.  Specify the remote SQL Server instance, For example, *<ServerName>*, where the Compliance and Audit Database are installed.
+2.  Click **Next** to continue.
 
-    4.  Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, but, you can change the name when you install the Compliance and Audit Database.
+3.  Specify the remote SQL Server instance, For example, *<ServerName>*, where the Compliance and Audit Database are installed.
 
-    5.  Click **Next** to continue.
+4.  Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, but, you can change the name when you install the Compliance and Audit Database.
 
-    6.  Specify the remote SQL Server instance. For example, *<ServerName>*,where the Recovery and Hardware Database are installed.
+5.  Click **Next** to continue.
 
-    7.  Specify the name of the Recovery and Hardware Database. By default, the database name is **MBAM Recovery and Hardware**, but you can change the name when you install the Recovery and Hardware Database feature.
+6.  Specify the remote SQL Server instance. For example, *<ServerName>*,where the Recovery and Hardware Database are installed.
 
-    8.  Click **Next** to continue.
+7.  Specify the name of the Recovery and Hardware Database. By default, the database name is **MBAM Recovery and Hardware**, but you can change the name when you install the Recovery and Hardware Database feature.
 
-    9.  Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at:
+8.  Click **Next** to continue.
 
-        http://*<NameofMBAMReportsServer>/*ReportServer
+9.  Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at:
 
-        **Note**  
-        If you configured the SQL Server Reporting Services as a named instance, the URL resembles the following:http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>*
+    http://*<NameofMBAMReportsServer>/*ReportServer
 
-         
+    **Note**  
+    If you configured the SQL Server Reporting Services as a named instance, the URL resembles the following:http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>*
 
-    10. Click **Next** to continue.
 
-    11. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring server
 
-        **Warning**  
-        The port number that you specify must be an unused port number on the Administration and Monitoring server, unless you specify a unique host header name.
+10. Click **Next** to continue.
 
-         
+11. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring server
 
-    12. Click **Next** to continue with the MBAM Setup wizard.
+    **Warning**  
+    The port number that you specify must be an unused port number on the Administration and Monitoring server, unless you specify a unique host header name.
 
-5.  
 
-    Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**.
 
-6.  When the selected MBAM feature information is complete, you are ready to start the MBAM installation by using the Setup wizard. Click **Back** to move through the wizard if you have to review or change your installation settings. Click **Install** to begin the installation. Click **Cancel** to exit the Wizard. Setup installs the MBAM features that you selected and notifies you that the installation is finished.
+12. Click **Next** to continue with the MBAM Setup wizard.
+~~~
 
-7.  Click **Finish** to exit the wizard.
+5. 
 
-8.  Add users to appropriate MBAM roles, after the MBAM server features are installed.. For more information, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md).
+   Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**.
+
+6. When the selected MBAM feature information is complete, you are ready to start the MBAM installation by using the Setup wizard. Click **Back** to move through the wizard if you have to review or change your installation settings. Click **Install** to begin the installation. Click **Cancel** to exit the Wizard. Setup installs the MBAM features that you selected and notifies you that the installation is finished.
+
+7. Click **Finish** to exit the wizard.
+
+8. Add users to appropriate MBAM roles, after the MBAM server features are installed.. For more information, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md).
 
 **Post-installation configuration**
 
@@ -169,10 +174,10 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
 
     -   **MBAM Report Users**: Members of this local group can access the Reports in the MBAM administration website.
 
-    **Note**  
+    **Note**  
     Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and the Compliance and Audit Reports are installed.
 
-     
+
 
 ## Validate the MBAM Server feature installation
 
@@ -181,57 +186,59 @@ When the MBAM Server feature installation is complete, you should validate that
 
 **To validate an MBAM installation**
 
-1.  On each server, where an MBAM feature is deployed, open **Control Panel**, click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
+1. On each server, where an MBAM feature is deployed, open **Control Panel**, click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
 
-    **Note**  
-    To validate the MBAM installation, you must use a Domain Account that has local computer administrative credentials on each server.
+   **Note**  
+   To validate the MBAM installation, you must use a Domain Account that has local computer administrative credentials on each server.
 
-     
 
-2.  On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
 
-3.  On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status** database is installed.
+2. On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
 
-4.  On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site.
+3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status** database is installed.
 
-    The default Home location of a SQL Server Reporting Services site instance can be found at http://*<NameofMBAMReportsServer>*/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup.
+4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site.
 
-    Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source.
+   The default Home location of a SQL Server Reporting Services site instance can be found at http://<NameofMBAMReportsServer>/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup.
 
-    **Note**  
-    If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
+   Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source.
 
-     
+   **Note**  
+   If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
 
-5.  On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**. In **Connections** browse to *<computername>*, click **Sites**, and click **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-6.  On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges and browse to the following locations in the MBAM web site, to verify that they load successfully:
 
-    -   *http://<computername>/default.aspx* and confirm each of the links for navigation and reports
+5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**. In **Connections** browse to *<computername>*, click **Sites**, and click **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-    -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
+6. On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges and browse to the following locations in the MBAM web site, to verify that they load successfully:
 
-    -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
+   -   *http://<computername>/default.aspx* and confirm each of the links for navigation and reports
 
-    -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+   -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
 
-    **Note**  
-    Typically, services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://*<hostheadername>/*default.aspx
+   -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
 
-    If the services were installed with network encryption, change http:// to https://.
+   -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
 
-     
+   **Note**  
+   Typically, services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://<hostheadername>/default.aspx
 
-    Verify that each web page loads successfully.
+   If the services were installed with network encryption, change http:// to https://.
+
+
+
+~~~
+Verify that each web page loads successfully.
+~~~
 
 ## Related topics
 
 
 [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md b/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md
index 98b6f192c9..ca6defb7b6 100644
--- a/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md
+++ b/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the MBAM 1.0 Group Policy Template
 description: How to Install the MBAM 1.0 Group Policy Template
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 451a50b0-939c-47ad-9248-a138deade550
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ The following steps describe how to install the MBAM Group Policy template.
 **Note**  
 Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers.
 
- 
+ 
 
 **To install the MBAM Group Policy template**
 
@@ -34,7 +37,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
     **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you must resolve the missing prerequisite and then click **Check prerequisites again**. Once all prerequisites are met, the installation will resume.
 
-     
+     
 
 4.  After the MBAM Setup wizard displays installation pages for the selected features, click **Finish** to close MBAM Setup.
 
@@ -43,9 +46,9 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
 
 [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md
index 01a65fde95..978349f4d2 100644
--- a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md
+++ b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the MBAM Language Update on a Single Server
 description: How to Install the MBAM Language Update on a Single Server
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e6fe59a3-a3e1-455c-a059-1f23ee083cf6
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) includes four server ro
     **Important**  
     The MBAM server features must be updated in the following order: Compliance and Audit Reports first, then Administration and Monitoring Server. The Group Policy templates can be updated at any time without concern for sequence.
 
-     
+     
 
 4.  After you upgrade the server database, open the IIS Management Console and review the bindings of the Microsoft BitLocker Administration and Monitoring website.
 
@@ -50,16 +53,16 @@ Microsoft BitLocker Administration and Monitoring (MBAM) includes four server ro
         **Note**  
         The MBAM client opens only if it can communicate with the Recovery and Hardware database.
 
-         
+         
 
 ## Related topics
 
 
 [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md
index e83d09c2d4..ec68e9b91a 100644
--- a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md
+++ b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the MBAM Language Update on Distributed Servers
 description: How to Install the MBAM Language Update on Distributed Servers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5ddc64c6-0417-4a04-843e-b5e18d9f1a52
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) includes four server ro
 **Important**  
 The MBAM server features must be updated in this order: Compliance and Audit Reports first, and then the Administration and Monitoring Server. The MBAM Group Policy templates can be updated at any time without concern for sequence.
 
- 
+ 
 
 **To install the MBAM Language Update on the MBAM Compliance and Audit Report Server feature**
 
@@ -54,16 +57,16 @@ The MBAM server features must be updated in this order: Compliance and Audit Rep
         **Note**  
         The MBAM client opens only if it can communicate with the Recovery and Hardware database.
 
-         
+         
 
 ## Related topics
 
 
 [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md b/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md
index be84e0ac31..8dcdf2d88f 100644
--- a/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md
+++ b/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Computer BitLocker Encryption Exemptions
 description: How to Manage Computer BitLocker Encryption Exemptions
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d4400a0d-b36b-4cf5-a294-1f53ec47f9ee
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ To exempt a computer from BitLocker encryption, you must add the computer to a s
 **Note**  
 If the computer is already BitLocker-protected, the computer exemption policy has no effect.
 
- 
+ 
 
 **To exempt a computer from BitLocker encryption**
 
@@ -36,9 +39,9 @@ If the computer is already BitLocker-protected, the computer exemption policy ha
 
 [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md b/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md
index fcde03ee6b..f8a0500186 100644
--- a/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md
+++ b/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage Hardware Compatibility
 description: How to Manage Hardware Compatibility
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c74b96b9-8161-49bc-b5bb-4838734e7df5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ The Hardware Compatibility feature is helpful when your organization has older c
 **Note**  
 By default, MBAM Hardware Compatibility feature is not enabled. To enable it, select the **Hardware Compatibility** feature under the **Administration and Monitoring Server** feature during setup. For more information about how to set up and configure Hardware Compatibility, see [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md).
 
- 
+ 
 
 The Hardware Compatibility feature works in the following way.
 
@@ -44,7 +47,7 @@ The Hardware Compatibility feature works in the following way.
 **Warning**  
 If the MBAM client agent tries to encrypt a computer that does not support BitLocker drive encryption, there is a possibility that the computer will become corrupted. Ensure that the hardware compatibility feature is correctly configured when your organization has older hardware that does not support BitLocker.
 
- 
+ 
 
 **To manage hardware compatibility**
 
@@ -59,7 +62,7 @@ If the MBAM client agent tries to encrypt a computer that does not support BitLo
     **Note**  
     After you set a computer model as compatible, it can take more than twenty-four hours for the MBAM Client to begin BitLocker encryption on the computers matching that hardware model.
 
-     
+     
 
 5.  Administrators should regularly monitor the hardware compatibility list to review new models that are discovered by the MBAM agent, and then update their compatibility setting to **Compatible** or **Incompatible** as appropriate.
 
@@ -68,9 +71,9 @@ If the MBAM client agent tries to encrypt a computer that does not support BitLo
 
 [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md b/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md
index 16b72a3627..7deb0b2e0a 100644
--- a/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md
+++ b/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage MBAM Administrator Roles
 description: How to Manage MBAM Administrator Roles
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c0f25a42-dbff-418d-a776-4fe23ee07d16
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md b/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md
index bda989c8f2..02e890969a 100644
--- a/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md
+++ b/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel
 description: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c08077e1-5529-468f-9370-c3b33fc258f3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ A Microsoft BitLocker Administration and Monitoring (MBAM) control panel applica
 **Note**  
 For the BitLocker client, the Admin and Operational log files are located in Event Viewer, under **Application and Services Logs** / **Microsoft** / **Windows** / **BitLockerManagement**.
 
- 
+ 
 
 **To use the MBAM Client Control Panel**
 
@@ -38,9 +41,9 @@ For the BitLocker client, the Admin and Operational log files are located in Eve
 
 [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md b/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md
index 391c3bd185..3116ec7a92 100644
--- a/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md
+++ b/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage User BitLocker Encryption Exemptions
 description: How to Manage User BitLocker Encryption Exemptions
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 48d69721-504f-4524-8a04-b9ce213ac9b4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ To exempt users from BitLocker protection, an organization must first create an
 **Note**  
 If the computer is already BitLocker-protected, the user exemption policy has no effect.
 
- 
+ 
 
 The following table shows how BitLocker protection is applied based on how exemptions are set.
 
@@ -52,7 +55,7 @@ The following table shows how BitLocker protection is applied based on how exemp
 
 
 
- 
+ 
 
 **To exempt a user from BitLocker Encryption**
 
@@ -65,7 +68,7 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Note**  
     Shared computer scenarios require special consideration regarding user exemption. If a non-exempt user logs on to a computer shared with an exempt user, the computer may be encrypted.
 
-     
+     
 
 **To enable users to request exemption from BitLocker Encryption**
 
@@ -76,7 +79,7 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Note**  
     Selecting **Request Exemption** will postpone the BitLocker protection until the maximum time set in the User Exemption Policy.
 
-     
+     
 
 3.  When a user selects **Request Exemption**, the user is notified to contact the organization's BitLocker administration group. Depending on how the Configure User Exemption Policy is configured, users are provided with one or more of the following contact methods:
 
@@ -91,16 +94,16 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Note**  
     Once the postpone time limit from the User Exemption Policy has expired, users will not see the option to request exemption to the encryption policy. At this point, users must contact the MBAM administrator directly in order to receive exemption from BitLocker Protection.
 
-     
+     
 
 ## Related topics
 
 
 [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md b/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md
index 065f628183..b300c0341b 100644
--- a/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md
+++ b/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move MBAM 1.0 Features to Another Computer
 description: How to Move MBAM 1.0 Features to Another Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e1907d92-6b42-4ba3-b0e4-60a9cc8285cc
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -55,10 +58,10 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To run this PowerShell command prompt, you must add the IIS Module for PowerShell to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable the execution of scripts.
 
-     
+
 
 **To run MBAM setup on Server B**
 
@@ -68,14 +71,14 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=KeyDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery and Hardware database will be moved.
 
     -   $DOMAIN$\\$SERVERNAME$ - Enter the domain and server names of each MBAM Application and Monitoring Server that will contact the Recovery and Hardware database. If there are multiple domain and server names, use a semicolon to separate each one of them in the list. For example, $DOMAIN\\SERVERNAME$;$DOMAIN\\$SERVERNAME$$. Additionally, each server name must be followed by a **$**. For example, MyDomain\\MyServerName1$, MyDomain\\MyServerName2$.
 
-     
+
 
 **To back up the Database on Server A**
 
@@ -129,23 +132,23 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `GO`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with those that match your environment:
 
     -   $PASSWORD$ - Enter a password that you will use to encrypt the Private Key file.
 
-     
+
 
 3.  Execute the SQL file by using SQL Server PowerShell and a command that is similar to the following:
 
     `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the value in the previous example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and the instance from which you back up the Recovery and Hardware database.
 
-     
+
 
 **To move the Database and Certificate from Server A to B**
 
@@ -159,14 +162,14 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” \\$SERVERNAME$\$DESTINATIONSHARE$`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with those that match your environment:
 
     -   $SERVERNAME$ - Enter the name of the server to which the files will be copied.
 
     -   $DESTINATIONSHARE$ - Enter the name of the share and path to which the files will be copied.
 
-     
+
 
 **To restore the Database on Server B**
 
@@ -216,23 +219,23 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `   WITH REPLACE`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with those that match your environment:
 
     -   $PASSWORD$ - Enter the password that you used to encrypt the Private Key file.
 
-     
+
 
 5.  Use Windows PowerShell to enter a command line that is similar to the following:
 
     `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the value from the receding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and the instance to which the Recovery and Hardware Database will be restored.
 
-     
+
 
 **Configure the access to the Database on Server B**
 
@@ -242,45 +245,47 @@ You can use the following procedure to move the MBAM Recovery and Hardware Datab
 
     `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$  /add`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain name and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**, for example, MyDomain\\MyServerName1$.
 
-     
 
-    You must run the command for each Administration and Monitoring Server that will be accessing the database in your environment.
+
+~~~
+You must run the command for each Administration and Monitoring Server that will be accessing the database in your environment.
+~~~
 
 **To update the Database Connection data on MBAM Administration and Monitoring Servers**
 
-1.  On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Microsoft BitLocker Administration and Monitoring website:
+1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Microsoft BitLocker Administration and Monitoring website:
 
-    -   MBAM Administration Service
+   -   MBAM Administration Service
 
-    -   MBAM Recovery And Hardware Service
+   -   MBAM Recovery And Hardware Service
 
-2.  Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**.
+2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**.
 
-3.  Select the **configurationStrings** option from the Section list control.
+3. Select the **configurationStrings** option from the Section list control.
 
-4.  Choose the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row.
+4. Choose the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row.
 
-5.  In the **Collection Editor**, choose the row named **KeyRecoveryConnectionString** when you updated the configuration for the ‘MBAMAdministrationService’ application, or choose the row named **Microsoft.Mbam.RecoveryAndHardwareDataStore.**ConnectionString, when updating the configuration for the ‘MBAMRecoveryAndHardwareService’.
+5. In the **Collection Editor**, choose the row named **KeyRecoveryConnectionString** when you updated the configuration for the ‘MBAMAdministrationService’ application, or choose the row named Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString, when updating the configuration for the ‘MBAMRecoveryAndHardwareService’.
 
-6.  Update the **Data Source=** value for the **configurationStrings** property to list the server name and the instance where the Recovery and Hardware Database was moved to. For example, $SERVERNAME$\\$SQLINSTANCENAME$.
+6. Update the **Data Source=** value for the **configurationStrings** property to list the server name and the instance where the Recovery and Hardware Database was moved to. For example, $SERVERNAME$\\$SQLINSTANCENAME$.
 
-7.  To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell on each Administration and Monitoring Server:
+7. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell on each Administration and Monitoring Server:
 
-    `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”`
+   `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”`
 
-    `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"`
+   `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"`
 
-    **Note**  
-    Replace the value from the preceding example with those that match your environment:
+   **Note**  
+   Replace the value from the preceding example with those that match your environment:
+
+   -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery and Hardware database is.
 
-    -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery and Hardware database is.
 
-     
 
 **To resume all instances of the MBAM Administration and Monitoring website**
 
@@ -319,10 +324,10 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To execute this command, you must add the IIS Module for PowerShell to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable the execution of scripts.
 
-     
+
 
 **To run MBAM Setup on Server B**
 
@@ -332,7 +337,7 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal= ReportsDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$ COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNT=$DOMAIN$\$USERNAME$`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database will be moved to.
@@ -341,7 +346,7 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     -   $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit reports feature to connect to the Compliance Status Database.
 
-     
+
 
 **To back up the Compliance Database on Server A**
 
@@ -383,12 +388,12 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" –ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and the instance from where the Compliance Status database will be backed up.
 
-     
+
 
 **To move the Database from Server A to B**
 
@@ -400,14 +405,14 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> Copy-Item “Z:\MBAM Compliance Status Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with those that match your environment:
 
     -   $SERVERNAME$ - Enter the server name where the files will be copied to.
 
     -   $DESTINATIONSHARE$ - Enter the name of share and path where the files will be copied to.
 
-     
+
 
 **To restore the Database on Server B**
 
@@ -435,12 +440,12 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database will be restored to.
 
-     
+
 
 **To configure the Access to the Database on Server B**
 
@@ -452,16 +457,18 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$REPORTSUSERNAME$  /add`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**.For example, MyDomain\\MyServerName1$.
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports
 
-     
 
-    For each Administration and Monitoring Server that will access the database of your environment, you must run the command that will add the servers to the MBAM Compliance Auditing DB Access local group.
+
+~~~
+For each Administration and Monitoring Server that will access the database of your environment, you must run the command that will add the servers to the MBAM Compliance Auditing DB Access local group.
+~~~
 
 **To update the database connection data on MBAM Administration and Monitoring servers**
 
@@ -487,12 +494,12 @@ If you choose to move the MBAM Compliance Status Database feature from one compu
 
     `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMComplianceStatusService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance name where the Recovery and Hardware Database is located.
 
-     
+
 
 **To resume all instances of the MBAM Administration and Monitoring website**
 
@@ -525,7 +532,7 @@ If you choose to move the MBAM Compliance and Audit Reports from one computer to
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=Reports COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNTPW=$PASSWORD$`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database is located.
@@ -534,7 +541,7 @@ If you choose to move the MBAM Compliance and Audit Reports from one computer to
 
     -   $PASSWORD$ - Enter the password of the user account that will be used to connect to the Compliance Status Database.
 
-     
+
 
 **To configure the access to the Compliance and Audit Reports on Server B**
 
@@ -544,14 +551,16 @@ If you choose to move the MBAM Compliance and Audit Reports from one computer to
 
     `PS C:\> net localgroup "MBAM Report Users" $DOMAIN$\$REPORTSUSERNAME$  /add`
 
-    **Note**  
+    **Note**  
     Replace the following value from the preceding example with the applicable values for your environment:
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports
 
-     
 
-    The command to add the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment.
+
+~~~
+The command to add the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment.
+~~~
 
 **To stop all instances of the MBAM Administration and Monitoring website**
 
@@ -563,30 +572,30 @@ If you choose to move the MBAM Compliance and Audit Reports from one computer to
 
 **To update the Database Connection Data on MBAM Administration and Monitoring Servers**
 
-1.  On each of the servers that run the MBAM Administration and Monitoring Feature, use the Internet Information Services (IIS) Manager console to update the Compliance Reports URL.
+1. On each of the servers that run the MBAM Administration and Monitoring Feature, use the Internet Information Services (IIS) Manager console to update the Compliance Reports URL.
 
-2.  Select the **Microsoft BitLocker Administration and Monitoring** website and use the **Configuration Editor** feature which can be found under the **Management** section of the **Feature View**.
+2. Select the **Microsoft BitLocker Administration and Monitoring** website and use the **Configuration Editor** feature which can be found under the **Management** section of the **Feature View**.
 
-3.  Select the **appSettings** option from the Section list control.
+3. Select the **appSettings** option from the Section list control.
 
-4.  From here, select the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row.
+4. From here, select the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row.
 
-5.  In the **Collection Editor**, select the row named “Microsoft.Mbam.Reports.Url”.
+5. In the **Collection Editor**, select the row named “Microsoft.Mbam.Reports.Url”.
 
-6.  Update the value for Microsoft.Mbam.Reports.Url to reflect the server name for Server B. If the Compliance and Audit reports feature was installed on a named SQL Reporting Services instance, make sure that you add or update the name of the instance to the URL. For example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages....
+6. Update the value for Microsoft.Mbam.Reports.Url to reflect the server name for Server B. If the Compliance and Audit reports feature was installed on a named SQL Reporting Services instance, make sure that you add or update the name of the instance to the URL. For example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages....
 
-7.  To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following one on each Administration and Monitoring Server:
+7. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following one on each Administration and Monitoring Server:
 
-    `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/Malta+Compliance+Reports/”`
+   `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/Malta+Compliance+Reports/”`
 
-    **Note**  
-    Replace the value from the preceding example with those that match your environment:
+   **Note**  
+   Replace the value from the preceding example with those that match your environment:
 
-    -   $SERVERNAME$ - Enter the name of the server to which the Compliance and Audit Reports were installed.
+   -   $SERVERNAME$ - Enter the name of the server to which the Compliance and Audit Reports were installed.
+
+   -   $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed.
 
-    -   $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed.
 
-     
 
 **To resume all instances of the MBAM Administration and Monitoring website**
 
@@ -596,10 +605,10 @@ If you choose to move the MBAM Compliance and Audit Reports from one computer to
 
     `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To execute this command, the IIS Module for PowerShell must be added to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable execution of scripts.
 
-     
+
 
 ## To move the Administration and Monitoring feature
 
@@ -618,7 +627,7 @@ If you choose to move the MBAM Administration and Monitoring Reports feature fro
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=AdministrationMonitoringServer,HardwareCompatibility COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ SRS_REPORTSITEURL=$REPORTSSERVERURL$`
 
-    **Note**  
+    **Note**  
     Replace the values from the preceding example with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - For the COMPLIDB\_SQLINSTANCE parameter, input the server name and instance where the Compliance Status Database is located. For the RECOVERYANDHWDB\_SQLINSTANCE parameter, input the server name and instance where the Recovery and Hardware Database is located.
@@ -627,7 +636,7 @@ If you choose to move the MBAM Administration and Monitoring Reports feature fro
 
     -   $ REPORTSSERVERURL$ - Enter the URL for the Home location of the SQL Reporting Service website. If the reports were installed to a default SRS instance the URL format will formatted “http:// $SERVERNAME$/ReportServer”. If the reports were installed to a default SRS instance, the URL format will be formatted to “http://$SERVERNAME$/ReportServer\_$SQLINSTANCENAME$”.
 
-     
+
 
 **To configure the Access to the Databases**
 
@@ -643,25 +652,27 @@ If you choose to move the MBAM Administration and Monitoring Reports feature fro
 
     `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$  /add`
 
-    **Note**  
+    **Note**  
     Replace the value from the preceding example with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**. For example, MyDomain\\MyServerName1$)
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports.
 
-     
 
-    The commands listed for adding the server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment.
+
+~~~
+The commands listed for adding the server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment.
+~~~
 
 ## Related topics
 
 
 [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md
index d4429e4d2f..4cface3663 100644
--- a/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md
+++ b/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Corrupted Drive
 description: How to Recover a Corrupted Drive
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 715491ae-69c0-4fae-ad3f-3bd19a0db2f2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +28,7 @@ To recover a corrupted drive that has been protected by BitLocker, a Microsoft B
     **Note**  
     If you are a member of the Help Desk Administrators role, you do not have to enter the user’s domain name or user name.
 
-     
+     
 
 3.  Click **Submit**. The recovery key will be displayed.
 
@@ -42,16 +45,16 @@ To recover a corrupted drive that has been protected by BitLocker, a Microsoft B
     **Note**  
     For the <fixed drive> in the command, specify an available storage device that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified fixed drive.
 
-     
+     
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md
index ff0069c71c..b1d3a350ea 100644
--- a/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md
+++ b/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Drive in Recovery Mode
 description: How to Recover a Drive in Recovery Mode
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 09d27e4b-57fa-47c7-a004-8b876a49f27e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ Use this procedure to access the centralized Key Recovery data system that can p
 **Important**  
 MBAM generates single-use recovery keys. Under this limitation, a recovery key can be used only once and then it is no longer valid. The single use of a recovery password is automatically applied to operating system drives and fixed drives. On removable drives, the single use is applied when the drive is removed and then re-inserted and unlocked on a computer that has the group policy settings activated to manage removable drives.
 
- 
+ 
 
 **To recover a drive in Recovery Mode**
 
@@ -34,7 +37,7 @@ MBAM generates single-use recovery keys. Under this limitation, a recovery key c
     **Note**  
     If you are an MBAM Advanced Helpdesk User, the user domain and user ID entries are not required.
 
-     
+     
 
 4.  MBAM returns the following:
 
@@ -47,7 +50,7 @@ MBAM generates single-use recovery keys. Under this limitation, a recovery key c
         **Note**  
         If you are recovering a damaged drive, the recovery package option provides BitLocker with the critical information necessary to attempt the recovery.
 
-         
+         
 
 5.  After the recovery password and recovery package are retrieved, the recovery password is displayed. To copy the password, click **Copy Key**, and then paste the recovery password into an email or other text file for temporary storage. Or, to save the recovery password to a file, click **Save**.
 
@@ -58,9 +61,9 @@ MBAM generates single-use recovery keys. Under this limitation, a recovery key c
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md
index c0cd5a62de..094d762b26 100644
--- a/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md
+++ b/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Moved Drive
 description: How to Recover a Moved Drive
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0c7199d8-9463-4f44-9af3-b70eceeaff1d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +28,7 @@ When you move an operating system drive that has been previously encrypted by us
     **Note**  
     In some cases, you might be able to click **I forget the PIN** during the startup process to enter the recovery mode. This also displays the recovery key ID.
 
-     
+     
 
 3.  On the MBAM administration website, use the recovery key ID to retrieve the recovery password and unlock the drive.
 
@@ -38,9 +41,9 @@ When you move an operating system drive that has been previously encrypted by us
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md b/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md
index d91e575485..bb5ddfe3f6 100644
--- a/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md
+++ b/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: How to Reset a TPM Lockout
 description: How to Reset a TPM Lockout
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 91ec6666-1ae2-4e76-9459-ad65c405f639
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -35,7 +38,7 @@ A TPM lockout can occur if a user enters an incorrect PIN too many times. The nu
     **Note**  
     If you are an Advanced Helpdesk User, the user domain and user ID fields are not required.
 
-     
+     
 
 5.  Upon retrieval, the owner password is displayed. To save this password to a .tpm file, click the **Save** button.
 
@@ -46,9 +49,9 @@ A TPM lockout can occur if a user enters an incorrect PIN too many times. The nu
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
index 5193c1c997..2bc9d1d30a 100644
--- a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
+++ b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: Known Issues in the MBAM International Release
 description: Known Issues in the MBAM International Release
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bbf888dc-93c1-4323-b43c-0ded098e9b93
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/maintaining-mbam-10.md b/mdop/mbam-v1/maintaining-mbam-10.md
index bb2fab9d98..38d6ea5192 100644
--- a/mdop/mbam-v1/maintaining-mbam-10.md
+++ b/mdop/mbam-v1/maintaining-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Maintaining MBAM 1.0
 description: Maintaining MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 02ffb093-c364-4837-bbe8-23d4c09fbd3d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/mbam-10-deployment-checklist.md b/mdop/mbam-v1/mbam-10-deployment-checklist.md
index d10db302be..24865d56ec 100644
--- a/mdop/mbam-v1/mbam-10-deployment-checklist.md
+++ b/mdop/mbam-v1/mbam-10-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 1.0 Deployment Checklist
 description: MBAM 1.0 Deployment Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7e00be23-36a0-4b0f-8663-3c4f2c71546d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 This checklist is designed to facilitate your deployment of Microsoft BitLocker Administration and Monitoring (MBAM).
 
-**Note**  
+**Note**  
 This checklist outlines the recommended steps and provides a high-level list of items to consider when you deploy the MBAM features. We recommend that you copy this checklist into a spreadsheet program and customize it for your specific needs.
 
- 
+
 
 @@ -40,13 +43,13 @@ This checklist outlines the recommended steps and provides a high-level list of
 
-
+
-
+
@@ -60,46 +63,45 @@ This checklist outlines the recommended steps and provides a high-level list of
 
      • MBAM Group Policy Template
        • 
-Note  
-
        Keep track of the names of the servers each feature is installed on. You will use this information throughout the installation process.
        
+Note
        Keep track of the names of the servers each feature is installed on. You will use this information throughout the installation process.
        
 
        
- 
+
 
        
-
+
-
-
+
+
-
+
-
+
        
 

        
 Checklist box
 
        Complete the planning phase to prepare the computing environment for MBAM deployment.
        [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md)
        MBAM 1.0 Planning Checklist
        		
 
        		
 
        
 
        
 Checklist box
 
        Review the information on MBAM supported configurations to make sure that your selected client and server computers are supported for MBAM feature installation.
        [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
        MBAM 1.0 Supported Configurations
        		
 
        		
 
        
 
        
 
 
 
        [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
        Deploying the MBAM 1.0 Server Infrastructure
        		
 
        		
 
        
 
        
 Checklist box
        Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on the appropriate servers.
        [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md) and [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-1.md)
        Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on the appropriate servers.
        Planning for MBAM 1.0 Administrator Roles and How to Manage MBAM Administrator Roles
        		
 
        		
 
        
 
        
 Checklist box
 
        Create and deploy the required MBAM Group Policy Objects.
        [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
        Deploying MBAM 1.0 Group Policy Objects
        		
 
        		
 
        
 
        
 Checklist box
 
        Deploy the MBAM Client software.
        [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
        Deploying the MBAM 1.0 Client
        		
 
        		
 
        
         
 
        
 
- 
+
 
 ## Related topics
 
 
 [Deploying MBAM 1.0](deploying-mbam-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/mbam-10-deployment-prerequisites.md b/mdop/mbam-v1/mbam-10-deployment-prerequisites.md
index b26a995579..700410a63d 100644
--- a/mdop/mbam-v1/mbam-10-deployment-prerequisites.md
+++ b/mdop/mbam-v1/mbam-10-deployment-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 1.0 Deployment Prerequisites
 description: MBAM 1.0 Deployment Prerequisites
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bd9e1010-7d25-43e7-8dc6-b521226a659d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -86,12 +89,12 @@ The following table contains the installation prerequisites for the MBAM Adminis
 
 
 
- 
+ 
 
 **Note**  
 For a list of supported operating systems, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 ### Installation prerequisites for the Compliance and Audit Reports
 
@@ -102,7 +105,7 @@ SSRS must be installed and running during MBAM server installation. SSRS should
 **Note**  
 For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 ### Installation prerequisites for the Recovery and Hardware Database
 
@@ -113,14 +116,14 @@ SQL Server must have Database Engine Services installed and running during the M
 **Note**  
 For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 The TDE SQL Server feature performs real-time input/output (I/O) encryption and decryption of the data and log files. TDE protects data that is "at rest,” which include the data and the log files. It provides the ability to comply with many laws, regulations, and guidelines that are established in various industries.
 
 **Note**  
 Because TDE performs real-time decryption of database information, the recovery key information will be visible if the account under which you are logged in has permissions to the database when you view the recovery key information SQL tables.
 
- 
+ 
 
 ### Installation prerequisites for the Compliance and Audit Database
 
@@ -131,7 +134,7 @@ SQL Server must have Database Engine Services installed and running during MBAM
 **Note**  
 For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 ## Installation prerequisites for MBAM Clients
 
@@ -145,7 +148,7 @@ The necessary prerequisites that you must meet before you begin the MBAM Client
 **Warning**  
 Ensure that the keyboard, mouse, and video are directly connected to the computer, instead of to a keyboard, video, mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.
 
- 
+ 
 
 ## Related topics
 
@@ -154,9 +157,9 @@ Ensure that the keyboard, mouse, and video are directly connected to the compute
 
 [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/mbam-10-planning-checklist.md b/mdop/mbam-v1/mbam-10-planning-checklist.md
index 1ecd02262c..97e5d82a85 100644
--- a/mdop/mbam-v1/mbam-10-planning-checklist.md
+++ b/mdop/mbam-v1/mbam-10-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 1.0 Planning Checklist
 description: MBAM 1.0 Planning Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e9439f16-d68b-48ed-99ce-5949356b180b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can use this checklist to plan and prepare your computing environment for Mi
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when you plan for an MBAM deployment. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -40,64 +43,64 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
        
 

        
 Checklist box
 
        Review the “getting started” information about MBAM to gain a basic understanding of the product before you begin the deployment planning.
        [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
        Getting Started with MBAM 1.0
        		
 
        		
 
        
 
        
 Checklist box
 
        Plan for MBAM 1.0 Deployment Prerequisites and prepare your computing environment.
        [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
        MBAM 1.0 Deployment Prerequisites
        		
 
        		
 
        
 
        
 Checklist box
 
        Plan for and configure MBAM Group Policy requirements.
        [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md)
        Planning for MBAM 1.0 Group Policy Requirements
        		
 
        		
 
        
 
        
 Checklist box
 
        Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
        [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md)
        Planning for MBAM 1.0 Administrator Roles
        		
 
        		
 
        
 
        
 Checklist box
 
        Review the MBAM 1.0 Supported Configurations documentation to ensure hardware that meets MBAM installation system requirements is available.
        [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
        MBAM 1.0 Supported Configurations
        		
 
        		
 
        
 
        
 Checklist box
 
        Plan for MBAM Server feature deployment.
        [Planning for MBAM 1.0 Server Deployment](planning-for-mbam-10-server-deployment.md)
        Planning for MBAM 1.0 Server Deployment
        		
 
        		
 
        
 
        
 Checklist box
 
        Plan for MBAM Client deployment.
        [Planning for MBAM 1.0 Client Deployment](planning-for-mbam-10-client-deployment.md)
        Planning for MBAM 1.0 Client Deployment
        		
 
        		
 
        
 
        
 Checklist box
 
        Validate your deployment plan in a lab environment.
        [Evaluating MBAM 1.0](evaluating-mbam-10.md)
        Evaluating MBAM 1.0
        		
 
        		
 
        
         
 
        
 
- 
+ 
 
 ## Related topics
 
 
 [Planning for MBAM 1.0](planning-for-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/mbam-10-supported-configurations.md b/mdop/mbam-v1/mbam-10-supported-configurations.md
index 4a2bb2223e..b15e8336ad 100644
--- a/mdop/mbam-v1/mbam-10-supported-configurations.md
+++ b/mdop/mbam-v1/mbam-10-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 1.0 Supported Configurations
 description: MBAM 1.0 Supported Configurations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1f5ac58e-6a3f-47df-8a9b-4b57631ab9ee
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,10 +26,10 @@ This topic specifies the necessary requirements to install and run Microsoft Bit
 
 The following table lists the operating systems that are supported for the Microsoft BitLocker Administration and Monitoring Server installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -45,13 +48,13 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
@@ -59,20 +62,20 @@ Microsoft provides support for the current service pack and, in some cases, the
 
        
 

 
 
        Windows Server 2008
        Windows Server 2008
        		
 
        Standard, Enterprise, Datacenter, or Web Server
        		
 
        SP2 only
        		
 
        32-bit or 64-bit
        		
 
        
 
        Windows Server 2008 R2
        Windows Server 2008 R2
        		
 
        Standard, Enterprise, Datacenter, or Web Server
        		
 
 
        64-bit
        
 
        
 
- 
 
-**Warning**  
+
+**Warning**  
 There is no support for installing MBAM services, reports, or databases on a domain controller computer.
 
- 
+
 
 ### Server random access memory (RAM) requirements
 
 There are no RAM requirements that are specific to MBAM Server installation.
 
-### SQL Server Database requirements
+### SQL Server Database requirements
 
-The following table lists the SQL Server versions that are supported for the MBAM Server feature installation.
+The following table lists the SQL Server versions that are supported for the MBAM Server feature installation.
 
 @@ -94,28 +97,27 @@ The following table lists the SQL Server versions that are supported for the MB
 
-
+
-
+
-
+
@@ -123,7 +125,7 @@ The following table lists the SQL Server versions that are supported for the MB
 
        
 

 
        
 
        Compliance and Audit Reports
        Microsoft SQL Server 2008 
        Microsoft SQL Server 2008 
        		
 
        R2, Standard, Enterprise, Datacenter, or Developer Edition
        		
 
        SP2
        		
 
        32-bit or 64-bit
        		
 
        
 
        
 
        Recovery and Hardware Database
        Microsoft SQL Server 2008 
        Microsoft SQL Server 2008 
        		
 
        R2, Enterprise, Datacenter, or Developer Edition
        
 
        
-Important  
-
        SQL Server Standard Editions are not supported for MBAM Recovery and Hardware Database Server feature installation.
        
+Important
        SQL Server Standard Editions are not supported for MBAM Recovery and Hardware Database Server feature installation.
        
 
        
 
        
- 
+
 
        		
 
        SP2
        		
 
        32-bit or 64-bit
        		
 
        
 
        
 
        Compliance and Audit Database
        Microsoft SQL Server 2008 
        Microsoft SQL Server 2008 
        		
 
        R2, Standard, Enterprise, Datacenter, or Developer Edition
        		
 
        SP2
        		
 
        32-bit or 64-bit
        
 
        
 
- 
+
 
 ##  MBAM Client system requirements
 
@@ -132,10 +134,10 @@ The following table lists the SQL Server versions that are supported for the MB
 
 The following table lists the operating systems that are supported for MBAM Client installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 @@ -154,13 +156,13 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
@@ -168,7 +170,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 
        
 

 
 
        Windows 7
        Windows 7
        		
 
        Enterprise Edition
        		
 
        None, SP1
        		
 
        32-bit or 64-bit
        		
 
        
 
        Windows 7
        Windows 7
        		
 
        Ultimate Edition
        		
 
        None, SP1
        		
 
        32-bit or 64-bit
        
 
        
 
- 
+
 
 ### Client RAM requirements
 
@@ -181,9 +183,9 @@ There are no RAM requirements that are specific to the MBAM Client installation.
 
 [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md b/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md
index afa4bb1fd2..35db4e0f57 100644
--- a/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md
+++ b/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring and Reporting BitLocker Compliance with MBAM 1.0
 description: Monitoring and Reporting BitLocker Compliance with MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fb497d3f-ff33-4747-8e34-366440ee25c2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/operations-for-mbam-10.md b/mdop/mbam-v1/operations-for-mbam-10.md
index cf16ed277d..4f6a0e333e 100644
--- a/mdop/mbam-v1/operations-for-mbam-10.md
+++ b/mdop/mbam-v1/operations-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for MBAM 1.0
 description: Operations for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2c358fa1-4795-45ab-9316-02db4aaa6d5f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md b/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md
index 55fdc98190..0efb74fc83 100644
--- a/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md
+++ b/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md
@@ -1,8 +1,11 @@
 ---
 title: Performing BitLocker Management with MBAM
 description: Performing BitLocker Management with MBAM
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2d24390a-87bf-48b3-96a9-3882d6f2a15c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md b/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md
index 3e0ed8dbc4..cd65628a24 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 1.0 Administrator Roles
 description: Planning for MBAM 1.0 Administrator Roles
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 95be0eb4-25e9-43ca-a8e7-27373d35544d
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -37,16 +40,16 @@ Administrators in this role have increased access to the Helpdesk features from
 **Important**  
 To view the reports, an administrative user must be a member of the **MBAM Report Users** security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Reports feature. As a best practice, create a security group in Active Directory with rights on the local **MBAM Report Users** security group on both the Administration and Monitoring Server and on the server that hosts the Compliance and Reports.
 
- 
+ 
 
 ## Related topics
 
 
 [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md
index 3be3031615..c493b0b251 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 1.0 Client Deployment
 description: Planning for MBAM 1.0 Client Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3af2e7f3-134b-4ab9-9847-b07474ca6ac3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ You can use one or both methods in your organization. If you use both methods, y
 **Note**  
 To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
- 
+ 
 
 ## Deploying the MBAM Client to enable BitLocker encryption after computer distribution to end users
 
@@ -33,7 +36,7 @@ When you deploy the MBAM Client, after you distribute the computers to end users
 **Note**  
 In this approach, users are prompted to activate and initialize the Trusted Platform Module (TPM) chip, if it has not been previously activated.
 
- 
+ 
 
 ## Using the MBAM Client to enable BitLocker encryption before computer distribution to end users
 
@@ -45,7 +48,7 @@ If your organization wants to use (TPM) to encrypt computers, the administrator
 **Note**  
 The TPM protector option requires for the administrator to accept the BIOS prompt to activate and initialize the TPM before delivering the computer to the user.
 
- 
+ 
 
 ## Related topics
 
@@ -54,9 +57,9 @@ The TPM protector option requires for the administrator to accept the BIOS promp
 
 [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md b/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md
index 90395e88ee..eb5ac48c44 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 1.0 Group Policy Requirements
 description: Planning for MBAM 1.0 Group Policy Requirements
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0fc9c509-7850-4a8e-bb82-b949025bcb02
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,19 +19,19 @@ ms.date: 06/16/2016
 
 Microsoft BitLocker Administration and Monitoring (MBAM) Client management requires custom Group Policy settings to be applied. This topic describes the available policy options for Group Policy Object (GPO) when you use MBAM to manage BitLocker Drive Encryption in the enterprise.
 
-**Important**  
+**Important**  
 MBAM does not use the default GPO settings for Windows BitLocker drive encryption. If the default settings are enabled, they can cause conflicting behavior. To enable MBAM to manage BitLocker, you must define the GPO policy settings after you install the MBAM Group Policy Template.
 
- 
+
 
 After you install the MBAM Group Policy template, you can view and modify the available custom MBAM GPO policy settings that enable MBAM to manage the enterprise BitLocker encryption. The MBAM Group Policy template must be installed on a computer that is capable of running the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) MDOP technology. Next, to edit the applicable GPO, open the GPMC or AGPM, and then navigate to the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**.
 
 The MDOP MBAM (BitLocker Management) GPO node contains four global policy settings and four child GPO setting nodes, respectively. The four GPO global policy settings are: Client Management, Fixed Drive, Operating System Drive, and Removable Drive. The following sections provide policy definitions and suggested policy settings to help you plan for the MBAM GPO policy setting requirements.
 
-**Note**  
+**Note**  
 For more information about configuring the minimum suggested GPO settings to enable MBAM to manage BitLocker encryption, see [How to Edit MBAM 1.0 GPO Settings](how-to-edit-mbam-10-gpo-settings.md).
 
- 
+
 
 ## Global policy definitions
 
@@ -75,7 +78,7 @@ This section describes the MBAM Global policy definitions, which can be found at
 
 
 
- 
+
 
 ## Client Management policy definitions
 
@@ -113,11 +116,10 @@ This section describes the Client Management policy definitions for MBAM, found
 
        You should enable this policy option if your enterprise has older computer hardware or computers that do not support Trusted Platform Module (TPM). If either of these criteria is true, enable the hardware compatibility verification to make sure that MBAM is applied only to computer models that support BitLocker. If all computers in your organization support BitLocker, you do not have to deploy the Hardware Compatibility, and you can set this policy to Not Configured.
        
 
        If you enable this policy setting, the model of the computer is validated against the hardware compatibility list once every 24 hours, before the policy enables BitLocker protection on a computer drive.
        
 
        
-Note  
-
        Before enabling this policy setting, make sure that you have configured the MBAM Recovery and Hardware service endpoint setting in the Configure MBAM Services policy options.
        
+Note
        Before enabling this policy setting, make sure that you have configured the MBAM Recovery and Hardware service endpoint setting in the Configure MBAM Services policy options.
        
 
        
 
        
- 
+
 
        
 
        If you either disable or do not configure this policy setting, the computer model is not validated against the hardware compatibility list.
        
 
@@ -125,20 +127,19 @@ This section describes the Client Management policy definitions for MBAM, found
 
        Configure user exemption policy
        
 
        Suggested Configuration: Not Configured
        
 
        This policy setting lets you configure a web site address, email address, or phone number that will instruct a user to request an exemption from BitLocker encryption.
        
-
        If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog with instructions on how to apply for an exemption from BitLocker protection. For more information about how to enable BitLocker encryption exemptions for users, see [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md).
        
+
        If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog with instructions on how to apply for an exemption from BitLocker protection. For more information about how to enable BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.
        
 
        If you either disable or do not configure this policy setting, the instructions about how to apply for an exemption request will not be presented to users.
        
 
        
-Note  
-
        User exemption is managed per user, not per computer. If multiple users log on to the same computer and one user is not exempt, the computer will be encrypted.
        
+Note
        User exemption is managed per user, not per computer. If multiple users log on to the same computer and one user is not exempt, the computer will be encrypted.
        
 
        
 
        
- 
+
 
        
 
 
 
 
- 
+
 
 ##  Fixed Drive policy definitions
 
@@ -197,7 +198,7 @@ This section describes the Fixed Drive policy definitions for MBAM, which can be
 
 
 
- 
+
 
 ## Operating System Drive policy definitions
 
@@ -253,7 +254,7 @@ This section describes the Operating System Drive policy definitions for MBAM, f
 
 
 
- 
+
 
 ## Removable Drive policy definitions
 
@@ -310,16 +311,16 @@ This section describes the Removable Drive Policy definitions for MBAM, found at
 
 
 
- 
+
 
 ## Related topics
 
 
 [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
index 1541ceade7..f8a81e0385 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 1.0 Server Deployment
 description: Planning for MBAM 1.0 Server Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3cbef284-3092-4c42-9234-2826b18ddef1
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -34,7 +37,7 @@ MBAM server databases and features can be installed in different configurations,
 **Note**  
 For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at .
 
- 
+ 
 
 Each MBAM feature has specific prerequisites. For a full list of server feature prerequisites and hardware and software requirements, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md).
 
@@ -58,7 +61,7 @@ When you deploy the MBAM Server features, install the features in the following
 **Note**  
 Keep track of the names of the computers on which you install each feature. You will use this information throughout the installation process. You can print and use a deployment checklist to assist you in the installation process. For more information about the MBAM deployment checklist, see [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md).
 
- 
+ 
 
 ## Related topics
 
@@ -67,9 +70,9 @@ Keep track of the names of the computers on which you install each feature. You
 
 [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10.md b/mdop/mbam-v1/planning-for-mbam-10.md
index 0a28496000..d962c67909 100644
--- a/mdop/mbam-v1/planning-for-mbam-10.md
+++ b/mdop/mbam-v1/planning-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 1.0
 description: Planning for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d4e8a42f-2836-48c8-83c1-40bd58270e19
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/planning-to-deploy-mbam-10.md b/mdop/mbam-v1/planning-to-deploy-mbam-10.md
index a0479b0674..82f073a30e 100644
--- a/mdop/mbam-v1/planning-to-deploy-mbam-10.md
+++ b/mdop/mbam-v1/planning-to-deploy-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy MBAM 1.0
 description: Planning to Deploy MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 30ad4304-45c6-427d-8e33-ebe8053c7871
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md b/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md
index 3de04b4582..c1751b7247 100644
--- a/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md
+++ b/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing your Environment for MBAM 1.0
 description: Preparing your Environment for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 915f7c3c-70ad-4a90-a434-73e7fba97ecb
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ To ensure successful installation of MBAM Clients and MBAM Server features, you
 **Note**  
 MBAM Setup verifies if all prerequisites are met before installation starts. If they are not met, Setup will fail.
 
- 
+ 
 
 [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
 
@@ -38,7 +41,7 @@ Before MBAM can manage clients in the enterprise, you must define the Group Poli
 **Important**  
 MBAM will not work with policies for stand-alone BitLocker drive encryption. Group Policy must be defined for MBAM; otherwise, the BitLocker encryption and enforcement will fail.
 
- 
+ 
 
 [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md)
 
@@ -56,9 +59,9 @@ The membership of MBAM roles can be managed more effectively if you create secur
 
 [Planning for MBAM 1.0](planning-for-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/privacy-statement-for-mbam-10.md b/mdop/mbam-v1/privacy-statement-for-mbam-10.md
index e4de0d0c5b..cbb1202f49 100644
--- a/mdop/mbam-v1/privacy-statement-for-mbam-10.md
+++ b/mdop/mbam-v1/privacy-statement-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Privacy Statement for MBAM 1.0
 description: Privacy Statement for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: db18cc93-a1c1-44da-a450-a5399a4427b9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/release-notes-for-mbam-10.md b/mdop/mbam-v1/release-notes-for-mbam-10.md
index 32cf3c9bd1..aec1c1dab8 100644
--- a/mdop/mbam-v1/release-notes-for-mbam-10.md
+++ b/mdop/mbam-v1/release-notes-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for MBAM 1.0
 description: Release Notes for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d82fddde-c360-48ef-86a0-d9b5fe066861
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -35,7 +38,7 @@ We are interested in your feedback on MBAM. You can send your feedback to ' to group 'MBAM Report Users'
 Locating group 'MBAM Recovery and Hardware DB Access'
 Adding 'S-1-5-20' to group 'MBAM Recovery and Hardware DB Access'
 Exception: A new member could not be added to a local group because the member has the wrong account type.
- 
-  StackTrace:    at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
-   at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
-   at System.DirectoryServices.AccountManagement.SAMStoreCtx.Update(Principal p)
-   at Microsoft.Windows.Mdop.BitlockerManagement.Setup.Groups.CreateGroupsDeferred(Session session)
-  InnerException:Exception: A new member could not be added to a local group because the member has the wrong account type.
- 
-    InnerException:StackTrace:    at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsGroup.Add(String bstrNewItem)
-   at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
+ 
+  StackTrace:    at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
+   at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
+   at System.DirectoryServices.AccountManagement.SAMStoreCtx.Update(Principal p)
+   at Microsoft.Windows.Mdop.BitlockerManagement.Setup.Groups.CreateGroupsDeferred(Session session)
+  InnerException:Exception: A new member could not be added to a local group because the member has the wrong account type.
+ 
+    InnerException:StackTrace:    at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsGroup.Add(String bstrNewItem)
+   at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes)
 CustomAction MbamCreateGroupsDeferred returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
 Action ended 11:41:29: InstallExecute. Return value 3.
 ```
@@ -147,9 +150,9 @@ Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Win
 
 [About MBAM 1.0](about-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/security-and-privacy-for-mbam-10.md b/mdop/mbam-v1/security-and-privacy-for-mbam-10.md
index c91aa2e1b0..00c9e551f3 100644
--- a/mdop/mbam-v1/security-and-privacy-for-mbam-10.md
+++ b/mdop/mbam-v1/security-and-privacy-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Privacy for MBAM 1.0
 description: Security and Privacy for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ba4497f1-b9e3-41be-8953-3637d1f83f01
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/security-considerations-for-mbam-10.md b/mdop/mbam-v1/security-considerations-for-mbam-10.md
index 75fab3c79a..60d75c4b33 100644
--- a/mdop/mbam-v1/security-considerations-for-mbam-10.md
+++ b/mdop/mbam-v1/security-considerations-for-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Security Considerations for MBAM 1.0
 description: Security Considerations for MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5e1c8b8c-235b-4a92-8b0b-da50dca17353
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -83,7 +86,7 @@ No groups are created automatically during MBAM Setup. However, you should creat
 
 
 
- 
+ 
 
 ### MBAM Server Local Groups
 
@@ -132,7 +135,7 @@ MBAM Setup creates local groups to support MBAM operations. You should add the A
 
 
 
- 
+ 
 
 ### SSRS Reports Access Account
 
@@ -145,7 +148,7 @@ During MBAM Setup, the following MBAM Setup log files are created in the %temp%
 
 **MBAM Server Setup log files**
 
-MSI*<five random characters>*.log  
+MSI<five random characters>.log  
 Logs the actions taken during MBAM Setup and MBAM Server Feature installation.
 
 InstallComplianceDatabase.log  
@@ -169,11 +172,11 @@ Logs the actions taken to authorize web services to MBAM Recovery and Hardware d
 **Note**  
 In order to obtain additional MBAM Setup log files, you must install Microsoft BitLocker Administration and Monitoring by using the **msiexec** package and the **/l** <location> option. Log files are created in the location specified.
 
- 
+ 
 
 **MBAM Client Setup log files**
 
-MSI*<five random characters>*.log  
+MSI<five random characters>.log  
 Logs the actions taken during MBAM Client installation.
 
 ## MBAM Database TDE considerations
@@ -194,9 +197,9 @@ For more information about TDE in SQL Server 2008, see [Database Encryption in
 
 [Security and Privacy for MBAM 1.0](security-and-privacy-for-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v1/troubleshooting-mbam-10.md b/mdop/mbam-v1/troubleshooting-mbam-10.md
index 8b439e5fdf..9c07bf41b2 100644
--- a/mdop/mbam-v1/troubleshooting-mbam-10.md
+++ b/mdop/mbam-v1/troubleshooting-mbam-10.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MBAM 1.0
 description: Troubleshooting MBAM 1.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7d47fbfe-51c0-4619-bed3-163dfd18cdec
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md b/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md
index 566b8c945d..069c0097c2 100644
--- a/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md
+++ b/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md
@@ -1,8 +1,11 @@
 ---
 title: Understanding MBAM Reports
 description: Understanding MBAM Reports
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 34e4aaeb-7f89-41a1-b816-c6fe8397b060
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -70,7 +73,7 @@ An Enterprise Compliance Report provides information on overall BitLocker compli
 
 
 
- 
+ 
 
 **Enterprise Compliance Report Compliance states**
 
@@ -117,7 +120,7 @@ An Enterprise Compliance Report provides information on overall BitLocker compli
 
 
 
- 
+ 
 
 ### Computer Compliance Report
 
@@ -128,7 +131,7 @@ The Computer Compliance Report provides detailed encryption information and appl
 **Note**  
 This report does not provide encryption status for Removable Data Volumes.
 
- 
+ 
 
 **Computer Compliance Report fields**
 
@@ -207,7 +210,7 @@ This report does not provide encryption status for Removable Data Volumes.
 
 
 
- 
+ 
 
 **Computer Compliance Report Drive fields**
 
@@ -258,7 +261,7 @@ This report does not provide encryption status for Removable Data Volumes.
 
 
 
- 
+ 
 
 ### Hardware Audit Report
 
@@ -301,7 +304,7 @@ This report can help you audit changes to the Hardware Compatibility status of s
 
 
 
- 
+ 
 
 ### Recovery Audit Report
 
@@ -364,21 +367,21 @@ The Recovery Audit Report can help you audit users who have requested access to
 
 
 
- 
+ 
 
 **Note**  
 To save report results to a file, click the **Export** button on the reports menu bar.
 
- 
+ 
 
 ## Related topics
 
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/about-mbam-20-mbam-2.md b/mdop/mbam-v2/about-mbam-20-mbam-2.md
index a2304dbbce..403d43870d 100644
--- a/mdop/mbam-v2/about-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/about-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: About MBAM 2.0
 description: About MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b43a0ba9-1c83-4854-a2c5-14eea0070e36
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -24,7 +27,7 @@ BitLocker Administration and Monitoring 2.0 enforces the BitLocker encryption
 **Note**  
 BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
- 
+ 
 
 The following groups might be interested in using MBAM to manage BitLocker:
 
@@ -102,9 +105,9 @@ This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Ent
 
 [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/about-mbam-20-sp1.md b/mdop/mbam-v2/about-mbam-20-sp1.md
index b382c075e4..8b27fe1388 100644
--- a/mdop/mbam-v2/about-mbam-20-sp1.md
+++ b/mdop/mbam-v2/about-mbam-20-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About MBAM 2.0 SP1
 description: About MBAM 2.0 SP1
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5ba89ed8-bb6e-407b-82c2-e2e36dd1078e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,13 +28,13 @@ This version of MBAM provides the following new features and functionality.
 
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1) adds support for Windows 8.1, Windows Server 2012 R2, and System Center 2012 R2 Configuration Manager.
 
-### Support for Microsoft SQL Server 2008 R2 SP2
+### Support for Microsoft SQL Server 2008 R2 SP2
 
-Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1) adds support for Microsoft SQL Server 2008 R2 SP2. You must use Microsoft SQL Server 2008 R2 or higher if you are running Microsoft System Center Configuration Manager 2007 R2.
+Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1) adds support for Microsoft SQL Server 2008 R2 SP2. You must use Microsoft SQL Server 2008 R2 or higher if you are running Microsoft System Center Configuration Manager 2007 R2.
 
 ### Customer feedback rollup
 
-MBAM 2.0 SP1 includes a rollup of fixes to address issues that were found since the Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 release. As part of these changes, the Computer Name field now appears in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you run MBAM with Microsoft System Center Configuration Manager 2007.
+MBAM 2.0 SP1 includes a rollup of fixes to address issues that were found since the Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 release. As part of these changes, the Computer Name field now appears in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you run MBAM with Microsoft System Center Configuration Manager 2007.
 
 ### Firewall exception must be set on ports for the Self-Service Portal and the Administration and Monitoring website
 
@@ -45,16 +48,16 @@ MBAM reports for the Configuration Manager integrated topology are now available
 
 You can install MBAM on a primary site server or a central administration site server when you install MBAM with the Configuration Manager integrated topology. Previously, you were required to install MBAM on a central administration site server.
 
-**Important**  
+**Important**  
 The server on which you install MBAM must be the top-tier server in your hierarchy.
 
- 
 
-The MBAM installation works differently for Microsoft System Center Configuration Manager 2007 and Microsoft System Center 2012 Configuration Manager as follows:
+
+The MBAM installation works differently for Microsoft System Center Configuration Manager 2007 and Microsoft System Center 2012 Configuration Manager as follows:
 
 -   **Configuration Manager 2007** : If you install MBAM on a primary site server that is part of a larger Configuration Manager hierarchy and has a central site parent server, MBAM resolves the central site parent server and performs all of the installation actions on that parent server. The installation actions include checking prerequisites and installing the Configuration Manager objects and reports. For example, if you install MBAM on a primary site server that is a child of a central site parent server, MBAM installs all of the Configuration Manager objects and reports on the parent server. If you install MBAM on the parent server, MBAM performs all of the installation actions on that parent server.
 
--   **System Center 2012 Configuration Manager** : If you install MBAM on a primary site server or on a central administration server, MBAM performs all of the installation actions on that site server.
+-   **System Center 2012 Configuration Manager** : If you install MBAM on a primary site server or on a central administration server, MBAM performs all of the installation actions on that site server.
 
 ###  Configuration Manager Console must be installed on the computer on which you install the MBAM Server
 
@@ -85,11 +88,10 @@ When you install MBAM with the Configuration Manager integrated topology, you mu
 
        CM_REPORTS_ONLY
        
 
        Enables you to install only the Configuration Manager reports, without other Configuration Manager objects, such as the baseline, collection, and configuration items.
        
 
        
-Note  
-
        You must combine this parameter with the CM_REPORTS_COLLECTION_ID parameter.
        
+Note
        You must combine this parameter with the CM_REPORTS_COLLECTION_ID parameter.
        
 
        
 
        
- 
+
 
        
 
        Valid parameter values:
        
 
          
@@ -110,7 +112,7 @@ When you install MBAM with the Configuration Manager integrated topology, you mu
 
 
 
- 
+
 
 ### Ability to turn Self-Service Portal notice text on or off
 
@@ -168,12 +170,12 @@ MBAM displays the notice text, based on the following rules:
 
 -   If MBAM does not find a default notice.txt file, it displays the default text in the Self-Service Portal.
 
-**Note**  
+**Note**  
 If an end user’s browser is set to a language that does not have a corresponding language subfolder or notice.txt, the text that is in the notice.txt file in the following root directory is displayed:
 
 <*MBAM Self-Service Install Directory*>\\Self Service Website\\
 
- 
+
 
 **To create a localized notice.txt file**
 
@@ -181,10 +183,10 @@ If an end user’s browser is set to a language that does not have a correspondi
 
     <*MBAM Self-Service Install Directory*>\\Self Service Website\\
 
-    **Note**  
+    **Note**  
     Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*language*> folder.
 
-     
+
 
 2.  Create a notice.txt file that contains the localized notice text.
 
@@ -255,8 +257,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
     // Microsoft BitLocker Administration and Monitoring 
     //===================================================
 
-#pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
+# pragma namespace ("\\\\.\\root\\cimv2")
+# pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
     [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
     class Win32_BitLockerEncryptionDetails
     {
@@ -288,19 +290,19 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         Boolean     IsAutoUnlockEnabled;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+# pragma namespace ("\\\\.\\root\\cimv2")
+# pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
      [DYNPROPS]
     Class Win32Reg_MBAMPolicy
     {
         [key]
         string KeyName;
-        
+
         //General encryption requirements
         UInt32    OsDriveEncryption;
         UInt32    FixedDataDriveEncryption;
         UInt32    EncryptionMethod;
-        
+
         //Required protectors properties
         UInt32    OsDriveProtector;
         UInt32    FixedDataDriveAutoUnlock;
@@ -320,7 +322,7 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
     Instance of Win32Reg_MBAMPolicy
     {
         KeyName="BitLocker policy";
-        
+
         //General encryption requirements
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
         OsDriveEncryption;
@@ -328,7 +330,7 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         FixedDataDriveEncryption;
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
         EncryptionMethod;
-        
+
         //Required protectors properties
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
         OsDriveProtector;
@@ -350,19 +352,19 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         EncodedComputerName;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+# pragma namespace ("\\\\.\\root\\cimv2")
+# pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
     [DYNPROPS]
     Class Win32Reg_MBAMPolicy_64
     {
         [key]
         string KeyName;
-        
+
         //General encryption requirements
         UInt32    OsDriveEncryption;
         UInt32    FixedDataDriveEncryption;
         UInt32    EncryptionMethod;
-        
+
         //Required protectors properties
         UInt32    OsDriveProtector;
         UInt32    FixedDataDriveAutoUnlock;
@@ -382,7 +384,7 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
     Instance of Win32Reg_MBAMPolicy_64
     {
         KeyName="BitLocker policy 64";
-        
+
         //General encryption requirements
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
         OsDriveEncryption;
@@ -390,7 +392,7 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         FixedDataDriveEncryption;
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
         EncryptionMethod;
-        
+
         //Required protectors properties
         [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
         OsDriveProtector;
@@ -412,8 +414,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         EncodedComputerName;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+# pragma namespace ("\\\\.\\root\\cimv2")
+# pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
     [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
     dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
     class CCM_OperatingSystemExtended
@@ -424,8 +426,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
         uint32     SKU;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+# pragma namespace ("\\\\.\\root\\cimv2")
+# pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
     [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
     dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
     class CCM_ComputerSystemExtended
@@ -478,9 +480,9 @@ MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP i
 
 [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/about-the-computer-tpm-chip.md b/mdop/mbam-v2/about-the-computer-tpm-chip.md
index ca9b55f6f4..8fc5a07b1c 100644
--- a/mdop/mbam-v2/about-the-computer-tpm-chip.md
+++ b/mdop/mbam-v2/about-the-computer-tpm-chip.md
@@ -1,8 +1,11 @@
 ---
 title: About the Computer TPM Chip
 description: About the Computer TPM Chip
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6f1cf18c-277a-4932-886d-14202ca8d175
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ After BitLocker is configured, you can access additional information about the T
 **Note**  
 You must have administrative credentials on your computer to access this tool.
 
- 
+ 
 
 In a TPM failure, a change in the BIOS, or certain Windows Updates, BitLocker will lock your computer and require you to contact your Help Desk to unlock it. You have to provide the name of your computer as well as your computer’s domain. Help Desk can give you a password file that can be used to unlock your computer.
 
@@ -42,9 +45,9 @@ If a TPM failure, change in the BIOS, or certain Windows Updates occur, BitLocke
 
 [Using Your PIN or Password](using-your-pin-or-password.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
index f4215c49ea..62803ce9fd 100644
--- a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for MBAM 2.0
 description: Accessibility for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9cd628f1-f594-43ab-8095-4663272940a9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in Alternative Formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
          (609) 987-8116
          
 
 
-
          [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
          
+
          http://www.learningally.org/
          
 
          Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
          
 
 
 
 
- 
+ 
 
 ## Customer Service for People with Hearing Impairments
 
@@ -93,9 +96,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md b/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md
index 95fbd3b46a..87e053a66b 100644
--- a/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md
+++ b/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Administering MBAM 2.0 Features
 description: Administering MBAM 2.0 Features
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 065e0704-069e-4372-9b86-0b57dd7638dd
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -38,7 +41,7 @@ MBAM provides a custom control panel, called BitLocker Encryption Options, that
 **Note**  
 This customized control panel does not replace the default Windows BitLocker control panel.
 
- 
+ 
 
 [How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel](how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md)
 
@@ -47,9 +50,9 @@ This customized control panel does not replace the default Windows BitLocker con
 
 [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md b/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md
index 33e355889e..38ce3f35cf 100644
--- a/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md
+++ b/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Administering MBAM 2.0 Using PowerShell
 description: Administering MBAM 2.0 Using PowerShell
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d785a8df-0a8c-4d70-abd2-93a762b4f3de
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md b/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md
index e63a58503e..fbbfcb6384 100644
--- a/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md
+++ b/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md
@@ -1,8 +1,11 @@
 ---
 title: Create or Edit the Sms\_def.mof File
 description: Create or Edit the Sms\_def.mof File
-author: jamiejdt
+author: msfttracyp
 ms.assetid: d1747e43-484e-4031-a63b-6342fe588aa2
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md b/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md
index 4e9af48d46..01574c06fa 100644
--- a/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md
+++ b/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 2.0 Group Policy Objects
 description: Deploying MBAM 2.0 Group Policy Objects
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f17f3897-73ab-431b-a6ec-5a6cff9f279a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/deploying-mbam-20-mbam-2.md b/mdop/mbam-v2/deploying-mbam-20-mbam-2.md
index 49853a0cfc..4f391c02e0 100644
--- a/mdop/mbam-v2/deploying-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/deploying-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 2.0
 description: Deploying MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4b0eaf10-81b4-427e-9d43-eb833de935a3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
index aa1d1b5c42..d216401680 100644
--- a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
+++ b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM with Configuration Manager
 description: Deploying MBAM with Configuration Manager
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 89d03e29-457a-471d-b893-e0b74a83ec50
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md b/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md
index 2d84616906..c9857d854e 100644
--- a/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md
+++ b/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 2.0 Client
 description: Deploying the MBAM 2.0 Client
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3dd584fe-2a54-40f0-9bab-13ea74040b01
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md b/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md
index b82a55af14..32a1b563d5 100644
--- a/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md
+++ b/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 2.0 Server Infrastructure
 description: Deploying the MBAM 2.0 Server Infrastructure
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 52e68d94-e2b4-4b06-ae55-f900ea6cc59f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/edit-the-configurationmof-file.md b/mdop/mbam-v2/edit-the-configurationmof-file.md
index c84189e893..e06a21728b 100644
--- a/mdop/mbam-v2/edit-the-configurationmof-file.md
+++ b/mdop/mbam-v2/edit-the-configurationmof-file.md
@@ -1,8 +1,11 @@
 ---
 title: Edit the Configuration.mof File
 description: Edit the Configuration.mof File
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 23e50ec9-4083-4b12-ad96-626cf30960bb
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ If you are installing Microsoft BitLocker Administration and Monitoring (MBAM) 2
 
 -   For an upgrade to MBAM 2.0 SP1, see **Update the configuration.mof file if you upgrade to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007**.
 
- 
+ 
 
 **To create the configuration.mof file if you are using MBAM 2.0 SP1 with Configuration Manager**
 
@@ -376,9 +379,9 @@ If you are installing Microsoft BitLocker Administration and Monitoring (MBAM) 2
 
 [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md b/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md
index 3372d0022d..4c52ea62b8 100644
--- a/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Evaluating MBAM 2.0
 description: Evaluating MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bfc77eec-0fd7-4fec-9c78-6870afa87152
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -44,43 +47,43 @@ Even though you are setting up a non-production instance of MBAM to evaluate in
 
 Checklist box
 
          Review the Getting Started information about MBAM to gain a basic understanding of the product before beginning deployment planning.
          
-
          [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
          
+
          Getting Started with MBAM 2.0
          
 
          
 
 
 Checklist box
 
          Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment.
          
-
          [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
          
+
          MBAM 2.0 Deployment Prerequisites
          
 
          
 
 
 Checklist box
 
          Plan for and configure MBAM Group Policy requirements.
          
-
          [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md)
          
+
          Planning for MBAM 2.0 Group Policy Requirements
          
 
          
 
 
 Checklist box
 
          Plan for and create necessary Active Directory Domain Services security groups, and plan for MBAM local security group membership requirements.
          
-
          [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md)
          
+
          Planning for MBAM 2.0 Administrator Roles
          
 
          
 
 
 Checklist box
 
          Plan for deploying MBAM Server feature deployment.
          
-
          [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md)
          
+
          Planning for MBAM 2.0 Server Deployment
          
 
          
 
 
 Checklist box
 
          Plan for deploying MBAM Client deployment.
          
-
          [Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md)
          
+
          Planning for MBAM 2.0 Client Deployment
          
 
          
 
 
 
 
- 
+ 
 
 ### Perform an MBAM Evaluation Deployment
 
@@ -97,37 +100,37 @@ After completing the necessary planning and software prerequisite installations
 
 Checklist box
 
          Review the MBAM supported configurations information to make sure that selected client and server computers are supported for MBAM feature installation.
          
-
          [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
          
+
          MBAM 2.0 Supported Configurations
          
 
          
 
 
 Checklist box
 
          Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes.
          
-
          [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md)
          
+
          How to Install and Configure MBAM on a Single Server
          
 
          
 
 
 Checklist box
 
          Add Active Directory Domain Services security groups, that you created during the planning phase, to the appropriate local MBAM Server feature local groups on the new MBAM Server.
          
-
          [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md) and [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md)
          
+
          Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles
          
 
          
 
 
 Checklist box
 
          Create and deploy required MBAM Group Policy Objects.
          
-
          [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
          
+
          Deploying MBAM 2.0 Group Policy Objects
          
 
          
 
 
 Checklist box
 
          Deploy the MBAM Client software.
          
-
          [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
          
+
          Deploying the MBAM 2.0 Client
          
 
          
 
 
 
 
- 
+ 
 
 ## Configure Lab Computers for MBAM Evaluation
 
@@ -137,7 +140,7 @@ This section contains information that can be used to speed up the MBAM Client s
 **Note**  
 The information in following section describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
 
- 
+ 
 
 ### Modify MBAM Client Status Reporting Frequency Settings
 
@@ -154,7 +157,7 @@ To modify the MBAM Client status reporting frequency settings:
 **Note**  
 To set values that are this low, you must set them in the registry manually.
 
- 
+ 
 
 ### Modify MBAM Client Service Startup Delay
 
@@ -165,9 +168,9 @@ In addition to the MBAM Client wakeup and status reporting frequencies, there is
 
 [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md b/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md
index 602db947ed..c05335448c 100644
--- a/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md
+++ b/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started - Using MBAM with Configuration Manager
 description: Getting Started - Using MBAM with Configuration Manager
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b0a1d3cc-0b01-4b69-a2cd-fd09fb3beda4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ When you install Microsoft BitLocker Administration and Monitoring (MBAM), you c
 **Important**  
 Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007.
 
- 
+ 
 
 ## Using MBAM with Configuration Manager
 
@@ -94,9 +97,9 @@ A description of the servers, databases, and features of this architecture follo
 
 [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
index 3344fab13c..e24afb3f59 100644
--- a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with MBAM 2.0
 description: Getting Started with MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 29f5c9af-5bbf-4d37-aa0f-0716046904af
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/helping-end-users-manage-bitlocker.md b/mdop/mbam-v2/helping-end-users-manage-bitlocker.md
index 65850cd2a5..351f43c2ea 100644
--- a/mdop/mbam-v2/helping-end-users-manage-bitlocker.md
+++ b/mdop/mbam-v2/helping-end-users-manage-bitlocker.md
@@ -1,8 +1,11 @@
 ---
 title: Helping End Users Manage BitLocker
 description: Helping End Users Manage BitLocker
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 47776fb3-2d94-4970-b687-c35ec3dd6c64
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -36,7 +39,7 @@ You can turn off BitLocker, either temporarily, by suspending it, or permanently
 **Note**  
 Because BitLocker encrypts the whole drive and not just the individual files themselves, be careful when you move sensitive data between drives. If you move a file from a BitLocker-protected drive to a nonencrypted drive, the file will no longer be encrypted.
 
- 
+ 
 
 ## About the BitLocker Encryption Options Application
 
@@ -78,9 +81,9 @@ In this section, you can view information about external drives (such as a USB t
 
 -   **Disk Management** -open the Disk Management tool. From here you can view the information for all hard drives connected to the computer and configure partitions and drive options. You must have administrative rights on your computer to access this tool.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md b/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md
index ec4172028d..ccf0d2efd2 100644
--- a/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: High Availability for MBAM 2.0
 description: High Availability for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 244ee013-9e2a-48d2-b842-4e10594fd74f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md b/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md
index 682798b403..8e213175cb 100644
--- a/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture for MBAM 2.0
 description: High-Level Architecture for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7f73dd3a-0b1f-4af6-a2f0-d0c5bc5d183a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ The following diagram shows the MBAM recommended architecture for a production e
 **Note**  
 A single-server architecture should be used only in test environments.
 
- 
+ 
 
 ![mbam 2 two-server deployment topology](images/mbam2-3-servers.gif)
 
@@ -70,9 +73,9 @@ The MBAM Client is installed on a Windows computer and has the following charact
 
 [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-brand-the-self-service-portal.md b/mdop/mbam-v2/how-to-brand-the-self-service-portal.md
index 6b6eda7259..d50446e82d 100644
--- a/mdop/mbam-v2/how-to-brand-the-self-service-portal.md
+++ b/mdop/mbam-v2/how-to-brand-the-self-service-portal.md
@@ -1,8 +1,11 @@
 ---
 title: How to Brand the Self-Service Portal
 description: How to Brand the Self-Service Portal
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3ef9e951-7c42-4f7f-b131-3765d39b3207
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -28,71 +31,73 @@ After you install the Microsoft BitLocker Administration and Monitoring (MBAM) S
 
 5.  From the **Name** column, select the item that you want to change, and change the default value to reflect the name that you want to use. The following table lists the values that you can set.
 
-    **Caution**  
+    **Caution**  
     Do not change the value in the Name column (CompanyName\*), as it will cause the Self-Service Portal to stop working.
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
          



          NameDefault Value
          CompanyName*
          Contoso IT
          HelpdeskText*
          Contact Help Desk or IT Department
          HelpdeskUrl*
          Http://www.microsoft.com
          jQueryPath
          //ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
          MicrosoftAjaxPath
          //ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js
          MicrosoftMvcAjaxPath
          //ajax.aspnetcdn.com/ajax/mvc/2.0/MicrosoftMvcValidation.js
          NoticeTextPath
          Notice.txt
          
-    
          
-    Note  
-    
          You can edit the Notice text either by using the IIS Manager or by opening and changing the Notice.txt file in the installation directory.
          
-    
          
-    
          
-     
-    
          
 
-     
+~~~
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
          



          NameDefault Value
          CompanyName*
          Contoso IT
          HelpdeskText*
          Contact Help Desk or IT Department
          HelpdeskUrl*
          Http://www.microsoft.com
          jQueryPath
          //ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
          MicrosoftAjaxPath
          //ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js
          MicrosoftMvcAjaxPath
          //ajax.aspnetcdn.com/ajax/mvc/2.0/MicrosoftMvcValidation.js
          NoticeTextPath
          Notice.txt
          
+
          
+Note  
+
          You can edit the Notice text either by using the IIS Manager or by opening and changing the Notice.txt file in the installation directory.
          
+
          
+
          
+
+
          
+~~~
+
+
 
 ## Related topics
 
 
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md b/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md
index b5c82d7821..5e92294d61 100644
--- a/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md
+++ b/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create or Edit the mof Files
 description: How to Create or Edit the mof Files
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4d19d707-b90f-4057-a6e9-e4221a607190
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md b/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md
index 6f8061bf9c..26ec642679 100644
--- a/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md
+++ b/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client as Part of a Windows Deployment
 description: How to Deploy the MBAM Client as Part of a Windows Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 67387de7-8b02-4412-9850-3b8d8e5c18af
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,26 +19,26 @@ ms.date: 06/16/2016
 
 The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. If computers that have a Trusted Platform Module (TPM) chip, the BitLocker client can be integrated into an organization by enabling BitLocker management and encryption on client computers as part of the imaging and Windows deployment process.
 
-**Note**  
+**Note**  
 To review the Microsoft BitLocker Administration and Monitoring Client system requirements, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md).
 
- 
+
 
 Encrypting client computers with BitLocker during the initial imaging stage of a Windows deployment can lower the administrative overhead necessary for implementing MBAM in an organization. It also ensures that every computer that is deployed already has BitLocker running and is configured correctly.
 
-**Note**  
+**Note**  
 The procedure in this topic describes modifying the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
 
- 
+
 
 **To encrypt a computer as part of Windows deployment**
 
 1.  If your organization is planning to use the Trusted Platform Module (TPM) protector or the TPM + PIN protector options in BitLocker, you must activate the TPM chip before the initial deployment of MBAM. When you activate the TPM chip, you avoid a reboot later in the process, and you ensure that the TPM chips are correctly configured according to the requirements of your organization. You must activate the TPM chip manually in the BIOS of the computer.
 
-    **Note**  
+    **Note**  
     Some vendors provide tools to turn on and activate the TPM chip in the BIOS from within the operating system. Refer to the manufacturer documentation for more details about how to configure the TPM chip.
 
-     
+
 
 2.  Install the Microsoft BitLocker Administration and Monitoring client agent.
 
@@ -83,24 +86,26 @@ The procedure in this topic describes modifying the Windows registry. Using Regi
 
     Set this value to the URL for the Key Recovery web server, for example, http://<computer name>/MBAMRecoveryAndHardwareService/CoreService.svc.
 
-     
 
-    **Note**  
-    MBAM policy or registry values can be set here to override previously set values.
 
-     
+~~~
+**Note**  
+MBAM policy or registry values can be set here to override previously set values.
+~~~
 
-7.  The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator:
 
-    **net start mbamagent**
 
-8.  When the computers restarts, and the BIOS prompts you to accept a TPM change, accept the change.
+7. The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator:
 
-9.  During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service, and set start to **automatic** by running a command prompt as an administrator and typing the following commands:
+   **net start mbamagent**
 
-    **sc config mbamagent start= auto**
+8. When the computers restarts, and the BIOS prompts you to accept a TPM change, accept the change.
 
-    **net start mbamagent**
+9. During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service, and set start to **automatic** by running a command prompt as an administrator and typing the following commands:
+
+   **sc config mbamagent start= auto**
+
+   **net start mbamagent**
 
 10. Remove the bypass registry values by running Regedit and going to the HKLM\\SOFTWARE\\Microsoft registry entry. To delete the **MBAM** node, right-click the node and click **Delete**.
 
@@ -109,9 +114,9 @@ The procedure in this topic describes modifying the Windows registry. Using Regi
 
 [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md b/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md
index 825dc107df..cd58d1213c 100644
--- a/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md
+++ b/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client to Desktop or Laptop Computers
 description: How to Deploy the MBAM Client to Desktop or Laptop Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 56744922-bfdd-48f6-ae01-645ff53b64a8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Microsoft BitLocker Administration and Monitoring (MBAM) client enables admi
 **Note**  
 To review the Microsoft BitLocker Administration and Monitoring Client system requirements, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md).
 
- 
+ 
 
 **To deploy the MBAM Client to desktop or laptop computers**
 
@@ -32,16 +35,16 @@ To review the Microsoft BitLocker Administration and Monitoring Client system re
     **Important**  
     The MBAM Client will not start BitLocker encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed before BitLocker encryption will begin.
 
-     
+     
 
 ## Related topics
 
 
 [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md b/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md
index c238edfb99..be34c7735b 100644
--- a/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md
+++ b/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Determine BitLocker Encryption State of Lost Computers
 description: How to Determine BitLocker Encryption State of Lost Computers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: dbd23b64-dff3-4913-9acd-affe67b9462e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ You can use Microsoft BitLocker Administration and Monitoring (MBAM) to determin
     **Note**  
     Note: The default address for the Administration and Monitoring website is http://*<computername>*. Using the fully qualified server name will yield faster browsing results.
 
-     
+     
 
 2.  Selects the **Report** node from the navigation pane, and select the **Computer Compliance Report**.
 
@@ -34,16 +37,16 @@ You can use Microsoft BitLocker Administration and Monitoring (MBAM) to determin
     **Note**  
     Device compliance is determined by the BitLocker policies that your enterprise has deployed. You may want to verify your deployed policies before you try to determine the BitLocker encryption state of a device.
 
-     
+     
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md b/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md
index 4760062caf..1c4aec51cd 100644
--- a/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md
+++ b/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit MBAM 2.0 GPO Settings
 description: How to Edit MBAM 2.0 GPO Settings
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f5ffa93d-b4d2-4317-8a1c-7d2be0264fe3
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -64,21 +67,23 @@ You can use the following steps to configure the basic, recommended GPO settings
     
     
 
-     
 
-    **Important**  
-    Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) for Group Policy configuration details for all of the available MBAM GPO policy options.
 
-     
+~~~
+**Important**  
+Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) for Group Policy configuration details for all of the available MBAM GPO policy options.
+~~~
+
+
 
 ## Related topics
 
 
 [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md b/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md
index 97e353b4fd..7e100cc0b6 100644
--- a/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md
+++ b/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Generate MBAM Reports
 description: How to Generate MBAM Reports
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 083550cb-8c3f-49b3-a30e-97d85374d2f4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ When you install Microsoft BitLocker Administration and Monitoring (MBAM) with t
 **Note**  
 To run the reports, you must be a member of the **Report Users Role** on the computers where the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed.
 
- 
+ 
 
 **To open the Administration and Monitoring website**
 
@@ -28,7 +31,7 @@ To run the reports, you must be a member of the **Report Users Role** on the com
     **Note**  
     If the Administration and Monitoring website was installed on a port other than 80, you have to specify the port in the URL (for example, *http://<computername>:<port>*. If you specified a host name for the Administration and Monitoring website during the installation, the URL is *http://<hostname>*.
 
-     
+     
 
 2.  In the left pane, click **Reports** and then select the report you want to run from the top menu bar.
 
@@ -37,7 +40,7 @@ To run the reports, you must be a member of the **Report Users Role** on the com
     **Note**  
     If SSRS was not configured to use Secure Socket Layer, the URL for the reports will be set to HTTP instead of to HTTPS when you install the MBAM Server. If you then go to the Help Desk portal and select a report, the following message displays: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
 
-     
+     
 
 **To generate an Enterprise Compliance Report**
 
@@ -54,7 +57,7 @@ To run the reports, you must be a member of the **Report Users Role** on the com
     **Note**  
     The Enterprise Compliance report is generated by a SQL job that runs every six hours. Therefore, the first time you view the report, you may find that some data is missing. You can generate updated report data manually by using SQL Management Studio. From the **Object Explorer** window, expand **SQL Server Agent**, expand **Jobs**, right-click the **CreateCache** job, and select **Start Job at Step….**
 
-     
+     
 
 3.  Select a computer name to view information about the computer in the Computer Compliance Report.
 
@@ -75,7 +78,7 @@ To run the reports, you must be a member of the **Report Users Role** on the com
     **Note**  
     An MBAM client computer is considered compliant if the computer matches the requirements of the MBAM policy settings.
 
-     
+     
 
 **To generate the Recovery Key Audit Report**
 
@@ -102,9 +105,9 @@ To run the reports, you must be a member of the **Report Users Role** on the com
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md b/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md
index 016b3d8291..94480977b1 100644
--- a/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md
+++ b/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Hide Default BitLocker Encryption in the Windows Control Panel
 description: How to Hide Default BitLocker Encryption in the Windows Control Panel
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6674aa51-2b5d-4e4a-8b43-2cc18d008285
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md
index bd592ec1ee..db6508b8b3 100644
--- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md
+++ b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure MBAM on a Single Server
 description: How to Install and Configure MBAM on a Single Server
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 45e6a012-6c8c-4d90-902c-d09de9a0cbea
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -22,12 +25,12 @@ The following diagram shows an example of a single-server architecture. For a de
 
 Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) and [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). In addition, some features also have information that must be provided during the installation process to successfully deploy the feature. You should also review [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) before you start MBAM deployment.
 
-**Note**  
+**Note**  
 To obtain the setup log files, you have use the Msiexec package and the **/L** <location> option to install MBAM. Log files are created in the location that you specify.
 
 Additional setup log files are created in the %temp% folder on the server of the user who is installing MBAM.
 
- 
+
 
 ## To install MBAM Server features on a single server
 
@@ -58,17 +61,17 @@ The following steps describe how to install general MBAM features.
 
     -   MBAM Group Policy template
 
-    **Note**  
+    **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes.
 
-     
+
 
 6.  On the **Configure network communication security** page, choose whether to encrypt the communication between the Web Services on the Administration and Monitoring Server and the clients. If you decide to encrypt the communication, select the certification authority-provisioned certificate to use for encryption. The certificate must be created prior to this step to enable you to select it on this page.
 
-    **Note**  
+    **Note**  
     This page appears only if you selected the Self-Service Portal or the Administration and Monitoring Server feature on the **Select features to install** page.
 
-     
+
 
 7.  Click **Next**, and then continue to the next set of steps to configure the MBAM Server features.
 
@@ -88,10 +91,10 @@ The following steps describe how to install general MBAM features.
 
 7.  On the **Configure the Self-Service Portal** page, enter the port number, host name, virtual directory name, and installation path for the Self-Service Portal.
 
-    **Note**  
+    **Note**  
     The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically.
 
-     
+
 
 8.  Click **Next** to continue.
 
@@ -99,10 +102,10 @@ The following steps describe how to install general MBAM features.
 
 10. On the **Configure the Administration and Monitoring Server** page, enter the port number, host name, virtual directory name, and installation path for the Help Desk website.
 
-    **Note**  
+    **Note**  
     The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically.
 
-     
+
 
 11. On the **Installation Summary** page, review the list of features that will be installed, and click **Install** to start installing the MBAM features. Click **Back** to move back through the wizard if you have to review or change your installation settings, or click **Cancel** to exit Setup. Setup installs the MBAM features and notifies you that the installation is complete.
 
@@ -122,10 +125,10 @@ The following steps describe how to install general MBAM features.
 
     -   Brand the Self-Service Portal with your company name, notice text, and other company-specific information. For instructions, see [How to Brand the Self-Service Portal](how-to-brand-the-self-service-portal.md).
 
-    **Note**  
+    **Note**  
     Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed. The recommended way to do this is to create a domain security group and add that domain group to each local MBAM Report Users group. When you use this process, manage the group memberships by way of the domain group.
 
-     
+
 
 ## Validating the MBAM Server feature installation
 
@@ -134,66 +137,68 @@ When the Microsoft BitLocker Administration and Monitoring installation is compl
 
 **To validate the MBAM Server feature installation**
 
-1.  On each server where a MBAM feature is deployed, open **Control Panel**. Select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
+1. On each server where a MBAM feature is deployed, open **Control Panel**. Select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
 
-    **Note**  
-    To validate the installation, you must use a domain account that has local computer administrative credentials on each server.
+   **Note**  
+   To validate the installation, you must use a domain account that has local computer administrative credentials on each server.
 
-     
 
-2.  On the server where the Recovery Database is installed, open SQL Server Management Studio, and verify that the **MBAM Recovery and Hardware** database is installed.
 
-3.  On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio, and verify that the **MBAM Compliance Status Database** is installed.
+2. On the server where the Recovery Database is installed, open SQL Server Management Studio, and verify that the **MBAM Recovery and Hardware** database is installed.
 
-4.  On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site.
+3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio, and verify that the **MBAM Compliance Status Database** is installed.
 
-    The default Home location of a SQL Server Reporting Services site instance is at http://*<NameofMBAMReportsServer>*/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that are specified during setup.
+4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site.
 
-    Confirm that a Reports folder named Microsoft BitLocker Administration and Monitoring contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports.
+   The default Home location of a SQL Server Reporting Services site instance is at http://<NameofMBAMReportsServer>/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that are specified during setup.
 
-    **Note**  
-    If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following: http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
+   Confirm that a Reports folder named Microsoft BitLocker Administration and Monitoring contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports.
 
-     
+   **Note**  
+   If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following: http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
 
-    **Note**  
-    If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
 
-     
 
-5.  On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager.**
+~~~
+**Note**  
+If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
+~~~
 
-6.  In **Connections,** browse to *<computername>*, select **Sites**, and then select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMUserSupportService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-7.  On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully:
 
-    -   *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports
+5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager.**
 
-    -   *http://<hostname>/SelfService>/*
+6. In **Connections,** browse to *<computername>*, select **Sites**, and then select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMUserSupportService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-    -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
+7. On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully:
 
-    -   *http://<hostname>/MBAMUserSupportService/UserSupportService.svc*
+   -   *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports
 
-    -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
+   -   *http://<hostname>/SelfService>/*
 
-    -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+   -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
 
-    **Note**  
-    It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.asp*x or*http://<hostname>:<port>/<virtualdirectory>/default.aspx*
+   -   *http://<hostname>/MBAMUserSupportService/UserSupportService.svc*
+
+   -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
+
+   -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+
+   **Note**  
+   It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.asp*x or*http://<hostname>:<port>/<virtualdirectory>/default.aspx*
+
+   If the server features were installed with network encryption, change http:// to https://.
 
-    If the server features were installed with network encryption, change http:// to https://.
 
-     
 
 ## Related topics
 
 
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
index e188506848..f7c562da25 100644
--- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
+++ b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure MBAM on Distributed Servers
 description: How to Install and Configure MBAM on Distributed Servers
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 67b91e6b-ae2e-4e47-9ef2-6819aba95976
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,12 +21,12 @@ The procedures in this topic describe how to install Microsoft BitLocker Adminis
 
 Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) and [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). In addition, some features require that you provide certain information during the installation process to successfully deploy the feature. You should also review [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md) before you start the MBAM deployment.
 
-**Note**  
+**Note**  
 To obtain the setup log files, you have to use the Msiexec package and the **/L** <location> option to install MBAM. Log files are created in the location that you specify.
 
 Additional setup log files are created in the %temp% folder on the server of the user who is installing MBAM.
 
- 
+
 
 ## Deploying MBAM Server Features
 
@@ -40,10 +43,10 @@ The following steps describe how to install general MBAM features.
 
 4.  On the **Topology Selection** page, select the **Stand-alone** topology, and then click **Next**.
 
-    **Note**  
+    **Note**  
     If you want to install MBAM with the Configuration Manager integrated topology, see [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md).
 
-     
+
 
 5.  Select the features that you want to install. By default, all MBAM features are selected for installation. Clear the features that you want to install elsewhere. Features that will be installed on the same computer must be installed together at the same time. You must install MBAM features in the following order:
 
@@ -59,17 +62,19 @@ The following steps describe how to install general MBAM features.
 
     -   MBAM Group Policy template
 
-    **Note**  
+    **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes.
 
-     
 
-    The MBAM Setup wizard displays installation pages for the features that you select. The following sections describe the installation procedures for each feature.
 
-    **Note**  
-    For the following instructions, it is assumed that each feature is to be installed on a separate server. If you install multiple features on a single server, you can change or eliminate some steps.
+~~~
+The MBAM Setup wizard displays installation pages for the features that you select. The following sections describe the installation procedures for each feature.
+
+**Note**  
+For the following instructions, it is assumed that each feature is to be installed on a separate server. If you install multiple features on a single server, you can change or eliminate some steps.
+~~~
+
 
-     
 
 **To install the Recovery Database**
 
@@ -87,10 +92,10 @@ The following steps describe how to install general MBAM features.
 
 2.  Specify the computer names of the computers that will be running the Administration and Monitoring Server and the Compliance and Audit Reports. After the Administration and Monitoring and the Compliance and Audit Reports Server are deployed, they use their domain accounts to connect to the databases.
 
-    **Note**  
+    **Note**  
     If you are installing the Compliance and Audit Database without the Compliance and Audit Reports feature, you must add an exception on the Compliance and Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
 
-     
+
 
 3.  Specify the SQL Server instance name and the name of the database that will store the compliance and audit data. You must also specify where the database and log information will be located.
 
@@ -100,10 +105,10 @@ The following steps describe how to install general MBAM features.
 
 1.  On the **Configure the Compliance and Audit Reports** page, specify the remote SQL Server instance name (for example, <ServerName>) where the Compliance and Audit Database was installed.
 
-    **Note**  
+    **Note**  
     If you are installing the Compliance and Audit Reports without the Administration and Monitoring Server, you must add an exception on the Compliance and Audit Report computer to enable inbound traffic on the Reporting Server port (the default port is 80).
 
-     
+
 
 2.  Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, although you can change the name when you install the Compliance and Audit Database.
 
@@ -133,10 +138,10 @@ The following steps describe how to install general MBAM features.
 
 9.  Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring Server.
 
-    **Note**  
+    **Note**  
     The port number that you specify must be an unused port number on the Administration and Monitoring server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically.
 
-     
+
 
 10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
@@ -148,85 +153,85 @@ The following steps describe how to install general MBAM features.
 
 14. Click **Finish** to exit the wizard.
 
-    **Note**  
+    **Note**  
     To configure the Self-Service Portal after you installed it, brand the Self-Service Portal with your company name and other company-specific information, see [How to Brand the Self-Service Portal](how-to-brand-the-self-service-portal.md) for instructions.
 
-     
+
 
 15. If the client computers have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, you are finished with the Self-Service Portal installation. If the client computers does not have access to the Microsoft CDN, complete the steps in the next section to configure the Self-Service Portal to reference the JavaScript files from an accessible source.
 
 **To configure the Self-Service Portal when end users cannot access the Microsoft Content Delivery Network**
 
-1.  If the client computers have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, the Self-Service Portal installation is completed. If the client computers do not have access to the Microsoft CDN, complete the remaining steps in this section to configure the Self-Service Portal to reference the JavaScript files from an accessible source.
+1. If the client computers have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, the Self-Service Portal installation is completed. If the client computers do not have access to the Microsoft CDN, complete the remaining steps in this section to configure the Self-Service Portal to reference the JavaScript files from an accessible source.
 
-2.  Download the four JavaScript files from the Microsoft CDN:
+2. Download the four JavaScript files from the Microsoft CDN:
 
-    -   jQuery-1.7.2.min.js - [https://go.microsoft.com/p/fwlink/?LinkID=271736](https://go.microsoft.com/fwlink/p/?LinkID=271736)
+   -   jQuery-1.7.2.min.js - [https://go.microsoft.com/p/fwlink/?LinkID=271736](https://go.microsoft.com/fwlink/p/?LinkID=271736)
 
-    -   MicrosoftAjax.js –[https://go.microsoft.com/p/fwlink/?LinkId=272283](https://go.microsoft.com/fwlink/p/?LinkId=272283)
+   -   MicrosoftAjax.js –[https://go.microsoft.com/p/fwlink/?LinkId=272283](https://go.microsoft.com/fwlink/p/?LinkId=272283)
 
-    -   MicrosoftMvcAjax.js - [https://go.microsoft.com/p/fwlink/?LinkId=272284](https://go.microsoft.com/fwlink/p/?LinkId=272284)
+   -   MicrosoftMvcAjax.js - [https://go.microsoft.com/p/fwlink/?LinkId=272284](https://go.microsoft.com/fwlink/p/?LinkId=272284)
 
-    -   MicrosoftMvcValidation.js - 
+   -   MicrosoftMvcValidation.js - 
 
-3.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *<MBAM Self-Service Install Directory>\\*Self Service Website\\Scripts.
+3. Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in <MBAM Self-Service Install Directory>\\Self Service Website\\Scripts.
 
-4.  Open **Internet Information Services (IIS) Manager**.
+4. Open **Internet Information Services (IIS) Manager**.
 
-5.  Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**.
+5. Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**.
 
-    **Note**  
-    *SelfService* is the default virtual directory name. If you chose a different name for this directory during installation, remember to replace *SelfService* in the rest of these instructions with the name you chose.
+   **Note**  
+   *SelfService* is the default virtual directory name. If you chose a different name for this directory during installation, remember to replace *SelfService* in the rest of these instructions with the name you chose.
 
-     
 
-6.  In the middle pane, double-click **Application Settings**.
 
-7.  For each item in the following list, edit the application settings to reference the new location by replacing <virtual directory> with /SelfService/ (or the name you chose during installation). For example, the virtual directory path will be similar to /selfservice/scripts/jquery-1.7.2.min.js.
+6. In the middle pane, double-click **Application Settings**.
 
-    -   jQueryPath: /<virtual directory>/Scripts/ jQuery-1.7.2.min.js
+7. For each item in the following list, edit the application settings to reference the new location by replacing <virtual directory> with /SelfService/ (or the name you chose during installation). For example, the virtual directory path will be similar to /selfservice/scripts/jquery-1.7.2.min.js.
 
-    -   MicrosoftAjaxPath: /<virtual directory>/Scripts/ MicrosoftAjax.js
+   -   jQueryPath: /<virtual directory>/Scripts/ jQuery-1.7.2.min.js
 
-    -   MicrosoftMvcAjaxPath: /<virtual directory>/Scripts/ MicrosoftMvcAjax.js
+   -   MicrosoftAjaxPath: /<virtual directory>/Scripts/ MicrosoftAjax.js
 
-    -   MicrosoftMvcValidationPath: /<virtual directory>/Scripts/ MicrosoftMvcValidation.js
+   -   MicrosoftMvcAjaxPath: /<virtual directory>/Scripts/ MicrosoftMvcAjax.js
+
+   -   MicrosoftMvcValidationPath: /<virtual directory>/Scripts/ MicrosoftMvcValidation.js
 
 **To install the Administration and Monitoring Server feature**
 
-1.  MBAM can encrypt the communication between the Web Services and the Administration and Monitoring servers. If you choose the option to encrypt the communication, you are prompted to select the certification authority-provisioned certificate to use for encryption.
+1. MBAM can encrypt the communication between the Web Services and the Administration and Monitoring servers. If you choose the option to encrypt the communication, you are prompted to select the certification authority-provisioned certificate to use for encryption.
 
-2.  Click **Next** to continue.
+2. Click **Next** to continue.
 
-3.  Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Compliance and Audit Database was installed.
+3. Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Compliance and Audit Database was installed.
 
-4.  Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status. However, you can change the name when you install the Compliance and Audit Database.
+4. Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status. However, you can change the name when you install the Compliance and Audit Database.
 
-5.  Click **Next** to continue.
+5. Click **Next** to continue.
 
-6.  Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Recovery Database was installed.
+6. Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Recovery Database was installed.
 
-7.  Specify the name of the Recovery Database. By default, the database name is **MBAM Recovery and Hardware**. However, you can change the name when you install the Recovery Database feature.
+7. Specify the name of the Recovery Database. By default, the database name is **MBAM Recovery and Hardware**. However, you can change the name when you install the Recovery Database feature.
 
-8.  Click **Next** to continue.
+8. Click **Next** to continue.
 
-9.  Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at:
+9. Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at:
 
-    http://*<NameofMBAMReportsServer>/*ReportServer
+   http://<NameofMBAMReportsServer>/ReportServer
+
+   **Note**  
+   If SQL Server Reporting Services was configured as a named instance, the URL resembles the following: http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>*.
 
-    **Note**  
-    If SQL Server Reporting Services was configured as a named instance, the URL resembles the following: http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>*.
 
-     
 
 10. Click **Next** to continue.
 
 11. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring Server.
 
-    **Note**  
+    **Note**  
     The port number that you specify must be an unused port number on the Administration and Monitoring server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically.
 
-     
+
 
 12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
@@ -250,10 +255,10 @@ The following steps describe how to install general MBAM features.
 
     -   **MBAM Report Users**: Members of this local group can access the reports on the MBAM Administration and Monitoring website.
 
-    **Note**  
+    **Note**  
     Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and the Compliance and Audit Reports are installed.
 
-     
+
 
 ## Validating the MBAM Server Feature Installation
 
@@ -262,73 +267,77 @@ When Microsoft BitLocker Administration and Monitoring Server feature installati
 
 **To validate an MBAM Server installation**
 
-1.  On each server where an MBAM feature is deployed, open **Control Panel**, select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
+1. On each server where an MBAM feature is deployed, open **Control Panel**, select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
 
-    **Note**  
-    To validate the MBAM installation, you must use a domain account that has local computer administrative credentials on each server.
+   **Note**  
+   To validate the MBAM installation, you must use a domain account that has local computer administrative credentials on each server.
 
-     
 
-2.  On the server where the Recovery Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
 
-3.  On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status Database** is installed.
+2. On the server where the Recovery Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed.
 
-4.  On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site.
+3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status Database** is installed.
 
-    The default Home location of a SQL Server Reporting Services site instance can be found is at http://*<NameofMBAMReportsServer>*/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that were specified during setup.
+4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site.
 
-    Confirm that a reports folder named **Microsoft BitLocker Administration and Monitoring** contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports.
+   The default Home location of a SQL Server Reporting Services site instance can be found is at http://<NameofMBAMReportsServer>/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that were specified during setup.
 
-    **Note**  
-    If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
+   Confirm that a reports folder named **Microsoft BitLocker Administration and Monitoring** contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports.
 
-     
+   **Note**  
+   If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>*
 
-    **Note**  
-    If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
 
-     
 
-5.  On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**.
+~~~
+**Note**  
+If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
+~~~
 
-6.  In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-7.  On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully.
 
-    **Note**  
-    The URLs ending in “.svc” do not display a website. Success is indicated by the message “Metadata publishing for this service is currently disabled” or by information resembling code. If you see some other error message or if the page cannot be found, the page has not loaded successfully.
+5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**.
 
-     
+6. In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed.
 
-    -   *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports
+7. On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully.
 
-    -   *http://<hostname>/SelfService>/*
+   **Note**  
+   The URLs ending in “.svc” do not display a website. Success is indicated by the message “Metadata publishing for this service is currently disabled” or by information resembling code. If you see some other error message or if the page cannot be found, the page has not loaded successfully.
 
-    -   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
 
-    -   *http://<hostname>/MBAMUserSupportService/UserSupportService.svc*
 
-    -   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
+~~~
+-   *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports
 
-    -   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+-   *http://<hostname>/SelfService>/*
 
-    **Note**  
-    It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.aspx* or*http://<hostname>:<port>/<virtualdirectory>/default.aspx*
+-   *http://<computername>/MBAMAdministrationService/AdministrationService.svc*
 
-    If the server features were installed with network encryption, change http:// to https://.
+-   *http://<hostname>/MBAMUserSupportService/UserSupportService.svc*
 
-     
+-   *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc*
 
-8.  Verify that each webpage loads successfully.
+-   *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc*
+
+**Note**  
+It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.aspx* or*http://<hostname>:<port>/<virtualdirectory>/default.aspx*
+
+If the server features were installed with network encryption, change http:// to https://.
+~~~
+
+
+
+8. Verify that each webpage loads successfully.
 
 ## Related topics
 
 
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md b/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md
index 155f6db7ef..a01c49e93e 100644
--- a/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md
+++ b/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install MBAM with Configuration Manager
 description: How to Install MBAM with Configuration Manager
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fd0832e4-3b79-4e56-9550-d2f396be6d09
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
 
 `MbamSetup.exe CM_SSRS_INSTANCE_NAME=`
 
- 
+ 
 
 **To install MBAM on the Configuration Manager Server**
 
@@ -40,7 +43,7 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
 
     Additional setup log files are created in the %temp% folder on the computer of the user who is installing Configuration Manager.
 
-     
+     
 
 2.  On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**.
 
@@ -53,7 +56,7 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
     **Note**  
     On the **Checking Prerequisites** page, click **Next** after the installation wizard checks the prerequisites for your installation and confirms that none are missing. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again.**
 
-     
+     
 
 6.  Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. Using Microsoft Updates does not turn on Automatic Updates in Windows.
 
@@ -78,7 +81,7 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
     **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes.
 
-     
+     
 
 6.  On the **Configure the Recovery Database** page, specify the names of the computers that will be running the Administration and Monitoring Server feature. After the Administration and Monitoring Server feature is deployed, it uses its domain account to connect to the database.
 
@@ -95,7 +98,7 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
     **Note**  
     If you are installing the Audit Database without the Audit Reports feature, you must add an exception on the Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
 
-     
+     
 
 12. Specify the SQL Server instance name and the name of the database that will store the audit data. You must also specify where the database and log information will be located.
 
@@ -116,14 +119,14 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
     **Note**  
     The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes.
 
-     
+     
 
 6.  Install the Self-Service Portal by following the steps in the **To install the Self-Service Portal** section in [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md).
 
     **Note**  
     If the client computers will not have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, complete the steps in the **To configure the Self-Service Portal when end users cannot access the Microsoft Content Delivery Network** section [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md) to configure the Self-Service Portal to reference the JavaScript files from an accessible source.
 
-     
+     
 
 7.  Install the Administration and Monitoring Server features by following the steps in the **To install the Administration and Monitoring Server feature** section in [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md).
 
@@ -136,9 +139,9 @@ If you are using a non-default SQL Server Reporting Services (SSRS) instance, yo
 
 [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md b/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md
index 23cbf71a1e..44d57820c6 100644
--- a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md
+++ b/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the MBAM 2.0 Group Policy Template
 description: How to Install the MBAM 2.0 Group Policy Template
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bc193232-d060-4285-842e-d194a74dd3c9
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ The following steps describe how to install the MBAM Group Policy template.
 **Note**  
 Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers.
 
- 
+ 
 
 **To install the MBAM Group Policy template**
 
@@ -36,7 +39,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
     **Note**  
     The installation wizard checks the prerequisites for your installation and displays prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. Once all prerequisites are met, the installation will resume.
 
-     
+     
 
 5.  For specific steps about how and where to install the templates, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx).
 
@@ -47,9 +50,9 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o
 
 [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md b/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md
index ded893ffa2..39812a5a36 100644
--- a/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md
+++ b/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage MBAM Administrator Roles
 description: How to Manage MBAM Administrator Roles
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 813ac0c4-3cf9-47af-b4cb-9395fd915e5c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md b/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md
index b6e7348e9b..e449e25cfc 100644
--- a/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md
+++ b/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel
 description: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel
-author: jamiejdt
+author: msfttracyp
 ms.assetid: e2ff153e-5770-4a12-b79d-cda998b8a8ab
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md b/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md
index c38109829c..f338e9a016 100644
--- a/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md
+++ b/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage User BitLocker Encryption Exemptions
 description: How to Manage User BitLocker Encryption Exemptions
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1bfd9d66-6a9a-4d0e-b54a-e5a6627f5ada
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ To exempt users from BitLocker protection, an organization will have to create a
 **Note**  
 If the computer is already BitLocker-protected, the user exemption policy has no effect.
 
- 
+ 
 
 The following table shows how BitLocker protection is applied based on how exemptions are set.
 
@@ -52,7 +55,7 @@ The following table shows how BitLocker protection is applied based on how exemp
 
 
 
- 
+ 
 
 **To exempt a user from BitLocker encryption**
 
@@ -65,7 +68,7 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Important**  
     Shared computer scenarios require special consideration when using user exemptions. If a non-exempt user logs on to a computer shared with an exempt user, the computer may be encrypted.
 
-     
+     
 
 **To enable users to request an exemption from BitLocker encryption**
 
@@ -76,7 +79,7 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Note**  
     Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy.
 
-     
+     
 
 3.  If users select **Request Exemption**, they receive a notification telling them to contact your organization’s BitLocker administration group. Depending on how the Configure User Exemption Policy is configured, users are provided with one or more of the following contact methods:
 
@@ -91,16 +94,16 @@ The following table shows how BitLocker protection is applied based on how exemp
     **Note**  
     Once a user submits an exemption request, the MBAM agent reports the user as “temporarily exempt” and then waits a configurable number of days before it checks the computer’s compliance again. If the MBAM administrator rejects the exemption request, the exemption request option is deactivated, which prevents the user from being able to request the exemption again.
 
-     
+     
 
 ## Related topics
 
 
 [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md b/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md
index 81cd446452..46aeb38af7 100644
--- a/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md
+++ b/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move MBAM 2.0 Features to Another Computer
 description: How to Move MBAM 2.0 Features to Another Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 49bc0792-60a4-473f-89cc-ada30191e04a
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -53,10 +56,10 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To run this PowerShell command line, the IIS Module for PowerShell must be added to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable execution of scripts.
 
-     
+
 
 **Run MBAM Setup on Server B**
 
@@ -66,7 +69,7 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=KeyDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ TOPOLOGY=$X$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery Database will be moved.
@@ -75,7 +78,7 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     -   $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology.
 
-     
+
 
 **Back Up the Recovery Database on Server A**
 
@@ -129,23 +132,23 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `GO`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $PASSWORD$ - Enter a password that you will use to encrypt the Private Key file.
 
-     
+
 
 3.  Run the SQL File by using SQL Server PowerShell and a command line that is similar to the following:
 
     `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance from which the Recovery Database will be backed up.
 
-     
+
 
 **Move the Recovery Database and Certificate from Server A to Server B**
 
@@ -161,14 +164,14 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” \\$SERVERNAME$\$DESTINATIONSHARE$`
 
-    **Note**  
+    **Note**  
     Replace the following value in the example above with those that match your environment:
 
     -   $SERVERNAME$ - Enter the name of the server to which the files will be copied.
 
     -   $DESTINATIONSHARE$ - Enter the name of the share and path to which the files will be copied.
 
-     
+
 
 **Restore the Recovery Database on Server B**
 
@@ -218,23 +221,23 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `   WITH REPLACE`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $PASSWORD$ - Enter a password that you used to encrypt the Private Key file.
 
-     
+
 
 5.  You can use Windows PowerShell to enter a command line that is similar to the following:
 
     `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the following value in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery Database will be restored.
 
-     
+
 
 **Configure Access to the Recovery Database on Server B**
 
@@ -246,45 +249,47 @@ To move the Recovery Database from one computer to another (for example, from Se
 
     `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$  /add`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a $, as shown in the example (for example, MyDomain\\MyServerName1$).
 
-     
 
-    This command line must be run for each Administration and Monitoring Server that will be accessing the database in your environment.
+
+~~~
+This command line must be run for each Administration and Monitoring Server that will be accessing the database in your environment.
+~~~
 
 **Update the Recovery Database Connection Data on the MBAM Administration and Monitoring Servers**
 
-1.  On each of the servers running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Administration and Monitoring website:
+1. On each of the servers running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Administration and Monitoring website:
 
-    -   MBAMAdministrationService
+   -   MBAMAdministrationService
 
-    -   MBAMRecoveryAndHardwareService
+   -   MBAMRecoveryAndHardwareService
 
-2.  Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**.
+2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**.
 
-3.  Select the **configurationStrings** option from the **Section list** control.
+3. Select the **configurationStrings** option from the **Section list** control.
 
-4.  Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row.
+4. Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row.
 
-5.  In the **Collection Editor**, select the row named **KeyRecoveryConnectionString** when updating the configuration for the MBAMAdministrationService application or the row named **Microsoft.Mbam.RecoveryAndHardwareDataStore.**ConnectionString when updating the configuration for the MBAMRecoveryAndHardwareService.
+5. In the **Collection Editor**, select the row named **KeyRecoveryConnectionString** when updating the configuration for the MBAMAdministrationService application or the row named Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString when updating the configuration for the MBAMRecoveryAndHardwareService.
 
-6.  Update the **Data Source=** value for the **configurationStrings** property to list the server name and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME$) where the Recovery Database was moved to.
+6. Update the **Data Source=** value for the **configurationStrings** property to list the server name and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME$) where the Recovery Database was moved to.
 
-7.  To automate this procedure, you can use Windows to enter a command line, that is similar to the following, on each Administration and Monitoring Server:
+7. To automate this procedure, you can use Windows to enter a command line, that is similar to the following, on each Administration and Monitoring Server:
 
-    `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”`
+   `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”`
 
-    `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"`
+   `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"`
 
-    **Note**  
-    Replace the following value in the example above with those that match your environment:
+   **Note**  
+   Replace the following value in the example above with those that match your environment:
+
+   -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery Database is.
 
-    -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery Database is.
 
-     
 
 **Resume all Instances of the MBAM Administration and Monitoring Website**
 
@@ -325,10 +330,10 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> Stop-s “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To run this command line, you must add the IIS Module for PowerShell to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable scripts to be run.
 
-     
+
 
 **Run MBAM Setup on Server B**
 
@@ -338,7 +343,7 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal= ReportsDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$ COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNT=$DOMAIN$\$USERNAME$ TOPOLOGY=$X$`
 
-    **Note**  
+    **Note**  
     Note: Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database will be moved to.
@@ -349,7 +354,7 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     -   $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology.
 
-     
+
 
 **Back Up the Compliance and Audit Database on Server A**
 
@@ -391,12 +396,12 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" –ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the following value in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit database will be backed up from.
 
-     
+
 
 **Move the Compliance and Audit Database from Server A to B**
 
@@ -408,14 +413,14 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> Copy-Item “Z:\MBAM Compliance Status Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$ - Enter the server name where the files will be copied to.
 
     -   $DESTINATIONSHARE$ - Enter the name of share and path where the files will be copied to.
 
-     
+
 
 **Restore the Compliance and Audit Database on Server B**
 
@@ -443,12 +448,12 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$`
 
-    **Note**  
+    **Note**  
     Replace the following value in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database will be restored to.
 
-     
+
 
 **Configure Access to the Compliance and Audit Database on Server B**
 
@@ -462,16 +467,18 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$REPORTSUSERNAME$  /add`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a “$” as shown in the example. (for example, MyDomain\\MyServerName1$)
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit Reports.
 
-     
 
-    The command line for adding the servers to the MBAM Compliance and Audit Database access local group must be run for each Administration and Monitoring Server that will be accessing the database in your environment.
+
+~~~
+The command line for adding the servers to the MBAM Compliance and Audit Database access local group must be run for each Administration and Monitoring Server that will be accessing the database in your environment.
+~~~
 
 **Update the Database Connection Data on MBAM Administration and Monitoring Servers**
 
@@ -497,12 +504,12 @@ If you want to move the MBAM Compliance and Audit Database from one computer to
 
     `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMComplianceStatusService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery Database is located.
 
-     
+
 
 **Resume All Instances of the MBAM Administration and Monitoring Website**
 
@@ -535,7 +542,7 @@ If you want to move the MBAM Compliance and Audit Reports from one computer to a
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=Reports COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNTPW=$PASSWORD$ TOPOLOGY=$X$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database is located.
@@ -546,7 +553,7 @@ If you want to move the MBAM Compliance and Audit Reports from one computer to a
 
     -   $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology.
 
-     
+
 
 **Configure Access to the Compliance and Audit Reports on Server B**
 
@@ -556,14 +563,16 @@ If you want to move the MBAM Compliance and Audit Reports from one computer to a
 
     `PS C:\> net localgroup "MBAM Report Users" $DOMAIN$\$REPORTSUSERNAME$  /add`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with the applicable values for your environment:
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports.
 
-     
 
-    The command line for adding the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment.
+
+~~~
+The command line for adding the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment.
+~~~
 
 **Stop All Instances of the MBAM Administration and Monitoring Website**
 
@@ -575,30 +584,30 @@ If you want to move the MBAM Compliance and Audit Reports from one computer to a
 
 **Update the Database Connection Data on the MBAM Administration and Monitoring Servers**
 
-1.  On each server that is running the MBAM Administration and Monitoring Server feature, use the Internet Information Services (IIS) Manager console to update the Compliance and Audit Reports URL.
+1. On each server that is running the MBAM Administration and Monitoring Server feature, use the Internet Information Services (IIS) Manager console to update the Compliance and Audit Reports URL.
 
-2.  Select the **Microsoft BitLocker Administration and Monitoring** website, and use the **Configuration Editor** feature that is location under the **Management** section of the **Feature View**.
+2. Select the **Microsoft BitLocker Administration and Monitoring** website, and use the **Configuration Editor** feature that is location under the **Management** section of the **Feature View**.
 
-3.  Select the **appSettings** option from the **Section list** control.
+3. Select the **appSettings** option from the **Section list** control.
 
-4.  Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row.
+4. Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row.
 
-5.  In the **Collection Editor**, select the row named **Microsoft.Mbam.Reports.Url**.
+5. In the **Collection Editor**, select the row named **Microsoft.Mbam.Reports.Url**.
 
-6.  Update the value for **Microsoft.Mbam.Reports.Url** to reflect the server name for Server B. If the Compliance and Audit Reports feature was installed on a named SQL Reporting Services instance, be sure to add or update the name of the instance to the URL (for example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages....)
+6. Update the value for **Microsoft.Mbam.Reports.Url** to reflect the server name for Server B. If the Compliance and Audit Reports feature was installed on a named SQL Reporting Services instance, be sure to add or update the name of the instance to the URL (for example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages....)
 
-7.  To automate this procedure, you can use Windows PowerShell to enter a command line on each Administration and Monitoring Server that is similar to the following:
+7. To automate this procedure, you can use Windows PowerShell to enter a command line on each Administration and Monitoring Server that is similar to the following:
 
-    `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\ \sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/ Microsoft+BitLocker+Administration+and+Monitoring/”`
+   `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\ \sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/ Microsoft+BitLocker+Administration+and+Monitoring/”`
 
-    **Note**  
-    Replace the following values in the example above with those that match your environment:
+   **Note**  
+   Replace the following values in the example above with those that match your environment:
 
-    -   $SERVERNAME$ - Enter the name of the server name to which the Compliance and Audit Reports were installed.
+   -   $SERVERNAME$ - Enter the name of the server name to which the Compliance and Audit Reports were installed.
+
+   -   $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed.
 
-    -   $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed.
 
-     
 
 **Resume All Instances of the MBAM Administration and Monitoring Website**
 
@@ -608,10 +617,10 @@ If you want to move the MBAM Compliance and Audit Reports from one computer to a
 
     `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”`
 
-    **Note**  
+    **Note**  
     To run this command line, you must add the IIS Module for PowerShell to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable scripts to be run.
 
-     
+
 
 ## Moving the Administration and Monitoring Feature
 
@@ -630,7 +639,7 @@ If you want to move the MBAM Administration and Monitoring Reports feature from
 
     `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=AdministrationMonitoringServer, COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ SRS_REPORTSITEURL=$REPORTSSERVERURL$ TOPOLOGY=$X$`
 
-    **Note**  
+    **Note**  
     Replace the following values in the example above with those that match your environment:
 
     -   $SERVERNAME$\\$SQLINSTANCENAME$ - For the COMPLIDB\_SQLINSTANCE parameter, enter the server name and instance where the Compliance and Audit Database is located. For the RECOVERYANDHWDB\_SQLINSTANCE parameter, enter the server name and instance where the Recovery Database is located.
@@ -641,7 +650,7 @@ If you want to move the MBAM Administration and Monitoring Reports feature from
 
     -   $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology.
 
-     
+
 
 **Configure Access to the Databases**
 
@@ -655,25 +664,27 @@ If you want to move the MBAM Administration and Monitoring Reports feature from
 
     `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$  /add`
 
-    **Note**  
+    **Note**  
     Replace the following value in the example above with the applicable values for your environment:
 
     -   $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the Administration and Monitoring Server. The server name must be followed by a “$” symbol, as shown in the example (for example, MyDomain\\MyServerName1$).
 
     -   $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit Reports.
 
-     
 
-    The command lines that are listed for adding server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment.
+
+~~~
+The command lines that are listed for adding server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment.
+~~~
 
 ## Related topics
 
 
 [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md
index 46f377f7b0..dd4da603f5 100644
--- a/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md
+++ b/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Corrupted Drive
 description: How to Recover a Corrupted Drive
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b0457a00-f72e-4ad8-ab3b-7701851ca87e
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ To recover a corrupted drive protected by BitLocker, a Microsoft BitLocker Admin
 **Important**  
 To avoid a potential loss of data, it is strongly recommended that you read the “repair-bde” help and clearly understand how to use the command before completing the following instructions.
 
- 
+ 
 
 **To recover a corrupted drive**
 
@@ -30,7 +33,7 @@ To avoid a potential loss of data, it is strongly recommended that you read the
     **Note**  
     If you are a member of the Help Desk Administrators role, you do not have to enter the user’s domain name or user name.
 
-     
+     
 
 3.  Click **Submit**. The recovery key will be displayed.
 
@@ -47,16 +50,16 @@ To avoid a potential loss of data, it is strongly recommended that you read the
     **Note**  
     Replace <fixed drive> with an available hard disk drive that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified hard disk drive.
 
-     
+     
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md
index 540f4086f2..433c97297f 100644
--- a/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md
+++ b/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Drive in Recovery Mode
 description: How to Recover a Drive in Recovery Mode
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8b792bc8-b671-4345-9d37-0208db3e5b03
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,10 +21,10 @@ The encrypted drive recovery features of Microsoft BitLocker Administration and
 
 Use this procedure to access the centralized key recovery data system, which can provide a recovery password if a recovery password ID and associated user identifier are supplied.
 
-**Important**  
+**Important**  
 Microsoft BitLocker Administration and Monitoring uses single-use recovery keys that expire upon use. The single use of a recovery password is automatically applied to operating system drives and fixed drives. On removable drives, it is applied when the drive is removed and then re-inserted and unlocked on a computer that has Group Policy settings activated to manage removable drives.
 
- 
+
 
 **To recover a drive in recovery mode**
 
@@ -33,38 +36,40 @@ Microsoft BitLocker Administration and Monitoring uses single-use recovery keys
 
 4.  Select one of the predefined options from the **Reason for Drive Unlock** list, and then click **Submit**.
 
-    **Note**  
+    **Note**  
     If you are an MBAM Advanced Helpdesk user, the user domain and user ID entries are not required.
 
-     
 
-    MBAM returns the following:
 
-    -   An error message if no matching recovery password is found
+~~~
+MBAM returns the following:
 
-    -   Multiple possible matches if the user has multiple matching recovery passwords
+-   An error message if no matching recovery password is found
 
-    -   The recovery password and recovery package for the submitted user
+-   Multiple possible matches if the user has multiple matching recovery passwords
 
-        **Note**  
-        If you are recovering a damaged drive, the recovery package option provides BitLocker with critical information that it needs to recover the drive.
+-   The recovery password and recovery package for the submitted user
 
-         
+    **Note**  
+    If you are recovering a damaged drive, the recovery package option provides BitLocker with critical information that it needs to recover the drive.
 
-    After the recovery password and recovery package are retrieved, the recovery password is displayed.
 
-5.  To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file.
 
-    When the user types the recovery password into the system or uses the recovery package, the drive is unlocked.
+After the recovery password and recovery package are retrieved, the recovery password is displayed.
+~~~
+
+5. To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file.
+
+   When the user types the recovery password into the system or uses the recovery package, the drive is unlocked.
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md
index 80c704ba6f..c562f3e90c 100644
--- a/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md
+++ b/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Moved Drive
 description: How to Recover a Moved Drive
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 697cd78d-962c-411e-901a-2e9220ba6552
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +28,7 @@ When you move an operating system drive that is encrypted by using Microsoft Bit
     **Note**  
     In some cases, you may be able to click **I forgot the PIN** during the startup process, and then enter the recovery mode to display the recovery key ID.
 
-     
+     
 
 3.  Use the recovery key ID to retrieve the recovery password and unlock the drive from the Administration and Monitoring website.
 
@@ -38,9 +41,9 @@ When you move an operating system drive that is encrypted by using Microsoft Bit
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md b/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md
index a81fcfacd6..9736d6ac88 100644
--- a/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md
+++ b/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Reset a TPM Lockout
 description: How to Reset a TPM Lockout
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 20719ab2-18ae-4d3b-989a-539341909816
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -36,30 +39,32 @@ You can reset a TPM lockout only if MBAM owns the TPM.
 
     -   The TPM owner password file for the submitted computer
 
-    **Note**  
+    **Note**  
     If you are an Advanced Helpdesk user, the user domain and user ID fields are not required.
 
-     
 
-    After the TPM owner password is retrieved, the owner password is displayed.
 
-5.  To save the password to a .tpm file, click the **Save** button.
+~~~
+After the TPM owner password is retrieved, the owner password is displayed.
+~~~
 
-    The user will run the TPM management console, select the **Reset TPM lockout** option, and provide the TPM owner password file to reset the TPM lockout.
+5. To save the password to a .tpm file, click the **Save** button.
+
+   The user will run the TPM management console, select the **Reset TPM lockout** option, and provide the TPM owner password file to reset the TPM lockout.
+
+   **Important**  
+   Help Desk administrators should not give the TPM hash value or TPM owner password file to end users. The TPM information does not change, so it could pose a security risk if the file is given to end users.
 
-    **Important**  
-    Help Desk administrators should not give the TPM hash value or TPM owner password file to end users. The TPM information does not change, so it could pose a security risk if the file is given to end users.
 
-     
 
 ## Related topics
 
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md
index 5524d28bc3..0b67f68365 100644
--- a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md
+++ b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use a Command Line to Install the MBAM Client
 description: How to Use a Command Line to Install the MBAM Client
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 4dc8f944-c2fd-4d89-aed6-e9dc77de3ae4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md
index e0e5b3519f..e9c34d8cd9 100644
--- a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md
+++ b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use a Command Line to Install the MBAM Server
 description: How to Use a Command Line to Install the MBAM Server
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6ffc6d41-a793-42c2-b997-95ba47550648
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -88,7 +91,7 @@ The following table describes the command line parameters for deploying the MBAM
 
 
 
          REPORTS_USERACCOUNT
          
-
          [UserDomain]\[UserName1]
          
+
          [UserDomain][UserName1]
          
 
          Domain and user account of the Reporting Services service account that will access the Compliance and Audit database
          
 
 
@@ -124,7 +127,7 @@ The following table describes the command line parameters for deploying the MBAM
 
 
 
- 
+ 
 
 ## Command Line for Deploying the MBAM 2.0 Server with the Configuration Manager Topology
 
@@ -178,7 +181,7 @@ The following table describes the command line parameters for installing the MBA
 
 
 
          REPORTS_USERACCOUNT
          
-
          [UserDomain]\[UserName1]
          
+
          [UserDomain][UserName1]
          
 
          Domain and user account of the Reporting Services service account that will access the Compliance and Audit database
          
 
 
@@ -199,16 +202,16 @@ The following table describes the command line parameters for installing the MBA
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-use-the-help-desk-portal.md b/mdop/mbam-v2/how-to-use-the-help-desk-portal.md
index f94d8bbb0d..285a8e790c 100644
--- a/mdop/mbam-v2/how-to-use-the-help-desk-portal.md
+++ b/mdop/mbam-v2/how-to-use-the-help-desk-portal.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Help Desk Portal
 description: How to Use the Help Desk Portal
-author: jamiejdt
+author: msfttracyp
 ms.assetid: c27f7737-10c8-4164-9de8-57987292c89c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -57,7 +60,7 @@ You can use the Administration and Monitoring website for many administrative ta
 **Note**  
 To access the various features offered by the Administration and Monitoring website, you must have the appropriate roles associated with your user account. For more information about understanding user roles, see [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md).
 
- 
+ 
 
 Use the following links to find information about the tasks that you can perform by using the Administration and Monitoring website:
 
@@ -71,9 +74,9 @@ Use the following links to find information about the tasks that you can perform
 
 -   [How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md b/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md
index 8d0fd5e6b0..298322fa61 100644
--- a/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md
+++ b/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Self-Service Portal to Regain Access to a Computer
 description: How to Use the Self-Service Portal to Regain Access to a Computer
-author: jamiejdt
+author: msfttracyp
 ms.assetid: bcf095de-0237-4bb0-b450-da8fb6d6f3d0
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,12 +22,12 @@ If end users get locked out of Windows by BitLocker because they forgot their pa
 **Note**  
 If the IT administrator configured an IIS Session State time-out, a message is displayed 60 seconds prior to the time-out.
 
- 
+ 
 
 **Note**  
 These instructions are written for and from the perspective of end users.
 
- 
+ 
 
 **To use the Self-Service Portal to regain access to a computer**
 
@@ -33,7 +36,7 @@ These instructions are written for and from the perspective of end users.
     **Note**  
     If the first eight digits match multiple keys, a message displays that requires you to enter all 32 digits of the recovery key ID.
 
-     
+     
 
 2.  In the **Reason** field, select a reason for your request for the recovery key.
 
@@ -46,9 +49,9 @@ These instructions are written for and from the perspective of end users.
 
 [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
index 78e6044a28..06bda1be6f 100644
--- a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
+++ b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
@@ -1,8 +1,11 @@
 ---
 title: How to Validate the MBAM Installation with Configuration Manager
 description: How to Validate the MBAM Installation with Configuration Manager
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 8e268539-91c3-4e8a-baae-faf3605da818
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
     **Note**  
     To validate the installation, you must use a domain account that has local computer administrative credentials on each server.
 
-     
+     
 
 2.  Use the Configuration Manager console to confirm that a new collection, called “MBAM Supported Computers,” is displayed.
 
@@ -66,9 +69,9 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
 
 [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md b/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md
index 7ad10b81cc..054f13ffd9 100644
--- a/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Maintaining MBAM 2.0
 description: Maintaining MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6479e093-840d-45d5-b759-1179aeeeefeb
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md
index 43c3897209..a4c029a574 100644
--- a/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Deployment Checklist
 description: MBAM 2.0 Deployment Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 7905d31d-f21c-4683-b9c4-95b815e08fab
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 This checklist can be used to help you during Microsoft BitLocker Administration and Monitoring (MBAM) deployment with a Stand-alone topology.
 
-**Note**  
+**Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when deploying Microsoft BitLocker Administration and Monitoring features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+
 
 @@ -40,13 +43,13 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
@@ -61,46 +64,45 @@ This checklist outlines the recommended steps and a high-level list of items to
 
        • MBAM Group Policy template
          • 
-Note  
-
          Keep track of the names of the servers each feature is installed on. This information will be used throughout the installation process.
          
+Note
          Keep track of the names of the servers each feature is installed on. This information will be used throughout the installation process.
          
 
          
- 
+
 
          
-
+
-
-
+
+
-
+
-
+
          
 

          
 Checklist box
 
          Complete the planning phase to prepare the computing environment for MBAM deployment.
          [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md)
          MBAM 2.0 Planning Checklist
          		
 
          		
 
          
 
          
 Checklist box
 
          Review the MBAM supported configurations information to make sure selected client and server computers are supported for MBAM feature installation.
          [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
          MBAM 2.0 Supported Configurations
          		
 
          		
 
          
 
          
 
 
 
          [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
          Deploying the MBAM 2.0 Server Infrastructure
          		
 
          		
 
          
 
          
 Checklist box
          Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on appropriate servers.
          [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md) and [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md)
          Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on appropriate servers.
          Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles
          		
 
          		
 
          
 
          
 Checklist box
 
          Create and deploy required MBAM Group Policy Objects.
          [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
          Deploying MBAM 2.0 Group Policy Objects
          		
 
          		
 
          
 
          
 Checklist box
 
          Deploy the MBAM Client software.
          [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
          Deploying the MBAM 2.0 Client
          		
 
          		
 
          
           
 
          
 
- 
+
 
 ## Related topics
 
 
 [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
index 7d4809eac0..2dab81a1ef 100644
--- a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Deployment Prerequisites
 description: MBAM 2.0 Deployment Prerequisites
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 57d1c2bb-5ea3-457e-badd-dd9206ff0f20
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -88,12 +91,12 @@ Each of the MBAM Server features has specific prerequisites that must be met bef
 
 
 
- 
 
-**Note**  
+
+**Note**  
 For a list of supported operating systems, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md).
 
- 
+
 
 ### Prerequisites for the Compliance and Audit Reports
 
@@ -111,7 +114,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
          Supported version of SQL Server
          
-
          See [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) for supported versions.
          
+
          See MBAM 2.0 Supported Configurations for supported versions.
          
 
          Install SQL Server with:
          
 
            
 
          • SQL_Latin1_General_CP1_CI_AS collation
            • 
@@ -133,7 +136,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
- 
+
 
 ### Prerequisites for the Recovery Database
 
@@ -151,7 +154,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
            Supported version of SQL Server
            
-
            See [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) for supported versions.
            
+
            See MBAM 2.0 Supported Configurations for supported versions.
            
 
            Install SQL Server with:
            
 
              
 
            • SQL_Latin1_General_CP1_CI_AS collation
              • 
@@ -176,20 +179,19 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
              Optional - Install Transparent Data Encryption (TDE) feature available in SQL Server
              
-
              The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.
              
+
              The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.
              
 
              
-Note  
-
              TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.
              
+Note
              TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.
              
 
              
 
              
- 
+
 
              
-
              More about TDE: [MBAM 2.0 Security Considerations](mbam-20-security-considerations-mbam-2.md).
              
+
              More about TDE: MBAM 2.0 Security Considerations.
              
 
 
 
 
- 
+
 
 ### Prerequisites for the Compliance and Audit Database
 
@@ -207,7 +209,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
              Supported version of SQL Server
              
-
              See [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) for supported versions.
              
+
              See MBAM 2.0 Supported Configurations for supported versions.
              
 
              Install SQL Server with:
              
 
                
 
              • SQL_Latin1_General_CP1_CI_AS collation
                • 
@@ -232,15 +234,14 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
                Optional - Install Transparent Data Encryption (TDE) feature in SQL Server.
                
-
                The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.
                
+
                The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.
                
 
                
-Note  
-
                TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.
                
+Note
                TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.
                
 
                
 
                
- 
+
 
                
-
                More about TDE: [MBAM 2.0 Security Considerations](mbam-20-security-considerations-mbam-2.md)
                
+
                More about TDE: MBAM 2.0 Security Considerations
                
 
 
 
                SQL Server must have Database Engine Services installed and running during MBAM Server installation.
                
@@ -253,7 +254,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
- 
+
 
 ### Prerequisites for the Self-Service Portal
 
@@ -271,12 +272,12 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
                Supported version of Windows Server
                
-
                See [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) for supported versions.
                
+
                See MBAM 2.0 Supported Configurations for supported versions.
                
 
                
 
 
 
                ASP.NET MVC 2.0
                
-
                [ASP.NET MVC 2 download](https://go.microsoft.com/fwlink/?LinkId=392270)
                
+
                ASP.NET MVC 2 download
                
 
 
 
                Web Service IIS Management Tools
                
@@ -285,7 +286,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 
 
- 
+
 
 ## Prerequisites for MBAM Clients
 
@@ -311,24 +312,23 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
                For more information, see the BIOS documentation.
                
 
 
-
                Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).
                
+
                Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning.
                
 
                  
 
                • TPM auto-provisioning must be turned off.
                  • 
 
                • MBAM must be set as the owner of the TPM before you deploy MBAM.
                  • 
 
                
-
                To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).
                
+
                To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning.
                
 
                
-Note  
-
                Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.
                
+Note
                Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.
                
 
                
 
                
- 
+
 
                
 
 
 
 
- 
+
 
 ## Related topics
 
@@ -337,9 +337,9 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 
 [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md b/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md
index 0b31b7f6a2..00ef5df75b 100644
--- a/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Planning Checklist
 description: MBAM 2.0 Planning Checklist
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 16b27c27-5f5e-41e2-b526-89a036672fb8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ This checklist can be used to help you plan for preparing your computing environ
 **Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when planning for an Microsoft BitLocker Administration and Monitoring deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+ 
 
 @@ -40,64 +43,64 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
                
 

                
 Checklist box
 
                Review the getting started information about MBAM to gain a basic understanding of the product before beginning deployment planning.
                [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
                Getting Started with MBAM 2.0
                		
 
                		
 
                
 
                
 Checklist box
 
                Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment.
                [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
                MBAM 2.0 Deployment Prerequisites
                		
 
                		
 
                
 
                
 Checklist box
 
                Plan for and configure MBAM Group Policy requirements.
                [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md)
                Planning for MBAM 2.0 Group Policy Requirements
                		
 
                		
 
                
 
                
 Checklist box
 
                Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
                [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md)
                Planning for MBAM 2.0 Administrator Roles
                		
 
                		
 
                
 
                
 Checklist box
 
                Review the MBAM 2.0 Supported Configurations documentation to ensure that hardware that meets MBAM installation system requirements is available.
                [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
                MBAM 2.0 Supported Configurations
                		
 
                		
 
                
 
                
 Checklist box
 
                Plan for deploying MBAM Server feature deployment.
                [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md)
                Planning for MBAM 2.0 Server Deployment
                		
 
                		
 
                
 
                
 Checklist box
 
                Plan for deploying MBAM Client deployment.
                [Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md)
                Planning for MBAM 2.0 Client Deployment
                		
 
                		
 
                
 
                
 Checklist box
 
                Validate your deployment plan in a test environment.
                [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)
                Evaluating MBAM 2.0
                		
 
                		
 
                
                 
 
                
 
- 
+ 
 
 ## Related topics
 
 
 [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
index 113fd20178..cee951bd2f 100644
--- a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Privacy Statement
 description: MBAM 2.0 Privacy Statement
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fce72ad4-a837-4d17-8d3b-4d93f1a399be
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
index 17b527d4b9..72c655763d 100644
--- a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Security Considerations
 description: MBAM 2.0 Security Considerations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0aa5c6e2-d92c-4e30-9f6a-b48abb667ae5
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -79,7 +82,7 @@ No Active Directory groups are created automatically during the MBAM setup proce
 
 
 
- 
+ 
 
 ###  MBAM Server Local Groups
 
@@ -124,7 +127,7 @@ MBAM Setup creates local groups to support MBAM operations. You should add the A
 
 
 
- 
+ 
 
 ### SSRS Reports Service Account
 
@@ -135,7 +138,7 @@ When you configure the SSRS Reports service account, specify a domain user accou
 **Note**  
 If you change the name of the service account after you deploy MBAM, you must reconfigure the reporting data source to use the new service account credentials. Otherwise, you will not be able to access the Help Desk Portal.
 
- 
+ 
 
 ##  MBAM Log Files
 
@@ -144,7 +147,7 @@ The following MBAM Setup log files are created in the installing user’s %temp%
 
 **MBAM Server Setup log files**
 
-MSI*<five random characters>*.log  
+MSI<five random characters>.log  
 Logs the actions taken during MBAM Setup and MBAM Server Feature installation.
 
 InstallComplianceDatabase.log  
@@ -168,11 +171,11 @@ Logs actions taken to authorize web services to the MBAM Recovery database for k
 **Note**  
 In order to obtain additional MBAM Setup log files, you have to install MBAM by using the msiexec package and the /L <location> option. Log files are created in the location specified.
 
- 
+ 
 
 **MBAM Client Setup log files**
 
-MSI*<five random characters>*.log  
+MSI<five random characters>.log  
 Logs the actions taken during MBAM Client installation.
 
 ##  MBAM Database TDE Considerations
@@ -193,9 +196,9 @@ For more information about TDE in SQL Server 2008, see [SQL Server Encryption](
 
 [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
index 6daffd3739..403a3d2d2a 100644
--- a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.0 Supported Configurations
 description: MBAM 2.0 Supported Configurations
-author: jamiejdt
+author: msfttracyp
 ms.assetid: dca63391-39fe-4273-a570-76d0a2f8a0fd
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ The recommended configuration for running MBAM in a production environment is wi
 **Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+ 
 
 ##  MBAM Server System Requirements
 
@@ -63,12 +66,12 @@ The following table lists the operating systems that are supported for the Micro
 
 
 
- 
+ 
 
 **Note**  
 There is no support for installing MBAM services, reports, or databases on a domain controller computer.
 
- 
+ 
 
 ### Server Processor, RAM, and Disk Space Requirements
 
@@ -104,7 +107,7 @@ There is no support for installing MBAM services, reports, or databases on a dom
 
 
 
- 
+ 
 
 ### SQL Server Database Requirements
 
@@ -113,7 +116,7 @@ The following table lists the SQL Server versions that are supported for the Ad
 **Note**  
 MBAM does not natively support SQL clustering, mirroring, or Availability Groups. To install the databases, you must run the MBAM Server installation on a stand-alone SQL server.
 
- 
+ 
 
 @@ -146,7 +149,7 @@ MBAM does not natively support SQL clustering, mirroring, or Availability Groups
 
                
 

 
                
 
- 
+ 
 
 @@ -180,7 +183,7 @@ MBAM does not natively support SQL clustering, mirroring, or Availability Groups
 
                
 

 
                
 
- 
+ 
 
 ##  MBAM Client System Requirements
 
@@ -226,7 +229,7 @@ The following table lists the operating systems that are supported for Microsoft
 
 
 
- 
+ 
 
 ### Client RAM Requirements
 
@@ -280,7 +283,7 @@ The following table lists the operating systems that are supported for Microsoft
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -289,9 +292,9 @@ The following table lists the operating systems that are supported for Microsoft
 
 [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md b/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md
index 28b734eb4c..c66f0cea07 100644
--- a/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring and Reporting BitLocker Compliance with MBAM 2.0
 description: Monitoring and Reporting BitLocker Compliance with MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 0b9ba701-0aad-4e16-9b32-73d358047ccc
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md b/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md
index 0d40b11e54..a82ac9a07c 100644
--- a/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for MBAM 2.0
 description: Operations for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: ece72016-4ffa-48df-8c12-1e442ee9e980
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md b/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md
index db4931a08f..218286507e 100644
--- a/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md
+++ b/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Performing BitLocker Management with MBAM
 description: Performing BitLocker Management with MBAM
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 9bfc6c67-f12c-4daa-8f08-5884fb47443c
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md
index f45551b51c..129b9e694f 100644
--- a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md
+++ b/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.0 Administrator Roles
 description: Planning for MBAM 2.0 Administrator Roles
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 6f813297-6479-42d3-a21b-896d54466b5b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -34,16 +37,16 @@ Administrators in this role have increased access to the Help Desk features from
 **Important**  
 To view reports, an administrative user must be a member of the **MBAM Report Users** security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports feature. As a best practice, create a security group in Active Directory Domain Services with rights on the local **MBAM Report Users** security group on both the Administration and Monitoring Server and the server that hosts the Compliance and Audit Reports.
 
- 
+ 
 
 ## Related topics
 
 
 [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md
index 41837ee12a..b2f00742d9 100644
--- a/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md
+++ b/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.0 Client Deployment
 description: Planning for MBAM 2.0 Client Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 3a92cf29-092f-4cad-bdfa-d5f6aafe554b
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ If you deploy MBAM with the Configuration Manager topology, you can use Configur
 **Note**  
 Windows To Go is not supported for integrated Configuration Manager installations of MBAM if you are using Configuration Manager 2007.
 
- 
+ 
 
 ## Deploying the MBAM Client to Enable BitLocker Encryption After Computer Distribution to End Users
 
@@ -35,7 +38,7 @@ When you deploy the MBAM Client after you distribute computers to client compute
 **Note**  
 In this approach, users who have computers with a TPM chip are prompted to activate and initialize the TPM chip if the chip has not been previously activated.
 
- 
+ 
 
 ## Using the MBAM Client to Enable BitLocker Encryption Before Computer Distribution to End Users
 
@@ -47,7 +50,7 @@ If your organization wants to use the TPM chip to encrypt computers, the adminis
 **Note**  
 The TPM protector option requires the administrator to accept the BIOS prompt to activate and initialize the TPM before the computer is delivered to the user.
 
- 
+ 
 
 ## Related topics
 
@@ -56,9 +59,9 @@ The TPM protector option requires the administrator to accept the BIOS prompt to
 
 [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md
index 2589044572..cb5cb89526 100644
--- a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md
+++ b/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.0 Group Policy Requirements
 description: Planning for MBAM 2.0 Group Policy Requirements
-author: jamiejdt
+author: msfttracyp
 ms.assetid: f5e19dcb-eb15-4722-bb71-0734b3799eb8
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -22,10 +25,10 @@ MBAM supports the following types of BitLocker protectors for fixed data drives:
 
 The numeric password protector is applied automatically as part of volume encryption and does not need to be configured.
 
-**Important**  
+**Important**  
 The default Windows BitLocker drive encryption Group Policy Object (GPO) settings are not used by MBAM and can cause conflicting behavior if they are enabled. To enable MBAM to manage BitLocker, you must define the MBAM Group Policy settings only after installing the MBAM Group Policy template.
 
- 
+
 
 Enhanced startup PINs can contain characters, such as uppercase and lowercase letters, and numbers. Unlike BitLocker, MBAM does not support the use of symbols and spaces for enhanced PINs.
 
@@ -33,10 +36,10 @@ Install the MBAM Group Policy template on a computer that is capable of running
 
 The MDOP MBAM (BitLocker Management) GPO node contains four global policy settings and four child GPO settings nodes: Client Management, Fixed Drive, Operating System Drive, and Removable Drive. The following sections provide policy definitions and suggested policy settings to assist you in planning for MBAM GPO policy setting requirements.
 
-**Note**  
+**Note**  
 For more information about configuring the minimum, recommended GPO settings to enable MBAM to manage BitLocker encryption, see [How to Edit MBAM 2.0 GPO Settings](how-to-edit-mbam-20-gpo-settings-mbam-2.md).
 
- 
+
 
 ## Global Policy Definitions
 
@@ -83,7 +86,7 @@ This section describes MBAM Global policy definitions found at the following GPO
 
 
 
- 
+
 
 ## Client Management Policy Definitions
 
@@ -118,14 +121,13 @@ This section describes Client Management policy definitions for Microsoft BitLoc
 
                Configure user exemption policy
                
 
                Suggested Configuration: Not Configured
                
 
                This policy setting lets you configure a web site address, email address, or phone number that will instruct a user to request an exemption from BitLocker encryption.
                
-
                If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog that gives them instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md).
                
+
                If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog that gives them instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.
                
 
                If you either disable or do not configure this policy setting, the exemption request instructions will not be presented to users.
                
 
                
-Note  
-
                User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer will be encrypted.
                
+Note
                User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer will be encrypted.
                
 
                
 
                
- 
+
 
                
 
 
@@ -138,7 +140,7 @@ This section describes Client Management policy definitions for Microsoft BitLoc
 
 
 
- 
+
 
 ##  Fixed Drive Policy Definitions
 
@@ -202,7 +204,7 @@ This section describes Fixed Drive policy definitions for Microsoft BitLocker Ad
 
 
 
- 
+
 
 ## Operating System Drive Policy Definitions
 
@@ -230,7 +232,7 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
              • Allow Standby States (S1-S3) When Sleeping (Plugged In)
                • 
 
              • Allow Standby States (S1-S3) When Sleeping (On Battery)
                • 
 
              
-
              If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.
              
+
              If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.
              
 
              On a computer with a compatible TPM, two types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require the entry of a personal identification number (PIN).
              
 
              If you enable this policy setting, users have to put the operating system drive under BitLocker protection, and the drive will be encrypted.
              
 
              If you disable this policy, users will not be able to put the operating system drive under BitLocker protection. If you apply this policy after the operating system drive is encrypted, the drive will be decrypted.
              
@@ -252,7 +254,7 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
 
 
- 
+
 
 ## Removable Drive Policy Definitions
 
@@ -309,16 +311,16 @@ This section describes Removable Drive Policy definitions for Microsoft BitLocke
 
 
 
- 
+
 
 ## Related topics
 
 
 [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md
index 0be6ff9603..f872aba1de 100644
--- a/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.0
 description: Planning for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 1206bd18-05ea-4ca8-9362-07e512503c3f
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md
index 73292042ec..65b9bccf65 100644
--- a/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md
+++ b/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.0 Server Deployment
 description: Planning for MBAM 2.0 Server Deployment
-author: jamiejdt
+author: msfttracyp
 ms.assetid: b57f1a42-134f-4997-8697-7fbed08e2fc4
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructu
 **Note**  
 Installations of Microsoft BitLocker Administration and Monitoring on a single server are recommended only for test environments.
 
- 
+ 
 
 ## Planning for MBAM Server Deployment
 
@@ -66,7 +69,7 @@ To deploy MBAM features on multiple servers, you have to install the features in
 **Note**  
 Keep track of the names of the computers on which you install each feature. You have to use this information throughout the installation process. You can print and use a deployment checklist to assist in this effort. For more information about the MBAM Deployment Checklist, see [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md).
 
- 
+ 
 
 ## Related topics
 
@@ -75,9 +78,9 @@ Keep track of the names of the computers on which you install each feature. You
 
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md
index 5a04a9f727..e825d97948 100644
--- a/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy MBAM 2.0
 description: Planning to Deploy MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 2dc05fcd-aed9-4315-aeaf-92aaa9e0e955
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ The MBAM Server infrastructure depends on a set of server features that can be i
 **Note**  
 An MBAM installation on a single server is recommended only for lab environments.
 
- 
+ 
 
 The MBAM Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an enterprise software delivery system or by installing the client agent on client computers as part of the initial imaging process.
 
@@ -46,9 +49,9 @@ With MBAM, you can encrypt a computer in your organization either before the end
 
 [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
index 34909723c3..a125cec907 100644
--- a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
+++ b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy MBAM with Configuration Manager
 description: Planning to Deploy MBAM with Configuration Manager
-author: jamiejdt
+author: msfttracyp
 ms.assetid: fb768306-48c2-40b4-ac4e-c279db987391
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 08/30/2016
 
 To deploy MBAM with the Configuration Manager topology, a three-server architecture, which supports 200,000 clients, is recommended. Use a separate server to run Configuration Manager, and install the basic Administration and Monitoring features on two servers, as shown in the architecture image in [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md).
 
-**Important**  
+**Important**  
 Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007.
 
- 
+
 
 ## Deployment Prerequisites for Installing MBAM with Configuration Manager
 
@@ -44,23 +47,23 @@ Ensure that you have met the following prerequisites before you install MBAM wit
 
 
 
              Enable the Hardware Inventory Client Agent on the Configuration Manager Server.
              
-
              For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).
              
-
              For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).
              
+
              For Configuration Manager 2007, see How to Configure Hardware Inventory for a Site.
              
+
              For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager.
              
 
 
 
              Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using.
              
-
              For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).
              
-
              For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).
              
+
              For Configuration Manager 2007, enable the see Desired Configuration Management Client Agent Properties.
              
+
              For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager.
              
 
 
 
              Define a reporting services point in Configuration Manager. Required for SQL Reporting Services.
              
-
              For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).
              
-
              For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).
              
+
              For Configuration Manager 2007, see How to Create a Reporting Services Point for SQL Reporting Services.
              
+
              For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager.
              
 
 
 
 
- 
+
 
 ##  Configuration Manager Supported Versions
 
@@ -86,22 +89,21 @@ MBAM supports the following versions of Configuration Manager:
 
              SP1 or later
              
 
              64-bit
              
 
              
-Note  
-
              Although Configuration Manager 2007 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.
              
+Note
              Although Configuration Manager 2007 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.
              
 
              
 
              
- 
+
 
              
 
 
-
              Microsoft System Center 2012 Configuration Manager
              
+
              Microsoft System Center 2012 Configuration Manager
              
 
              SP1
              
 
              64-bit
              
 
 
 
 
- 
+
 
 For a list of supported configurations for the Configuration Manager Server, see the appropriate webpage for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server.
 
@@ -147,9 +149,9 @@ The following table lists the server processor, RAM, and disk space requirements
 
 
 
- 
 
-## SQL Server Processor, RAM, and Disk Space Requirements
+
+## SQL Server Processor, RAM, and Disk Space Requirements
 
 
 The following table lists the server processor, RAM, and disk space requirements for the SQL Server computer when you are using the Configuration Manager Integration topology.
@@ -186,7 +188,7 @@ The following table lists the server processor, RAM, and disk space requirements
 
 
 
- 
+
 
 ## Required permissions to install the MBAM Server
 
@@ -216,9 +218,9 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
 
 
- 
 
-**System Center 2012 Configuration Manager**
+
+**System Center 2012 Configuration Manager**
 
 @@ -247,7 +249,7 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
              
 

 
              
 
- 
+
 
 **Configuration Manager 2007**
 
@@ -278,7 +280,7 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
 
 
- 
+
 
 ## Order of Deployment of MBAM Features for the Configuration Manager Topology
 
@@ -319,7 +321,7 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 Checklist box
 
              Review the getting started information, which describes how Configuration Manager works with MBAM and shows the recommended high-level architecture.
              
-
              [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md)
              
+
              Getting Started - Using MBAM with Configuration Manager
              
 
              
 
 
@@ -331,34 +333,34 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 Checklist box
 
              Plan for and configure MBAM Group Policy requirements.
              
-
              [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md)
              
+
              Planning for MBAM 2.0 Group Policy Requirements
              
 
              
 
 
 Checklist box
-
              Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
              
-
              [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md)
              
+
              Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.
              
+
              Planning for MBAM 2.0 Administrator Roles
              
 
              
 
 
 Checklist box
 
              Plan for deploying MBAM Client deployment.
              
-
              [Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md)
              
+
              Planning for MBAM 2.0 Client Deployment
              
 
              
 
 
 
 
- 
+
 
 ## Related topics
 
 
 [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md b/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md
index 98e75c6262..ac91e39c60 100644
--- a/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing your Environment for MBAM 2.0
 description: Preparing your Environment for MBAM 2.0
-author: jamiejdt
+author: msfttracyp
 ms.assetid: 5fb01da9-620e-4992-9e54-2ed3fb69e6af
+ms.reviewer: 
+manager: dansimp
+ms.author: tracyp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -28,7 +31,7 @@ To ensure successful installation of MBAM Clients and MBAM Server features, ensu
 **Note**  
 MBAM Setup checks that all prerequisites are met before installation starts. If all prerequisites are not met, Setup will fail.
 
- 
+ 
 
 [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
 
@@ -40,7 +43,7 @@ Before MBAM can manage clients in the enterprise, you must define Group Policy f
 **Important**  
 MBAM will not work with policies for stand-alone BitLocker drive encryption. Group Policy settings must be defined for MBAM, or BitLocker encryption and enforcement will fail.
 
- 
+ 
 
 [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md)
 
@@ -58,9 +61,9 @@ The membership of Microsoft BitLocker Administration and Monitoring roles can be
 
 [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md b/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md
index 098ae2f798..c67aa2acee 100644
--- a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for MBAM 2.0
 description: Release Notes for MBAM 2.0
-author: jamiejdt
+author: dansimp
 ms.assetid: c3f16cf3-94f2-47ac-b3a4-3dc505c6a8dd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -196,96 +199,96 @@ This section contains hotfixes and KB articles for MBAM 2.0.
 
 
              2831166
              
 
              Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"
              
-
              [support.microsoft.com/kb/2831166/EN-US](https://support.microsoft.com/kb/2831166/EN-US)
              
+
              support.microsoft.com/kb/2831166/EN-US
              
 
 
 
              2870849
              
 
              Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal
              
-
              [support.microsoft.com/kb/2870849/EN-US](https://support.microsoft.com/kb/2870849/EN-US)
              
+
              support.microsoft.com/kb/2870849/EN-US
              
 
 
 
              2756402
              
 
              MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description
              
-
              [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)
              
+
              support.microsoft.com/kb/2756402/EN-US
              
 
 
 
              2620287
              
 
              Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM
              
-
              [support.microsoft.com/kb/2620287/EN-US](https://support.microsoft.com/kb/2620287/EN-US)
              
+
              support.microsoft.com/kb/2620287/EN-US
              
 
 
 
              2639518
              
 
              Error opening Enterprise or Computer Compliance Reports in MBAM
              
-
              [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)
              
+
              support.microsoft.com/kb/2639518/EN-US
              
 
 
 
              2620269
              
 
              MBAM Enterprise Reporting Not Getting Updated
              
-
              [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)
              
+
              support.microsoft.com/kb/2620269/EN-US
              
 
 
 
              2712461
              
 
              Installing MBAM on a Domain Controller is not supported
              
-
              [support.microsoft.com/kb/2712461/EN-US](https://support.microsoft.com/kb/2712461/EN-US)
              
+
              support.microsoft.com/kb/2712461/EN-US
              
 
 
 
              2876732
              
 
              You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0
              
-
              [support.microsoft.com/kb/2876732/EN-US](https://support.microsoft.com/kb/2876732/EN-US)
              
+
              support.microsoft.com/kb/2876732/EN-US
              
 
 
 
              2754259
              
 
              MBAM and Secure Network Communication
              
-
              [support.microsoft.com/kb/2754259/EN-US](https://support.microsoft.com/kb/2754259/EN-US)
              
+
              support.microsoft.com/kb/2754259/EN-US
              
 
 
 
              2870842
              
 
              MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008
              
-
              [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)
              
+
              support.microsoft.com/kb/2870842/EN-US
              
 
 
 
              2668533
              
 
              MBAM Setup fails if SQL SSRS is not configured properly
              
-
              [support.microsoft.com/kb/2668533/EN-US](https://support.microsoft.com/kb/2668533/EN-US)
              
+
              support.microsoft.com/kb/2668533/EN-US
              
 
 
 
              2870847
              
-
              MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"
              
-
              [support.microsoft.com/kb/2870847/EN-US](https://support.microsoft.com/kb/2870847/EN-US)
              
+
              MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"
              
+
              support.microsoft.com/kb/2870847/EN-US
              
 
 
 
              2870839
              
 
              MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure
              
-
              [support.microsoft.com/kb/2870839/EN-US](https://support.microsoft.com/kb/2870839/EN-US)
              
+
              support.microsoft.com/kb/2870839/EN-US
              
 
 
 
              2620269
              
 
              MBAM Enterprise Reporting Not Getting Updated
              
-
              [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)
              
+
              support.microsoft.com/kb/2620269/EN-US
              
 
 
 
              2935997
              
 
              MBAM Supported Computers compliance reporting incorrectly includes unsupported products
              
-
              [support.microsoft.com/kb/2935997/EN-US](https://support.microsoft.com/kb/2935997/EN-US)
              
+
              support.microsoft.com/kb/2935997/EN-US
              
 
 
 
              2612822
              
 
              Computer Record is Rejected in MBAM
              
-
              [support.microsoft.com/kb/2612822/EN-US](https://support.microsoft.com/kb/2612822/EN-US)
              
+
              support.microsoft.com/kb/2612822/EN-US
              
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [About MBAM 2.0](about-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
index 2dd39e48fb..003c3164cc 100644
--- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
+++ b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for MBAM 2.0 SP1
 description: Release Notes for MBAM 2.0 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: b39002ba-33c6-45ec-9d1b-464327b60f5c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -34,7 +37,7 @@ If you are using MBAM with Configuration Manager, and you want to upgrade to MBA
     **Note**  
     All existing BitLocker compliance data will be deleted when you delete the existing baseline in Configuration Manager. The data will be regenerated over time, but it is recommended that you save a copy of the data in case you need the compliance data for a particular computer before the compliance data has been regenerated.
 
-     
+     
 
     1.  To save historical BitLocker compliance data, open the **BitLocker Enterprise Compliance Details** Report.
 
@@ -144,96 +147,96 @@ This section contains hotfixes and KB articles for MBAM 2.0 SP1.
 
 
              2831166
              
 
              Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"
              
-
              [support.microsoft.com/kb/2831166/EN-US](https://support.microsoft.com/kb/2831166/EN-US)
              
+
              support.microsoft.com/kb/2831166/EN-US
              
 
 
 
              2870849
              
 
              Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal
              
-
              [support.microsoft.com/kb/2870849/EN-US](https://support.microsoft.com/kb/2870849/EN-US)
              
+
              support.microsoft.com/kb/2870849/EN-US
              
 
 
 
              2756402
              
 
              MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description
              
-
              [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)
              
+
              support.microsoft.com/kb/2756402/EN-US
              
 
 
 
              2620287
              
 
              Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM
              
-
              [support.microsoft.com/kb/2620287/EN-US](https://support.microsoft.com/kb/2620287/EN-US)
              
+
              support.microsoft.com/kb/2620287/EN-US
              
 
 
 
              2639518
              
 
              Error opening Enterprise or Computer Compliance Reports in MBAM
              
-
              [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)
              
+
              support.microsoft.com/kb/2639518/EN-US
              
 
 
 
              2620269
              
 
              MBAM Enterprise Reporting Not Getting Updated
              
-
              [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)
              
+
              support.microsoft.com/kb/2620269/EN-US
              
 
 
 
              2712461
              
 
              Installing MBAM on a Domain Controller is not supported
              
-
              [support.microsoft.com/kb/2712461/EN-US](https://support.microsoft.com/kb/2712461/EN-US)
              
+
              support.microsoft.com/kb/2712461/EN-US
              
 
 
 
              2876732
              
 
              You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0
              
-
              [support.microsoft.com/kb/2876732/EN-US](https://support.microsoft.com/kb/2876732/EN-US)
              
+
              support.microsoft.com/kb/2876732/EN-US
              
 
 
 
              2754259
              
 
              MBAM and Secure Network Communication
              
-
              [support.microsoft.com/kb/2754259/EN-US](https://support.microsoft.com/kb/2754259/EN-US)
              
+
              support.microsoft.com/kb/2754259/EN-US
              
 
 
 
              2870842
              
 
              MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008
              
-
              [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)
              
+
              support.microsoft.com/kb/2870842/EN-US
              
 
 
 
              2668533
              
 
              MBAM Setup fails if SQL SSRS is not configured properly
              
-
              [support.microsoft.com/kb/2668533/EN-US](https://support.microsoft.com/kb/2668533/EN-US)
              
+
              support.microsoft.com/kb/2668533/EN-US
              
 
 
 
              2870847
              
-
              MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"
              
-
              [support.microsoft.com/kb/2870847/EN-US](https://support.microsoft.com/kb/2870847/EN-US)
              
+
              MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"
              
+
              support.microsoft.com/kb/2870847/EN-US
              
 
 
 
              2870839
              
 
              MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure
              
-
              [support.microsoft.com/kb/2870839/EN-US](https://support.microsoft.com/kb/2870839/EN-US)
              
+
              support.microsoft.com/kb/2870839/EN-US
              
 
 
 
              2620269
              
 
              MBAM Enterprise Reporting Not Getting Updated
              
-
              [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)
              
+
              support.microsoft.com/kb/2620269/EN-US
              
 
 
 
              2935997
              
 
              MBAM Supported Computers compliance reporting incorrectly includes unsupported products
              
-
              [support.microsoft.com/kb/2935997/EN-US](https://support.microsoft.com/kb/2935997/EN-US)
              
+
              support.microsoft.com/kb/2935997/EN-US
              
 
 
 
              2612822
              
 
              Computer Record is Rejected in MBAM
              
-
              [support.microsoft.com/kb/2612822/EN-US](https://support.microsoft.com/kb/2612822/EN-US)
              
+
              support.microsoft.com/kb/2612822/EN-US
              
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [About MBAM 2.0 SP1](about-mbam-20-sp1.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md b/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md
index 129cb910ad..8b5396b89e 100644
--- a/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Privacy for MBAM 2.0
 description: Security and Privacy for MBAM 2.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 1b2859f8-2381-4ad7-8744-2caed88570ad
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
index 3a808cbed7..6c66308f9f 100644
--- a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MBAM 2.0
 description: Troubleshooting MBAM 2.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 43933ec7-b5b8-49c5-813f-4c06aa7314ed
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md b/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md
index c4acba5af7..a5bd540199 100644
--- a/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md
+++ b/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md
@@ -1,8 +1,11 @@
 ---
 title: Understanding MBAM Reports in Configuration Manager
 description: Understanding MBAM Reports in Configuration Manager
-author: jamiejdt
+author: dansimp
 ms.assetid: b2582190-c9de-4e64-bd5a-f31ac1916f53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -142,7 +145,7 @@ This report shows information about the overall BitLocker compliance across your
 
 
 
- 
+ 
 
 **BitLocker Enterprise Compliance Details Report - Compliance States**
 
@@ -173,7 +176,7 @@ This report shows information about the overall BitLocker compliance across your
 
 
 
- 
+ 
 
 ### BitLocker Enterprise Compliance Summary Report
 
@@ -240,7 +243,7 @@ Use this report type to show information about the overall BitLocker compliance
 
 
 
- 
+ 
 
 **BitLocker Enterprise Compliance Summary Report - Computer Details**
 
@@ -287,7 +290,7 @@ Use this report type to show information about the overall BitLocker compliance
 
 
 
- 
+ 
 
 ### BitLocker Computer Compliance Report
 
@@ -296,7 +299,7 @@ Use this report type to collect information that is specific to a computer. The
 **Note**  
 Removable Data Volume encryption status is not shown in the report.
 
- 
+ 
 
 **BitLocker Computer Compliance Report – Computer Details Fields**
 
@@ -387,7 +390,7 @@ Removable Data Volume encryption status is not shown in the report.
 
 
 
- 
+ 
 
 **BitLocker Computer Compliance Report – Computer Volume Fields**
 
@@ -430,16 +433,16 @@ Removable Data Volume encryption status is not shown in the report.
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md b/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md
index 7dffbbbb92..731bc11158 100644
--- a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md
+++ b/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md
@@ -1,8 +1,11 @@
 ---
 title: Understanding MBAM Reports
 description: Understanding MBAM Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: 8778f333-760e-4f26-acb4-4e73b6fbb536
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ If you chose the Stand-alone topology when you installed Microsoft BitLocker Adm
 **Note**  
 If you chose the Configuration Manager topology when you installed Microsoft BitLocker Administration and Monitoring (MBAM), reports are generated from Configuration Manager rather than from MBAM. For more information about reports that are run from Configuration Manager, see [Understanding MBAM Reports in Configuration Manager](understanding-mbam-reports-in-configuration-manager.md).
 
- 
+ 
 
 ## Understanding Reports
 
@@ -67,7 +70,7 @@ Use this report type to collect information on overall BitLocker compliance in y
 
 
 
- 
+ 
 
 **Enterprise Compliance Report Compliance States**
 
@@ -102,7 +105,7 @@ Use this report type to collect information on overall BitLocker compliance in y
 
 
 
- 
+ 
 
 ### Computer Compliance Report
 
@@ -113,7 +116,7 @@ This report can be viewed by clicking the computer name in the Enterprise Compli
 **Note**  
 Removable Data Volume encryption status will not be shown in the report.
 
- 
+ 
 
 **Computer Compliance Report Fields**
 
@@ -188,7 +191,7 @@ Removable Data Volume encryption status will not be shown in the report.
 
 
 
- 
+ 
 
 **Computer Compliance Report Drive Fields**
 
@@ -239,7 +242,7 @@ Removable Data Volume encryption status will not be shown in the report.
 
 
 
- 
+ 
 
 ### Recovery Audit Report
 
@@ -301,21 +304,21 @@ Use this report type to audit users who have requested access to recovery keys.
 
 
 
- 
+ 
 
 **Note**  
 Report results can be saved to a file by clicking the **Export** button on the reports menu bar. For more information about how to run MBAM reports, see [How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-2.md).
 
- 
+ 
 
 ## Related topics
 
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md b/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md
index 71aedb9209..7b3884f5c8 100644
--- a/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md
+++ b/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md
@@ -1,8 +1,11 @@
 ---
 title: Upgrading from Previous Versions of MBAM
 description: Upgrading from Previous Versions of MBAM
-author: jamiejdt
+author: dansimp
 ms.assetid: 73b425cf-9cd9-4ebc-a35e-1b3bf18596ce
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -80,7 +83,7 @@ Use the following instructions to upgrade from a previous version of MBAM when y
     **Note**  
     The certificate must be created before this step to enable you to select it on this page.
 
-     
+     
 
 8.  On the **Configure the location of the Compliance Status database** page, specify the SQL Server instance name and the name of the database that stores the compliance and audit data. You must also specify where the database files and log information will be located.
 
@@ -99,7 +102,7 @@ Use the following instructions to upgrade from a previous version of MBAM when y
     **Note**  
     The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name.
 
-     
+     
 
 15. On the **Configure the Administration and Monitoring Server** page, specify the desired virtual directory for the Help Desk website.
 
@@ -127,9 +130,9 @@ To validate the Client upgrade, do the following:
 
 [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/using-mbam-with-configuration-manager.md b/mdop/mbam-v2/using-mbam-with-configuration-manager.md
index 80e6d97c23..065e2ffd49 100644
--- a/mdop/mbam-v2/using-mbam-with-configuration-manager.md
+++ b/mdop/mbam-v2/using-mbam-with-configuration-manager.md
@@ -1,8 +1,11 @@
 ---
 title: Using MBAM with Configuration Manager
 description: Using MBAM with Configuration Manager
-author: jamiejdt
+author: dansimp
 ms.assetid: 03868717-4aa7-4897-8166-9a3df5e9519e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ This integration moves the Microsoft BitLocker Administration and Monitoring com
 **Important**  
 Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007.
 
- 
+ 
 
 ## Getting Started – Using MBAM with Configuration Manager
 
@@ -56,9 +59,9 @@ This section describes the MBAM reports that you can run from Configuration Mana
 
 [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v2/using-your-pin-or-password.md b/mdop/mbam-v2/using-your-pin-or-password.md
index 200bfc060d..cdf27ed7a0 100644
--- a/mdop/mbam-v2/using-your-pin-or-password.md
+++ b/mdop/mbam-v2/using-your-pin-or-password.md
@@ -1,8 +1,11 @@
 ---
 title: Using Your PIN or Password
 description: Using Your PIN or Password
-author: jamiejdt
+author: dansimp
 ms.assetid: 7fe2aef4-d3e0-49c8-877d-7fee13dc5b7b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ The password is used to unlock drives on your computer that do not contain the o
 **Note**  
 Your Help Desk may set drives to unlock automatically. This eliminates the need to provide a PIN or password to view the information on the drives.
 
- 
+ 
 
 ## Unlocking Your Computer if You Forget Your PIN or Password
 
@@ -68,9 +71,9 @@ Before you can change the password on a BitLocker protected drive, you must unlo
 
     -   To change your password, select **Manage Your Password**. Enter your new password into both fields and select **Reset Password**.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index dacedac502..e9fefc297b 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About MBAM 2.5 SP1
 description: About MBAM 2.5 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: 6f12e605-44e6-4646-9c20-aee89c8ff0b7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -48,7 +51,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 **Note**  
 BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
- 
+ 
 
 ## What’s new in MBAM 2.5 SP1
 
@@ -126,7 +129,7 @@ The Windows team has backported FIPS-compliant recovery keys with a hotfix, and
 **Note**  
 Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
 
- 
+ 
 
 To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
 
@@ -240,9 +243,9 @@ For more information and late-breaking news that is not included in this documen
 
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md
index cbde231c72..e379ef1ec5 100644
--- a/mdop/mbam-v25/about-mbam-25.md
+++ b/mdop/mbam-v25/about-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: About MBAM 2.5
 description: About MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 1ce218ec-4d2e-4a75-8d1a-68d737a8f3c9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -48,7 +51,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 **Note**  
 BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
- 
+ 
 
 ## What’s new in MBAM 2.5
 
@@ -66,7 +69,7 @@ The MBAM Group Policy Templates must be downloaded separately from the MBAM inst
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the BitLocker Drive Encryption settings for you.
 
- 
+ 
 
 The template files that you need to copy to a server or workstation are:
 
@@ -80,59 +83,59 @@ The template files that you need to copy to a server or workstation are:
 
 Copy the template files to the location that best meets your needs. For the language-specific files, which must be copied to a language-specific folder, the Group Policy Management Console is required to view the files.
 
--   To install the template files locally on a server or workstation, copy the files to one of the following locations.
+- To install the template files locally on a server or workstation, copy the files to one of the following locations.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
              



              File typeFile location
              language neutral (.admx)
              %systemroot%\policyDefinitions
              language specific (.adml)
              %systemroot%\policyDefinitions\[MUIculture] (for example, the U.S. English language specific file will be stored in %systemroot%\policyDefinitions\en-us)
              
+  
+  +  +  +  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
              



              File typeFile location
              language neutral (.admx)
              %systemroot%\policyDefinitions
              language specific (.adml)
              %systemroot%\policyDefinitions[MUIculture] (for example, the U.S. English language specific file will be stored in %systemroot%</em>policyDefinitions\en-us)
              
 
-     
+     
 
--   To make the templates available to all Group Policy administrators in a domain, copy the files to one of the following locations on a domain controller.
+- To make the templates available to all Group Policy administrators in a domain, copy the files to one of the following locations on a domain controller.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
              



              File typeDomain controller file location
              Language neutral (.admx)
              %systemroot%sysvol\domain\policies\PolicyDefinitions
              Language specific (.adml)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions\[MUIculture] (for example, the U.S. English language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us)
              
+  
+  +  +  +  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
              



              File typeDomain controller file location
              Language neutral (.admx)
              %systemroot%sysvol\domain\policies\PolicyDefinitions
              Language specific (.adml)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions[MUIculture] (for example, the U.S. English language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us)
              
 
-     
+     
 
 For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=392818).
 
@@ -176,7 +179,7 @@ To enable you to configure encryption policy enforcement, a new Group Policy set
 
 
 
- 
+ 
 
 ### Ability to provide a URL in the BitLocker Drive Encryption wizard to point to your security policy
 
@@ -247,7 +250,7 @@ The following table lists the security groups that you must create in AD DS. You
 
 
 
- 
+ 
 
 After you create the security groups in AD DS, assign users and/or groups to the appropriate security group to enable the corresponding level of access to the Administration and Monitoring Website. To enable individuals with each role to access the Administration and Monitoring Website, you must also specify each security group when you are configuring the Administration and Monitoring Website.
 
@@ -283,20 +286,20 @@ Windows PowerShell Help for MBAM is available in the following formats:
 
 
 
              On TechNet as webpages
              
-
              https://go.microsoft.com/fwlink/?LinkId=393498
              
+
              https://go.microsoft.com/fwlink/?LinkId=393498
              
 
 
 
              On the Download Center as a Word .docx file
              
-
              https://go.microsoft.com/fwlink/?LinkId=393497
              
+
              https://go.microsoft.com/fwlink/?LinkId=393497
              
 
 
 
              On the Download Center as a .pdf file
              
-
              https://go.microsoft.com/fwlink/?LinkId=393499
              
+
              https://go.microsoft.com/fwlink/?LinkId=393499
              
 
 
 
 
- 
+ 
 
 ### Support for ASCII-only and enhanced PINs and ability to prevent sequential and repeating characters
 
@@ -365,9 +368,9 @@ For more information and late-breaking news that is not included in this documen
 
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md
index 006f3acba5..5618291576 100644
--- a/mdop/mbam-v25/accessibility-for-mbam-25.md
+++ b/mdop/mbam-v25/accessibility-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for MBAM 2.5
 description: Accessibility for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 03b343a6-9e8e-4868-a52b-cedf0b696d56
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,7 +33,7 @@ Access keys let you quickly use a command by pressing a few keys. You can get to
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ## Documentation in alternative formats
 
@@ -64,13 +67,13 @@ For information about the availability of Microsoft product documentation and bo
 
              (609) 987-8116
              
 
 
-
              [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)
              
+
              http://www.learningally.org/
              
 
              Web addresses can change, so you might be unable to connect to the website or sites mentioned here.
              
 
 
 
 
- 
+ 
 
 ## Customer service for people with hearing impairments
 
@@ -97,9 +100,9 @@ For more information about how accessible technology for computers helps to impr
 
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/administering-mbam-25-features.md b/mdop/mbam-v25/administering-mbam-25-features.md
index 4b0fad8bfc..ba93616f8c 100644
--- a/mdop/mbam-v25/administering-mbam-25-features.md
+++ b/mdop/mbam-v25/administering-mbam-25-features.md
@@ -1,8 +1,11 @@
 ---
 title: Administering MBAM 2.5 Features
 description: Administering MBAM 2.5 Features
-author: jamiejdt
+author: dansimp
 ms.assetid: ca15f818-cf07-4437-8ffa-425af603a3c8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ MBAM provides a custom control panel, called BitLocker Encryption Options, that
 **Note**  
 This customized control panel does not replace the default Windows BitLocker control panel.
 
- 
+ 
 
 [Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md)
 
@@ -44,9 +47,9 @@ This customized control panel does not replace the default Windows BitLocker con
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
index 7ca9dcb801..a24a6d32c9 100644
--- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
@@ -4,6 +4,8 @@ description: Applying hotfixes on MBAM 2.5 SP1
 ms.author: ppriya-msft
 author: intothedarkness 
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/client-event-logs.md b/mdop/mbam-v25/client-event-logs.md
index 8f25a56a05..747ad55211 100644
--- a/mdop/mbam-v25/client-event-logs.md
+++ b/mdop/mbam-v25/client-event-logs.md
@@ -1,8 +1,11 @@
 ---
 title: Client Event Logs
 description: Client Event Logs
-author: jamiejdt
+author: dansimp
 ms.assetid: d5c2f270-db6a-45f1-8557-8c6fb28fd568
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
index 330377d65b..3e68d38e01 100644
--- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
+++ b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring MBAM 2.5 Server Features by Using Windows PowerShell
 description: Configuring MBAM 2.5 Server Features by Using Windows PowerShell
-author: jamiejdt
+author: dansimp
 ms.assetid: 826429fd-29bb-44be-b47e-5f5c7d20dd1d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -69,20 +72,20 @@ Windows PowerShell Help for MBAM is available in the following formats:
 
 
 
              On TechNet as webpages
              
-
              https://go.microsoft.com/fwlink/?LinkId=393498
              
+
              https://go.microsoft.com/fwlink/?LinkId=393498
              
 
 
 
              On the Download Center as a Word .docx file
              
-
              https://go.microsoft.com/fwlink/?LinkId=393497
              
+
              https://go.microsoft.com/fwlink/?LinkId=393497
              
 
 
 
              On the Download Center as a .pdf file
              
-
              https://go.microsoft.com/fwlink/?LinkId=393499
              
+
              https://go.microsoft.com/fwlink/?LinkId=393499
              
 
 
 
 
- 
+ 
 
 ## Configurations that you can do only with Windows PowerShell but not with the MBAM Server Configuration wizard
 
@@ -122,12 +125,12 @@ Windows PowerShell Help for MBAM is available in the following formats:
 
 
 
- 
+ 
 
 **Note**  
 You cannot disable the MBAM databases with a Windows PowerShell cmdlet or the MBAM Server Configuration wizard. To prevent the accidental removal of your compliance and audit data, database administrators must remove databases manually.
 
- 
+ 
 
 ## Prerequisites and requirements for using Windows PowerShell to configure MBAM Server features
 
@@ -164,7 +167,7 @@ Before starting the configuration, complete the following prerequisites.
 
 
 
- 
+ 
 
 **Permission-related prerequisites**
 
@@ -194,7 +197,7 @@ Before starting the configuration, complete the following prerequisites.
 
              This user account must be a part of the local administrators group or the Backup Operators group to register the MBAM Volume Shadow Copy Service (VSS) Writer.
              
 
              By default, the database administrator or system administrator has the required "create any database" permissions.
              
 
              
-
              For more information about VSS Writer, see [Volume Shadow Copy Service](https://go.microsoft.com/fwlink/?LinkId=392814).
              
+
              For more information about VSS Writer, see Volume Shadow Copy Service.
              
 
 
 
              For the System Center Configuration Manager Integration feature only:
              
@@ -231,7 +234,7 @@ Before starting the configuration, complete the following prerequisites.
 
 
 
- 
+ 
 
 ## Using Windows PowerShell to configure MBAM on a remote computer
 
@@ -252,7 +255,7 @@ Before starting the configuration, complete the following prerequisites.
 
                
 
              • Ensure that the MBAM 2.5 Server software has been installed on the remote computer.
                • 
 
              • Use the Credential Security Support Provider (CredSSP) Protocol to open the Windows PowerShell session.
                • 
-
              • Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the New-PSSession cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](https://go.microsoft.com/fwlink/?LinkId=393064).
                • 
+
              • Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the New-PSSession cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see Using Windows Remote Management.
                • 
 
              
 
 
@@ -270,7 +273,7 @@ Before starting the configuration, complete the following prerequisites.
 
 
 
- 
+ 
 
 ## Required accounts and corresponding Windows PowerShell cmdlet parameters
 
@@ -306,7 +309,7 @@ Specifies the administrative credential that the local SSRS instance uses to con
 **Important**  
 The account specified in the administrative credentials should have limited user rights for improved security. Also, the password of the account should be set to not expire.
 
- 
+ 
 
 ReportsReadOnlyAccessGroup
 
@@ -345,9 +348,9 @@ For improved security, set the account that is specified in the administrative c
 
 To view the local security setting, open the **Local Security Policy editor**, expand the **Local Policies** node, select the **User Rights Assignment** node, and then double-click the **Impersonate a client after authentication** and **Log on as a batch job** Group Policy settings in the details pane.
 
- 
+ 
 
- 
+ 
 
 
 
@@ -361,11 +364,11 @@ To view the local security setting, open the **Local Security Policy editor**, e
 
 [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md b/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
index 49b94f770e..d5431e95f6 100644
--- a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
+++ b/mdop/mbam-v25/configuring-the-mbam-25-server-features.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring the MBAM 2.5 Server Features
 description: Configuring the MBAM 2.5 Server Features
-author: jamiejdt
+author: dansimp
 ms.assetid: 894d1080-5f13-48f7-8fde-82f8d440a4ed
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,31 +42,31 @@ Review and complete the following steps before you start configuring the MBAM Se
 
 
 
              Review the recommended architecture for MBAM.
              
-
              [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
              
+
              High-Level Architecture for MBAM 2.5
              
 
 
 
              Review the supported configurations for MBAM.
              
-
              [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
              
+
              MBAM 2.5 Supported Configurations
              
 
 
 
              Complete the required prerequisites on each server.
              
 
 
 
 
              Install the MBAM Server software on each server where you will configure an MBAM Server feature.
              
-
              [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
              
+
              Installing the MBAM 2.5 Server Software
              
 
 
 
              Review the prerequisites for using Windows PowerShell to configure MBAM Server features (if you are using this method to configure MBAM Server features).
              
-
              [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
              
+
              Configuring MBAM 2.5 Server Features by Using Windows PowerShell
              
 
 
 
 
- 
+ 
 
 ## Steps for configuring MBAM Server features
 
@@ -84,24 +87,24 @@ Each row in the following table describes the features that you will configure o
 
 
 
              Configure the databases.
              
-
              [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md)
              
+
              How to Configure the MBAM 2.5 Databases
              
 
 
 
              Configure the reports.
              
-
              [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md)
              
+
              How to Configure the MBAM 2.5 Reports
              
 
 
 
              Configure the web applications.
              
-
              [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
              
+
              How to Configure the MBAM 2.5 Web Applications
              
 
 
 
              Configure the System Center Configuration Manager Integration (if applicable).
              
-
              [How to Configure the MBAM 2.5 System Center Configuration Manager Integration](how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md)
              
+
              How to Configure the MBAM 2.5 System Center Configuration Manager Integration
              
 
 
 
 
- 
+ 
 
 For a list of events about MBAM Server feature configuration, see [Server Event Logs](server-event-logs.md).
 
@@ -111,9 +114,9 @@ For a list of events about MBAM Server feature configuration, see [Server Event
 
 
 Configuring the MBAM 2.5 Server Features
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
index 79e1582f84..3c22c4bb2d 100644
--- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
+++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
@@ -1,8 +1,11 @@
 ---
 title: Copying the MBAM 2.5 Group Policy Templates
 description: Copying the MBAM 2.5 Group Policy Templates
-author: jamiejdt
+author: dansimp
 ms.assetid: e526ecec-07ff-435e-bc90-3084b617b84b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,80 +26,82 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates
-](https://www.microsoft.com/en-us/download/details.aspx?id=55531).
+1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates
+   ](https://www.microsoft.com/en-us/download/details.aspx?id=55531).
 
-2.  Run the downloaded file to extract the template folders.
+2. Run the downloaded file to extract the template folders.
 
-    **Warning**  
-    Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file.
+   **Warning**  
+   Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file.
 
-     
 
-3.  In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings.
 
-4.  Locate the appropriate .adml file by language-culture (that is, *en* for English-United States).
+3. In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings.
 
-5.  Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain.
+4. Locate the appropriate .adml file by language-culture (that is, *en* for English-United States).
 
-    **Local files.** To configure Group Policy settings from the local device, copy template files to the following locations:
+5. Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
              



              File typeFile location
              Group Policy template (.admx)
              %systemroot%\policyDefinitions
              Group Policy language file (.adml)
              %systemroot%\policyDefinitions\[MUIculture]
              
+   **Local files.** To configure Group Policy settings from the local device, copy template files to the following locations:
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
              



              File typeFile location
              Group Policy template (.admx)
              %systemroot%<strong>policyDefinitions
              Group Policy language file (.adml)
              %systemroot%<strong>policyDefinitions[MUIculture]
              
 
-    **Domain central store.** To enable Group Policy settings configuration by a Group Policy administrator from any computer on the domain, copy files to the following locations on the domain controller:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
              



              File typeFile location
              Group Policy template (.admx)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions
              Group Policy language file (.adml)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions\[MUIculture]\[MUIculture]
              
-    
              For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.
              
 
-     
+~~~
+**Domain central store.** To enable Group Policy settings configuration by a Group Policy administrator from any computer on the domain, copy files to the following locations on the domain controller:
 
-6.  Edit the Group Policy settings using Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) to configure Group Policy settings for the MDOP technology. See [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md) for more information.
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
              



              File typeFile location
              Group Policy template (.admx)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions
              Group Policy language file (.adml)
              %systemroot%\sysvol\domain\policies\PolicyDefinitions\[MUIculture]\[MUIculture]
              
+
              For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.
              
+~~~
 
-    For descriptions of the Group Policy settings, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md).
+
+
+6. Edit the Group Policy settings using Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) to configure Group Policy settings for the MDOP technology. See [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md) for more information.
+
+   For descriptions of the Group Policy settings, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md).
 
 
 ## Related topics
@@ -104,11 +109,11 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 
 [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
index 75f0c5dd3c..efae4b682d 100644
--- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
+++ b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Create or Edit the Sms\_def.mof File
 description: Create or Edit the Sms\_def.mof File
-author: jamiejdt
+author: dansimp
 ms.assetid: 0bc5e7d8-9747-4da6-a1b3-38d8f27ba121
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md b/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
index 87f74c21ad..b5343853e6 100644
--- a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
+++ b/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md
@@ -1,8 +1,11 @@
 ---
 title: Customizing the Self-Service Portal for Your Organization
 description: Customizing the Self-Service Portal for Your Organization
-author: jamiejdt
+author: dansimp
 ms.assetid: f007e02b-e2df-47a9-9762-5909e230aa3f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -35,28 +38,28 @@ You can customize the Self-Service Portal in the following ways:
 
 
 
              You can brand the Self-Service Portal with your company name, Help Desk URL, and can change the Session Time-out setting to make the end user’s session expire after a specified period of inactivity.
              
-
              [How to Set the Self-Service Portal Branding and Session Time-out](how-to-set-the-self-service-portal-branding-and-session-time-out.md)
              
+
              How to Set the Self-Service Portal Branding and Session Time-out
              
 
 
 
              You can turn the Self-Service Portal notice text on or off.
              
-
              [How to Turn the Self-Service Portal Notice Text On or Off](how-to-turn-the-self-service-portal-notice-text-on-or-off.md)
              
+
              How to Turn the Self-Service Portal Notice Text On or Off
              
 
 
 
              You can configure a localized version of the Self-Service Portal "HelpdeskText" statement, which tells end users how to get additional help when they are using the Self-Service Portal.
              
-
              [How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information](how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md)
              
+
              How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information
              
 
 
 
              You can configure a localized version of the Self-Service Portal "HelpdeskURL" to display to end users by default.
              
-
              [How to Localize the Self-Service Portal “HelpdeskURL”](how-to-localize-the-self-service-portal-helpdeskurl.md)
              
+
              How to Localize the Self-Service Portal “HelpdeskURL”
              
 
 
 
              You can configure localized notice text to display to end users by default in the Self-Service Portal.
              
-
              [How to Localize the Self-Service Portal Notice Text](how-to-localize-the-self-service-portal-notice-text.md)
              
+
              How to Localize the Self-Service Portal Notice Text
              
 
 
 
 
- 
+ 
 
 
 
@@ -65,7 +68,7 @@ You can customize the Self-Service Portal in the following ways:
 
 [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md b/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
index 160b9ab0b2..ea0c9dff8f 100644
--- a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
+++ b/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 2.5 Group Policy Objects
 description: Deploying MBAM 2.5 Group Policy Objects
-author: jamiejdt
+author: dansimp
 ms.assetid: 4b835054-6846-463d-af58-8ac4639a1188
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ To deploy MBAM, you have to set Group Policy settings that define MBAM implement
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you.
 
- 
+ 
 
 ## Copying the MBAM 2.5 Group Policy Templates
 
@@ -51,9 +54,9 @@ Since MBAM offers a customized MBAM control panel that can replace the default W
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/deploying-mbam-25.md b/mdop/mbam-v25/deploying-mbam-25.md
index f1c1cff37e..48ab4bb17d 100644
--- a/mdop/mbam-v25/deploying-mbam-25.md
+++ b/mdop/mbam-v25/deploying-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying MBAM 2.5
 description: Deploying MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 45403607-1f4d-42fe-8413-0d4da01808a6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -37,32 +40,32 @@ Use this information to identify the procedures you can follow to deploy and con
 
            • How to install the MBAM Server software.
              • 
 
            • How to configure the MBAM Server features.
              • 
 
            
-
            [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)
            
+
            Deploying the MBAM 2.5 Server Infrastructure
            
 
 
 
            How to download and deploy the MBAM Group Policy Templates, which are required to manage MBAM Clients and BitLocker encryption policies in the enterprise.
            
-
            [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
            
+
            Deploying MBAM 2.5 Group Policy Objects
            
 
 
 
            How to use the MBAM Client Windows Installer files to deploy the MBAM Client software.
            
-
            [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
            
+
            Deploying the MBAM 2.5 Client
            
 
 
 
            Checklist that can assist you in deploying the MBAM Server features and MBAM Client.
            
-
            [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)
            
+
            MBAM 2.5 Deployment Checklist
            
 
 
 
            How to upgrade MBAM from previous versions.
            
-
            [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)
            
+
            Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions
            
 
 
 
            How to remove MBAM Server features or software.
            
-
            [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
            
+
            Removing MBAM Server Features or Software
            
 
 
 
 
- 
+ 
 
 ## Other resources for deploying MBAM
 
@@ -85,9 +88,9 @@ Use this information to identify the procedures you can follow to deploy and con
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/deploying-the-mbam-25-client.md b/mdop/mbam-v25/deploying-the-mbam-25-client.md
index 5c05697ce7..0a20208aa0 100644
--- a/mdop/mbam-v25/deploying-the-mbam-25-client.md
+++ b/mdop/mbam-v25/deploying-the-mbam-25-client.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 2.5 Client
 description: Deploying the MBAM 2.5 Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 0a96a0ee-f280-49d9-a244-88f4147fe9fd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ After configuring Group Policy settings, you can use an enterprise software depl
 **Note**  
 Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product.
 
- 
+ 
 
 [How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md)
 
@@ -58,11 +61,11 @@ This section explains how to install the MBAM Client by using a command line.
 
 [Planning for MBAM 2.5](planning-for-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md b/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
index 47c09e74df..d60e1044e5 100644
--- a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
+++ b/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MBAM 2.5 Server Infrastructure
 description: Deploying the MBAM 2.5 Server Infrastructure
-author: jamiejdt
+author: dansimp
 ms.assetid: e85a60cf-4cc1-4906-8da3-442232c374af
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,32 +33,32 @@ To deploy the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Serve
 
 
 
            Install the MBAM 2.5 Server software on each server where you want to configure an MBAM Server feature.
            
-
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            
+
            Installing the MBAM 2.5 Server Software
            
 
 
 
            Configure the databases, reports, web applications, and the optional System Center Configuration Manager Integration topology.
            
 
            You can use the MBAM Server Configuration wizard or Windows PowerShell cmdlets to do the configuration.
            
-
            [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
            
+
            Configuring the MBAM 2.5 Server Features
            
 
 
 
            Validate the MBAM Server configuration.
            
-
            [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
            
+
            Validating the MBAM 2.5 Server Feature Configuration
            
 
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
index e1dbf01ed9..9ce836f5eb 100644
--- a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
+++ b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
@@ -1,8 +1,11 @@
 ---
 title: Determining why a Device Receives a Noncompliance Message
 description: Determining why a Device Receives a Noncompliance Message
-author: jamiejdt
+author: dansimp
 ms.assetid: 793df330-a0ee-4759-b53a-95618ac74428
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
index f4616b4724..a3a45c975d 100644
--- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
+++ b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Edit the Configuration.mof File
 description: Edit the Configuration.mof File
-author: jamiejdt
+author: dansimp
 ms.assetid: 5d8cd76b-8ffc-4d46-b761-1b8350310c48
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md b/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
index 543f7e2ff6..8e285009f6 100644
--- a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
+++ b/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Editing the MBAM 2.5 Group Policy Settings
 description: Editing the MBAM 2.5 Group Policy Settings
-author: jamiejdt
+author: dansimp
 ms.assetid: a50b6b0c-6818-4419-8447-d0520a533dba
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,11 +33,11 @@ To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM),
 
 
 
            Copy the MBAM 2.5 Group Policy Templates.
            
-
            [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)
            
+
            Copying the MBAM 2.5 Group Policy Templates
            
 
 
 
            Determine which Group Policy Objects (GPOs) you want to use in your MBAM implementation. Based on the needs of your organization, you might have to configure additional Group Policy settings.
            
-
            [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) – contains descriptions of the GPOs
            
+
            Planning for MBAM 2.5 Group Policy Requirements – contains descriptions of the GPOs
            
 
 
 
            Set the Group Policy settings for your organization.
            
@@ -43,12 +46,12 @@ To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM),
 
 
 
- 
+ 
 
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you.
 
- 
+ 
 
 **To edit MBAM Client Group Policy settings**
 
@@ -89,7 +92,7 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
     
     
 
-     
+     
 
 ## Related topics
 
@@ -98,11 +101,11 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 
 [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
index 875d8cccb0..67c54060da 100644
--- a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
+++ b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md
@@ -1,8 +1,11 @@
 ---
 title: Evaluating MBAM 2.5 in a Test Environment
 description: Evaluating MBAM 2.5 in a Test Environment
-author: jamiejdt
+author: dansimp
 ms.assetid: 72959b7a-e55f-4797-91b3-5be23c8c2844
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,241 +26,240 @@ To evaluate MBAM by using the Stand-alone topology, use the information in the f
 
 **To evaluate MBAM 2.5 by using the Stand-alone topology**
 
-1.  Before installing MBAM, do the following:
+1. Before installing MBAM, do the following:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md)
            Check the required hardware, RAM, and other specifications.
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
            Check the required hardware, RAM, and other specifications.
            MBAM 2.5 Supported Configurations
            Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            
 
-     
 
-2.  Install the MBAM Server software, and then configure the features you want.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            Configure the Compliance and Audit Database and the Recovery Database.
            [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md)
            Configure the Reports feature.
            [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md)
            Configure the web applications.
            [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
            
+2. Install the MBAM Server software, and then configure the features you want.
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            Installing the MBAM 2.5 Server Software
            Configure the Compliance and Audit Database and the Recovery Database.
            How to Configure the MBAM 2.5 Databases
            Configure the Reports feature.
            How to Configure the MBAM 2.5 Reports
            Configure the web applications.
            How to Configure the MBAM 2.5 Web Applications
            
 
-3.  On a client computer, do the following:
 
-    1.  Install the MBAM Client on a client computer.
 
-    2.  Apply the MBAM Group Policy Objects (GPOs) to the computer.
+3. On a client computer, do the following:
 
-    3.  Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:
+   1.  Install the MBAM Client on a client computer.
 
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
-        "ClientWakeupFrequency"=dword:00000001
-        "StatusReportingFrequency"=dword:00000001
-        ```
+   2.  Apply the MBAM Group Policy Objects (GPOs) to the computer.
 
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
-        "NoStartupDelay"=dword:00000001
-        ```
+   3.  Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:
 
-        **Note**  
-        Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
+       "ClientWakeupFrequency"=dword:00000001
+       "StatusReportingFrequency"=dword:00000001
+       ```
 
-         
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
+       "NoStartupDelay"=dword:00000001
+       ```
 
-    4.  Restart the **BitLocker Management Client Service**.
+       **Note**  
+       Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.
 
-## Evaluating MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology
+
+
+   4.  Restart the **BitLocker Management Client Service**.
+
+## Evaluating MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology
 
 
 To evaluate MBAM by using the Configuration Manager Integration topology, use the information in the following tables to install the MBAM Server software, and then configure the MBAM Server features in your test environment. After installing the MBAM Client on a client computer, you will complete additional steps to force the MBAM Client to report the computer’s status to MBAM more quickly.
 
-**To evaluate MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology**
+**To evaluate MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology**
 
-1.  Before installing MBAM, review the prerequisite software and supported configuration.
+1. Before installing MBAM, review the prerequisite software and supported configuration.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md)
            
-    
            [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md)
            Check the required hardware, RAM, and other specifications.
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            Create or edit the .mof files.
            [Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md)
            
-    
            [Create or Edit the Sms_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md)
            
-
-     
-
-2.  Install the MBAM Server software, and then configure the features you want.
-
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            
-    
            
-    Note  
-    
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).
            
-    
            
-    
            
-     
-    
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            Configure the Compliance and Audit Database and the Recovery Database.
            [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md)
            Configure the Reports feature.
            [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md)
            Configure the web applications.
            [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
            Configure the System Center Configuration Manager to install the Configuration Manager objects.
            [How to Configure the MBAM 2.5 System Center Configuration Manager Integration](how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md)
            
-
-     
-
-3.  On a client computer, do the following:
-
-    1.  Install the MBAM Client and the Configuration Manager Client on a client computer.
-
-    2.  Apply the MBAM Group Policy Objects to the computer.
-
-    3.  Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:
-
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
-        "ClientWakeupFrequency"=dword:00000001
-        "StatusReportingFrequency"=dword:00000001
-        ```
-
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
-        "NoStartupDelay"=dword:00000001
-        ```
-
-        **Note**  
-        Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.
-
-         
-
-    4.  Restart the **BitLocker Management Client Service**.
-
-    5.  In Control Panel, open **Configuration Manager**, and then click the **Actions** tab.
-    
-    6.  Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server.
-
-    7.  Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer.
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
            
+   
            MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology
            Check the required hardware, RAM, and other specifications.
            MBAM 2.5 Supported Configurations
            Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            Create or edit the .mof files.
            Edit the Configuration.mof File
            
+   
            Create or Edit the Sms_def.mof File
            
 
 
 
-4.  In the Configuration Manager console, do the following:
+2. Install the MBAM Server software, and then configure the features you want.
 
-    1.  In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately.
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            
+   
            
+   Note
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.
            
+   
            
+   
            
 
-    2.  In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection.
+   
            Installing the MBAM 2.5 Server Software
            Configure the Compliance and Audit Database and the Recovery Database.
            How to Configure the MBAM 2.5 Databases
            Configure the Reports feature.
            How to Configure the MBAM 2.5 Reports
            Configure the web applications.
            How to Configure the MBAM 2.5 Web Applications
            Configure the System Center Configuration Manager to install the Configuration Manager objects.
            How to Configure the MBAM 2.5 System Center Configuration Manager Integration
            
 
-5.  On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following:
 
-    1.  Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**.
 
-    2.  Click the **Configurations** tab, select the BitLocker baseline, and then click **Evaluate**.
+3. On a client computer, do the following:
 
-6.  In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report: as follows:
+   1.  Install the MBAM Client and the Configuration Manager Client on a client computer.
 
-    1.  In the navigation pane, select the **Monitoring** workspace.
+   2.  Apply the MBAM Group Policy Objects to the computer.
 
-    2.  In the console tree, expand **Overview** > **Reporting** > **Reports** > **MBAM**.
+   3.  Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:
 
-    3.  Select the folder that represents the language in which you want to view reports, and then select the report in the results pane.
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
+       "ClientWakeupFrequency"=dword:00000001
+       "StatusReportingFrequency"=dword:00000001
+       ```
+
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
+       "NoStartupDelay"=dword:00000001
+       ```
+
+       **Note**  
+       Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.
+
+
+
+   4.  Restart the **BitLocker Management Client Service**.
+
+   5.  In Control Panel, open **Configuration Manager**, and then click the **Actions** tab.
+
+   6.  Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server.
+
+   7.  Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer.
+
+
+
+4. In the Configuration Manager console, do the following:
+
+   1.  In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately.
+
+   2.  In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection.
+
+5. On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following:
+
+   1.  Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**.
+
+   2.  Click the **Configurations** tab, select the BitLocker baseline, and then click **Evaluate**.
+
+6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report: as follows:
+
+   1.  In the navigation pane, select the **Monitoring** workspace.
+
+   2.  In the console tree, expand **Overview** > **Reporting** > **Reports** > **MBAM**.
+
+   3.  Select the folder that represents the language in which you want to view reports, and then select the report in the results pane.
 
 ## Evaluating MBAM 2.5 by using the System Center Configuration Manager 2007 Integration topology
 
@@ -266,134 +268,133 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow
 
 **To evaluate MBAM by using the Configuration Manager 2007 Integration topology**
 
-1.  Before you install MBAM, do the following:
+1. Before you install MBAM, do the following:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md)
            
-    
            [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md)
            Check the required hardware, RAM, and other specifications.
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            Create or edit the .mof files.
            [Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md)
            
-    
            [Create or Edit the Sms_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md)
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Ensure that you have installed all of the prerequisite software.
            MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
            
+   
            MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology
            Check the required hardware, RAM, and other specifications.
            MBAM 2.5 Supported Configurations
            Create or edit the .mof files.
            Edit the Configuration.mof File
            
+   
            Create or Edit the Sms_def.mof File
            
 
-     
 
-2.  Install the MBAM Server software, and then configure the features you want.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            
-    
            
-    Note  
-    
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).
            
-    
            
-    
            
-     
-    
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            Configure the Compliance and Audit Database and the Recovery Database.
            [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md)
            Configure the Reports feature.
            [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md)
            Configure the web applications.
            [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
            Configure the System Center Configuration Manager to install the Configuration Manager objects.
            [How to Configure the MBAM 2.5 System Center Configuration Manager Integration](how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md)
            
+2. Install the MBAM Server software, and then configure the features you want.
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            TaskWhere to get instructions
            Install the MBAM Server software on each server where you want to configure an MBAM Server feature.
            
+   
            
+   Note
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.
            
+   
            
+   
            
 
-3.  On a client computer, do the following:
+   
            Installing the MBAM 2.5 Server Software
            Configure the Compliance and Audit Database and the Recovery Database.
            How to Configure the MBAM 2.5 Databases
            Configure the Reports feature.
            How to Configure the MBAM 2.5 Reports
            Configure the web applications.
            How to Configure the MBAM 2.5 Web Applications
            Configure the System Center Configuration Manager to install the Configuration Manager objects.
            How to Configure the MBAM 2.5 System Center Configuration Manager Integration
            
 
-    1.  Install the MBAM Client on a client computer.
 
-    2.  Apply the MBAM Group Policy Objects to the computer.
 
-    3.  Set the following registry keys to force the MBAM Client to wake up more quickly and at faster intervals:
+3. On a client computer, do the following:
 
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
-        "ClientWakeupFrequency"=dword:00000001
-        "StatusReportingFrequency"=dword:00000001
-        ```
+   1.  Install the MBAM Client on a client computer.
 
-        ``` syntax
-        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
-        "NoStartupDelay"=dword:00000001
-        ```
+   2.  Apply the MBAM Group Policy Objects to the computer.
 
-        **Note**  
-        Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in an evaluation environment.
+   3.  Set the following registry keys to force the MBAM Client to wake up more quickly and at faster intervals:
 
-         
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
+       "ClientWakeupFrequency"=dword:00000001
+       "StatusReportingFrequency"=dword:00000001
+       ```
 
-    4.  Restart the **BitLocker Management Client Service**.
+       ``` syntax
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
+       "NoStartupDelay"=dword:00000001
+       ```
 
-    5.  In Control Panel, open **Configuration Manager**, and then click the **Actions** tab.
+       **Note**  
+       Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in an evaluation environment.
 
-    6.  Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer.
 
-    7.  Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files and then sends the data to the Configuration Manager server.
 
-4.  In the Configuration Manager console, do the following:
+   4.  Restart the **BitLocker Management Client Service**.
 
-    1.  In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately.
+   5.  In Control Panel, open **Configuration Manager**, and then click the **Actions** tab.
 
-    2.  In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection.
+   6.  Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer.
 
-5.  On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following:
+   7.  Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files and then sends the data to the Configuration Manager server.
 
-    1.  Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**.
+4. In the Configuration Manager console, do the following:
 
-    2.  Click the **Configurations** tab, select the BitLocker baseline, and click **Evaluate**.
+   1.  In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately.
 
-6.  In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report, as follows
+   2.  In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection.
 
-    1.  In the navigation pane, expand **Computer Management** > **Reporting** > **Reporting Services** > **<server name>MBAM**.
+5. On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following:
 
-    2.  Within the **MBAM** node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane.
+   1.  Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**.
+
+   2.  Click the **Configurations** tab, select the BitLocker baseline, and click **Evaluate**.
+
+6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report, as follows
+
+   1.  In the navigation pane, expand **Computer Management** > **Reporting** > **Reporting Services** > **<server name>MBAM**.
+
+   2.  Within the **MBAM** node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane.
 
 
 ## Related topics
@@ -401,7 +402,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow
 
 [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
index 311409761a..9fe1680548 100644
--- a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
+++ b/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md
@@ -1,8 +1,11 @@
 ---
 title: Generating MBAM 2.5 Stand-alone Reports
 description: Generating MBAM 2.5 Stand-alone Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: 0ec623ff-5155-4906-aef2-20cdc0f84667
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ For descriptions of the Stand-alone reports, see [Understanding MBAM 2.5 Stand-a
 **Note**  
 To run the reports, you must be a member of the **MBAM Report Users** group, which you configure in Active Directory Domain Services. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md).
 
- 
+ 
 
 **To open the Administration and Monitoring Website**
 
@@ -46,7 +49,7 @@ To run the reports, you must be a member of the **MBAM Report Users** group, whi
     **Note**  
     Configure SQL Server Reporting Services (SSRS) to use Secure Sockets Layer (SSL) before configuring the Administration and Monitoring Website. If, for any reason, SSRS is not configured to use SSL, the URL for the Reports will be set to HTTP instead of to HTTPS when you configure the Administration and Monitoring Website. If you then go to the Administration and Monitoring Website and select a report, the following message displays: “Only Secure Content is Displayed.” To show the report, click **Show All Content**.
 
-     
+     
 
 **To generate an Enterprise Compliance Report**
 
@@ -102,7 +105,7 @@ To run the reports, you must be a member of the **MBAM Report Users** group, whi
 
 [Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md
index a7ba39d226..27038fd66a 100644
--- a/mdop/mbam-v25/getting-started-with-mbam-25.md
+++ b/mdop/mbam-v25/getting-started-with-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with MBAM 2.5
 description: Getting Started with MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 23d0cfbb-e2ef-4c34-bf29-1b7ab4c48f00
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -41,32 +44,32 @@ Before you start planning your MBAM deployment, review the following topics.
 
 
 
            High-level overview of MBAM 2.5 that describes how you can use it in your organization.
            
-
            [About MBAM 2.5](about-mbam-25.md)
            
+
            About MBAM 2.5
            
 
 
 
            Release notes, which lists known issues in the product.
            
-
            [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)
            
+
            Release Notes for MBAM 2.5
            
 
 
 
            Information about how you can evaluate MBAM 2.5 in a test environment.
            
-
            [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)
            
+
            Evaluating MBAM 2.5 in a Test Environment
            
 
 
 
            Description of the MBAM 2.5 features and the recommended architecture of the Stand-alone and Configuration Manager Integration topologies in a production environment.
            
-
            [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
            
+
            High-Level Architecture for MBAM 2.5
            
 
 
 
            Description and illustration of each MBAM Server feature, without the recommended architecture.
            
-
            [Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md)
            
+
            Illustrated Features of an MBAM 2.5 Deployment
            
 
 
 
            Describes the keyboard shortcuts that are available for MBAM 2.5.
            
-
            [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md)
            
+
            Accessibility for MBAM 2.5
            
 
 
 
 
- 
+ 
 
 ## How to get MDOP technologies
 
@@ -92,9 +95,9 @@ MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is pa
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md b/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
index e91ed7e0c7..5ef9f09421 100644
--- a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
+++ b/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Hiding the Default BitLocker Drive Encryption Item in Control Panel
 description: Hiding the Default BitLocker Drive Encryption Item in Control Panel
-author: jamiejdt
+author: dansimp
 ms.assetid: 6e2a9a02-a809-43a1-80a3-1b03c7192c89
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ This topic describes how to hide the **BitLocker Drive Encryption** Control Pane
 **Note**  
 Microsoft BitLocker Administration and Monitoring (MBAM) creates an additional, custom Control Panel item, called **BitLocker Encryption Options**, which enables end users to manage their PIN and password, turn on BitLocker for a drive, and check encryption.
 
- 
+ 
 
 See [Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md) to read about:
 
@@ -30,7 +33,7 @@ See [Understanding the BitLocker Encryption Options and BitLocker Drive Encrypti
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node. If you do, MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you.
 
- 
+ 
 
 **To hide the default BitLocker Drive Encryption item in Control Panel**
 
@@ -49,7 +52,7 @@ Do not change the Group Policy settings in the **BitLocker Drive Encryption** no
 
 [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md b/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
index 4b67d0891b..10db3f3710 100644
--- a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
+++ b/mdop/mbam-v25/high-level-architecture-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture for MBAM 2.5
 description: High-Level Architecture for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: b42af25c-961b-4a6a-92d2-916a373eb68b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
index 3e9aff0890..3f47fccbd0 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
@@ -1,14 +1,16 @@
 ---
 title: High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology
 description: High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology
-author: jamiejdt
+author: dansimp
 ms.assetid: 075bafa1-792b-4c24-9d8e-5d3153e2112c
+ms.reviewer: 
+manager: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.prod: w10
 ms.date: 08/23/2018
-ms.author: pashort
+ms.author: dansimp
 ---
 
 
@@ -21,7 +23,7 @@ For a list of the supported versions of the software mentioned in this topic, se
 **Important**  
 Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007.
 
- 
+ 
 
 ## Recommended number of servers and supported number of clients
 
@@ -52,7 +54,7 @@ The recommended number of servers and supported number of clients in a productio
 
 
 
- 
+ 
 
 ## Differences between Configuration Manager Integration and stand-alone topologies
 
@@ -128,7 +130,7 @@ The **monitoring web services** are used by the MBAM Client and the websites to
 
 **Important**
            The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database. 
 
- 
+ 
 
 ### Management workstation
 
@@ -140,7 +142,7 @@ The **monitoring web services** are used by the MBAM Client and the websites to
 
     **NOTE**
            The workstation does not have to be a dedicated computer.
 
-     
+     
 
 ### MBAM Client and Configuration Manager Client computer
 
@@ -158,7 +160,7 @@ The **MBAM Client**:
 
 The **Configuration Manager Client** enables Configuration Manager to collect hardware compatibility data about the client computers and report compliance information.
 
- 
+ 
 
 ## Differences in MBAM deployment for supported Configuration Manager versions
 
@@ -191,7 +193,7 @@ When you deploy MBAM with the Configuration Manager Integration topology, you ca
 
 
 
- 
+ 
 
 ## How MBAM works with Configuration Manager
 
@@ -271,7 +273,7 @@ The integration of MBAM with Configuration Manager is based on a configuration p
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -283,9 +285,9 @@ The integration of MBAM with Configuration Manager is based on a configuration p
 
 [Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md)
 
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
index 1287ee6b02..48a70ddaaa 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture of MBAM 2.5 with Stand-alone Topology
 description: High-Level Architecture of MBAM 2.5 with Stand-alone Topology
-author: jamiejdt
+author: dansimp
 ms.assetid: 35f8c5f6-8be3-443d-baf0-56d68b08f3bc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ For a list of the supported versions of the software mentioned in this topic, se
 **Note**  
 We recommend you use a single-server architecture in test environments only.
 
- 
+ 
 
 ## Recommended number of servers and supported number of clients
 
@@ -52,7 +55,7 @@ The recommended number of servers and supported number of clients in a productio
 
 
 
- 
+ 
 
 ## Recommended MBAM high-level architecture with the Stand-alone topology
 
@@ -111,7 +114,7 @@ The **monitoring web services** are used by the MBAM Client and the websites to
 **Important**  
 The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.
 
- 
+ 
 
 Management workstation
 
@@ -146,7 +149,7 @@ The MBAM Client:
 
 [Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
index 151b5e2b55..1c818b89dc 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the MBAM 2.5 Databases
 description: How to Configure the MBAM 2.5 Databases
-author: jamiejdt
+author: dansimp
 ms.assetid: 66e1c81b-f785-4398-9175-bb5f112c2a35
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -38,38 +41,37 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 
 
            Review the recommended architecture for MBAM.
            
-
            [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
            
+
            High-Level Architecture for MBAM 2.5
            
 
 
 
            Review the supported configurations for MBAM.
            
-
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            
+
            MBAM 2.5 Supported Configurations
            
 
 
 
            Complete the required prerequisites on each server.
            
 
 
 
 
            Install the MBAM Server software on each server where you plan to configure an MBAM Server feature.
            
 
            
-Note  
-
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).
            
+Note
            You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.
            
 
            
 
            
- 
+
 
            
-
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            
+
            Installing the MBAM 2.5 Server Software
            
 
 
 
            Review the prerequisites for using Windows PowerShell if you plan to use Windows PowerShell cmdlets to configure MBAM Server features.
            
-
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            
+
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            
 
 
 
 
- 
+
 
 **To configure the databases by using Windows PowerShell**
 
@@ -79,138 +81,134 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 **To configure the Compliance and Audit Database by using the wizard**
 
-1.  On the server where you want to configure the databases, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
+1. On the server where you want to configure the databases, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
 
-2.  Click **Add New Features**, select **Compliance and Audit Database** and **Recovery Database**, and then click **Next**. The wizard checks that all prerequisites for the databases have been met.
+2. Click **Add New Features**, select **Compliance and Audit Database** and **Recovery Database**, and then click **Next**. The wizard checks that all prerequisites for the databases have been met.
 
-3.  If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**.
+3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**.
 
-4.  Using the following descriptions, enter the field values in the wizard:
+4. Using the following descriptions, enter the field values in the wizard:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            SQL Server name
            Name of the server where you are configuring the Compliance and Audit Database.
            
-    
            
-    Note  
-    
            You must add an exception on the Compliance and Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
            
-    
            
-    
            
-     
-    
            SQL Server database instance
            Name of the database instance where the compliance and audit data will be stored. You must also specify where the database information will be located.
            Database name
            Name of the database that will store the compliance data.
            
-    
            
-    Note  
-    
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.
            
-    
            
-    
            
-     
-    
            Read/write access domain user or group
            Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.
            
-    
            If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.
            
-    
            If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.
            Read-only access domain user or group
            Name of the user or group that will have read-only permission to this database to enable the reports to access the compliance data in this database.
            
-    
            If you enter a user in this field, it must be the same user as the one you specify in the Compliance and Audit Database domain account field on the Configure Reports page.
            
-    
            If you enter a group in this field, the value that you specify in the Compliance and Audit Database domain account field on the Configure Reports page must be a member of the group that you specify in this field.
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            SQL Server name
            Name of the server where you are configuring the Compliance and Audit Database.
            
+   
            
+   Note
            You must add an exception on the Compliance and Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
            
+   
            
+   
            
 
-     
+   
            SQL Server database instance
            Name of the database instance where the compliance and audit data will be stored. You must also specify where the database information will be located.
            Database name
            Name of the database that will store the compliance data.
            
+   
            
+   Note
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.
            
+   
            
+   
            
 
-5.  Continue to the next section to configure the Recovery Database.
+   
            Read/write access domain user or group
            Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.
            
+   
            If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.
            
+   
            If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.
            Read-only access domain user or group
            Name of the user or group that will have read-only permission to this database to enable the reports to access the compliance data in this database.
            
+   
            If you enter a user in this field, it must be the same user as the one you specify in the Compliance and Audit Database domain account field on the Configure Reports page.
            
+   
            If you enter a group in this field, the value that you specify in the Compliance and Audit Database domain account field on the Configure Reports page must be a member of the group that you specify in this field.
            
+
+
+
+5. Continue to the next section to configure the Recovery Database.
 
 **To configure the Recovery Database by using the wizard**
 
-1.  Using the following descriptions, enter the field values in the wizard:
+1. Using the following descriptions, enter the field values in the wizard:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            SQL Server name
            Name of the server where you are configuring the Recovery Database.
            
-    
            
-    Note  
-    
            You must add an exception on the Recovery Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
            
-    
            
-    
            
-     
-    
            SQL Server database instance
            Name of the database instance where the recovery data will be stored. You must also specify where the database information will be located.
            Database name
            Name of the database that will store the recovery data.
            
-    
            
-    Note  
-    
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.
            
-    
            
-    
            
-     
-    
            Read/write access domain user or group
            Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.
            
-    
            If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.
            
-    
            If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            SQL Server name
            Name of the server where you are configuring the Recovery Database.
            
+   
            
+   Note
            You must add an exception on the Recovery Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.
            
+   
            
+   
            
 
-     
+   
            SQL Server database instance
            Name of the database instance where the recovery data will be stored. You must also specify where the database information will be located.
            Database name
            Name of the database that will store the recovery data.
            
+   
            
+   Note
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.
            
+   
            
+   
            
 
-2.  When you finish your entries, click **Next**.
+   
            Read/write access domain user or group
            Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.
            
+   
            If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.
            
+   
            If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.
            
 
-    The wizard checks that all prerequisites for the databases have been met.
 
-3.  If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Next** again.
 
-4.  On the **Summary** page, review the features that will be added.
+2. When you finish your entries, click **Next**.
 
-    **Note**  
-    To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script.
+   The wizard checks that all prerequisites for the databases have been met.
 
-     
+3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Next** again.
 
-5.  Click **Add** to add the MBAM databases on the server, and then click **Close**.
+4. On the **Summary** page, review the features that will be added.
+
+   **Note**  
+   To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script.
+
+
+
+5. Click **Add** to add the MBAM databases on the server, and then click **Close**.
 
 
 
@@ -227,11 +225,11 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
index 10ac435c9b..b76b25843c 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the MBAM 2.5 Reports
 description: How to Configure the MBAM 2.5 Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: ec462879-0253-4d9c-83c7-a9bcad479725
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -38,31 +41,31 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 
 
            Review the recommended architecture for MBAM.
            
-
            [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
            
+
            High-Level Architecture for MBAM 2.5
            
 
 
 
            Review the supported configurations for MBAM.
            
-
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            
+
            MBAM 2.5 Supported Configurations
            
 
 
 
            Complete the required prerequisites on each server.
            
 
 
 
 
            Install the MBAM Server software on each server where you plan to configure an MBAM Server feature.
            
-
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            
+
            Installing the MBAM 2.5 Server Software
            
 
 
 
            Review the prerequisites for using Windows PowerShell if you plan to use Windows PowerShell cmdlets to configure MBAM Server features.
            
-
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            
+
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            
 
 
 
 
- 
+
 
 **To configure the Reports by using Windows PowerShell**
 
@@ -72,86 +75,84 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 **To configure the Reports by using the wizard**
 
-1.  On the server where you want to configure the Reports, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
+1. On the server where you want to configure the Reports, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
 
-2.  Click **Add New Features**, select **Reports**, and then click **Next**. The wizard checks that all prerequisites for the Reports have been met.
+2. Click **Add New Features**, select **Reports**, and then click **Next**. The wizard checks that all prerequisites for the Reports have been met.
 
-3.  Click **Next** to continue.
+3. Click **Next** to continue.
 
-4.  Using the following descriptions, enter the field values in the wizard:
+4. Using the following descriptions, enter the field values in the wizard:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            SQL Server Reporting Services instance
            Instance of SQL Server Reporting Services where the Reports will be configured.
            Reporting role domain group
            Name of the domain Users group whose members have rights to access the reports on the Administration and Monitoring Server.
            SQL Server name
            Name of the server where the Compliance and Audit Database is configured.
            SQL Server database instance
            Name of the instance of SQL Server (for example, MSSQLSERVER) where the Compliance and Audit Database is configured.
            
-    
            
-    Note  
-    
            You must add an exception on the Reports computer to enable inbound traffic on the port of the Reporting Server (the default port is 80).
            
-    
            
-    
            
-     
-    
            Database name
            Name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, although you can change the name when you configure the Compliance and Audit Database.
            
-    
            
-    Note  
-    
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name used in your previous deployment.
            
-    
            
-    
            
-     
-    
            Compliance and Audit Database domain account
            Domain user account and password to access the Compliance and Audit Database.
            
-    
            If the value you enter in the Read-only access domain user or group field on the Configure Databases page is a user, you must enter that same value in this field.
            
-    
            If the value that you enter in the Read-only access domain user or group field on the Configure Databases page is a group, the value that you enter in this field must be a member of that group.
            
-    
            Configure the password for this account to never expire. The user account should be able to access all data that is available to the MBAM Reports Users group.
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            SQL Server Reporting Services instance
            Instance of SQL Server Reporting Services where the Reports will be configured.
            Reporting role domain group
            Name of the domain Users group whose members have rights to access the reports on the Administration and Monitoring Server.
            SQL Server name
            Name of the server where the Compliance and Audit Database is configured.
            SQL Server database instance
            Name of the instance of SQL Server (for example, MSSQLSERVER) where the Compliance and Audit Database is configured.
            
+   
            
+   Note
            You must add an exception on the Reports computer to enable inbound traffic on the port of the Reporting Server (the default port is 80).
            
+   
            
+   
            
 
-     
+   
            Database name
            Name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, although you can change the name when you configure the Compliance and Audit Database.
            
+   
            
+   Note
            If you are upgrading from a previous version of MBAM, you must use the same database name as the name used in your previous deployment.
            
+   
            
+   
            
 
-5.  When you finish your entries, click **Next**.
+   
            Compliance and Audit Database domain account
            Domain user account and password to access the Compliance and Audit Database.
            
+   
            If the value you enter in the Read-only access domain user or group field on the Configure Databases page is a user, you must enter that same value in this field.
            
+   
            If the value that you enter in the Read-only access domain user or group field on the Configure Databases page is a group, the value that you enter in this field must be a member of that group.
            
+   
            Configure the password for this account to never expire. The user account should be able to access all data that is available to the MBAM Reports Users group.
            
 
-    The wizard checks that all prerequisites for the Reports feature have been met.
 
-6.  Click **Next** to continue.
 
-7.  On the **Summary** page, review the features that will be added.
+5. When you finish your entries, click **Next**.
 
-    **Note**  
-    To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script.
+   The wizard checks that all prerequisites for the Reports feature have been met.
 
-     
+6. Click **Next** to continue.
 
-8.  Click **Add** to add the Reports on the server, and then click **Close**.
+7. On the **Summary** page, review the features that will be added.
+
+   **Note**  
+   To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script.
+
+
+
+8. Click **Add** to add the Reports on the server, and then click **Close**.
 
 
 
@@ -166,11 +167,11 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
index 596b57c08d..38766dc323 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the MBAM 2.5 System Center Configuration Manager Integration
 description: How to Configure the MBAM 2.5 System Center Configuration Manager Integration
-author: jamiejdt
+author: dansimp
 ms.assetid: 2b8a4c13-1dad-41e8-89ac-6889c5f7e051
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -40,38 +43,37 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 
 
            Review the recommended architecture for MBAM.
            
-
            [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md)
            
+
            High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology
            
 
 
 
            Review the supported configurations for MBAM.
            
-
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            
+
            MBAM 2.5 Supported Configurations
            
 
 
 
            Complete the required prerequisites on each server.
            
 
 
 
 
            Install the MBAM Server software on each server where you will configure an MBAM Server feature.
            
 
            
-Note  
-
            For this topology, you must install the Configuration Manager console on the computer where you are installing the MBAM Server software.
            
+Note
            For this topology, you must install the Configuration Manager console on the computer where you are installing the MBAM Server software.
            
 
            
 
            
- 
+
 
            
-
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            
+
            Installing the MBAM 2.5 Server Software
            
 
 
 
            Review Windows PowerShell prerequisites (applicable only if you are going to use Windows PowerShell cmdlets to configure MBAM).
            
-
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            
+
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            
 
 
 
 
- 
+
 
 **To configure Configuration Manager Integration by using Windows PowerShell**
 
@@ -116,14 +118,14 @@ The instructions are based on the recommended architecture in [High-Level Archit
     
     
 
-     
+
 
 5.  On the **Summary** page, review the features that will be added.
 
-    **Note**  
+    **Note**  
     To create a Windows PowerShell script of the entries you just made, click **Export PowerShell Script** and save the script.
 
-     
+
 
 6.  Click **Add** to add the Configuration Manager Integration feature to the server, and then click **Close**.
 
@@ -136,11 +138,11 @@ The instructions are based on the recommended architecture in [High-Level Archit
 
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
index 144484a16f..dba8888b3b 100644
--- a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
+++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the MBAM 2.5 Web Applications
 description: How to Configure the MBAM 2.5 Web Applications
-author: jamiejdt
+author: dansimp
 ms.assetid: 909bf2d3-028c-4ac1-9247-171532a1eeae
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -45,7 +48,7 @@ The web applications comprise the following websites and their corresponding web
 
 
 
- 
+
 
 **Before you start the configuration:**
 
@@ -63,49 +66,47 @@ The web applications comprise the following websites and their corresponding web
 
 
 
            Review the recommended architecture for MBAM.
            
-
            [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
            
+
            High-Level Architecture for MBAM 2.5
            
 
 
 
            Review the supported configurations for MBAM.
            
-
            [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
            
+
            MBAM 2.5 Supported Configurations
            
 
 
 
            Complete the required prerequisites on each server.
            
 
            
-Note  
-
            Ensure that you configure SQL ServerReporting Services (SSRS) to use the Secure Sockets Layer (SSL) before you configure the Administration and Monitoring Website. Otherwise, the Reports feature will use HTTP instead of HTTPS.
            
+Note
            Ensure that you configure SQL ServerReporting Services (SSRS) to use the Secure Sockets Layer (SSL) before you configure the Administration and Monitoring Website. Otherwise, the Reports feature will use HTTP instead of HTTPS.
            
 
            
 
            
- 
+
 
            
 
 
 
 
            Register service principal names (SPNs) for the application pool account for the websites. You need to do this step only if you do not have administrative domain rights in Active Directory Domain Services (AD DS). If you do have these rights in AD DS, MBAM will create the SPNs for you.
            
-
            [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md#bkmk-regvirtualspn)
            
+
            Planning How to Secure the MBAM Websites
            
 
 
 
            Install the MBAM Server software on each server where you will configure an MBAM Server feature.
            
 
            
-Note  
-
            If you plan to install the websites on one server and the web services on another, you will be able to configure them only by using the Enable-MbamWebApplication Windows PowerShell cmdlet. The MBAM Server Configuration wizard does not support configuring these items on separate servers.
            
+Note
            If you plan to install the websites on one server and the web services on another, you will be able to configure them only by using the Enable-MbamWebApplication Windows PowerShell cmdlet. The MBAM Server Configuration wizard does not support configuring these items on separate servers.
            
 
            
 
            
- 
+
 
            
-
            [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
            
+
            Installing the MBAM 2.5 Server Software
            
 
 
 
            Review the prerequisites for using Windows PowerShell if you plan to use cmdlets to configure MBAM Server features.
            
-
            [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
            
+
            Configuring MBAM 2.5 Server Features by Using Windows PowerShell
            
 
 
 
 
- 
+
 
 **To configure the web applications by using Windows PowerShell**
 
@@ -115,71 +116,69 @@ The web applications comprise the following websites and their corresponding web
 
 **To configure the settings for all web applications using the wizard**
 
-1.  On the server where you want to configure the web applications, start the MBAM Server Configuration wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
+1. On the server where you want to configure the web applications, start the MBAM Server Configuration wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard.
 
-2.  Click **Add New Features**, select **Administration and Monitoring Website** and **Self-Service Portal**, and then click **Next**. The wizard checks that all prerequisites for the web applications have been met.
+2. Click **Add New Features**, select **Administration and Monitoring Website** and **Self-Service Portal**, and then click **Next**. The wizard checks that all prerequisites for the web applications have been met.
 
-3.  If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**.
+3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**.
 
-4.  Use the following descriptions to enter the field values in the wizard.
+4. Use the following descriptions to enter the field values in the wizard.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            Security certificate
            Select a previously created certificate to optionally encrypt the communication between the web services and the server on which you are configuring the websites. If you choose Do not use a certificate, your web communication may not be secure.
            Host name
            Name of the host computer where you are configuring the websites.
            Installation path
            Path where you are installing the websites.
            Port
            Port number to use for website and service communication.
            
-    
            
-    Note  
-    
            You must set a firewall exception to enable communication through the specified port.
            
-    
            
-    
            
-     
-    
            Web service application pool domain account and password
            Domain user account and password for the web service application pool.
            
-    
            If you enter a user name in the Read/write access domain user or group field on the Configure Databases page, you must enter that same value in this field.
            
-    
            If you enter a group name in the Read/write access domain user or group field on the Configure Databases page, the value you enter in this field must be a member of that group.
            
-    
            If you do not specify credentials, the credentials that were specified for any previously enabled web application will be used. All web applications must use the same application pool credentials. If you specify different credentials for different web applications, the most recently specified value will be used.
            
-    
            
-    Important  
-    
            For improved security, set the account that is specified in the credentials to have limited user rights. Also, set the password of the account to never expire.
            
-    
            
-    
            
-     
-    
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            Security certificate
            Select a previously created certificate to optionally encrypt the communication between the web services and the server on which you are configuring the websites. If you choose Do not use a certificate, your web communication may not be secure.
            Host name
            Name of the host computer where you are configuring the websites.
            Installation path
            Path where you are installing the websites.
            Port
            Port number to use for website and service communication.
            
+   
            
+   Note
            You must set a firewall exception to enable communication through the specified port.
            
+   
            
+   
            
 
-     
+   
            Web service application pool domain account and password
            Domain user account and password for the web service application pool.
            
+   
            If you enter a user name in the Read/write access domain user or group field on the Configure Databases page, you must enter that same value in this field.
            
+   
            If you enter a group name in the Read/write access domain user or group field on the Configure Databases page, the value you enter in this field must be a member of that group.
            
+   
            If you do not specify credentials, the credentials that were specified for any previously enabled web application will be used. All web applications must use the same application pool credentials. If you specify different credentials for different web applications, the most recently specified value will be used.
            
+   
            
+   Important
            For improved security, set the account that is specified in the credentials to have limited user rights. Also, set the password of the account to never expire.
            
+   
            
+   
            
 
-5.  Verify that the built-in IIS\_IUSRS account or the application pool account has been added to the **Impersonate a client after authentication** and the **Log on as a batch job** local security settings.
+   
            
 
-    To check whether it has been added to the local security settings, open the **Local Security Policy editor**, expand the **Local Policies** node, click the **User Rights Assignment** node, and double-click **Impersonate a client after authentication** and **Log on as a batch job** policies in the right pane.
+
+
+5. Verify that the built-in IIS\_IUSRS account or the application pool account has been added to the **Impersonate a client after authentication** and the **Log on as a batch job** local security settings.
+
+   To check whether it has been added to the local security settings, open the **Local Security Policy editor**, expand the **Local Policies** node, click the **User Rights Assignment** node, and double-click **Impersonate a client after authentication** and **Log on as a batch job** policies in the right pane.
 
 **To configure connection information for the databases by using the wizard**
 
@@ -212,7 +211,7 @@ The web applications comprise the following websites and their corresponding web
     
     
 
-     
+
 
 2.  Use the following field descriptions to configure the connection information in the wizard for the Recovery Database.
 
@@ -243,157 +242,157 @@ The web applications comprise the following websites and their corresponding web
     
     
 
-     
+
 
 **To configure the web applications by using the wizard**
 
-1.  Use the following descriptions to enter the field values in the wizard to configure the Administration and Monitoring Website.
+1. Use the following descriptions to enter the field values in the wizard to configure the Administration and Monitoring Website.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            Advanced Helpdesk role domain group
            Domain user group whose members have access to all areas of the Administration and Monitoring Website except the Reports area.
            Helpdesk role domain group
            Domain user group whose members have access to the Manage TPM and Drive Recovery areas of the Administration and Monitoring Website.
            Use System Center Configuration Manager Integration
            Select this check box if you are configuring MBAM with the Configuration Manager Integration topology. Selecting this check box makes all reports, except the Recovery Audit report, appear in Configuration Manager instead of in the Administration and Monitoring Website.
            Reporting role domain group
            Domain user group whose members have read-only access to the Reports area of the Administration and Monitoring Website.
            SQL Server Reporting Services URL
            URL for the SSRS server where the MBAM Reports are configured.
            
-    
            Examples of report URLs:
            
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            Type of host nameExample
            Example with a fully qualified domain name
            https://MyReportServer.Contoso.com/ReportServer
            Example with a custom host name
            https://MyReportServer/ReportServer
            
-    
             
            Virtual directory
            Virtual directory of the Administration and Monitoring Website. This name corresponds to the website’s physical directory on the server and is appended to the website’s host name, for example:
            
-    
            http(s)://<hostname>:<port>/HelpDesk/
            
-    
            If you do not specify a virtual directory, the value HelpDesk will be used.
            Data Migration role domain group (optional)
            Domain user group whose members have access to use the Write-Mbam*Information Cmdlets to write recovery information via this endpoint.
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            Advanced Helpdesk role domain group
            Domain user group whose members have access to all areas of the Administration and Monitoring Website except the Reports area.
            Helpdesk role domain group
            Domain user group whose members have access to the Manage TPM and Drive Recovery areas of the Administration and Monitoring Website.
            Use System Center Configuration Manager Integration
            Select this check box if you are configuring MBAM with the Configuration Manager Integration topology. Selecting this check box makes all reports, except the Recovery Audit report, appear in Configuration Manager instead of in the Administration and Monitoring Website.
            Reporting role domain group
            Domain user group whose members have read-only access to the Reports area of the Administration and Monitoring Website.
            SQL Server Reporting Services URL
            URL for the SSRS server where the MBAM Reports are configured.
            
+   
            Examples of report URLs:
            
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            Type of host nameExample
            Example with a fully qualified domain name
            https://MyReportServer.Contoso.com/ReportServer
            Example with a custom host name
            https://MyReportServer/ReportServer
            
+   
             
            Virtual directory
            Virtual directory of the Administration and Monitoring Website. This name corresponds to the website’s physical directory on the server and is appended to the website’s host name, for example:
            
+   
            http(s)://<hostname>:<port>/HelpDesk/
            
+   
            If you do not specify a virtual directory, the value HelpDesk will be used.
            Data Migration role domain group (optional)
            Domain user group whose members have access to use the Write-Mbam*Information Cmdlets to write recovery information via this endpoint.
            
 
-     
 
-2.  Use the following description to enter the field values in the wizard to configure the Self-Service Portal.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            FieldDescription
            Virtual directory
            Virtual directory of the web application. This name corresponds to the website’s physical directory on the server, and is appended to the website’s host name, for example:
            
-    
            http(s)://<hostname>:<port>/SelfService/
            
-    
            If you do not specify a virtual directory, the value SelfService will be used.
            Company name
            Specify a company name for the Self-Service Portal, for example:
            
-    
            Contoso IT
            
-    
            This company name is viewed by all Self-Service Portal users.
            Helpdesk URL text
            Specify a text statement that directs users to your organization's Helpdesk website, for example:
            
-    
            Contact Helpdesk or IT department
            Helpdesk URL
            Specify the URL for your organization's Helpdesk website, for example:
            
-    
            http(s)://<companyHelpdeskURL>/
            Notice text file
            Select a file that contains the notice you want displayed to users on the Self-Service Portal landing page.
            Do not display notice text to users
            Select this check box to specify that the notice text is not displayed to users.
            
+2. Use the following description to enter the field values in the wizard to configure the Self-Service Portal.
 
-     
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
            



            FieldDescription
            Virtual directory
            Virtual directory of the web application. This name corresponds to the website’s physical directory on the server, and is appended to the website’s host name, for example:
            
+   
            http(s)://<hostname>:<port>/SelfService/
            
+   
            If you do not specify a virtual directory, the value SelfService will be used.
            Company name
            Specify a company name for the Self-Service Portal, for example:
            
+   
            Contoso IT
            
+   
            This company name is viewed by all Self-Service Portal users.
            Helpdesk URL text
            Specify a text statement that directs users to your organization's Helpdesk website, for example:
            
+   
            Contact Helpdesk or IT department
            Helpdesk URL
            Specify the URL for your organization's Helpdesk website, for example:
            
+   
            http(s)://<companyHelpdeskURL>/
            Notice text file
            Select a file that contains the notice you want displayed to users on the Self-Service Portal landing page.
            Do not display notice text to users
            Select this check box to specify that the notice text is not displayed to users.
            
 
-3.  When you finish your entries, click **Next**.
 
-    The wizard checks that all prerequisites for the web applications have been met.
 
-4.  Click **Next** to continue.
+3. When you finish your entries, click **Next**.
 
-5.  On the **Summary** page, review the features that will be added.
+   The wizard checks that all prerequisites for the web applications have been met.
 
-    **Note**  
-    To create a Windows PowerShell script for the entries you made, click **Export PowerShell Script** and save the script.
+4. Click **Next** to continue.
 
-     
+5. On the **Summary** page, review the features that will be added.
 
-6.  Click **Add** to add the web applications to the server, and then click **Close**.
+   **Note**  
+   To create a Windows PowerShell script for the entries you made, click **Export PowerShell Script** and save the script.
 
-    To customize the Self-Service Portal by adding custom notice text, your company name, pointers to more information, and so on, see [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md).
+
+
+6. Click **Add** to add the web applications to the server, and then click **Close**.
+
+   To customize the Self-Service Portal by adding custom notice text, your company name, pointers to more information, and so on, see [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md).
 
 **To configure the Self-Service Portal if client computers cannot access the CDN**
 
 1.  Determine whether you are running Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1. If so, do nothing. Your Self-Service Portal configuration is complete.
 
-    **Note**  
+    **Note**  
     Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 installs the JavaScript files in setup, and so does not need to be connected to the Microsoft Ajax Content Delivery Network in order to configure the Self-Service Portal. The following steps are necessary only if you are using a version of Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 previous to SP1.
 
-     
+
 
 2.  Determine if your client computers have access to the Microsoft Ajax Content Delivery Network (CDN).
 
@@ -419,11 +418,11 @@ The web applications comprise the following websites and their corresponding web
 
 [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
index 95f7fcdc46..c187bc1e3c 100644
--- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
+++ b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network
 description: How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network
-author: jamiejdt
+author: dansimp
 ms.assetid: 90ee76db-9876-41b5-994a-118556d5ed3b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,38 +26,38 @@ Your client computers need access to the CDN, which gives the Self-Service Porta
 **Note**  
 In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do not need to follow the instructions in this section to configure the SSP to support clients that cannot access the internet.
 
- 
+ 
 
 **How to configure the Self-Service Portal when client computers cannot access the CDN**
 
-1.  Download the following JavaScript files from the CDN:
+1. Download the following JavaScript files from the CDN:
 
-    -   [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515)
+   -   [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515)
 
-    -   [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516)
+   -   [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516)
 
-    -   [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517)
+   -   [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517)
 
-2.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *<MBAM Self-Service Install Directory>\\*Self Service Website\\Scripts.
+2. Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in <MBAM Self-Service Install Directory>\\Self Service Website\\Scripts.
 
-3.  Open Internet Information Services (IIS) Manager.
+3. Open Internet Information Services (IIS) Manager.
 
-4.  Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**.
+4. Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**.
 
-    **Note**  
-    *SelfService* is the default virtual directory name. If you chose a different name for this directory during the configuration, remember to replace *SelfService* in these instructions with the name you chose.
+   **Note**  
+   *SelfService* is the default virtual directory name. If you chose a different name for this directory during the configuration, remember to replace *SelfService* in these instructions with the name you chose.
 
-     
+     
 
-5.  In the middle pane, double-click **Application Settings**.
+5. In the middle pane, double-click **Application Settings**.
 
-6.  For each item in the following list, edit the application settings to reference the new location by replacing /<*virtual directory*>/ with /SelfService/ (or whatever name you chose during configuration). For example, the virtual directory path will be similar to /selfservice/Scripts/ jQuery-1.10.2.min.js.
+6. For each item in the following list, edit the application settings to reference the new location by replacing /<*virtual directory*>/ with /SelfService/ (or whatever name you chose during configuration). For example, the virtual directory path will be similar to /selfservice/Scripts/ jQuery-1.10.2.min.js.
 
-    -   jQueryPath: /<*virtual directory*>/Scripts/jQuery-1.10.2.min.js
+   -   jQueryPath: /<*virtual directory*>/Scripts/jQuery-1.10.2.min.js
 
-    -   jQueryValidatePath: /<*virtual directory*>/Scripts/jQuery.validate.min.js
+   -   jQueryValidatePath: /<*virtual directory*>/Scripts/jQuery.validate.min.js
 
-    -   jQueryValidateUnobtrusivePath: /<*virtual directory*>/Scripts/jQuery.validate.unobtrusive.min.js
+   -   jQueryValidateUnobtrusivePath: /<*virtual directory*>/Scripts/jQuery.validate.unobtrusive.min.js
 
 
 
@@ -63,7 +66,7 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
 
 [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
index 7cea28e8c8..27bfffcf2d 100644
--- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
+++ b/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client by Using a Command Line
 description: How to Deploy the MBAM Client by Using a Command Line
-author: jamiejdt
+author: dansimp
 ms.assetid: ac1d4ffe-c26d-41c9-9737-a4f2b37fde24
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -26,7 +29,7 @@ Type the following command at the command prompt to automatically accept the end
 **Note**  
 The **/ju** and **/jm** command-line options are not supported and cannot be used to install the MBAM Client software.
 
- 
+ 
 
 Type the following command at the command prompt to extract and install the MSP:
 
@@ -39,7 +42,7 @@ Then, install the MSI silently by running the following command:
 **Note**  
 Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product, after accepting the EULA.
 
- 
+ 
 
 ## OPTIN\_FOR\_MICROSOFT\_UPDATES=1 command-line option
 
@@ -71,7 +74,7 @@ You can use this command-line option with either of the following installation m
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -79,9 +82,9 @@ You can use this command-line option with either of the following installation m
 
 [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
 
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
index 9e9d2160e5..04cb113b89 100644
--- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
+++ b/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MBAM Client to Desktop or Laptop Computers
 description: How to Deploy the MBAM Client to Desktop or Laptop Computers
-author: jamiejdt
+author: dansimp
 ms.assetid: 3a7639e0-468e-4496-8be2-ed29b8e07c53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,7 +36,7 @@ Before you start the MBAM Client deployment, review the [MBAM 2.5 Supported Conf
     **Important**  
     The MBAM Client does not start BitLocker Drive Encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed and a user must be logged on to a physical console session before BitLocker Drive Encryption begins.
 
-     
+     
 
 
 ## Related topics
@@ -41,7 +44,7 @@ Before you start the MBAM Client deployment, review the [MBAM 2.5 Supported Conf
 
 [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md b/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
index b7434dc064..58fc45a61e 100644
--- a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
+++ b/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Determine BitLocker Encryption State of Lost Computers
 description: How to Determine BitLocker Encryption State of Lost Computers
-author: jamiejdt
+author: dansimp
 ms.assetid: 4f4bec1b-df3e-40ee-b431-291440268d64
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +28,7 @@ To complete this task, you need access to the **Reports** area of the Administra
 **Note**  
 Device compliance is determined by the BitLocker policies that your enterprise has deployed. You may want to verify your deployed policies before you try to determine the BitLocker encryption state of a device.
 
- 
+ 
 
 **To determine the last known BitLocker encryption state of lost computers**
 
@@ -46,11 +49,11 @@ Device compliance is determined by the BitLocker policies that your enterprise h
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
index 703010dfa2..9ad697322f 100644
--- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
+++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Enable BitLocker by Using MBAM as Part of a Windows Deployment
 description: How to Enable BitLocker by Using MBAM as Part of a Windows Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 7609ad7a-bb06-47be-b186-0a2db787c8a5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,34 +33,34 @@ This topic explains how to enable BitLocker on an end user's computer by using M
 
 **To enable BitLocker using MBAM 2.5 SP1 as part of a Windows deployment**
 
-1.  In MBAM 2.5 SP1, the recommended approach to enable BitLocker during a Windows Deployment is by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
+1. In MBAM 2.5 SP1, the recommended approach to enable BitLocker during a Windows Deployment is by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
 
-    -   The `Invoke-MbamClientDeployment.ps1` script enacts BitLocker during the imaging process. When required by BitLocker policy, the MBAM agent immediately prompts the domain user to create a PIN or password when the domain user first logs on after imaging.
+   -   The `Invoke-MbamClientDeployment.ps1` script enacts BitLocker during the imaging process. When required by BitLocker policy, the MBAM agent immediately prompts the domain user to create a PIN or password when the domain user first logs on after imaging.
 
-    -   Easy to use with MDT, System Center Configuration Manager, or standalone imaging processes
+   -   Easy to use with MDT, System Center Configuration Manager, or standalone imaging processes
 
-    -   Compatible with PowerShell 2.0 or higher
+   -   Compatible with PowerShell 2.0 or higher
 
-    -   Encrypt OS volume with TPM key protector
+   -   Encrypt OS volume with TPM key protector
 
-    -   Fully support BitLocker pre-provisioning
+   -   Fully support BitLocker pre-provisioning
 
-    -   Optionally encrypt FDDs
+   -   Optionally encrypt FDDs
 
-    -   Escrow TPM OwnerAuth
-    For Windows 7, MBAM must own the TPM for escrow to occur.
-    For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported.
-    For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details.
+   -   Escrow TPM OwnerAuth
+   For Windows 7, MBAM must own the TPM for escrow to occur.
+   For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported.
+   For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details.
 
-    -   Escrow recovery keys and recovery key packages
+   -   Escrow recovery keys and recovery key packages
 
-    -   Report encryption status immediately
+   -   Report encryption status immediately
 
-    -   New WMI providers
+   -   New WMI providers
 
-    -   Detailed logging
+   -   Detailed logging
 
-    -   Robust error handling
+   -   Robust error handling
 
    You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
 
@@ -128,127 +131,127 @@ Here are a list of common error messages:
    | **WS_E_ENDPOINT_UNREACHABLE**
            2151481360 (0x803D0010) | The remote endpoint was not reachable. |
    | **WS_E_ENDPOINT_FAULT_RECEIVED**
            2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
    | **WS_E_INVALID_ENDPOINT_URL**
            2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. |
-     
+     
 
-2.  **Deploy MBAM by using Microsoft Deployment Toolkit (MDT) and PowerShell**
+2. **Deploy MBAM by using Microsoft Deployment Toolkit (MDT) and PowerShell**
 
-    1.  In MDT, create a new deployment share or open an existing deployment share.
+   1.  In MDT, create a new deployment share or open an existing deployment share.
 
-        **Note**  
-        The `Invoke-MbamClientDeployment.ps1` PowerShell script can be used with any imaging process or tool. This section shows how to integrate it by using MDT, but the steps are similar to integrating it with any other process or tool.
+       **Note**  
+       The `Invoke-MbamClientDeployment.ps1` PowerShell script can be used with any imaging process or tool. This section shows how to integrate it by using MDT, but the steps are similar to integrating it with any other process or tool.
 
-        **Caution**  
-        If you are using BitLocker pre-provisioning (WinPE) and want to maintain the TPM owner authorization value, you must add the `SaveWinPETpmOwnerAuth.wsf` script in WinPE immediately before the installation reboots into the full operating system. **If you do not use this script, you will lose the TPM owner authorization value on reboot.**
+       **Caution**  
+       If you are using BitLocker pre-provisioning (WinPE) and want to maintain the TPM owner authorization value, you must add the `SaveWinPETpmOwnerAuth.wsf` script in WinPE immediately before the installation reboots into the full operating system. **If you do not use this script, you will lose the TPM owner authorization value on reboot.**
 
-    2.  Copy `Invoke-MbamClientDeployment.ps1` to **<DeploymentShare>\\Scripts**. If you are using pre-provisioning, copy the `SaveWinPETpmOwnerAuth.wsf` file into **<DeploymentShare>\\Scripts**.
+   2.  Copy `Invoke-MbamClientDeployment.ps1` to **<DeploymentShare>\\Scripts**. If you are using pre-provisioning, copy the `SaveWinPETpmOwnerAuth.wsf` file into **<DeploymentShare>\\Scripts**.
 
-    3.  Add the MBAM 2.5 SP1 client application to the Applications node in the deployment share.
+   3.  Add the MBAM 2.5 SP1 client application to the Applications node in the deployment share.
 
-        1.  Under the **Applications** node, click **New Application**.
+       1.  Under the **Applications** node, click **New Application**.
 
-        2.  Select **Application with Source Files**. Click **Next**.
+       2.  Select **Application with Source Files**. Click **Next**.
 
-        3.  In **Application Name**, type “MBAM 2.5 SP1 Client”. Click **Next**.
+       3.  In **Application Name**, type “MBAM 2.5 SP1 Client”. Click **Next**.
 
-        4.  Browse to the directory containing `MBAMClientSetup-.msi`. Click **Next**.
+       4.  Browse to the directory containing `MBAMClientSetup-.msi`. Click **Next**.
 
-        5.  Type “MBAM 2.5 SP1 Client” as the directory to create. Click **Next**.
+       5.  Type “MBAM 2.5 SP1 Client” as the directory to create. Click **Next**.
 
-        6.  Enter `msiexec /i MBAMClientSetup-.msi /quiet` at the command line. Click **Next**.
+       6.  Enter `msiexec /i MBAMClientSetup-.msi /quiet` at the command line. Click **Next**.
 
-        7.  Accept the remaining defaults to complete the New Application wizard.
+       7.  Accept the remaining defaults to complete the New Application wizard.
 
-    4.  In MDT, right-click the name of the deployment share and click **Properties**. Click the **Rules** tab. Add the following lines:
+   4.  In MDT, right-click the name of the deployment share and click **Properties**. Click the **Rules** tab. Add the following lines:
 
-        `SkipBitLocker=YES``BDEInstall=TPM``BDEInstallSuppress=NO``BDEWaitForEncryption=YES`
+       `SkipBitLocker=YES``BDEInstall=TPM``BDEInstallSuppress=NO``BDEWaitForEncryption=YES`
 
-        Click OK to close the window.
+       Click OK to close the window.
 
-    5.  Under the Task Sequences node, edit an existing task sequence used for Windows Deployment. If you want, you can create a new task sequence by right-clicking the **Task Sequences** node, selecting **New Task Sequence**, and completing the wizard.
+   5.  Under the Task Sequences node, edit an existing task sequence used for Windows Deployment. If you want, you can create a new task sequence by right-clicking the **Task Sequences** node, selecting **New Task Sequence**, and completing the wizard.
 
-        On the **Task Sequence** tab of the selected task sequence, perform these steps:
+       On the **Task Sequence** tab of the selected task sequence, perform these steps:
 
-        1.  Under the **Preinstall** folder, enable the optional task **Enable BitLocker (Offline)** if you want BitLocker enabled in WinPE, which encrypts used space only.
+       1.  Under the **Preinstall** folder, enable the optional task **Enable BitLocker (Offline)** if you want BitLocker enabled in WinPE, which encrypts used space only.
 
-        2.  To persist TPM OwnerAuth when using pre-provisioning, allowing MBAM to escrow it later, do the following:
+       2.  To persist TPM OwnerAuth when using pre-provisioning, allowing MBAM to escrow it later, do the following:
 
-            1.  Find the **Install Operating System** step
+           1.  Find the **Install Operating System** step
 
-            2.  Add a new **Run Command Line** step after it
+           2.  Add a new **Run Command Line** step after it
 
-            3.  Name the step **Persist TPM OwnerAuth**
+           3.  Name the step **Persist TPM OwnerAuth**
 
-            4.  Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"`
-            **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details.
+           4.  Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"`
+           **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details.
 
-        3.  In the **State Restore** folder, delete the **Enable BitLocker** task.
+       3.  In the **State Restore** folder, delete the **Enable BitLocker** task.
 
-        4.  In the **State Restore** folder under **Custom Tasks**, create a new **Install Application** task and name it **Install MBAM Agent**. Click the **Install Single Application** radio button and browse to the MBAM 2.5 SP1 client application created earlier.
+       4.  In the **State Restore** folder under **Custom Tasks**, create a new **Install Application** task and name it **Install MBAM Agent**. Click the **Install Single Application** radio button and browse to the MBAM 2.5 SP1 client application created earlier.
 
-        5.  In the **State Restore** folder under **Custom Tasks**, create a new **Run PowerShell Script** task (after the MBAM 2.5 SP1 Client application step) with the following settings (update the parameters as appropriate for your environment):
+       5.  In the **State Restore** folder under **Custom Tasks**, create a new **Run PowerShell Script** task (after the MBAM 2.5 SP1 Client application step) with the following settings (update the parameters as appropriate for your environment):
 
-            -   Name: Configure BitLocker for MBAM
+           -   Name: Configure BitLocker for MBAM
 
-            -   PowerShell script: `Invoke-MbamClientDeployment.ps1`
+           -   PowerShell script: `Invoke-MbamClientDeployment.ps1`
 
-            -   Parameters:
+           -   Parameters:
 
-                
-                -                -                -                -                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
            




            -RecoveryServiceEndpoint
            Required
            MBAM recovery service endpoint
            -StatusReportingServiceEndpoint
            Optional
            MBAM status reporting service endpoint
            -EncryptionMethod
            Optional
            Encryption method (default: AES 128)
            -EncryptAndEscrowDataVolume
            Switch
            Specify to encrypt data volume(s) and escrow data volume recovery key(s)
            -WaitForEncryptionToComplete
            Switch
            Specify to wait for the encryption to complete
            -DoNotResumeSuspendedEncryption
            Switch
            Specify that the deployment script will not resume suspended encryption
            -IgnoreEscrowOwnerAuthFailure
            Switch
            Specify to ignore TPM owner-auth escrow failure. It should be used in the scenarios where MBAM is not able to read the TPM owner-auth, e.g. if TPM auto provisioning is enabled
            -IgnoreEscrowRecoveryKeyFailure
            Switch
            Specify to ignore volume recovery key escrow failure
            -IgnoreReportStatusFailure
            Switch
            Specify to ignore status reporting failure
            
+               
+               +               +               +               +               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
+               
            




            -RecoveryServiceEndpoint
            Required
            MBAM recovery service endpoint
            -StatusReportingServiceEndpoint
            Optional
            MBAM status reporting service endpoint
            -EncryptionMethod
            Optional
            Encryption method (default: AES 128)
            -EncryptAndEscrowDataVolume
            Switch
            Specify to encrypt data volume(s) and escrow data volume recovery key(s)
            -WaitForEncryptionToComplete
            Switch
            Specify to wait for the encryption to complete
            -DoNotResumeSuspendedEncryption
            Switch
            Specify that the deployment script will not resume suspended encryption
            -IgnoreEscrowOwnerAuthFailure
            Switch
            Specify to ignore TPM owner-auth escrow failure. It should be used in the scenarios where MBAM is not able to read the TPM owner-auth, e.g. if TPM auto provisioning is enabled
            -IgnoreEscrowRecoveryKeyFailure
            Switch
            Specify to ignore volume recovery key escrow failure
            -IgnoreReportStatusFailure
            Switch
            Specify to ignore status reporting failure
            
 
-                 
+                 
 
 **To enable BitLocker using MBAM 2.5 or earlier as part of a Windows deployment**
 
diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
index 74cb3987aa..ff06699bd3 100644
--- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
+++ b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
@@ -1,8 +1,11 @@
 ---
 title: How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information
 description: How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information
-author: jamiejdt
+author: dansimp
 ms.assetid: 09ba2a07-3186-45d9-adef-4034c70ae7cf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can configure a localized version of the Self-Service Portal "HelpdeskText"
 **Note**  
 In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal.
 
- 
+ 
 
 **To display a localized version of the HelpdeskText statement**
 
@@ -44,9 +47,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md)
 
- 
+ 
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
index 03920986d6..39f6b21718 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
@@ -1,8 +1,11 @@
 ---
 title: How to Localize the Self-Service Portal “HelpdeskURL”
 description: How to Localize the Self-Service Portal “HelpdeskURL”
-author: jamiejdt
+author: dansimp
 ms.assetid: 86798460-077b-459b-8d54-4b605e07d2f1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ If you create a localized version, as described in the following instructions, M
 **Note**  
 In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal.
 
- 
+ 
 
 **To localize the Self-Service Portal URL**
 
@@ -46,9 +49,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md)
 
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
index a4cfaa869c..65d97745b3 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
@@ -1,8 +1,11 @@
 ---
 title: How to Localize the Self-Service Portal Notice Text
 description: How to Localize the Self-Service Portal Notice Text
-author: jamiejdt
+author: dansimp
 ms.assetid: a4c878b7-e5c8-45af-a537-761bb2991659
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +28,7 @@ To display localized notice text, you create a localized Notice.txt file, and th
 **Note**  
 You can configure the path by using the **NoticeTextPath** item in **Application Settings**.
 
- 
+ 
 
 MBAM displays the notice text, based on the following rules:
 
@@ -40,7 +43,7 @@ If an end user’s browser is set to a language that does not have a correspondi
 
 <*MBAM Self-Service Install Directory*>\\Self Service Website\\
 
- 
+ 
 
 **To create a localized Notice.txt file**
 
@@ -51,7 +54,7 @@ If an end user’s browser is set to a language that does not have a correspondi
     **Note**  
     Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*Language*> folder.
 
-     
+     
 
 2.  Create a Notice.txt file that contains the localized notice text.
 
@@ -68,7 +71,7 @@ If an end user’s browser is set to a language that does not have a correspondi
 
 [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md b/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
index 3337c2bd83..5cb63887d0 100644
--- a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
+++ b/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage User BitLocker Encryption Exemptions
 description: How to Manage User BitLocker Encryption Exemptions
-author: jamiejdt
+author: dansimp
 ms.assetid: f582ab82-5bb5-4cd3-ad7c-483240533cf9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -38,26 +41,25 @@ To exempt users from BitLocker protection, you have to:
 
            Add the exempted user to a security group for a Group Policy Object that is configured specifically for exempted users.
            
 
            When members of this security group sign in to a computer, the user’s Group Policy setting exempts the user from BitLocker protection. The user’s Group Policy setting overwrites the computer policy, and the computer will remain exempt from BitLocker encryption.
            
 
            
-Note  
-
            MBAM does not enact the encryption policy if the computer is already BitLocker-protected and the user is exempted. However, if another user who is not exempt from the encryption policy signs in to the computer, encryption will take place.
            
+Note
            MBAM does not enact the encryption policy if the computer is already BitLocker-protected and the user is exempted. However, if another user who is not exempt from the encryption policy signs in to the computer, encryption will take place.
            
 
            
 
            
- 
+
 
            
 
 
 
 
- 
+
 
 The following steps describe what occurs when end users request an exemption from the BitLocker Drive Encryption exemption process through the MBAM Client or through whatever process your organization uses. You must configure MBAM Group Policy settings to allow end users to request an exemption from BitLocker Drive Encryption.
 
 1.  When end users sign in to a computer that is required to be encrypted, they receive a notification that their computer is going to be encrypted. They can select **Request Exemption** and postpone the encryption by selecting **Postpone**, or they can select **Start Encryption** to accept the BitLocker encryption.
 
-    **Note**  
+    **Note**  
     Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy.
 
-     
+
 
 2.  If end users select **Request Exemption**, they receive a notification telling them to contact the organization’s BitLocker administration group. Depending on how the **Configure User Exemption Policy** is configured, users are provided with one or more of the following contact methods:
 
@@ -95,26 +97,25 @@ To exempt users from BitLocker protection, you have to:
 
            Add the exempted user to a security group for a Group Policy Object that is configured specifically for exempted users.
            
 
            When members of this security group sign in to a computer, the user’s Group Policy setting exempts the user from BitLocker protection. The user’s Group Policy setting overwrites the computer policy, and the computer will remain exempt from BitLocker encryption.
            
 
            
-Note  
-
            If the computer is already BitLocker-protected, the User Exemption Policy has no effect. In addition, if another user signs in to a computer that is not exempt from the encryption policy, encryption will take place.
            
+Note
            If the computer is already BitLocker-protected, the User Exemption Policy has no effect. In addition, if another user signs in to a computer that is not exempt from the encryption policy, encryption will take place.
            
 
            
 
            
- 
+
 
            
 
 
 
 
- 
+
 
 The following steps describe what occurs when end users request an exemption from the BitLocker Drive Encryption exemption process through the MBAM Client or through whatever process your organization uses. You must configure MBAM Group Policy settings to allow end users to request an exemption from BitLocker Drive Encryption.
 
 1.  When end users sign in to a computer that is required to be encrypted, they receive a notification that their computer is going to be encrypted. They can select **Request Exemption** and postpone the encryption by selecting **Postpone**, or they can select **Start Encryption** to accept the BitLocker encryption.
 
-    **Note**  
+    **Note**  
     Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy.
 
-     
+
 
 2.  If end users select **Request Exemption**, they receive a notification telling them to contact the organization’s BitLocker administration group. Depending on how the **Configure User Exemption Policy** is configured, users are provided with one or more of the following contact methods:
 
@@ -140,10 +141,10 @@ The following steps describe what occurs when end users request an exemption fro
 
     When a user signs in to a computer controlled by BitLocker, the MBAM Client checks the User Exemption Policy setting. If the computer is already encrypted, BitLocker protection is not suspended. If the computer is not encrypted, MBAM does not prompt the user to encrypt.
 
-    **Important**  
+    **Important**  
     Shared computer scenarios require special consideration when you are using BitLocker user exemptions. If a non-exempt user signs in to a computer that is shared with an exempt user, the computer may be encrypted.
 
-     
+
 
 
 ## Related topics
@@ -153,9 +154,9 @@ The following steps describe what occurs when end users request an exemption fro
 
 [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)
 
- 
 
- 
+
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
index 37c9efa664..590fce21ac 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move the MBAM 2.5 Databases
 description: How to Move the MBAM 2.5 Databases
-author: jamiejdt
+author: dansimp
 ms.assetid: 34b46f2d-0add-4377-8e4e-04b628fdfcf1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -66,7 +69,6 @@ To automate this procedure, you can use Windows PowerShell to enter a command th
 
 ```powershell
 Stop-Website "Microsoft BitLocker Administration and Monitoring"
-
 ```
 
 >[!NOTE]
@@ -153,7 +155,6 @@ Copy-Item "Z:\SQLServerInstanceCertificateFile"
 
 Copy-Item "Z:\SQLServerInstanceCertificateFilePrivateKey"
 \\$SERVERNAME$\$DESTINATIONSHARE$
-
 ```
 Use the information in the following table to replace the values in the code example with values that match your environment.
 
@@ -228,48 +229,48 @@ Use the information in the following table to replace the values in the code exa
 
 ### Configure access to the Database on Server B and update connection data
 
-1.  Verify that the Microsoft SQL Server user login that enables Recovery Database access on the restored database is mapped to the access account that you provided during the configuration process.
+1. Verify that the Microsoft SQL Server user login that enables Recovery Database access on the restored database is mapped to the access account that you provided during the configuration process.
 
-    >[!NOTE]
-    >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
+   >[!NOTE]
+   >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
 
-2.  On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites.
+2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites.
 
-3.  Edit the following registry key:
+3. Edit the following registry key:
 
-    **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString**
+   **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString**
 
-4.  Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
+4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
 
-5.  Update the **Initial Catalog** value with the recovered database name.
+5. Update the **Initial Catalog** value with the recovered database name.
 
-6.  To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
+6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
 
-    ```powershell
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\MBAM Server\\Web" /v
-    RecoveryDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
-    Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
+   ```powershell
+   reg add "HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\MBAM Server\\Web" /v
+   RecoveryDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
+   Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
 
-    Set-WebConfigurationProperty
-    'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath
-    "IIS:\sites\Microsoft Bitlocker Administration and
-    Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data
-    Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and
-    Hardware;Integrated Security=SSPI;"
+   Set-WebConfigurationProperty
+   'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath
+   "IIS:\sites\Microsoft Bitlocker Administration and
+   Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data
+   Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and
+   Hardware;Integrated Security=SSPI;"
 
-    Set-WebConfigurationProperty
-    'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]'
-    -PSPath "IIS:\sites\Microsoft Bitlocker Administration and
-    Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value
-    "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery
-    and Hardware;Integrated Security=SSPI;"
-    ```
+   Set-WebConfigurationProperty
+   'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]'
+   -PSPath "IIS:\sites\Microsoft Bitlocker Administration and
+   Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value
+   "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery
+   and Hardware;Integrated Security=SSPI;"
+   ```
 
-    >[!Note]
-    >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
+   >[!Note]
+   >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
 
 
-7.  Use the following table to replace the values in the code example with values that match your environment.
+7. Use the following table to replace the values in the code example with values that match your environment.
 
    |Parameter|Description|
    |---------|-----------|
@@ -327,7 +328,6 @@ To automate this procedure, you can use Windows PowerShell to enter a command th
 
 ```powershell
 Stop-Website "Microsoft BitLocker Administration and Monitoring"
-
 ```
 
 >[!NOTE]
@@ -440,34 +440,33 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring"
 
 ### Configure access to the Database on Server B and update connection data
 
-1.  Verify that the Microsoft SQL Server user login that enables Compliance and Audit Database access on the restored database is mapped to the access account that you provided during the configuration process.
+1. Verify that the Microsoft SQL Server user login that enables Compliance and Audit Database access on the restored database is mapped to the access account that you provided during the configuration process.
 
-    >[!NOTE]
-    >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
+   >[!NOTE]
+   >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
 
-2.  On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website.
+2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website.
 
-3.  Edit the following registry key:
+3. Edit the following registry key:
 
-    **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString**
+   **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString**
 
-4.  Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
+4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
 
-5.  Update the **Initial Catalog** value with the recovered database name.
+5. Update the **Initial Catalog** value with the recovered database name.
 
-6.  To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
+6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
 
-    ```powershell
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v
-    ComplianceDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
-    Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
-
-    ```
-    >[!NOTE]
-    >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
+   ```powershell
+   reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v
+   ComplianceDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
+   Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
+   ```
+   >[!NOTE]
+   >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
 
 
-7.  Using the following table, replace the values in the code example with values that match your environment.
+7. Using the following table, replace the values in the code example with values that match your environment.
 
    |Parameter | Description |
    |---------|------------|
@@ -492,7 +491,6 @@ To automate this procedure, you can use Windows PowerShell to run a command that
 
 ```powershell
 Start-Website "Microsoft BitLocker Administration and Monitoring"
-
 ```
 
 >[!NOTE]
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
index 52af44d82d..c77b29982c 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move the MBAM 2.5 Reports
 description: How to Move the MBAM 2.5 Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: c8223656-ca9d-41c8-94a3-64d07a6b99e9
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -29,7 +32,7 @@ The high-level steps for moving the Reports feature are:
 **Note**  
 To run the example Windows PowerShell scripts in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](https://technet.microsoft.com/library/ee176949.aspx) for instructions.
 
- 
+ 
 
 **Stop the MBAM Administration and Monitoring Website**
 
@@ -100,7 +103,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the
     
     
 
-     
+     
 
 **Resume the instance of the Administration and Monitoring Website**
 
@@ -115,7 +118,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the
     **Note**  
     To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell.
 
-     
+     
 
 
 
@@ -128,11 +131,11 @@ To run the example Windows PowerShell scripts in this topic, you must update the
 
 [Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md b/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
index a95d698126..6b57070737 100644
--- a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
+++ b/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md
@@ -1,8 +1,11 @@
 ---
 title: How to Move the MBAM 2.5 Websites
 description: How to Move the MBAM 2.5 Websites
-author: jamiejdt
+author: dansimp
 ms.assetid: 71af9a54-c27b-408f-9d75-37c0d02e730e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ Use these procedures to move the following MBAM websites from one computer to an
 **Important**  
 During the configuration of both websites, you must provide the same connection string, Reports URL, group accounts, and web service application pool domain account as the ones that you are currently using. If you don’t use the same values, you cannot access some of the servers. To get the current values, use the **Get-MbamWebApplication** Windows PowerShell cmdlet.
 
- 
+ 
 
 **To move the Administration and Monitoring Website to another server**
 
@@ -60,7 +63,7 @@ During the configuration of both websites, you must provide the same connection
 
 [Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
index dc18c38f3d..5ee41f6f49 100644
--- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Corrupted Drive
 description: How to Recover a Corrupted Drive
-author: jamiejdt
+author: dansimp
 ms.assetid: fa5b846b-dda6-4ae4-bf6c-39e4f1d8aa00
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,7 +33,7 @@ You can use this procedure with the Administration and Monitoring Website (also
 
 
 
            Create a recovery key package file by accessing the Drive Recovery area of the Administration and Monitoring Website.
            
-
            To access the Drive Recovery area, you must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role. You may have given these roles different names when you created them. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles).
            
+
            To access the Drive Recovery area, you must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role. You may have given these roles different names when you created them. For more information, see Planning for MBAM 2.5 Groups and Accounts.
            
 
 
 
            Copy the package file to the computer that contains the corrupted drive.
            
@@ -38,12 +41,12 @@ You can use this procedure with the Administration and Monitoring Website (also
 
 
 
            Use the repair-bde command to complete the recovery process.
            
-
            To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567) command before using it.
            
+
            To avoid a potential loss of data, it is strongly recommended that you review the Manage-bde command before using it.
            
 
 
 
 
- 
+ 
 
 **To recover a corrupted drive**
 
@@ -56,7 +59,7 @@ You can use this procedure with the Administration and Monitoring Website (also
     **Note**  
     If you are a member of the Advanced Helpdesk Users access group, you do not have to enter the user’s domain name or user name.
 
-     
+     
 
 4.  Click **Submit**. The recovery key will be displayed.
 
@@ -73,7 +76,7 @@ You can use this procedure with the Administration and Monitoring Website (also
     **Note**  
     Replace <*fixed drive*> with an available hard disk drive that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified hard disk drive.
 
-     
+     
 
 
 ## Related topics
@@ -81,11 +84,11 @@ You can use this procedure with the Administration and Monitoring Website (also
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
index c6565a7304..9dec2442fb 100644
--- a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Drive in Recovery Mode
 description: How to Recover a Drive in Recovery Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: e126eaf8-9ae7-40fe-a28e-dbd78d26859e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,15 +21,15 @@ This topic explains how to use the Administration and Monitoring Website (also r
 
 To get a recovery password, use the **Drive Recovery** area of the Administration and Monitoring Website. You must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role to access this area of the website.
 
-**Note**  
+**Note**  
 You may have given these roles different names when you created them. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles).
 
- 
 
-**Important**  
+
+**Important**  
 Recovery passwords expire after a single use. On operating system drives and fixed data drives, the single-use rule is applied automatically. On removable drives, it is applied when the drive is removed and then reinserted and unlocked on a computer that has Group Policy settings activated to manage removable drives.
 
- 
+
 
 **To recover a drive in recovery mode**
 
@@ -36,10 +39,10 @@ Recovery passwords expire after a single use. On operating system drives and fix
 
 3.  Enter the end user’s Windows log-on domain and user name to view recovery information.
 
-    **Note**  
+    **Note**  
     If you are in the MBAM Advanced Helpdesk Users group, the user domain and user ID fields are not required.
 
-     
+
 
 4.  Enter the first eight digits of the recovery key ID to see a list of possible matching recovery keys, or enter the entire recovery key ID to get the exact recovery key.
 
@@ -53,16 +56,18 @@ Recovery passwords expire after a single use. On operating system drives and fix
 
     -   The recovery password and recovery package for the submitted user
 
-        **Note**  
+        **Note**  
         If you are recovering a damaged drive, the recovery package option provides BitLocker with critical information that it needs to recover the drive.
 
-         
 
-    After the recovery password and recovery package are retrieved, the recovery password is displayed.
 
-6.  To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file.
+~~~
+After the recovery password and recovery package are retrieved, the recovery password is displayed.
+~~~
 
-    When the user types the recovery password into the system or uses the recovery package, the drive is unlocked.
+6. To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file.
+
+   When the user types the recovery password into the system or uses the recovery package, the drive is unlocked.
 
 
 
@@ -71,11 +76,11 @@ Recovery passwords expire after a single use. On operating system drives and fix
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
index fe98ceee20..59ee1c423d 100644
--- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Recover a Moved Drive
 description: How to Recover a Moved Drive
-author: jamiejdt
+author: dansimp
 ms.assetid: 0d38ce7e-bc64-473e-ae85-99b7099ca758
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -24,7 +27,7 @@ To recover a moved drive, you must use the **Drive Recovery** area of the Admini
     **Note**  
     In some cases, you may be able to click **I forgot the PIN** during the startup process, and then enter the recovery mode to display the recovery key ID.
 
-     
+     
 
 3.  Use the recovery key ID to retrieve the recovery password and unlock the drive from the Administration and Monitoring Website. For instructions, see [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-25.md).
 
@@ -41,7 +44,7 @@ To recover a moved drive, you must use the **Drive Recovery** area of the Admini
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md b/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
index 9303a8e597..fc80c4324c 100644
--- a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
+++ b/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Reset a TPM Lockout
 description: How to Reset a TPM Lockout
-author: jamiejdt
+author: dansimp
 ms.assetid: dd20a728-c52e-48e6-9f6c-1311c71dee74
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -35,7 +38,7 @@ For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerati
     **Note**  
     If you are in the MBAM Advanced Helpdesk Users group, the user domain and user ID fields are not required.
 
-     
+     
 
 5.  From the **Reason for requesting TPM owner password file** list, select a reason for the request, and click **Submit**.
 
@@ -56,7 +59,7 @@ For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerati
     **Important**  
     Do not give the TPM hash value or TPM owner password file to end users. Because the TPM information does not change, giving the file to end users creates a security risk.
 
-     
+     
 
 
 
@@ -65,7 +68,7 @@ For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerati
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md b/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
index 4a5e23195c..67f433c862 100644
--- a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
+++ b/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set the Self-Service Portal Branding and Session Time-out
 description: How to Set the Self-Service Portal Branding and Session Time-out
-author: jamiejdt
+author: dansimp
 ms.assetid: 031eedfc-fade-4d2f-8771-b329e1d38c0d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,15 +19,15 @@ ms.date: 06/16/2016
 
 After you configure the Self-Service Portal, you can brand it with your company name, Help Desk URL, and "notice" text. You can also change the Session Time-out setting to make the end user’s session expire after a specified period of inactivity.
 
-**Note**  
+**Note**  
 You can also brand the Self-Service Portal by using the **Enable-MbamWebApplication** Windows PowerShell cmdlet or the MBAM Server Configuration wizard. For instructions on using the wizard, see [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md).
 
- 
 
-**Note**  
+
+**Note**  
 In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal.
 
- 
+
 
 **To set the session time-out and branding for the Self-Service Portal**
 
@@ -38,102 +41,104 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 5.  In the **Name** column, select the item that you want to change, and change the default value to reflect the name that you want to use. The following table lists the values that you can set.
 
-    **Caution**  
+    **Caution**  
     Do not change the value in the Name column (CompanyName\*), as it will cause Self-Service Portal to stop working.
 
-     
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
            



            NameDefault value
            ClientValidationEnabled
            true
            CompanyName
            Contoso IT
            DisplayNotice
            true
            HelpdeskText
            Contact Helpdesk or IT Department
            HelpdeskUrl
            #
            
-    
            
-    Note  
-    
            In MBAM 2.5 SP1, the HelpdeskUrl default value is empty.
            
-    
            
-    
            
-     
-    
            jQueryPath
            [//go.microsoft.com/fwlink/?LinkID=390515](//go.microsoft.com/fwlink/?LinkID=390515)
            
-    
            
-    Note  
-    
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery-1.10.2.min.js
            
-    
            
-    
            
-     
-    
            jQueryValidatePath
            [//go.microsoft.com/fwlink/?LinkID=390516](//go.microsoft.com/fwlink/?LinkID=390516)
            
-    
            
-    Note  
-    
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.min.js
            
-    
            
-    
            
-     
-    
            jQueryValidateUnobtrusivePath
            [//go.microsoft.com/fwlink/?LinkID=390517](//go.microsoft.com/fwlink/?LinkID=390517)
            
-    
            
-    Note  
-    
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.unobtrusive.min.js
            
-    
            
-    
            
-     
-    
            NoticeTextPath
            Notice.txt
            
-    
            
-    Note  
-    
            You can edit the notice text either by using the Internet Information Services (IIS) Manager or by opening and changing the Notice.txt file in the installation directory.
            
-    
            
-    
            
-     
-    
            UnobtrusiveJavaScriptEnabled
            true
            
 
-     
+~~~
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
            



            NameDefault value
            ClientValidationEnabled
            true
            CompanyName
            Contoso IT
            DisplayNotice
            true
            HelpdeskText
            Contact Helpdesk or IT Department
            HelpdeskUrl
            #
            
+
            
+Note  
+
            In MBAM 2.5 SP1, the HelpdeskUrl default value is empty.
            
+
            
+
            
+
+
            jQueryPath
            [//go.microsoft.com/fwlink/?LinkID=390515](//go.microsoft.com/fwlink/?LinkID=390515)
            
+
            
+Note  
+
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery-1.10.2.min.js
            
+
            
+
            
+
+
            jQueryValidatePath
            [//go.microsoft.com/fwlink/?LinkID=390516](//go.microsoft.com/fwlink/?LinkID=390516)
            
+
            
+Note  
+
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.min.js
            
+
            
+
            
+
+
            jQueryValidateUnobtrusivePath
            [//go.microsoft.com/fwlink/?LinkID=390517](//go.microsoft.com/fwlink/?LinkID=390517)
            
+
            
+Note  
+
            In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.unobtrusive.min.js
            
+
            
+
            
+
+
            NoticeTextPath
            Notice.txt
            
+
            
+Note  
+
            You can edit the notice text either by using the Internet Information Services (IIS) Manager or by opening and changing the Notice.txt file in the installation directory.
            
+
            
+
            
+
+
            UnobtrusiveJavaScriptEnabled
            true
            
+~~~
+
+
 
 
 
@@ -142,11 +147,11 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md b/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
index c2e1679a7c..015d00c47f 100644
--- a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
+++ b/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md
@@ -1,8 +1,11 @@
 ---
 title: How to Turn the Self-Service Portal Notice Text On or Off
 description: How to Turn the Self-Service Portal Notice Text On or Off
-author: jamiejdt
+author: dansimp
 ms.assetid: e786685b-ffdb-4557-ae71-e79528097264
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ You can turn the Self-Service Portal notice text on or off. By default, the noti
 **Note**  
 In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal.
 
- 
+ 
 
 **To turn off the notice text**
 
@@ -34,9 +37,9 @@ In the following instructions, *SelfService* is the default virtual directory na
 
 [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md)
 
- 
+ 
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md b/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
index e5107a9650..6999def5bb 100644
--- a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
+++ b/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Administration and Monitoring Website
 description: How to Use the Administration and Monitoring Website
-author: jamiejdt
+author: dansimp
 ms.assetid: bb96a4e8-d4f4-4e6f-b7db-82d96998bfa6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ The Administration and Monitoring Website, also referred to as the Help Desk, is
 **Note**  
 If you are using MBAM in the Stand-alone topology, you view all reports from the Administration and Monitoring Website. If you are using the Configuration Manager Integration topology, you view all reports in Configuration Manager, except the Recovery Audit report, which you continue to view from the Administration and Monitoring Website. For more information about reports, see [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md).
 
- 
+ 
 
 ## Required roles for using the Administration and Monitoring Website
 
@@ -55,7 +58,7 @@ To access specific areas of the Administration and Monitoring Website, you must
 
 
 
- 
+ 
 
 ## Tasks you can perform on the Administration and Monitoring Website
 
@@ -82,13 +85,13 @@ The following table summarizes the tasks you can perform on the Administration a
 
            View reports
            
 
            Reports
            
 
            Enables you to run reports to monitor BitLocker usage, compliance, and key recovery activity. Reports provide data about enterprise compliance, individual computers, and who requested recovery keys or the TPM OwnerAuth package for a specific computer.
            
-
            [Viewing MBAM 2.5 Reports for the Stand-alone Topology](viewing-mbam-25-reports-for-the-stand-alone-topology.md)
            
+
            Viewing MBAM 2.5 Reports for the Stand-alone Topology
            
 
 
 
            Determine the BitLocker encryption status of lost or stolen computers
            
 
            Reports
            
 
            Determine if a volume was encrypted if the computer is lost or stolen.
            
-
            [How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md)
            
+
            How to Determine BitLocker Encryption State of Lost Computers
            
 
 
 
            Recover lost drives
            
@@ -100,21 +103,21 @@ The following table summarizes the tasks you can perform on the Administration a
 
          • Are corrupted
            • 
 
          
 
 
 
 
          Reset a TPM lockout
          
 
          Manage TPM
          
 
          Provides access to TPM data that has been collected by the MBAM Client. In a TPM lockout, use the Administration and Monitoring Website to retrieve the necessary password file to unlock the TPM.
          
-
          [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-25.md)
          
+
          How to Reset a TPM Lockout
          
 
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -122,7 +125,7 @@ The following table summarizes the tasks you can perform on the Administration a
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md b/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
index 188b547452..3be2d5cf4a 100644
--- a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
+++ b/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: How to Use the Self-Service Portal to Regain Access to a Computer
 description: How to Use the Self-Service Portal to Regain Access to a Computer
-author: jamiejdt
+author: dansimp
 ms.assetid: 3c24b13a-d1b1-4763-8ac0-0b2db46267e3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -21,7 +24,7 @@ The following instructions are written from the perspective of end users, but th
 **Important**  
 An end user must have physically logged on to the computer (not remotely) at least one time successfully to be able to recover their key using the Self-Service Portal. Otherwise, they must use the Helpdesk Portal for key recovery.
 
- 
+ 
 
 End users may experience lockouts if they:
 
@@ -32,7 +35,7 @@ End users may experience lockouts if they:
 **Note**  
 If the IT administrator configured an IIS Session State time-out, a message is displayed in the Self-Service Portal 60 seconds prior to the time-out.
 
- 
+ 
 
 **To use the Self-Service Portal to regain access to a computer**
 
@@ -51,11 +54,11 @@ If the IT administrator configured an IIS Session State time-out, a message is d
 
 [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md b/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
index 81fdf55268..7d2a8d5f0e 100644
--- a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
+++ b/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Illustrated Features of an MBAM 2.5 Deployment
 description: Illustrated Features of an MBAM 2.5 Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 7b5eff42-af8c-4bd0-a20a-18cc2e779f01
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -20,10 +23,10 @@ This topic describes the individual features that make up a Microsoft BitLocker
 
 -   System Center Configuration Manager Integration
 
-**Important**  
+**Important**  
 These features do not represent the recommended architecture for deploying MBAM. Use this information only as a guide to understand the individual features that make up an MBAM deployment. See [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) for the recommended architecture for MBAM.
 
- 
+
 
 For a list of the supported versions of the software mentioned in this topic, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md).
 
@@ -48,12 +51,12 @@ The following image and table explain the features in an MBAM Stand-alone topolo
 |Administration and Monitoring Server|||
 |Administration and Monitoring Web Service|The Monitoring Web Service is used by the MBAM Client and the websites to communicate to the databases.|This feature is installed on a computer running Windows Server.|
 
-**Important**  
+**Important**  
 The Self-Service Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1, in which the MBAM Client, the Administration and Monitoring Website, and the Self-Service Portal communicate directly with the Recovery Database.
 
-**Important**  
+**Important**  
 The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
- 
+
 
 ## System Center Configuration Manager Integration topology
 
@@ -61,27 +64,28 @@ The following image and table explain the features in the System Center Configur
 
 ![mbam2\-5](images/mbam2-5-cmcomponents.png)
 
-**Important**  
+**Important**  
 The Self-Service Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1, in which the MBAM Client, the Administration and Monitoring Website, and the Self-Service Portal communicate directly with the Recovery Database.
 
-**Warning**  
+**Warning**  
 The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
 
-|Feature type|Description|
-|-|-|
-|Self-Service Server|||
-|Self-Service Web Service|This web service is used by the MBAM Client and the Self-Service Portal to communicate to the Recovery Database.|This feature is installed on a computer running Windows Server.|
-|Self-Service Website|This website enables end users on client computers to independently sign in to a website to get a recovery key if they lose or forget their BitLocker password.|This feature is configured on a computer running Windows Server.|
-|Administration and Monitoring Server/Recovery Audit Report|||
-|Administration and Monitoring Web Service|This web service enables communication between the Administration and Monitoring Website and the SQL Server databases where reporting data is stored.|This feature is installed on a server running Windows Server.|
-|Administration and Monitoring Website|The Recovery Audit report is viewed from the Administration and Monitoring Website. Use the Configuration Manager console to view all other reports, or view reports directly from SQL Server Reporting Services.|This feature is configured on a server running Windows Server.|
-|Databases|||
-|Recovery Database|This database stores recovery data that is collected from MBAM client computers.|This feature is configured on a server running Windows Server and a supported SQL Server instance.|
-|Audit Database|This database stores audit information about recovery attempts and activity.|This feature is configured on a server running Windows Server and a supported SQL Server instance.|
-|Configuration Manager Features|||
-|Configuration Manager Management console|This console is built into Configuration Manager and is used to view reports.|For viewing reports only, this feature can be installed on any server or client computer.|
-|Configuration Manager Reports|Reports show compliance and recovery audit data for client computers in your enterprise.|The Reports feature is installed on a server running Windows Server and SSRS, and Reports run on a supported SQL Server instance. A reporting services point must be defined in Configuration Manager on the server that is running SSRS.|
-|SQL Server Reporting Services|SSRS enables the MBAM Reports. Reports can be viewed directly from SSRS or from the Configuration Manager console.|SSRS is installed on a server running Windows Server. A reporting services point must be defined in Configuration Manager on the server that is running SSRS.|
+
+|                        Feature type                        |                                                                                                    Description                                                                                                    |
+|------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                    Self-Service Server                     |                                                                                                                                                                                                                   |
+|                  Self-Service Web Service                  |                                                 This web service is used by the MBAM Client and the Self-Service Portal to communicate to the Recovery Database.                                                  |
+|                    Self-Service Website                    |                          This website enables end users on client computers to independently sign in to a website to get a recovery key if they lose or forget their BitLocker password.                          |
+| Administration and Monitoring Server/Recovery Audit Report |                                                                                                                                                                                                                   |
+|         Administration and Monitoring Web Service          |                               This web service enables communication between the Administration and Monitoring Website and the SQL Server databases where reporting data is stored.                               |
+|           Administration and Monitoring Website            | The Recovery Audit report is viewed from the Administration and Monitoring Website. Use the Configuration Manager console to view all other reports, or view reports directly from SQL Server Reporting Services. |
+|                         Databases                          |                                                                                                                                                                                                                   |
+|                     Recovery Database                      |                                                                 This database stores recovery data that is collected from MBAM client computers.                                                                  |
+|                       Audit Database                       |                                                                   This database stores audit information about recovery attempts and activity.                                                                    |
+|               Configuration Manager Features               |                                                                                                                                                                                                                   |
+|          Configuration Manager Management console          |                                                                   This console is built into Configuration Manager and is used to view reports.                                                                   |
+|               Configuration Manager Reports                |                                                             Reports show compliance and recovery audit data for client computers in your enterprise.                                                              |
+|               SQL Server Reporting Services                |                                                SSRS enables the MBAM Reports. Reports can be viewed directly from SSRS or from the Configuration Manager console.                                                 |
 
 ## Related topics
 
diff --git a/mdop/mbam-v25/installing-the-mbam-25-server-software.md b/mdop/mbam-v25/installing-the-mbam-25-server-software.md
index 341600418b..d238b982fe 100644
--- a/mdop/mbam-v25/installing-the-mbam-25-server-software.md
+++ b/mdop/mbam-v25/installing-the-mbam-25-server-software.md
@@ -1,8 +1,11 @@
 ---
 title: Installing the MBAM 2.5 Server Software
 description: Installing the MBAM 2.5 Server Software
-author: jamiejdt
+author: dansimp
 ms.assetid: b9dbe697-5400-4bac-acfb-ee6dc6586c30
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,9 +34,9 @@ This topic describes how to install the Microsoft BitLocker Administration and M
 
 
          Review the MBAM 2.5 planning information
          
 
 
 
@@ -44,7 +47,7 @@ This topic describes how to install the Microsoft BitLocker Administration and M
 
 
 
- 
+ 
 
 ## Installing the MBAM 2.5 Server software by using the Microsoft BitLocker Administration and Monitoring Setup wizard
 
@@ -124,7 +127,7 @@ The following table describes the command-line parameters for installing the MBA
 
 
 
- 
+ 
 
 
 
@@ -135,7 +138,7 @@ The following table describes the command-line parameters for installing the MBA
 
 [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/maintaining-mbam-25.md b/mdop/mbam-v25/maintaining-mbam-25.md
index 6b07d362cf..56128367b9 100644
--- a/mdop/mbam-v25/maintaining-mbam-25.md
+++ b/mdop/mbam-v25/maintaining-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Maintaining MBAM 2.5
 description: Maintaining MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 44d398a0-2ca0-4d47-943c-322345409b59
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/mbam-25-deployment-checklist.md b/mdop/mbam-v25/mbam-25-deployment-checklist.md
index 8169a4c870..660b1ebf79 100644
--- a/mdop/mbam-v25/mbam-25-deployment-checklist.md
+++ b/mdop/mbam-v25/mbam-25-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Deployment Checklist
 description: MBAM 2.5 Deployment Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: 2ba7de17-e3a4-4798-99e0-cd1dc28c5b76
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 You can use this checklist to help you during Microsoft BitLocker Administration and Monitoring (MBAM) deployment with a Stand-alone topology.
 
-**Note**  
+**Note**  
 This checklist outlines the recommended steps and a high-level list of items to consider when you deploy Microsoft BitLocker Administration and Monitoring features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
 
- 
+
 
 @@ -40,19 +43,19 @@ This checklist outlines the recommended steps and a high-level list of items to
 
-
+
-
+
-
+
@@ -65,37 +68,36 @@ This checklist outlines the recommended steps and a high-level list of items to
 
        • Configuration Manager Integration topology (needed only if you are running MBAM with this topology)
          • 
-Note  
-
          Note the names of the servers on which you configure each feature. You will use this information throughout the configuration process.
          
+Note
          Note the names of the servers on which you configure each feature. You will use this information throughout the configuration process.
          
 
          
- 
+
 
          
-
+
-
+
-
+
-
+
          
 

          
 Checklist box
 
          Review and complete all planning steps to prepare your environment for MBAM deployment.
          [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md)
          MBAM 2.5 Planning Checklist
          		
 
          		
 
          
 
          
 Checklist box
 
          Review the supported configurations information to ensure that MBAM supports the selected client and server computers.
          [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
          MBAM 2.5 Supported Configurations
          		
 
          		
 
          
 
          
 Checklist box
 
          Install the MBAM Server software.
          [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md)
          Installing the MBAM 2.5 Server Software
          		
 
          		
 
          
 
          
 
 
 
          [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
          Configuring the MBAM 2.5 Server Features
          		
 
          		
 
          
 
          
 Checklist box
 
          Validate the MBAM configuration.
          [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md)
          Validating the MBAM 2.5 Server Feature Configuration
          		
 
          		
 
          
 
          
 Checklist box
 
          Copy the MBAM Group Policy Template and edit the Group Policy settings.
          [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md) and [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md)
          Copying the MBAM 2.5 Group Policy Templates and Editing the MBAM 2.5 Group Policy Settings
          		
 
          		
 
          
 
          
 Checklist box
 
          Deploy the MBAM Client software.
          [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
          Deploying the MBAM 2.5 Client
          		
 
          		
 
          
           
 
          
 
- 
+
 
 
 ## Related topics
@@ -103,9 +105,9 @@ This checklist outlines the recommended steps and a high-level list of items to
 
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
- 
 
- 
+
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md b/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
index fd80f252ae..aecfb3c56b 100644
--- a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
+++ b/mdop/mbam-v25/mbam-25-deployment-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Deployment Prerequisites
 description: MBAM 2.5 Deployment Prerequisites
-author: jamiejdt
+author: dansimp
 ms.assetid: a7b02d01-d182-4031-b373-0271177af14e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/mbam-25-planning-checklist.md b/mdop/mbam-v25/mbam-25-planning-checklist.md
index a62ddee30b..015403224b 100644
--- a/mdop/mbam-v25/mbam-25-planning-checklist.md
+++ b/mdop/mbam-v25/mbam-25-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Planning Checklist
 description: MBAM 2.5 Planning Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: ffe11eb8-44db-4886-8300-6dffec8bcfa4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -37,92 +40,92 @@ You can use the following checklists to help you prepare your computing environm
 
 Checklist box
 
          Review the "Getting started" information to understand the product before you start deployment planning.
          
-
          [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
          
+
          Getting Started with MBAM 2.5
          
 
          
 
 
 Checklist box
 
          Review the recommended high-level architecture for an MBAM deployment. You might also want to review an illustration and description of the individual parts (databases, websites, Reports) of an MBAM deployment.
          
-
          [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
          
-
          [Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md)
          
+
          High-Level Architecture for MBAM 2.5
          
+
          Illustrated Features of an MBAM 2.5 Deployment
          
 
          
 
 
 Checklist box
 
          Review and complete the prerequisites for the MBAM Stand-alone and Configuration Manager Integration topologies.
          
-
          [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md)
          
+
          MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
          
 
          
 
 
 Checklist box
 
          If you plan to use the Configuration Manager Integration topology, complete the additional prerequisites that apply only to this topology.
          
-
          [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md)
          
+
          MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology
          
 
          
 
 
 Checklist box
 
          Review and meet the MBAM 2.5 prerequisites for the MBAM Client.
          
-
          [Prerequisites for MBAM 2.5 Clients](prerequisites-for-mbam-25-clients.md)
          
+
          Prerequisites for MBAM 2.5 Clients
          
 
          
 
 
 Checklist box
 
          Plan for and configure MBAM Group Policy requirements.
          
-
          [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)
          
+
          Planning for MBAM 2.5 Group Policy Requirements
          
 
          
 
 
 Checklist box
 
          Plan for and create the necessary Active Directory Domain Services security groups.
          
-
          [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)
          
+
          Planning for MBAM 2.5 Groups and Accounts
          
 
          
 
 
 Checklist box
 
          Plan how you will secure the MBAM websites.
          
-
          [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)
          
+
          Planning How to Secure the MBAM Websites
          
 
          
 
 
 Checklist box
 
          Review the MBAM Supported Configurations to ensure that your hardware meets the installation system requirements.
          
-
          [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
          
+
          MBAM 2.5 Supported Configurations
          
 
          
 
 
 Checklist box
 
          Review the considerations for deploying the MBAM Server features.
          
-
          [Planning for MBAM 2.5 Server Deployment](planning-for-mbam-25-server-deployment.md)
          
+
          Planning for MBAM 2.5 Server Deployment
          
 
          
 
 
 Checklist box
 
          Review the considerations for deploying the MBAM Client.
          
-
          [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md)
          
+
          Planning for MBAM 2.5 Client Deployment
          
 
          
 
 
 Checklist box
 
          Review the requirements and steps to deploy MBAM in a highly available configuration.
          
-
          [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)
          
+
          Planning for MBAM 2.5 High Availability
          
 
          
 
 
 Checklist box
 
          Review the MBAM security considerations that pertain to the Trusted Platform Module, log files, and transparent data encryption.
          
-
          [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)
          
+
          MBAM 2.5 Security Considerations
          
 
          
 
 
 Checklist box
 
          Optionally, review the steps to evaluate MBAM in a test environment.
          
-
          [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)
          
+
          Evaluating MBAM 2.5 in a Test Environment
          
 
          
 
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -130,9 +133,9 @@ You can use the following checklists to help you prepare your computing environm
 
 [Planning for MBAM 2.5](planning-for-mbam-25.md)
 
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md
index 37c627b035..f87672362a 100644
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Security Considerations
 description: MBAM 2.5 Security Considerations
-author: jamiejdt
+author: dansimp
 ms.assetid: f6613c63-b32b-45fb-a6e8-673d6dae7d16
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -69,14 +72,14 @@ To enable MBAM to escrow and then store TPM OwnerAuth passwords, you must config
 
 
 
- 
+ 
 
 The location of these Group Policy settings is **Computer Configuration** > **Administrative Templates** > **System** > **Trusted Platform Module Services**.
 
 **Note**  
 Windows removes the OwnerAuth locally after MBAM successfully escrows it with these settings.
 
- 
+ 
 
 ### Escrowing TPM OwnerAuth in Windows 7
 
@@ -117,7 +120,7 @@ To create user-to-computer associations after you have installed the MBAM server
 **Note**  
 The MBAM agent will override user-to-computer associations when that computer begins reporting up to the server.
 
- 
+ 
 
 **Prerequisites:** The Read-AD\* cmdlets can retrieve information from AD only if they are either run as a highly privileged user account, such as a Domain Administrator, or run as an account in a custom security group granted read access to the information (recommended).
 
@@ -168,7 +171,7 @@ The Read-AD\* cmdlets do not have the ability to discover the user accounts that
 
 -   Users who are not in the MBAM Advanced Helpdesk Users security group as defined during installation, recovering on behalf of other users
 
- 
+ 
 
 ## Configure MBAM to automatically unlock the TPM after a lockout
 
@@ -178,7 +181,7 @@ You can configure MBAM 2.5 SP1 to automatically unlock the TPM in case of a lock
 **Important**  
 To enable TPM lockout auto reset, you must configure this feature on both the server side and in Group Policy on the client side.
 
- 
+ 
 
 -   To enable TPM lockout auto reset on the client side, configure the Group Policy setting "Configure TPM lockout auto reset" located at **Computer Configuration** > **Administrative Templates** > **Windows Components** > **MDOP MBAM** > **Client Management**.
 
@@ -193,7 +196,7 @@ TPM lockout auto reset is disabled by default.
 **Note**  
 TPM lockout auto reset is only supported on computers running TPM version 1.2. TPM 2.0 provides built-in lockout auto reset functionality.
 
- 
+ 
 
 **The Recovery Audit Report** includes events related to TPM lockout auto reset. If a request is made from the MBAM client to retrieve a TPM OwnerAuth password, an event is logged to indicate recovery. Audit entries will include the following events:
 
@@ -224,7 +227,7 @@ TPM lockout auto reset is only supported on computers running TPM version 1.2. T
 
 
 
- 
+ 
 
 ## Secure connections to SQL Server
 
@@ -302,11 +305,11 @@ For an example of how to enable TDE for MBAM database instances, see [Understand
 
 [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
index 0dc592b269..e6b0faca0c 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
 description: MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies
-author: jamiejdt
+author: dansimp
 ms.assetid: 76a6047a-5c6e-42ff-af09-a6f382a69537
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -20,10 +23,10 @@ If you are deploying MBAM with System Center Configuration Manager, you must com
 
 For a list of the supported hardware and operating systems for MBAM, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md).
 
-**Important**  
+**Important**  
 If BitLocker was used without MBAM, you must decrypt the drive and then clear TPM using tpm.msc. MBAM cannot take ownership of TPM if the client PC is already encrypted and the TPM owner password created.
 
- 
+
 
 ## Required MBAM roles and accounts
 
@@ -42,12 +45,12 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
          Groups created in Active Directory Domain Services (AD DS)
          
-
          See [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) for a description of these groups and accounts.
          
+
          See Planning for MBAM 2.5 Groups and Accounts for a description of these groups and accounts.
          
 
 
 
 
- 
+
 
 ## Prerequisites for the Recovery Database
 
@@ -67,7 +70,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
          Supported version of SQL Server
          
 
          Install Microsoft SQL Server with SQL_Latin1_General_CP1_CI_AS collation.
          
-
          See [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) for supported versions.
          
+
          See MBAM 2.5 Supported Configurations for supported versions.
          
 
 
 
          Required SQL Server permissions
          
@@ -87,13 +90,12 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
          Optional - Install the Transparent Data Encryption (TDE) feature available in SQL Server
          
-
          The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.
          
+
          The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.
          
 
          
-Note  
-
          TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md).
          
+Note
          TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see MBAM 2.5 Security Considerations.
          
 
          
 
          
- 
+
 
          
 
 
@@ -107,7 +109,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
- 
+
 
 ## Prerequisites for the Compliance and Audit Database
 
@@ -127,7 +129,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
          Supported version of SQL Server
          
 
          Install SQL Server with SQL_Latin1_General_CP1_CI_AS collation.
          
-
          See [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) for supported versions.
          
+
          See MBAM 2.5 Supported Configurations for supported versions.
          
 
 
 
          Required SQL Server permissions
          
@@ -147,8 +149,8 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
          Optional - Install the Transparent Data Encryption (TDE) feature in SQL Server
          
-
          The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.
          
-
          TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md).
          
+
          The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.
          
+
          TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see MBAM 2.5 Security Considerations.
          
 
 
 
          SQL Server Database Engine Services
          
@@ -161,7 +163,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
- 
+
 
 ## Prerequisites for the Reports
 
@@ -181,7 +183,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
          Supported version of SQL Server
          
 
          Install SQL Server with SQL_Latin1_General_CP1_CI_AS collation.
          
-
          See [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) for supported versions.
          
+
          See MBAM 2.5 Supported Configurations for supported versions.
          
 
 
 
          SQL Server Reporting Services (SSRS)
          
@@ -203,7 +205,7 @@ If BitLocker was used without MBAM, you must decrypt the drive and then clear TP
 
 
 
- 
+
 
 ## Prerequisites for the Administration and Monitoring Server
 
@@ -261,13 +263,12 @@ The following table lists the installation prerequisites for the MBAM Administra
 
        • .NET Framework 4.5
          
 
            
 
          • Windows Server 2012 or Windows Server 2012 R2 - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it.
            • 
-
          • Windows Server 2008 R2 - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](https://go.microsoft.com/fwlink/?LinkId=392318) and install it separately.
            
+
          • Windows Server 2008 R2 - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must download Microsoft .NET Framework 4.5 and install it separately.
            
 
            
-Note  
-
            If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) for an additional required step to make the websites work.
            
+Note
            If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see Release Notes for MBAM 2.5 for an additional required step to make the websites work.
            
 
            
 
            
- 
+
 
            • 
 
          • 
 
        • WCF Activation
          
@@ -286,30 +287,29 @@ The following table lists the installation prerequisites for the MBAM Administra
 
        
 
 
-
        ASP.NET MVC 4.0
        
-
        [ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)
        
+
        ASP.NET MVC 4.0
        
+
        ASP.NET MVC 4 download
        
 
 
 
        Service Principal Name (SPN)
        
 
        The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.
        
-
        If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](https://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.
        
+
        If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See Setspn for information about the rights required to create SPNs.
        
 
        If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization to create the SPN for you by using the following command.
        
 
        Setspn -s http/mbamvirtual contoso\mbamapppooluser
 Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
        
 
        In the code example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pools is contoso\mbamapppooluser.
        
 
        
-Note  
-
        If you are setting up Load Balancing, use the same application pool account on all servers.
        
+Note
        If you are setting up Load Balancing, use the same application pool account on all servers.
        
 
        
 
        
- 
+
 
        
-
        For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md).
        
+
        For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see Planning How to Secure the MBAM Websites.
        
 
 
 
 
- 
+
 
 ## Prerequisites for the Self-Service Portal
 
@@ -328,11 +328,11 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    
 
 
 
    Supported version of Windows Server
    
-
    See [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) for supported versions.
    
+
    See MBAM 2.5 Supported Configurations for supported versions.
    
 
 
-
    ASP.NET MVC 4.0
    
-
    [ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)
    
+
    ASP.NET MVC 4.0
    
+
    ASP.NET MVC 4 download
    
 
 
 
    Web Service IIS Management Tools
    
@@ -341,24 +341,23 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    
 
 
    Service Principal Name (SPN)
    
 
    The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.
    
-
    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](https://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.
    
+
    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See Setspn for information about the rights required to create SPNs.
    
 
    If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization administrators in your organization to create the SPN for you by using the following command.
    
 
    Setspn -s http/mbamvirtual contoso\mbamapppooluser
 Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    
 
    In the code example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pools is contoso\mbamapppooluser.
    
 
    
-Note  
-
    If you are setting up Load Balancing, use the same application pool account on all servers.
    
+Note
    If you are setting up Load Balancing, use the same application pool account on all servers.
    
 
    
 
    
- 
+
 
    
-
    For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md).
    
+
    For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see Planning How to Secure the MBAM Websites.
    
 
 
 
 
- 
+
 
 ## Prerequisites for the Management Workstation
 
@@ -376,7 +375,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    
 
 
 
-
    Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.
    
+
    Before installing the MBAM Client, download the MBAM Group Policy Templates from How to Get MDOP Group Policy (.admx) Templates and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.
    
 
    Before installing the MBAM Client, do the following:
    
 @@ -392,20 +391,20 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
-
+
-
+
    
 

 
 
    
 
    Copy the MBAM Group Policy Templates
    [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)
    Copying the MBAM 2.5 Group Policy Templates
    		
 
    
 
    
 
    Edit the Group Policy settings
    [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md)
    Editing the MBAM 2.5 Group Policy Settings
    		
 
    
     
 
    
-
     
    
+
     
    
 
 
 
 
- 
+
 
 
 
@@ -418,9 +417,9 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    
 
 [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
 
- 
 
- 
+
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
index 93707f9f9d..58cc6cf2fe 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology
 description: MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology
-author: jamiejdt
+author: dansimp
 ms.assetid: 74180d8d-7b0f-460f-b301-53595cde8381
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index 070552040e..970711d8a8 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: MBAM 2.5 Supported Configurations
 description: MBAM 2.5 Supported Configurations
-author: shortpatti
+author: dansimp
 ms.assetid: ce689aff-9a55-4ae7-a968-23c7bda9b4d6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,10 +21,10 @@ You can run Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in a St
 
 For additional configurations that are specific to the Configuration Manager Integration topology, see [Versions of Configuration Manager that MBAM supports](#bkmk-cm-ramreqs).
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+
 
 ## MBAM Supported Languages
 
@@ -84,7 +87,7 @@ The following tables show the languages that are supported for the MBAM Client (
 
 
 
- 
+
 
 **Supported Languages in MBAM 2.5:**
 
@@ -131,14 +134,14 @@ The following tables show the languages that are supported for the MBAM Client (
 
 
 
- 
+
 
 ##  MBAM Server system requirements
 
 
 ### MBAM Server operating system requirements
 
-We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
+We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
 
 The following table lists the operating systems that are supported for the MBAM Server installation.
 
@@ -159,7 +162,7 @@ The following table lists the operating systems that are supported for the MBAM
 
 
 
-
    Windows Server 2016
    
+
    Windows Server 2016
    
 
    Standard or Datacenter
    
 
 
    64-bit
    
@@ -177,7 +180,7 @@ The following table lists the operating systems that are supported for the MBAM
 
    64-bit
    
 
 
-
    Windows Server 2008 R2
    
+
    Windows Server 2008 R2
    
 
    Standard, Enterprise, or Datacenter
    
 
    SP1
    
 
    64-bit
    
@@ -185,7 +188,7 @@ The following table lists the operating systems that are supported for the MBAM
 
 
 
- 
+
 
 The enterprise domain must contain at least one Windows Server 2008 (or later) domain controller.
 
@@ -225,7 +228,7 @@ These requirements are for the MBAM Stand-alone topology. For the requirements f
 
 
 
- 
+
 
 ### MBAM Server processor, RAM, and disk space requirements - Configuration Manager Integration topology
 
@@ -263,7 +266,7 @@ The following table lists the server processor, RAM, and disk space requirements
 
 
 
- 
+
 
 ### Versions of Configuration Manager that MBAM supports
 
@@ -283,8 +286,14 @@ MBAM supports the following versions of Configuration Manager.
 
 
 
+
+
    Microsoft System Center Configuration Manager (Current Branch), versions up to 1902
    
+
    
+
    64-bit
    
+
+
 
-
    Microsoft System Center Configuration Manager (Current Branch), versions up to 1806
    
+
    Microsoft System Center Configuration Manager 1806
    
 
    
 
    64-bit
    
 
@@ -294,7 +303,7 @@ MBAM supports the following versions of Configuration Manager.
 
    64-bit
    
 
 
-
    Microsoft System Center 2012 Configuration Manager
    
+
    Microsoft System Center 2012 Configuration Manager
    
 
    SP1
    
 
    64-bit
    
 
@@ -303,21 +312,21 @@ MBAM supports the following versions of Configuration Manager.
 
    
 
    64-bit
    
 
->**Note** Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.
+>Note Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.
 
 
 
 
 
- 
+
 
 For a list of supported configurations for the Configuration Manager Server, see the appropriate TechNet documentation for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server.
 
-### SQL Server database requirements
+### SQL Server database requirements
 
 The following table lists the Microsoft SQL Server versions that are supported for the MBAM Server features, which include the Recovery Database, Compliance and Audit Database, and the Reports feature. The required versions apply to the Stand-alone or the Configuration Manager Integration topologies.
 
-You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** collation.
+You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** collation.
 
 @@ -339,24 +348,23 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** coll
 
-    
-
+
    
-https://www.microsoft.com/en-us/download/details.aspx?id=54967
+https://www.microsoft.com/en-us/download/details.aspx?id=54967
-
+
-
+
@@ -366,7 +374,7 @@ https://www.microsoft.com/en-us/download/details.aspx?id=54967
    
 

    Microsoft SQL Server 2017
    		
 
    Standard, Enterprise, or Datacenter
    		
 
    64-bit
    64-bit
    
 
    Microsoft SQL Server 2016
    		
 
    Standard, Enterprise, or Datacenter
    		
 
    SP1
    64-bit
    64-bit
    		
 
    
 
    Microsoft SQL Server 2014
    		
 
    Standard, Enterprise, or Datacenter
    		
 
    SP1, SP2
    		
 
    64-bit
    		
 
    Microsoft SQL Server 2012
    Microsoft SQL Server 2012
    		
 
    Standard, Enterprise, or Datacenter
    		
 
    SP3
    		
 
    64-bit
    		
 
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2
    		
 
    Standard or Enterprise
    		
 
    SP3
    		
 
    64-bit
    		<
 
 **Note**  
 In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967  and to support SQL 2017 you must install the July 2018 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=57157. In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features.
- 
+
 
 ### SQL Server processor, RAM, and disk space requirements – Stand-alone topology
 
@@ -404,7 +412,7 @@ The following table lists the recommended server processor, RAM, and disk space
 
    
 
    
 
- 
+
 
 ### SQL Server processor, RAM, and disk space requirements - Configuration Manager Integration topology
 
@@ -442,14 +450,14 @@ The following table lists the server processor, RAM, and disk space requirements
 
 
 
- 
+
 
 ##  MBAM Client system requirements
 
 
 ### Client operating system requirements
 
-We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
+We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
 
 The following table lists the operating systems that are supported for MBAM Client installation. The same requirements apply to the Stand-alone and the Configuration Manager Integration topologies.
 
@@ -474,8 +482,7 @@ The following table lists the operating systems that are supported for MBAM Clie
     
    Enterprise
    
     
    
     
    32-bit or 64-bit
    
-  
-
+
    
 
    Windows 10
    
 
    Enterprise
    
 
    
@@ -488,7 +495,7 @@ The following table lists the operating systems that are supported for MBAM Clie
 
    32-bit or 64-bit
    
 
 
-
    Windows 7
    
+
    Windows 7
    
 
    Enterprise or Ultimate
    
 
    SP1
    
 
    32-bit or 64-bit
    
@@ -502,7 +509,7 @@ The following table lists the operating systems that are supported for MBAM Clie
 
 
 
- 
+
 
 ### Client RAM requirements
 
@@ -548,7 +555,7 @@ The following table lists the operating systems that are supported for MBAM Grou
 
    32-bit or 64-bit
    
 
 
-
    Windows 7
    
+
    Windows 7
    
 
    Enterprise, or Ultimate
    
 
    SP1
    
 
    32-bit or 64-bit
    
@@ -566,7 +573,7 @@ The following table lists the operating systems that are supported for MBAM Grou
 
    64-bit
    
 
 
-
    Windows Server 2008 R2
    
+
    Windows Server 2008 R2
    
 
    Standard, Enterprise, or Datacenter
    
 
    SP1
    
 
    64-bit
    
@@ -599,9 +606,9 @@ The MBAM client is not supported on virtual machines and is also not supported o
 
 [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)
 
- 
 
- 
+
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md b/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
index e7f1395a8b..45f2ee0794 100644
--- a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
+++ b/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring and Reporting BitLocker Compliance with MBAM 2.5
 description: Monitoring and Reporting BitLocker Compliance with MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 24a3bccd-8b67-4baa-a181-e4572eaba5bf
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
index 6376939620..6a03158661 100644
--- a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
+++ b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring Web Service Request Performance Counters
 description: Monitoring Web Service Request Performance Counters
-author: jamiejdt
+author: dansimp
 ms.assetid: bdb812a1-465a-4098-b4c0-cb99890d1b0d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md b/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
index 00fdddca93..75b47a4907 100644
--- a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
+++ b/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md
@@ -1,8 +1,11 @@
 ---
 title: Moving MBAM 2.5 Features to Another Server
 description: Moving MBAM 2.5 Features to Another Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 9767a0e4-e8ab-49f0-98c5-5cd671975501
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/operations-for-mbam-25.md b/mdop/mbam-v25/operations-for-mbam-25.md
index 5a895028c3..e318d1bba3 100644
--- a/mdop/mbam-v25/operations-for-mbam-25.md
+++ b/mdop/mbam-v25/operations-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for MBAM 2.5
 description: Operations for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: da0e35be-2dc4-4a24-b69a-530436eb48fc
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md b/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
index 37802d9fc1..d6ef03091b 100644
--- a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
+++ b/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Performing BitLocker Management with MBAM 2.5
 description: Performing BitLocker Management with MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 068f3ee0-300c-4083-ba18-7065eef997ad
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
index 54bddfa55e..6fce394daa 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5 Client Deployment
 description: Planning for MBAM 2.5 Client Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 23c89976-af24-4753-9412-ce0ea42d1964
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,7 +26,7 @@ If you deploy MBAM with the Configuration Manager Integration topology, you can
 **Note**  
 Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007.
 
- 
+ 
 
 ## Deploying the MBAM Client to enable BitLocker Drive Encryption after computer distribution to end users
 
@@ -33,14 +36,14 @@ After you configure Group Policy, you can use an enterprise software deployment
 **Note**  
 Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product.
 
- 
+ 
 
 When you deploy the MBAM Client after you distribute computers to client computers, end users are prompted to encrypt their computer. This action enables MBAM to collect the data, which includes the PIN and password (if required by policy), and then to begin the encryption process.
 
 **Note**  
 In this approach, end users who have computers with a TPM chip are prompted to activate and initialize the TPM chip if the chip has not been previously activated.
 
- 
+ 
 
 ## Using the MBAM Client to enable BitLocker Drive Encryption before computer distribution to end users
 
@@ -52,7 +55,7 @@ If your organization wants to use the TPM chip to encrypt computers, the adminis
 **Note**  
 The TPM protector option requires the administrator to accept the BIOS prompt to activate and initialize the TPM before the computer is delivered to the end user.
 
- 
+ 
 
 ## MBAM Client support for Encrypted Hard Drives
 
@@ -67,9 +70,9 @@ MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification req
 
 [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
 
- 
+ 
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
diff --git a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
index c016d3779d..9003490cee 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5 Group Policy Requirements
 description: Planning for MBAM 2.5 Group Policy Requirements
-author: jamiejdt
+author: dansimp
 ms.assetid: 82d545dc-3fbf-4b46-b62f-47fe178a7c44
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -41,7 +44,7 @@ MBAM supports the following types of BitLocker protectors.
 
  • TPM + USB key – supported only when the operating system volume is encrypted before MBAM is installed
    • 
 
  • TPM + PIN + USB key - supported only when the operating system volume is encrypted before MBAM is installed
    • 
 
  • Password - supported only for Windows To Go devices, fixed data drives, and Windows 8, Windows 8.1, and Windows 10 devices that do not have a TPM
    • 
-
  • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7
    • 
+
  • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7
    • 
 
  • Data recovery agent (DRA)
    • 
 
 
@@ -50,7 +53,7 @@ MBAM supports the following types of BitLocker protectors.
 
      
 
    • Password
      • 
 
    • Auto-unlock
      • 
-
    • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7
      • 
+
    • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7
      • 
 
    • Data recovery agent (DRA)
      • 
 
    
 
@@ -66,7 +69,7 @@ MBAM supports the following types of BitLocker protectors.
 
 
 
- 
+
 
 ### Support for the Used Space Encryption BitLocker policy
 
@@ -92,27 +95,27 @@ When you are ready to configure the MBAM Group Policy settings you want, do the
 
 
 
-
    Copy the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).
    
-
    [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)
    
+
    Copy the MBAM Group Policy Templates from How to Get MDOP Group Policy (.admx) Templates and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).
    
+
    Copying the MBAM 2.5 Group Policy Templates
    
 
 
 
    Configure the Group Policy settings that you want to use in your enterprise.
    
-
    [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md)
    
+
    Editing the MBAM 2.5 Group Policy Settings
    
 
 
 
 
- 
+
 
 ## Descriptions of the MBAM Group Policy settings
 
 
 The **MDOP MBAM (BitLocker Management)** GPO node contains four global policy settings and four child GPO nodes: **Client Management**, **Fixed Drive**, **Operating System Drive**, and **Removable Drive**. The following sections describe and suggest settings for the MBAM Group Policy settings.
 
-**Important**  
+**Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. MBAM automatically configures the settings in this node for you when you configure the settings in the **MDOP MBAM (BitLocker Management)** node.
 
- 
+
 
 ### Global Group Policy definitions
 
@@ -136,14 +139,13 @@ This section describes MBAM Global Group Policy definitions at the following GPO
 
    Configure this policy to use a specific encryption method and cipher strength.
    
 
    When this policy is not configured, BitLocker uses the default encryption method: AES 128-bit with Diffuser.
    
 
    
-Note  
-
    An issue with the BitLocker Computer Compliance report causes it to display "unknown" for the cipher strength, even if you are using the default value. To work around this issue, make sure you enable this setting and set a value for cipher strength.
    
+Note
    An issue with the BitLocker Computer Compliance report causes it to display "unknown" for the cipher strength, even if you are using the default value. To work around this issue, make sure you enable this setting and set a value for cipher strength.
    
 
    
 
    
- 
+
 
    
 
      
-
    • AES 128-bit with Diffuser – for Windows 7 only
      • 
+
    • AES 128-bit with Diffuser – for Windows 7 only
      • 
 
    • AES 128 for Windows 8, Windows 8.1, and Windows 10
      • 
 
    
 
@@ -169,7 +171,7 @@ This section describes MBAM Global Group Policy definitions at the following GPO
 
 
 
- 
+
 
 ### Client Management Group Policy definitions
 
@@ -209,14 +211,13 @@ You can set the same Group Policy settings for the Stand-alone and System Center
 
    Configure user exemption policy
    
 
    Suggested configuration: Not Configured
    
 
    This policy setting lets you configure a website address, email address, or phone number that instructs a user to request an exemption from BitLocker encryption.
    
-
    If you enable this policy setting and provide a website address, email address, or phone number, users see a dialog box with instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md).
    
+
    If you enable this policy setting and provide a website address, email address, or phone number, users see a dialog box with instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.
    
 
    If you either disable or do not configure this policy setting, the exemption request instructions are not displayed to users.
    
 
    
-Note  
-
    User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer is encrypted.
    
+Note
    User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer is encrypted.
    
 
    
 
    
- 
+
 
    
 
 
@@ -237,7 +238,7 @@ You can set the same Group Policy settings for the Stand-alone and System Center
 
 
 
- 
+
 
 ### Fixed Drive Group Policy definitions
 
@@ -275,9 +276,9 @@ This section describes Fixed Drive policy definitions for Microsoft BitLocker Ad
 
 
    Allow access to BitLocker-protected fixed drives from earlier versions of Windows
    
 
    Suggested configuration: Not Configured
    
-
    Enable this policy so that fixed drives with the FAT file system can be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
-
    When the policy is enabled or not configured, fixed drives that are formatted with the FAT file system can be unlocked and their content can be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. These operating systems have read-only permission to BitLocker-protected drives.
    
-
    When the policy is disabled, fixed drives that are formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
+
    Enable this policy so that fixed drives with the FAT file system can be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
+
    When the policy is enabled or not configured, fixed drives that are formatted with the FAT file system can be unlocked and their content can be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. These operating systems have read-only permission to BitLocker-protected drives.
    
+
    When the policy is disabled, fixed drives that are formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
 
 
 
    Configure use of password for fixed drives
    
@@ -309,7 +310,7 @@ This section describes Fixed Drive policy definitions for Microsoft BitLocker Ad
 
 
 
- 
+
 
 ### Operating System Drive Group Policy definitions
 
@@ -336,7 +337,7 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
  • Allow Standby States (S1-S3) When Sleeping (Plugged In)
    • 
 
  • Allow Standby States (S1-S3) When Sleeping (On Battery)
    • 
 
-
    If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.
    
+
    If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.
    
 
    On a computer with a compatible TPM, two types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require the entry of a personal identification number (PIN).
    
 
    If you enable this policy setting, users have to put the operating system drive under BitLocker protection, and the drive is then encrypted.
    
 
    If you disable this policy, users cannot put the operating system drive under BitLocker protection. If you apply this policy after the operating system drive is encrypted, the drive is then decrypted.
    
@@ -362,24 +363,22 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
    Suggested configuration: Not Configured
    
 
    Use this policy setting to set the constraints for passwords that are used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective, you must also enable the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
    
 
    
-Note  
-
    These settings are enforced when you turn on BitLocker, not when you unlock a volume. BitLocker lets you unlock a drive with any of the protectors that are available on the drive.
    
+Note
    These settings are enforced when you turn on BitLocker, not when you unlock a volume. BitLocker lets you unlock a drive with any of the protectors that are available on the drive.
    
 
    
 
    
- 
+
 
    
 
    If you enable this policy setting, users can configure a password that meets the requirements that you define. To enforce complexity requirements on the password, click Require password complexity.
    
 
 
 
    Configure TPM platform validation profile for BIOS-based firmware configurations
    
 
    Suggested configuration: Not Configured
    
-
    This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
+
    This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
 
    
-Important  
-
    This Group Policy setting applies only to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Service Module (CSM) enabled. Computers that use a native UEFI firmware configuration store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware.
    
+Important
    This Group Policy setting applies only to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Service Module (CSM) enabled. Computers that use a native UEFI firmware configuration store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware.
    
 
    
 
    
- 
+
 
    
 
    If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before you unlock access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.
    
 
    If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the Setup script.
    
@@ -387,20 +386,19 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
 
    Configure TPM platform validation profile
    
 
    Suggested configuration: Not Configured
    
-
    This policy setting enables you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
+
    This policy setting enables you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
 
    If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before you unlock access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.
    
 
    If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.
    
 
 
 
    Configure TPM platform validation profile for native UEFI firmware configurations
    
 
    Suggested configuration: Not Configured
    
-
    This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
+
    This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
    
 
    
-Important  
-
    This Group Policy setting applies only to computers with a native UEFI firmware configuration.
    
+Important
    This Group Policy setting applies only to computers with a native UEFI firmware configuration.
    
 
    
 
    
- 
+
 
    
 
    If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.
    
 
    If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.
    
@@ -415,13 +413,12 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
    Use enhanced Boot Configuration Data validation profile
    
 
    Suggested configuration: Not Configured
    
 
    This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.
    
-
    If you enable this policy setting, you can add additional settings, remove the default settings, or both. If you disable this policy setting, the computer reverts to a BCD profile similar to the default BCD profile that is used by Windows 7. If you do not configure this policy setting, the computer verifies the default Windows BCD settings.
    
+
    If you enable this policy setting, you can add additional settings, remove the default settings, or both. If you disable this policy setting, the computer reverts to a BCD profile similar to the default BCD profile that is used by Windows 7. If you do not configure this policy setting, the computer verifies the default Windows BCD settings.
    
 
    
-Note  
-
    When BitLocker uses Secure Boot for platform and Boot Configuration Data (BCD) integrity validation, as defined by the "Allow Secure Boot for integrity validation" policy, the "Use enhanced Boot Configuration Data validation profile" policy is ignored.
    
+Note
    When BitLocker uses Secure Boot for platform and Boot Configuration Data (BCD) integrity validation, as defined by the "Allow Secure Boot for integrity validation" policy, the "Use enhanced Boot Configuration Data validation profile" policy is ignored.
    
 
    
 
    
- 
+
 
    
 
    The setting that controls boot debugging (0x16000010) is always validated and has no effect if it is included in the provided fields.
    
 
@@ -444,17 +441,16 @@ This section describes Operating System Drive policy definitions for Microsoft B
 
  • Use default recovery message and URL: Select this option to display the default BitLocker recovery message and URL in the pre-boot BitLocker recovery screen. If you previously configured a custom recovery message or URL and want to revert to the default message, you must enable this policy and select the Use default recovery message and URL option.
    • 
 
 
    
-Note  
-
    Not all characters and languages are supported in pre-boot. We recommend that you test that the characters you use for the custom message or URL appear correctly on the pre-boot BitLocker recovery screen.
    
+Note
    Not all characters and languages are supported in pre-boot. We recommend that you test that the characters you use for the custom message or URL appear correctly on the pre-boot BitLocker recovery screen.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 ### Removable Drive Group Policy definitions
 
@@ -489,9 +485,9 @@ This section describes Removable Drive Group Policy definitions for Microsoft Bi
 
 
    Allow access to BitLocker-protected removable drives from earlier versions of Windows
    
 
    Suggested configuration: Not Configured
    
-
    Enable this policy to allow fixed drives with the FAT file system to be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
-
    When this policy is not configured, removable drives that are formatted with the FAT file system can be unlocked on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only permission to BitLocker-protected drives.
    
-
    When the policy is disabled, removable drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
+
    Enable this policy to allow fixed drives with the FAT file system to be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
+
    When this policy is not configured, removable drives that are formatted with the FAT file system can be unlocked on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only permission to BitLocker-protected drives.
    
+
    When the policy is disabled, removable drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.
    
 
 
 
    Configure use of password for removable data drives
    
@@ -510,7 +506,7 @@ This section describes Removable Drive Group Policy definitions for Microsoft Bi
 
 
 
- 
+
 
 
 ## Related topics
@@ -520,11 +516,11 @@ This section describes Removable Drive Group Policy definitions for Microsoft Bi
 
 [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
index e03e834e82..7f91892a01 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5 Groups and Accounts
 description: Planning for MBAM 2.5 Groups and Accounts
-author: jamiejdt
+author: dansimp
 ms.assetid: 73bb9fe5-5900-4b6f-b271-ade62991fca1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,12 +17,12 @@ ms.date: 11/02/2016
 # Planning for MBAM 2.5 Groups and Accounts
 
 
-This topic lists the roles and accounts that you must create in Active Directory Domain Services (AD DS) to provide security and access rights for the Microsoft BitLocker Administration and Monitoring (MBAM) databases, reports, and web applications. For each role and account, the corresponding field in the MBAM Server Configuration wizard is provided. For a list of Windows PowerShell cmdlets and parameters that correspond to these accounts, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md#bkmk-reqd-posh-accts).
+This topic lists the roles and accounts that you must create in Active Directory Domain Services (AD DS) to provide security and access rights for the Microsoft BitLocker Administration and Monitoring (MBAM) databases, reports, and web applications. For each role and account, the corresponding field in the MBAM Server Configuration wizard is provided. For a list of Windows PowerShell cmdlets and parameters that correspond to these accounts, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md#bkmk-reqd-posh-accts).
 
-**Note**  
+**Note**  
 MBAM does not support the use of managed service accounts.
 
- 
+
 
 ## Database accounts
 
@@ -61,7 +64,7 @@ Create the following accounts for the Compliance and Audit Database and the Reco
 
 
 
- 
+
 
 ## Reporting accounts
 
@@ -102,7 +105,7 @@ Create the following accounts for the Reports feature.
 
 
 
- 
+
 
 ## Administration and Monitoring Website (Help Desk) accounts
 
@@ -134,11 +137,10 @@ Create the following accounts for the Administration and Monitoring Website.
 
    If you enter a group name in the Read/write access domain user or group field on the Configure Databases page, the value you enter in this field must be a member of that group.
    
 
    If you do not specify credentials, the credentials that were specified for any previously enabled web application will be used. All web applications must use the same application pool credentials. If you specify different credentials for different web applications, the most recently specified value will be used.
    
 
    
-Important  
-
    For improved security, set the account that is specified in the credentials to have limited user rights.
    
+Important
    For improved security, set the account that is specified in the credentials to have limited user rights.
    
 
    
 
    
- 
+
 
    
 
 
@@ -165,12 +167,12 @@ Create the following accounts for the Administration and Monitoring Website.
 
    Group
    
 
    MBAM Data Migration Users
    
 
    Optional domain user group whose members have permissions to write data to MBAM by using the MBAM Recovery and Hardware Service running on the MBAM server. This account is generally used with the Write-Mbam* cmdlets to write recovery and TPM data from Active Directory into the MBAM database.
    
-
    For more information, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md).
    
+
    For more information, see MBAM 2.5 Security Considerations.
    
 
 
 
 
- 
+
 
 
 ## Related topics
@@ -180,11 +182,11 @@ Create the following accounts for the Administration and Monitoring Website.
 
 [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
index 801ea71276..0a95efbd31 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5 High Availability
 description: Planning for MBAM 2.5 High Availability
-author: jamiejdt
+author: dansimp
 ms.assetid: 1e29b30c-33f1-4a52-9442-8c1391f0049c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
index 6fc0c1b5d5..41ccde26df 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5 Server Deployment
 description: Planning for MBAM 2.5 Server Deployment
-author: jamiejdt
+author: dansimp
 ms.assetid: 88774c89-31c8-4eb8-a845-a00bbec8c870
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -34,8 +37,8 @@ This topic lists the features that you deploy for the MBAM Stand-alone and Confi
 
 
    Review the following before you start the deployment:
    
 
 
    Each MBAM feature has specific prerequisites that must be met before you start the MBAM installation.
    
 
@@ -45,7 +48,7 @@ This topic lists the features that you deploy for the MBAM Stand-alone and Confi
 
 
 
    Keep track of the names of the computers on which you configure each feature. You will use this information throughout the configuration process.
    
-
    You may want to use the [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md) for this purpose.
    
+
    You may want to use the MBAM 2.5 Deployment Checklist for this purpose.
    
 
 
 
    Configure only the Group Policy settings in the MDOP MBAM (BitLocker Management) node. Do not change the Group Policy settings in the BitLocker Drive Encryption node.
    
@@ -54,7 +57,7 @@ This topic lists the features that you deploy for the MBAM Stand-alone and Confi
 
 
 
- 
+ 
 
 ## Planning for MBAM Server deployment – Stand-alone topology
 
@@ -105,7 +108,7 @@ For a description of these features, see [High-Level Architecture of MBAM 2.5 wi
 
 [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/planning-for-mbam-25.md b/mdop/mbam-v25/planning-for-mbam-25.md
index bbf4e631bb..5be4741f7c 100644
--- a/mdop/mbam-v25/planning-for-mbam-25.md
+++ b/mdop/mbam-v25/planning-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MBAM 2.5
 description: Planning for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: aebe82c0-e3b6-4bfb-beb0-b99f9c5c5267
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
index 2d7e4cedbf..56e258088e 100644
--- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
+++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
@@ -1,8 +1,11 @@
 ---
 title: Planning How to Secure the MBAM Websites
 description: Planning How to Secure the MBAM Websites
-author: jamiejdt
+author: dansimp
 ms.assetid: aea1d137-62cf-4da4-9989-541e0b5ad8d8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,7 +42,7 @@ This topic describes the following methods for securing the Microsoft BitLocker
 
 
 
- 
+
 
 For more information about how to secure your MBAM deployment, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md).
 
@@ -54,10 +57,10 @@ We recommend that you use a certificate to secure the communication between the:
 
 For information about requesting and installing a certificate, see [Configuring Internet Server Certificates](https://technet.microsoft.com/library/cc731977.aspx).
 
-**Note**  
+**Note**  
 You can configure the websites and web services on different servers only if you are using Windows PowerShell. If you use the MBAM Server Configuration wizard to configure the websites, you must configure the websites and the web services on the same server.
 
- 
+
 
 To secure the communication between the web services and the databases, we also recommend that you force encryption in SQL Server. For information about securing all connections to SQL Server, including communication between the web services and SQL Server, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-secure-databases).
 
@@ -91,14 +94,13 @@ Review the information in the following table before you start creating SPNs.
 
 
 
-
    Create a service account in Active Directory Domain Services (AD DS).
    
+
    Create a service account in Active Directory Domain Services (AD DS).
    
 
    The service account is a user account that you create in AD DS to provide security for the MBAM websites. The MBAM websites run under an application pool, whose identity is the name of the service account. The SPNs are then registered in the application pool account.
    
 
    
-Note  
-
    You must use the same application pool account for all web servers.
    
+Note
    You must use the same application pool account for all web servers.
    
 
    
 
    
- 
+
 
    
 
 
@@ -116,7 +118,7 @@ Review the information in the following table before you start creating SPNs.
 
 
 
- 
+
 
 ### Registering SPNs when you use a fully qualified domain host name
 
@@ -141,13 +143,13 @@ If you use a fully qualified domain host name when you configure MBAM, you have
 
 
 
    Configure constrained delegation for the SPN that you are registering for the application pool account.
    
-
    [Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)
    
+
    Configuring Constrained Delegation
    
 
    This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.
    
 
 
 
 
- 
+
 
 ### Registering SPNs when you use a NetBIOS host name
 
@@ -177,13 +179,13 @@ If you use a NetBIOS host name when you configure MBAM, register one SPN for the
 
 
 
    Configure constrained delegation for the SPNs that you are registering for the application pool account.
    
-
    [Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)
    
+
    Configuring Constrained Delegation
    
 
    This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.
    
 
 
 
 
- 
+
 
 ### Registering SPNs when you use a virtual host name
 
@@ -218,18 +220,18 @@ If you configure MBAM with a virtual host name that is a fully qualified domain
 
 
 
    On the Domain Name Server (DNS) server, create an “A record” for the custom host name and point it to a web server or a load balancer.
    
-
    See the “To configure DNS Host A Records” section in [Configure DNS Host Records](https://go.microsoft.com/fwlink/?LinkId=394337).
    
+
    See the “To configure DNS Host A Records” section in Configure DNS Host Records.
    
 
    We recommend that you use A records instead of CNAMES. If you use CNAMES to point to the domain address, you must also register SPNs for the web server name in the application pool account.
    
 
 
 
    Configure constrained delegation for the SPNs that you are registering for the application pool account.
    
-
    [Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)
    
+
    Configuring Constrained Delegation
    
 
    This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.
    
 
 
 
 
- 
+
 
 ### Registering an SPN when you upgrade from previous versions of MBAM
 
@@ -237,7 +239,7 @@ Complete the steps in this section only if you want to:
 
 -   Upgrade from a previous version of MBAM.
 
--   Run the websites in MBAM 2.5 in a load-balanced or distributed configuration, and you are currently running in a configuration that is not load balanced.
+-   Run the websites in MBAM 2.5 in a load-balanced or distributed configuration, and you are currently running in a configuration that is not load balanced.
 
 If you already registered SPNs on the machine account rather than in an application pool account, MBAM uses the existing SPNs, and you cannot configure the websites in a load-balanced or distributed configuration.
 
@@ -254,12 +256,12 @@ If you already registered SPNs on the machine account rather than in an applicat
 
 
 
-
    Create an application pool account in Active Directory Domain Services (AD DS).
    
+
    Create an application pool account in Active Directory Domain Services (AD DS).
    
 
    
 
 
 
    Remove the currently installed websites and web services.
    
-
    [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
    
+
    Removing MBAM Server Features or Software
    
 
 
 
    Remove SPNs from the machine account.
    
@@ -268,11 +270,11 @@ If you already registered SPNs on the machine account rather than in an applicat
 
 
 
    Register SPNs in the application pool account.
    
-
    Follow the steps for [Registering SPNs when you use a virtual host name](#bkmk-regvirtualspn).
    
+
    Follow the steps for Registering SPNs when you use a virtual host name.
    
 
 
 
    Reconfigure the web applications and web services.
    
-
    [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md)
    
+
    How to Configure the MBAM 2.5 Web Applications
    
 
 
 
    Do one of the following, depending on the method you use for the configuration:
    
@@ -298,13 +300,12 @@ If you already registered SPNs on the machine account rather than in an applicat
 
 
 
-
     
    
+
     
    
 
    
-Important  
-
    The host name that you enter must be the same name as the virtual host name for which you are creating the SPNs. Also, in your web farm, the host names and the application pool credentials must be the same on every server that you are configuring.
    
+Important
    The host name that you enter must be the same name as the virtual host name for which you are creating the SPNs. Also, in your web farm, the host names and the application pool credentials must be the same on every server that you are configuring.
    
 
    
 
    
- 
+
 
    
 
    When MBAM configures the web applications, it will try to register the SPNs for you, but it can do so only if you have Domain Admin rights on the server on which you are installing MBAM. If you do not have these rights, you can complete the configuration, but you will have to set the SPNs before or after you configure MBAM.
    
 
@@ -312,7 +313,7 @@ If you already registered SPNs on the machine account rather than in an applicat
 
 
 ## Required Request Filtering Settings
- 
+
  'Allow unlisted file name extensions' is required for the application to operate as expected.  This can be found by navigating to the 'Microsoft BitLocker Administration and Monitoring' -> Request Filtering -> Edit Feature Settings.
 
 
@@ -323,9 +324,9 @@ If you already registered SPNs on the machine account rather than in an applicat
 
 [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
 
- 
 
- 
+
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
diff --git a/mdop/mbam-v25/planning-to-deploy-mbam-25.md b/mdop/mbam-v25/planning-to-deploy-mbam-25.md
index 4d0379428b..e0e73d9033 100644
--- a/mdop/mbam-v25/planning-to-deploy-mbam-25.md
+++ b/mdop/mbam-v25/planning-to-deploy-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Planning to Deploy MBAM 2.5
 description: Planning to Deploy MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 1343b80c-d87a-42e7-b912-e84ba997d7e3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -31,7 +34,7 @@ The MBAM Server infrastructure depends on a set of server features that can be c
 **Note**  
 An MBAM installation on a single server is recommended only for lab environments.
 
- 
+ 
 
 The MBAM Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an enterprise software delivery system or by installing the Client on client computers as part of the initial imaging process.
 
@@ -50,9 +53,9 @@ With MBAM, you can encrypt a computer in your organization either before the end
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md b/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
index cccc386d97..bfc0fff5d3 100644
--- a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
+++ b/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing your Environment for MBAM 2.5
 description: Preparing your Environment for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 7552ba08-9dbf-40cd-8920-203d733fd242
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
index 24e0ea2b36..2329a20a37 100644
--- a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
+++ b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
@@ -1,8 +1,11 @@
 ---
 title: Prerequisites for MBAM 2.5 Clients
 description: Prerequisites for MBAM 2.5 Clients
-author: jamiejdt
+author: dansimp
 ms.assetid: fc230679-9c84-4b99-a77c-bae7e7bf8145
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -37,19 +40,19 @@ Before you install the MBAM Client software on end users' computers, ensure that
 
    
 
 
-
    For Windows 7 client computers only: Each client must have Trusted Platform Module (TPM) capability (TPM 1.2 or later).
    
+
    For Windows 7 client computers only: Each client must have Trusted Platform Module (TPM) capability (TPM 1.2 or later).
    
 
    
 
 
 
    For Windows 8.1, Windows 10 RTM or Windows 10 version 1511 client computers only: If you want MBAM to be able to store and manage the TPM recovery keys, TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM.
    
 
    In MBAM 2.5 SP1 only, you no longer need to turn off TPM auto-provisioning, but you must make sure that the TPM Group Policy Objects are set to not escrow TPM OwnerAuth to Active Directory.
    
-
    [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-tpm)
    
+
    MBAM 2.5 Security Considerations
    
 
 
 
    For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM.
    
 
    In MBAM 2.5 SP1, you must turn on auto-provisioning.
    
 
    
-
    See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
+
    See TPM owner password for further details.
 
    
 
 
@@ -63,11 +66,10 @@ Before you install the MBAM Client software on end users' computers, ensure that
 
 
    The computer’s hard disk must have a BIOS that is compatible with TPM and that supports USB devices during computer startup.
    
 
    
-Note  
-
    Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.
    
+Note
    Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.
    
 
    
 
    
- 
+
 
    
 
 
@@ -77,11 +79,11 @@ Before you install the MBAM Client software on end users' computers, ensure that
 
 
 
- 
 
-**Important**  
+
+**Important**  
 If BitLocker was used without MBAM, MBAM can be installed and utilize the existing TPM information.
- 
+
 
 
 
@@ -92,11 +94,11 @@ If BitLocker was used without MBAM, MBAM can be installed and utilize the existi
 
 [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
index f00c62f502..f7ff13527a 100644
--- a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
+++ b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
@@ -1,8 +1,11 @@
 ---
 title: Prerequisites for the Configuration Manager Integration Feature
 description: Prerequisites for the Configuration Manager Integration Feature
-author: jamiejdt
+author: dansimp
 ms.assetid: b318cbd3-b009-44b8-991b-f7364c1cae88
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 08/30/2016
 
 If you deploy MBAM with the System Center Configuration Manager Integration topology, we recommend a three-server architecture, as described in [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md). This architecture can support 500,000 client computers.
 
-**Important**  
+**Important**  
 Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007.
 
- 
+
 
 ## General prerequisites for the Configuration Manager Integration feature
 
@@ -44,38 +47,37 @@ When you install MBAM with Configuration Manager, the following additional prere
 
 
 
    The Hardware Inventory Client Agent is on the Configuration Manager Server.
    
-
    For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).
    
-
    For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).
    
+
    For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager.
    
+
    For Configuration Manager 2007, see How to Configure Hardware Inventory for a Site.
    
 
 
 
    One of the following is enabled, depending on the version of Configuration Manager that you are using:
    
 
      
-
    • Compliance Settings - (System Center 2012 Configuration Manager)
      • 
+
    • Compliance Settings - (System Center 2012 Configuration Manager)
      • 
 
    • Desired Configuration Management (DCM) Client Agent – (Configuration Manager 2007)
      • 
 
    
-
    For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).
    
-
    For Configuration Manager 2007, see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).
    
+
    For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager.
    
+
    For Configuration Manager 2007, see Desired Configuration Management Client Agent Properties.
    
 
 
 
    A reporting services point is defined in Configuration Manager. Required for SQL Server Reporting Services (SSRS).
    
-
    For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).
    
-
    For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).
    
+
    For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager.
    
+
    For Configuration Manager 2007, see How to Create a Reporting Services Point for SQL Reporting Services.
    
 
 
 
    Configuration Manager 2007 requires Microsoft .NET Framework 2.0
    
 
    The Desired Configuration Management (DCM) Client Agent in Configuration Manager 2007 requires .NET Framework 2.0 to report compliance.
    
 
    
-Note  
-
    Installing .NET Framework 3.5 automatically installs .NET Framework 2.0.
    
+Note
    Installing .NET Framework 3.5 automatically installs .NET Framework 2.0.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 ## Required permissions to install MBAM with Configuration Manager
 
@@ -107,9 +109,9 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
 
 
- 
 
-**System Center 2012 Configuration Manager**
+
+**System Center 2012 Configuration Manager**
 
 @@ -138,7 +140,7 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
    
 

 
    
 
- 
+
 
 **Configuration Manager 2007**
 
@@ -169,12 +171,12 @@ To install MBAM with Configuration Manager, you must have an administrative user
 
 
 
- 
+
 
 ## Required changes for the .mof files
 
 
-To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file and Sms\_def.mof file for System Center 2012 Configuration Manager and Microsoft System Center Configuration Manager 2007. For instructions, see [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md).
+To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file and Sms\_def.mof file for System Center 2012 Configuration Manager and Microsoft System Center Configuration Manager 2007. For instructions, see [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md).
 
 
 
@@ -185,11 +187,11 @@ To enable the client computers to report BitLocker compliance details through th
 
 [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
index a39802e24b..3e71f9ec51 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for MBAM 2.5 SP1
 description: Release Notes for MBAM 2.5 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: 3ac424c8-c490-4d62-aba4-1b462c02e962
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md
index 5ed4366556..ca65e45a7a 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Release Notes for MBAM 2.5
 description: Release Notes for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: fcaf03e6-5e39-4771-af3c-a3cd468f3961
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -32,7 +35,7 @@ Help links in the MBAM Server Configuration tool can cause browser windows to op
 **Note**  
 This is fixed in MBAM 2.5 SP1.
 
- 
+ 
 
 ###  MBAM reports as noncompliant a client encrypted with AES 256-bit encryption keys and Diffuser
 
@@ -128,42 +131,42 @@ This table lists the hotfixes and KB articles for MBAM 2.5.
 
 
    2975636
    
 
    Hotfix Package 1 for Microsoft BitLocker Administration and Monitoring 2.5
    
-
    [support.microsoft.com/kb/2975636/EN-US](https://support.microsoft.com/kb/2975636/EN-US)
    
+
    support.microsoft.com/kb/2975636/EN-US
    
 
 
 
    3015477
    
 
    Hotfix Package 2 for BitLocker Administration and Monitoring 2.5
    
-
    [support.microsoft.com/kb/3015477](https://support.microsoft.com/kb/3015477)
    
+
    support.microsoft.com/kb/3015477
    
 
 
 
    3011022
    
 
    MBAM 2.5 installation or Configuration Manager reporting fails if the name of SSRS instance contains an underscore
    
-
    [support.microsoft.com/kb/3011022/EN-US](https://support.microsoft.com/kb/3011022/EN-US)
    
+
    support.microsoft.com/kb/3011022/EN-US
    
 
 
 
    2756402
    
 
    MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description
    
-
    [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)
    
+
    support.microsoft.com/kb/2756402/EN-US
    
 
 
 
    2639518
    
 
    Error opening Enterprise or Computer Compliance Reports in MBAM
    
-
    [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)
    
+
    support.microsoft.com/kb/2639518/EN-US
    
 
 
 
    2870842
    
 
    MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008
    
-
    [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)
    
+
    support.microsoft.com/kb/2870842/EN-US
    
 
 
 
    2975472
    
 
    SQL deadlocks when many MBAM clients connect to the MBAM recovery database
    
-
    [support.microsoft.com/kb/2975472/EN-US](https://support.microsoft.com/kb/2975472/EN-US)
    
+
    support.microsoft.com/kb/2975472/EN-US
    
 
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -171,7 +174,7 @@ This table lists the hotfixes and KB articles for MBAM 2.5.
 
 [About MBAM 2.5](about-mbam-25.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
diff --git a/mdop/mbam-v25/removing-mbam-server-features-or-software.md b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
index bf66d191ab..640588cc30 100644
--- a/mdop/mbam-v25/removing-mbam-server-features-or-software.md
+++ b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
@@ -1,8 +1,11 @@
 ---
 title: Removing MBAM Server Features or Software
 description: Removing MBAM Server Features or Software
-author: jamiejdt
+author: dansimp
 ms.assetid: 5212ba3f-124d-43c5-824a-608e9a192e86
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ These instructions explain how to remove software and features from Microsoft Bi
 **Note**  
 To prevent the accidental removal of data, MBAM provides no mechanism for removing the databases; you must do that manually.
 
- 
+ 
 
 ## Removing MBAM Server features
 
@@ -78,9 +81,9 @@ Use the following steps to remove the MBAM Server software and any MBAM Server f
 
 [Deploying MBAM 2.5](deploying-mbam-25.md)
 
- 
+ 
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/server-event-logs.md b/mdop/mbam-v25/server-event-logs.md
index c2d73ac15e..b02ad84d6d 100644
--- a/mdop/mbam-v25/server-event-logs.md
+++ b/mdop/mbam-v25/server-event-logs.md
@@ -1,8 +1,11 @@
 ---
 title: Server Event Logs
 description: Server Event Logs
-author: jamiejdt
+author: dansimp
 ms.assetid: 04e724d2-28cc-4fa8-86a1-0d4ab0234b11
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -301,10 +304,10 @@ The following table contains messages and troubleshooting information for event
 
    ReportProviderUnexpectedError
    
 
    Report provider unexpected error.
    
 
    Report provider unexpected error. {Description} {exceptionDetails} These are some of the possible exception details:
    
-
    An error occurred while getting the name of directory '{directoryName}'
    
-
    An exception occurred while getting files for directory '{directoryName}'
    
-
    An exception occurred while enumerating directories in directory '{directoryName}'
    
-
    An exception occurred while reading all bytes for file '{fileName}'
    
+
    An error occurred while getting the name of directory '{directoryName}'
    
+
    An exception occurred while getting files for directory '{directoryName}'
    
+
    An exception occurred while enumerating directories in directory '{directoryName}'
    
+
    An exception occurred while reading all bytes for file '{fileName}'
    
 
    During MBAM installation, MBAM setup unzips all the report files to the specified installation path. As a part of report installation, install module tries to access the unzipped report files at installation path and communicates with SQL Reporting services to publish the report files. The above errors occur when MBAM cannot access the files/folders at unzipped Installation path. These are some tips to troubleshoot this issue:
    
 
      
 
    • Verify that MBAM is installed.
      • 
@@ -320,7 +323,7 @@ The following table contains messages and troubleshooting information for event
 
    • Using SSRS console verify that SSRS is enabled and running.
      • 
 
    • Verify that user running the setup is authorized to access SSRS.
      • 
 
    
-
    Failed to remove the MBAM Reports using Reporting Services instance URL '{SSRSInstanceUrl}'.Make sure the SSRS instance required for MBAM Reports is running and configured correctly.
    
+
    Failed to remove the MBAM Reports using Reporting Services instance URL '{SSRSInstanceUrl}'.Make sure the SSRS instance required for MBAM Reports is running and configured correctly.
    
 
    When MBAM installation fails or When user disables MBAM Reporting features, setup module removes SSRS reports. The above message indicates that MBAM failed to remove SSRS reports. These are some tips to troubleshoot this issue:
    
 
      
 
    • Verify that SSRS is installed on the specified machine.
      • 
@@ -333,8 +336,8 @@ The following table contains messages and troubleshooting information for event
 
    • Using SSRS console verify that SSRS is enabled and running.
      • 
 
    • Verify that the user running the setup is authorized to access/publish reports to SSRS.
      • 
 
    
-
    A policy for group user name '{userName}' already exists. In case this is not correct, manually revise the Reporting Service for duplicate or invalid policies.
    
-
    After Publishing MBAM reports, MBAM setup tries to create a MBAM Report Users roles (if it does not exist already) and sets corresponding user policy. The above error indicates that SSRS web service threw an exception while setting up report user role policy. Follow the instructions in the event message and refer to "https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=SQL+Server+Reporting+Services&ProdVer=8.00&EvtID=rsInvalidPolicyDefinition&EvtSrc=Microsoft.ReportingServices.Diagnostics.ErrorStrings.resources.Strings&LCID=1033" for more help.
    
+
    A policy for group user name '{userName}' already exists. In case this is not correct, manually revise the Reporting Service for duplicate or invalid policies.
    
+
    After Publishing MBAM reports, MBAM setup tries to create a MBAM Report Users roles (if it does not exist already) and sets corresponding user policy. The above error indicates that SSRS web service threw an exception while setting up report user role policy. Follow the instructions in the event message and refer to "https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=SQL+Server+Reporting+Services&ProdVer=8.00&EvtID=rsInvalidPolicyDefinition&EvtSrc=Microsoft.ReportingServices.Diagnostics.ErrorStrings.resources.Strings&LCID=1033"; for more help.
    
 
    An error occurred while validating access to SSRS {exceptionDetails}.
    
 
    As part of prerequisite check, MBAM setup verifies if the user has necessary permissions to access/create folder under SSRS. The error message indicates that an exception has occurred while verifying access to SSRS. Refer to the exception details for debugging tips.
    
 
    A SOAP error occurred while checking the SSRS URL.{exceptionDetails}
    
@@ -354,12 +357,12 @@ The following table contains messages and troubleshooting information for event
 
  • Using SSRS console verify that SSRS is enabled and running.
    • 
 
  • Verify that the user executing the setup is authorized to query SSRS class under WMI namespace.
    • 
 
-
    The current user is not authorized to access the WMI namespace '{ssrsWMINamespace}'.
    
-
    An error occurred while enumerating the namespace '{ssrsWMINamespace}'. RPC server for SSRS WMI provider on the local host is not found.
    
-
    An error occurred while enumerating the namespace '{ssrsNamespace}'. Unable to find an instance of SSRS on the local host.
    
-
    An error occurred while accessing WMI. RPC server for instance '{ssrsInstance}' was not found.
    
-
    An error occurred while accessing WMI. Instance name '{ssrsInstanceName}' is not correct.
    
-
    An error occurred while accessing WMI. Unable to find instance '{ssrsInstanceName}' on the local host.
    
+
    The current user is not authorized to access the WMI namespace '{ssrsWMINamespace}'.
    
+
    An error occurred while enumerating the namespace '{ssrsWMINamespace}'. RPC server for SSRS WMI provider on the local host is not found.
    
+
    An error occurred while enumerating the namespace '{ssrsNamespace}'. Unable to find an instance of SSRS on the local host.
    
+
    An error occurred while accessing WMI. RPC server for instance '{ssrsInstance}' was not found.
    
+
    An error occurred while accessing WMI. Instance name '{ssrsInstanceName}' is not correct.
    
+
    An error occurred while accessing WMI. Unable to find instance '{ssrsInstanceName}' on the local host.
    
 
    As part of prerequisite check, MBAM setup queries WMI to retrieve WMI namespace associated to given instance. The above error message indicates that and exception was occurred while querying WMI. Refer to exceptionDetails for more information. These are some checks you can perform:
    
 
      
 
    • Verify that SSRS with given instance name is installed on the specified machine.
      • 
@@ -443,7 +446,7 @@ The following table contains messages and troubleshooting information for event
 
 
 
- 
+ 
 
 ## Operation
 
@@ -472,9 +475,9 @@ The following table contains messages and troubleshooting information for event
 
      1
      
 
      Microsoft-Windows-MBAM-Web/Admin
      
 
      WebAppSpnError
      
-
      Application: {SiteName}\{VirtualDirectory} is missing the following Service Principal Names (SPNs):{ListOfSpns} Register the required SPNs on the account: {ExecutionAccount}.
      
+
      Application: {SiteName}{VirtualDirectory} is missing the following Service Principal Names (SPNs):{ListOfSpns} Register the required SPNs on the account: {ExecutionAccount}.
      
 
      For Integrated Windows Authentication to succeed, necessary SPNs needs to be in place. This message indicates that the SPN required for MBAM application has not been correctly configured. Details contained in this event should provide more information.
      
-
      See “Service Principal Name (SPN)” in [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md#bkmk-prereqsams) for more information.
      
+
      See “Service Principal Name (SPN)” in MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies for more information.
      
 
 
 
      4
      
@@ -510,7 +513,7 @@ The following table contains messages and troubleshooting information for event
 
      QueryRecoveryKeyIdsForUser: An error occurred while getting recovery key Ids from the database. Message:{message} -or-
      
 
      QueryVolumeUsers: An error occurred while getting user information from the database.
      
 
      This message is logged whenever there is an exception while communicating with the MBAM recovery database. Read through the information contained in the trace to get specific details about the exception.
      
-
      For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).
      
+
      For detailed troubleshooting steps, see the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine.
      
 
 
 
      101
      
@@ -522,7 +525,7 @@ The following table contains messages and troubleshooting information for event
 
      QueryRecoveryKeyIdsForUser: An error occurred while logging an audit event to the compliance database. Message:{message} -or-
      
 
      QueryDriveRecoveryData: An error occurred while logging an audit event to the compliance database. Message:{message}
      
 
      This message is logged whenever there is an exception while communicating the MBAM compliance database. Read through the information contained in the trace to get specific details about the exception.
      
-
      For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).
      
+
      For detailed troubleshooting steps, see the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine.
      
 
 
 
      102
      
@@ -530,7 +533,7 @@ The following table contains messages and troubleshooting information for event
 
      AgentServiceRecoveryDbError
      
 
      
 
      This message indicates an exception when MBAM Agent service tries to communicate with the recovery database. Read through the message contained in the event to get specific information about the exception.
      
-
      See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether the MBAM app pool account has required permissions in place to connect or execute on MBAM recovery database.
      
+
      See the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether the MBAM app pool account has required permissions in place to connect or execute on MBAM recovery database.
      
 
 
 
      103
      
@@ -555,7 +558,7 @@ The following table contains messages and troubleshooting information for event
 
      StatusServiceComplianceDbError
      
 
      
 
      This error indicates that MBAM websites/web services were unable to connect to the MBAMCompliance database.
      
-
      See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the IIS app pool account could connect to the MBAM compliance database.
      
+
      See the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify that the IIS app pool account could connect to the MBAM compliance database.
      
 
 
 
      106
      
@@ -598,7 +601,7 @@ The following table contains messages and troubleshooting information for event
 
      QueryRecoveryKeyIdsForUser: an error occurred while getting recovery key Ids for a user. Message:{message} -or-
      
 
      An error occurred while getting TPM password hash from the Recovery database. EventDetails:{ExceptionMessage}
      
 
      This message indicates that recovery database connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\RecoveryDBConnectionString" is invalid. Verify the given registry key value. –or-
      
-
      If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Recovery database from IIS server using app pool credentials.
      
+
      If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether a connection could be made to the MBAM Recovery database from IIS server using app pool credentials.
      
 
 
 
      110
      
@@ -609,7 +612,7 @@ The following table contains messages and troubleshooting information for event
 
      QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the Compliance database. Message:{message} -or-
      
 
      QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the compliance database. Message:{message}
      
 
      This message indicates that compliance db connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\ComplianceDBConnectionString" is invalid. Verify the value corresponding to above registry key. –or-
      
-
      If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Compliance database from IIS server using app pool credentials.
      
+
      If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether a connection could be made to the MBAM Compliance database from IIS server using app pool credentials.
      
 
 
 
      111
      
@@ -622,7 +625,7 @@ The following table contains messages and troubleshooting information for event
 
    • MBAM websites/webservices execution account(app pool account) could not run the GetVersion stored procedure on MBAMCompliance OR MBAMRecovery database
      • 
 
    
 
    The message contained in the event will provide more details about the exception.
    
-
    Refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the MBAM execution account (app pool account) could connect to MBAM compliance/recovery database and it has permissions in place to execute GetVersion stored procedure.
    
+
    Refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify that the MBAM execution account (app pool account) could connect to MBAM compliance/recovery database and it has permissions in place to execute GetVersion stored procedure.
    
 
 
 
    112
    
@@ -658,7 +661,7 @@ The following table contains messages and troubleshooting information for event
 
 
 
- 
+ 
 
 
 ## Related topics
@@ -668,11 +671,11 @@ The following table contains messages and troubleshooting information for event
 
 [Client Event Logs](client-event-logs.md)
 
- 
+ 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+ 
 
 
 
diff --git a/mdop/mbam-v25/technical-reference-for-mbam-25.md b/mdop/mbam-v25/technical-reference-for-mbam-25.md
index d09d2963c8..a8b62bb56d 100644
--- a/mdop/mbam-v25/technical-reference-for-mbam-25.md
+++ b/mdop/mbam-v25/technical-reference-for-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for MBAM 2.5
 description: Technical Reference for MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: da77a5b6-d5cf-4bae-9475-13a75088ab23
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/troubleshooting-mbam-25.md b/mdop/mbam-v25/troubleshooting-mbam-25.md
index cb05acd2bf..e756c4cc34 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-25.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MBAM 2.5
 description: Troubleshooting MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: f35e7aef-2c3c-4d43-b170-6830d2756063
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
index 508b82dd72..5f546b0f97 100644
--- a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
+++ b/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md
@@ -1,8 +1,11 @@
 ---
 title: Understanding MBAM 2.5 Stand-alone Reports
 description: Understanding MBAM 2.5 Stand-alone Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: 78b5aaf4-8257-4722-8eb9-e0de48db6a11
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 This topic describes the reports that are available when you are running Microsoft BitLocker Administration and Monitoring (MBAM) in the Stand-alone topology.
 
-**Note**  
+**Note**  
 If you are running MBAM with the Configuration Manager Integration topology, you generate reports from Configuration Manager rather than from MBAM. See [Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md) for more information about these reports.
 
- 
+
 
 ## Understanding the MBAM Stand-alone topology reports
 
@@ -91,7 +94,7 @@ Use this report type to collect information about overall BitLocker compliance i
 
 
 
- 
+
 
 **Enterprise Compliance Computer Details**
 
@@ -134,7 +137,7 @@ Use this report type to collect information about overall BitLocker compliance i
 
 
 
- 
+
 
 ### Computer Compliance Report
 
@@ -142,10 +145,10 @@ Use this report type to collect information that is specific to a computer or us
 
 View this report by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. This report shows detailed encryption information about each drive (operating system and fixed data drives) on a computer. It also indicates the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry.
 
-**Note**  
+**Note**  
 Removable Data Volume encryption status is not shown in this report.
 
- 
+
 
 **Computer Compliance Report Fields**
 
@@ -225,7 +228,7 @@ Removable Data Volume encryption status is not shown in this report.
 
 
 
- 
+
 
 **Computer Compliance Report Drive Fields**
 
@@ -276,7 +279,7 @@ Removable Data Volume encryption status is not shown in this report.
 
 
 
- 
+
 
 ### Recovery Audit Report
 
@@ -312,12 +315,11 @@ Use this report type to audit users who have requested access to BitLocker recov
 
    Helpdesk User
    
 
    Help Desk user who initiated the request for key retrieval.
    
 
    
-Note  
-
    If an Advanced Helpdesk User recovers the key without specifying the end user, the End User field will be blank. A standard Helpdesk User must specify the end user, and that user will appear in this field.
    
+Note
    If an Advanced Helpdesk User recovers the key without specifying the end user, the End User field will be blank. A standard Helpdesk User must specify the end user, and that user will appear in this field.
    
 
    A recovery via the Self-Service Portal will list the requesting end user both in this field and in the End User field.
    
 
    
 
    
- 
+
 
    
 
 
@@ -359,12 +361,12 @@ Use this report type to audit users who have requested access to BitLocker recov
 
 
 
- 
 
-**Note**  
+
+**Note**  
 Report results can be saved to a file by clicking the **Export** button on the **Reports** menu bar.
 
- 
+
 
 
 ## Related topics
@@ -374,11 +376,11 @@ Report results can be saved to a file by clicking the **Export** button on the *
 
 [Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md b/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
index 6a9f2918f6..39cd813d57 100644
--- a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
+++ b/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md
@@ -1,8 +1,11 @@
 ---
 title: Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel
 description: Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel
-author: jamiejdt
+author: dansimp
 ms.assetid: f8a01cc2-0c77-48b9-8351-8194e80b0cf8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -63,19 +66,18 @@ The following table lists the tasks you can perform from each Control Panel item
 
    How the Control Panel item is created
    
 
    Created in Control Panel when you install the MBAM Client. This item cannot be hidden.
    
 
    
-Note  
-
    This item appears in addition to, but does not replace, the default BitLocker Drive Encryption Control Panel item.
    
+Note
    This item appears in addition to, but does not replace, the default BitLocker Drive Encryption Control Panel item.
    
 
    
 
    
- 
+
 
    
 
    Appears by default in Control Panel as part of the Windows operating system, but you can hide it.
    
-
    To hide it, see [Hiding the Default BitLocker Drive Encryption Item in Control Panel](hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md).
    
+
    To hide it, see Hiding the Default BitLocker Drive Encryption Item in Control Panel.
    
 
 
 
 
- 
+
 
 ## “Manage BitLocker” shortcut menu
 
@@ -111,7 +113,7 @@ The following table describes how the **Manage BitLocker** shortcut menu differs
 
 
 
- 
+
 
 
 ## Related topics
@@ -119,11 +121,11 @@ The following table describes how the **Manage BitLocker** shortcut menu differs
 
 [Administering MBAM 2.5 Features](administering-mbam-25-features.md)
 
- 
+
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
-- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
+- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). 
 
 
 
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 9332d62940..eb867b9ba1 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -1,8 +1,11 @@
 ---
 title: Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions
 description: Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions
-author: jamiejdt
+author: dansimp
 ms.assetid: a9edb4b8-5d5e-42ab-8db6-619db2878e50
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -19,7 +22,7 @@ This topic describes the process for upgrading the Microsoft BitLocker Administr
 **Note**  
 You can upgrade directly to MBAM 2.5 or MBAM 2.5 SP1 from any previous version of MBAM.
 
- 
+ 
 
 ## Before you start the upgrade
 
@@ -49,7 +52,7 @@ Review the following information before you start the upgrade.
 
    To resolve this issue:
    
 
    Run aspnet_regiis –i from the following location:
    
 
    C:\windows\microsoft.net\Framework\v4.0.30319
    
-
    For more information, see: [ASP.NET IIS Registration Tool](https://go.microsoft.com/fwlink/?LinkId=393272).
    
+
    For more information, see: ASP.NET IIS Registration Tool.
    
 
 
 
    Register an SPN on the application pool account if all of the following are true:
    
@@ -57,7 +60,7 @@ Review the following information before you start the upgrade.
 
  • You are upgrading from a previous version of MBAM.
    • 
 
  • Currently, you are not running the MBAM websites in a load-balanced or distributed configuration, but you would like to do so when you upgrade to MBAM 2.5 or 2.5 SP1.
    • 
 
-
    For instructions, see [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md#bkmk-registerspn).
    
+
    For instructions, see Planning How to Secure the MBAM Websites.
    
 @@ -83,7 +86,7 @@ Review the following information before you start the upgrade.
 
    
 
 

 
    
 
- 
+ 
 
 ## Steps to upgrade the MBAM Server infrastructure
 
@@ -101,7 +104,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo
     **Note**  
     The databases will not be removed, and all compliance and recovery data is maintained in the database.
 
-     
+     
 
 4.  Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, and web applications, in that order. The databases are upgraded in place.
 
@@ -124,7 +127,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo
     **Note**  
     The databases and the Configuration Manager objects (baseline, MBAM supported computers collection, and Reports) will not be removed, and all compliance and recovery data is maintained in the database.
 
-     
+     
 
 5.  Update the .mof files.
 
@@ -158,7 +161,7 @@ MBAM supports upgrades to the MBAM 2.5 Client from any earlier version of the M
 
 [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
index 8cf42399fe..d71c2b2b2a 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Upgrading to MBAM 2.5 SP1 from MBAM 2.5
 description: Upgrading to MBAM 2.5 SP1 from MBAM 2.5
-author: kaushika-msft
+author: dansimp
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -23,15 +26,15 @@ Verify you have a current documentation of your MBAM environment, including all
 ### Upgrade steps
 #### Steps to upgrade the MBAM Database (SQL Server)
 1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one.
-Note: You will not see an option to remove the Databases; this is expected.  
+   Note: You will not see an option to remove the Databases; this is expected.  
 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site:  
 3. Do not configure it at this time 
 4. Install the July 2018 Rollup: https://www.microsoft.com/download/details.aspx?id=57157
 5. Using the MBAM Configurator; re-add the Reports role
 6. This will configure the SSRS connection using the latest MBAM code from the rollup 
 7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server.
-- At the end, you will be warned that the DBs already exist and  weren’t created, but this is expected.
-- This process updates the existing databases to the current version  being installed                  
+8. At the end, you will be warned that the DBs already exist and  weren’t created, but this is expected.
+9. This process updates the existing databases to the current version  being installed                  
 
 #### Steps to upgrade the MBAM Server (Running MBAM and IIS)
 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from  the IIS server
@@ -40,7 +43,7 @@ Note: You will not see an option to remove the Databases; this is expected.  
 4. Install the July 2018 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=57157)
 5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
 6. This will configure the sites using the latest MBAM code from the July 2018 Rollup
-- Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
+7. Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
  
 #### Steps to upgrade the MBAM Clients/Endpoints
 1. Uninstall the 2.5 Agent from client endpoints
diff --git a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
index 56da96c821..33509cf80e 100644
--- a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
+++ b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
@@ -1,8 +1,11 @@
 ---
 title: Using Windows PowerShell to Administer MBAM 2.5
 description: Using Windows PowerShell to Administer MBAM 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: 64668e76-2cba-433d-8d2d-50df0a4b2997
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -46,7 +49,7 @@ Use the following Windows PowerShell cmdlets to recover computers or drives that
 
 
 
- 
+ 
 
 ##  MBAM cmdlet Help
 
@@ -67,24 +70,24 @@ Windows PowerShell Help for MBAM cmdlets is available in the following formats:
 
 
 
    At a Windows PowerShell command prompt, type Get-Help <cmdlet>
    
-
    To upload the latest Windows PowerShell cmdlets, follow the instructions in [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
    
+
    To upload the latest Windows PowerShell cmdlets, follow the instructions in Configuring MBAM 2.5 Server Features by Using Windows PowerShell
    
 
 
 
    On TechNet as webpages
    
-
    https://go.microsoft.com/fwlink/?LinkId=393498
    
+
    https://go.microsoft.com/fwlink/?LinkId=393498
    
 
 
 
    On the Download Center as a Word .docx file
    
-
    https://go.microsoft.com/fwlink/?LinkId=393497
    
+
    https://go.microsoft.com/fwlink/?LinkId=393497
    
 
 
 
    On the Download Center as a .pdf file
    
-
    https://go.microsoft.com/fwlink/?LinkId=393499
    
+
    https://go.microsoft.com/fwlink/?LinkId=393499
    
 
 
 
 
- 
+ 
 
 
 
@@ -95,7 +98,7 @@ Windows PowerShell Help for MBAM cmdlets is available in the following formats:
 
 [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
index c7b9098597..4c7082ea57 100644
--- a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
+++ b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
@@ -1,8 +1,11 @@
 ---
 title: Validating the MBAM 2.5 Server Feature Configuration
 description: Validating the MBAM 2.5 Server Feature Configuration
-author: jamiejdt
+author: dansimp
 ms.assetid: f4983a33-ce18-4186-a471-dd6415940504
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,10 +28,10 @@ Use the following steps to validate your MBAM Server deployment with the Stand-a
 
 1.  On each server where an MBAM feature is deployed, click **Control Panel** > **Programs** > **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list.
 
-    **Note**  
+    **Note**  
     To do the validation, you must use a domain account that has local computer administrative credentials on each server.
 
-     
+
 
 2.  On the server where the Recovery Database is configured, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is configured.
 
@@ -44,72 +47,74 @@ Use the following steps to validate your MBAM Server deployment with the Stand-a
 
 5.  Confirm that a reports folder named **Microsoft BitLocker Administration and Monitoring** contains a data source called **MaltaDataSource** as well as the language folders. The data source contains folders with names that represent languages (for example, en-us). The reports are in the language folders.
 
-    **Note**  
+    **Note**  
     If SQL Server Reporting Services (SSRS) was configured as a named instance, the URL should resemble the following: http(s)://< *MBAMReportsServerName*>:<*port*>/Reports\_<*SSRSInstanceName*>
 
-     
 
-    **Note**  
-    If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring Website (also known as Help Desk) and select a report, the following message appears: "Only Secure Content is Displayed." To show the report, click **Show All Content**.
 
-     
+~~~
+**Note**  
+If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring Website (also known as Help Desk) and select a report, the following message appears: "Only Secure Content is Displayed." To show the report, click **Show All Content**.
+~~~
 
-6.  On the server where the Administration and Monitoring Website feature is configured, run **Server Manager**, browse to **Roles**, and then select **Web Server (IIS)** > **Internet Information Services (IIS) Manager**.
 
-7.  In **Connections**, browse to *<computer name>* and select **Sites** > **Microsoft BitLocker Administration and Monitoring**. Verify that the following are listed:
 
-    -   **MBAMAdministrationService**
+6. On the server where the Administration and Monitoring Website feature is configured, run **Server Manager**, browse to **Roles**, and then select **Web Server (IIS)** > **Internet Information Services (IIS) Manager**.
 
-    -   **MBAMComplianceStatusService**
+7. In **Connections**, browse to *<computer name>* and select **Sites** > **Microsoft BitLocker Administration and Monitoring**. Verify that the following are listed:
 
-    -   **MBAMRecoveryAndHardwareService**
+   -   **MBAMAdministrationService**
 
-8.  On the server where the Administration and Monitoring Website and Self-Service Portal are configured, open a web browser with administrative credentials.
+   -   **MBAMComplianceStatusService**
 
-9.  Browse to the following websites to verify that they load successfully:
+   -   **MBAMRecoveryAndHardwareService**
 
-    -   https(s)://<*MBAMAdministrationServerName*>:<*port*>/HelpDesk/ - confirm each of the links for navigation and reports
+8. On the server where the Administration and Monitoring Website and Self-Service Portal are configured, open a web browser with administrative credentials.
 
-    -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/SelfService/
+9. Browse to the following websites to verify that they load successfully:
 
-    **Note**  
-    It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example:
+   -   https(s)://<*MBAMAdministrationServerName*>:<*port*>/HelpDesk/ - confirm each of the links for navigation and reports
 
-    http(s)://< *host name*>:<*port*>/HelpDesk/
+   -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/SelfService/
 
-    http(s)://< *host name*>:<*port*>/<*virtualdirectory*>/
+   **Note**  
+   It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example:
+
+   http(s)://< *host name*>:<*port*>/HelpDesk/
+
+   http(s)://< *host name*>:<*port*>/<*virtualdirectory*>/
+
+   If the server features were configured with network encryption, change http:// to https://.
 
-    If the server features were configured with network encryption, change http:// to https://.
 
-     
 
 10. Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page does not display any metadata.
 
-    -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMAdministrationService/AdministrationService.svc
+   -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMAdministrationService/AdministrationService.svc
 
-    -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMUserSupportService/UserSupportService.svc
+   -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMUserSupportService/UserSupportService.svc
 
-    -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMComplianceStatusService/StatusReportingService.svc
+   -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMComplianceStatusService/StatusReportingService.svc
 
-    -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMRecoveryAndHardwareService/CoreService.svc
+   -   http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMRecoveryAndHardwareService/CoreService.svc
 
 ## Validating the MBAM Server deployment with the Configuration Manager Integration topology
 
 
 Use the following steps to validate your MBAM deployment with the Configuration Manager Integration topology. Complete the validation steps that match the version of Configuration Manager that you are using.
 
-### Validating the MBAM Server deployment with System Center 2012 Configuration Manager
+### Validating the MBAM Server deployment with System Center 2012 Configuration Manager
 
-Use these steps to validate your MBAM Server deployment when you are using MBAM with System Center 2012 Configuration Manager.
+Use these steps to validate your MBAM Server deployment when you are using MBAM with System Center 2012 Configuration Manager.
 
-**To validate a Configuration Manager Integration MBAM Server deployment – System Center 2012 Configuration Manager**
+**To validate a Configuration Manager Integration MBAM Server deployment – System Center 2012 Configuration Manager**
 
-1.  On the server where System Center 2012 Configuration Manager is deployed, open **Programs and Features** in **Control Panel**, and verify that **Microsoft BitLocker Administration and Monitoring** appears.
+1.  On the server where System Center 2012 Configuration Manager is deployed, open **Programs and Features** in **Control Panel**, and verify that **Microsoft BitLocker Administration and Monitoring** appears.
 
-    **Note**  
+    **Note**  
     To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
 
-     
+
 
 2.  In the Configuration Manager console, click the **Assets and Compliance** workspace > **Device Collections**, and confirm that a new collection called **MBAM Supported Computers** is displayed.
 
@@ -141,10 +146,10 @@ Use these steps to validate your MBAM Server deployment when you are using MBAM
 
 1.  On the server where Configuration Manager 2007 is deployed, open **Programs and Features** on **Control Panel** , and verify that **Microsoft BitLocker Administration and Monitoring** appears.
 
-    **Note**  
+    **Note**  
     To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
 
-     
+
 
 2.  In the Configuration Manager console, click **Site Database <SiteCode> - <ServerName>, <SiteName>), Computer Management**, and confirm that a new collection called **MBAM Supported Computers** is displayed.
 
@@ -175,11 +180,11 @@ Use these steps to validate your MBAM Server deployment when you are using MBAM
 
 [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md)
 
- 
+
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
- 
+
 
 
 
diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
index b8c9ce465b..66de3b12f9 100644
--- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology
 description: Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology
-author: jamiejdt
+author: dansimp
 ms.assetid: 60d11b2f-3a76-4023-8da4-f89e9f35b790
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -55,7 +58,7 @@ To access the Reports feature in Configuration Manager:
 
 
 
- 
+ 
 
 ## Description of reports in Configuration Manager
 
@@ -183,7 +186,7 @@ This report shows information about the overall BitLocker compliance across your
 
 
 
- 
+ 
 
 **BitLocker Enterprise Compliance Details States**
 
@@ -214,7 +217,7 @@ This report shows information about the overall BitLocker compliance across your
 
 
 
- 
+ 
 
 ### BitLocker Enterprise Compliance Summary
 
@@ -281,7 +284,7 @@ Use this report type to show information about the overall BitLocker compliance
 
 
 
- 
+ 
 
 **BitLocker Enterprise Compliance Summary Computer Details**
 
@@ -328,7 +331,7 @@ Use this report type to show information about the overall BitLocker compliance
 
 
 
- 
+ 
 
 ### BitLocker Computer Compliance Report
 
@@ -337,7 +340,7 @@ Use this report type to collect information that is specific to a computer. The
 **Note**  
 The Removable Data Volume encryption status is not shown in this report.
 
- 
+ 
 
 **BitLocker Computer Compliance Report: Computer Details Fields**
 
@@ -428,7 +431,7 @@ The Removable Data Volume encryption status is not shown in this report.
 
 
 
- 
+ 
 
 **BitLocker Computer Compliance Report: Computer Volume Fields**
 
@@ -471,14 +474,14 @@ The Removable Data Volume encryption status is not shown in this report.
 
 
 
- 
+ 
 
 ## Related topics
 
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
index 98fca5e3d3..9de3997194 100644
--- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
+++ b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing MBAM 2.5 Reports for the Stand-alone Topology
 description: Viewing MBAM 2.5 Reports for the Stand-alone Topology
-author: jamiejdt
+author: dansimp
 ms.assetid: 50e93c3a-baf1-4378-8fc0-74dd65d76306
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -32,21 +35,21 @@ See the following topics for information about Stand-alone reports:
 
 
 
    Report descriptions - MBAM Stand-alone topology
    
-
    [Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md)
    
+
    Understanding MBAM 2.5 Stand-alone Reports
    
 
 
 
    Instructions for generating reports - MBAM Stand-alone topology
    
-
    [Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md)
    
+
    Generating MBAM 2.5 Stand-alone Reports
    
 
 
 
 
- 
+ 
 
 **Note**  
 If you are using the Configuration Manager Integration topology, most reports are generated from Configuration Manager rather than from MBAM. See [Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md).
 
- 
+ 
 
 
 ## Related topics
@@ -54,9 +57,9 @@ If you are using the Configuration Manager Integration topology, most reports ar
 
 [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)
 
- 
+ 
 
- 
+ 
 
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). 
diff --git a/mdop/medv-v1/about-med-v-10-sp1.md b/mdop/medv-v1/about-med-v-10-sp1.md
index e8ee1728e1..56178030f7 100644
--- a/mdop/medv-v1/about-med-v-10-sp1.md
+++ b/mdop/medv-v1/about-med-v-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About MED-V 1.0 SP1
 description: About MED-V 1.0 SP1
-author: jamiejdt
+author: dansimp
 ms.assetid: 4c16e935-46c4-49c3-9e53-c60404d5da0c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/about-med-v-10.md b/mdop/medv-v1/about-med-v-10.md
index fb900f587a..88acba7244 100644
--- a/mdop/medv-v1/about-med-v-10.md
+++ b/mdop/medv-v1/about-med-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: About MED-V 1.0
 description: About MED-V 1.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 89651022-a2ba-4d8a-a3ff-68539ea7a235
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/about-this-guidemedv.md b/mdop/medv-v1/about-this-guidemedv.md
index bcbe6524fd..223ee88fbe 100644
--- a/mdop/medv-v1/about-this-guidemedv.md
+++ b/mdop/medv-v1/about-this-guidemedv.md
@@ -1,8 +1,11 @@
 ---
 title: About This Guide
 description: About This Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: 17d8f150-226e-45f8-87e3-f425a77243e4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/client-installation-command-line-reference.md b/mdop/medv-v1/client-installation-command-line-reference.md
index f7843677f9..2556d5ec09 100644
--- a/mdop/medv-v1/client-installation-command-line-reference.md
+++ b/mdop/medv-v1/client-installation-command-line-reference.md
@@ -1,8 +1,11 @@
 ---
 title: Client Installation Command Line Reference
 description: Client Installation Command Line Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 122a593d-3314-4e9b-858a-08a25ed00c32
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -90,11 +93,10 @@ ms.date: 06/16/2016
 
    Default: 1
    
 
    Starts MED-V at the completion of the MED-V installation.
    
 
    
-Note  
-
    It is recommended to set START_MEDV=0 in case MED-V is installed by the system.
    
+Note
    It is recommended to set START_MEDV=0 in case MED-V is installed by the system.
    
 
    
 
    
- 
+
 
    
 
 
@@ -116,11 +118,11 @@ ms.date: 06/16/2016
 
 
 
- 
-
- 
-
- 
+
+
+
+
+
 
 
 
diff --git a/mdop/medv-v1/configuring-med-v-for-remote-networks.md b/mdop/medv-v1/configuring-med-v-for-remote-networks.md
index 636bf205a1..a7a19283f2 100644
--- a/mdop/medv-v1/configuring-med-v-for-remote-networks.md
+++ b/mdop/medv-v1/configuring-med-v-for-remote-networks.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring MED-V for Remote Networks
 description: Configuring MED-V for Remote Networks
-author: jamiejdt
+author: dansimp
 ms.assetid: 4d2f0081-622f-4a6f-8d73-f8c2108036e0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -46,7 +49,7 @@ You can configure MED-V to work from inside a network, remotely, or both from in
 **Note**  
 When applying new settings, the service must be restarted.
 
- 
+ 
 
 -   You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry:
 
@@ -69,9 +72,9 @@ When applying new settings, the service must be restarted.
 
 [MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md b/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md
index 07a7c2aac8..711eae625b 100644
--- a/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md
+++ b/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring MED-V Server for Cluster Mode
 description: Configuring MED-V Server for Cluster Mode
-author: jamiejdt
+author: dansimp
 ms.assetid: 41f0b2a3-4ce9-48e1-a6fb-4c13c4228515
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,16 +45,16 @@ You can configure the MED-V server in cluster mode. In cluster mode, two servers
 **Note**  
 If all servers have the same local settings (such as listening ports, IIS server, management permissions, report database, and so on), the *<InstallDir>/Servers/ServerSettings.xml* can be shared by all servers as well.
 
- 
+ 
 
 ## Related topics
 
 
 [MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/configuring-med-v-workspace-policies.md b/mdop/medv-v1/configuring-med-v-workspace-policies.md
index d307967d15..d870b70e1c 100644
--- a/mdop/medv-v1/configuring-med-v-workspace-policies.md
+++ b/mdop/medv-v1/configuring-med-v-workspace-policies.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring MED-V Workspace Policies
 description: Configuring MED-V Workspace Policies
-author: jamiejdt
+author: dansimp
 ms.assetid: 0eaed981-cbf3-4b16-a4b7-4705c5705dc7
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -27,7 +30,7 @@ It is important to decide on the type of MED-V workspace you are creating before
 **Note**  
 When configuring a policy, a warning symbol appears next to mandatory fields that are not filled in. If a mandatory field is not filled in, the symbol appears on the tab as well.
 
- 
+ 
 
 ## In This Section
 
@@ -59,9 +62,9 @@ Describes the performance settings of a MED-V workspace, and how to apply them t
 [How to Import and Export a Policy](how-to-import-and-export-a-policy.md)  
 Describes how to import and export a policy.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/creating-a-med-v-image.md b/mdop/medv-v1/creating-a-med-v-image.md
index d8432598da..c784d59836 100644
--- a/mdop/medv-v1/creating-a-med-v-image.md
+++ b/mdop/medv-v1/creating-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a MED-V Image
 description: Creating a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: 7cbbcd22-83f5-4b60-825f-781b4c6a2d36
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -40,11 +43,11 @@ Describes how to delete a MED-V image.
 **Note**  
 After the MED-V image is configured, the computer should not be part of a domain because the join domain procedure should be performed on the client after the deployment, as part of the MED-V workspace setup.
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md b/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md
index e8dd334e01..2445b5cb1a 100644
--- a/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md
+++ b/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a MED-V Workspace
 description: Creating a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 9578bb99-8a09-44c1-b88f-538901f16ad3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
index e1289a7ed4..d04425394e 100644
--- a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a Virtual PC Image for MED-V
 description: Creating a Virtual PC Image for MED-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 5e02ea07-25b9-41a5-a803-d70c55eef586
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -54,98 +57,102 @@ After the Virtual PC image is created, install the MED-V workspace .msi package
 
 2.  Double-click the MED-V workspace .msi package, and follow the installation wizard instructions.
 
-    **Note**  
+    **Note**  
     When a new MED-V version is released, and an existing Virtual PC image is updated, uninstall the existing MED-V workspace .msi package, reboot the computer, and install the new MED-V workspace .msi package.
 
-     
 
-    **Note**  
-    After the MED-V workspace .msi package is installed, other products that replace GINA cannot be installed.
 
-     
+~~~
+**Note**  
+After the MED-V workspace .msi package is installed, other products that replace GINA cannot be installed.
+~~~
+
+
 
 ## How to Run the Virtual Machine Prerequisites Tool
 
 
 The virtual machine (VM) prerequisites tool is a wizard that automates several of the prerequisites.
 
-**Note**  
+**Note**  
 Although many parameters are configurable in the wizard, the properties required for the proper functioning of MED-V are not configurable.
 
- 
+
 
 **To run the virtual machine prerequisites tool**
 
 1.  After the MED-V workspace .msi package is installed, on the Windows **Start** menu, select **All Programs > MED-V > VM Prerequisites Tool**.
 
-    **Note**  
+    **Note**  
     The user running the virtual machine prerequisites tool must have local administrator rights and must be the only user logged in.
 
-     
 
-    The **MED-V VM Prerequisite Wizard Welcome** page appears.
 
-2.  Click **Next**.
+~~~
+The **MED-V VM Prerequisite Wizard Welcome** page appears.
+~~~
 
-3.  On the **Windows Settings** page, from the following configurable properties, select the ones to be configured:
+2. Click **Next**.
 
-    -   **Clear users’ personal history information**
+3. On the **Windows Settings** page, from the following configurable properties, select the ones to be configured:
 
-    -   **Clear local profiles temp directory**
+   -   **Clear users’ personal history information**
 
-    -   **Disable sounds on following Windows events: start, logon, logoff**
+   -   **Clear local profiles temp directory**
 
-    **Note**  
-    Do not enable Windows page saver in a group policy.
+   -   **Disable sounds on following Windows events: start, logon, logoff**
 
-     
+   **Note**  
+   Do not enable Windows page saver in a group policy.
 
-4.  Click **Next**.
 
-5.  On the **Internet Explorer Settings** page, from the following configurable properties, select the ones to be configured:
 
-    -   **Don't use auto complete features**
+4. Click **Next**.
 
-    -   **Disable reuse of windows for launching shortcuts**
+5. On the **Internet Explorer Settings** page, from the following configurable properties, select the ones to be configured:
 
-    -   **Clear browsing history**
+   -   **Don't use auto complete features**
 
-    -   **Enable tabbed browsing in Internet Explorer 7**
+   -   **Disable reuse of windows for launching shortcuts**
 
-6.  Click **Next**.
+   -   **Clear browsing history**
 
-7.  On the **Windows Services** page, from the following configurable properties, select the ones to be configured:
+   -   **Enable tabbed browsing in Internet Explorer 7**
 
-    -   **Security center service**
+6. Click **Next**.
 
-    -   **Task scheduler service**
+7. On the **Windows Services** page, from the following configurable properties, select the ones to be configured:
 
-    -   **Automatic updates service**
+   -   **Security center service**
 
-    -   **System restore service**
+   -   **Task scheduler service**
 
-    -   **Indexing service**
+   -   **Automatic updates service**
 
-    -   **Wireless Zero Configuration**
+   -   **System restore service**
 
-    -   **Fast User Switching Compatibility**
+   -   **Indexing service**
 
-8.  Click **Next**.
+   -   **Wireless Zero Configuration**
 
-9.  On the **Windows Auto Logon** page, do the following:
+   -   **Fast User Switching Compatibility**
 
-    1.  Select the **Enable Windows Auto Logon** check box.
+8. Click **Next**.
 
-    2.  Assign a **User name** and **Password**.
+9. On the **Windows Auto Logon** page, do the following:
+
+   1.  Select the **Enable Windows Auto Logon** check box.
+
+   2.  Assign a **User name** and **Password**.
 
 10. Click **Apply**, and in the confirmation box that appears, click **Yes**.
 
 11. On the **Summary** page, click **Finish** to quit the wizard
 
-**Note**  
+**Note**  
 Verify that group policies do not overwrite the mandatory settings set in the prerequisites tool.
 
- 
+
 
 ## How to Configure MED-V Virtual Machine Manual Installation Prerequisites
 
@@ -193,10 +200,10 @@ Several of the configurations cannot be configured through the virtual machine p
 
 In a MED-V workspace, Sysprep can be configured in order to assign unique security ID (SID), particularly when multiple MED-V workspaces are run on a single computer. It is not recommended to use Sysprep to join a domain; instead, use the MED-V join domain script action as described in [How to Set Up Script Actions](how-to-set-up-script-actions.md).
 
-**Note**  
+**Note**  
 Sysprep is Microsoft's system preparation utility for the Windows operating system.
 
- 
+
 
 **To configure Sysprep in a MED-V workspace**
 
@@ -204,9 +211,9 @@ Sysprep is Microsoft's system preparation utility for the Windows operating syst
 
 2.  From the Windows installation CD, extract *deploy.cab* to the root of the system drive, or download the latest Deployment Tools update from the Microsoft Web site.
 
-    -   For Windows 2000, see [Deployment Tools update for Windows 2000](https://go.microsoft.com/fwlink/?LinkId=143001).
+    -   For Windows 2000, see [Deployment Tools update for Windows 2000](https://go.microsoft.com/fwlink/?LinkId=143001).
 
-    -   For Windows XP, see [Deployment Tools update for Windows XP](https://go.microsoft.com/fwlink/?LinkId=143000).
+    -   For Windows XP, see [Deployment Tools update for Windows XP](https://go.microsoft.com/fwlink/?LinkId=143000).
 
 3.  Run **Setup Manager** (setupmgr.exe).
 
@@ -239,9 +246,9 @@ After all the components are installed and configured, close Microsoft Virtual P
 Creating a MED-V Image
 [How to Set Up Script Actions](how-to-set-up-script-actions.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/define-the-project-scope.md b/mdop/medv-v1/define-the-project-scope.md
index 905bd47687..ad5596df00 100644
--- a/mdop/medv-v1/define-the-project-scope.md
+++ b/mdop/medv-v1/define-the-project-scope.md
@@ -1,8 +1,11 @@
 ---
 title: Define the Project Scope
 description: Define the Project Scope
-author: jamiejdt
+author: dansimp
 ms.assetid: 84637d2a-2e30-417d-b150-dc81f414b3a5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md b/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md
index d08d291846..2002a545dc 100644
--- a/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md
+++ b/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying a MED-V Workspace Using a Deployment Package
 description: Deploying a MED-V Workspace Using a Deployment Package
-author: jamiejdt
+author: dansimp
 ms.assetid: e07fa70a-1a9f-486f-9a86-b33593b234da
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,15 +40,15 @@ If the image will be included in the package, no other configurations are necess
 **Note**  
 If you are using image pre-staging, it is important to configure the image pre-stage folder prior to creating the deployment package. The folder path needs to be included in the deployment package.
 
- 
+ 
 
 Finally, create the deployment package. For more information on creating a deployment package, see [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md). After the package is complete, distribute it for deployment.
 
 After the deployment package is distributed, MED-V client can be installed and the image deployed. For more information on installing MED-V client, see [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md). For more information on deploying the image, see [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imagedeployment-package.md).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md b/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md
index d45d51596d..e30f9def62 100644
--- a/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md
+++ b/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying a MED-V Workspace Using an Enterprise Software Distribution System
 description: Deploying a MED-V Workspace Using an Enterprise Software Distribution System
-author: jamiejdt
+author: dansimp
 ms.assetid: 867faed6-74ce-4573-84be-8bf26e66c08c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ MED-V client can be distributed using an enterprise software distribution system
 **Note**  
 If MED-V is installed by using Microsoft System Center Configuration Manager, when creating a package for MED-V, set the run mode to administrative rights.
 
- 
+ 
 
 Before deploying MED-V using an enterprise software distribution system, ensure that you have created a MED-V image ready for deployment. For more information on creating a MED-V image, see [Creating a MED-V Image](creating-a-med-v-image.md).
 
@@ -42,13 +45,13 @@ If you are deploying the image via image pre-staging, configure the pre-stage fo
 **Note**  
 If you are using image pre-staging, it is important to configure the image pre-stage folder prior to pushing the client .msi package. The folder path needs to be included in the client .msi package.
 
- 
+ 
 
 Finally, push the client .msi package using your enterprise software distribution center. MED-V can then be installed and the image deployed. For more information on installing MED-V client, see [How to Install MED-V Client](how-to-install-med-v-clientesds.md). For more information on deploying the image, see [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imageesds.md).
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/design-the-med-v-image-repositories.md b/mdop/medv-v1/design-the-med-v-image-repositories.md
index 462901b073..0fd8aa49a6 100644
--- a/mdop/medv-v1/design-the-med-v-image-repositories.md
+++ b/mdop/medv-v1/design-the-med-v-image-repositories.md
@@ -1,8 +1,11 @@
 ---
 title: Design the MED-V Image Repositories
 description: Design the MED-V Image Repositories
-author: jamiejdt
+author: dansimp
 ms.assetid: e153154d-2751-4990-b94d-a2d76242c15f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/design-the-med-v-server-infrastructure.md b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
index 8de1eaf944..d3869802c5 100644
--- a/mdop/medv-v1/design-the-med-v-server-infrastructure.md
+++ b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
@@ -1,8 +1,11 @@
 ---
 title: Design the MED-V Server Infrastructure
 description: Design the MED-V Server Infrastructure
-author: jamiejdt
+author: dansimp
 ms.assetid: 2781040f-880e-4e16-945d-a38c0adb4151
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md b/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md
index f8c44fb69f..07a5fcee07 100644
--- a/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md
+++ b/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md
@@ -1,8 +1,11 @@
 ---
 title: Examples of Virtual Machine Configurations
 description: Examples of Virtual Machine Configurations
-author: jamiejdt
+author: dansimp
 ms.assetid: 5937601e-41ab-4ca2-8fa1-3c9154710cd6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ The following are examples of typical virtual machine configurations: one in a p
 **Note**  
 These examples are not intended for use in all environments. Adjust the configuration according to your environment.
 
- 
+ 
 
 **To configure a typical domain setup in a persistent MED-V workspace**
 
@@ -62,9 +65,9 @@ These examples are not intended for use in all environments. Adjust the configur
 
 [How to Set Up Script Actions](how-to-set-up-script-actions.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/getting-started-with-med-v.md b/mdop/medv-v1/getting-started-with-med-v.md
index 1306d7e5e2..48d652a788 100644
--- a/mdop/medv-v1/getting-started-with-med-v.md
+++ b/mdop/medv-v1/getting-started-with-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with MED-V
 description: Getting Started with MED-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 5832cdb3-3892-4048-b29d-7644e75117f0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/high-level-architecturemedv.md b/mdop/medv-v1/high-level-architecturemedv.md
index 15b33becce..bb6ca22e61 100644
--- a/mdop/medv-v1/high-level-architecturemedv.md
+++ b/mdop/medv-v1/high-level-architecturemedv.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture
 description: High-Level Architecture
-author: jamiejdt
+author: dansimp
 ms.assetid: a78e12ad-5aa6-40e0-ae8b-51acaf005712
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md
index 849b6ec167..5940eccaee 100644
--- a/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply General Settings to a MED-V Workspace
 description: How to Apply General Settings to a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 6152dced-e301-4fa2-bfa0-aecf3c23f23a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ The name of the MED-V workspace.
 **Warning**  
 Do not rename an existing MED-V workspace while it is running on a client computer.
 
- 
+ 
 
 Description
 
@@ -48,7 +51,7 @@ Description of the MED-V workspace, which can include the content or status of t
 **Note**  
 The description is for administrator use and has no impact on the policy.
 
- 
+ 
 
 Support contact info
 
@@ -78,7 +81,7 @@ Do not start the Workspace if the verification fails (exit code is not '0')
 
 Select this check box if you are using a command line and want to start the MED-V workspace only if the script is completed successfully.
 
- 
+ 
 
 A command line can be run on the host prior to starting the MED-V workspace.
 
@@ -95,9 +98,9 @@ A command line can be run on the host prior to starting the MED-V workspace.
 
 [Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md
index 9009a8ddb7..90e54bea2d 100644
--- a/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply Network Settings to a MED-V Workspace
 description: How to Apply Network Settings to a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 641f46b3-a56f-478a-823b-1d90aa1716b3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md
index cde58fde0f..95f5e5b56d 100644
--- a/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply Performance Settings to a MED-V Workspace
 description: How to Apply Performance Settings to a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: e0fed1e1-6e8f-4d65-ab83-b950a17661c0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md
index e5ccd13cbb..966dd20f1e 100644
--- a/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Apply Virtual Machine Settings to a MED-V Workspace
 description: How to Apply Virtual Machine Settings to a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: b50d0dfb-8d61-4543-9607-a29bbb1ed45f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -47,7 +50,7 @@ The actual Microsoft Virtual PC image assigned to the MED-V workspace. The menu
     **Note**  
     Each MED-V workspace image can only be used by one Windows user.
 
-     
+     
 
 Workspace is persistent
 
@@ -58,7 +61,7 @@ For a Domain MED-V workspace, this option must be selected.
 **Note**  
 This setting should not be changed after a MED-V workspace is deployed to users.
 
- 
+ 
 
 Shut down the VM when stopping the Workspace
 
@@ -67,7 +70,7 @@ Select this check box to shut down the virtual machine when stopping the MED-V w
 **Note**  
 This property is enabled only if **Workspace is persistent** is selected.
 
- 
+ 
 
 Logon to Windows in VM using MED-V credentials (SSO)
 
@@ -76,7 +79,7 @@ Select this check box to log in to Windows on the virtual machine by using the M
 **Note**  
 This property is enabled only when **Workspace is persistent** is selected.
 
- 
+ 
 
 Workspace is revertible
 
@@ -85,7 +88,7 @@ Select this check box to configure the MED-V workspace as revertible. In a rever
 **Note**  
 This setting should not be changed after a MED-V workspace is deployed to users.
 
- 
+ 
 
 Synchronize Workspace time zone with host
 
@@ -110,7 +113,7 @@ Select this check box to lock the MED-V workspace when the MED-V workspace is id
 **Note**  
 The idle time refers to the MED-V workspace applications (not the host applications).
 
- 
+ 
 
 *Image Update Settings*
 
@@ -131,9 +134,9 @@ Select this check box to enable Trim Transfer (for more information, see [MED-V
 **Note**  
 Trim Transfer requires indexing the hard drive, which might take a considerable amount of time. It is recommended to use Trim Transfer when indexing the hard drive is more efficient than downloading the new image version, such as when downloading an image version that is similar to the existing version.
 
- 
+ 
 
- 
+ 
 
 ## Related topics
 
@@ -144,9 +147,9 @@ Trim Transfer requires indexing the hard drive, which might take a considerable
 
 [Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md b/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md
index eb50976aa0..0e617603d1 100644
--- a/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md
+++ b/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Back Up and Restore a MED-V Server
 description: How to Back Up and Restore a MED-V Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 8d05e3a4-279b-4ce6-a319-8a09e7a30c60
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ XML files located on the server can be backed up and then restored in case of lo
     **Note**  
     If the configuration has been changed from the default, the files might be stored in a different location.
 
-     
+     
 
     -   ClientPolicy.xml
 
@@ -38,7 +41,7 @@ XML files located on the server can be backed up and then restored in case of lo
     **Note**  
     The ServerSettings.xml file can be backed up as well. However, if a specific configuration has been changed (for example, on the original server, the MED-V VMS directory is located in "*C:\\Vms*" and such a directory does not exist on the new server), it can cause an error.
 
-     
+     
 
 **To restore a MED-V server**
 
@@ -50,9 +53,9 @@ XML files located on the server can be backed up and then restored in case of lo
 
 3.  Restart the MED-V service.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-a-deployment-package.md b/mdop/medv-v1/how-to-configure-a-deployment-package.md
index 40f29d9160..191960b228 100644
--- a/mdop/medv-v1/how-to-configure-a-deployment-package.md
+++ b/mdop/medv-v1/how-to-configure-a-deployment-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure a Deployment Package
 description: How to Configure a Deployment Package
-author: jamiejdt
+author: dansimp
 ms.assetid: 748272a1-6af2-476e-a3f1-87435b8e94b1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,49 +19,49 @@ ms.date: 06/16/2016
 
 The Packaging wizard walks you through the creation of a package by creating a folder on your local computer and transferring all the required installation files to the single folder. The contents of the folder can then be moved to multiple removable media drives for distribution.
 
-**Note**  
+**Note**  
 A single package cannot contain installation files for both x86 and x64 systems.
 
- 
+
 
 ## How to Create a Deployment Package
 
 
 **To create a deployment package**
 
-1.  Verify in the **Images** module that you have created at least one local packed image.
+1. Verify in the **Images** module that you have created at least one local packed image.
 
-2.  On the **Tools** menu, select **Packaging wizard**.
+2. On the **Tools** menu, select **Packaging wizard**.
 
-3.  On the **Packaging wizard** welcome page, click **Next**.
+3. On the **Packaging wizard** welcome page, click **Next**.
 
-4.  On the **Workspace Image** page, select the **Include image in the package** check box to include an image in the package.
+4. On the **Workspace Image** page, select the **Include image in the package** check box to include an image in the package.
 
-    The **Image** field is enabled.
+   The **Image** field is enabled.
 
-    **Note**  
-    An image is not required in a MED-V package; the package can be created without an image. In such a case, the image should be uploaded to the server so that it can later be downloaded over the network to the client, or pushed to an image pre-stage folder.
+   **Note**  
+   An image is not required in a MED-V package; the package can be created without an image. In such a case, the image should be uploaded to the server so that it can later be downloaded over the network to the client, or pushed to an image pre-stage folder.
 
-     
 
-5.  Click the **Image** list to view all available images. Select the image to be copied to the package. Click **Refresh** to refresh the list of available images.
 
-6.  Click **Next**.
+5. Click the **Image** list to view all available images. Select the image to be copied to the package. Click **Refresh** to refresh the list of available images.
 
-7.  On the **MED-V Installation Settings** page, select the MED-V installation file by doing one of the following:
+6. Click **Next**.
 
-    -   In the **MED-V installation file** field, type the full path to the directory where the installation file is located.
+7. On the **MED-V Installation Settings** page, select the MED-V installation file by doing one of the following:
 
-    -   Click **...** to browse to the directory where the installation file is located.
+   -   In the **MED-V installation file** field, type the full path to the directory where the installation file is located.
 
-    **Note**  
-    This field is mandatory, and the wizard will not continue without a valid file name.
+   -   Click **...** to browse to the directory where the installation file is located.
 
-     
+   **Note**  
+   This field is mandatory, and the wizard will not continue without a valid file name.
 
-8.  In the **Server address** field, type the server name or IP address.
 
-9.  In the **Server port** field, type the server port.
+
+8. In the **Server address** field, type the server name or IP address.
+
+9. In the **Server port** field, type the server port.
 
 10. Select the **Server is accessed using https** check box to require an https connection to connect to the server.
 
@@ -70,29 +73,31 @@ A single package cannot contain installation files for both x86 and x64 systems.
 
         1.  On the **MED-V Installation Custom Settings** page, in the **Installation folder** field, type the path of the folder where the MED-V files will be installed on the host computer.
 
-            **Note**  
+            **Note**  
             It is recommended to use variables in the path rather than constants, which might vary from computer to computer.
 
             For example, use *%ProgramFiles%\\MED-V* instead of *c:\\MED-V*.
 
-             
 
-        2.  In the **Virtual machines images folder** field, type the path of the folder where the virtual images files will be installed on the host computer.
 
-            **Note**  
-            If you are using image pre-staging, this is the image pre-stage folder where the image is located.
+    ~~~
+    2.  In the **Virtual machines images folder** field, type the path of the folder where the virtual images files will be installed on the host computer.
 
-             
+        **Note**  
+        If you are using image pre-staging, this is the image pre-stage folder where the image is located.
 
-        3.  In the **Minimal required RAM** field, enter the RAM required to install a MED-V package. If the user installing the MED-V package does not have the minimal required RAM, the installation will fail.
 
-        4.  Select the **Install the MED-V management application** check box to include the MED-V management console application in the installation.
 
-        5.  Select the **Create a shortcut to MED-V on the desktop** check box to create a shortcut to MED-V on the host's desktop.
+    3.  In the **Minimal required RAM** field, enter the RAM required to install a MED-V package. If the user installing the MED-V package does not have the minimal required RAM, the installation will fail.
 
-        6.  Select the **Start automatically on computer startup** check box to start MED-V automatically on startup.
+    4.  Select the **Install the MED-V management application** check box to include the MED-V management console application in the installation.
 
-        7.  Click **Next**.
+    5.  Select the **Create a shortcut to MED-V on the desktop** check box to create a shortcut to MED-V on the host's desktop.
+
+    6.  Select the **Start automatically on computer startup** check box to start MED-V automatically on startup.
+
+    7.  Click **Next**.
+    ~~~
 
 12. On the **Additional Installations** page, select the **Include installation of virtualization software** check box to include the Virtual PC installation in the package.
 
@@ -102,9 +107,9 @@ A single package cannot contain installation files for both x86 and x64 systems.
 
     The **Installation file** field is enabled. Type the full path of the Virtual PC update installation file, or click **...** to browse to the directory.
 
-14. Select the **Include installation of Microsoft .NET Framework 2.0** check box to include the Microsoft .NET Framework 2.0 installation in the package.
+14. Select the **Include installation of Microsoft .NET Framework 2.0** check box to include the Microsoft .NET Framework 2.0 installation in the package.
 
-    The **Installation file** field is enabled. Type the full path of the Microsoft .NET Framework 2.0 installation file, or click **...** to browse to the directory.
+    The **Installation file** field is enabled. Type the full path of the Microsoft .NET Framework 2.0 installation file, or click **...** to browse to the directory.
 
 15. Click **Next**.
 
@@ -114,10 +119,10 @@ A single package cannot contain installation files for both x86 and x64 systems.
 
     -   Click **...** to browse to the directory where the installation files should be saved.
 
-    **Note**  
+    **Note**  
     Building the package might consume more space than the actual package size. It is therefore recommended to build the package on the hard drive. After the package is created, it can then be copied to the USB.
 
-     
+
 
 17. In the **Package name** field, enter a name for the package.
 
@@ -127,29 +132,29 @@ A single package cannot contain installation files for both x86 and x64 systems.
 
     After the package is created, a message appears notifying you that it has been completed successfully.
 
-**Note**  
+**Note**  
 If you saved all the files locally, and not directly on the removable media, ensure that you copy only the contents of the folder and not the folder itself to the removable media.
 
- 
 
-**Note**  
+
+**Note**  
 The removable media must be large enough so that the package contents consume a maximum of only three-quarters of the removable media's memory.
 
- 
 
-**Note**  
+
+**Note**  
 When creating the package, up to double the size of the actual package size might be required when the build is complete.
 
- 
+
 
 ## Related topics
 
 
 [Creating a MED-V Image](creating-a-med-v-image.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md b/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md
index f4269c3745..ce0b36eae2 100644
--- a/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md
+++ b/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure a Domain User or Group
 description: How to Configure a Domain User or Group
-author: jamiejdt
+author: dansimp
 ms.assetid: 055aba81-a9c9-4b98-969d-775e603becf3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,15 +40,17 @@ To allow users to utilize the MED-V workspace, you must first add domain users o
 
     The domain users or groups are added.
 
-    **Note**  
+    **Note**  
     Users from trusted domains should be added manually.
 
-     
 
-    **Warning**  
-    Do not run the management application from a computer that is part of a domain that is not trusted by the domain the server is installed on.
 
-     
+~~~
+**Warning**  
+Do not run the management application from a computer that is part of a domain that is not trusted by the domain the server is installed on.
+~~~
+
+
 
 ## How to Remove a Domain User or Group
 
@@ -109,17 +114,17 @@ Select this check box to enable transferring files between the host and MED-V wo
 
 -   **Workspace to Host**—Enable transferring files from the MED-V workspace to the host.
 
-**Note**  
+**Note**  
 If a user without permissions attempts to transfer files, a window will appear prompting him to enter the credentials of a user with permissions to perform the file transfer.
 
- 
 
-**Important**  
-To support file transfer in Windows XP SP3, you must disable offline file synchronization by editing the registry as follows:
+
+**Important**  
+To support file transfer in Windows XP SP3, you must disable offline file synchronization by editing the registry as follows:
 
 `REG ADD HKLM\software\microsoft\windows\currentversion\netcache /V Enabled /T REG_DWORD /F /D 0`
 
- 
+
 
 Advanced
 
@@ -131,16 +136,16 @@ Enable printing to printers connected to the host
 
 Select this check box to enable users to print from the MED-V workspace using the host printer.
 
-**Note**  
+**Note**  
 The printing is performed by the printers defined on the host.
 
- 
+
 
 Enable access to CD / DVD
 
 Select this check box to allow access to a CD or DVD drive from this MED-V workspace.
 
- 
+
 
 **Multiple Memberships**
 
@@ -159,9 +164,9 @@ Select this check box to allow access to a CD or DVD drive from this MED-V works
 
 [How to Set Advanced File Transfer Options](how-to-set-advanced-file-transfer-options.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-image-pre-staging.md b/mdop/medv-v1/how-to-configure-image-pre-staging.md
index 9abff80e8e..5d736b92b9 100644
--- a/mdop/medv-v1/how-to-configure-image-pre-staging.md
+++ b/mdop/medv-v1/how-to-configure-image-pre-staging.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Image Pre-staging
 description: How to Configure Image Pre-staging
-author: jamiejdt
+author: dansimp
 ms.assetid: 92781b5a-208f-45a4-a078-ee90cf9efd9d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -17,7 +20,7 @@ ms.date: 06/16/2016
 **Note**  
 Image pre-staging is useful only for the initial image download. It is not supported for image update.
 
- 
+ 
 
 ## How to Configure Image Pre-staging
 
@@ -29,32 +32,32 @@ Image pre-staging is useful only for the initial image download. It is not suppo
     **Note**  
     This folder must be called *MED-V Images*.
 
-     
+     
 
 2.  Inside the MED-V Images folder, create a subfolder and name it *PrestagedImages*.
 
     **Note**  
     This folder must be called *PrestagedImages*.
 
-     
+     
 
 3.  To apply Access Control Lists (ACL) security to the *MED-V Images* folder, set the following ACL:
 
     **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)**
 
-                                             **READ\_CONTROL**
+                                             **READ\_CONTROL**
 
-                                    **SYNCHRONIZE**
+                                    **SYNCHRONIZE**
 
-                                    **FILE\_GENERIC\_READ**
+                                    **FILE\_GENERIC\_READ**
 
-                                    **FILE\_READ\_DATA**
+                                    **FILE\_READ\_DATA**
 
     **                                 FILE\_APPEND\_DATA**
 
-                                    **FILE\_READ\_EA**
+                                    **FILE\_READ\_EA**
 
-                                    **FILE\_READ\_ATTRIBUTES**
+                                    **FILE\_READ\_ATTRIBUTES**
 
     **NT AUTHORITY\\SYSTEM:(OI)(CI)F**
 
@@ -63,7 +66,7 @@ Image pre-staging is useful only for the initial image download. It is not suppo
     **Note**  
     It is recommended to apply ACL security to the *MED-V Images* folder.
 
-     
+     
 
 4.  To apply ACL security to the *PrestagedImages* folder, set the following ACL:
 
@@ -88,14 +91,14 @@ Image pre-staging is useful only for the initial image download. It is not suppo
     **Note**  
     It is recommended to apply ACL security to the *PrestagedImages* folder.
 
-     
+     
 
 5.  Push the image files (CKM and INDEX files) to the *PrestagedImages* folder.
 
     **Note**  
     After the image files have been pushed to the pre-stage folder, it is recommended to run a data integrity check and to mark the files as read-only.
 
-     
+     
 
 6.  Include the following parameter in the MED-V client installation: *Client.MSI VMSFOLDER=”C:\\MED-V Images”*.
 
@@ -112,9 +115,9 @@ Image pre-staging is useful only for the initial image download. It is not suppo
 
 2.  If the image is in a different location, change the path.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md b/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md
index 9f9f99c37a..91f9055689 100644
--- a/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md
+++ b/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Published Applications
 description: How to Configure Published Applications
-author: jamiejdt
+author: dansimp
 ms.assetid: 43a59ff7-5d4e-49dc-84e5-1082bc4dd8f4
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -35,10 +38,10 @@ An application can be published in one of the following ways:
 
 4.  On the **Policy** menu, select **Commit**.
 
-    **Note**  
+    **Note**  
     If you are setting Internet Explorer as a published application to ensure that Web redirection works properly, make certain that any parameters are not in parentheses.
 
-     
+
 
 **Published Application Properties**
 
@@ -60,30 +63,28 @@ An application can be published in one of the following ways:
 
 
 
    Display name
    
-
    The name of the shortcut in the user's Windows Start menu.
    
+
    The name of the shortcut in the user's Windows Start menu.
    
 
    
-Note  
-
    The display name is not case sensitive.
    
+Note
    The display name is not case sensitive.
    
 
    
 
    
- 
+
 
    
 
 
 
    Description
    
-
    A description of the published application, which appears as a tooltip when the user's mouse hovers over the shortcut.
    
+
    A description of the published application, which appears as a tooltip when the user's mouse hovers over the shortcut.
    
 
 
 
    Command line
    
 
    The command used to run the application from within the MED-V workspace. The full path is required, and the parameters can be passed to the application in a similar fashion as in any other Windows command.
    
-
    In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \\tux\date".
    
-
    For example, to publish Windows Explorer, use the following syntax: "c:\" or "c:\windows."
    
+
    In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \tux\date".
    
+
    For example, to publish Windows Explorer, use the following syntax: "c:</em>" or "c:\windows."
    
 
    
-Note  
-
    To have a name resolution, you need to perform one of the following:
    
+Note
    To have a name resolution, you need to perform one of the following:
    
 
    
 
    
- 
+
 
    
 
      
 
    • Configure the DNS in the base MED-V workspace image.
      • 
@@ -91,28 +92,26 @@ An application can be published in one of the following ways:
 
    • Use the IP for defining the network drive.
      • 
 
    
 
    
-Note  
-
    If the path includes spaces, the entire path must be inside quotation marks.
    
+Note
    If the path includes spaces, the entire path must be inside quotation marks.
    
 
    
 
    
- 
+
 
    
 
    
-Note  
-
    The path should not end with a backslash ().
    
+Note
    The path should not end with a backslash ().
    
 
    
 
    
- 
+
 
    
 
 
 
    Start menu
    
-
    Select this check box to create a shortcut for the application in the user's Windows Start menu.
    
+
    Select this check box to create a shortcut for the application in the user's Windows Start menu.
    
 
 
 
 
- 
+
 
 All published applications appear as shortcuts in the Windows **Start** menu (**Start >All Programs> MED-V Applications**).
 
@@ -164,35 +163,34 @@ All published applications appear as shortcuts in the Windows **Start** menu (**
 
 
 
    Display name
    
-
    The name of the shortcut in the user's Windows Start menu.
    
+
    The name of the shortcut in the user's Windows Start menu.
    
 
 
 
    Description
    
-
    The description, which appears as a tooltip when the user's mouse hovers over the shortcut.
    
+
    The description, which appears as a tooltip when the user's mouse hovers over the shortcut.
    
 
 
 
    Folder in workspace
    
 
    Select the folder to publish as a menu containing all the applications within the folder.
    
 
    The text displayed is a relative path from the Programs folder.
    
 
    
-Note  
-
    If left blank, all programs on the host will be published as a menu.
    
+Note
    If left blank, all programs on the host will be published as a menu.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 All published menus appear as shortcuts in the Windows **Start** menu (**Start >All Programs> MED-V Applications**). You can change the name of the shortcut in the **Start-menu shortcuts folder** field.
 
-**Note**  
+**Note**  
 When configuring two MED-V workspaces, it is recommended to configure a different name for the Start menu shortcuts folder.
 
- 
+
 
 ## How to Remove a Published Menu from a MED-V Workspace
 
@@ -218,10 +216,10 @@ The administrator can run published applications from any location, such as a de
 "\Manager\KidaroCommands.exe" /run "" ""
 ```
 
-**Note**  
+**Note**  
 The MED-V workspace in which the published application is defined must be running.
 
- 
+
 
 ## Related topics
 
@@ -232,9 +230,9 @@ The MED-V workspace in which the published application is defined must be runnin
 
 [Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
index 09010c95c9..2aca3bc496 100644
--- a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
+++ b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Image Web Distribution Server
 description: How to Configure the Image Web Distribution Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 2d32ae79-dff5-4c05-a412-dd15452b6007
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md
index ca1f949944..6519e09c4a 100644
--- a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Virtual Machine Setup for a MED-V Workspace
 description: How to Configure the Virtual Machine Setup for a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: a4659b4d-18b2-45b1-9605-8b5adc438f53
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md
index 1fd2518cb4..938c998f17 100644
--- a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md
+++ b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure the Virtual Machine Setup for a MED-V Workspace
 description: How to Configure the Virtual Machine Setup for a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 50bbf58b-842c-4b63-bb93-3783903f6c7d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,10 +28,10 @@ All virtual machine setup configuration settings are configured in the **Policy*
 
 2.  In the **Persistent VM Setup** section, configure the properties as described in the following table.
 
-    **Note**  
+    **Note**  
     The persistent VM setup properties are enabled only for a persistent MED-V workspace.
 
-     
+
 
 3.  On the **Policy** menu, select **Commit**.
 
@@ -52,30 +55,28 @@ All virtual machine setup configuration settings are configured in the **Policy*
 
 
 
    Script Editor
    
-
    Click to configure the setup script. For more information, see [How to Set Up Script Actions](how-to-set-up-script-actions.md).
    
+
    Click to configure the setup script. For more information, see How to Set Up Script Actions.
    
 
    
-Note  
-
    This button is enabled only when Run VM Setup script is selected.
    
+Note
    This button is enabled only when Run VM Setup script is selected.
    
 
    
 
    
- 
+
 
    
 
 
 
    Message displayed when script is running
    
 
    A message to be displayed while the script is running. If left blank, the default message is displayed.
    
 
    
-Note  
-
    This field is enabled only when Run VM Setup script is checked.
    
+Note
    This field is enabled only when Run VM Setup script is checked.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 ## How to Configure the Virtual Machine Setup for a Revertible MED-V Workspace
 
@@ -86,10 +87,10 @@ All virtual machine setup configuration settings are configured in the **Policy*
 
 2.  In the **Revertible VM Setup** section, configure the properties as described in the following table.
 
-    **Note**  
+    **Note**  
     The revertible VM setup properties are enabled only for a revertible MED-V workspace.
 
-     
+
 
 3.  On the **Policy** menu, select **Commit**.
 
@@ -110,12 +111,12 @@ All virtual machine setup configuration settings are configured in the **Policy*
 
 
    Rename the VM based on the computer name pattern
    
 
    Select this check box to assign a unique name to each computer using the MED-V workspace so that you can differentiate between multiple computers using the same MED-V workspace.
    
-
    For more information on configuring computer image names, see [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md).
    
+
    For more information on configuring computer image names, see How to Configure VM Computer Name Pattern Properties.
    
 
 
 
 
- 
+
 
 ## Related topics
 
@@ -126,9 +127,9 @@ All virtual machine setup configuration settings are configured in the **Policy*
 
 [Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md b/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md
index 13ca88517f..d37e201c72 100644
--- a/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md
+++ b/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure VM Computer Name Pattern Properties
 description: How to Configure VM Computer Name Pattern Properties
-author: jamiejdt
+author: dansimp
 ms.assetid: ddf79ace-8cc3-4ee6-be5a-5940b4df5c36
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -49,22 +52,24 @@ A virtual machine computer name pattern can be assigned both for revertible and
 
     -   **Random characters**—Enter “\#” for each random character to include in the pattern. Each computer using the MED-V workspace will have a suffix of the length specified, which is generated randomly.
 
-    **Note**  
+    **Note**  
     The computer name has a limit of 15 characters. If the pattern exceeds the limit, it will be truncated.
 
-     
+
 
 4.  On the **Policy** menu, select **Commit**.
 
-    **Note**  
+    **Note**  
     A revertible VM computer name pattern can be assigned only when **Rename the VM based on the computer name patterns** (in the **Revertible VM Setup** section) is checked.
 
-     
 
-    **Note**  
-    A unique computer name can be assigned only if it is configured prior to MED-V workspace setup. Changing the name will not affect MED-V workspaces that were already set up.
 
-     
+~~~
+**Note**  
+A unique computer name can be assigned only if it is configured prior to MED-V workspace setup. Changing the name will not affect MED-V workspaces that were already set up.
+~~~
+
+
 
 ## How to Assign a Virtual Machine Computer Name Pattern to a Persistent MED-V Workspace
 
@@ -99,17 +104,17 @@ A virtual machine computer name pattern can be assigned both for revertible and
 
     -   **Random characters**— Enter “\#” for each random character to include in the pattern. The computer will have a suffix of the length specified, which is generated randomly.
 
-    **Note**  
+    **Note**  
     The computer name has a limit of 15 characters. If the pattern exceeds the limit, it will be truncated.
 
-     
+
 
 6.  On the **Policy** menu, select **Commit**.
 
-    **Note**  
+    **Note**  
     The computer will be renamed only if it is set as an action in the **Script Actions** dialog box. For detailed information, see [How to Set Up Script Actions](how-to-set-up-script-actions.md).
 
-     
+
 
 ## Related topics
 
@@ -122,9 +127,9 @@ A virtual machine computer name pattern can be assigned both for revertible and
 
 [Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md b/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md
index d1b9c0415c..258a58f9b0 100644
--- a/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Configure Web Settings for a MED-V Workspace
 description: How to Configure Web Settings for a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 9a6cd28f-7e4f-468f-830a-7b1d9abd3af3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,10 +21,10 @@ Web sites that can only be displayed in older versions of Internet Explorer and
 
 The following procedures describe how you can set a list of Web browsing rules for a MED-V workspace. All sites included in the rules can be browsed either in the MED-V workspace or on the host, as defined by the administrator. All sites not defined within the rules are browsed from the environment in which they were requested. However, you can configure them as a group as well, to be browsed in the MED-V workspace or the host.
 
-**Note**  
+**Note**  
 Web settings are applied only to Internet Explorer and to no other browsers.
 
- 
+
 
 All Web settings are configured in the **Policy** module, on the **Web** tab.
 
@@ -84,7 +87,7 @@ All Web settings are configured in the **Policy** module, on the **Web** tab.
 
      
 
    • Domain suffix—Access to any host address ending with the suffix specified in the Value property and is set according to the option set in Web Browsing.
      • 
 
    • IP Prefix—Access to any full or partial IP address in the range of the prefix specified in the Value property and is set according to the option set in Web Browsing.
      • 
-
    • All Local Addresses—Access to all addresses without a '.' and is set according to the option set in Web Browsing.
      • 
+
    • All Local Addresses—Access to all addresses without a '.' and is set according to the option set in Web Browsing.
      • 
 
    
 
 
@@ -92,14 +95,13 @@ All Web settings are configured in the **Policy** module, on the **Web** tab.
 
      
 
    • If Domain suffix is selected in the Type property, enter a domain suffix.
      
 
      
-Note  
-
        
+Note
          
 
        • Do not enter "*" before the suffix.
          • 
 
        • Domain suffixes support aliases as well.
          • 
 
        
 
      
 
      
- 
+
 
      • 
 
    • If IP Prefix is selected in the Type property, enter a full or partial IP address.
      • 
 
    
@@ -107,7 +109,7 @@ All Web settings are configured in the **Policy** module, on the **Web** tab.
 
 
 
- 
+
 
 ## How to Delete a Web Rule
 
@@ -127,9 +129,9 @@ All Web settings are configured in the **Policy** module, on the **Web** tab.
 
 [Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md b/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md
index 0b8d906842..81edc52790 100644
--- a/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md
+++ b/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create and Test a MED-V Image
 description: How to Create and Test a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: 40e4aba6-12cb-4794-967d-2c09dc20d808
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -56,7 +59,7 @@ When creating a MED-V image, it goes through the following stages:
     **Note**  
     The following characters cannot be included in the image name: space " < > | \\ / : \* ?
 
-     
+     
 
 5.  Click **OK**.
 
@@ -93,7 +96,7 @@ When creating a MED-V image, it goes through the following stages:
 
 
 
- 
+ 
 
 ## How to Test a MED-V Image from the MED-V Client
 
@@ -125,12 +128,12 @@ After a MED-V test image is created, use the following procedure to test the ima
 **Note**  
 While testing an image, do not open VPC and make changes to the image.
 
- 
+ 
 
 **Note**  
 When testing an image, no changes are saved to the image between sessions; instead, they are saved in a separate, temporary file. This is to ensure that when the image is packed and run on the production environment, it is the original, clean image.
 
- 
+ 
 
 ## Related topics
 
@@ -143,9 +146,9 @@ When testing an image, no changes are saved to the image between sessions; inste
 
 [MED-V Client Operations](med-v-client-operations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-delete-a-med-v-image.md b/mdop/medv-v1/how-to-delete-a-med-v-image.md
index 3922b9bf8b..0167e493e8 100644
--- a/mdop/medv-v1/how-to-delete-a-med-v-image.md
+++ b/mdop/medv-v1/how-to-delete-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Delete a MED-V Image
 description: How to Delete a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: 974a493a-7627-4c64-9294-89441f127916
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md b/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md
index fe3263d090..13cf016d4c 100644
--- a/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md
+++ b/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy a Workspace Image
 description: How to Deploy a Workspace Image
-author: jamiejdt
+author: dansimp
 ms.assetid: b2c77e0d-101d-4956-a27c-8beb0e4f262e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md b/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md
index 478a886411..a6b40105d0 100644
--- a/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md
+++ b/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy a Workspace Image
 description: How to Deploy a Workspace Image
-author: jamiejdt
+author: dansimp
 ms.assetid: ccc8e89b-1625-4b58-837e-4c6d93d46070
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md b/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md
index 6ca3af5de9..269980cf59 100644
--- a/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md
+++ b/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md
@@ -1,8 +1,11 @@
 ---
 title: How to Edit a Published Application with Advanced Settings
 description: How to Edit a Published Application with Advanced Settings
-author: jamiejdt
+author: dansimp
 ms.assetid: 06a79049-9ce9-490f-aad7-fd4fdf185590
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -46,13 +49,12 @@ After a published application has been added and configured, the published appli
 
 
 
    Display name
    
-
    The name of the shortcut in the user's Windows Start menu.
    
+
    The name of the shortcut in the user's Windows Start menu.
    
 
    
-Note  
-
    The display name is not case sensitive.
    
+Note
    The display name is not case sensitive.
    
 
    
 
    
- 
+
 
    
 
 
@@ -63,11 +65,10 @@ After a published application has been added and configured, the published appli
 
    Start in
    
 
    The directory from which to start the application.
    
 
    
-Note  
-
    The path does not need to include quotation marks.
    
+Note
    The path does not need to include quotation marks.
    
 
    
 
    
- 
+
 
    
 
 
@@ -75,14 +76,13 @@ After a published application has been added and configured, the published appli
 
    The command with which to run the application from within the MED-V workspace.
    
 
    The full path is required, and the parameters can be passed to the application in a similar fashion as in any other Windows command.
    
 
    In a domain configuration, a shared drive usually exists on the server where all domain computers map to. The directory should be mapped here, and if it is a folder that requires user authentication, the Use MED-V credentials to run this application check box must be selected.
    
-
    In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \\tux\data".
    
-
    For example, to publish Windows Explorer, use the following syntax: "c:\" or "c:\windows".
    
+
    In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \tux\data".
    
+
    For example, to publish Windows Explorer, use the following syntax: "c:&quot; or "c:\windows".
    
 
    
-Note  
-
    To have a name resolution, you need to perform one of the following:
    
+Note
    To have a name resolution, you need to perform one of the following:
    
 
    
 
    
- 
+
 
    
 
      
 
    • Configure the DNS in the base MED-V workspace image.
      • 
@@ -90,23 +90,21 @@ After a published application has been added and configured, the published appli
 
    • Use the IP for defining the network drive.
      • 
 
    
 
    
-Note  
-
    If the path includes spaces, the entire path must be inside quotation marks.
    
+Note
    If the path includes spaces, the entire path must be inside quotation marks.
    
 
    
 
    
- 
+
 
    
 
    
-Note  
-
    The path should not end with a backslash ().
    
+Note
    The path should not end with a backslash ().
    
 
    
 
    
- 
+
 
    
 
 
 
    Add a shortcut in the host Windows Start menu
    
-
    Select this check box to create a shortcut for the application in the user's Windows Start menu.
    
+
    Select this check box to create a shortcut for the application in the user's Windows Start menu.
    
 
 
 
    Launch this application when the Workspace is started
    
@@ -116,26 +114,25 @@ After a published application has been added and configured, the published appli
 
    Use MED-V credentials to run this application
    
 
    Select this check box to authenticate applications that request a user name and password using the MED-V credentials instead of the credentials set for the application.
    
 
    
-Note  
-
    When using SSO, the command line should be C:\Windows\Explorer.exe "folder path". When not using SSO, the command line should be "folder path".
    
+Note
    When using SSO, the command line should be C:\Windows\Explorer.exe "folder path". When not using SSO, the command line should be "folder path".
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 ## Related topics
 
 
 [How to Configure Published Applications](how-to-configure-published-applicationsmedvv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-generate-reports-medvv2.md b/mdop/medv-v1/how-to-generate-reports-medvv2.md
index 40f18afa63..082e4a4e13 100644
--- a/mdop/medv-v1/how-to-generate-reports-medvv2.md
+++ b/mdop/medv-v1/how-to-generate-reports-medvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Generate Reports
 description: How to Generate Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: 9f8ba28e-1993-4c11-a28a-493718051e5d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -59,22 +62,20 @@ The report results can be grouped by dragging a column header to the top of the
 
    Time
    
 
    The date and time the event occurred.
    
 
    
-Note  
-
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
+Note
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
 
    
 
    
- 
+
 
    
 
 
 
    User Name
    
 
    The user who initiated the event.
    
 
    
-Note  
-
    If the event occurred before a user logged on, the user name is SYSTEM.
    
+Note
    If the event occurred before a user logged on, the user name is SYSTEM.
    
 
    
 
    
- 
+
 
    
 
 
@@ -113,17 +114,16 @@ The report results can be grouped by dragging a column header to the top of the
 
    Image Version
    
 
    The image version that the MED-V workspace is currently using.
    
 
    
-Note  
-
    MED-V workspace version can be Unknown if it has not yet been downloaded onto a computer.
    
+Note
    MED-V workspace version can be Unknown if it has not yet been downloaded onto a computer.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 ## How to Generate an Activity Log Report
 
@@ -182,18 +182,16 @@ The report results can be grouped by dragging a column header to the top of the
 
    Time Received
    
 
    The date and time the event was received on the server.
    
 
    
-Note  
-
    If the client is working offline, the server receives the reports when the client is online.
    
+Note
    If the client is working offline, the server receives the reports when the client is online.
    
 
    
 
    
- 
+
 
    
 
    
-Note  
-
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
+Note
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
 
    
 
    
- 
+
 
    
 
 
@@ -219,7 +217,7 @@ The report results can be grouped by dragging a column header to the top of the
 
 
 
- 
+
 
 ## How to Generate an Error Log Report
 
@@ -272,18 +270,16 @@ The report results can be grouped by dragging a column header to the top of the
 
    Time Received
    
 
    The date and time the event was received on the server.
    
 
    
-Note  
-
    If the client is working offline, the server receives the reports when the client is online.
    
+Note
    If the client is working offline, the server receives the reports when the client is online.
    
 
    
 
    
- 
+
 
    
 
    
-Note  
-
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
+Note
    By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.
    
 
    
 
    
- 
+
 
    
 
 
@@ -305,11 +301,11 @@ The report results can be grouped by dragging a column header to the top of the
 
 
 
- 
-
- 
-
- 
+
+
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-import-and-export-a-policy.md b/mdop/medv-v1/how-to-import-and-export-a-policy.md
index 7c7c923d36..dec165468c 100644
--- a/mdop/medv-v1/how-to-import-and-export-a-policy.md
+++ b/mdop/medv-v1/how-to-import-and-export-a-policy.md
@@ -1,8 +1,11 @@
 ---
 title: How to Import and Export a Policy
 description: How to Import and Export a Policy
-author: jamiejdt
+author: dansimp
 ms.assetid: c86455de-2096-4bb1-b9d3-22efb42f3317
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
index 8a48eb313c..e21097b997 100644
--- a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
+++ b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install and Configure the MED-V Server Component
 description: How to Install and Configure the MED-V Server Component
-author: jamiejdt
+author: dansimp
 ms.assetid: 2d3c5b15-df2c-4ab6-bf78-f47ef8ae7418
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -45,10 +48,10 @@ This section explains how to [install](#bkmk-howtoinstallthemedvserver) and [con
 
 6.  When the **InstallShield Wizard Completed** screen appears, click **Finish** to complete the wizard.
 
-**Note**  
+**Note**  
 If you are installing the MED-V server via Microsoft Remote Desktop, use the following syntax: **mstsc/admin**. Ensure that your RDP session is directed to the console.
 
- 
+
 
 ## How to Configure the MED-V Server
 
@@ -69,32 +72,34 @@ The following server settings can be configured:
 
 1.  On the Windows Start menu, select **All Programs > MED-V > MED-V Server Configuration Manager**.
 
-    **Note**  
+    **Note**  
     Note: If you selected the **Launch MED-V Server Configuration Manager** check box during the server installation, the MED-V server configuration manager starts automatically after the server installation is complete.
 
-     
 
-    The MED-V Server Configuration Manager appears.
 
-2.  On the **Connections** tab, configure the following client connections settings:
+~~~
+The MED-V Server Configuration Manager appears.
+~~~
 
-    -   **Enable unencrypted connections (http), using port**—Select this check box to enable unencrypted connections using a specified port. In the port box, enter the server port on which to accept unencrypted connections (http).
+2. On the **Connections** tab, configure the following client connections settings:
 
-    -   **Enable encrypted connections (https), using port**—Select this check box to enable encrypted connections using a specified port. In the port box, enter the server port on which to accept encrypted connections (https).
+   -   **Enable unencrypted connections (http), using port**—Select this check box to enable unencrypted connections using a specified port. In the port box, enter the server port on which to accept unencrypted connections (http).
 
-        Https is an optional configuration which can be set to ensure secure transactions between the MED-V server and MED-V clients. To configure https, you must perform the following procedures:
+   -   **Enable encrypted connections (https), using port**—Select this check box to enable encrypted connections using a specified port. In the port box, enter the server port on which to accept encrypted connections (https).
 
-        -   Configure a certificate on the server.
+       Https is an optional configuration which can be set to ensure secure transactions between the MED-V server and MED-V clients. To configure https, you must perform the following procedures:
 
-        -   Associate the server certificate with the port specified using netsh. For information, see the following:
+       -   Configure a certificate on the server.
 
-            -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](https://go.microsoft.com/fwlink/?LinkId=183314)
+       -   Associate the server certificate with the port specified using netsh. For information, see the following:
 
-            -   [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315)
+           -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](https://go.microsoft.com/fwlink/?LinkId=183314)
 
-            -   [How to: Configure a Port with an SSL Certificate](https://msdn.microsoft.com/library/ms733791.aspx)
+           -   [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315)
 
-3.  Click **OK**.
+           -   [How to: Configure a Port with an SSL Certificate](https://msdn.microsoft.com/library/ms733791.aspx)
+
+3. Click **OK**.
 
 ### Configuring Images
 
@@ -148,10 +153,10 @@ The following server settings can be configured:
 
         `Data Source=;Initial Catalog=;uid=sa;pwd=;`
 
-        **Note**  
+        **Note**  
         Note: To connect to SQL Express, use: `Data Source=\sqlexpress.`
 
-         
+
 
 4.  To create the database, click **Create Database**.
 
@@ -182,9 +187,9 @@ The following server settings can be configured:
 
 [Design the MED-V Server Infrastructure](design-the-med-v-server-infrastructure.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md b/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md
index 6d34ea987a..e84a2751f0 100644
--- a/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md
+++ b/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install MED-V Client and MED-V Management Console
 description: How to Install MED-V Client and MED-V Management Console
-author: jamiejdt
+author: dansimp
 ms.assetid: 8a5f3010-3a50-487e-99d8-e352e5cb51c6
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,15 +25,15 @@ The following MED-V components are included in the client .msi package:
 
 The MED-V management console and the MED-V client are both installed from the MED-V client .msi package. The MED-V client, however, can be installed independently without the MED-V management console by clearing the **Install the MED-V Management application** check box during installation.
 
-**Note**  
-The MED-V client and MED-V management console can only be installed on Windows 7-, Windows Vista-, and Windows XP-based computers. They cannot be installed on server products.
+**Note**  
+The MED-V client and MED-V management console can only be installed on Windows 7-, Windows Vista-, and Windows XP-based computers. They cannot be installed on server products.
 
- 
 
-**Note**  
+
+**Note**  
 Do not install the MED-V client using the Windows **runas** command.
 
- 
+
 
 **To install the MED-V client**
 
@@ -58,32 +61,34 @@ Do not install the MED-V client using the Windows **runas** command.
 
     -   Select the **Install the MED-V management application** check box to include the management component in the installation.
 
-        **Note**  
+        **Note**  
         Enterprise Desktop Virtualization administrators should install the MED-V management application. This application is required for configuring desktop images and MED-V workspaces.
 
-         
 
-    -   Select the **Load MED-V when Windows starts** check box to start MED-V automatically on startup.
 
-    -   Select the **Add a MED-V shortcut to my desktop** check box to create a MED-V shortcut on your desktop.
+~~~
+-   Select the **Load MED-V when Windows starts** check box to start MED-V automatically on startup.
 
-    -   In the **Server address** field, type the server address.
+-   Select the **Add a MED-V shortcut to my desktop** check box to create a MED-V shortcut on your desktop.
 
-    -   In the **Server port** field, type the server's port.
+-   In the **Server address** field, type the server address.
 
-    -   Select the **Server requires encrypted connections (https)** check box to work with https.
+-   In the **Server port** field, type the server's port.
 
-    -   The default virtual machine images folder is displayed. The default installation folder is *%systemdrive%\\MED-V Images\\*. To change the folder where MED-V should be installed, click **Change**, and browse to an existing folder.
+-   Select the **Server requires encrypted connections (https)** check box to work with https.
 
-7.  Click **Next**.
+-   The default virtual machine images folder is displayed. The default installation folder is *%systemdrive%\\MED-V Images\\*. To change the folder where MED-V should be installed, click **Change**, and browse to an existing folder.
+~~~
 
-8.  On the **Ready to Install the Program** screen, click **Install**.
+7. Click **Next**.
 
-    The MED-V client installation starts. This can take several minutes, and the screen might not display text. During installation, several progress screens appear. If a message appears, follow the instructions provided.
+8. On the **Ready to Install the Program** screen, click **Install**.
 
-    Upon successful installation, the **InstallShield Wizard Completed** screen appears.
+   The MED-V client installation starts. This can take several minutes, and the screen might not display text. During installation, several progress screens appear. If a message appears, follow the instructions provided.
 
-9.  Click **Finish** to close the wizard.
+   Upon successful installation, the **InstallShield Wizard Completed** screen appears.
+
+9. Click **Finish** to close the wizard.
 
 ## Related topics
 
@@ -92,9 +97,9 @@ Do not install the MED-V client using the Windows **runas** command.
 
 [Installation and Upgrade Checklists](installation-and-upgrade-checklists.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md b/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md
index 7452b994da..90bf368d23 100644
--- a/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md
+++ b/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install MED-V Client
 description: How to Install MED-V Client
-author: jamiejdt
+author: dansimp
 ms.assetid: bfac6de7-d96d-4b3e-bd8b-183e051e53c8
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,10 +19,10 @@ ms.date: 06/16/2016
 
 In a deployment package-based scenario, the MED-V client installation is included in the deployment package and installed directly from the package.
 
-**Important**  
+**Important**  
 When using a deployment package that does not include an image, ensure that the image is uploaded to the Web or pushed to the pre-stage folder prior to installing the deployment package.
 
- 
+
 
 **To install a deployment package**
 
@@ -33,27 +36,29 @@ When using a deployment package that does not include an image, ensure that the
 
     A dialog box appears listing the components that are already installed and those that are currently being installed.
 
-    **Note**  
+    **Note**  
     If a version of the Microsoft Virtual PC that is not supported exists on the host computer, a message will appear telling you to uninstall the existing version and run the installer again.
 
-     
 
-    **Note**  
-    If an older version of the MED-V client exists, it will prompt you asking whether you want to upgrade.
 
-     
+~~~
+**Note**  
+If an older version of the MED-V client exists, it will prompt you asking whether you want to upgrade.
 
-    Depending on the components that have been installed, you might need to reboot. If rebooting is necessary, a message appears notifying you that you must reboot.
 
-3.  If necessary, reboot the computer.
 
-    When the installation is complete, MED-V starts and a message appears notifying you that the installation is complete.
+Depending on the components that have been installed, you might need to reboot. If rebooting is necessary, a message appears notifying you that you must reboot.
+~~~
 
-4.  Log in to MED-V using the following user name and password:
+3. If necessary, reboot the computer.
 
-    -   Type in the domain name and user name followed by the password of the domain user who is permitted to work with MED-V.
+   When the installation is complete, MED-V starts and a message appears notifying you that the installation is complete.
 
-        Example: "domain\_name\\user\_name", "password"
+4. Log in to MED-V using the following user name and password:
+
+   -   Type in the domain name and user name followed by the password of the domain user who is permitted to work with MED-V.
+
+       Example: "domain\_name\\user\_name", "password"
 
 ## Related topics
 
@@ -64,9 +69,9 @@ When using a deployment package that does not include an image, ensure that the
 
 [Client Installation Command Line Reference](client-installation-command-line-reference.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-install-med-v-clientesds.md b/mdop/medv-v1/how-to-install-med-v-clientesds.md
index 3724660711..57a88f7d96 100644
--- a/mdop/medv-v1/how-to-install-med-v-clientesds.md
+++ b/mdop/medv-v1/how-to-install-med-v-clientesds.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install MED-V Client
 description: How to Install MED-V Client
-author: jamiejdt
+author: dansimp
 ms.assetid: fb35f618-684c-474f-9053-b70bb29c3cc0
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-localize-a-med-v-image.md b/mdop/medv-v1/how-to-localize-a-med-v-image.md
index 5db008c90c..e118ce3dc9 100644
--- a/mdop/medv-v1/how-to-localize-a-med-v-image.md
+++ b/mdop/medv-v1/how-to-localize-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Localize a MED-V Image
 description: How to Localize a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: adc148b3-8cfe-42a0-8847-be6b689a673a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,7 +46,7 @@ A packed image can be unpacked to the local repository by extracting it. It then
     **Note**  
     The downloaded image will not appear in the **Local Images** pane until you refresh the page. Click Refresh to see the downloaded image in the **Local Images** pane.
 
-     
+     
 
 ## Related topics
 
@@ -54,9 +57,9 @@ A packed image can be unpacked to the local repository by extracting it. It then
 
 [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md b/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md
index fc3a8a4ac6..41bf6a6b2b 100644
--- a/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md
+++ b/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Lock and Unlock a Workspace
 description: How to Lock and Unlock a Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 027166b9-0e06-4a4e-a8ac-a4d5f429656f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-pack-a-med-v-image.md b/mdop/medv-v1/how-to-pack-a-med-v-image.md
index c4a159e291..613b801c36 100644
--- a/mdop/medv-v1/how-to-pack-a-med-v-image.md
+++ b/mdop/medv-v1/how-to-pack-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Pack a MED-V Image
 description: How to Pack a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: e1ce2307-0f1b-4bf8-b146-e4012dc138d2
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,25 +35,27 @@ A MED-V image must be packed before it can be added to a deployment package or u
 
     -   In the **Image name** field, type the desired name.
 
-        **Note**  
+        **Note**  
         The following characters cannot be included in the image name: space " < > | \\ / : \* ?
 
-         
 
-        A new packed image will be created.
 
-    -   From the drop-down list, select an existing name.
+~~~
+    A new packed image will be created.
 
-        A new version of the existing image will be created.
+-   From the drop-down list, select an existing name.
 
-5.  Click **OK**.
+    A new version of the existing image will be created.
+~~~
 
-    A new MED-V packed image is created on your host computer with the properties defined in the following table.
+5. Click **OK**.
 
-**Note**  
+   A new MED-V packed image is created on your host computer with the properties defined in the following table.
+
+**Note**  
 In the **Local Packed Images** and **Packed Images on Server** panes, the most recent version of each image is displayed as the parent node. Click the parent node to view all other existing versions of the image.
 
- 
+
 
 **Local Packed Images Properties**
 
@@ -74,11 +79,10 @@ In the **Local Packed Images** and **Packed Images on Server** panes, the most r
 
    Version
    
 
    The version of the displayed image.
    
 
    
-Note  
-
    All previous versions are kept unless deleted.
    
+Note
    All previous versions are kept unless deleted.
    
 
    
 
    
- 
+
 
    
 
 
@@ -92,7 +96,7 @@ In the **Local Packed Images** and **Packed Images on Server** panes, the most r
 
 
 
- 
+
 
 ## Related topics
 
@@ -103,9 +107,9 @@ In the **Local Packed Images** and **Packed Images on Server** panes, the most r
 
 [Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md b/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md
index f94242e128..755acfb23b 100644
--- a/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md
+++ b/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Advanced File Transfer Options
 description: How to Set Advanced File Transfer Options
-author: jamiejdt
+author: dansimp
 ms.assetid: 5e9f8749-a5a9-48c6-9bfc-6b8e0cbe6cab
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md b/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md
index 22bd38136e..9971961e86 100644
--- a/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md
+++ b/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set MED-V Workspace Deletion Options
 description: How to Set MED-V Workspace Deletion Options
-author: jamiejdt
+author: dansimp
 ms.assetid: 0f85aa81-c188-4115-9141-ceba2473c00e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-set-up-script-actions.md b/mdop/medv-v1/how-to-set-up-script-actions.md
index d3d6004dfe..674cc2b942 100644
--- a/mdop/medv-v1/how-to-set-up-script-actions.md
+++ b/mdop/medv-v1/how-to-set-up-script-actions.md
@@ -1,8 +1,11 @@
 ---
 title: How to Set Up Script Actions
 description: How to Set Up Script Actions
-author: jamiejdt
+author: dansimp
 ms.assetid: 367e28f1-d8c2-4845-a01b-2fff9128ccfd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -44,26 +47,28 @@ The following is a list of actions that can be added to the domain setup script:
     **Note**  
     **Rename Computer** is configured in the **VM Settings** tab. For more information, see [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md).
 
-     
+     
 
-    **Note**  
-    To rename a computer, Windows must be restarted. It is recommended to add a Restart Windows action following a Rename Computer action.
+~~~
+**Note**  
+To rename a computer, Windows must be restarted. It is recommended to add a Restart Windows action following a Rename Computer action.
+~~~
 
-     
 
-4.  Set the order of the actions by selecting an action and clicking **Up** or **Down**.
 
-5.  Click **OK**.
+4. Set the order of the actions by selecting an action and clicking **Up** or **Down**.
 
-**Note**  
+5. Click **OK**.
+
+**Note**  
 When running the Join Domain script, for the script to work, the user logged into the MED-V workspace virtual machine must have local administrator rights.
 
- 
 
-**Note**  
+
+**Note**  
 When running the Disable Auto-Logon script, it is recommended to disable the local guest account used for the auto-logon once the initial setup is complete.
 
- 
+
 
 ### 
 
@@ -89,11 +94,10 @@ When running the Disable Auto-Logon script, it is recommended to disable the loc
 
  • Use the following credentials—The credentials specified; enter a user name and password in the corresponding fields.
    • 
 
 
    
-Note  
-
    The credentials you enter are visible to all MED-V workspace users. It is not recommended to provide domain administrator credentials.
    
+Note
    The credentials you enter are visible to all MED-V workspace users. It is not recommended to provide domain administrator credentials.
    
 
    
 
    
- 
+
 
    
 
 
@@ -109,17 +113,16 @@ When running the Disable Auto-Logon script, it is recommended to disable the loc
 
    Organization Unit
    
 
    An organization unit (OU) may be specified to join the computer to a specific OU. The format must follow an OU distinguished name: OU=<Organization Unit>,<Domain Controller> (for example, OU=QATest, DC=il, DC=MED-V, DC=com).
    
 
    
-Warning  
-
    Only a single level OU is supported as is shown in the example above.
    
+Warning
    Only a single level OU is supported as is shown in the example above.
    
 
    
 
    
- 
+ 
 
    
 
 
 
 
- 
+ 
 
 ### 
 
@@ -152,7 +155,7 @@ When running the Disable Auto-Logon script, it is recommended to disable the loc
 
 
 
- 
+ 
 
 ### 
 
@@ -211,7 +214,7 @@ When running the Disable Auto-Logon script, it is recommended to disable the loc
 
 
 
- 
+ 
 
 When configuring the command-line action, several variables can be used as defined in the following table.
 
@@ -252,7 +255,7 @@ When configuring the command-line action, several variables can be used as defin
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -261,9 +264,9 @@ When configuring the command-line action, several variables can be used as defin
 
 [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md b/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md
index 0589448bfb..d1d0b3b653 100644
--- a/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Share Folders Between the Host and the MED-V Workspace
 description: How to Share Folders Between the Host and the MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 3cb295f2-c07e-4ee6-aa3c-ce4c8c45c191
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ The following procedures demonstrate how to share folders between the host and t
         **Note**  
         Ensure that the same drive letter is not in use on both computers.
 
-         
+         
 
     4.  Click **Browse**.
 
@@ -60,11 +63,11 @@ The following procedures demonstrate how to share folders between the host and t
 **Note**  
 Ensure that both the host and MED-V workspace computers are in the same domain or workgroup.
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md b/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md
index 693e8bc4f5..bd490a205c 100644
--- a/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md
+++ b/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md
@@ -1,8 +1,11 @@
 ---
 title: How to Start and Exit the MED-V Client
 description: How to Start and Exit the MED-V Client
-author: jamiejdt
+author: dansimp
 ms.assetid: 3762bad1-6937-40fa-ab5d-61a905865214
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ ms.date: 06/16/2016
 **Note**  
 MED-V cannot be started from an elevated command prompt.
 
- 
+ 
 
 **To exit the MED-V client**
 
@@ -34,9 +37,9 @@ MED-V cannot be started from an elevated command prompt.
 
     The MED-V client exits.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md b/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md
index 869c099df5..20febc9c9a 100644
--- a/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md
+++ b/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Start, Stop, and Restart a MED-V Workspace
 description: How to Start, Stop, and Restart a MED-V Workspace
-author: jamiejdt
+author: dansimp
 ms.assetid: 54ce139c-8f32-499e-944b-72f123ebfd2d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -41,14 +44,14 @@ ms.date: 06/16/2016
     **Note**  
     The first time a MED-V workspace is started, the user name should be in the following format: <domain name>\\<user name>.
 
-     
+     
 
 4.  Select **Save my password** to save your password between sessions.
 
     **Note**  
     To enable the save password feature, the EnableSavePassword attribute must be set to True in the ClientSettings.xml file. The file can be found in the *Servers\\Configuration Server\\* folder.
 
-     
+     
 
 5.  Clear the **Start last used workspace** check box to choose a different MED-V workspace.
 
@@ -83,9 +86,9 @@ ms.date: 06/16/2016
 
 [How to Start and Exit the MED-V Client](how-to-start-and-exit-the-med-v-client.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md b/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md
index 4f8b230308..d6d2fd0dd2 100644
--- a/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md
+++ b/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md
@@ -1,8 +1,11 @@
 ---
 title: How to Uninstall MED-V Components
 description: How to Uninstall MED-V Components
-author: jamiejdt
+author: dansimp
 ms.assetid: 91bdf488-14e7-43ab-972d-9d92421acb86
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-update-a-med-v-image.md b/mdop/medv-v1/how-to-update-a-med-v-image.md
index 1e6a3668ae..bee3310208 100644
--- a/mdop/medv-v1/how-to-update-a-med-v-image.md
+++ b/mdop/medv-v1/how-to-update-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Update a MED-V Image
 description: How to Update a MED-V Image
-author: jamiejdt
+author: dansimp
 ms.assetid: 61eacf50-3a00-4bb8-b2f3-7350a6467fa1
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,7 +25,7 @@ An existing MED-V image can be updated, thereby creating a new version of the im
 **Note**  
 When a new version is deployed on the client, it overwrites the existing image. When updating an image, ensure that no data on the client needs to be saved.
 
- 
+ 
 
 **To update a MED-V image**
 
@@ -39,7 +42,7 @@ When a new version is deployed on the client, it overwrites the existing image.
     **Note**  
     If you name the image a different name than the existing version, a new image will be created rather than a new version of the existing image.
 
-     
+     
 
 6.  Upload the new version to the server or distribute it via a deployment package.
 
@@ -56,9 +59,9 @@ When a new version is deployed on the client, it overwrites the existing image.
 
 [Updating a MED-V Workspace Image](updating-a-med-v-workspace-image.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md b/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md
index 15b42edc9a..b0f1a3f4b5 100644
--- a/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md
+++ b/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md
@@ -1,8 +1,11 @@
 ---
 title: How to Upload a MED-V Image to the Server
 description: How to Upload a MED-V Image to the Server
-author: jamiejdt
+author: dansimp
 ms.assetid: 0e70dfdf-3e3a-4860-970c-535806caa907
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,10 +21,10 @@ After a MED-V image has been tested, it can be packed and then uploaded to the s
 
 Once a MED-V image is packed and uploaded to the server, it can be distributed to users by using an enterprise software distribution center, or it can be downloaded by users using a deployment package. For information on deployment using an enterprise software distribution center, see [Deploying a MED-V Workspace Using an Enterprise Software Distribution System](deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md). For information on deployment using a package, see [Deploying a MED-V Workspace Using a Deployment Package](deploying-a-med-v-workspace-using-a-deployment-package.md).
 
-**Note**  
+**Note**  
 Before uploading an image, verify that a Web proxy is not defined in your browser settings and that Windows Update is not currently running.
 
- 
+
 
 **To upload a MED-V image to the server**
 
@@ -55,11 +58,10 @@ Before uploading an image, verify that a Web proxy is not defined in your browse
 
    Version
    
 
    The version of the displayed image.
    
 
    
-Note  
-
    All previous versions are kept unless deleted.
    
+Note
    All previous versions are kept unless deleted.
    
 
    
 
    
- 
+
 
    
 
 
@@ -73,7 +75,7 @@ Before uploading an image, verify that a Web proxy is not defined in your browse
 
 
 
- 
+
 
 ## Related topics
 
@@ -86,9 +88,9 @@ Before uploading an image, verify that a Web proxy is not defined in your browse
 
 [How to Pack a MED-V Image](how-to-pack-a-med-v-image.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md b/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md
index 8eec332fd5..bb70d8a60e 100644
--- a/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md
+++ b/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md
@@ -1,8 +1,11 @@
 ---
 title: How to View MED-V Settings and General Information
 description: How to View MED-V Settings and General Information
-author: jamiejdt
+author: dansimp
 ms.assetid: c14e3f30-c4e5-47a3-8ad1-0570fc62d991
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/how-to-work-with-reports.md b/mdop/medv-v1/how-to-work-with-reports.md
index 7d9631f017..0747b58a0d 100644
--- a/mdop/medv-v1/how-to-work-with-reports.md
+++ b/mdop/medv-v1/how-to-work-with-reports.md
@@ -1,8 +1,11 @@
 ---
 title: How to Work with Reports
 description: How to Work with Reports
-author: jamiejdt
+author: dansimp
 ms.assetid: b7a660c6-74c3-4ced-a395-9e76a4362a46
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/identify-the-number-of-med-v-instances.md b/mdop/medv-v1/identify-the-number-of-med-v-instances.md
index 4329cd39d6..2454991da1 100644
--- a/mdop/medv-v1/identify-the-number-of-med-v-instances.md
+++ b/mdop/medv-v1/identify-the-number-of-med-v-instances.md
@@ -1,8 +1,11 @@
 ---
 title: Identify the Number of MED-V Instances
 description: Identify the Number of MED-V Instances
-author: jamiejdt
+author: dansimp
 ms.assetid: edea9bdf-a28c-4d24-9298-7bd6536c3a94
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/installation-and-upgrade-checklists.md b/mdop/medv-v1/installation-and-upgrade-checklists.md
index 7e30f1b087..48f64681a0 100644
--- a/mdop/medv-v1/installation-and-upgrade-checklists.md
+++ b/mdop/medv-v1/installation-and-upgrade-checklists.md
@@ -1,8 +1,11 @@
 ---
 title: Installation and Upgrade Checklists
 description: Installation and Upgrade Checklists
-author: jamiejdt
+author: dansimp
 ms.assetid: ccfdde26-4a28-4c14-888d-71b96fe7626e
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/installing-and-configuring-med-v-components.md b/mdop/medv-v1/installing-and-configuring-med-v-components.md
index 4798c21506..2c3191bd46 100644
--- a/mdop/medv-v1/installing-and-configuring-med-v-components.md
+++ b/mdop/medv-v1/installing-and-configuring-med-v-components.md
@@ -1,8 +1,11 @@
 ---
 title: Installing and Configuring MED-V Components
 description: Installing and Configuring MED-V Components
-author: jamiejdt
+author: dansimp
 ms.assetid: 4af90e9f-3c6b-4f7c-8274-56ad24173662
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/key-scenarios-for-using-med-v.md b/mdop/medv-v1/key-scenarios-for-using-med-v.md
index fb490b9fc4..206fbcc8f4 100644
--- a/mdop/medv-v1/key-scenarios-for-using-med-v.md
+++ b/mdop/medv-v1/key-scenarios-for-using-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Key Scenarios for Using MED-V
 description: Key Scenarios for Using MED-V
-author: jamiejdt
+author: dansimp
 ms.assetid: e35075e2-3401-49ae-810d-1bd51ebc7924
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-10-installation-checklist.md b/mdop/medv-v1/med-v-10-installation-checklist.md
index 09d1f51e31..8e68457769 100644
--- a/mdop/medv-v1/med-v-10-installation-checklist.md
+++ b/mdop/medv-v1/med-v-10-installation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 Installation Checklist
 description: MED-V 1.0 Installation Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: a81fd5b0-29b3-4ddc-8f60-7d44c2be9794
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,36 +33,36 @@ The following checklist is intended to provide a high-level list of items to con
 
 
 
    Ensure your computing environment meets the supported configurations required for installing MED-V 1.0.
    
-
    [MED-V 1.0 Supported Configurations](med-v-10-supported-configurationsmedv-10.md)
    
+
    MED-V 1.0 Supported Configurations
    
 
 
 
    Plan and design the MED-V server infrastructure.
    
-
    [MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md)
    
+
    MED-V Infrastructure Planning and Design
    
 
 
 
    Verify the required prerequisites are configured.
    
-
    [MED-V Installation Prerequisites](med-v-installation-prerequisites.md)
    
+
    MED-V Installation Prerequisites
    
 
 
 
    Install and configure the MED-V server.
    
-
    [How to Install and Configure the MED-V Server Component](how-to-install-and-configure-the-med-v-server-component.md)
    
+
    How to Install and Configure the MED-V Server Component
    
 
 
 
    If using an image repository, configure the image Web distribution server.
    
-
    [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md)
    
+
    How to Configure the Image Web Distribution Server
    
 
 
 
    Install the MED-V client and management console.
    
-
    [How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md)
    
+
    How to Install MED-V Client and MED-V Management Console
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/med-v-10-release-notesmedv-10.md b/mdop/medv-v1/med-v-10-release-notesmedv-10.md
index 189aad4a2e..993d756655 100644
--- a/mdop/medv-v1/med-v-10-release-notesmedv-10.md
+++ b/mdop/medv-v1/med-v-10-release-notesmedv-10.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 Release Notes
 description: MED-V 1.0 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: 006a3537-5c5b-43b5-8df8-4bf6ddd3cd2f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
index 35bc7e17e1..a439dfd41e 100644
--- a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 SP1 and SP2 Release Notes
 description: MED-V 1.0 SP1 and SP2 Release Notes
-author: jamiejdt
+author: dansimp
 ms.assetid: 0fde8732-8ad2-483c-b094-7996ed9f2766
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ To search these Release Notes, press CTRL+F.
 **Note**  
 Read these Release Notes thoroughly before you install the Microsoft Enterprise Desktop Virtualization (MED-V) platform. These Release Notes contain information that you must have to successfully install the MED-V platform. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other MED-V platform documentation, the latest change should be considered authoritative. These Release Notes supersede the content included with this product.
 
- 
+ 
 
 ## About the Product Documentation
 
@@ -68,9 +71,9 @@ Microsoft, Microsoft Enterprise Desktop Virtualization, MS-DOS, Windows, Windows
 
 The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
index 0b2af418f6..60cd668d0c 100644
--- a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 SP1 Supported Configurations
 description: MED-V 1.0 SP1 Supported Configurations
-author: jamiejdt
+author: dansimp
 ms.assetid: 4dcf37c4-a061-43d2-878c-28efc87c3cdd
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,19 +17,19 @@ ms.date: 08/30/2016
 # MED-V 1.0 SP1 Supported Configurations
 
 
-This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 Service Pack 1 (SP1) in your environment.
+This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 Service Pack 1 (SP1) in your environment.
 
-## MED-V 1.0 SP1 Client System Requirements
+## MED-V 1.0 SP1 Client System Requirements
 
 
 ### MED-V Client Operating System Requirements
 
-The following table lists the operating systems that are supported for MED-V 1.0 SP1 client installation.
+The following table lists the operating systems that are supported for MED-V 1.0 SP1 client installation.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
- 
+
 
 @@ -45,19 +48,19 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
-
+
@@ -65,14 +68,14 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Windows XP
    Windows XP
    		
 
    Professional Edition
    		
 
    SP2 or SP3
    		
 
    x86
    		
 
    
 
    Windows Vista
    Windows Vista
    		
 
    Business, Enterprise, or Ultimate
    		
 
    SP1 or SP2
    		
 
    x86
    		
 
    
 
    Windows 7
    Windows 7
    		
 
    Professional, Enterprise, or Ultimate
    		
 
    None
    		
 
    x86 or x64
    
 
    
 
- 
 
-**Note**  
+
+**Note**  
 MED-V client does not run in native x64 mode. Instead, MED-V runs in Windows on Windows 64-bit (WOW64) mode on 64-bit computers.
 
- 
 
-The following table lists the minimal RAM required for each operating system supported in MED-V 1.0 SP1.
+
+The following table lists the minimal RAM required for each operating system supported in MED-V 1.0 SP1.
 
 @@ -87,41 +90,41 @@ The following table lists the minimal RAM required for each operating system sup
 
-
+
-
+
-
+
-
+
    
 

 
 
    Windows XP Professional
    Windows XP Professional
    		
 
    1 GB
    		
 
    
 
    Windows Vista
    Windows Vista
    		
 
    2 GB
    		
 
    
 
    Windows 7 x86
    Windows 7 x86
    		
 
    2 GB
    		
 
    
 
    Windows 7 x64
    Windows 7 x64
    		
 
    3 GB
    		
 
    
     
 
    
 
- 
 
-### MED-V 1.0 SP1 Client Configuration
+
+### MED-V 1.0 SP1 Client Configuration
 
 **.NET Framework Version**
 
-The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 SP1 client installation:
+The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 SP1 client installation:
 
--   .NET Framework 2.0 or .NET Framework 2.0 SP1
+-   .NET Framework 2.0 or .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 or .NET Framework 3.0 SP1
+-   .NET Framework 3.0 or .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
 
 **Virtualization Engine**
 
-Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 SP1 client installation in the following configurations:
+Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 SP1 client installation in the following configurations:
 
 -   Static Virtual Hard Disk (VHD) file
 
@@ -131,25 +134,25 @@ Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Kn
 
 **Internet Browser**
 
-Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 SP1 client installation.
+Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 SP1 client installation.
 
 **Microsoft Hyper-V Server**
 
 The MED-V client is not supported in a Microsoft Hyper-V Server environment.
 
-## MED-V 1.0 SP1 Workspace System Requirements
+## MED-V 1.0 SP1 Workspace System Requirements
 
 
-MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0.
+MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0.
 
 ### MED-V Workspace Operating System Requirements
 
-The following table lists the operating systems supported for MED-V 1.0 SP1 workspaces.
+The following table lists the operating systems supported for MED-V 1.0 SP1 workspaces.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
- 
+
 
 @@ -168,67 +171,66 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
    
 

 
 
    Windows 2000
    Windows 2000
    		
 
    Professional
    		
 
    SP4
    		
 
    X86
    		
 
    
 
    Windows XP
    Windows XP
    		
 
    Professional Edition
    		
 
    SP2 or SP3
    
 
    
-Note  
-
    SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
    
+Note
    SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
    
 
    
 
    
- 
+
 
    		
 
    x86
    		
 
    
     
 
    
 
- 
 
-### MED-V 1.0 SP1 Workspace Configuration
+
+### MED-V 1.0 SP1 Workspace Configuration
 
 **.NET Framework Version**
 
-MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation:
+MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation:
 
--   .NET Framework 2.0 SP1
+-   .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 SP1
+-   .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
+
+**Note**  
+We recommend the .NET Framework 3.5 SP1 to ensure that the MED-V workspace is compatible with future versions of MED-V.
 
-**Note**  
-We recommend the .NET Framework 3.5 SP1 to ensure that the MED-V workspace is compatible with future versions of MED-V.
 
- 
 
 **Internet Browser**
 
-Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 SP1 workspace installation.
+Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 SP1 workspace installation.
 
 ### MED-V Workspace Images
 
-MED-V workspace images must be created by using Virtual PC 2007 SP1.
+MED-V workspace images must be created by using Virtual PC 2007 SP1.
 
-## MED-V 1.0 SP1 Server System Requirements
+## MED-V 1.0 SP1 Server System Requirements
 
 
-MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0.
+MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0.
 
-### MED-V 1.0 Server Operating System Requirements
+### MED-V 1.0 Server Operating System Requirements
 
-The following table lists the operating systems supported for MED-V 1.0 SP1 server installations.
+The following table lists the operating systems supported for MED-V 1.0 SP1 server installations.
 
-**Note**  
+**Note**  
 Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
- 
+
 
 @@ -247,13 +249,13 @@ Microsoft provides support for the current service pack and, in some cases, the
 
-
+
-
+
@@ -261,23 +263,23 @@ Microsoft provides support for the current service pack and, in some cases, the
 
    
 

 
 
    Windows Server 2008
    Windows Server 2008
    		
 
    Standard or Enterprise
    		
 
    SP1 or SP2
    		
 
    X86 or x64
    		
 
    
 
    Windows Server 2008 R2
    Windows Server 2008 R2
    		
 
    Standard or Enterprise
    		
 
    None
    		
 
    x64
    
 
    
 
- 
 
-### MED-V 1.0 SP1 Server Configuration
+
+### MED-V 1.0 SP1 Server Configuration
 
 **.NET Framework Version**
 
-MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation:
+MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation:
 
--   .NET Framework 2.0 or .NET Framework 2.0 SP1
+-   .NET Framework 2.0 or .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 or .NET Framework 3.0 SP1
+-   .NET Framework 3.0 or .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
 
 **Microsoft SQL Server Version**
 
-The following versions of Microsoft SQL Server are supported for MED-V 1.0 SP1 when SQL Server is installed locally or remotely from the MED-V 1.0 SP1 Server:
+The following versions of Microsoft SQL Server are supported for MED-V 1.0 SP1 when SQL Server is installed locally or remotely from the MED-V 1.0 SP1 Server:
 
 @@ -296,13 +298,13 @@ The following versions of Microsoft SQL Server are supported for MED-V 1.0 SP1 w
 
-
+
-
+
@@ -310,16 +312,16 @@ The following versions of Microsoft SQL Server are supported for MED-V 1.0 SP1 w
 
    
 

 
 
    SQL Server 2005
    SQL Server 2005
    		
 
    Express, Standard, or Enterprise Edition
    		
 
    SP2
    		
 
    X86 or x64
    		
 
    
 
    SQL Server 2008
    SQL Server 2008
    		
 
    Express, Standard, or Enterprise
    		
 
    None
    		
 
    X86 or x64
    
 
    
 
- 
+
 
 **Microsoft Hyper-V Server**
 
 The MED-V server is supported in a Microsoft Hyper-V server environment.
 
-## MED-V 1.0 SP1 Globalization Information
+## MED-V 1.0 SP1 Globalization Information
 
 
-Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 SP1 client, workspace, and server installations:
+Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 SP1 client, workspace, and server installations:
 
 -   English
 
@@ -337,9 +339,9 @@ Although MED-V is not released in languages other than English, the following Wi
 
 -   Japanese
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md
index c8e7a5f31a..631070c928 100644
--- a/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 SP1 Upgrade Checklist
 description: MED-V 1.0 SP1 Upgrade Checklist
-author: jamiejdt
+author: dansimp
 ms.assetid: 1a462b37-8c7a-4826-9175-0b1b701d345b
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,16 +45,16 @@ To upgrade Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 to MED-V 1.
 **Note**  
 If the server configuration has been changed from the default, the files might be stored in a different location.
 
- 
+ 
 
 ## Client Upgrade
 
 
 To upgrade the MED-V 1.0 client to MED-V 1.0 SP1, install the .msp file on a MED-V 1.0 client. The client and MED-V are automatically upgraded.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md b/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md
index 8c52db133b..3d45628fd0 100644
--- a/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md
+++ b/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 1.0 Supported Configurations
 description: MED-V 1.0 Supported Configurations
-author: jamiejdt
+author: dansimp
 ms.assetid: 74643de6-549e-4177-a559-6407e156ed3a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,14 +17,14 @@ ms.date: 06/16/2016
 # MED-V 1.0 Supported Configurations
 
 
-This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 in your environment.
+This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 in your environment.
 
-## MED-V 1.0 Client System Requirements
+## MED-V 1.0 Client System Requirements
 
 
 ### MED-V Client Operating System Requirements
 
-The following table lists the operating systems that are supported for MED-V 1.0 client installation.
+The following table lists the operating systems that are supported for MED-V 1.0 client installation.
 
 @@ -40,13 +43,13 @@ The following table lists the operating systems that are supported for MED-V 1.
 
-
+
-
+
@@ -54,28 +57,28 @@ The following table lists the operating systems that are supported for MED-V 1.
 
    
 

 
 
    Windows XP
    Windows XP
    		
 
    Professional Edition
    		
 
    SP2 or SP3
    		
 
    x86
    		
 
    
 
    Windows Vista
    Windows Vista
    		
 
    Business, Enterprise, or Ultimate Edition
    		
 
    SP1 or SP2
    		
 
    x86
    
 
    
 
- 
 
-**Note**  
+
+**Note**  
 MED-V client does not run in native x64 mode. Instead, MED-V runs in Windows on Windows 64-bit (WOW64) mode on 64-bit computers.
 
- 
 
-### MED-V 1.0 Client Configuration
+
+### MED-V 1.0 Client Configuration
 
 **.NET Framework Version**
 
-The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 client installation:
+The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 client installation:
 
--   .NET Framework 2.0 or .NET Framework 2.0 SP1
+-   .NET Framework 2.0 or .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 or .NET Framework 3.0 SP1
+-   .NET Framework 3.0 or .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
 
 **Virtualization Engine**
 
-Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 client installation in the following configurations:
+Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 client installation in the following configurations:
 
 -   Static Virtual Hard Disk (VHD) file
 
@@ -85,18 +88,18 @@ Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Kn
 
 **Internet Browser**
 
-Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 client installation.
+Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 client installation.
 
 **Microsoft Hyper-V Server**
 
 The MED-V client is not supported in a Microsoft Hyper-V server environment.
 
-## MED-V 1.0 Workspace System Requirements
+## MED-V 1.0 Workspace System Requirements
 
 
 ### MED-V Workspace Operating System Requirements
 
-The following table lists the operating systems supported for MED-V 1.0 workspaces.
+The following table lists the operating systems supported for MED-V 1.0 workspaces.
 
 @@ -115,60 +118,59 @@ The following table lists the operating systems supported for MED-V 1.0 workspa
 
-
+
-
+
    
 

 
 
    Windows 2000
    Windows 2000
    		
 
    Professional
    		
 
    SP4
    		
 
    X86
    		
 
    
 
    Windows XP
    Windows XP
    		
 
    Professional Edition
    		
 
    SP2 or SP3
    
 
    
-Note  
-
    SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
    
+Note
    SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
    
 
    
 
    
- 
+
 
    		
 
    x86
    		
 
    
     
 
    
 
- 
 
-### MED-V 1.0 Workspace Configuration
+
+### MED-V 1.0 Workspace Configuration
 
 **.NET Framework Version**
 
-MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation:
+MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation:
 
--   .NET Framework 2.0 SP1
+-   .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 SP1
+-   .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
+
+**Note**  
+.NET Framework 3.5 SP1 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
 
-**Note**  
-.NET Framework 3.5 SP1 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.
 
- 
 
 **Internet Browser**
 
-Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 workspace installation.
+Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 workspace installation.
 
 ### MED-V Workspace Images
 
-MED-V workspace images must be created by using Virtual PC 2007 SP1.
+MED-V workspace images must be created by using Virtual PC 2007 SP1.
 
-## MED-V 1.0 Server System Requirements
+## MED-V 1.0 Server System Requirements
 
 
-### MED-V 1.0 Server Operating System Requirements
+### MED-V 1.0 Server Operating System Requirements
 
-The following table lists the operating systems supported for MED-V 1.0 server installations.
+The following table lists the operating systems supported for MED-V 1.0 server installations.
 
 @@ -187,7 +189,7 @@ The following table lists the operating systems supported for MED-V 1.0 server
 
-
+
@@ -195,23 +197,23 @@ The following table lists the operating systems supported for MED-V 1.0 server
 
    
 

 
 
    Windows Server 2008
    Windows Server 2008
    		
 
    Standard or Enterprise
    		
 
    None
    		
 
    X86 or x64
    
 
    
 
- 
 
-### MED-V 1.0 Server Configuration
+
+### MED-V 1.0 Server Configuration
 
 **.NET Framework Version**
 
-MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation:
+MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation:
 
--   .NET Framework 2.0 or .NET Framework 2.0 SP1
+-   .NET Framework 2.0 or .NET Framework 2.0 SP1
 
--   .NET Framework 3.0 or .NET Framework 3.0 SP1
+-   .NET Framework 3.0 or .NET Framework 3.0 SP1
 
--   .NET Framework 3.5 or .NET Framework 3.5 SP1
+-   .NET Framework 3.5 or .NET Framework 3.5 SP1
 
 **Microsoft SQL Server Version**
 
-The following versions of Microsoft SQL Server are supported for MED-V 1.0 when SQL Server is installed locally or remotely from the MED-V 1.0 Server:
+The following versions of Microsoft SQL Server are supported for MED-V 1.0 when SQL Server is installed locally or remotely from the MED-V 1.0 Server:
 
 @@ -230,13 +232,13 @@ The following versions of Microsoft SQL Server are supported for MED-V 1.0 when
 
-
+
-
+
@@ -244,16 +246,16 @@ The following versions of Microsoft SQL Server are supported for MED-V 1.0 when
 
    
 

 
 
    SQL Server 2005
    SQL Server 2005
    		
 
    Express, Standard, or Enterprise Edition
    		
 
    SP2
    		
 
    X86 or x64
    		
 
    
 
    SQL Server 2008
    SQL Server 2008
    		
 
    Express, Standard, or Enterprise
    		
 
    None
    		
 
    X86 or x64
    
 
    
 
- 
+
 
 **Microsoft Hyper-V Server**
 
 The MED-V server is supported in a Microsoft Hyper-V server environment.
 
-## MED-V 1.0 Globalization Information
+## MED-V 1.0 Globalization Information
 
 
-Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 client, workspace, and server installations:
+Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 client, workspace, and server installations:
 
 -   English
 
@@ -267,9 +269,9 @@ Although MED-V is not released in languages other than English, the following Wi
 
 -   Portuguese (Brazil)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v1/med-v-client-operations.md b/mdop/medv-v1/med-v-client-operations.md
index a273c3227e..ecc32946a9 100644
--- a/mdop/medv-v1/med-v-client-operations.md
+++ b/mdop/medv-v1/med-v-client-operations.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Client Operations
 description: MED-V Client Operations
-author: jamiejdt
+author: dansimp
 ms.assetid: 4a5fffd2-f3f4-4e86-8529-e1386ba46c9a
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-client-toolsv2.md b/mdop/medv-v1/med-v-client-toolsv2.md
index 08db32cc7b..8d763f41b6 100644
--- a/mdop/medv-v1/med-v-client-toolsv2.md
+++ b/mdop/medv-v1/med-v-client-toolsv2.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Client Tools
 description: MED-V Client Tools
-author: jamiejdt
+author: dansimp
 ms.assetid: ea18d82e-2433-4754-85ac-6eac84bcbb01
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,7 +33,7 @@ The File Transfer Tool can be used to copy files or folders from the MED-V works
 **Note**  
 The File Transfer Tool is enabled only when the MED-V workspace is running.
 
- 
+ 
 
 **To copy files or folders from a MED-V workspace that is currently running**
 
@@ -98,9 +101,9 @@ The following functions can be performed using the diagnostic tool:
 
 -   Browse image store—View all available MED-V workspace images.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/med-v-deployment-and-configuration.md b/mdop/medv-v1/med-v-deployment-and-configuration.md
index 048966f72d..4360637610 100644
--- a/mdop/medv-v1/med-v-deployment-and-configuration.md
+++ b/mdop/medv-v1/med-v-deployment-and-configuration.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Deployment and Configuration
 description: MED-V Deployment and Configuration
-author: jamiejdt
+author: dansimp
 ms.assetid: 3a224c78-58b0-454c-ad6d-5ce87fbb2526
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-infrastructure-planning-and-design.md b/mdop/medv-v1/med-v-infrastructure-planning-and-design.md
index 6bd69ab76e..6ad5828d2b 100644
--- a/mdop/medv-v1/med-v-infrastructure-planning-and-design.md
+++ b/mdop/medv-v1/med-v-infrastructure-planning-and-design.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Infrastructure Planning and Design
 description: MED-V Infrastructure Planning and Design
-author: jamiejdt
+author: dansimp
 ms.assetid: 6129b8f6-4b20-4403-8edd-68b007791139
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-installation-prerequisites.md b/mdop/medv-v1/med-v-installation-prerequisites.md
index c359eb4f66..ef53525088 100644
--- a/mdop/medv-v1/med-v-installation-prerequisites.md
+++ b/mdop/medv-v1/med-v-installation-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Installation Prerequisites
 description: MED-V Installation Prerequisites
-author: jamiejdt
+author: dansimp
 ms.assetid: cf3c0906-23eb-4c4a-8951-a65741720f95
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -91,7 +94,7 @@ To prevent antivirus activity from affecting the performance of the virtual desk
 **Important**  
 If Virtual PC for Windows exists on the host computer, uninstall it before installing Virtual PC 2007 SP1.
 
- 
+ 
 
 **To install Microsoft Virtual PC 2007 SP1**
 
@@ -106,16 +109,16 @@ If Virtual PC for Windows exists on the host computer, uninstall it before insta
     **Note**  
     The Virtual PC 2007 SP1 update is required for running Virtual PC 2007 SP1.
 
-     
+     
 
 ## Related topics
 
 
 [Supported Configurations](supported-configurationsmedv-orientation.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/med-v-operations.md b/mdop/medv-v1/med-v-operations.md
index 91bd79d67f..4c5bed949c 100644
--- a/mdop/medv-v1/med-v-operations.md
+++ b/mdop/medv-v1/med-v-operations.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Operations
 description: MED-V Operations
-author: jamiejdt
+author: dansimp
 ms.assetid: ce362dc0-47a4-4e66-af64-66734fa50c08
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-reporting.md b/mdop/medv-v1/med-v-reporting.md
index 4a4e104c25..079276d2e5 100644
--- a/mdop/medv-v1/med-v-reporting.md
+++ b/mdop/medv-v1/med-v-reporting.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Reporting
 description: MED-V Reporting
-author: jamiejdt
+author: dansimp
 ms.assetid: b379153b-be89-4a76-a284-2bb4591c3490
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md b/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md
index ecd55cf23c..e8b68e25fc 100644
--- a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md
+++ b/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Trim Transfer Technology
 description: MED-V Trim Transfer Technology
-author: jamiejdt
+author: dansimp
 ms.assetid: 2744e855-a486-4028-9606-f0084794ec65
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/overview-of-med-v.md b/mdop/medv-v1/overview-of-med-v.md
index e612667e99..1630db52bc 100644
--- a/mdop/medv-v1/overview-of-med-v.md
+++ b/mdop/medv-v1/overview-of-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of MED-V
 description: Overview of MED-V
-author: jamiejdt
+author: dansimp
 ms.assetid: 32a85b79-91b0-4507-a57a-01ff0fa029f5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/supported-configurationsmedv-orientation.md b/mdop/medv-v1/supported-configurationsmedv-orientation.md
index e9be1c8b18..f05c6462b7 100644
--- a/mdop/medv-v1/supported-configurationsmedv-orientation.md
+++ b/mdop/medv-v1/supported-configurationsmedv-orientation.md
@@ -1,8 +1,11 @@
 ---
 title: Supported Configurations
 description: Supported Configurations
-author: jamiejdt
+author: dansimp
 ms.assetid: c1438455-445a-4bc8-ae20-483b26181f6f
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/technical-referencemedv-10-sp1.md b/mdop/medv-v1/technical-referencemedv-10-sp1.md
index c7bf73e776..aaaad698a3 100644
--- a/mdop/medv-v1/technical-referencemedv-10-sp1.md
+++ b/mdop/medv-v1/technical-referencemedv-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference
 description: Technical Reference
-author: jamiejdt
+author: dansimp
 ms.assetid: 387462c7-bb46-40b8-b4cf-ee9453972582
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/troubleshooting-med-v.md b/mdop/medv-v1/troubleshooting-med-v.md
index bc669d94a4..60afd6e0d8 100644
--- a/mdop/medv-v1/troubleshooting-med-v.md
+++ b/mdop/medv-v1/troubleshooting-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MED-V
 description: Troubleshooting MED-V
-author: jamiejdt
+author: dansimp
 ms.assetid: f43dae36-6485-4e06-9c66-0a646e27079d
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v1/updating-a-med-v-workspace-image.md b/mdop/medv-v1/updating-a-med-v-workspace-image.md
index 4dba9fdb77..f5095643c7 100644
--- a/mdop/medv-v1/updating-a-med-v-workspace-image.md
+++ b/mdop/medv-v1/updating-a-med-v-workspace-image.md
@@ -1,8 +1,11 @@
 ---
 title: Updating a MED-V Workspace Image
 description: Updating a MED-V Workspace Image
-author: jamiejdt
+author: dansimp
 ms.assetid: 1b9c4a73-3487-43d2-98e3-43dbc79e10e3
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -64,7 +67,7 @@ An image can be updated in one of the following ways:
     **Note**  
     If you name the image a different name than the existing version, a new image will be created rather than a new version of the existing image.
 
-     
+     
 
 6.  Upload the new version to the server, push it to the image pre-stage folder, or distribute it via a deployment package.
 
@@ -79,9 +82,9 @@ An image can be updated in one of the following ways:
 
 [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v1/using-the-med-v-management-console-user-interface.md b/mdop/medv-v1/using-the-med-v-management-console-user-interface.md
index acc9a83419..9fc4f72eb1 100644
--- a/mdop/medv-v1/using-the-med-v-management-console-user-interface.md
+++ b/mdop/medv-v1/using-the-med-v-management-console-user-interface.md
@@ -1,8 +1,11 @@
 ---
 title: Using the MED-V Management Console User Interface
 description: Using the MED-V Management Console User Interface
-author: jamiejdt
+author: dansimp
 ms.assetid: f42714d7-6f0c-4995-ab31-d4ef0845a22c
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ The console user interface is divided into the following sections:
 **Note**  
 For security reasons, the first user to log in to the MED-V management console will become the only user on that computer allowed to access the management console.
 
- 
+ 
 
 **To log in**
 
@@ -53,7 +56,7 @@ For security reasons, the first user to log in to the MED-V management console w
     **Note**  
     When configuring the server, users with full access as well as users with read-only access are defined. All users must be domain users. The domain user name and password is used for MED-V management login.
 
-     
+     
 
 2.  Click **OK**.
 
@@ -64,9 +67,9 @@ For security reasons, the first user to log in to the MED-V management console w
 
 [How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/about-med-v-20.md b/mdop/medv-v2/about-med-v-20.md
index 3be9b15400..d93dfacd2d 100644
--- a/mdop/medv-v2/about-med-v-20.md
+++ b/mdop/medv-v2/about-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: About MED-V 2.0
 description: About MED-V 2.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 7ec53f2c-db6e-4a6b-a069-99d0c25cd101
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/authentication-of-med-v-end-users.md b/mdop/medv-v2/authentication-of-med-v-end-users.md
index 328c317940..b9265d581c 100644
--- a/mdop/medv-v2/authentication-of-med-v-end-users.md
+++ b/mdop/medv-v2/authentication-of-med-v-end-users.md
@@ -1,8 +1,11 @@
 ---
 title: Authentication of MED-V End Users
 description: Authentication of MED-V End Users
-author: jamiejdt
+author: dansimp
 ms.assetid: aaf96eb6-91d1-4f4d-9854-5fc73c7ae7ab
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -49,10 +52,10 @@ Following is the policy path for the Terminal Services policy named DisablePassw
 
 HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Virtual Machine\\Policies\\DisablePasswordSaving
 
-**Note**  
+**Note**  
 The changes that you make to DisablePasswordSaving only affect the RDP prompt to a virtual machine.
 
- 
+
 
 The following table lists the different ways you can configure your settings for credential storing and the effects of the different configurations:
 
@@ -81,35 +84,33 @@ The following table lists the different ways you can configure your settings for
 
    
 
    If the end user does not select the check box, the Remote Desktop Connection (RDC) Client prompt is presented instead of the MED-V prompt, and the check box to accept is cleared. If the end user selects the check box, the RDC Client credential is stored for later use.
    
 
    
-Important  
-
    RDC does not validate credentials when the end user enters them. If the end user caches the credentials through the RDC prompt, there is a risk that incorrect credentials might be stored. In this case, the incorrect credentials must be deleted in the Windows Credential Manager.
    
+Important
    RDC does not validate credentials when the end user enters them. If the end user caches the credentials through the RDC prompt, there is a risk that incorrect credentials might be stored. In this case, the incorrect credentials must be deleted in the Windows Credential Manager.
    
 
    
 
    
- 
+
 
    
 
 
 
    DisablePasswordSaving
    
 
    Enabled
    
 
    
-Note  
-
    This configuration is more secure because it does not allow end user credentials to be cached.
    
+Note
    This configuration is more secure because it does not allow end user credentials to be cached.
    
 
    
 
    
- 
+
 
    
 
 
 
 
- 
+
 
 By default, the MED-V installation sets a registry key in the guest to suppress the "password about to expire" prompt. The end user is only prompted for a password change on the host. Credentials that are updated on the host are passed to the guest.
 
-**Caution**  
+**Caution**  
 If you use Group Policy in your environment, know that it can override the registry key causing the password prompts from the guest to reappear.
 
- 
+
 
 ### Security Concerns with Authentication
 
@@ -124,9 +125,9 @@ This same concern exists when MED-V authentication is disabled but the Terminal
 
 [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/command-line-options-for-med-v-installation-files.md b/mdop/medv-v2/command-line-options-for-med-v-installation-files.md
index 456e6f5efd..414a684521 100644
--- a/mdop/medv-v2/command-line-options-for-med-v-installation-files.md
+++ b/mdop/medv-v2/command-line-options-for-med-v-installation-files.md
@@ -1,8 +1,11 @@
 ---
 title: Command-Line Options for MED-V Installation Files
 description: Command-Line Options for MED-V Installation Files
-author: jamiejdt
+author: dansimp
 ms.assetid: 7b8cd3e4-1d09-44a0-b690-f85b0d0a6b02
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md b/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md
index 69c3252f99..42d933514a 100644
--- a/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md
+++ b/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md
@@ -1,8 +1,11 @@
 ---
 title: Compacting the MED-V Virtual Hard Disk
 description: Compacting the MED-V Virtual Hard Disk
-author: jamiejdt
+author: dansimp
 ms.assetid: 5e6122d1-9847-4b33-adab-594919eec3c5
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Although it is optional, you can compact the virtual hard disk (VHD) to reclaim
 **Important**  
 Before you proceed, create a backup copy of your Windows XP image.
 
- 
+ 
 
 **Preparing the Virtual Hard Disk**
 
@@ -110,9 +113,9 @@ Create a backup copy of your compacted virtual hard disk.
 
 [Technical Reference for MED-V](technical-reference-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/configure-environment-prerequisites.md b/mdop/medv-v2/configure-environment-prerequisites.md
index 655bc88c78..23fec1d335 100644
--- a/mdop/medv-v2/configure-environment-prerequisites.md
+++ b/mdop/medv-v2/configure-environment-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Environment Prerequisites
 description: Configure Environment Prerequisites
-author: jamiejdt
+author: dansimp
 ms.assetid: 7379e8e5-1cb2-4b8e-8acc-5c04e26f8c91
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,12 +34,12 @@ The MED-V Host and Guest agents and the MED-V Workspace Packager require the Mic
 **Important**  
 You must also install the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues.
 
- 
+ 
 
 **Note**  
 You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. However, by default, the Microsoft .NET Framework 3.5 SP1 and the update are included when you install Windows 7 on the host computer.
 
- 
+ 
 
 **An Active Directory Infrastructure**
 
@@ -51,9 +54,9 @@ Group Policy provides the centralized management and configuration of operating
 
 [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/configure-installation-prerequisites.md b/mdop/medv-v2/configure-installation-prerequisites.md
index f52d72ab06..04885dd2fb 100644
--- a/mdop/medv-v2/configure-installation-prerequisites.md
+++ b/mdop/medv-v2/configure-installation-prerequisites.md
@@ -1,8 +1,11 @@
 ---
 title: Configure Installation Prerequisites
 description: Configure Installation Prerequisites
-author: jamiejdt
+author: dansimp
 ms.assetid: ff9cf28a-3eac-4b6c-8ce9-bfc202f57947
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,7 +31,7 @@ The following instructions are prerequisites for installing and using Microsoft
 **Important**  
 If a version of Virtual PC for Windows already exists on the host computer, you must uninstall it before you install Windows Virtual PC.
 
- 
+ 
 
 **To install Windows Virtual PC**
 
@@ -39,7 +42,7 @@ If a version of Virtual PC for Windows already exists on the host computer, you
 **Important**  
 Windows Virtual PC includes the Integration Components package, which provides features that improve the interaction between the virtual environment and the physical computer. For example, it lets your mouse move between the host and the guest computers. MED-V requires the installation of the Integration Components package.
 
- 
+ 
 
 ## How to Install and Configure the Windows Virtual PC Update
 
@@ -49,12 +52,12 @@ The Microsoft update associated with article KB977206 enables Windows XP Mode fo
 **Important**  
 You do not have to install this update when you are installing MED-V on host computers that are running Windows 7 with Service Pack 1.
 
- 
+ 
 
 **Tip**  
 In addition to the update listed here, we recommend that you review all available Windows Virtual PC updates and apply those updates that are appropriate or necessary for your environment.
 
- 
+ 
 
 **To install the Windows Virtual PC Update**
 
@@ -90,9 +93,9 @@ To prevent antivirus activity from affecting the performance of the virtual desk
 
 [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
index 6ad4dde0d7..2bae530b8d 100644
--- a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring a Windows Virtual PC Image for MED-V
 description: Configuring a Windows Virtual PC Image for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: d87a0df8-9e08-4d1e-bfb0-9dc3cebf0d28
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,35 +23,35 @@ First time setup prepares the MED-V workspace for an end user. The process creat
 
 Follow these steps to configure your MED-V image for running first time setup:
 
-1.  As an option, you can compact the virtual hard disk (VHD) to reclaim empty disk space and reduce the size of the VHD before you continue with configuring the Windows Virtual PC image. For more information, see [Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md).
+1. As an option, you can compact the virtual hard disk (VHD) to reclaim empty disk space and reduce the size of the VHD before you continue with configuring the Windows Virtual PC image. For more information, see [Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md).
 
-2.  Customize the virtual machine setup process.
+2. Customize the virtual machine setup process.
 
-3.  Seal the MED-V image by using Sysprep.
+3. Seal the MED-V image by using Sysprep.
 
- **Customizing the Virtual Machine Setup Process**
+   **Customizing the Virtual Machine Setup Process**
 
-1.  As part of preparing your image for use with MED-V, you can configure various settings on the virtual machine, such as specifying the settings for running Windows Update. Specify all the necessary virtual machine settings before you create the MED-V workspace package.
+4. As part of preparing your image for use with MED-V, you can configure various settings on the virtual machine, such as specifying the settings for running Windows Update. Specify all the necessary virtual machine settings before you create the MED-V workspace package.
 
-2.  Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
+5. Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
 
-    **Note**  
-    You can set up your Sysprep.inf file to disable restore points when first time setup is run. For an example of setting this GuiRunOnce key, see the sample Sysprep.inf file later in this section.
+   **Note**  
+   You can set up your Sysprep.inf file to disable restore points when first time setup is run. For an example of setting this GuiRunOnce key, see the sample Sysprep.inf file later in this section.
 
-     
 
-3.  Configure the setup process to run Mini-Setup instead of the default Windows Welcome. You must either run the Sysprep tool by using the **-mini** switch, or select the **MiniSetup** check box in the graphical user interface. For more information, see [How to Seal the Image with Sysprep](#bkmk-seal).
 
-    **Calling the First time setup Completion File**
+6. Configure the setup process to run Mini-Setup instead of the default Windows Welcome. You must either run the Sysprep tool by using the **-mini** switch, or select the **MiniSetup** check box in the graphical user interface. For more information, see [How to Seal the Image with Sysprep](#bkmk-seal).
 
-    1.  An executable called FtsCompletion.exe is included as part of the installation of the MED-V Guest Agent. By default, it is located in the system drive of your MED-V image under **Program Files – Microsoft Enterprise Desktop Virtualization**.
+   **Calling the First time setup Completion File**
 
-        **Important**  
-        As the final step in the first time setup process, you must run this executable program. The user for whom the executable program is being called must be a member of the guest’s local administrator group.
+   1.  An executable called FtsCompletion.exe is included as part of the installation of the MED-V Guest Agent. By default, it is located in the system drive of your MED-V image under **Program Files – Microsoft Enterprise Desktop Virtualization**.
 
-         
+       **Important**  
+       As the final step in the first time setup process, you must run this executable program. The user for whom the executable program is being called must be a member of the guest’s local administrator group.
 
-    2.  You can decide how you want to call this executable program, for example, through a script that is deployed with the MED-V workspace. You can call this executable as the last line of your Sysprep.inf file. For an example of how to call this executable program in your Sysprep.inf file, see the sample file later in this section.
+
+
+   2.  You can decide how you want to call this executable program, for example, through a script that is deployed with the MED-V workspace. You can call this executable as the last line of your Sysprep.inf file. For an example of how to call this executable program in your Sysprep.inf file, see the sample file later in this section.
 
 After you have completed customization of your MED-V image, you are ready to seal the image by using Sysprep.
 
@@ -58,88 +61,90 @@ After you have completed customization of your MED-V image, you are ready to sea
 
 2.  In a MED-V environment, you can use Sysprep to assign unique security IDs (SID) and other settings to each MED-V workspace the first time that they are started.
 
-    **Note**  
+    **Note**  
     For more information about how to use Sysprep, see [Sysprep Technical Reference](https://go.microsoft.com/fwlink/?LinkId=195930) (https://go.microsoft.com/fwlink/?LinkId=195930).
 
-     
 
-    **Caution**  
-    When you use non-ASCII characters in the Sysprep.inf file, you must save the file by using the encoding appropriate for the characters entered. Windows XP expects the Sysprep.inf file to be encoded by using the code page for the language that you are targeting.
 
-    You must also make sure that the System Locale of the computers to which the MED-V workspace is deployed is set to handle the language specific characters that might be present in the Sysprep.inf file. To change the settings for the System Locale, follow these steps:
+~~~
+**Caution**  
+When you use non-ASCII characters in the Sysprep.inf file, you must save the file by using the encoding appropriate for the characters entered. Windows XP expects the Sysprep.inf file to be encoded by using the code page for the language that you are targeting.
 
-    1.  To open Region and Language, click **Start**, click **Control Panel**, and then click **Region and Language**.
+You must also make sure that the System Locale of the computers to which the MED-V workspace is deployed is set to handle the language specific characters that might be present in the Sysprep.inf file. To change the settings for the System Locale, follow these steps:
 
-    2.  Click the **Administrative** tab, and then click **Change System Locale** under **Language for non-Unicode programs**.
+1.  To open Region and Language, click **Start**, click **Control Panel**, and then click **Region and Language**.
 
-        If you are prompted for an administrator password or confirmation, type the administrator password or provide confirmation.
+2.  Click the **Administrative** tab, and then click **Change System Locale** under **Language for non-Unicode programs**.
 
-    3.  Select your preferred language and then click **OK**.
+    If you are prompted for an administrator password or confirmation, type the administrator password or provide confirmation.
 
-     
+3.  Select your preferred language and then click **OK**.
 
-    **To configure Sysprep on the MED-V Guest Computer**
 
-    1.  Create a folder named *Sysprep* in the root of the MED-V image system drive.
 
-    2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](https://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195928).
+**To configure Sysprep on the MED-V Guest Computer**
 
-    3.  From the deploy.cab file, copy or extract the Setupmgr.exe, Sysprep.exe, and Setupcl.exe files to the Sysprep folder.
+1.  Create a folder named *Sysprep* in the root of the MED-V image system drive.
 
-    4.  In the Sysprep folder, run **Setup Manager** (Setupmgr.exe) to create a Sysprep.inf answer file.
+2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](https://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195928).
 
-        Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](https://go.microsoft.com/fwlink/?LinkId=195929) (https://go.microsoft.com/fwlink/?LinkId=195929).
+3.  From the deploy.cab file, copy or extract the Setupmgr.exe, Sysprep.exe, and Setupcl.exe files to the Sysprep folder.
 
-    5.  Follow the **Setup Manager** wizard.
+4.  In the Sysprep folder, run **Setup Manager** (Setupmgr.exe) to create a Sysprep.inf answer file.
 
-        **Important**  
-        You must configure the MED-V guest to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host.
+    Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](https://go.microsoft.com/fwlink/?LinkId=195929) (https://go.microsoft.com/fwlink/?LinkId=195929).
 
-         
+5.  Follow the **Setup Manager** wizard.
 
-        **Caution**  
-        When you configure a proxy account for joining virtual machines to the domain, know that it is possible for an end user to obtain the proxy account credentials. Take all the necessary security precautions to minimize risk, such as limiting account user rights. For more information about security concerns when you configure a Windows Virtual PC image for MED-V, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
+    **Important**  
+    You must configure the MED-V guest to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host.
 
-         
 
-        If end users must provide information during the first time setup process based on the parameters specified in the Sysprep.inf file, you must also specify that first time setup is run in **Attended** mode when you are creating your MED-V workspace package. If no information will be required from the end user, you can specify that first time setup is run in **Unattended** mode when you are creating your MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-        Although you can specify any settings that you prefer, a MED-V best practice is that you create the Sysprep.inf file so that first time setup can be run in **Unattended** mode. This requires that you provide all of the required settings information as you continue through the **Setup Manager** wizard.
+    **Caution**  
+    When you configure a proxy account for joining virtual machines to the domain, know that it is possible for an end user to obtain the proxy account credentials. Take all the necessary security precautions to minimize risk, such as limiting account user rights. For more information about security concerns when you configure a Windows Virtual PC image for MED-V, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
 
-        **Caution**  
-        If you have set a local policy or registry entry to include a service level agreement (SLA) in your image (VHD), you must specify that first time setup is run in **Attended** mode or first time setup will fail. Or, a MED-V best practice is to enforce the SLA through Group Policy later so that the SLA is displayed to the end user after first time setup is finished.
 
-         
 
-        **Note**  
-        You can configure the MED-V workspace to set certain Sysprep.inf settings based on the configuration of the host and the identity of the end user. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
+    If end users must provide information during the first time setup process based on the parameters specified in the Sysprep.inf file, you must also specify that first time setup is run in **Attended** mode when you are creating your MED-V workspace package. If no information will be required from the end user, you can specify that first time setup is run in **Unattended** mode when you are creating your MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-         
+    Although you can specify any settings that you prefer, a MED-V best practice is that you create the Sysprep.inf file so that first time setup can be run in **Unattended** mode. This requires that you provide all of the required settings information as you continue through the **Setup Manager** wizard.
 
-    6.  Seal the MED-V image.
+    **Caution**  
+    If you have set a local policy or registry entry to include a service level agreement (SLA) in your image (VHD), you must specify that first time setup is run in **Attended** mode or first time setup will fail. Or, a MED-V best practice is to enforce the SLA through Group Policy later so that the SLA is displayed to the end user after first time setup is finished.
 
-        **Important**  
-        We recommend that you make a backup copy of the MED-V image before sealing it.
 
-         
 
-        After you have completed all the steps in the **Setup Manager** wizard, you are ready to run Sysprep to seal the MED-V image.
+    **Note**  
+    You can configure the MED-V workspace to set certain Sysprep.inf settings based on the configuration of the host and the identity of the end user. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-    **To run Sysprep**
 
-    1.  Run the System Preparation Tool (Sysprep.exe) from the *Sysprep* folder that you created when you configured Sysprep in the MED-V virtual machine.
 
-    2.  In the warning message box that appears, click **OK**.
+6.  Seal the MED-V image.
 
-    3.  In the **Options** dialog box, select the **Don't reset grace period for activation** and **Use Mini-Setup** check boxes. Also, make sure that the **Shutdown mode** box is set to **Shut down**.
+    **Important**  
+    We recommend that you make a backup copy of the MED-V image before sealing it.
 
-    4.  Click **Reseal**. This removes identity information and clears event logs to prepare for first time setup.
 
-    5.  If you are not satisfied with the information listed in the confirmation message box that appears, click **Cancel** and then change the selections.
 
-    6.  Click **OK** to complete the system preparation process.
+    After you have completed all the steps in the **Setup Manager** wizard, you are ready to run Sysprep to seal the MED-V image.
 
-    After you have run Sysprep on your MED-V image, the virtual machine shuts down and is ready for use in creating a MED-V workspace.
+**To run Sysprep**
+
+1.  Run the System Preparation Tool (Sysprep.exe) from the *Sysprep* folder that you created when you configured Sysprep in the MED-V virtual machine.
+
+2.  In the warning message box that appears, click **OK**.
+
+3.  In the **Options** dialog box, select the **Don't reset grace period for activation** and **Use Mini-Setup** check boxes. Also, make sure that the **Shutdown mode** box is set to **Shut down**.
+
+4.  Click **Reseal**. This removes identity information and clears event logs to prepare for first time setup.
+
+5.  If you are not satisfied with the information listed in the confirmation message box that appears, click **Cancel** and then change the selections.
+
+6.  Click **OK** to complete the system preparation process.
+
+After you have run Sysprep on your MED-V image, the virtual machine shuts down and is ready for use in creating a MED-V workspace.
+~~~
 
 ## Example
 
@@ -190,8 +195,8 @@ Here is an example of a Sysprep.inf file.
     Language=00000409
 
 [GuiRunOnce]
-    Command0="wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\"
-    Command1="c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe"
+    Command0="wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\"
+    Command1="c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe"
 
 [sysprepcleanup]
 ```
@@ -203,9 +208,9 @@ Here is an example of a Sysprep.inf file.
 
 [Prepare a MED-V Image](prepare-a-med-v-image.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md b/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md
index 0de486f473..2cd2f9a102 100644
--- a/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md
+++ b/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring Advanced Settings by Using Windows PowerShell
 description: Configuring Advanced Settings by Using Windows PowerShell
-author: jamiejdt
+author: levinec
 ms.assetid: 437a31cc-2a11-456f-b448-b0b869fb53f7
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -79,7 +82,7 @@ Run Windows PowerShell with administrative credentials, and ensure that the Wind
 
     This command runs the Windows PowerShell script and runs the **New-MedvWorkspace** cmdlet to generate a new MED-V workspace package. The new packager files are saved in the folder that you originally specified for storing your MED-V Workspace Packager files. For additional help about this cmdlet, see the Windows PowerShell Help.
 
- 
+ 
 
 ## Exporting a MED-V Configuration to a Registry File
 
@@ -99,9 +102,9 @@ You can import the resultant registry file from the host computer to a MED-V wor
 
 [Test And Deploy the MED-V Workspace Package](test-and-deploy-the-med-v-workspace-package.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/create-a-med-v-workspace-package.md b/mdop/medv-v2/create-a-med-v-workspace-package.md
index 5957081174..7dac2edf43 100644
--- a/mdop/medv-v2/create-a-med-v-workspace-package.md
+++ b/mdop/medv-v2/create-a-med-v-workspace-package.md
@@ -1,8 +1,11 @@
 ---
 title: Create a MED-V Workspace Package
 description: Create a MED-V Workspace Package
-author: jamiejdt
+author: levinec
 ms.assetid: 3f75fe73-41ac-4389-ae21-5efb2d437f4d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ Use the **MED-V Workspace Packager** to create MED-V workspaces. The **MED-V Wor
 
 -   A **Help Center** on the right-hand side of the window that provides information and guidance to help you create, test, and manage your MED-V workspaces.
 
-**Important**  
+**Important**  
 Before you can use the **MED-V Workspace Packager**, you must first make sure that the Windows PowerShell execution policy is set to Unrestricted.
 
 `Set-ExecutionPolicy Unrestricted`
@@ -45,12 +48,12 @@ If it is necessary, change the SAN policy to "Online All" by typing the followin
 
 `DISKPART> exit`
 
- 
 
-**Important**  
+
+**Important**  
 If automatic disk encryption software is installed on the computer that you use to mount the virtual hard disk and build the MED-V workspace package, you must disable the software before you start. Otherwise, you cannot use the MED-V workspace on any other computer.
 
- 
+
 
 The information we provide here can help you create your MED-V workspace deployment package.
 
@@ -67,32 +70,34 @@ Before you start to build your MED-V workspace deployment package, verify that y
 
     Your URL redirection text file or list contains those URLs that you want redirected from the host computer to Internet Explorer in the MED-V workspace. When you are using the packaging wizard to create your MED-V workspace, you import, type, or copy and paste this redirection information as one of the steps in the package creation process.
 
-    **Note**  
+    **Note**  
     URL redirection in MED-V only supports the protocols HTTP and HTTPS. MED-V does not provide support for FTP or any other protocols.
 
-     
 
-    Enter each web address on a single line, for example:
 
-    http://www.contoso.com/webapps/webapp1
+~~~
+Enter each web address on a single line, for example:
 
-    http://www.contoso.com/webapps/webapp2
+http://www.contoso.com/webapps/webapp1
 
-    http://\*.contoso.com
+http://www.contoso.com/webapps/webapp2
 
-    http://www.contoso.com/webapps/\*
+http://\*.contoso.com
+
+http://www.contoso.com/webapps/\*
+
+**Important**  
+If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding.
+~~~
 
-    **Important**  
-    If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding.
 
-     
 
 ## Packaging a MED-V Workspace for a Language Other than the Language of the MED-V Workspace Packager Computer
 
 
 By default, the MED-V workspace supports characters in both the language of the computer and in English. To create a MED-V workspace for a language other than the one installed on the computer, specify **-loc \[locale\]** in the PowerShell script (.ps1) after the MED-V workspace name.
 
-To create a MED-V workspace package in a language other than the default language of the MED-V Workspace Packager computer, generate a script in the default language by running the MED-V Workspace Packager and then modifying the output script as required for your locale. The script is located in the MED-V workspace output directory that was specified during packaging. The names of the locale settings are on the .WXL files in the following directory:
+To create a MED-V workspace package in a language other than the default language of the MED-V Workspace Packager computer, generate a script in the default language by running the MED-V Workspace Packager and then modifying the output script as required for your locale. The script is located in the MED-V workspace output directory that was specified during packaging. The names of the locale settings are on the .WXL files in the following directory:
 
 C:\\Program Files\\Microsoft Enterprise Desktop Virtualization\\WindowsPowerShell\\Modules\\Microsoft.Medv.Administration.Commands.WorkspacePackager\\locale
 
@@ -154,267 +159,283 @@ To create a MED-V workspace package, follow these steps:
     
     
 
-     
+
 
 3.  On the **Package Information** page, enter a name for the MED-V workspace and select a folder where the MED-V workspace package files are saved.
 
-    **Warning**  
+    **Warning**  
     You must name the MED-V workspace and specify a folder to continue.
 
-     
 
-    After you have finished, click **Next**.
 
-4.  On the **Select Windows XP Image** page, specify the location of your prepared MED-V Windows XP Virtual PC image (.vhd file).
+~~~
+After you have finished, click **Next**.
+~~~
 
-    **Warning**  
-    You must specify a Windows XP VHD image to continue.
+4. On the **Select Windows XP Image** page, specify the location of your prepared MED-V Windows XP Virtual PC image (.vhd file).
 
-     
+   **Warning**  
+   You must specify a Windows XP VHD image to continue.
 
-    After you have finished, click **Next**.
 
-5.  On the **First Time Setup** page, select whether you want first time setup to run while attended or unattended and whether you want the MED-V workspace used separately or used by all end users on a shared computer.
 
-    If you select **Unattended setup, without any notification**, the end user is not informed before first time setup is run and the virtual machine is not shown to the end user during first time setup. In addition, the **MED-V Messages** page of the wizard is hidden because no messages are required if first time setup runs in a completely unattended mode.
+~~~
+After you have finished, click **Next**.
+~~~
 
-    If you select **Unattended setup, but notify end users before first time setup begins**, the end user is informed before first time setup is run. However, the virtual machine is not shown to the end user during first time setup.
+5. On the **First Time Setup** page, select whether you want first time setup to run while attended or unattended and whether you want the MED-V workspace used separately or used by all end users on a shared computer.
 
-    Select **Attended setup** if the end user must enter information during first time setup.
+   If you select **Unattended setup, without any notification**, the end user is not informed before first time setup is run and the virtual machine is not shown to the end user during first time setup. In addition, the **MED-V Messages** page of the wizard is hidden because no messages are required if first time setup runs in a completely unattended mode.
 
-    The default behavior is **Unattended setup, but notify end users before first time setup begins**.
+   If you select **Unattended setup, but notify end users before first time setup begins**, the end user is informed before first time setup is run. However, the virtual machine is not shown to the end user during first time setup.
 
-    **Caution**  
-    If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, you must select **Attended setup** or problems might occur during first time setup.
+   Select **Attended setup** if the end user must enter information during first time setup.
 
-     
+   The default behavior is **Unattended setup, but notify end users before first time setup begins**.
 
-    You can also specify how a MED-V workspace is used on computers that are shared by multiple end users. You can decide that you want to create a unique MED-V workspace for each end user or that you want the MED-V workspace made available to all end users who share the computer. The default is that the MED-V workspace is unique for each end user.
+   **Caution**  
+   If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, you must select **Attended setup** or problems might occur during first time setup.
 
-    **Important**  
-    We recommend that you disable the fast user switching feature in Windows if you configure the MED-V workspace to be accessed by all users on a shared computer. Problems can occur if an end user logs on by using the fast user switching feature in Windows when another user is still logged on.
 
-     
 
-    **Tip**  
-    When you create a name mask for the MED-V workspace on the **Naming Computers** page, make sure that each virtual machine on a shared computer has a unique computer name.
+~~~
+You can also specify how a MED-V workspace is used on computers that are shared by multiple end users. You can decide that you want to create a unique MED-V workspace for each end user or that you want the MED-V workspace made available to all end users who share the computer. The default is that the MED-V workspace is unique for each end user.
 
-     
+**Important**  
+We recommend that you disable the fast user switching feature in Windows if you configure the MED-V workspace to be accessed by all users on a shared computer. Problems can occur if an end user logs on by using the fast user switching feature in Windows when another user is still logged on.
 
-    You can also specify whether the MED-V workspace is added to the Administrators group or administrator credentials are managed outside MED-V. By default, the MED-V workspace is not automatically added to the Administrators group.
 
-    After you have finished, click **Next**.
 
-6.  On the **MED-V Messages** page, specify the following messages that the end user sees during first time setup:
+**Tip**  
+When you create a name mask for the MED-V workspace on the **Naming Computers** page, make sure that each virtual machine on a shared computer has a unique computer name.
 
-    -   The message that the end user sees when first time setup starts.
 
-    -   The message that the end user sees if first time setup fails or an error occurs.
 
-    **Note**  
-    The **MED-V Messages** page of the wizard is hidden if you selected **Unattended setup, without any notification** on the **First Time Setup** page.
+You can also specify whether the MED-V workspace is added to the Administrators group or administrator credentials are managed outside MED-V. By default, the MED-V workspace is not automatically added to the Administrators group.
 
-     
+After you have finished, click **Next**.
+~~~
 
-    You can also specify an optional URL location for help information that is provided to the end user when first time setup is running.
+6. On the **MED-V Messages** page, specify the following messages that the end user sees during first time setup:
 
-    For example, the URL can point to an internal IT webpage with answers to questions such as "How long will this take and how will I know when it has completed?" or "What do you do if you get an error message?"
+   -   The message that the end user sees when first time setup starts.
 
-    **Note**  
-    If you specify a URL, a link is shown during first time setup that points the end user to this help information. If you do not specify a URL, no link is provided.
+   -   The message that the end user sees if first time setup fails or an error occurs.
 
-     
+   **Note**  
+   The **MED-V Messages** page of the wizard is hidden if you selected **Unattended setup, without any notification** on the **First Time Setup** page.
 
-    After you have finished, click **Next**.
 
-7.  On the **Naming Computers** page, you can specify whether computer naming is managed by MED-V or by a system management tool, such as Sysprep. The default is that computer naming is managed by a system management tool.
 
-    If you specify that computer naming is managed by MED-V, select a predefined computer naming convention (mask) from the drop-down list. A preview of a sample computer name appears that is based on the computer that you are using to build the MED-V workspace package.
+~~~
+You can also specify an optional URL location for help information that is provided to the end user when first time setup is running.
 
-    If you select one of the custom naming conventions, the fields you can specify are limited to the following characters:
+For example, the URL can point to an internal IT webpage with answers to questions such as "How long will this take and how will I know when it has completed?" or "What do you do if you get an error message?"
 
-    -   The prefix and suffix fields are limited to the characters A-Z, a-z, 0-9, and the special characters ! @ \# $ % ^ & ( ) - \_ ' { } . and ~.
+**Note**  
+If you specify a URL, a link is shown during first time setup that points the end user to this help information. If you do not specify a URL, no link is provided.
 
-    -   The hostname and username fields are limited to the digits 0 through 9.
 
-    **Important**  
-    Computer names must be unique and are limited to a maximum of 15 characters. When you decide on your computer naming method, consider end users who have multiple computers or that share a computer, and avoid using computer name masks that could cause a collision on the network.
 
-     
+After you have finished, click **Next**.
+~~~
 
-    **Caution**  
-    The computer name settings that you specify on this page override those specified in the Sysprep.inf answer file.
+7. On the **Naming Computers** page, you can specify whether computer naming is managed by MED-V or by a system management tool, such as Sysprep. The default is that computer naming is managed by a system management tool.
 
-     
+   If you specify that computer naming is managed by MED-V, select a predefined computer naming convention (mask) from the drop-down list. A preview of a sample computer name appears that is based on the computer that you are using to build the MED-V workspace package.
 
-    After you have finished, click **Next**.
+   If you select one of the custom naming conventions, the fields you can specify are limited to the following characters:
 
-8.  On the **Copy Settings from Host** page, you can select the following settings to specify how the MED-V workspace is configured:
+   -   The prefix and suffix fields are limited to the characters A-Z, a-z, 0-9, and the special characters ! @ \# $ % ^ & ( ) - \_ ' { } . and ~.
 
-    **Caution**  
-    The settings that you specify on this page that are copied from the host computer to the MED-V workspace override those specified in the Sysprep.inf answer file.
+   -   The hostname and username fields are limited to the digits 0 through 9.
 
-     
+   **Important**  
+   Computer names must be unique and are limited to a maximum of 15 characters. When you decide on your computer naming method, consider end users who have multiple computers or that share a computer, and avoid using computer name masks that could cause a collision on the network.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    Copy regional settings
    Select this check box to copy the regional settings from the host computer to the MED-V workspace.
    If you select this check box, the following settings are set in the Sysprep.inf file:
    
-    
    [RegionalSettings]
-    Language
-    SystemLocale
-    UserLocale
-    UserLocale_DefaultUser
-    InputLocale
-    InputLocale_DefaultUser
-    
    Copy user settings
    Select this check box to copy certain user settings, such as user name and company name, from the host to the MED-V workspace.
    If you select this check box, the following settings are set in the Sysprep.inf file:
    
-    
    [UserData]
-    OrgName
-    FullName
    
-    
    
-    Note  
-    
    Personal settings, such as Internet browsing history, are not copied over to the MED-V workspace.
    
-    
    
-    
    
-     
-    
    Copy domain name
    Select this check box to let the guest join the same domain as the host.
    
-    Important  
-    
    The MED-V guest must be configured to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host.
    
-    
    
-    
    
-     
-    
    Copy domain organizational unit
    Select this check box to copy the domain organizational unit from the host computer to the MED-V workspace. This check box is only enabled if you select to copy the domain name from the host computer.
    
 
-     
 
-    After you have finished, click **Next**.
+~~~
+**Caution**  
+The computer name settings that you specify on this page override those specified in the Sysprep.inf answer file.
 
-9.  On the **Startup and Networking** page, you can change the default behavior for the following settings:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    Start MED-V workspace
    Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.
    The MED-V workspace starts in one of two ways: either when the end user logs on or when they first start an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.
    
-    
    You can either define this setting for the end user or let the end user control how MED-V starts.
    
-    
    
-    Note  
-    
    If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change how MED-V starts.
    
-    
    
-    
    
-     
-    
    Networking
    Select Shared or Bridged for your networking setting. The default is Shared.
    Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
-    
    Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.
    Store credentials
    Choose whether you want to store the end user credentials.
    The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.
    
-    
    
-    Important  
-    
    Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.
    
-    
    The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. As a result, an attacker could write a program that retrieves the password and could gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end-user credentials.
    
-    
    
-    
    
-     
-    
    
 
-     
+After you have finished, click **Next**.
+~~~
 
-    After you have finished, click **Next**.
+8. On the **Copy Settings from Host** page, you can select the following settings to specify how the MED-V workspace is configured:
+
+   **Caution**  
+   The settings that you specify on this page that are copied from the host computer to the MED-V workspace override those specified in the Sysprep.inf answer file.
+
+
+
+~~~
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    



    Copy regional settings
    Select this check box to copy the regional settings from the host computer to the MED-V workspace.
    If you select this check box, the following settings are set in the Sysprep.inf file:
    
+
    [RegionalSettings]
+Language
+SystemLocale
+UserLocale
+UserLocale_DefaultUser
+InputLocale
+InputLocale_DefaultUser
+
    Copy user settings
    Select this check box to copy certain user settings, such as user name and company name, from the host to the MED-V workspace.
    If you select this check box, the following settings are set in the Sysprep.inf file:
    
+
    [UserData]
+OrgName
+FullName
    
+
    
+Note  
+
    Personal settings, such as Internet browsing history, are not copied over to the MED-V workspace.
    
+
    
+
    
+
+
    Copy domain name
    Select this check box to let the guest join the same domain as the host.
    
+Important  
+
    The MED-V guest must be configured to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host.
    
+
    
+
    
+
+
    Copy domain organizational unit
    Select this check box to copy the domain organizational unit from the host computer to the MED-V workspace. This check box is only enabled if you select to copy the domain name from the host computer.
    
+
+
+
+After you have finished, click **Next**.
+~~~
+
+9. On the **Startup and Networking** page, you can change the default behavior for the following settings:
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    Start MED-V workspace
    Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.
    The MED-V workspace starts in one of two ways: either when the end user logs on or when they first start an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.
    
+   
    You can either define this setting for the end user or let the end user control how MED-V starts.
    
+   
    
+   Note
    If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change how MED-V starts.
    
+   
    
+   
    
+
+   
    Networking
    Select Shared or Bridged for your networking setting. The default is Shared.
    Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
+   
    Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.
    Store credentials
    Choose whether you want to store the end user credentials.
    The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.
    
+   
    
+   Important
    Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.
    
+   
    The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. As a result, an attacker could write a program that retrieves the password and could gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end-user credentials.
    
+   
    
+   
    
+
+   
    
+
+
+
+~~~
+After you have finished, click **Next**.
+~~~
 
 10. On the **Web Redirection** page, you can enter, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace. For more information about how to configure your URL redirection information, see [Prerequisites](#bkmk-prereq).
 
-    You can also specify how Internet Explorer in the MED-V workspace is configured for end users. By default, the Internet zone security level is set to High. Also, certain default browsing capabilities, such as the address bar, are removed. This default configuration of Internet Explorer in the MED-V workspace provides a more secure browsing environment for end users.
+   You can also specify how Internet Explorer in the MED-V workspace is configured for end users. By default, the Internet zone security level is set to High. Also, certain default browsing capabilities, such as the address bar, are removed. This default configuration of Internet Explorer in the MED-V workspace provides a more secure browsing environment for end users.
 
-    **Caution**  
-    By changing the default settings, you can customize Internet Explorer in the MED-V workspace. However, realize that if you change the default settings so as to make them less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
+   **Caution**  
+   By changing the default settings, you can customize Internet Explorer in the MED-V workspace. However, realize that if you change the default settings so as to make them less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
 
-     
 
-    After you have finished, click **Next**.
+
+~~~
+After you have finished, click **Next**.
+~~~
 
 11. On the **Summary** page, you can review the packaging settings for this MED-V workspace. If you want to change any settings, click the **Previous** button to return to the relevant page. After you have finished reviewing the settings, click **Create**.
 
-    The **Completion** page of the **Create MED-V Workspace Package Wizard** opens to show the progress of the package creation.
+   The **Completion** page of the **Create MED-V Workspace Package Wizard** opens to show the progress of the package creation.
 
-    **Note**  
-    The MED-V workspace package creation process might take several minutes to complete, depending on the size of the VHD specified.
+   **Note**  
+   The MED-V workspace package creation process might take several minutes to complete, depending on the size of the VHD specified.
 
-     
 
-    If the MED-V workspace package is created successfully, the **Completion** page displays a list of the files that you created and their respective locations. The following is a list of the files that are created and their descriptions:
 
-    -   **setup.exe**—an installation program that you deploy and run on end-user computers to install the MED-V workspaces.
+~~~
+If the MED-V workspace package is created successfully, the **Completion** page displays a list of the files that you created and their respective locations. The following is a list of the files that are created and their descriptions:
 
-    -   **<*workspace\_name*>.msi**—an installer file that you deploy to the end-user computers. The setup.exe file will run this file to install the MED-V workspaces.
+-   **setup.exe**—an installation program that you deploy and run on end-user computers to install the MED-V workspaces.
 
-    -   **<*vhd\_name*>.medv**—a compressed VHD file that you deploy to the end-user computers. The setup.exe file uses it when it installs the MED-V workspaces.
+-   **<*workspace\_name*>.msi**—an installer file that you deploy to the end-user computers. The setup.exe file will run this file to install the MED-V workspaces.
 
-    -   **<*workspace\_name*>.reg**—the configuration settings that are installed when the setup.exe, <*workspace\_name*>.msi, and <*vhd\_name*>.medv files are deployed and setup.exe is run.
+-   **<*vhd\_name*>.medv**—a compressed VHD file that you deploy to the end-user computers. The setup.exe file uses it when it installs the MED-V workspaces.
 
-    -   **<*workspace\_name*>.ps1**—a Windows PowerShell script that you can use to rebuild the registry file and re-build the MED-V workspace package.
+-   **<*workspace\_name*>.reg**—the configuration settings that are installed when the setup.exe, <*workspace\_name*>.msi, and <*vhd\_name*>.medv files are deployed and setup.exe is run.
 
-        **Important**  
-        Before deployment, you can edit configuration settings by updating the .ps1 file that has your preferred method of script editing, such as Windows PowerShell. After you change the .ps1 file, use that file to rebuild the MED-V workspace package that you deploy to your enterprise. For more information, see [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md).
+-   **<*workspace\_name*>.ps1**—a Windows PowerShell script that you can use to rebuild the registry file and re-build the MED-V workspace package.
+
+    **Important**  
+    Before deployment, you can edit configuration settings by updating the .ps1 file that has your preferred method of script editing, such as Windows PowerShell. After you change the .ps1 file, use that file to rebuild the MED-V workspace package that you deploy to your enterprise. For more information, see [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md).
+
+    However, after the MED-V workspace is deployed, you must edit configuration settings through the registry. For a list and description of the configuration settings, see [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md).
+~~~
 
-        However, after the MED-V workspace is deployed, you must edit configuration settings through the registry. For a list and description of the configuration settings, see [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md).
 
-         
 
 12. Click **Close** to close the packaging wizard and return to the **MED-V Workspace Packager**.
 
@@ -429,9 +450,9 @@ Your MED-V workspace package is now ready for testing before deployment.
 
 [Prepare a MED-V Image](prepare-a-med-v-image.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
index 8391d56dfa..b3ff8ab2d9 100644
--- a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Creating a Windows Virtual PC Image for MED-V
 description: Creating a Windows Virtual PC Image for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: fd7c0b1a-0769-4e7b-ad1a-dad19cca081f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ Alternately, if you already have a Windows Imaging (WIM) file that you want to u
 **Important**  
 MED-V only supports one virtual hard disk per virtual machine and only one partition on each virtual disk.
 
- 
+ 
 
 After you have created your virtual hard disk, install Windows XP on the image.
 
@@ -66,12 +69,12 @@ After you have installed Windows XP on your virtual machine, install any require
 **Important**  
 MED-V requires that Windows XP SP3 be running on the guest operating system.
 
- 
+ 
 
 **Warning**  
 When you install updates to Windows XP, make sure that you remain on the version of Internet Explorer in the guest that you intend to use in the MED-V workspace. For example, if you intend to run Internet Explorer 6 in the MED-V workspace, make sure that any updates that you install now do not include Internet Explorer 7 or Internet Explorer 8. In addition, we recommend that you configure the registry to prevent automatic updates from upgrading Internet Explorer.
 
- 
+ 
 
 ### Installing an Optional Performance Update
 
@@ -80,7 +83,7 @@ Although it is optional, we recommend that you install the following update for
 **Note**  
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
- 
+ 
 
 ### Configuring a Group Policy Performance Update
 
@@ -102,7 +105,7 @@ Windows Virtual PC includes the Integration Components package. This provides fe
 **Important**  
 MED-V requires the installation of the Integration Components package.
 
- 
+ 
 
 When you configure the virtual image to work with MED-V, you must manually install the Integration Components package on the guest operating system to make the integration features that are available.
 
@@ -119,7 +122,7 @@ After you install the Integration Components package, you are prompted to instal
 **Important**  
 If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](https://go.microsoft.com/fwlink/?LinkId=195925) (https://go.microsoft.com/fwlink/?LinkId=195925).
 
- 
+ 
 
 ### Enabling Remote Desktop
 
@@ -135,7 +138,7 @@ If you want, you can use the Internet Explorer Administration Kit to customize I
 **Warning**  
 You should consider security concerns associated with customizing Internet Explorer in the MED-V workspace. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
 
- 
+ 
 
 After your virtual hard disk is installed with an up-to-date guest operating system, you can install applications on the image.
 
@@ -146,9 +149,9 @@ After your virtual hard disk is installed with an up-to-date guest operating sys
 
 [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/define-and-plan-your-med-v-deployment.md b/mdop/medv-v2/define-and-plan-your-med-v-deployment.md
index 6272729d12..0b0e1a18e9 100644
--- a/mdop/medv-v2/define-and-plan-your-med-v-deployment.md
+++ b/mdop/medv-v2/define-and-plan-your-med-v-deployment.md
@@ -1,8 +1,11 @@
 ---
 title: Define and Plan your MED-V Deployment
 description: Define and Plan your MED-V Deployment
-author: jamiejdt
+author: levinec
 ms.assetid: a90945cc-dc37-4548-963d-e0c6f8ba0467
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/deploy-the-med-v-components.md b/mdop/medv-v2/deploy-the-med-v-components.md
index 2c4332e6bb..607d552f9d 100644
--- a/mdop/medv-v2/deploy-the-med-v-components.md
+++ b/mdop/medv-v2/deploy-the-med-v-components.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy the MED-V Components
 description: Deploy the MED-V Components
-author: jamiejdt
+author: levinec
 ms.assetid: fc2c5ef2-9c71-412a-8f6c-93df248f77d6
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/deploying-the-med-v-workspace-package.md b/mdop/medv-v2/deploying-the-med-v-workspace-package.md
index 5a34de0d1c..5296ed863d 100644
--- a/mdop/medv-v2/deploying-the-med-v-workspace-package.md
+++ b/mdop/medv-v2/deploying-the-med-v-workspace-package.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the MED-V Workspace Package
 description: Deploying the MED-V Workspace Package
-author: jamiejdt
+author: levinec
 ms.assetid: f314425a-d60f-4b8d-b71f-d13d1da9297f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,12 +22,12 @@ After you have tested your Microsoft Enterprise Desktop Virtualization (MED-V) 2
 **Note**  
 When you are ready to deploy, we recommend that you install the MED-V workspace by running the setup.exe executable program that is included in your MED-V workspace installer package.
 
- 
+ 
 
 **Warning**  
 Before you can install the MED-V workspace, you must first install the MED-V Host Agent.
 
- 
+ 
 
 ## In This Section
 
@@ -38,9 +41,9 @@ Provides information about how to deploy a MED-V workspace in a Windows 7 image.
 [How to Deploy a MED-V Workspace Manually](how-to-deploy-a-med-v-workspace-manually.md)  
 Provides information about how to manually deploy a MED-V workspace.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/deployment-of-med-v.md b/mdop/medv-v2/deployment-of-med-v.md
index aae2559a01..9bd5ad5ee3 100644
--- a/mdop/medv-v2/deployment-of-med-v.md
+++ b/mdop/medv-v2/deployment-of-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Deployment of MED-V
 description: Deployment of MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 52ea8ae4-ec2e-4cb8-ab38-e6400f47d3ba
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/deployment-troubleshooting.md b/mdop/medv-v2/deployment-troubleshooting.md
index d8e85a140e..3556aa5667 100644
--- a/mdop/medv-v2/deployment-troubleshooting.md
+++ b/mdop/medv-v2/deployment-troubleshooting.md
@@ -1,8 +1,11 @@
 ---
 title: Deployment Troubleshooting
 description: Deployment Troubleshooting
-author: jamiejdt
+author: levinec
 ms.assetid: 9ee980f2-4e77-4020-9f0e-8c2ffdc390ad
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md b/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md
index 9fd845f807..f8f174a569 100644
--- a/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md
+++ b/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Detecting Network Changes that Affect MED-V
 description: Detecting Network Changes that Affect MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: fd29b95a-cda2-464d-b86d-50b6bd64b4ca
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ The feature includes a component running in the guest operating system that is n
 **Note**  
 This feature is only available if the virtual machine is configured for network address translation (NAT) mode. If the virtual machine is configured for BRIDGED mode, no change indications are generated.
 
- 
+ 
 
 This section provides information and instruction to assist you in monitoring those network changes that can affect MED-V.
 
@@ -30,37 +33,37 @@ This section provides information and instruction to assist you in monitoring th
 
 After you have deployed your MED-V workspaces, you can monitor changes to certain network configurations by preforming the following tasks:
 
-1.  Create a Managed Object Format (MOF) file that will look for the network configuration changes that you want to monitor. The following code shows an example of the MOF file that you can create.
+1. Create a Managed Object Format (MOF) file that will look for the network configuration changes that you want to monitor. The following code shows an example of the MOF file that you can create.
 
-    ``` syntax
-#pragma namespace ("\\\\.\\root\\ccm\\NetworkConfig")
+   ``` syntax
+   #pragma namespace ("\\\\.\\root\\ccm\\NetworkConfig")
 
-    class CCM_IPConfig
-    {
-        [NotNull: ToInstance ToSubClass] uint32 AddressFamily; // AF_INET, AF_INET6
-        [Key, NotNull: ToInstance ToSubClass] string IPAddress; // IPv4 or IPv6 address
-        [NotNull: ToInstance ToSubClass] string SubnetMask; // IPv4 subnet mask
-    };
+   class CCM_IPConfig
+   {
+       [NotNull: ToInstance ToSubClass] uint32 AddressFamily; // AF_INET, AF_INET6
+       [Key, NotNull: ToInstance ToSubClass] string IPAddress; // IPv4 or IPv6 address
+       [NotNull: ToInstance ToSubClass] string SubnetMask; // IPv4 subnet mask
+   };
 
-    class CCM_NetworkAdapter
-    {
-        [Key, NotNull: ToInstance ToSubClass] string Name;
-        [NotNull: ToInstance ToSubClass] uint32 DHCPEnabled = 0; 
-        [NotNull: ToInstance ToSubClass] uint32 Quarantined = 0; // To check if it is quarantined.
-        CCM_IPConfig IPConfigInfo[];
-    };
+   class CCM_NetworkAdapter
+   {
+       [Key, NotNull: ToInstance ToSubClass] string Name;
+       [NotNull: ToInstance ToSubClass] uint32 DHCPEnabled = 0; 
+       [NotNull: ToInstance ToSubClass] uint32 Quarantined = 0; // To check if it is quarantined.
+       CCM_IPConfig IPConfigInfo[];
+   };
 
-    [singleton]
-    class CCM_NetworkAdapters
-    {
-        [NotNull: ToInstance ToSubClass] String ProviderName; // MED-V or other provider
-        CCM_NetworkAdapter AdaptersInfo[];
-    };
-    ```
+   [singleton]
+   class CCM_NetworkAdapters
+   {
+       [NotNull: ToInstance ToSubClass] String ProviderName; // MED-V or other provider
+       CCM_NetworkAdapter AdaptersInfo[];
+   };
+   ```
 
-2.  Compile the MOF file.
+2. Compile the MOF file.
 
-3.  Install the MOF file in the guest.
+3. Install the MOF file in the guest.
 
 After you have installed the MOF file, you can create an event subscription that subscribes to Windows Management Instrumentation (WMI) creation, modification, or deletion events for the **CCM\_NetworkAdapters** class. This detects the following changes to the host:
 
@@ -83,9 +86,9 @@ The event subscription you created provides notification through the WMI system
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
index 6fa769886c..84034b795d 100644
--- a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
+++ b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
@@ -1,8 +1,11 @@
 ---
 title: Determining How MED-V Will Be Deployed
 description: Determining How MED-V Will Be Deployed
-author: jamiejdt
+author: levinec
 ms.assetid: addbfef6-799e-4fe7-87d2-7e096a5ef5a5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,7 +29,7 @@ If you are currently using an electronic software distribution solution, you can
 **Note**  
 Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
- 
+ 
 
 You might prefer to install MED-V in a Windows 7 image. Then, after you deploy the Windows 7 images throughout your enterprise, MED-V is ready to be installed when an end user needs it. For more information, see [How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md).
 
@@ -37,9 +40,9 @@ You might prefer to install MED-V in a Windows 7 image. Then, after you deploy t
 
 [Planning for MED-V](planning-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md
index 6321ebeed6..1b2a195147 100644
--- a/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md
+++ b/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: End-to-End Deployment Scenario for MED-V 2.0
 description: End-to-End Deployment Scenario for MED-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: 91bb5a9a-5fb1-4743-8494-9d4dee2ec222
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
index 7cdeebc5d7..508bff53d9 100644
--- a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
+++ b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: End-to-End Operations Scenario for MED-V 2.0
 description: End-to-End Operations Scenario for MED-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: 1d87f5f3-9fc5-4731-8bd1-c155714f34ee
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md
index 92d0dbc4e4..fb7cb8a0c5 100644
--- a/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md
+++ b/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: End-to-End Planning Scenario for MED-V 2.0
 description: End-to-End Planning Scenario for MED-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: e7833883-be93-4b42-9fa3-5c4d9a919058
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/example-med-v-checklists.md b/mdop/medv-v2/example-med-v-checklists.md
index 6645ee8f25..9f0a743c5f 100644
--- a/mdop/medv-v2/example-med-v-checklists.md
+++ b/mdop/medv-v2/example-med-v-checklists.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V Checklists
 description: Example MED-V Checklists
-author: jamiejdt
+author: levinec
 ms.assetid: cf9c33e8-1b7a-4306-92f6-edbb70ab23b5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/example-med-v-environment-planning-checklist.md b/mdop/medv-v2/example-med-v-environment-planning-checklist.md
index f1bfb8ff0e..4a91991ac1 100644
--- a/mdop/medv-v2/example-med-v-environment-planning-checklist.md
+++ b/mdop/medv-v2/example-med-v-environment-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V Environment Planning Checklist
 description: Example MED-V Environment Planning Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: 877d1660-abef-4e81-ab3a-a8a3ec181d26
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,28 +33,28 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
    Review the components of a MED-V deployment.
    
-
    [High-Level Architecture](high-level-architecturemedv2.md)
    
+
    High-Level Architecture
    
 
 
 
    Ensure that your computing environment meets the supported configurations required for installing MED-V 2.0.
    
-
    [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md)
    
+
    MED-V 2.0 Supported Configurations
    
 
 
 
    Determine how you want to design your MED-V deployment.
    
-
    [Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md)
    
+
    Define and Plan your MED-V Deployment
    
 
 
 
    Review the list of best practices for ensuring that your MED-V deployment environment is more secure.
    
-
    [Security and Protection for MED-V](security-and-protection-for-med-v.md)
    
+
    Security and Protection for MED-V
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/example-med-v-image-preparation-checklist.md b/mdop/medv-v2/example-med-v-image-preparation-checklist.md
index 5961cab9d1..d1ddce73d0 100644
--- a/mdop/medv-v2/example-med-v-image-preparation-checklist.md
+++ b/mdop/medv-v2/example-med-v-image-preparation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V Image Preparation Checklist
 description: Example MED-V Image Preparation Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: d69f252f-624b-439e-814b-b68cdaf7d582
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,24 +33,24 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
    Create a virtual machine that is running Windows XP SP3 with updates and additions.
    
-
    [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md)
    
+
    Creating a Windows Virtual PC Image for MED-V
    
 
 
 
    Install any predeployment software that you want on the MED-V image.
    
-
    [Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md)
    
+
    Installing Applications on a Windows Virtual PC Image
    
 
 
 
    Package the MED-V image by using Sysprep.
    
-
    [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md)
    
+
    Configuring a Windows Virtual PC Image for MED-V
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/example-med-v-project-planning-checklist.md b/mdop/medv-v2/example-med-v-project-planning-checklist.md
index 19d9ef8df5..b0a5d1d39b 100644
--- a/mdop/medv-v2/example-med-v-project-planning-checklist.md
+++ b/mdop/medv-v2/example-med-v-project-planning-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V Project Planning Checklist
 description: Example MED-V Project Planning Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: 2b599bcb-1808-43ba-a689-1642bda24511
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,28 +33,28 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
    Determine how you can use MED-V to help solve your application compatibility issues.
    
-
    [Planning for Application Operating System Compatibility](planning-for-application-operating-system-compatibility.md)
    
+
    Planning for Application Operating System Compatibility
    
 
 
 
    Plan an end-to-end deployment scenario for your organization.
    
-
    [End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md)
    
+
    End-to-End Planning Scenario for MED-V 2.0
    
 
 
 
    Define the project scope by defining the end users and determining the MED-V images to be managed.
    
-
    [Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md)
    
+
    Define and Plan your MED-V Deployment
    
 
 
 
    Review the list of best practices for ensuring that your MED-V deployment is more secure.
    
-
    [Security and Protection for MED-V](security-and-protection-for-med-v.md)
    
+
    Security and Protection for MED-V
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/example-med-v-system-installation-checklist.md b/mdop/medv-v2/example-med-v-system-installation-checklist.md
index 870408a449..de3ca2a590 100644
--- a/mdop/medv-v2/example-med-v-system-installation-checklist.md
+++ b/mdop/medv-v2/example-med-v-system-installation-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V System Installation Checklist
 description: Example MED-V System Installation Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: 9e5673ba-dee4-4680-9c57-a149beab14d3
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,28 +33,28 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
    Ensure that your computing environment meets the supported configurations that are required for installing MED-V 2.0.
    
-
    [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md)
    
+
    MED-V 2.0 Supported Configurations
    
 
 
 
    Plan and design the MED-V deployment.
    
-
    [Planning for MED-V](planning-for-med-v.md)
    
+
    Planning for MED-V
    
 
 
 
    Verify that the required installation prerequisites are configured.
    
-
    [Configure Installation Prerequisites](configure-installation-prerequisites.md)
    
+
    Configure Installation Prerequisites
    
 
 
 
    Install the MED-V Host Agent and MED-V Workspace Packager.
    
-
    [Deploy the MED-V Components](deploy-the-med-v-components.md)
    
+
    Deploy the MED-V Components
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md b/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md
index b2bf7516d2..f86a94139f 100644
--- a/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md
+++ b/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: Example MED-V Workspace Deployment Checklist
 description: Example MED-V Workspace Deployment Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: d8857883-9b2d-40ac-9136-59e4e20e02fe
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,28 +33,28 @@ The following checklist provides a high-level list of items to consider and outl
 
 
 
    Prepare the MED-V image for deployment.
    
-
    [Prepare a MED-V Image](prepare-a-med-v-image.md)
    
+
    Prepare a MED-V Image
    
 
 
 
    Create the MED-V workspace deployment package.
    
-
    [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md)
    
+
    Create a MED-V Workspace Package
    
 
 
 
    Test the MED-V workspace installer package.
    
-
    [Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md)
    
+
    Testing the MED-V Workspace Package
    
 
 
 
    Deploy the MED-V workspace installer package.
    
-
    [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md)
    
+
    Deploying the MED-V Workspace Package
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/getting-started-with-med-vmedv2.md b/mdop/medv-v2/getting-started-with-med-vmedv2.md
index 9803b0802d..de6c48b1d5 100644
--- a/mdop/medv-v2/getting-started-with-med-vmedv2.md
+++ b/mdop/medv-v2/getting-started-with-med-vmedv2.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started with MED-V
 description: Getting Started with MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 283734d7-231c-45b6-92c9-c95a46ec3628
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/high-level-architecturemedv2.md b/mdop/medv-v2/high-level-architecturemedv2.md
index 1e02ee8f46..a5adeabb7e 100644
--- a/mdop/medv-v2/high-level-architecturemedv2.md
+++ b/mdop/medv-v2/high-level-architecturemedv2.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture
 description: High-Level Architecture
-author: jamiejdt
+author: levinec
 ms.assetid: a00edb9f-207b-4f32-9e8f-522ea2739d2f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,7 +33,7 @@ The MED-V software contained in the MED-V host that provides a channel to commun
 **Note**  
 After MED-V and its required components are installed MED-V must be configured. The configuration of MED-V is referred to as first time setup.
 
- 
+ 
 
 **ESD System**  
 Your existing software distribution method that lets you deploy and install the MED-V workspace package files that MED-V creates.
@@ -56,7 +59,7 @@ The MED-V software contained in the MED-V guest that provides a channel to commu
 **Note**  
 The MED-V Guest Agent is installed automatically during first time setup.
 
- 
+ 
 
 **ESD Client**  
 An optional part of your ESD system that installs software packages and reports status to the ESD system.
@@ -68,9 +71,9 @@ An optional part of your ESD system that installs software packages and reports
 
 [Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
index 850932f07c..0821577e21 100644
--- a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
+++ b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace
 description: How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace
-author: jamiejdt
+author: levinec
 ms.assetid: bf55848d-bf77-452e-aaa5-4dd4868ff5bd
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,7 +46,7 @@ You can add and remove URL redirection information by performing one of the foll
 **Note**  
 This method of editing URL redirection information is a MED-V best practice.
 
- 
+ 
 
 **To rebuild the MED-V workspace by using an updated URL text file**
 
@@ -52,7 +55,7 @@ This method of editing URL redirection information is a MED-V best practice.
     **Important**  
     We do not recommend this method of editing URL redirection information. In addition, any time that you redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved in the virtual machine is lost.
 
-     
+     
 
 ## Related topics
 
@@ -63,9 +66,9 @@ This method of editing URL redirection information is a MED-V best practice.
 
 [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-create-a-test-environment.md b/mdop/medv-v2/how-to-create-a-test-environment.md
index 8fd869f624..18068b07ed 100644
--- a/mdop/medv-v2/how-to-create-a-test-environment.md
+++ b/mdop/medv-v2/how-to-create-a-test-environment.md
@@ -1,8 +1,11 @@
 ---
 title: How to Create a Test Environment
 description: How to Create a Test Environment
-author: jamiejdt
+author: levinec
 ms.assetid: a0db2299-16f3-4516-8769-7d55ca4a1e98
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ The following are some steps and instructions to help you create a test environm
         **Important**  
         The VHD and Setup executable program must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe.
 
-         
+         
 
 2.  After all of the components are installed on the test computer, run the MED-V Host Agent to start first time setup.
 
@@ -40,7 +43,7 @@ The following are some steps and instructions to help you create a test environm
     **Note**  
     If you cannot physically run the MED-V Host Agent on the test computer, first time setup starts automatically the next time that the computer restarts.
 
-     
+     
 
 First time setup starts and can take ten minutes or more to finish.
 
@@ -55,7 +58,7 @@ For information about testing your configuration settings when first time setup
     **Important**  
     The VHD and Setup executable program must be in the same folder on your test environment as the MED-V workspace installer.
 
-     
+     
 
 3.  Install the MED-V workspace by running setup.exe.
 
@@ -70,7 +73,7 @@ You are now ready to test the different settings for configuration, application
 **Note**  
 By default, MED-V overrides the screen lock policy in the guest. However, this does not pose a security problem because the host computer still honors the screen lock policy.
 
- 
+ 
 
 ## Related topics
 
@@ -81,9 +84,9 @@ By default, MED-V overrides the screen lock policy in the guest. However, this d
 
 [How to Test URL Redirection](how-to-test-url-redirection.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
index 7d2e636805..550099841d 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy a MED-V Workspace in a Windows 7 Image
 description: How to Deploy a MED-V Workspace in a Windows 7 Image
-author: jamiejdt
+author: levinec
 ms.assetid: a83aba4e-8681-4906-9872-f431c0bb15f9
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,14 +32,14 @@ The following section provides information and instructions to help you deploy t
     **Warning**  
     Internet Explorer must be closed before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.
 
-     
+     
 
 4.  Copy the MED-V workspace package files to the Windows 7 image. The MED-V workspace package files are the MED-V workspace installer, .medv file, and setup.exe file that you created by using the **MED-V Workspace Packager**.
 
     **Important**  
     The .medv and setup.exe file must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace by running setup.exe.
 
-     
+     
 
 5.  Configure a shortcut on the **Start** menu to open the MED-V workspace package installation.
 
@@ -53,9 +56,9 @@ When the end user has to access an application published in the MED-V workspace,
 
 [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md
index 1b46dd19ba..da44b5f136 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy a MED-V Workspace Manually
 description: How to Deploy a MED-V Workspace Manually
-author: jamiejdt
+author: levinec
 ms.assetid: 94bfb209-2230-49b6-bb40-9c6ab088dbf4
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,38 +31,42 @@ This section provides instruction about how to manually deploy a MED-V workspace
 
     -   **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file).
 
-        **Warning**  
+        **Warning**  
         Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.
 
-         
 
-    -   **MED-V Workspace Installer, VHD, and Setup Executable** – created with the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-        **Important**  
-        The compressed VHD file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer.
+~~~
+-   **MED-V Workspace Installer, VHD, and Setup Executable** – created with the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-         
+    **Important**  
+    The compressed VHD file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer.
+~~~
 
-2.  Install the following in the order listed. The end user can perform this task manually or you can create a script to install the following:
 
-    -   Windows Virtual PC and the Windows Virtual PC additions and updates. A computer restart is required.
 
-    -   The MED-V Host Agent.
+2. Install the following in the order listed. The end user can perform this task manually or you can create a script to install the following:
 
-        **Note**  
-        If it is running, Internet Explorer must be restarted before the installation of the MED-V Host Agent can finish.
+   -   Windows Virtual PC and the Windows Virtual PC additions and updates. A computer restart is required.
 
-         
+   -   The MED-V Host Agent.
 
-    -   The MED-V workspace package.
+       **Note**  
+       If it is running, Internet Explorer must be restarted before the installation of the MED-V Host Agent can finish.
 
-        Install the MED-V workspace by running the setup.exe program that is included in the MED-V workspace package files.
 
-3.  Complete first time setup.
 
-    After the MED-V workspace is installed, you have the option of starting MED-V. This starts the MED-V Host Agent. You can either start MED-V at that time, or start the MED-V Host Agent later to complete first time setup.
+~~~
+-   The MED-V workspace package.
 
-    To start the MED-V Host Agent, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**.
+    Install the MED-V workspace by running the setup.exe program that is included in the MED-V workspace package files.
+~~~
+
+3. Complete first time setup.
+
+   After the MED-V workspace is installed, you have the option of starting MED-V. This starts the MED-V Host Agent. You can either start MED-V at that time, or start the MED-V Host Agent later to complete first time setup.
+
+   To start the MED-V Host Agent, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**.
 
 ## Related topics
 
@@ -70,9 +77,9 @@ This section provides instruction about how to manually deploy a MED-V workspace
 
 [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
index 5c2ea74bbd..7d9e7b0536 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy a MED-V Workspace Through an Electronic Software Distribution System
 description: How to Deploy a MED-V Workspace Through an Electronic Software Distribution System
-author: jamiejdt
+author: levinec
 ms.assetid: b5134c35-e1de-470c-93f8-ead6218d9dce
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,19 +19,19 @@ ms.date: 08/30/2016
 
 An electronic software distribution system is designed to efficiently move software to many different computers over slow or fast network connections. The following section provides information and instructions to help you deploy your MED-V workspace throughout your enterprise by using a software distribution system.
 
-**Note**  
+**Note**  
 Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
- 
 
-**Important**  
+
+**Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
 The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
- 
+
 
 You can also deploy the MED-V components together by using a batch file, but this requires a restart after the installation of Windows Virtual PC. To bypass this requirement, you can specify a single restart after all of the components are installed. The single restart also automatically starts MED-V because the MED-V workspace installation places an entry in the RUNKEY.
 
@@ -44,48 +47,50 @@ You can also deploy the MED-V components together by using a batch file, but thi
 
     3.  **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md).
 
-        **Warning**  
+        **Warning**  
         Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.
 
-         
+
 
     4.  **MED-V Workspace Installer, VHD, and Setup Executable** – created in the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-        **Important**  
+        **Important**  
         The compressed virtual hard disk file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe.
 
-         
 
-        **Tip**  
-        Because problems can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.
 
-         
+~~~
+    **Tip**  
+    Because problems can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.
+~~~
 
-3.  Configure the packages to run in silent mode (no user interaction is required).
 
-    Running in silent mode eliminates the prompt to close Internet Explorer if it is running and the prompt to start the MED-V Host Agent. Both actions are performed when the computer is restarted.
 
-    **Note**  
-    Installation of Windows Virtual PC requires you to restart the computer. You can create a single installation process and install all the components at the same time if you suppress the restart and ignore the prerequisites necessary for MED-V to install. You can also do this by using command-line arguments. For an example of these arguments, see [How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md#bkmk-batch). MED-V automatically starts when the computer is restarted.
+3. Configure the packages to run in silent mode (no user interaction is required).
 
-     
+   Running in silent mode eliminates the prompt to close Internet Explorer if it is running and the prompt to start the MED-V Host Agent. Both actions are performed when the computer is restarted.
 
-4.  Install MED-V and its components before installing Windows Virtual PC. See the example batch file later in this topic.
+   **Note**  
+   Installation of Windows Virtual PC requires you to restart the computer. You can create a single installation process and install all the components at the same time if you suppress the restart and ignore the prerequisites necessary for MED-V to install. You can also do this by using command-line arguments. For an example of these arguments, see [How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md#bkmk-batch). MED-V automatically starts when the computer is restarted.
 
-    **Important**  
-    Select the **IGNORE\_PREREQUISITES** option as shown in the example batch file so that the MED-V components can be installed prior to the required VPC components. Install the MED-V components in this order to allow for the single restart.
 
-     
 
-5.  Identify any other requirements necessary for the installation and for your software distribution system, such as target platforms and the free disk space.
+4. Install MED-V and its components before installing Windows Virtual PC. See the example batch file later in this topic.
 
-6.  Assign the packages to the target set of computers/users.
+   **Important**  
+   Select the **IGNORE\_PREREQUISITES** option as shown in the example batch file so that the MED-V components can be installed prior to the required VPC components. Install the MED-V components in this order to allow for the single restart.
 
-    As computers are running, the software distribution system client recognizes that new packages are available and begins to install the packages per the definition and requirements. The installations should run sequentially in silent. We recommend that this is performed as a single process that does not require a restart until all the packages are installed.
 
-7.  After the installations are complete, restart the updated computers.
 
-    Depending on the software distribution system, you can schedule a restart of the computer or the end users can restart the computers manually during their regular work. After the computer is restarted, MED-V automatically starts after an end user logs on. When MED-V starts for the first time, it runs first time setup.
+5. Identify any other requirements necessary for the installation and for your software distribution system, such as target platforms and the free disk space.
+
+6. Assign the packages to the target set of computers/users.
+
+   As computers are running, the software distribution system client recognizes that new packages are available and begins to install the packages per the definition and requirements. The installations should run sequentially in silent. We recommend that this is performed as a single process that does not require a restart until all the packages are installed.
+
+7. After the installations are complete, restart the updated computers.
+
+   Depending on the software distribution system, you can schedule a restart of the computer or the end users can restart the computers manually during their regular work. After the computer is restarted, MED-V automatically starts after an end user logs on. When MED-V starts for the first time, it runs first time setup.
 
 First time setup starts and might take several minutes to finish, depending on the size of the virtual hard disk that you specified and the number of policies applied to the MED-V workspace on startup. The end user can track the progress by watching the MED-V icon in the notification area. For more information about first time setup, see [MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md).
 
@@ -131,11 +136,10 @@ The following example, with the specified arguments, shows how to install 64-bit
 
    IGNORE_PREREQUISITES
    
 
    Installs without checking for Windows Virtual PC.
    
 
    
-Note  
-
    Only specify this argument if you are installing Windows Virtual PC as part of this installation.
    
+Note
    Only specify this argument if you are installing Windows Virtual PC as part of this installation.
    
 
    
 
    
- 
+
 
    
 
 
@@ -145,7 +149,7 @@ The following example, with the specified arguments, shows how to install 64-bit
 
 
 
- 
+
 
 ## Example
 
@@ -175,9 +179,9 @@ wusa.exe Windows6.1-KB977206-x64.msu /norestart /quiet
 
 [How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
index 71a5503c00..9271b1face 100644
--- a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
@@ -1,8 +1,11 @@
 ---
 title: How to Deploy the MED-V Components Through an Electronic Software Distribution System
 description: How to Deploy the MED-V Components Through an Electronic Software Distribution System
-author: jamiejdt
+author: levinec
 ms.assetid: 8a800bdf-6fa4-47b4-b417-df053289d4e8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,24 +19,24 @@ ms.date: 11/01/2016
 
 An electronic software distribution system can help you efficiently move software to many computers over slow or fast network connections. The following section provides information and instructions to help you deploy the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components throughout your enterprise by using a software distribution system.
 
-**Note**  
+**Note**  
 Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
- 
 
-**Important**  
+
+**Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
 The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
- 
 
-**Note**  
+
+**Note**  
 You must install the MED-V workspace packager and build your MED-V workspaces before you can deploy the MED-V components through your software distribution system. For more information about how to prepare an image and to build your MED-V workspaces, see [Operations for MED-V](operations-for-med-v.md).
 
- 
+
 
 **To deploy the MED-V components by using a software distribution system**
 
@@ -47,27 +50,27 @@ You must install the MED-V workspace packager and build your MED-V workspaces be
 
     3.  **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md).
 
-        **Warning**  
-        Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.   
+        **Warning**  
+        Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.   
 
     4.  **MED-V Workspace Installer, VHD, and Setup Executable** – created in the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-        **Important**  
+        **Important**  
         The compressed virtual hard disk file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe.
 
-        **Tip**  
-        Because problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.       
+        **Tip**  
+        Because problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.       
 
 3.  Configure the packages to run in silent mode (no user interaction is required).
 
     Running in silent mode eliminates the prompt to close Internet Explorer if it is running and the prompt to start the MED-V Host Agent. Both actions are performed when the computer is restarted.
 
-    **Note**  
+    **Note**  
     Installation of Windows Virtual PC requires you to restart the computer. You can create a single installation process and install all the components at the same time if you suppress the restart and ignore the prerequisites necessary for MED-V to install. You can also do this by using command-line arguments. For an example of these arguments, see [To install the MED-V components by using a batch file](#bkmk-batch). MED-V automatically starts when the computer is restarted.
 
 4.  Install MED-V and its components before installing Windows Virtual PC. See the example batch file later in this topic.
 
-    **Important**  
+    **Important**  
     Select the **IGNORE\_PREREQUISITES** option as shown in the example batch file so that the MED-V components can be installed prior to the required VPC components. Install the MED-V components in this order to allow for the single restart.
 
 5.  Identify any other requirements necessary for the installation and for your software distribution system, such as target platforms and the free disk space.
@@ -124,11 +127,10 @@ The following example, with the specified arguments, shows how to install 64-bit
 
    IGNORE_PREREQUISITES
    
 
    Installs without checking for Windows Virtual PC.
    
 
    
-Note  
-
    Only specify this argument if you are installing Windows Virtual PC as part of this installation.
    
+Note
    Only specify this argument if you are installing Windows Virtual PC as part of this installation.
    
 
    
 
    
- 
+
 
    
 
 
@@ -138,7 +140,7 @@ The following example, with the specified arguments, shows how to install 64-bit
 
 
 
- 
+
 
 ## Example
 
@@ -168,9 +170,9 @@ wusa.exe Windows6.1-KB977206-x64.msu /norestart /quiet
 
 [Deploy the MED-V Components](deploy-the-med-v-components.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md
index 933a0d5877..581db9047a 100644
--- a/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md
@@ -1,8 +1,11 @@
 ---
 title: How to Install the MED-V Workspace Packager
 description: How to Install the MED-V Workspace Packager
-author: jamiejdt
+author: levinec
 ms.assetid: 627478e9-6798-4b32-9a50-7a1b72bea295
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 includes a **MED-V Works
 **Important**  
 Before you start to run the wizards, make sure that you have a prepared VHD ready to install. For more information, see [Prepare a MED-V Image](prepare-a-med-v-image.md).
 
- 
+ 
 
 This section provides step-by-step instructions for installing or repairing the **MED-V Workspace Packager**.
 
@@ -66,9 +69,9 @@ If the packager does not open as expected, you can try to repair the installatio
 
 [How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
index 5d0be4b470..b933cc1510 100644
--- a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manage URL Redirection by Using the MED-V Workspace Packager
 description: How to Manage URL Redirection by Using the MED-V Workspace Packager
-author: jamiejdt
+author: levinec
 ms.assetid: 1a8d25af-479f-42d3-bf5f-c7fd974bbf8c
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,29 +27,31 @@ You can use the MED-V Workspace Packager to manage URL redirection in the MED-V
 
 3.  In the **Manage Web Redirection** window, you can type, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace.
 
-    **Note**  
+    **Note**  
     URL redirection in MED-V only supports the protocols HTTP and HTTPS. MED-V does not provide support for FTP or any other protocols.
 
-     
 
-    Enter each web address on a single line, for example:
 
-    http://www.contoso.com/webapps/webapp1
+~~~
+Enter each web address on a single line, for example:
 
-    http://www.contoso.com/webapps/webapp2
+http://www.contoso.com/webapps/webapp1
 
-    http://\*.contoso.com
+http://www.contoso.com/webapps/webapp2
 
-    http://www.contoso.com/webapps/\*
+http://\*.contoso.com
 
-    **Important**  
-    If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding.
+http://www.contoso.com/webapps/\*
 
-     
+**Important**  
+If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding.
+~~~
 
-4.  Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
-    MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create the updated MED-V workspace package.
+
+4. Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
+
+   MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create the updated MED-V workspace package.
 
 ## Related topics
 
@@ -55,9 +60,9 @@ You can use the MED-V Workspace Packager to manage URL redirection in the MED-V
 
 [Manage MED-V URL Redirection](manage-med-v-url-redirection.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md b/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md
index c5d056790b..a8214e0d7a 100644
--- a/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md
+++ b/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md
@@ -1,8 +1,11 @@
 ---
 title: How to Manually Install the MED-V Host Agent
 description: How to Manually Install the MED-V Host Agent
-author: jamiejdt
+author: levinec
 ms.assetid: 4becc90b-6481-4e1f-a4d3-aec74c8821ec
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,12 +24,12 @@ Typically, you deploy and install the MED-V Host Agent by using your company’s
 **Note**  
 The MED-V Guest Agent is installed automatically during first time setup.
 
- 
+ 
 
 **Important**  
 Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution.
 
- 
+ 
 
 **To install the MED-V Host Agent**
 
@@ -49,7 +52,7 @@ Close Internet Explorer before you install the MED-V Host Agent, otherwise confl
 **Note**  
 Until a MED-V workspace is installed, the MED-V Host Agent can be started and runs, but provides no functionality.
 
- 
+ 
 
 ## Related topics
 
@@ -60,9 +63,9 @@ Until a MED-V workspace is installed, the MED-V Host Agent can be started and ru
 
 [How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md
index 0aa54f39d3..5708a84057 100644
--- a/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md
+++ b/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: How to Publish and Unpublish an Application on the MED-V Workspace
 description: How to Publish and Unpublish an Application on the MED-V Workspace
-author: jamiejdt
+author: levinec
 ms.assetid: fd5a62e9-0577-44d2-ae17-61c0aef78ce8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ In some cases, you might want to install applications on the MED-V workspace wit
 **Important**  
 If you publish an application that does not support UNC paths, we recommend that you map the application to a drive.
 
- 
+ 
 
 You can publish or unpublish applications to a deployed MED-V workspace by performing one of the following tasks:
 
@@ -42,14 +45,14 @@ You can publish or unpublish applications to a deployed MED-V workspace by perfo
     **Note**  
     Frequently, the shortcut is automatically deleted from the host computer **Start** menu when you uninstall the application. However, in some cases, such as for a MED-V workspace that is configured for all users of a shared computer, you might have to manually delete the shortcut on the **Start** menu after the application is uninstalled. The end-user can do this by right-clicking the shortcut and selecting **Delete**.
 
-     
+     
 
 To test that the application was published or unpublished, verify on the MED-V workspace whether the corresponding shortcut is available or not.
 
 **Note**  
 Applications that are included in Windows XP SP3 and are located in the virtual machine Start Menu folder are not automatically published to the host. They are controlled by registry settings that block automatic publishing. For more information, see [Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md).
 
- 
+ 
 
 **To publish Control Panel items**
 
@@ -64,7 +67,7 @@ Applications that are included in Windows XP SP3 and are located in the virtual
 **Caution**  
 When you create the shortcut, do not specify %SystemRoot%\\control.exe. This application will not be published because it is contained in the registry settings that block automatic publishing.
 
- 
+ 
 
 **How MED-V handles automatic application publishing**
 
@@ -87,7 +90,7 @@ When you create the shortcut, do not specify %SystemRoot%\\control.exe. This app
 **Note**  
 A folder must already exist in the host computer Start Menu folder for MED-V to copy the shortcut there. MED-V does not create the folder if it does not already exist.
 
- 
+ 
 
 ## Related topics
 
@@ -98,9 +101,9 @@ A folder must already exist in the host computer Start Menu folder for MED-V to
 
 [Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-test-application-publishing.md b/mdop/medv-v2/how-to-test-application-publishing.md
index 4c217d9a2e..0e21fda4c9 100644
--- a/mdop/medv-v2/how-to-test-application-publishing.md
+++ b/mdop/medv-v2/how-to-test-application-publishing.md
@@ -1,8 +1,11 @@
 ---
 title: How to Test Application Publishing
 description: How to Test Application Publishing
-author: jamiejdt
+author: levinec
 ms.assetid: 17ba2e12-50a0-4f41-8300-f61f09db9f6c
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -62,9 +65,9 @@ After you have completed testing your MED-V workspace package and have verified
 
 [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-test-url-redirection.md b/mdop/medv-v2/how-to-test-url-redirection.md
index bc9d391040..e003cb9d88 100644
--- a/mdop/medv-v2/how-to-test-url-redirection.md
+++ b/mdop/medv-v2/how-to-test-url-redirection.md
@@ -1,8 +1,11 @@
 ---
 title: How to Test URL Redirection
 description: How to Test URL Redirection
-author: jamiejdt
+author: levinec
 ms.assetid: 38d80088-da1d-4098-b27e-76f9e78f81dc
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -59,9 +62,9 @@ After you have completed testing your MED-V workspace package and have verified
 
 [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-uninstall-the-med-v-components.md b/mdop/medv-v2/how-to-uninstall-the-med-v-components.md
index 97639cb578..9a514186e2 100644
--- a/mdop/medv-v2/how-to-uninstall-the-med-v-components.md
+++ b/mdop/medv-v2/how-to-uninstall-the-med-v-components.md
@@ -1,8 +1,11 @@
 ---
 title: How to Uninstall the MED-V Components
 description: How to Uninstall the MED-V Components
-author: jamiejdt
+author: levinec
 ms.assetid: c121dd27-6b2f-4d41-a21a-c6e8608c5c41
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ Typically, you can configure your electronic software distribution (ESD) system
 **Important**  
 Before you can uninstall the MED-V Host Agent, you must first uninstall any installed MED-V workspace.
 
- 
+ 
 
 Use the following procedures to uninstall the MED-V components from your enterprise.
 
@@ -48,7 +51,7 @@ The ESD client recognizes when the new packages are available and starts to unin
     **Note**  
     If MED-V is currently running, a dialog box appears and prompts you whether you want to shut it down. Click **Yes** to continue with the uninstallation. Click **No** to cancel the uninstallation.
 
-     
+     
 
 Alternately, you can remove a MED-V workspace by running the `uninstall.exe` file, typically located at C:\\ProgramData\\Microsoft\\Medv\\Workspace.
 
@@ -63,7 +66,7 @@ Alternately, you can remove a MED-V workspace by running the `uninstall.exe` fil
     **Note**  
     If you try to uninstall the MED-V Host Agent before you uninstall the MED-V workspace, a dialog box appears that states that you must first uninstall the MED-V workspace. Click **OK** to continue.
 
-     
+     
 
 **To manually uninstall the MED-V Workspace Packager**
 
@@ -76,16 +79,16 @@ Alternately, you can remove a MED-V workspace by running the `uninstall.exe` fil
     **Note**  
     You can uninstall the MED-V Workspace Packager at any time without affecting any deployed MED-V workspaces.
 
-     
+     
 
 ## Related topics
 
 
 [Deploy the MED-V Components](deploy-the-med-v-components.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/how-to-verify-first-time-setup-settings.md b/mdop/medv-v2/how-to-verify-first-time-setup-settings.md
index 4daef057f8..e7f28b9e80 100644
--- a/mdop/medv-v2/how-to-verify-first-time-setup-settings.md
+++ b/mdop/medv-v2/how-to-verify-first-time-setup-settings.md
@@ -1,8 +1,11 @@
 ---
 title: How to Verify First Time Setup Settings
 description: How to Verify First Time Setup Settings
-author: jamiejdt
+author: levinec
 ms.assetid: e8a07d4c-5786-4455-ac43-2deac4042efd
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ While your test of first time setup is running or after it finishes, you can ver
 **Note**  
 For information about how to monitor the successful completion of first time setup throughout your enterprise after deployment, see [Monitoring MED-V Workspace Deployments](monitoring-med-v-workspace-deployments.md).
 
- 
+ 
 
 **To verify settings during first time setup**
 
@@ -48,7 +51,7 @@ For information about how to monitor the successful completion of first time set
         **Note**  
         You can close the virtual machine window at any time and first time setup continues.
 
-         
+         
 
 **To verify settings after first time setup finishes**
 
@@ -81,7 +84,7 @@ For information about how to monitor the successful completion of first time set
 **Note**  
 If you encounter any problems when verifying your first time setup settings, see [Operations Troubleshooting](operations-troubleshooting-medv2.md).
 
- 
+ 
 
 After you have verified that your first time setup settings are correct, you can test other MED-V workspace configurations to verify that they function as intended, such as application publishing and URL redirection.
 
@@ -98,9 +101,9 @@ After you have completed all testing of your MED-V workspace package and have ve
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md b/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md
index 0112f0c6b0..99eeb385f5 100644
--- a/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md
+++ b/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md
@@ -1,8 +1,11 @@
 ---
 title: Identifying the Number and Types of MED-V Workspaces
 description: Identifying the Number and Types of MED-V Workspaces
-author: jamiejdt
+author: levinec
 ms.assetid: 11642253-6b1f-4c4a-a11e-48d8a360e1ea
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,7 +45,7 @@ To calculate the required disk space, determine the following:
     **Important**  
     Do not use the .medv file size for your calculation because the .medv file is compressed.
 
-     
+     
 
 -   **Users per computer** – MED-V creates a MED-V workspace for each user on a computer; the MED-V workspace consumes disk space as each user logs on and the MED-V workspace is created.
 
@@ -57,7 +60,7 @@ The following example shows a calculation based on three users of a MED-V worksp
 **Note**  
 A MED-V best practice is to calculate the required space by using a lab deployment to validate the requirements.
 
- 
+ 
 
 ### Locate the Files to Determine File Size
 
@@ -95,7 +98,7 @@ The following locations contain the files for the computer and user settings:
 
 
 
- 
+ 
 
 ### Calculate the Disk Space Requirements for Shared MED-V Workspaces
 
@@ -110,9 +113,9 @@ You can find the differencing disk and the saved state file for shared MED-V wor
 
 [Planning for MED-V](planning-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
index eae1b6e175..6a9fb7c44b 100644
--- a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
+++ b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: Installing and Removing an Application on the MED-V Workspace
 description: Installing and Removing an Application on the MED-V Workspace
-author: jamiejdt
+author: levinec
 ms.assetid: 24f32720-51ab-4385-adfe-4f5a65e45fdf
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,12 +32,12 @@ After you have deployed a MED-V workspace, you have several different options av
 **Important**  
 To make sure that an installed application is automatically published to the host, install the application on the virtual machine for **All Users**. For more information about application publishing, see [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md).
 
- 
+ 
 
 **Tip**  
 MED-V does not support guest-to-host redirection for content handling, such as double-clicking a Microsoft Word document in Internet Explorer in the MED-V workspace. Therefore, the required applications, such as Microsoft Word, must be installed in MED-V workspace to provide the default content handling functionality that an end user might expect.
 
- 
+ 
 
 ##  Adding and Removing Applications by Using Group Policy
 
@@ -64,7 +67,7 @@ App-V applications that you publish to the MED-V workspace have file-type associ
 
 To force redirection of those file-type associations, query App-V for mapped file type associations by typing the following at a command prompt in the guest virtual machine: **sftmime /QUERY OBJ:TYPE**. Then, map those file type associations in the host computer.
 
- 
+ 
 
 ##  Adding and Removing Applications on the Core Image
 
@@ -76,14 +79,14 @@ For more information about how to add or remove applications on the core image,
 **Important**  
 We do not recommend this method of managing applications. If you add or remove applications on the core image and redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved on the virtual machine is lost.
 
- 
+ 
 
 **Note**  
 Even though an application is installed into a MED-V workspace, you might also have to publish the application before it becomes available to the end user. For example, you might have to publish an installed application if the installation did not automatically create a shortcut on the **Start** menu. Likewise, to unpublish an application, you might have to manually remove a shortcut from the **Start** menu.
 
 By default, most applications are published at the time that they are installed, when shortcuts are automatically created and enabled.
 
- 
+ 
 
 ## Related topics
 
@@ -92,9 +95,9 @@ By default, most applications are published at the time that they are installed,
 
 [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
index 360abf2f95..fc9d0a46a6 100644
--- a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
+++ b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
@@ -1,8 +1,11 @@
 ---
 title: Installing Applications on a Windows Virtual PC Image
 description: Installing Applications on a Windows Virtual PC Image
-author: jamiejdt
+author: levinec
 ms.assetid: 32651eff-e3c6-4ef4-947d-2beddc695eac
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,7 +24,7 @@ The following section provides information to help you install software on the M
 **Caution**  
 For ease of MED-V workspace management after deployment, we recommend that you limit the number of components that you install on the MED-V image to those components that are required or that are helpful when using MED-V. For example, although they are not required to run MED-V, you can install an ESD system to use later for installing applications to a MED-V workspace and antivirus software for security on the image.
 
- 
+ 
 
 **Installing Software on a MED-V Image**
 
@@ -38,7 +41,7 @@ For ease of MED-V workspace management after deployment, we recommend that you l
     **Note**  
     After installation is complete, you might have to close and then restart the virtual machine.
 
-     
+     
 
 Repeat these steps for any software or application that you want to install on the MED-V image. We recommend that you limit the number of applications that you preinstall on the image. The recommended process for installing applications and other software on the image is to preinstall an ESD system now and to use it later to deploy software to the image. Alternately, you can also use Group Policy or App-V to add or remove applications on a MED-V workspace. For more information, see [Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md).
 
@@ -57,9 +60,9 @@ After you have installed all of the software that you want on the MED-V image, y
 
 [Prepare a MED-V Image](prepare-a-med-v-image.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/manage-med-v-url-redirection.md b/mdop/medv-v2/manage-med-v-url-redirection.md
index a584cd7963..d55c3d0b60 100644
--- a/mdop/medv-v2/manage-med-v-url-redirection.md
+++ b/mdop/medv-v2/manage-med-v-url-redirection.md
@@ -1,8 +1,11 @@
 ---
 title: Manage MED-V URL Redirection
 description: Manage MED-V URL Redirection
-author: jamiejdt
+author: levinec
 ms.assetid: 274161c0-b54a-4364-bb63-89996afccd04
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/manage-med-v-workspace-applications.md b/mdop/medv-v2/manage-med-v-workspace-applications.md
index c390acf3d9..59211673e6 100644
--- a/mdop/medv-v2/manage-med-v-workspace-applications.md
+++ b/mdop/medv-v2/manage-med-v-workspace-applications.md
@@ -1,8 +1,11 @@
 ---
 title: Manage MED-V Workspace Applications
 description: Manage MED-V Workspace Applications
-author: jamiejdt
+author: levinec
 ms.assetid: f58c7504-a77a-41a8-ac38-7e618da131fb
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/manage-med-v-workspace-settings.md b/mdop/medv-v2/manage-med-v-workspace-settings.md
index b3e38bc73b..6161aed548 100644
--- a/mdop/medv-v2/manage-med-v-workspace-settings.md
+++ b/mdop/medv-v2/manage-med-v-workspace-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Manage MED-V Workspace Settings
 description: Manage MED-V Workspace Settings
-author: jamiejdt
+author: levinec
 ms.assetid: 35ebd16e-31c7-4996-81be-af1d56346803
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md b/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md
index 80ff06a915..7d71f89c65 100644
--- a/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Applications Deployed to MED-V Workspaces
 description: Managing Applications Deployed to MED-V Workspaces
-author: jamiejdt
+author: levinec
 ms.assetid: 9a9bcdf5-0aa7-42a3-b6f0-6065adb01bcb
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
index c4c8b8fc8e..ccc7f402df 100644
--- a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Automatic Updates for MED-V Workspaces
 description: Managing Automatic Updates for MED-V Workspaces
-author: jamiejdt
+author: levinec
 ms.assetid: 306f28a2-d653-480d-b737-4b8b3132de5d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ The MED-V workspace wake-up policy guarantees that the MED-V virtual machine is
 **Important**  
 The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](https://go.microsoft.com/fwlink/?LinkId=200035) (https://go.microsoft.com/fwlink/?LinkId=200035).
 
- 
+ 
 
 When you created your MED-V workspace package, you configured when and how it starts, either when the end user logs on (**Fast Start**) or when the end user first opens a published application (**Normal Start**). Or you set the option to let the end user control this setting.
 
@@ -35,7 +38,7 @@ However, for those cases in which **Fast Start** is not specified or the virtual
 **Note**  
 If the end user opens a published application during the update period, the required updates are applied, but MED-V is not automatically hibernated or shut down after the update period ends. Instead, MED-V continues running.
 
- 
+ 
 
 The MED-V workspace wake-up policy includes three main components:
 
@@ -64,7 +67,7 @@ For more information about how to define your MED-V configuration values, see [M
 **Note**  
 A MED-V best practice is to set your wake up interval to match the time when MED-V virtual machines are planned to be updated regularly. In addition, we recommend that you configure these settings to resemble the host computer’s behavior.
 
- 
+ 
 
 ### Reboot Notification Using your ESD System
 
@@ -73,7 +76,7 @@ You can configure your ESD system to notify MED-V whenever a restart is required
 **Important**  
 You must open the event with Modify Only rights and then signal it. If you do not open it with the correct permissions, it does not work.
 
- 
+ 
 
 ``` syntax
 /// 
@@ -94,9 +97,9 @@ When you signal this event, MED-V captures it and informs the virtual machine th
 
 [Managing Software Updates for MED-V Workspaces](managing-software-updates-for-med-v-workspaces.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md b/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md
index 5cbb5c1263..c9a2d28a4c 100644
--- a/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md
+++ b/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md
@@ -1,8 +1,11 @@
 ---
 title: Managing MED-V Workspace Configuration Settings
 description: Managing MED-V Workspace Configuration Settings
-author: jamiejdt
+author: levinec
 ms.assetid: 517d04de-c31f-4b50-b2b3-5f8c312ed37b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,12 +33,12 @@ If the value is still not found, MED-V uses the default.
 
 A general best practice is to set the value in the HKEY\_LOCAL\_MACHINE\\System hive or in the machine policy. But if you want the end user to be able to configure a particular setting, then you should leave it out.
 
-**Note**  
+**Note**  
 Before you deploy your MED-V workspaces, you can use a script editor to change the Windows PowerShell script (.ps1 file) that the MED-V workspace packager created. For more information, see [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md).
 
 After you have deployed your MED-V workspaces, you can change certain MED-V configuration settings by editing the registry entries.
 
- 
+
 
 This section lists all the configurable MED-V registry keys and explains their uses.
 
@@ -53,23 +56,23 @@ The following table provides information about the registry values associated wi
 
 
 
-Name 
-Type 
-Data/Default 
-Description 
+Name 
+Type 
+Data/Default 
+Description 
 
 
 
 
-
    EventLogLevel 
    
-
    DWORD 
    
+
    EventLogLevel 
    
+
    DWORD 
    
 
    Default=3
    
 
    The type of information that is logged in the event log. Levels include the following: 0 (None), 1 (Error), 2 (Warning), 3 (Information), 4 (Debug).
    
 
 
 
 
- 
+
 
 ## Fts Key
 
@@ -93,28 +96,28 @@ The following table provides information about the registry values associated wi
 
 
 
-
    AddUserToAdminGroupEnabled 
    
+
    AddUserToAdminGroupEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether first time setup automatically adds the end user to the administrator's group. 0 = false; 1 = true.
    
+
    Configures whether first time setup automatically adds the end user to the administrator's group. 0 = false; 1 = true.
    
 
 
 
    
 
    
 
    
-
    0 = false: First time setup does not automatically add the end user to the administrator's group.
    
+
    0 = false: First time setup does not automatically add the end user to the administrator's group.
    
 
 
 
    
 
    
 
    
-
    1 = true: First time setup automatically adds the end user to the administrator's group.
    
+
    1 = true: First time setup automatically adds the end user to the administrator's group.
    
 
 
-
    ComputerNameMask 
    
+
    ComputerNameMask 
    
 
    SZ
    
-
    MEDV* 
    
-
    The computer name mask that is used to create the guest virtual machine's computer name.
    
+
    MEDV* 
    
+
    The computer name mask that is used to create the guest virtual machine's computer name.
    
 
 
 
    
@@ -128,67 +131,67 @@ The following table provides information about the registry values associated wi
 
    DeleteVMStateTimeout
    
 
    DWORD
    
 
    Default=90
    
-
    The time-out value, in seconds, when first time setup tries to delete the virtual machine. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, when first time setup tries to delete the virtual machine. Range = 0 to 2147483647.
    
 
 
 
    DetachVfdTimeout
    
 
    DWORD
    
 
    Default=120
    
-
    The time-out value, in seconds, when first time setup tries to detach the virtual floppy disk from the virtual machine. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, when first time setup tries to detach the virtual floppy disk from the virtual machine. Range = 0 to 2147483647.
    
 
 
-
    DialogUrl 
    
+
    DialogUrl 
    
 
    SZ
    
 
    
-
    Customizable URL that links to internal webpage and is displayed by first time setup dialog messages. 
    
+
    Customizable URL that links to internal webpage and is displayed by first time setup dialog messages. 
    
 
 
 
    ExplorerTimeout
    
 
    DWORD
    
 
    Default=900
    
-
    The time-out value, in seconds, that first time setup waits for Windows Explorer. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, that first time setup waits for Windows Explorer. Range = 0 to 2147483647.
    
 
 
-
    FailureDialogMsg 
    
+
    FailureDialogMsg 
    
 
    MULTI_SZ
    
-
    Message is found in resource file 
    
+
    Message is found in resource file 
    
 
    Customizable message that is displayed to the end user when first time setup cannot be completed.
    
 
 
-
    GiveUserGroupRightsMaxRetryCount 
    
-
    DWORD 
    
+
    GiveUserGroupRightsMaxRetryCount 
    
+
    DWORD 
    
 
    Default=3
    
 
    The maximum number of times that MED-V tries to give an end user group rights. Exceeding the specified retry value without being able to successfully give an end user group rights most likely causes a virtual machine preparation failure that is then subject to the MaxRetryCount value. Range = 0 to 2147483647.
    
 
 
-
    GiveUserGroupRightsTimeout 
    
+
    GiveUserGroupRightsTimeout 
    
 
    DWORD
    
 
    Default=300
    
-
    The time-out value, in seconds, when giving a user group rights. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, when giving a user group rights. Range = 0 to 2147483647.
    
 
 
-
    LogFilePaths 
    
+
    LogFilePaths 
    
 
    MULTI_SZ
    
 
    
-
    A list of the log file paths that MED-V collects during first time setup. 
    
+
    A list of the log file paths that MED-V collects during first time setup. 
    
 
 
-
    MaxPostponeTime 
    
+
    MaxPostponeTime 
    
 
    DWORD
    
 
    Default=120
    
-
    The maximum number of hours that first time setup can be postponed by the end user. Range = 0 to 2147483647.
    
+
    The maximum number of hours that first time setup can be postponed by the end user. Range = 0 to 2147483647.
    
 
 
-
    MaxRetryCount 
    
+
    MaxRetryCount 
    
 
    DWORD
    
 
    Default=3
    
 
    The maximum number of times that MED-V tries to prepare a virtual machine if each attempt ends in a failure other than a software error. When virtual machine preparation fails and the number of first time setup retries is exceeded, then MED-V informs the end user about the failure and does not give the option to retry. The count is re-set every time that MED-V is started. Range = 0 to 2147483647.
    
 
 
-
    Mode 
    
+
    Mode 
    
 
    SZ
    
 
    Default=Unattended
    
-
    Configures how first time setup interacts with the user. Possible values are as follows:
    
+
    Configures how first time setup interacts with the user. Possible values are as follows:
    
 
 
 
    
@@ -196,11 +199,10 @@ The following table provides information about the registry values associated wi
 
    
 
    Attended. The end user must enter information during first time setup.
    
 
    
-Note  
-
    If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, then you must select Attended mode or problems might occur during first time setup.
    
+Note
    If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, then you must select Attended mode or problems might occur during first time setup.
    
 
    
 
    
- 
+
 
    
 
 
@@ -216,34 +218,34 @@ The following table provides information about the registry values associated wi
 
    Silent. The virtual machine is not shown to the end user at all during first time setup.
    
 
 
-
    NonInteractiveRetryTimeoutInc 
    
+
    NonInteractiveRetryTimeoutInc 
    
 
    DWORD
    
 
    Default=15
    
-
    The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode when re-attempting setup. Range = 0 to 2147483647.
    
+
    The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode when re-attempting setup. Range = 0 to 2147483647.
    
 
 
-
    NonInteractiveTimeout 
    
+
    NonInteractiveTimeout 
    
 
    DWORD
    
 
    Default=45
    
-
    The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode. Range = 0 to 2147483647.
    
+
    The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode. Range = 0 to 2147483647.
    
 
 
-
    PostponeUtcDateTimeLimit 
    
+
    PostponeUtcDateTimeLimit 
    
 
    SZ
    
 
    
-
    The date and time, in UTC DateTime format, that first time setup can be postponed. Enter in the format "yyyy-MM-dd hh:mm" with hours specified by using the 24-hour clock standard.
    
+
    The date and time, in UTC DateTime format, that first time setup can be postponed. Enter in the format "yyyy-MM-dd hh:mm" with hours specified by using the 24-hour clock standard.
    
 
 
-
    RetryDialogMsg 
    
+
    RetryDialogMsg 
    
 
    MULTI_SZ
    
-
    Message is found in resource file 
    
+
    Message is found in resource file 
    
 
    Customizable message that is displayed to the end user when first time setup must re-attempt setup.
    
 
 
-
    SetComputerNameEnabled 
    
+
    SetComputerNameEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether the ComputerName entry under the [UserData] section of the Sysprep.inf file in the guest should be updated according to the specified ComputerNameMask.   0 = false; 1 = true.
    
+
    Configures whether the ComputerName entry under the [UserData] section of the Sysprep.inf file in the guest should be updated according to the specified ComputerNameMask.   0 = false; 1 = true.
    
 
 
 
    
@@ -258,10 +260,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: The ComputerName entry in the Sysprep.inf file is updated according to the ComputerNameMask.
    
 
 
-
    SetJoinDomainEnabled 
    
+
    SetJoinDomainEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether the JoinDomain setting under the [Identification] section of the Sysprep.inf file in the guest should be updated to match the settings on the host.  0 = false; 1 = true.
    
+
    Configures whether the JoinDomain setting under the [Identification] section of the Sysprep.inf file in the guest should be updated to match the settings on the host.  0 = false; 1 = true.
    
 
 
 
    
@@ -276,10 +278,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: The JoinDomain setting in the Sysprep.inf file is updated to match the settings on the host.
    
 
 
-
    SetMachineObjectOUEnabled 
    
+
    SetMachineObjectOUEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether the MachineObjectOU setting under the [Identification] section of the Sysprep.inf file in the guest is updated to match the host.  0 = false; 1 = true.
    
+
    Configures whether the MachineObjectOU setting under the [Identification] section of the Sysprep.inf file in the guest is updated to match the host.  0 = false; 1 = true.
    
 
 
 
    
@@ -294,16 +296,15 @@ The following table provides information about the registry values associated wi
 
    1 = true: The MachineObjectOU setting in the Sysprep.inf file is updated to match the settings on the host.
    
 
 
-
    SetRegionalSettingsEnabled 
    
+
    SetRegionalSettingsEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether the settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are updated to match the host.  0 = false; 1 = true.
    
+
    Configures whether the settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are updated to match the host.  0 = false; 1 = true.
    
 
    
-Note  
-
    By default, the setting for TimeZone in the guest is always synchronized with the TimeZone setting in the host.
    
+Note
    By default, the setting for TimeZone in the guest is always synchronized with the TimeZone setting in the host.
    
 
    
 
    
- 
+
 
    
 
 
@@ -319,10 +320,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: The settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are updated to match the host.
    
 
 
-
    SetUserDataEnabled 
    
+
    SetUserDataEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether the FullName and the OrgName settings under the [UserData] section of the Sysprep.inf file in the guest are updated to match the settings on the host.  0 = false; 1 = true.
    
+
    Configures whether the FullName and the OrgName settings under the [UserData] section of the Sysprep.inf file in the guest are updated to match the settings on the host.  0 = false; 1 = true.
    
 
 
 
    
@@ -337,22 +338,22 @@ The following table provides information about the registry values associated wi
 
    1 = true: The FullName and OrgName settings in the Sysprep.inf file are updated to match the settings on the host.
    
 
 
-
    StartDialogMsg 
    
+
    StartDialogMsg 
    
 
    MULTI_SZ
    
-
    Message is found in resource file 
    
-
    Customizable message that is displayed to the end user when first time setup is ready to start. 
    
+
    Message is found in resource file 
    
+
    Customizable message that is displayed to the end user when first time setup is ready to start. 
    
 
 
 
    TaskCancelTimeout
    
 
    DWORD
    
 
    Default=30
    
-
    The time-out value, in seconds, that first time setup waits for a response from the virtual machine for a Cancel operation. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, that first time setup waits for a response from the virtual machine for a Cancel operation. Range = 0 to 2147483647.
    
 
 
 
    TaskVMTurnOffTimeout
    
 
    DWORD
    
 
    Default=60
    
-
    The time-out value, in seconds, that first time setup waits for the virtual machine to shut down. Range = 0 to 2147483647.
    
+
    The time-out value, in seconds, that first time setup waits for the virtual machine to shut down. Range = 0 to 2147483647.
    
 
 
 
    UpgradeTimeout
    
@@ -363,7 +364,7 @@ The following table provides information about the registry values associated wi
 
 
 
- 
+
 
 ## UserExperience Key
 
@@ -387,10 +388,10 @@ The following table provides information about the registry values associated wi
 
 
 
-
    AppPublishingEnabled 
    
+
    AppPublishingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether application publication from the guest to the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether application publication from the guest to the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -405,10 +406,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: Enables application publishing from the guest to the host.
    
 
 
-
    AudioSharingEnabled 
    
+
    AudioSharingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the sharing of the audio I/O device between the guest and the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether the sharing of the audio I/O device between the guest and the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -423,10 +424,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: Enables the sharing of the audio I/O device between the guest and the host.
    
 
 
-
    ClipboardSharingEnabled 
    
+
    ClipboardSharingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the sharing of the Clipboard between the guest and the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether the sharing of the Clipboard between the guest and the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -444,7 +445,7 @@ The following table provides information about the registry values associated wi
 
    DialogTimeout
    
 
    DWORD
    
 
    Default=300
    
-
    The time, in seconds, before the first time setup Start Dialog times out. Range = 0 to 2147483647.
    
+
    The time, in seconds, before the first time setup Start Dialog times out. Range = 0 to 2147483647.
    
 
 
 
    HideVmTimeout
    
@@ -453,10 +454,10 @@ The following table provides information about the registry values associated wi
 
    The time-out value, in minutes, that the full-screen virtual machine window is hidden from the end user during a long logon attempt.
    
 
 
-
    LogonStartEnabled 
    
+
    LogonStartEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the guest should be started when the end user logs on to the desktop or when the first guest application is started.  0 = false; 1 = true.
    
+
    Configures whether the guest should be started when the end user logs on to the desktop or when the first guest application is started.  0 = false; 1 = true.
    
 
 
 
    
@@ -471,10 +472,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: The guest is started when the end user logs on to the desktop.
    
 
 
-
    PrinterSharingEnabled 
    
+
    PrinterSharingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the sharing of printers between the guest and the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether the sharing of printers between the guest and the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -489,16 +490,16 @@ The following table provides information about the registry values associated wi
 
    1 = true: Enables the sharing of printers between the guest and the host.
    
 
 
-
    RebootAbsoluteDelayTimeout 
    
+
    RebootAbsoluteDelayTimeout 
    
 
    DWORD
    
 
    Default=1440
    
-
    The time-out value, in minutes, that first time setup waits for a restart. Range = 0 to 2147483647.
    
+
    The time-out value, in minutes, that first time setup waits for a restart. Range = 0 to 2147483647.
    
 
 
-
    RedirectUrls 
    
+
    RedirectUrls 
    
 
    MULTI_SZ
    
 
    Specified URL list
    
-
    Specifies a list of URLs to be redirected from the host to the guest. 
    
+
    Specifies a list of URLs to be redirected from the host to the guest. 
    
 
 
 
    SmartCardLogonEnabled
    
@@ -518,18 +519,17 @@ The following table provides information about the registry values associated wi
 
    
 
    1 = true: Lets Smart Cards authenticate end users to MED-V.
    
 
    
-Important  
-
    If SmartCardLogonEnabled and CredentialCacheEnabled are both enabled, SmartCardLogonEnabled overrides CredentialCacheEnabled.
    
+Important
    If SmartCardLogonEnabled and CredentialCacheEnabled are both enabled, SmartCardLogonEnabled overrides CredentialCacheEnabled.
    
 
    
 
    
- 
+
 
    
 
 
-
    SmartCardSharingEnabled 
    
+
    SmartCardSharingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the sharing of Smart Cards between the guest and the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether the sharing of Smart Cards between the guest and the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -544,10 +544,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: Enables the sharing of Smart Cards between the guest and the host.
    
 
 
-
    USBDeviceSharingEnabled 
    
+
    USBDeviceSharingEnabled 
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the sharing of USB devices between the guest and the host is enabled.  0 = false; 1 = true.
    
+
    Configures whether the sharing of USB devices between the guest and the host is enabled.  0 = false; 1 = true.
    
 
 
 
    
@@ -564,7 +564,7 @@ The following table provides information about the registry values associated wi
 
 
 
- 
+
 
 ## VM Key
 
@@ -588,10 +588,10 @@ The following table provides information about the registry values associated wi
 
 
 
-
    CloseAction 
    
+
    CloseAction 
    
 
    SZ
    
 
    Default=HIBERNATE
    
-
    The action that the virtual machine performs after the last application that is running is closed. This setting is ignored if the LogonStartEnabled value is enabled. Possible options are as follows:
    
+
    The action that the virtual machine performs after the last application that is running is closed. This setting is ignored if the LogonStartEnabled value is enabled. Possible options are as follows:
    
 
 
 
    
@@ -612,36 +612,36 @@ The following table provides information about the registry values associated wi
 
    TURN-OFF. This option can cause data loss because it is the same as turning off the power button or pulling out the power cord on a physical computer. Use this option only if you cannot use one of the other two options.
    
 
 
-
    GuestMemFromHostMem 
    
+
    GuestMemFromHostMem 
    
 
    MULTI_SZ
    
-
    378, 512, 1024, 1536, 2048 
    
-
    A list of memory (MB) values for the guest. This value is used to determine how much RAM is available to the guest. Combined with HostMemToGuestMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 128 to 3712.
    
+
    378, 512, 1024, 1536, 2048 
    
+
    A list of memory (MB) values for the guest. This value is used to determine how much RAM is available to the guest. Combined with HostMemToGuestMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 128 to 3712.
    
 
 
-
    GuestUpdateDuration 
    
+
    GuestUpdateDuration 
    
 
    DWORD
    
 
    Default=240
    
-
    The number of minutes that MED-V should keep the guest awake for automatic updating, starting at the time specified in the GuestUpdateTime value. Range = 0 to 1440. Setting this value to zero (0) disables the guest patching functionality.
    
-
    For more information about guest patching for automatic updating, see [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md).
    
+
    The number of minutes that MED-V should keep the guest awake for automatic updating, starting at the time specified in the GuestUpdateTime value. Range = 0 to 1440. Setting this value to zero (0) disables the guest patching functionality.
    
+
    For more information about guest patching for automatic updating, see Managing Automatic Updates for MED-V Workspaces.
    
 
 
-
    GuestUpdateTime 
    
+
    GuestUpdateTime 
    
 
    SZ
    
 
    Default=00:00
    
-
    The hour and minute each day when MED-V should wake up the guest for automatic updating, by using the 24-hour clock standard. Specify the time in the format HH:MM  
    
-
    For more information about guest patching for automatic updating, see [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md).
    
+
    The hour and minute each day when MED-V should wake up the guest for automatic updating, by using the 24-hour clock standard. Specify the time in the format HH:MM  
    
+
    For more information about guest patching for automatic updating, see Managing Automatic Updates for MED-V Workspaces.
    
 
 
-
    HostMemToGuestMem 
    
+
    HostMemToGuestMem 
    
 
    MULTI_SZ
    
-
    1024, 2048, 4096, 8192, 16384 
    
-
    A list of memory (MB) values for the guest, determined by the RAM available on the host. Combined with GuestMemFromHostMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 1024 to 16384.
    
+
    1024, 2048, 4096, 8192, 16384 
    
+
    A list of memory (MB) values for the guest, determined by the RAM available on the host. Combined with GuestMemFromHostMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 1024 to 16384.
    
 
 
 
    HostMemToGuestMemCalcEnabled
    
 
    DWORD
    
 
    Default=1
    
-
    Configures whether the memory allocated for the guest is calculated from the memory present on the host.  0 = false; 1 = true.
    
+
    Configures whether the memory allocated for the guest is calculated from the memory present on the host.  0 = false; 1 = true.
    
 
 
 
    
@@ -656,16 +656,16 @@ The following table provides information about the registry values associated wi
 
    1 = true: The memory allocated for the guest is calculated from the memory present on the host.
    
 
 
-
    Memory 
    
+
    Memory 
    
 
    DWORD
    
 
    Default=512
    
-
    The RAM (MB) that should be allocated for the guest virtual machine. This setting is ignored if the HostMemToGuestMemEnabled setting is enabled. Range=128 to 2048.
    
+
    The RAM (MB) that should be allocated for the guest virtual machine. This setting is ignored if the HostMemToGuestMemEnabled setting is enabled. Range=128 to 2048.
    
 
 
-
    MultiUserEnabled 
    
+
    MultiUserEnabled 
    
 
    DWORD
    
 
    Default=0
    
-
    Configures whether multiple users share the same MED-V workspace.  0 = false; 1 = true.
    
+
    Configures whether multiple users share the same MED-V workspace.  0 = false; 1 = true.
    
 
 
 
    
@@ -680,10 +680,10 @@ The following table provides information about the registry values associated wi
 
    1 = true: Multiple users share the same MED-V workspace.
    
 
 
-
    NetworkingMode 
    
+
    NetworkingMode 
    
 
    SZ
    
 
    Default=NAT
    
-
    The kind of network connection used on the guest. Possible values are as follows:
    
+
    The kind of network connection used on the guest. Possible values are as follows:
    
 
 
 
    
@@ -695,18 +695,18 @@ The following table provides information about the registry values associated wi
 
    
 
    
 
    
-
    NAT. MED-V uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
+
    NAT. MED-V uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
 
 
-
    TaskTimeout 
    
+
    TaskTimeout 
    
 
    DWORD
    
 
    Default=600
    
-
    A general time-out value, in seconds, that MED-V waits for a task to be completed, such as restarting and shutting down. Range = 0 to 2147483647.
    
+
    A general time-out value, in seconds, that MED-V waits for a task to be completed, such as restarting and shutting down. Range = 0 to 2147483647.
    
 
 
 
 
- 
+
 
 ## Guest Registry Settings
 
@@ -726,17 +726,17 @@ The following table provides information about the guest registry value associat
 
 
 
-Name 
-Type 
-Data/Default 
+Name 
+Type 
+Data/Default 
 Description
 
 
 
 
 
    EnableGPWorkarounds
    
-
    DWORD 
    
-
    Default=1 
    
+
    DWORD 
    
+
    Default=1 
    
 
    Configures how MED-V handles the keys BufferPolicyReads and GroupPolicyMinTransferRate.
    
 
 
@@ -745,13 +745,12 @@ The following table provides information about the guest registry value associat
 
    
 
    By default, MED-V sets these keys as follows:
    
 
    BufferPolicyReads=1 and GroupPolicyMinTransferRate=0.
    
-
    Create the EnableGPWorkarounds  key, if it is necessary, and set the key to zero if you do not want MED-V to change the default settings of BufferPolicyReads and GroupPolicyMinTransferRate.
    
+
    Create the EnableGPWorkarounds  key, if it is necessary, and set the key to zero if you do not want MED-V to change the default settings of BufferPolicyReads and GroupPolicyMinTransferRate.
    
 
    
-Note  
-
    If your MED-V workspace is running in NAT mode, EnableGPWorkarounds affects the registry keys BufferPolicyReads and GroupPolicyMinTransferRate. If your MED-V workspace is running in BRIDGED mode, EnableGPWorkarounds only affects the registry key BufferPolicyReads.
    
+Note
    If your MED-V workspace is running in NAT mode, EnableGPWorkarounds affects the registry keys BufferPolicyReads and GroupPolicyMinTransferRate. If your MED-V workspace is running in BRIDGED mode, EnableGPWorkarounds only affects the registry key BufferPolicyReads.
    
 
    
 
    
- 
+
 
    
 
    1=true: MED-V sets the keys BufferPolicyReads=1 and GroupPolicyMinTransferRate=0 (if running in NAT mode) or just BufferPolicyReads=1 (if running in BRIDGED mode).
    
 
    0=false: MED-V does not make any changes to the keys BufferPolicyReads and GroupPolicyMinTransferRate.
    
@@ -759,7 +758,7 @@ The following table provides information about the guest registry value associat
 
 
 
- 
+
 
 ## Related topics
 
@@ -770,9 +769,9 @@ The following table provides information about the guest registry value associat
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md
index 99c6025728..4ceab3afe3 100644
--- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md
+++ b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md
@@ -1,8 +1,11 @@
 ---
 title: Managing MED-V Workspace Settings by Using a WMI
 description: Managing MED-V Workspace Settings by Using a WMI
-author: jamiejdt
+author: levinec
 ms.assetid: 05a665a3-2309-46c1-babb-a3e3bbb0b1f9
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,7 +29,7 @@ The WMI provider is implemented in the **root\\microsoft\\medv** namespace and i
 **Caution**  
 WMI browsing tools can be used to delete or modify classes and instances. Deleting or modifying certain classes and instances can result in the loss of valuable data and cause MED-V to function unpredictably.
 
- 
+ 
 
 You can use your preferred WMI browsing tool to view and edit MED-V configuration settings by following these steps.
 
@@ -53,7 +56,7 @@ After you have finished viewing or editing MED-V configuration settings, close t
 **Important**  
 In some cases, a restart of the MED-V workspace is required for changes to MED-V configuration settings to take effect.
 
- 
+ 
 
 The following code shows the Managed Object Format (MOF) file that defines the **Setting** class.
 
@@ -61,9 +64,9 @@ The following code shows the Managed Object Format (MOF) file that defines the *
 [dynamic: ToInstance, provider("TroubleShooting, Version=2.0.392.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"), singleton: DisableOverride ToInstance ToSubClass]
 class Setting : ConfigValueProvider
 {
-                boolean UxSmartCardLogonEnabled = TRUE;
-                [read] string User;
-                [implemented] void Clear([in] string propertyName);
+                boolean UxSmartCardLogonEnabled = TRUE;
+                [read] string User;
+                [implemented] void Clear([in] string propertyName);
 };
 ```
 
@@ -73,55 +76,55 @@ The **Setting** class inherits from the **ConfigValueProvider** class. The follo
 [abstract]
 class ConfigValueProvider
 {
-                [write] string DiagEventLogLevel;
-                [write] boolean FtsAddUserToAdminGroupEnabled;
-                [write] string FtsComputerNameMask;
-                [write] sint32 FtsDeleteVMStateTimeout;
-                [write] sint32 FtsDetachVfdTimeout;
-                [write] string FtsDialogUrl;
-                [write] sint32 FtsExplorerTimeout;
-                [write] string FtsFailureDialogMsg;
-                [write] string FtsLogFilePaths[];
-                [write] sint32 FtsMaxPostponeTime;
-                [write] sint32 FtsMaxRetryCount;
-                [write] string FtsMode;
-                [write] sint32 FtsNonInteractiveRetryTimeoutInc;
-                [write] sint32 FtsNonInteractiveTimeout;
-                [write] string FtsPostponeUtcDateTimeLimit;
-                [write] string FtsRetryDialogMsg;
-                [write] boolean FtsSetComputerNameEnabled;
-                [write] boolean FtsSetJoinDomainEnabled;
-                [write] boolean FtsSetMachineObjectOUEnabled;
-                [write] boolean FtsSetRegionalSettingsEnabled;
-                [write] boolean FtsSetUserDataEnabled;
-                [write] string FtsStartDialogMsg;
-                [write] sint32 FtsTaskCancelTimeout;
-                [write] sint32 FtsTaskVMTurnOffTimeout;
-                [write] sint32 FtsUpgradeTimeout;
-                [write] boolean UxAppPublishingEnabled;
-                [write] boolean UxAudioSharingEnabled;
-                [write] boolean UxClipboardSharingEnabled;
-                [write] boolean UxCredentialCacheEnabled;
-                [write] sint32 UxDialogTimeout;
-                [write] sint32 UxHideVmTimeout;
-                [write] boolean UxLogonStartEnabled;
-                [write] boolean UxPrinterSharingEnabled;
-                [write] sint32 UxRebootAbsoluteDelayTimeout;
-                [write] string UxRedirectUrls[];
-                [write] boolean UxShowExit;
-                [write] boolean UxSmartCardLogonEnabled;
-                [write] boolean UxSmartCardSharingEnabled;
-                [write] boolean UxUSBDeviceSharingEnabled;
-                [write] string VmCloseAction;
-                [write] sint32 VmGuestMemFromHostMem[];
-                [write] sint32 VmGuestUpdateDuration;
-                [write] string VmGuestUpdateTime;
-                [write] sint32 VmHostMemToGuestMem[];
-                [write] boolean VmHostMemToGuestMemCalcEnabled;
-                [write] sint32 VmMemory;
-                [write] boolean VmMultiUserEnabled;
-                [write] string VmNetworkingMode;
-                [write] sint32 VmTaskTimeout;
+                [write] string DiagEventLogLevel;
+                [write] boolean FtsAddUserToAdminGroupEnabled;
+                [write] string FtsComputerNameMask;
+                [write] sint32 FtsDeleteVMStateTimeout;
+                [write] sint32 FtsDetachVfdTimeout;
+                [write] string FtsDialogUrl;
+                [write] sint32 FtsExplorerTimeout;
+                [write] string FtsFailureDialogMsg;
+                [write] string FtsLogFilePaths[];
+                [write] sint32 FtsMaxPostponeTime;
+                [write] sint32 FtsMaxRetryCount;
+                [write] string FtsMode;
+                [write] sint32 FtsNonInteractiveRetryTimeoutInc;
+                [write] sint32 FtsNonInteractiveTimeout;
+                [write] string FtsPostponeUtcDateTimeLimit;
+                [write] string FtsRetryDialogMsg;
+                [write] boolean FtsSetComputerNameEnabled;
+                [write] boolean FtsSetJoinDomainEnabled;
+                [write] boolean FtsSetMachineObjectOUEnabled;
+                [write] boolean FtsSetRegionalSettingsEnabled;
+                [write] boolean FtsSetUserDataEnabled;
+                [write] string FtsStartDialogMsg;
+                [write] sint32 FtsTaskCancelTimeout;
+                [write] sint32 FtsTaskVMTurnOffTimeout;
+                [write] sint32 FtsUpgradeTimeout;
+                [write] boolean UxAppPublishingEnabled;
+                [write] boolean UxAudioSharingEnabled;
+                [write] boolean UxClipboardSharingEnabled;
+                [write] boolean UxCredentialCacheEnabled;
+                [write] sint32 UxDialogTimeout;
+                [write] sint32 UxHideVmTimeout;
+                [write] boolean UxLogonStartEnabled;
+                [write] boolean UxPrinterSharingEnabled;
+                [write] sint32 UxRebootAbsoluteDelayTimeout;
+                [write] string UxRedirectUrls[];
+                [write] boolean UxShowExit;
+                [write] boolean UxSmartCardLogonEnabled;
+                [write] boolean UxSmartCardSharingEnabled;
+                [write] boolean UxUSBDeviceSharingEnabled;
+                [write] string VmCloseAction;
+                [write] sint32 VmGuestMemFromHostMem[];
+                [write] sint32 VmGuestUpdateDuration;
+                [write] string VmGuestUpdateTime;
+                [write] sint32 VmHostMemToGuestMem[];
+                [write] boolean VmHostMemToGuestMemCalcEnabled;
+                [write] sint32 VmMemory;
+                [write] boolean VmMultiUserEnabled;
+                [write] string VmNetworkingMode;
+                [write] sint32 VmTaskTimeout;
 };
 ```
 
@@ -132,9 +135,9 @@ class ConfigValueProvider
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
index cbca914be6..f82ac07a75 100644
--- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
@@ -1,8 +1,11 @@
 ---
 title: Managing MED-V Workspace Settings by Using the MED-V Workspace Packager
 description: Managing MED-V Workspace Settings by Using the MED-V Workspace Packager
-author: jamiejdt
+author: levinec
 ms.assetid: e4b2c516-b9f8-44f9-9eae-caac6c2af3e7
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -18,67 +21,65 @@ You can use the MED-V Workspace Packager to manage certain settings in the MED-V
 
 **To manage settings in a MED-V workspace**
 
-1.  To open the **MED-V Workspace Packager**, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager**.
+1. To open the **MED-V Workspace Packager**, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager**.
 
-2.  On the **MED-V Workspace Packager** main panel, click **Manage Settings**.
+2. On the **MED-V Workspace Packager** main panel, click **Manage Settings**.
 
-3.  In the **Manage Settings** window, you can configure the following MED-V workspace settings:
+3. In the **Manage Settings** window, you can configure the following MED-V workspace settings:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    Start MED-V workspace
    Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.
    The MED-V workspace starts in one of two ways: either when the end user logs on or when they first perform an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.
    
-    
    You can either define this setting for the end user or let the end user control how MED-V starts.
    
-    
    
-    Note  
-    
    If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change the way in which MED-V starts.
    
-    
    
-    
    
-     
-    
    Networking
    Select Shared or Bridged for your networking setting. The default is Shared.
    Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
-    
    Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.
    Store credentials
    Choose whether you want to store the end user credentials.
    The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.
    
-    
    
-    Important  
-    
    Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.
    
-    
    The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. An attacker could write a program that retrieves the password and thus gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end user credentials.
    
-    
    
-    
    
-     
-    
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    Start MED-V workspace
    Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.
    The MED-V workspace starts in one of two ways: either when the end user logs on or when they first perform an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.
    
+   
    You can either define this setting for the end user or let the end user control how MED-V starts.
    
+   
    
+   Note
    If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change the way in which MED-V starts.
    
+   
    
+   
    
 
-     
+   
    Networking
    Select Shared or Bridged for your networking setting. The default is Shared.
    Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.
    
+   
    Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.
    Store credentials
    Choose whether you want to store the end user credentials.
    The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.
    
+   
    
+   Important
    Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.
    
+   
    The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. An attacker could write a program that retrieves the password and thus gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end user credentials.
    
+   
    
+   
    
 
-4.  Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
+   
    
 
-    MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
+
+
+4. Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
+
+   MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
 
 ## Related topics
 
@@ -87,9 +88,9 @@ You can use the MED-V Workspace Packager to manage certain settings in the MED-V
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md b/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md
index 646609d1bf..cf173e2d6d 100644
--- a/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md
+++ b/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Printers on a MED-V Workspace
 description: Managing Printers on a MED-V Workspace
-author: jamiejdt
+author: levinec
 ms.assetid: ba0a65ad-444f-4d18-95eb-8b9fa1a3ffba
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,14 +29,14 @@ In most cases, MED-V handles printer redirection automatically. After first time
 **Note**  
 If applications are running on the MED-V workspace, the end user is prompted to let the restart continue or postpone it until later. If no applications are running, the restart is automatic and not shown to the end user.
 
- 
+ 
 
 Every time MED-V is re-started, it checks whether any new printers are installed on the host and, if found, retrieves the corresponding drivers from the network print server and installs them on the guest. MED-V then restarts the MED-V workspace just as when first time setup was completed.
 
 **Important**  
 After the relevant drivers are installed on the guest, the printers only become visible on the guest after the restart occurs.
 
- 
+ 
 
 If at any time a driver cannot be located or installed, it must be manually installed on the guest for the network printer to be available to the end user.
 
@@ -48,16 +51,16 @@ The following list offers some additional guidance:
 **Warning**  
 If a printer is manually installed on the guest, and the same printer is later installed on the host, the result is that the printer is installed two times in the guest. To avoid this situation, a MED-V best practice is to manage printer redirection in one manner only: either disable redirection and install printers manually on the guest, or enable redirection and do not install printers manually on the guest.
 
- 
+ 
 
 ## Related topics
 
 
 [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
index a63e60b4e6..4dd09c0751 100644
--- a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
@@ -1,8 +1,11 @@
 ---
 title: Managing Software Updates for MED-V Workspaces
 description: Managing Software Updates for MED-V Workspaces
-author: jamiejdt
+author: levinec
 ms.assetid: a28d6dcd-cb9f-46ba-8dac-1d990837a3a3
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ You have several different options available to you for providing software updat
 **Note**  
 For information about how to specify the configuration settings that define how MED-V receives automatic updates, see [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md).
 
- 
+ 
 
 **Updating Software in a MED-V Workspace**
 
@@ -42,7 +45,7 @@ For information about how to specify the configuration settings that define how
     **Important**  
     We do not recommend this method of managing software updates. In addition, if you update software in the core image and redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved in the virtual machine is lost.
 
-     
+     
 
 ## Related topics
 
@@ -53,9 +56,9 @@ For information about how to specify the configuration settings that define how
 
 [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/med-v-20-best-practices.md b/mdop/medv-v2/med-v-20-best-practices.md
index 0fc269b7c1..e402342e9f 100644
--- a/mdop/medv-v2/med-v-20-best-practices.md
+++ b/mdop/medv-v2/med-v-20-best-practices.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 2.0 Best Practices
 description: MED-V 2.0 Best Practices
-author: jamiejdt
+author: levinec
 ms.assetid: 47ba2dd1-6c6e-4d6e-8e18-b42291f8e02a
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -47,7 +50,7 @@ If you want end users to see a service level agreement (SLA) before they access
 **Caution**  
 Even though a best practice is to run first time setup in **Unattended** mode, if you decide to set the local policy or registry entry to include an SLA in your image (virtual hard disk), you must also specify that first time setup is run in **Attended** mode, or first time setup can fail.
 
- 
+ 
 
 ### Compact the virtual hard disk
 
@@ -98,9 +101,9 @@ To prevent antivirus activity from affecting the performance of the virtual desk
 
 [Security and Protection for MED-V](security-and-protection-for-med-v.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/med-v-20-deployment-overview.md b/mdop/medv-v2/med-v-20-deployment-overview.md
index 28cfb3c18b..eb8d227f1d 100644
--- a/mdop/medv-v2/med-v-20-deployment-overview.md
+++ b/mdop/medv-v2/med-v-20-deployment-overview.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 2.0 Deployment Overview
 description: MED-V 2.0 Deployment Overview
-author: jamiejdt
+author: levinec
 ms.assetid: 0b8998ea-c46f-4c81-a304-f380b2ed7cf8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -21,10 +24,10 @@ This section provides general information and instructions about how to install
 
 MED-V 2.0 is based on an application model, where the same methods that you use to deploy applications can be used to deploy and manage MED-V. A deployed MED-V solution includes two components: the MED-V Host Agent and Guest Agent. The MED-V Host Agent is installed on the Windows 7 desktop and the MED-V Guest Agent is installed on Windows XP inside the MED-V workspace. MED-V also includes a MED-V Workspace Packager that provides the information and tools necessary for creating and configuring MED-V workspaces.
 
-**Important**  
+**Important**  
 MED-V only supports the installation of the MED-V Workspace Packager, the MED-V Host Agent, and the MED-V workspace for all users. Installing MED-V for the current user only by selecting **ALLUSERS=””** causes failures in the installation of the components and in the setup of the MED-V workspace.
 
- 
+
 
 ### The MED-V Installation Files
 
@@ -38,10 +41,10 @@ The Host Agent installation file is named MED-V\_HostAgent\_Setup.exe. This file
 
 The MED-V Workspace Packager installation file is named MED-V\_WorkspacePackager\_Setup.exe. Use this file to install the MED-V Workspace Packager on a computer where you have administrator rights and permissions. The desktop administrator uses the MED-V Workspace Packager to create and manage MED-V workspaces.
 
-**Note**  
+**Note**  
 The MED-V Guest Agent is installed automatically during first time setup.
 
- 
+
 
 ### The MED-V Deployment Process
 
@@ -53,10 +56,10 @@ The following is a high-level overview of the MED-V installation and deployment
 
 3.  Deploy the required MED-V components throughout your enterprise. The required components of MED-V are Windows Virtual PC, the MED-V Host Agent, and the MED-V workspace.
 
-**Important**  
+**Important**  
 Installation of the MED-V components requires administrative credentials. If an end user is installing MED-V, they are prompted to enter administrative credentials. Alternately, administrative credentials can be provided in context if you are installing by using an electronic software distribution (ESD) system.
 
- 
+
 
 ### The MED-V Components
 
@@ -86,10 +89,10 @@ To deploy MED-V, copy all the required installation files to the host computer o
 
 You can perform the installation manually. However, we recommend that you use an electronic software distribution method to automate the deployment of the components. For more information, see [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md).
 
-**Note**  
+**Note**  
 For information about available command-line arguments to control install options, see [Command-Line Options for MED-V Installation Files](command-line-options-for-med-v-installation-files.md).
 
- 
+
 
 ## Deployment Steps
 
@@ -102,29 +105,33 @@ When you deploy MED-V throughout your enterprise, there are two main considerati
 
     You can install these as part of the Windows 7 installations before you install MED-V, or you can install them as part of the MED-V distribution. However, MED-V does not include a mechanism for their deployment; they must be deployed by using an electronic software distribution (ESD) system or as part of the Windows 7 image.
 
-    **Important**  
+    **Important**  
     When you install the MED-V components by using a batch file, a best practice is to specify that Windows Virtual PC and the Windows Virtual PC hotfix are installed after the MED-V Host Agent and the MED-V workspace package files. This means that Windows Update will not cause any interference with the installation process by requiring a restart.
 
-     
 
-    **Note**  
-    After you install Windows Virtual PC, the computer must be restarted.
 
-     
+~~~
+**Note**  
+After you install Windows Virtual PC, the computer must be restarted.
+~~~
 
-2.  **MED-V Host Agent** – Install the MED-V Host Agent on the Windows 7 computer where MED-V will be run. This must be installed before installing the MED-V workspace and checks to make sure that Windows Virtual PC is installed.
 
-3.  **MED-V workspace** – You create the files that are required in this installation by using the MED-V Workspace Packager: the setup.exe, .medv, and .msi files. To install the MED-V workspace, run setup.exe; this triggers the other files as required. The installation places an entry in the registry under the local machine run key to start the MED-V Host Agent, which always runs MED-V when Windows is started.
 
-    **Important**  
-    The installation of the MED-V workspace can be run interactively by the end user or silently through an electronic software distribution system. Installation of the MED-V workspace requires administrative credentials, so end users must be administrators of their computers to install the MED-V workspace. Alternately, an electronic software distribution system typically runs in the system context and has sufficient permissions.
+2. **MED-V Host Agent** – Install the MED-V Host Agent on the Windows 7 computer where MED-V will be run. This must be installed before installing the MED-V workspace and checks to make sure that Windows Virtual PC is installed.
 
-     
+3. **MED-V workspace** – You create the files that are required in this installation by using the MED-V Workspace Packager: the setup.exe, .medv, and .msi files. To install the MED-V workspace, run setup.exe; this triggers the other files as required. The installation places an entry in the registry under the local machine run key to start the MED-V Host Agent, which always runs MED-V when Windows is started.
+
+   **Important**  
+   The installation of the MED-V workspace can be run interactively by the end user or silently through an electronic software distribution system. Installation of the MED-V workspace requires administrative credentials, so end users must be administrators of their computers to install the MED-V workspace. Alternately, an electronic software distribution system typically runs in the system context and has sufficient permissions.
+
+
+
+~~~
+**Tip**  
+Because of problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.
+~~~
 
-    **Tip**  
-    Because of problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe.
 
-     
 
 ### First Time Setup
 
@@ -149,9 +156,9 @@ After first time setup is complete, the end user is notified that the published
 
 [Deployment of MED-V](deployment-of-med-v.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/medv-v2/med-v-20-release-notes.md b/mdop/medv-v2/med-v-20-release-notes.md
index 1d0aee8310..51c9d5c1c7 100644
--- a/mdop/medv-v2/med-v-20-release-notes.md
+++ b/mdop/medv-v2/med-v-20-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 2.0 Release Notes
 description: MED-V 2.0 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: b8f7d938-566e-434c-b4b8-28b67cdfd0b1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -38,7 +41,7 @@ This section provides the most up-to-date information about issues with the Micr
 **Note**  
 There are currently no known issues with MED-V 2.0.
 
- 
+ 
 
 ## Release Notes Copyright Information
 
@@ -55,9 +58,9 @@ Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and W
 
 All other trademarks are property of their respective owners.
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/med-v-20-supported-configurations.md b/mdop/medv-v2/med-v-20-supported-configurations.md
index be1c37d61f..f3b1110fd8 100644
--- a/mdop/medv-v2/med-v-20-supported-configurations.md
+++ b/mdop/medv-v2/med-v-20-supported-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V 2.0 Supported Configurations
 description: MED-V 2.0 Supported Configurations
-author: jamiejdt
+author: levinec
 ms.assetid: 88f1d232-aa01-45ab-8da7-d086269250b5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/med-v-event-log-messages.md b/mdop/medv-v2/med-v-event-log-messages.md
index d438afc669..0eaa2bebad 100644
--- a/mdop/medv-v2/med-v-event-log-messages.md
+++ b/mdop/medv-v2/med-v-event-log-messages.md
@@ -1,8 +1,11 @@
 ---
 title: MED-V Event Log Messages
 description: MED-V Event Log Messages
-author: jamiejdt
+author: levinec
 ms.assetid: 7ba7344d-153b-4cc4-a00a-5d42aee9986b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/monitor-med-v-workspaces.md b/mdop/medv-v2/monitor-med-v-workspaces.md
index 3551fe0f49..f2c3f0b9f9 100644
--- a/mdop/medv-v2/monitor-med-v-workspaces.md
+++ b/mdop/medv-v2/monitor-med-v-workspaces.md
@@ -1,8 +1,11 @@
 ---
 title: Monitor MED-V Workspaces
 description: Monitor MED-V Workspaces
-author: jamiejdt
+author: levinec
 ms.assetid: f514afe2-8add-4105-9520-1a491733fa79
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/monitoring-med-v-workspace-deployments.md b/mdop/medv-v2/monitoring-med-v-workspace-deployments.md
index bc097e3974..13c103bc84 100644
--- a/mdop/medv-v2/monitoring-med-v-workspace-deployments.md
+++ b/mdop/medv-v2/monitoring-med-v-workspace-deployments.md
@@ -1,8 +1,11 @@
 ---
 title: Monitoring MED-V Workspace Deployments
 description: Monitoring MED-V Workspace Deployments
-author: jamiejdt
+author: levinec
 ms.assetid: 5de0cb06-b8a9-48a5-b8b3-836954295765
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/operations-for-med-v.md b/mdop/medv-v2/operations-for-med-v.md
index 42741ab850..adce3aa597 100644
--- a/mdop/medv-v2/operations-for-med-v.md
+++ b/mdop/medv-v2/operations-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for MED-V
 description: Operations for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 8f3f367d-fa9d-4468-814a-f0495adfaea4
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/operations-troubleshooting-medv2.md b/mdop/medv-v2/operations-troubleshooting-medv2.md
index b3eda03011..e32475aae0 100644
--- a/mdop/medv-v2/operations-troubleshooting-medv2.md
+++ b/mdop/medv-v2/operations-troubleshooting-medv2.md
@@ -1,8 +1,11 @@
 ---
 title: Operations Troubleshooting
 description: Operations Troubleshooting
-author: jamiejdt
+author: levinec
 ms.assetid: 948d7869-accd-44da-974f-93409234dee7
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/overview-of-med-vmedv2.md b/mdop/medv-v2/overview-of-med-vmedv2.md
index 9cd7ae88d6..41fe819b84 100644
--- a/mdop/medv-v2/overview-of-med-vmedv2.md
+++ b/mdop/medv-v2/overview-of-med-vmedv2.md
@@ -1,8 +1,11 @@
 ---
 title: Overview of MED-V
 description: Overview of MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 393daa9b-2d76-43e1-861a-9d8c00f68cf6
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/planning-for-application-operating-system-compatibility.md b/mdop/medv-v2/planning-for-application-operating-system-compatibility.md
index 5f98ac01db..d45cb683cb 100644
--- a/mdop/medv-v2/planning-for-application-operating-system-compatibility.md
+++ b/mdop/medv-v2/planning-for-application-operating-system-compatibility.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Application Operating System Compatibility
 description: Planning for Application Operating System Compatibility
-author: jamiejdt
+author: levinec
 ms.assetid: cdb0a7f0-9da4-4562-8277-12972eb0fea8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/planning-for-med-v.md b/mdop/medv-v2/planning-for-med-v.md
index 084589de20..9d40fa4ef6 100644
--- a/mdop/medv-v2/planning-for-med-v.md
+++ b/mdop/medv-v2/planning-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for MED-V
 description: Planning for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 8124b765-6930-4607-8bd9-93068403c7a2
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/prepare-a-med-v-image.md b/mdop/medv-v2/prepare-a-med-v-image.md
index 1c67c810a4..2796dbedaa 100644
--- a/mdop/medv-v2/prepare-a-med-v-image.md
+++ b/mdop/medv-v2/prepare-a-med-v-image.md
@@ -1,8 +1,11 @@
 ---
 title: Prepare a MED-V Image
 description: Prepare a MED-V Image
-author: jamiejdt
+author: levinec
 ms.assetid: 1bc757e5-8aef-4163-8542-1bdccc028961
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md b/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md
index 7da8db6a76..7eb0e906c5 100644
--- a/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md
+++ b/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Prepare the Deployment Environment for MED-V
 description: Prepare the Deployment Environment for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: d15ea370-7fdb-4852-a1ba-730ec7568e3e
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md b/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md
index 2e7f055be3..4a1f38168d 100644
--- a/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md
+++ b/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md
@@ -1,8 +1,11 @@
 ---
 title: Restarting and Resetting a MED-V Workspace
 description: Restarting and Resetting a MED-V Workspace
-author: jamiejdt
+author: levinec
 ms.assetid: a959cdb3-a727-47c7-967e-e58f224e74de
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ For information about how to open the MED-V Administration Toolkit, see [Trouble
     **Warning**  
     Resetting the MED-V workspace causes first time setup to run again, and thus reloads the original virtual hard disk. All data that is stored in the MED-V workspace since first time setup was originally run will be deleted.
 
-     
+     
 
 2.  Click **Reset**.
 
@@ -46,9 +49,9 @@ For information about how to open the MED-V Administration Toolkit, see [Trouble
 
 [Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/security-and-protection-for-med-v.md b/mdop/medv-v2/security-and-protection-for-med-v.md
index c196395199..c05c03ed27 100644
--- a/mdop/medv-v2/security-and-protection-for-med-v.md
+++ b/mdop/medv-v2/security-and-protection-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Protection for MED-V
 description: Security and Protection for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 5db66d56-eb65-4bff-a9e4-3d52de4256bd
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/security-best-practices-for-med-v-operations.md b/mdop/medv-v2/security-best-practices-for-med-v-operations.md
index 28830b3429..fa5a61b526 100644
--- a/mdop/medv-v2/security-best-practices-for-med-v-operations.md
+++ b/mdop/medv-v2/security-best-practices-for-med-v-operations.md
@@ -1,8 +1,11 @@
 ---
 title: Security Best Practices for MED-V Operations
 description: Security Best Practices for MED-V Operations
-author: jamiejdt
+author: levinec
 ms.assetid: 231e2b9a-8b49-42fe-93b5-2ef12fe17bac
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/technical-reference-for-med-v.md b/mdop/medv-v2/technical-reference-for-med-v.md
index 4db166484f..b273ebdd42 100644
--- a/mdop/medv-v2/technical-reference-for-med-v.md
+++ b/mdop/medv-v2/technical-reference-for-med-v.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for MED-V
 description: Technical Reference for MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 52aa15ae-6ca8-4494-8660-313c7b723406
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md b/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md
index e1fbb8b31d..d8d48b7fc4 100644
--- a/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md
+++ b/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md
@@ -1,8 +1,11 @@
 ---
 title: Test And Deploy the MED-V Workspace Package
 description: Test And Deploy the MED-V Workspace Package
-author: jamiejdt
+author: levinec
 ms.assetid: 0238dea7-a08c-4859-b8b1-2b52bc63fda6
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/testing-the-med-v-workspace-package.md b/mdop/medv-v2/testing-the-med-v-workspace-package.md
index e808acd7ac..4833b54dea 100644
--- a/mdop/medv-v2/testing-the-med-v-workspace-package.md
+++ b/mdop/medv-v2/testing-the-med-v-workspace-package.md
@@ -1,8 +1,11 @@
 ---
 title: Testing the MED-V Workspace Package
 description: Testing the MED-V Workspace Package
-author: jamiejdt
+author: levinec
 ms.assetid: 83edcb6e-9615-4d18-96b8-f085a647294e
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md b/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md
index d70e01fbcb..9eec10ced2 100644
--- a/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md
+++ b/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MED-V by Using the Administration Toolkit
 description: Troubleshooting MED-V by Using the Administration Toolkit
-author: jamiejdt
+author: levinec
 ms.assetid: 6c096a1c-b9ce-4ec7-8dfd-5286e3b9a617
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/troubleshooting-med-vmedv2.md b/mdop/medv-v2/troubleshooting-med-vmedv2.md
index 08644ea8ad..68e73550f9 100644
--- a/mdop/medv-v2/troubleshooting-med-vmedv2.md
+++ b/mdop/medv-v2/troubleshooting-med-vmedv2.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting MED-V
 description: Troubleshooting MED-V
-author: jamiejdt
+author: levinec
 ms.assetid: 4502d62b-a7db-4f83-81e2-23fd8b0820e1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/updating-med-v-20.md b/mdop/medv-v2/updating-med-v-20.md
index 7e68c9b367..7d18165a6a 100644
--- a/mdop/medv-v2/updating-med-v-20.md
+++ b/mdop/medv-v2/updating-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: Updating MED-V 2.0
 description: Updating MED-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: beea2f54-42d7-4a17-98e0-d243a8562265
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/viewing-and-configuring-med-v-logs.md b/mdop/medv-v2/viewing-and-configuring-med-v-logs.md
index ea1bd70f69..831ec64b9b 100644
--- a/mdop/medv-v2/viewing-and-configuring-med-v-logs.md
+++ b/mdop/medv-v2/viewing-and-configuring-med-v-logs.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing and Configuring MED-V Logs
 description: Viewing and Configuring MED-V Logs
-author: jamiejdt
+author: levinec
 ms.assetid: a15537ce-981d-4f55-9c3c-e7fbf94b8fe5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -28,7 +31,7 @@ Event Viewer opens and displays the corresponding event logs that you can use to
 **Note**  
 End users can only save event log files in the guest if they have administrative permissions.
 
- 
+ 
 
 ### To manually open the Event Viewer in the host computer
 
@@ -48,7 +51,7 @@ You can also specify the event logging level by editing the EventLogLevel regist
 **Note**  
 The level you specify on the **MED-V Administration Toolkit** window applies to future MED-V event logging. If you set the level to capture all errors, warnings, and informational messages, then the event logs fill more quickly and older events are removed.
 
- 
+ 
 
 ## Related topics
 
@@ -57,9 +60,9 @@ The level you specify on the **MED-V Administration Toolkit** window applies to
 
 [Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/medv-v2/viewing-med-v-workspace-configurations.md b/mdop/medv-v2/viewing-med-v-workspace-configurations.md
index 9982fd19ed..8f95dc130d 100644
--- a/mdop/medv-v2/viewing-med-v-workspace-configurations.md
+++ b/mdop/medv-v2/viewing-med-v-workspace-configurations.md
@@ -1,8 +1,11 @@
 ---
 title: Viewing MED-V Workspace Configurations
 description: Viewing MED-V Workspace Configurations
-author: jamiejdt
+author: levinec
 ms.assetid: 5de6cf04-6beb-4ac9-ad52-26ac8c0c8ce6
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/whats-new-in-med-v-20.md b/mdop/medv-v2/whats-new-in-med-v-20.md
index 5fe0b947ab..2068ac978f 100644
--- a/mdop/medv-v2/whats-new-in-med-v-20.md
+++ b/mdop/medv-v2/whats-new-in-med-v-20.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in MED-V 2.0
 description: What's New in MED-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: 53b10bff-2b6f-463b-bdc2-5edc56526792
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md b/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md
index 73932650ec..6b98064476 100644
--- a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md
+++ b/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md
@@ -1,8 +1,11 @@
 ---
 title: Windows Virtual PC Application Exclude List
 description: Windows Virtual PC Application Exclude List
-author: jamiejdt
+author: levinec
 ms.assetid: 7715f198-f5ed-421e-8740-0cec2ca4ece3
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -48,7 +51,7 @@ Windows Virtual PC includes a feature known as the "Exclude List" that lets you
         **Important**  
         If applicable, remove the quotation marks from the full path when you enter it into the value data field.
 
-         
+         
 
 5.  Close Registry Editor and restart the MED-V workspace virtual machine.
 
@@ -63,9 +66,9 @@ You can also republish an excluded application to the host **Start** menu by del
 
 [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/softgrid-application-virtualization.md b/mdop/softgrid-application-virtualization.md
index 4251743d68..a7950b25d2 100644
--- a/mdop/softgrid-application-virtualization.md
+++ b/mdop/softgrid-application-virtualization.md
@@ -1,14 +1,17 @@
 ---
 title: SoftGrid Application Virtualization
 description: SoftGrid Application Virtualization
-author: jamiejdt
+author: eavena
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: eravena
 ---
 
 # SoftGrid Application Virtualization
 
-Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
\ No newline at end of file
+Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
diff --git a/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md b/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md
index 8ff49372af..d5e3224942 100644
--- a/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md
+++ b/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md
@@ -1,8 +1,11 @@
 ---
 title: Application Publishing and Client Interaction for App-V 5
 description: Application Publishing and Client Interaction for App-V 5
-author: jamiejdt
+author: levinec
 ms.assetid: 9854afdc-00f9-40ec-8275-d168e5151286
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md b/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md
index 7c6b57cd16..b2c6ffe718 100644
--- a/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md
+++ b/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md
@@ -1,8 +1,11 @@
 ---
 title: Creating App-V 4.5 Databases Using SQL Scripting
 description: Creating App-V 4.5 Databases Using SQL Scripting
-author: jamiejdt
+author: levinec
 ms.assetid: 6cd0b180-163e-463f-a658-939ab9a7cfa1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -141,10 +144,10 @@ If used, the two sample batch files provided run the SQL scripts in the followin
 
     -   dbversion.sql
 
-**Note**  
+**Note**  
 Careful consideration when modifying the scripts must be taken and should only be done by someone with the appropriate knowledge. Also, of the sample files presented only the following should be changed: **create\_schema.bat**, **create\_tables.bat**, **database.sql**, and **roles.sql**. All other files should not be modified in any way as this could cause the database to be created incorrectly, which will lead to the failure of App-V services to be installed.
 
- 
+
 
 The two sample batch files must be placed in the same directory where the rest of the SQL scripts were copied to on the computer.
 
@@ -203,7 +206,7 @@ The following accounts will need to be created on the SQL server with specific p
 
 2.  Administrator in the “App-V Admins” group logs in to Application Virtualization Management Console and deletes the following objects from the Management Console.
 
-    **Warning**  
+    **Warning**  
     This is required as the traditional setup populates certain records in the database that are not populated if you run the install against an already existing database. Delete the following objects:
 
     -   Under “Server Groups,” “Default Server Group,” delete “Application Virtualization Management Server”
@@ -212,7 +215,7 @@ The following accounts will need to be created on the SQL server with specific p
 
     -   Under “Provider Policies,” delete “Default Provider”
 
-     
+
 
 3.  Administrator in the App-V admins group should then create:
 
@@ -220,32 +223,34 @@ The following accounts will need to be created on the SQL server with specific p
 
     -   Create a “Default Server Group”
 
-        **Note**  
-        You must create a “Default Server” group even if you will not be used. The server installer only looks for the "Default Server Group" when trying to add the server.  If there is no "Default Server Group" then the installation will fail. If you plan on using server groups other than the default that is fine, it’s just necessary to retain the "Default Server Group" if you plan on adding subsequent App-V Management Servers to your infrastructure.
+        **Note**  
+        You must create a “Default Server” group even if you will not be used. The server installer only looks for the "Default Server Group" when trying to add the server.  If there is no "Default Server Group" then the installation will fail. If you plan on using server groups other than the default that is fine, it’s just necessary to retain the "Default Server Group" if you plan on adding subsequent App-V Management Servers to your infrastructure.
 
-         
 
-    -   Assign the App-V Users Group to the New Provider Policy created above
 
-    -   Under “Server Groups,” create a New Server Group, specifying the New Provider Policy
+~~~
+-   Assign the App-V Users Group to the New Provider Policy created above
 
-    -   Under the New Server group, create a New Application Virtualization Management Server
+-   Under “Server Groups,” create a New Server Group, specifying the New Provider Policy
 
-        **Important**  
-        Do not restart the service before completing all of the above steps!
+-   Under the New Server group, create a New Application Virtualization Management Server
 
-         
+    **Important**  
+    Do not restart the service before completing all of the above steps!
 
-    -   Administrator restarts the Application Virtualization Management Server service.
+
+
+-   Administrator restarts the Application Virtualization Management Server service.
+~~~
 
 ## Conclusion
 
 
 In conclusion, the information in this document allows an administrator to work with the SQL administrators to develop a deployment path that works for the security and administrative divisions in an organization. After reading this document and testing the tasks documented, an administrator should be ready to implement their App-V infrastructure in this type of environment.
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
index bb717d6751..080458ef89 100644
--- a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
+++ b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
@@ -1,8 +1,11 @@
 ---
 title: How to Download and Deploy MDOP Group Policy (.admx) Templates
 description: How to Download and Deploy MDOP Group Policy (.admx) Templates
-author: jamiejdt
+author: levinec
 ms.assetid: fdb64505-6c66-4fdf-ad74-a6a161191e3f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,69 +23,69 @@ You can manage the feature settings of certain Microsoft Desktop Optimization Pa
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the latest [MDOP Group Policy templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531) 
+1. Download the latest [MDOP Group Policy templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531) 
 
-2.  Expand the downloaded .cab file by running `expand \MDOP_ADMX_Templates.cab -F:* `
+2. Expand the downloaded .cab file by running `expand \MDOP_ADMX_Templates.cab -F:* `
 
-    **Warning**  
-    Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file.
+   **Warning**  
+   Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file.
 
-3.  In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings.
+3. In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings.
 
-4.  Locate the appropriate .adml file by language-culture (that is, *en-us* for English-United States).
+4. Locate the appropriate .adml file by language-culture (that is, *en-us* for English-United States).
 
-5.  Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain.
+5. Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain.
 
    - **Local files:** To configure Group Policy settings from the local device, copy template files to the following locations:
 
    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    File typeFile location
    Group Policy template (.admx)
    %systemroot%\policyDefinitions
    Group Policy language file (.adml)
    %systemroot%\policyDefinitions\[MUIculture]
    
+   
+   
+   
+   
+   
+   
+   File type
+   File location
+   
+   
+   
+   
+   
    Group Policy template (.admx)
    
+   
    %systemroot%<strong>policyDefinitions
    
+   
+   
+   
    Group Policy language file (.adml)
    
+   
    %systemroot%<strong>policyDefinitions[MUIculture]
    
+   
+   
+   
 
    - **Domain central store:** To enable Group Policy settings configuration by a Group Policy administrator from any computer on the domain, copy files to the following locations on the domain controller:
 
    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    File typeFile location
    Group Policy template (.admx)
    %systemroot%\sysvol\domain\policies\PolicyDefinitions
    Group Policy language file (.adml)
    %systemroot%\sysvol\domain\policies\PolicyDefinitions\[MUIculture]\[MUIculture]
    
-    
    For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.
    
+   
+   
+   
+   
+   
+   
+   File type
+   File location
+   
+   
+   
+   
+   
    Group Policy template (.admx)
    
+   
    %systemroot%<strong>sysvol\domain\policies\PolicyDefinitions
    
+   
+   
+   
    Group Policy language file (.adml)
    
+   
    %systemroot%<strong>sysvol\domain\policies\PolicyDefinitions[MUIculture][MUIculture]
    
+   
    For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.
    
+   
+   
+   
 
 6. Edit the Group Policy settings using Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) to configure Group Policy settings for the MDOP technology.
 
@@ -107,42 +110,42 @@ For more information about supported MDOP Group Policy, see the specific documen
 
 
    Application Virtualization (App-V)
    
 
    App-V 5.0 and App-V 5.0 Service Packs
    
-
    [How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](../appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md)
    
+
    How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy
    
 
 
 
    User Experience Virtualization (UE-V)
    
 
    UE-V 2.0 and UE-V 2.1
    
-
    [Configuring UE-V 2.x with Group Policy Objects](../uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md)
    
+
    Configuring UE-V 2.x with Group Policy Objects
    
 
 
 
    
 
    UE-V 1.0 including 1.0 SP1
    
-
    [Configuring UE-V with Group Policy Objects](../uev-v1/configuring-ue-v-with-group-policy-objects.md)
    
+
    Configuring UE-V with Group Policy Objects
    
 
 
 
    Microsoft BitLocker Administration and Monitoring (MBAM)
    
 
    MBAM 2.5
    
-
    [Planning for MBAM 2.5 Group Policy Requirements](../mbam-v25/planning-for-mbam-25-group-policy-requirements.md)
    
+
    Planning for MBAM 2.5 Group Policy Requirements
    
 
 
 
    
 
    MBAM 2.0 including 2.0 SP1
    
-
    [Planning for MBAM 2.0 Group Policy Requirements](../mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md)
    
-
    [Deploying MBAM 2.0 Group Policy Objects](../mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md)
    
+
    Planning for MBAM 2.0 Group Policy Requirements
    
+
    Deploying MBAM 2.0 Group Policy Objects
    
 
 
 
    
 
    MBAM 1.0
    
-
    [How to Edit MBAM 1.0 GPO Settings](../mbam-v1/how-to-edit-mbam-10-gpo-settings.md)
    
+
    How to Edit MBAM 1.0 GPO Settings
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md b/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md
index 1c1a42ea74..29150aab71 100644
--- a/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md
+++ b/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md
@@ -1,8 +1,11 @@
 ---
 title: Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0
 description: Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0
-author: jamiejdt
+author: levinec
 ms.assetid: bd16c20f-cc47-4172-ae16-47b23c9b7f5c
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md b/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md
index 773cb6af33..1bafd39be8 100644
--- a/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md
+++ b/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md
@@ -1,8 +1,11 @@
 ---
 title: Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0
 description: Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0
-author: jamiejdt
+author: levinec
 ms.assetid: 742e64de-6ace-4eb4-901a-7a282ca7ae85
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md b/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md
index dd07ca6239..ddac76e38c 100644
--- a/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md
+++ b/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: About User Experience Virtualization 1.0 SP1
 description: About User Experience Virtualization 1.0 SP1
-author: jamiejdt
+author: levinec
 ms.assetid: 0212d3fb-e882-476c-9496-9eb52301703d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -138,12 +141,12 @@ UE-V 1.0 Service Pack 1 provides updates for both the UE-V Agent and the UE-V Ge
 
 
 
- 
+ 
 
 **Important**  
 While the UE-V Agent installation program (AgentSetup.exe) and UE-V Generator installation program (ToolSetup.exe) are translated into the languages above, the Windows Installer (.msi) files are only available in English.
 
- 
+ 
 
 ## Office 2007 Settings Location Templates
 
@@ -258,11 +261,11 @@ When running the UE-V setup for UE-V Agent (AgentSetup.exe), the following retur
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/about-user-experience-virtualization-10.md b/mdop/uev-v1/about-user-experience-virtualization-10.md
index f3bf041822..14b915317b 100644
--- a/mdop/uev-v1/about-user-experience-virtualization-10.md
+++ b/mdop/uev-v1/about-user-experience-virtualization-10.md
@@ -1,8 +1,11 @@
 ---
 title: About User Experience Virtualization 1.0
 description: About User Experience Virtualization 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 3758b100-35a8-4e10-ac08-f583fb8ddbd9
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/accessibility-for-ue-v.md b/mdop/uev-v1/accessibility-for-ue-v.md
index 825bb0113d..710364b2ab 100644
--- a/mdop/uev-v1/accessibility-for-ue-v.md
+++ b/mdop/uev-v1/accessibility-for-ue-v.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for UE-V
 description: Accessibility for UE-V
-author: jamiejdt
+author: levinec
 ms.assetid: 059a76e5-bcf0-4459-b5d2-8b71ff2ef433
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,7 +33,7 @@ You can access most commands by using two keystrokes. To use an access key:
 **Note**  
 To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
 
- 
+ 
 
 ### Documentation in alternative formats
 
@@ -63,13 +66,13 @@ For information about the availability of Microsoft product documentation and bo
 
    (609) 987-8116
    
 
 
-
    [http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)
    
+
    http://www.learningally.org/
    
 
    Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.
    
 
 
 
 
- 
+ 
 
 ### Customer service for people with hearing impairments
 
@@ -91,9 +94,9 @@ For more information about how accessible technology for computers can help to i
 
 [Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/administering-ue-v-10.md b/mdop/uev-v1/administering-ue-v-10.md
index c534bb5b7c..2bcd134ade 100644
--- a/mdop/uev-v1/administering-ue-v-10.md
+++ b/mdop/uev-v1/administering-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Administering UE-V 1.0
 description: Administering UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: c399ae8d-c839-4f84-9bfc-adacd8f89f34
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md b/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md
index e07e1cf0ce..10ce670be1 100644
--- a/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md
+++ b/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md
@@ -1,8 +1,11 @@
 ---
 title: Administering UE-V with PowerShell and WMI
 description: Administering UE-V with PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: 26cc864f-c628-4c04-a18c-dd60fce8187c
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
index 46a962c639..ab2aa0c2ec 100644
--- a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
+++ b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
@@ -1,8 +1,11 @@
 ---
 title: Changing the Frequency of UE-V Scheduled Tasks
 description: Changing the Frequency of UE-V Scheduled Tasks
-author: jamiejdt
+author: levinec
 ms.assetid: 33c2674e-0df4-4717-9c3d-820a90b16e19
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md b/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md
index efa20581dd..1ca4e1e44a 100644
--- a/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md
+++ b/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Checklist for Evaluating Line-of-Business Applications for UE-V 1.0
 description: Checklist for Evaluating Line-of-Business Applications for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 3bfaab30-59f7-4099-abb1-d248ce0086b8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md b/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md
index db1b927683..4ff6a7f274 100644
--- a/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md
+++ b/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring UE-V with Group Policy Objects
 description: Configuring UE-V with Group Policy Objects
-author: jamiejdt
+author: levinec
 ms.assetid: 5c9be706-a05f-4397-9a38-e6b73ebff1e5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -42,13 +45,13 @@ The following policy settings can be configured for UE-V:
 
    Settings storage path
    
 
    Computers and Users
    
 
    This policy setting configures where the user settings will be stored.
    
-
    Provide a Universal Naming Convention (UNC) path and variables such as \\Server\SettingsShare\%username%.
    
+
    Provide a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.
    
 
 
 
    Settings template catalog path
    
 
    Computers Only
    
 
    This policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog will be used to replace the default Microsoft templates that are installed with the UE-V agent.
    
-
    Provide a Universal Naming Convention (UNC) path such as \\Server\TemplateShare or a folder location on the computer.
    
+
    Provide a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
    
 
    
 
    Select the check box to replace the default Microsoft templates.
    
 
@@ -92,7 +95,7 @@ The following policy settings can be configured for UE-V:
 
 
 
- 
+ 
 
 **To configure computer-targeted policies**
 
@@ -125,9 +128,9 @@ The UE-V agent uses the following order of precedence to determine synchronizati
 
 [Operations for UE-V 1.0](operations-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md b/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md
index f867238246..57534783a3 100644
--- a/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md
+++ b/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md
@@ -1,8 +1,11 @@
 ---
 title: Create UE-V Settings Location Templates with the UE-V Generator
 description: Create UE-V Settings Location Templates with the UE-V Generator
-author: jamiejdt
+author: levinec
 ms.assetid: b8e50e2f-0cc6-4f74-bb48-c471fefdc7d8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -29,7 +32,7 @@ The UE-V Generator monitors an application to discover and capture the locations
 **Note**  
 UE-V templates cannot be created from virtualized applications or terminal services applications. However, settings synchronized using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and terminal services applications, open a Windows Installer File (.msi) version of the application with UE-V Generator.
 
- 
+ 
 
 **Excluded Locations**
 
@@ -65,7 +68,7 @@ Use the UE-V Generator to create settings location templates for line-of-busines
     **Note**  
     Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings.
 
-     
+     
 
 4.  After the application starts, close the application. The UE-V Generator records the locations where the application stores its settings.
 
@@ -112,9 +115,9 @@ Use the UE-V Generator to create settings location templates for line-of-busines
 
 [Operations for UE-V 1.0](operations-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md b/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md
index 12e6858bfd..7a2b1288e2 100644
--- a/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md
+++ b/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the Settings Storage Location for UE-V 1.0
 description: Deploying the Settings Storage Location for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: b187d44d-649b-487e-98d3-a61ee2be8c2f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -56,7 +59,7 @@ When you create the settings storage share, you should limit access only to user
     
     
 
-     
+     
 
 4.  Set the following NTFS permissions for the settings storage location folder:
 
@@ -87,7 +90,7 @@ When you create the settings storage share, you should limit access only to user
     
     
 
-     
+     
 
 5.  Click **OK** to close the dialog boxes.
 
@@ -100,7 +103,7 @@ Additional security can be configured when a Windows server is utilized for the
 
 2.  Set registry key value to 1.
 
- 
+ 
 
 ## Related topics
 
@@ -114,9 +117,9 @@ Deploy the Central Storage for User Experience Virtualization Settings Templates
 
 [Deploying the UE-V Agent](deploying-the-ue-v-agent.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md b/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md
index a76036e5fe..c0e408d050 100644
--- a/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md
+++ b/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the Settings Template Catalog for UE-V 1.0
 description: Deploying the Settings Template Catalog for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 0e6ab5ef-8eeb-40b4-be7b-a841bd83be96
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/deploying-the-ue-v-agent.md b/mdop/uev-v1/deploying-the-ue-v-agent.md
index 8656b04ed5..80f00c8ff1 100644
--- a/mdop/uev-v1/deploying-the-ue-v-agent.md
+++ b/mdop/uev-v1/deploying-the-ue-v-agent.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying the UE-V Agent
 description: Deploying the UE-V Agent
-author: jamiejdt
+author: levinec
 ms.assetid: ec1c16c4-4be0-41ff-93bc-3e2b1afb5832
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -88,7 +91,7 @@ The Microsoft User Experience Virtualization (UE-V) agent must run on each compu
 
 
 
- 
+ 
 
 During installation, the SettingsStoragePath command-line parameter specifies the settings storage location for the settings values. A settings storage location can be defined before deploying the UE-V Agent. If no settings storage location is defined, then UE-V uses the Active Directory user Home Directory as the settings storage location. When you specify the SettingsStoragePath configuration during setup and use the %username% as part of the value, this will roam the same user settings experience on all computers or sessions that a user logs into. If you specify the %username%\\%computername% variables as part of the SettingsStoragePath value, this will preserve the settings experience for each computer.
 
@@ -97,7 +100,7 @@ Architecture-specific Windows Installer (.msi) files are provided for the UE-V a
 **Note**  
 During UE-V agent installation or uninstallation you can either use the AgentSetup.exe file or the AgentSetup<arch>.msi file, but not both. The same file must be used to uninstall the UE-V Agent as it was used to install the UE-V Agent.
 
- 
+ 
 
 Be sure to use the correct variable format when you install the UE-V agent. The following table provides examples of deployment options for using the AgentSetup.exe or the Windows Installer (.msi) installation files.
 
@@ -119,42 +122,42 @@ Be sure to use the correct variable format when you install the UE-V agent. The
 
    Command prompt
    
 
    When you install the UE-V agent from a command prompt, use the %^username% variable format. If quotation marks are needed because of spaces in the settings storage path, use a batch script file for deployment.
    
 
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%^username%
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%^username%
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%
    
 
 
 
    Batch script
    
 
    When you install the UE-V Agent from a batch script file, use the %%username%% variable format. If you use this install method, you must escape the variable with the %% characters. Without this character, the script expands the username variable at install time, rather than at run time, causing UE-V to use a single settings storage location for all users.
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\\server\settingsshare\%%username%%"
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\\server\settingsshare\%%username%%"
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"
    
 
    
 
 
 
    PowerShell
    
 
    When you install the UE-V agent from a PowerShell prompt or PowerShell script, use the %username% variable format.
    
-
    & AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%
    
+
    & AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%
    
 
    
-
    & msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%
    
+
    & msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%
    
 
    
 
 
 
    Electronic software distribution, such as deployment of Configuration Manager Software Deployment)
    
 
    When you install the UE-V Agent with Configuration Manager, use the ^%username^% variable format.
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\^%username^%
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\^%username^%
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%
    
 
 
 
 
- 
+ 
 
 **Note**  
 The installation of the U-EV Agent requires Administrator rights and the computer will require a restart before the UE-V agent can run.
 
- 
+ 
 
 ## UE-V Agent deployment methods from a network share
 
@@ -191,9 +194,9 @@ Updates for the UE-V agent software will be provided through Microsoft Update. D
 [Installing the UE-V Generator](installing-the-ue-v-generator.md)
 
 Deploy the User Experience Virtualization Agent
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/deploying-ue-v-10.md b/mdop/uev-v1/deploying-ue-v-10.md
index 73e2982b31..58a93cbff2 100644
--- a/mdop/uev-v1/deploying-ue-v-10.md
+++ b/mdop/uev-v1/deploying-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying UE-V 1.0
 description: Deploying UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 519598bb-8c81-4af7-bee7-357696bff880
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ If you need to synchronize applications other than the default applications in t
 **Note**  
 Deploying custom templates requires a settings template catalog. The default Microsoft application templates are deployed with the UE-V Agent.
 
- 
+ 
 
 ## Topics for this product
 
@@ -68,9 +71,9 @@ Deploying custom templates requires a settings template catalog. The default Mic
 
 [Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md b/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md
index 4483054a73..fe939dc049 100644
--- a/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md
+++ b/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Deploying UE-V Settings Location Templates for UE-V 1.0
 description: Deploying UE-V Settings Location Templates for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 7e0cc553-14f7-40fa-828a-281c8d2d1934
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md b/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md
index c8ff3c97fd..70fac05e66 100644
--- a/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md
+++ b/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md
@@ -1,8 +1,11 @@
 ---
 title: Edit UE-V Settings Location Templates with the UE-V Generator
 description: Edit UE-V Settings Location Templates with the UE-V Generator
-author: jamiejdt
+author: levinec
 ms.assetid: da78f9c8-1624-4111-8c96-79db7224bd0b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
index ba5397f882..1d1459418d 100644
--- a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
+++ b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
@@ -1,8 +1,11 @@
 ---
 title: Getting Started With User Experience Virtualization 1.0
 description: Getting Started With User Experience Virtualization 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 74a068dc-4f87-4cb4-b114-8ca2a37149f7
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -39,7 +42,7 @@ If you are new to this product, we recommend that you read the documentation car
 **Note**  
 A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at  (https://go.microsoft.com/fwlink/?LinkId=272497).
 
- 
+ 
 
 ## Getting started with Microsoft User Experience Virtualization topics
 
@@ -73,9 +76,9 @@ A downloadable version of this administrator’s guide is not available. However
 
 -   [Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/high-level-architecture-for-ue-v-10.md b/mdop/uev-v1/high-level-architecture-for-ue-v-10.md
index 138c42e134..de0ffab797 100644
--- a/mdop/uev-v1/high-level-architecture-for-ue-v-10.md
+++ b/mdop/uev-v1/high-level-architecture-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: High-Level Architecture for UE-V 1.0
 description: High-Level Architecture for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: d54f9f10-1a4d-4e56-802d-22d51646e1cc
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/installing-the-ue-v-generator.md b/mdop/uev-v1/installing-the-ue-v-generator.md
index 56272dcca2..2729e3b8a1 100644
--- a/mdop/uev-v1/installing-the-ue-v-generator.md
+++ b/mdop/uev-v1/installing-the-ue-v-generator.md
@@ -1,8 +1,11 @@
 ---
 title: Installing the UE-V Generator
 description: Installing the UE-V Generator
-author: jamiejdt
+author: levinec
 ms.assetid: 198b9a5f-3dfc-46be-9005-d33451914f87
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -33,7 +36,7 @@ The Microsoft User Experience Virtualization (UE-V) generator can be installed o
     **Note**  
     A prompt for User Account Control appears before the application is installed. Permission is required to install the UE-V generator.
 
-     
+     
 
 7.  Click **Finish** to close the wizard after the installation is complete. You will need to restart your computer before you can run the UE-V Generator.
 
@@ -48,9 +51,9 @@ The Microsoft User Experience Virtualization (UE-V) generator can be installed o
 
 [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
index 59bbf08036..114fd6f250 100644
--- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
+++ b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
@@ -1,8 +1,11 @@
 ---
 title: Installing the UE-V Group Policy ADMX Templates
 description: Installing the UE-V Group Policy ADMX Templates
-author: jamiejdt
+author: levinec
 ms.assetid: 7bd1f12e-7ba6-49f9-af9c-22c496b13b39
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md b/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md
index 395957c559..efb3fdfb94 100644
--- a/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md
+++ b/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI
 description: Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: c8989b01-1769-4e69-82b1-4aadb261d2d5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,10 +23,10 @@ You can use WMI and PowerShell to manage Microsoft User Experience Virtualizatio
 
 1.  Stage the UE-V installer file in an accessible network share.
 
-    **Note**  
+    **Note**  
     Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer Files versions, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time using the installation file, you must use the same file type.
 
-     
+
 
 2.  Use one of the following PowerShell commands to install the agent.
 
@@ -149,7 +152,7 @@ You can use WMI and PowerShell to manage Microsoft User Experience Virtualizatio
     
     
 
-     
+
 
 **How to export UE-V package settings and repair UE-V templates with PowerShell**
 
@@ -182,7 +185,7 @@ You can use WMI and PowerShell to manage Microsoft User Experience Virtualizatio
     
     
 
-     
+
 
 **How to configure the UE-V Agent with WMI**
 
@@ -262,13 +265,15 @@ You can use WMI and PowerShell to manage Microsoft User Experience Virtualizatio
     
     
 
-     
 
-    Upon configuration of the UE-V Agent with WMI and PowerShell, the defined configuration is stored in the registry in the following locations:
 
-    `\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+~~~
+Upon configuration of the UE-V Agent with WMI and PowerShell, the defined configuration is stored in the registry in the following locations:
 
-    `\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+
+`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+~~~
 
 ## Related topics
 
@@ -277,9 +282,9 @@ You can use WMI and PowerShell to manage Microsoft User Experience Virtualizatio
 
 [Operations for UE-V 1.0](operations-for-ue-v-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md b/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md
index fb156f5b91..9bacdae69b 100644
--- a/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md
+++ b/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md
@@ -1,8 +1,11 @@
 ---
 title: Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI
 description: Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: 4b911c78-a5e9-4199-bfeb-72ab764d47c1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -76,7 +79,7 @@ You must have administrator permissions to update, register, or unregister a set
     
     
 
-     
+     
 
 The UE-V PowerShell features allow you to manage a group of settings templates deployed in your enterprise. To manage a group of templates using PowerShell, do the following.
 
@@ -159,7 +162,7 @@ User Experience Virtualization provides the following set of WMI commands. Admin
     
     
 
-     
+     
 
 **How to deploy the UE-V agent with PowerShell**
 
@@ -168,7 +171,7 @@ User Experience Virtualization provides the following set of WMI commands. Admin
     **Note**  
     Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer Files versions, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time using the installation file, you must use the same file type.
 
-     
+     
 
 2.  Use one of the following PowerShell commands to install the agent.
 
@@ -185,9 +188,9 @@ User Experience Virtualization provides the following set of WMI commands. Admin
 
 [Operations for UE-V 1.0](operations-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
index 7b7b0d414c..de4bba54f9 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes
 description: Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: 920f3fae-e9b5-4b94-beda-32c19d31e94b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -118,9 +121,9 @@ When Internet Explorer bookmarks roam from one computer to another computer, the
 
 WORKAROUND: None
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
index 4cc5845217..c41b75222e 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes
 description: Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: 447fae0c-fe87-4d1c-b616-6f92fbdaf6d5
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/migrating-ue-v-settings-packages.md b/mdop/uev-v1/migrating-ue-v-settings-packages.md
index b50413e244..0584788218 100644
--- a/mdop/uev-v1/migrating-ue-v-settings-packages.md
+++ b/mdop/uev-v1/migrating-ue-v-settings-packages.md
@@ -1,8 +1,11 @@
 ---
 title: Migrating UE-V Settings Packages
 description: Migrating UE-V Settings Packages
-author: jamiejdt
+author: levinec
 ms.assetid: 93d99254-3e17-4e96-92ad-87059d8554a7
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ Simply copying the files and folders will not preserve the security settings and
     **Note**  
     To monitor the copy progress, open MySettings.txt with a log file reader such as Trace32.
 
-     
+     
 
 4.  Grant share-level permissions to the new share. Leave the NTFS permissions as they were set by Robocopy.
 
@@ -50,9 +53,9 @@ Simply copying the files and folders will not preserve the security settings and
 
 [Operations for UE-V 1.0](operations-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/operations-for-ue-v-10.md b/mdop/uev-v1/operations-for-ue-v-10.md
index d1b08455f4..1ca7174231 100644
--- a/mdop/uev-v1/operations-for-ue-v-10.md
+++ b/mdop/uev-v1/operations-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Operations for UE-V 1.0
 description: Operations for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 5b4a82fd-3145-49e8-ac06-f9cc583abe5f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md b/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md
index 9f6bb700f9..41e30f2c3a 100644
--- a/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md
+++ b/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for Custom Template Deployment for UE-V 1.0
 description: Planning for Custom Template Deployment for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: be76fc9a-31ca-4290-af11-7640dcb87d50
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ When you use Group Policy to configure the settings template catalog path, you c
 **Note**  
 If you disable this policy setting after it has been enabled, the UE-V agent will not restore the default Microsoft templates.
 
- 
+ 
 
 If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, and the UE-V agent is not configured to replace the default Microsoft templates, the Microsoft templates in the catalog will be ignored.
 
@@ -46,7 +49,7 @@ You can also replace the default templates by using the UE-V PowerShell features
 **Note**  
 Old settings packages remain in the settings storage location even if new settings templates are deployed for an application. These packages are not read by the agent, but neither are they automatically deleted.
 
- 
+ 
 
 ## Related topics
 
@@ -58,9 +61,9 @@ Old settings packages remain in the settings storage location even if new settin
 [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md)
 
 Planning for Custom Template Deployment
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/planning-for-ue-v-10.md b/mdop/uev-v1/planning-for-ue-v-10.md
index 3992127e0d..a1b74638d4 100644
--- a/mdop/uev-v1/planning-for-ue-v-10.md
+++ b/mdop/uev-v1/planning-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for UE-V 1.0
 description: Planning for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: fc44aa5f-1d4f-4c03-b326-37ecd6bd913f
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/planning-for-ue-v-configuration-methods.md b/mdop/uev-v1/planning-for-ue-v-configuration-methods.md
index 16b341bfc4..8e5be9114d 100644
--- a/mdop/uev-v1/planning-for-ue-v-configuration-methods.md
+++ b/mdop/uev-v1/planning-for-ue-v-configuration-methods.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for UE-V Configuration Methods
 description: Planning for UE-V Configuration Methods
-author: jamiejdt
+author: levinec
 ms.assetid: 57bce7ab-1be5-434b-9ee5-c96026bbe010
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -36,7 +39,7 @@ You can configure UE-V before, during, or after agent installation, depending on
 **Note**  
 Registry modification can result in data loss or the computer becoming unresponsive. We recommend that you use other configuration methods.
 
- 
+ 
 
 ### UE-V configuration settings
 
@@ -63,9 +66,9 @@ The following are examples of UE-V configuration settings:
 
 [Planning for UE-V Configuration](planning-for-ue-v-configuration.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/planning-for-ue-v-configuration.md b/mdop/uev-v1/planning-for-ue-v-configuration.md
index d152537495..f703d2f78a 100644
--- a/mdop/uev-v1/planning-for-ue-v-configuration.md
+++ b/mdop/uev-v1/planning-for-ue-v-configuration.md
@@ -1,8 +1,11 @@
 ---
 title: Planning for UE-V Configuration
 description: Planning for UE-V Configuration
-author: jamiejdt
+author: levinec
 ms.assetid: db78dad4-78e0-45d6-a235-8b7345cb79f8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md b/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md
index 4656579e00..79eebd7152 100644
--- a/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md
+++ b/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Planning Which Applications to Synchronize with UE-V 1.0
 description: Planning Which Applications to Synchronize with UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: c718274f-87b4-47f3-8ef7-5e1bd5557a9d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -69,7 +72,7 @@ The UE-V agent installation software installs the agent and registers a default
 
 
 
- 
+ 
 
 Application settings are applied to the application when the application is started. They are saved when the application closes.
 
@@ -114,7 +117,7 @@ User Experience Virtualization includes settings location templates that capture
 
 
 
- 
+ 
 
 The Windows desktop background and Ease of Access settings are applied when the user logs on, when the computer is unlocked, or upon remote connection to another computer. The agent saves these settings when the user logs off, when the computer is locked, or when a remote connection is disconnected. By default, Windows desktop background settings are roamed between computers of the same operating system version.
 
@@ -125,7 +128,7 @@ UE-V does not support the roaming of settings between operating systems with dif
 **Note**  
 If you change the settings location templates that are provided by Microsoft, User Experience Virtualization might not work properly for the designated application or Windows settings group.
 
- 
+ 
 
 ## Prevent unintentional user Settings configuration
 
@@ -162,9 +165,9 @@ For guidance on whether a line-of-business application should be synchronized, s
 
 [Deploying UE-V 1.0](deploying-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/preparing-your-environment-for-ue-v.md b/mdop/uev-v1/preparing-your-environment-for-ue-v.md
index b63fbb2a26..c361404d69 100644
--- a/mdop/uev-v1/preparing-your-environment-for-ue-v.md
+++ b/mdop/uev-v1/preparing-your-environment-for-ue-v.md
@@ -1,8 +1,11 @@
 ---
 title: Preparing Your Environment for UE-V
 description: Preparing Your Environment for UE-V
-author: jamiejdt
+author: levinec
 ms.assetid: c93d3b33-e032-451a-9e1b-8534e1625396
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md b/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md
index 0115c53e59..eeafde3a12 100644
--- a/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md
+++ b/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Restoring Application and Windows Settings Synchronized with UE-V 1.0
 description: Restoring Application and Windows Settings Synchronized with UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: 254a16b1-f186-44a4-8e22-49a4ee87c734
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/security-and-privacy-for-ue-v-10.md b/mdop/uev-v1/security-and-privacy-for-ue-v-10.md
index 0be86755c3..dd0f34f96c 100644
--- a/mdop/uev-v1/security-and-privacy-for-ue-v-10.md
+++ b/mdop/uev-v1/security-and-privacy-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Security and Privacy for UE-V 1.0
 description: Security and Privacy for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: c23d867d-7991-4c78-a123-a8a92758e5ba
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
index 3947db526f..48f0163995 100644
--- a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
+++ b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
@@ -1,8 +1,11 @@
 ---
 title: Sharing Settings Location Templates with the UE-V Template Gallery
 description: Sharing Settings Location Templates with the UE-V Template Gallery
-author: jamiejdt
+author: levinec
 ms.assetid: 3830ae0c-96dd-4a8d-96a2-df87aea81b27
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/supported-configurations-for-ue-v-10.md b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
index d3a6b6e9e8..2fca53cc15 100644
--- a/mdop/uev-v1/supported-configurations-for-ue-v-10.md
+++ b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Supported Configurations for UE-V 1.0
 description: Supported Configurations for UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: d90ab83e-741f-48eb-b1d8-a64cb9259f7a
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft User Experience Virtualization (UE-V) supports the following described
 **Note**  
 Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
- 
+ 
 
 ## Supported configurations for UE-V Agent and UE-V Generator
 
@@ -79,7 +82,7 @@ The following table lists the operating systems that support the User Experience
 
 
 
- 
+ 
 
 There are no special RAM requirements that are specific to UE-V.
 
@@ -88,7 +91,7 @@ The installation of the UE-V agent requires administrative rights and will requi
 **Important**  
 The Sync Your Settings feature in Windows 8 must be disabled to allow UE-V to function properly. Synchronization of settings with both Windows 8 and UE-V will result in unpredictable synchronization behavior.
 
- 
+ 
 
 ### Requirements for the Offline Files feature
 
@@ -168,9 +171,9 @@ Supported Configurations for User Experience Virtualization
 
 [Deploying the UE-V Agent](deploying-the-ue-v-agent.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/troubleshooting-ue-v-10.md b/mdop/uev-v1/troubleshooting-ue-v-10.md
index c59ee48ed8..81aa6256a0 100644
--- a/mdop/uev-v1/troubleshooting-ue-v-10.md
+++ b/mdop/uev-v1/troubleshooting-ue-v-10.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting UE-V 1.0
 description: Troubleshooting UE-V 1.0
-author: jamiejdt
+author: levinec
 ms.assetid: e40f46a9-34f6-40ee-801b-9bf91f65c0e1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/ue-v-10-security-considerations.md b/mdop/uev-v1/ue-v-10-security-considerations.md
index f913daa0bc..ddbecb7393 100644
--- a/mdop/uev-v1/ue-v-10-security-considerations.md
+++ b/mdop/uev-v1/ue-v-10-security-considerations.md
@@ -1,8 +1,11 @@
 ---
 title: UE-V 1.0 Security Considerations
 description: UE-V 1.0 Security Considerations
-author: jamiejdt
+author: levinec
 ms.assetid: c5cdf9ff-dc96-4491-98e9-0eada898ffe0
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -54,130 +57,132 @@ Because settings packages may contain personal information, you should take care
         
         
 
-         
 
-    2.  Set the following NTFS permissions for the settings storage location folder:
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
    




    User accountRecommended permissionsFolder
    Creator/Owner
    No Permissions
    No Permissions
    Domain Admins
    Full Control
    This Folder, Subfolders and Files
    Security group of UE-V users
    List Folder/Read Data, Create Folders/Append Data
    This Folder Only
    Everyone
    Remove all Permissions
    No Permissions
    
+~~~
+2.  Set the following NTFS permissions for the settings storage location folder:
 
-         
+    
+    +    +    +    +    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
    




    User accountRecommended permissionsFolder
    Creator/Owner
    No Permissions
    No Permissions
    Domain Admins
    Full Control
    This Folder, Subfolders and Files
    Security group of UE-V users
    List Folder/Read Data, Create Folders/Append Data
    This Folder Only
    Everyone
    Remove all Permissions
    No Permissions
    
 
-    3.  Set the following share-level (SMB) permissions for the settings template catalog folder.
 
-        
-        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
    



    User accountRecommend permissions
    Everyone
    No Permissions
    Domain Computers
    Read Permission Levels
    Administrators
    Read/Write Permission Levels
    
 
-         
+3.  Set the following share-level (SMB) permissions for the settings template catalog folder.
 
-    4.  Set the following NTFS permissions for the settings template catalog folder.
+    
+    +    +    +    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
    



    User accountRecommend permissions
    Everyone
    No Permissions
    Domain Computers
    Read Permission Levels
    Administrators
    Read/Write Permission Levels
    
 
-        
-        -        -        -        -        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
-        
    




    User accountRecommended permissionsApply to
    Creator/Owner
    Full Control
    This Folder, Subfolders and Files
    Domain Computers
    List Folder Contents and Read
    This Folder, Subfolders and Files
    Everyone
    No Permissions
    No Permissions
    Administrators
    Full Control
    This Folder, Subfolders and Files
    
 
-         
 
-### Use Windows Server 2003 or later servers to host redirected file shares
+4.  Set the following NTFS permissions for the settings template catalog folder.
+
+    
+    +    +    +    +    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
    




    User accountRecommended permissionsApply to
    Creator/Owner
    Full Control
    This Folder, Subfolders and Files
    Domain Computers
    List Folder Contents and Read
    This Folder, Subfolders and Files
    Everyone
    No Permissions
    No Permissions
    Administrators
    Full Control
    This Folder, Subfolders and Files
    
+~~~
+
+
+
+### Use Windows Server 2003 or later servers to host redirected file shares
 
 User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this, you should ensure that the data is protected while it travels over the network.
 
 User settings data is vulnerable to these potential threats: interception of the data as it passes over the network; tampering with the data as it passes over the network; and spoofing of the server that hosts the data.
 
-Several features of Windows Server 2003 and above can help to secure user data:
+Several features of Windows Server 2003 and above can help to secure user data:
 
--   **Kerberos** - Kerberos is standard on all versions of Windows 2000 and Windows Server 2003 and later. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This is particularly important if the client is exchanging personal files with the server, as is the case with Roaming Profiles. Kerberos provides better security than NTLM. Kerberos is not available on Windows NT version 4.0 or earlier operating systems.
+-   **Kerberos** - Kerberos is standard on all versions of Windows 2000 and Windows Server 2003 and later. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This is particularly important if the client is exchanging personal files with the server, as is the case with Roaming Profiles. Kerberos provides better security than NTLM. Kerberos is not available on Windows NT version 4.0 or earlier operating systems.
 
 -   **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following:
 
@@ -217,7 +222,7 @@ To ensure that UE-V works optimally, create only the root share on the server, a
 
 This permission configuration allows users to create folders for settings storage. The UE-V agent creates and secures a settingspackage folder while running in the context of the user. The user receives full control to their settingspackage folder. Other users do not inherit access to this folder. You do not need to create and secure individual user directories. This will be done automatically by the agent that runs in the context of the user.
 
-**Note**  
+**Note**  
 Additional security can be configured when a Windows server is utilized for the settings storage share. UE-V can be configured to verify that either the local administrator's group or the current user is the owner of the folder where settings packages are stored. To enable additional security use the following command:
 
 1.  Add a REG\_DWORD registry key named "RepositoryOwnerCheckEnabled" to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
@@ -226,7 +231,7 @@ Additional security can be configured when a Windows server is utilized for the
 
 When this configuration setting is in place, the UE-V agent verifies that the local administrator’s group or current user is the owner of the settingspackage folder. If not, then the UE-V agent will not allow access to the folder.
 
- 
+
 
 If you must create folders for the users and ensure that you have the correct permissions set.
 
@@ -241,9 +246,9 @@ If you redirect UE-V settings to a user’s home directory, be sure that the per
 
 [Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v1/ue-v-checklist.md b/mdop/uev-v1/ue-v-checklist.md
index 9a269b5bed..03c5bb4c70 100644
--- a/mdop/uev-v1/ue-v-checklist.md
+++ b/mdop/uev-v1/ue-v-checklist.md
@@ -1,8 +1,11 @@
 ---
 title: UE-V Checklist
 description: UE-V Checklist
-author: jamiejdt
+author: levinec
 ms.assetid: 0e4b9bd5-4e60-4673-b698-90612008fc2b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,42 +33,42 @@ Use this checklist to plan for preparing your computing environment for Microsof
 
 
 
    Review the Getting Started information about UE-V to gain a basic understanding of the product before you begin the deployment planning.
    
-
    [Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md)
    
+
    Getting Started With User Experience Virtualization 1.0
    
 
 
 
    Prepare your environment for UE-V 1.0 deployment.
    
-
    [Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md)
    
+
    Preparing Your Environment for UE-V
    
 
 
 
    Plan which applications end users can synchronize with UE-V 1.0.
    
-
    [Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md)
    
+
    Planning Which Applications to Synchronize with UE-V 1.0
    
 
 
 
    Custom settings templates only - create custom settings location templates and then define a setting template catalog.
    
-
    [Deploying the Settings Template Catalog for UE-V 1.0](deploying-the-settings-template-catalog-for-ue-v-10.md)
    
-
    [Create UE-V Settings Location Templates with the UE-V Generator](create-ue-v-settings-location-templates-with-the-ue-v-generator.md)
    
+
    Deploying the Settings Template Catalog for UE-V 1.0
    
+
    Create UE-V Settings Location Templates with the UE-V Generator
    
 
 
 
    Decide which method of configuration (Group Policy, PowerShell, ESD-command line, or batch file) works best for your environment and plan how to configure UE-V 1.0.
    
-
    [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md)
    
+
    Planning for UE-V Configuration Methods
    
 
 
 
    Deploy the network share to store settings packages.
    
-
    [Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md)
    
+
    Deploying the Settings Storage Location for UE-V 1.0
    
 
 
 
    Custom settings templates only – deploy the features that are required to create and store applications other than the UE-V default applications.
    
-
    [Deploying the Settings Template Catalog for UE-V 1.0](deploying-the-settings-template-catalog-for-ue-v-10.md)
    
-
    [Installing the UE-V Generator](installing-the-ue-v-generator.md)
    
+
    Deploying the Settings Template Catalog for UE-V 1.0
    
+
    Installing the UE-V Generator
    
 
 
 
    Familiarize yourself with the administration and management tasks for UE-V.
    
-
    [Administering UE-V 1.0](administering-ue-v-10.md)
    
+
    Administering UE-V 1.0
    
 
 
 
 
- 
+ 
 
 ## Related topics
 
@@ -74,9 +77,9 @@ Use this checklist to plan for preparing your computing environment for Microsof
 
 [Deploying UE-V 1.0](deploying-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
index 742844a96e..ecbbabaa59 100644
--- a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
+++ b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
@@ -1,8 +1,11 @@
 ---
 title: User Experience Virtualization Privacy Statement
 description: User Experience Virtualization Privacy Statement
-author: jamiejdt
+author: levinec
 ms.assetid: c2919034-f2cf-48d6-b18e-4dd318252426
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -160,9 +163,9 @@ For details about what information is collected and how it is used, see the Upda
 
 [Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md b/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md
index 490a7b9acb..7b2ac97915 100644
--- a/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md
+++ b/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md
@@ -1,8 +1,11 @@
 ---
 title: Validate UE-V Settings Location Templates with UE-V Generator
 description: Validate UE-V Settings Location Templates with UE-V Generator
-author: jamiejdt
+author: levinec
 ms.assetid: 131c636c-173a-4b41-af5d-9a75b453b9d8
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md b/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md
index dc77034221..14ed81bb52 100644
--- a/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md
+++ b/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md
@@ -1,8 +1,11 @@
 ---
 title: Working with Custom UE-V Templates and the UE-V Generator
 description: Working with Custom UE-V Templates and the UE-V Generator
-author: jamiejdt
+author: levinec
 ms.assetid: 7bb2583a-b032-4800-9bf9-eb33528e1d0d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
index 7c04b3654e..349a791c43 100644
--- a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Accessibility for UE-V 2.x
 description: Accessibility for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: ec05da5f-4558-4d4d-9b58-3b8ed68cf2fe
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -58,13 +61,13 @@ For information about the availability of Microsoft product documentation and bo
 
    (609) 987-8116
    
 
 
-
    [http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)
    
+
    http://www.learningally.org/
    
 
    Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.
    
 
 
 
 
- 
+ 
 
 ### Customer service for people with hearing impairments
 
@@ -91,9 +94,9 @@ For more information about how accessible technology for computers can help to i
 
 [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md
index 117459cd87..e25587766a 100644
--- a/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Administering UE-V 2.x
 description: Administering UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 996e4797-8383-4627-b714-24a84c907798
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
index d714ca370b..6acd7dcdd5 100644
--- a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Administering UE-V 2.x with Windows PowerShell and WMI
 description: Administering UE-V 2.x with Windows PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: e749ac03-0adf-475a-a4f2-5cc023549b12
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 provide Wi
 **Note**  
 Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495).
 
- 
+ 
 
 ## Managing the UE-V 2.x Agent and packages by using Windows PowerShell and WMI
 
@@ -45,9 +48,9 @@ After you create and deploy UE-V settings location templates, you can manage tho
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
index 951b805b9f..b972d7f736 100644
--- a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Application Template Schema Reference for UE-V 2.x
 description: Application Template Schema Reference for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: be8735a5-6a3e-4b1f-ba14-2a3bc3e5a8b6
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -148,7 +151,7 @@ The Process data type is a container used to describe processes to be monitored
 
 
 
- 
+ 
 
 **Processes**
 The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
@@ -198,7 +201,7 @@ Settings is a container for all the settings that apply to a particular template
 
 
 
- 
+ 
 
 ### Name Element
 
@@ -213,7 +216,7 @@ UE-V does not reference external DTDs, so it is not possible to use named entiti
 
 See  for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V Generator converts character entities to their Unicode representations automatically.
 
- 
+ 
 
 ### ID Element
 
@@ -258,7 +261,7 @@ This value is queried to determine if a new version of a template should be appl
 
 -   When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI
 
- 
+ 
 
 ### Author Element
 
@@ -324,7 +327,7 @@ A value of **True** indicates that the string contains illegal characters. Here
 **Note**  
 The UE-V Generator encodes the greater than and less than characters as > and < respectively.
 
- 
+ 
 
 In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplictication.exe` should be specified instead of `MyApplictication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
 
@@ -341,7 +344,7 @@ If this element is absent, the settings location template ignores the process’
 **Note**  
 UE-V does not support ARM processors in this version.
 
- 
+ 
 
 ### ProductName
 
@@ -490,11 +493,11 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id21).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -510,7 +513,7 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Version
    
-
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).
    
+
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
    
 
 
 
    DeferToMSAccount
    
@@ -526,16 +529,16 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Processes
    
-
    A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).
    
+
    A container for a collection of one or more Process elements. For more information, see Processes.
    
 
 
 
    Settings
    
-
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).
    
+
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
    
 
 
 
 
- 
+ 
 
 ### Common Element
 
@@ -553,11 +556,11 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id21).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -573,7 +576,7 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Version
    
-
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).
    
+
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
    
 
 
 
    DeferToMSAccount
    
@@ -589,12 +592,12 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Settings
    
-
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).
    
+
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
    
 
 
 
 
- 
+ 
 
 ### SettingsLocationTemplate Element
 
@@ -612,11 +615,11 @@ This element defines the settings for a single application or a suite of applica
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id21).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -633,7 +636,7 @@ This element defines the settings for a single application or a suite of applica
 
 
 
- 
+ 
 
 ### Appendix: SettingsLocationTemplate.xsd
 
@@ -1088,7 +1091,7 @@ The Process data type is a container used to describe processes to be monitored
 
 
 
- 
+ 
 
 **Processes**
 The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
@@ -1135,7 +1138,7 @@ Settings is a container for all the settings that apply to a particular template
 
 
 
- 
+ 
 
 ### Name Element
 
@@ -1150,7 +1153,7 @@ UE-V does not reference external DTDs, so it is not possible to use named entiti
 
 See  for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V Generator converts character entities to their Unicode representations automatically.
 
- 
+ 
 
 ### ID Element
 
@@ -1195,7 +1198,7 @@ This value is queried to determine if a new version of a template should be appl
 
 -   When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI
 
- 
+ 
 
 ### Author Element
 
@@ -1261,7 +1264,7 @@ A value of **True** indicates that the string contains illegal characters. Here
 **Note**  
 The UE-V Generator encodes the greater than and less than characters as > and < respectively.
 
- 
+ 
 
 In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplictication.exe` should be specified instead of `MyApplictication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
 
@@ -1278,7 +1281,7 @@ If this element is absent, the settings location template ignores the process’
 **Note**  
 UE-V does not support ARM processors in this version.
 
- 
+ 
 
 ### ProductName
 
@@ -1429,11 +1432,11 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -1449,7 +1452,7 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Version
    
-
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version).
    
+
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
    
 
 
 
    DeferToMSAccount
    
@@ -1461,16 +1464,16 @@ Application is a container for settings that apply to a particular application.
 
 
 
    Processes
    
-
    A container for a collection of one or more Process elements. For more information, see [Processes](#processes).
    
+
    A container for a collection of one or more Process elements. For more information, see Processes.
    
 
 
 
    Settings
    
-
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data).
    
+
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
    
 
 
 
 
- 
+ 
 
 ### Common Element
 
@@ -1490,11 +1493,11 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -1510,7 +1513,7 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Version
    
-
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version).
    
+
    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
    
 
 
 
    DeferToMSAccount
    
@@ -1522,12 +1525,12 @@ Common is similar to an Application element, but it is always associated with tw
 
 
 
    Settings
    
-
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data).
    
+
    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
    
 
 
 
 
- 
+ 
 
 ### SettingsLocationTemplate Element
 
@@ -1547,11 +1550,11 @@ This element defines the settings for a single application or a suite of applica
 
 
 
    Name
    
-
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name).
    
+
    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
    
 
 
 
    ID
    
-
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see [ID](#id).
    
+
    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.
    
 
 
 
    Description
    
@@ -1568,7 +1571,7 @@ This element defines the settings for a single application or a suite of applica
 
 
 
- 
+ 
 
 ### Appendix: SettingsLocationTemplate.xsd
 
@@ -1877,9 +1880,9 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
 
 [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
index 917cdf3a2b..e6dc6513a3 100644
--- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
+++ b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Changing the Frequency of UE-V 2.x Scheduled Tasks
 description: Changing the Frequency of UE-V 2.x Scheduled Tasks
-author: jamiejdt
+author: levinec
 ms.assetid: ee486570-c6cf-4fd9-ba48-0059ba877c10
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -31,7 +34,7 @@ The Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1 Agent i
 **Note**  
 With the exception of Collect CEIP Data, these tasks must remain enabled as UE-V cannot function without them.
 
- 
+ 
 
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
@@ -67,7 +70,7 @@ If upon installation the user or administrator choses to participate in the Cust
 
 
 
- 
+ 
 
 ### Monitor Application Settings
 
@@ -92,7 +95,7 @@ The **Monitor Application Settings** task is used to synchronize settings for Wi
 
 
 
- 
+ 
 
 ### Sync Controller Application
 
@@ -117,7 +120,7 @@ The **Sync Controller Application** task is used to start the Sync Controller to
 
 
 
- 
+ 
 
 For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
 
@@ -148,7 +151,7 @@ The **Synchronize Settings at Logoff** task is used to start an application at l
 
 
 
- 
+ 
 
 ### Template Auto Update
 
@@ -173,7 +176,7 @@ The **Template Auto Update** task checks the settings template catalog for new,
 
 
 
- 
+ 
 
 **Example:** The following command configures the UE-V Agent to check the settings template catalog store every hour.
 
@@ -204,7 +207,7 @@ The **Upload CEIP Data** task runs during the installation if the user or the ad
 
 
 
- 
+ 
 
 ## UE-V 2 Scheduled Task Details
 
@@ -280,7 +283,7 @@ The following chart provides additional information about scheduled tasks for UE
 
 
 
- 
+ 
 
 **Legend**
 
@@ -324,9 +327,9 @@ The following additional information applies to UE-V scheduled tasks:
 
 [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md#deploycatalogue)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
index 545c246391..8b371ea90a 100644
--- a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring the Company Settings Center for UE-V 2.x
 description: Configuring the Company Settings Center for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 48fadb0a-c0dc-4287-9474-f94ce1417003
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +35,7 @@ The Company Settings Center desktop application provides users with information
 
     -   Configuration item in the UE-V Configuration Pack for System Center 2012 Configuration Manager: `Tray icon enabled`
 
-     
+     
 
 -   Control Panel application – In Control Panel, browse to **Appearance and Personalization**, and then click **Company Settings Center**.
 
@@ -80,9 +83,9 @@ The Company Settings Center can include a hyperlink that users can click to get
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md
index 43c909ff82..94ee14b167 100644
--- a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md
+++ b/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring UE-V 2.x with Group Policy Objects
 description: Configuring UE-V 2.x with Group Policy Objects
-author: jamiejdt
+author: levinec
 ms.assetid: 2bb55834-26ee-4f19-9860-dfdf3c797143
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -79,13 +82,13 @@ The following policy settings can be configured for UE-V.
 
    Settings storage path
    
 
    Computers and Users
    
 
    This Group Policy setting configures where the user settings are to be stored.
    
-
    Enter a Universal Naming Convention (UNC) path and variables such as \\Server\SettingsShare\%username%.
    
+
    Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.
    
 
 
 
    Settings template catalog path
    
 
    Computers Only
    
 
    This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V Agent.
    
-
    Enter a Universal Naming Convention (UNC) path such as \\Server\TemplateShare or a folder location on the computer.
    
+
    Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
    
 
    Select the check box to replace the default Microsoft templates.
    
 
 
@@ -121,12 +124,12 @@ The following policy settings can be configured for UE-V.
 
 
 
- 
+ 
 
 **Note**  
 In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
 
- 
+ 
 
 **Windows App Group Policy settings**
 
@@ -167,7 +170,7 @@ In addition, Group Policy settings are available for many desktop applications a
 
 
 
- 
+ 
 
 For more information about synchronizing Windows apps, see [Windows App List](https://technet.microsoft.com/library/dn458925.aspx#win8applist).
 
@@ -204,9 +207,9 @@ The UE-V Agent uses the following order of precedence to determine synchronizati
 
 [Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
index 951fd1dd2e..c5936123dc 100644
--- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
+++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Configuring UE-V 2.x with System Center Configuration Manager 2012
 description: Configuring UE-V 2.x with System Center Configuration Manager 2012
-author: jamiejdt
+author: levinec
 ms.assetid: 9a4e2a74-7646-4a77-b58f-2b4456487295
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -76,7 +79,7 @@ The UE-V Configuration Pack includes tools to perform the following tasks:
     
     
 
-     
+     
 
 -   Verify compliance by confirming that UE-V is running.
 
@@ -235,9 +238,9 @@ The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be d
 
 [Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md b/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md
index 2917322ed7..b88d290654 100644
--- a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy Required Features for UE-V 2.x
 description: Deploy Required Features for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 10399bb3-cc7b-4578-bc0c-2f6b597abe4d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -41,10 +44,10 @@ UE-V requires a location in which to store user settings in settings package fil
 
 If you don’t create a settings storage location, the UE-V Agent will use Active Directory (AD) by default.
 
-**Note**  
+**Note**  
 As a matter of [performance and capacity planning](https://technet.microsoft.com/library/dn458932.aspx#capacity) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location.
 
- 
+
 
 ### Create a UE-V Settings Storage Location
 
@@ -103,7 +106,7 @@ The UE-V Agent dynamically creates a user-specific settings storage path, with a
     
     
 
-     
+
 
 4.  Set the following NTFS file system permissions for the settings storage location folder.
 
@@ -134,18 +137,18 @@ The UE-V Agent dynamically creates a user-specific settings storage path, with a
     
     
 
-     
+
 
 With this configuration, the UE-V Agent creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users cannot access it.
 
-**Note**  
+**Note**  
 If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:
 
 1.  Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**.
 
 2.  Set the registry key value to *1*.
 
- 
+
 
 ### Use Active Directory with UE-V 2.x
 
@@ -164,7 +167,7 @@ You can configure UE-V before, during, or after UE-V Agent installation, dependi
 
     Supported operating systems for the domain controller that deploys the Group Policy Objects include the following:
 
-    Windows Server 2008 R2
+    Windows Server 2008 R2
 
     Windows Server 2012 and Windows Server 2012 R2
 
@@ -172,12 +175,12 @@ You can configure UE-V before, during, or after UE-V Agent installation, dependi
 
 -   [Windows PowerShell and WMI](https://technet.microsoft.com/library/dn458937.aspx)**:** You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify configurations after you install the UE-V Agent.
 
-    **Note**  
+    **Note**  
     Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods.
 
-     
 
--   **Command-line or Batch Script Installation:** Parameters that are used when you [Deploy the UE-V Agent](#agent) configure many UE-V settings. Electronic software distribution systems, such as System Center 2012 Configuration Manager, use these parameters to configure their clients when they deploy and install the UE-V Agent software.
+
+-   **Command-line or Batch Script Installation:** Parameters that are used when you [Deploy the UE-V Agent](#agent) configure many UE-V settings. Electronic software distribution systems, such as System Center 2012 Configuration Manager, use these parameters to configure their clients when they deploy and install the UE-V Agent software.
 
 ## Deploy the UE-V 2.x Agent
 
@@ -186,10 +189,10 @@ The UE-V Agent is the core of a UE-V deployment and must run on each computer th
 
 **UE-V Agent Installation Files:** A single installation file, AgentSetup.exe, installs the UE-V Agent on both 32-bit and 64-bit operating systems. In addition, AgentSetupx86.msi or AgentSetupx64.msi architecture-specific Windows Installer files are provided, and since they are smaller, they might streamline the agent deployments. The [command-line parameters for the AgentSetup.exe installer](#params) are supported for the Windows Installer installation as well.
 
-**Important**  
+**Important**  
 During UE-V Agent installation or uninstallation, you can either use the AgentSetup.exe file or the AgentSetup<arch>.msi file, but not both. The same file must be used to uninstall the UE-V Agent that was used to install the UE-V Agent.
 
- 
+
 
 ### To Deploy the UE-V Agent
 
@@ -229,42 +232,42 @@ Use the following procedure to deploy the UE-V Agent from a network share.
 
    Command prompt
    
 
    When you install the UE-V Agent at a command prompt, use the %^username% variable format. If quotation marks are required because of spaces in the settings storage path, use a batch script file for deployment.
    
 
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%^username%
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%^username%
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%
    
 
 
 
    Batch script
    
 
    When you install the UE-V Agent from a batch script file, use the %%username%% variable format. If you use this installation method, you must escape the variable with the %% characters. Without this character, the script expands the username variable at installation time, rather than at run time, which causes UE-V to use a single settings storage location for all users.
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\\server\settingsshare\%%username%%"
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\\server\settingsshare\%%username%%"
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"
    
 
    
 
 
 
    Windows PowerShell
    
 
    When you install the UE-V Agent from a Windows PowerShell prompt or a Windows PowerShell script, use the %username% variable format.
    
-
    & AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%
    
+
    & AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%
    
 
    
-
    & msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%
    
+
    & msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%
    
 
    
 
 
 
    Electronic software distribution, such as deployment of Configuration Manager Software Deployment
    
 
    When you install the UE-V Agent by using Configuration Manager, use the ^%username^% variable format.
    
-
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\^%username^%
    
+
    AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%
    
 
    
-
    msiexec.exe /i "<path to msi file>" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\^%username^%
    
+
    msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%
    
 
 
 
 
- 
 
-**Note**  
+
+**Note**  
 The installation of the UE-V Agent requires administrator rights, and the computer requires a restart before the UE-V Agent can run.
 
- 
+
 
 ### Command-line parameters for UE-V Agent deployment
 
@@ -293,12 +296,11 @@ The command-line parameters of the UE-V Agent are as follows.
 
    SettingsStoragePath
    
 
    Indicates the Universal Naming Convention (UNC) path that defines where settings are stored.
    
 
    
-Important  
-
    You must specify a SettingsStoragePath in UE-V 2.1 and UE-V 2.1 SP1. You can set the AdHomePath string to specify that the user's Active Directory home path is used. For example, SettingsStoragePath = \\share\path|AdHomePath.
    
+Important
    You must specify a SettingsStoragePath in UE-V 2.1 and UE-V 2.1 SP1. You can set the AdHomePath string to specify that the user's Active Directory home path is used. For example, SettingsStoragePath = \share\path|AdHomePath.
    
 
    In UE-V 2.0, you can leave SettingsStoragePath blank to use the Active Directory home path instead.
    
 
    
 
    
- 
+
 
    
 
    %username% or %computername% environment variables are accepted. Scripting can require escaped variables.
    
 
    Default: <none>
    
@@ -369,11 +371,10 @@ The command-line parameters of the UE-V Agent are as follows.
 
    ACCEPTLICENSETERMS
    
 
    Lets UE-V be installed silently. This must be set to True to install UE-V silently and bypass the requirement that the user accepts the UE-V license terms. If set to False or left empty, the user receives an error message and UE-V is not installed.
    
 
    
-Important  
-
    This parameter is required to install UE-V silently.
    
+Important
    This parameter is required to install UE-V silently.
    
 
    
 
    
- 
+
 
    
 
 
@@ -384,7 +385,7 @@ The command-line parameters of the UE-V Agent are as follows.
 
 
 
- 
+
 
 ### Update the UE-V Agent
 
@@ -396,10 +397,10 @@ During a UE-V Agent upgrade, the default group of settings location templates fo
 
 The UE-V 2.x Agent introduces many new features and modifies how and when the agent uploads content to the settings storage share. The upgrade process automates these changes. To upgrade the UE-V Agent, run the UE-V Agent install package (AgentSetup.exe, AgentSetupx86.msi, or AgentSetupx64.msi) on users’ computers.
 
-**Note**  
+**Note**  
 When you upgrade the UE-V Agent, you must use the same installer type (.exe file or .msi packet) that installed the previous UE-V Agent. For example, use the UE-V 2 AgentSetup.exe to upgrade UE-V 1.0 Agents that were installed by using AgentSetup.exe.
 
- 
+
 
 The following configurations are preserved when the Agent Setup program runs:
 
@@ -409,12 +410,12 @@ The following configurations are preserved when the Agent Setup program runs:
 
 -   Scheduled tasks (Interval settings are reset to their defaults)
 
-**Note**  
+**Note**  
 A computer with UE-V 2.x settings location templates that are registered in the UE-V 1.0 Agent register errors in the Windows Event Log.
 
- 
 
-You can use Microsoft System Center 2012 Configuration Manager or another enterprise software distribution tool to automate and distribute the UE-V Agent upgrade.
+
+You can use Microsoft System Center 2012 Configuration Manager or another enterprise software distribution tool to automate and distribute the UE-V Agent upgrade.
 
 **Recommendations:** We recommend that you upgrade all of the UE-V 1.0 Agents in a computing environment, but it is not required. UE-V 2.x settings location templates can interact with a UE-V 1.0 Agent because they only share the settings from the settings storage path. We recommend, however, that you move the deployments to a single agent version to simplify management and to support UE-V.
 
@@ -424,7 +425,7 @@ You might experience errors after you attempt one of the following operations:
 
 -   Upgrade from UE-V 1.0 to UE-V 2
 
--   Upgrade to a newer version of Windows, for example, from Windows 7 to Windows 8 or from Windows 8 to Windows 8.1.
+-   Upgrade to a newer version of Windows, for example, from Windows 7 to Windows 8 or from Windows 8 to Windows 8.1.
 
 -   Uninstall the agent after upgrading the UE-V Agent
 
@@ -448,9 +449,9 @@ You can then retry the uninstall process or upgrade by installing the newer vers
 
 [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
index f1bafcb23e..e86cfa6fc0 100644
--- a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
+++ b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Deploy UE-V 2.x for Custom Applications
 description: Deploy UE-V 2.x for Custom Applications
-author: jamiejdt
+author: levinec
 ms.assetid: f7cb089f-d764-4a93-82b6-926fe0385a23
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,7 +46,7 @@ Once you have read through the planning material in [Prepare a UE-V 2.x Deployme
     **Note**  
     Templates that are deployed by using ESD or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell.
 
-     
+     
 
 ## Prepare to Deploy UE-V 2.x for Custom Applications
 
@@ -65,7 +68,7 @@ The UE-V Generator monitors an application to discover and capture the locations
 **Note**  
 UE-V settings location templates cannot be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V Generator. For more information about synchronizing settings for virtual applications, see [Using UE-V 2.x with Application Virtualization Applications](using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md).
 
- 
+ 
 
 **Excluded Locations:** The discovery process excludes locations that commonly store application software files that do not synchronize settings well between user computers or computing environments. By default, these are excluded:
 
@@ -95,7 +98,7 @@ When you use Group Policy to configure the settings template catalog path, you c
 **Note**  
 If you disable this policy setting after it has been enabled, the UE-V Agent does not restore the default Microsoft templates.
 
- 
+ 
 
 If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, and the UE-V Agent is not configured to replace the default Microsoft templates, the Microsoft templates are ignored.
 
@@ -104,7 +107,7 @@ You can also replace the default templates by using the UE-V Windows PowerShell
 **Note**  
 Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages are not read by the agent, but neither are they automatically deleted.
 
- 
+ 
 
 ## Install the UEV 2.x Generator
 
@@ -128,7 +131,7 @@ Install the Microsoft User Experience Virtualization (UE-V) 2.0 Generator on a c
     **Note**  
     A prompt for **User Account Control** appears before the application is installed. Permission is required to install the UE-V Generator.
 
-     
+     
 
 7.  Click **Finish** to close the wizard after the installation is finished. You must restart your computer before you can run the UE-V Generator.
 
@@ -137,7 +140,7 @@ Install the Microsoft User Experience Virtualization (UE-V) 2.0 Generator on a c
     **Note**  
     The UE-V 2 Generator can only be used to create templates for UE-V 2 Agents. In a mixed deployment of UE-V 1.0 Agents and UE-V 2 Agents, you should continue to use the UE-V 1.0 Generator until you have upgraded all UE-V Agents.
 
-     
+     
 
 ## Deploy a Settings Template Catalog
 
@@ -181,7 +184,7 @@ You can configure the settings template catalog path by using the installation c
     
     
 
-     
+     
 
 3.  Set the following NTFS file system permissions for the settings template catalog folder.
 
@@ -222,7 +225,7 @@ You can configure the settings template catalog path by using the installation c
     
     
 
-     
+     
 
 4.  Click **OK** to close the dialog boxes.
 
@@ -244,7 +247,7 @@ Use the UE-V Generator to create settings location templates for line-of-busines
     **Note**  
     Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings.
 
-     
+     
 
 4.  After the application starts, close the application. The UE-V Generator records the locations where the application stores its settings.
 
@@ -310,14 +313,14 @@ Templates that are deployed by using an ESD system or Group Policy Objects must
     **Note**  
     Templates on computers are updated daily. The update is based on changes to the settings template catalog.
 
-     
+     
 
 3.  To manually update templates on a computer that runs the UE-V Agent, open an elevated command prompt, and browse to **%Program Files%\\Microsoft User Experience Virtualization \\ Agent \\ <x86 or x64 >**, and then run **ApplySettingsTemplateCatalog.exe**.
 
     **Note**  
     This program runs automatically during computer startup and daily at 3:30 A. M. to gather any new templates that were recently added to the catalog.
 
-     
+     
 
 
 
@@ -331,9 +334,9 @@ Templates that are deployed by using an ESD system or Group Policy Objects must
 
 [Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index 2c31ff321d..a18ae22ef9 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Get Started with UE-V 2.x
 description: Get Started with UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 526ecbf0-0dee-4f0b-b017-8f8d25357b14
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -19,7 +22,7 @@ Follow the steps in this guide to quickly deploy Microsoft User Experience Virtu
 **Note**  
 The information in this section is repeated in greater detail throughout the rest of the documentation. So if you already know that UE-V 2 is the right solution and you don’t need to evaluate it, you can just go right to [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md).
 
- 
+ 
 
 The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows app settings. Make sure your test environment includes two or more user computers that share network access and you’ll be evaluating UE-V in just a short time.
 
@@ -157,7 +160,7 @@ You’ll need to deploy a settings storage location, a standard network share wh
         
         
 
-         
+         
 
     2.  Set the following NTFS file system permissions for the settings storage location folder.
 
@@ -188,7 +191,7 @@ You’ll need to deploy a settings storage location, a standard network share wh
         
         
 
-         
+         
 
 **Security Note:  **
 
@@ -256,9 +259,9 @@ You can change the settings in Computer B back to the original Computer A settin
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md
index cf1d9adb63..5e5f69c25f 100644
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@@ -67,24 +67,23 @@ This diagram shows how deployed UE-V components work together to synchronize set
 
 
 
    Settings location templates
    
-
    UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V . You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#customapps).
    
+
    UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V . You can also create, edit, or validate custom settings location templates by managing settings synchronization for custom applications.
    
 
    
-Note  
-
    Settings location templates are not required for Windows apps.
    
+Note
    Settings location templates are not required for Windows apps.
    
 
    
 
    
- 
+
 
    
 
 
 
    Windows app list
    
 
    Settings for Windows apps are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows apps are enabled for settings synchronization using a managed list of apps. By default, this list includes most Windows apps.
    
-
    You can add or remove applications in the Windows app list by following the procedures shown [here](https://technet.microsoft.com/library/dn458925.aspx).
    
+
    You can add or remove applications in the Windows app list by following the procedures shown here.
    
 
 
 
 
- 
+
 
 ### Managing Settings Synchronization for Custom Applications
 
@@ -103,12 +102,12 @@ Use these UE-V components to create and manage custom templates for your third-p
 
 
    Settings template catalog
    
 
    The settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V Agent checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
    
-
    If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Configure a UE-V settings template catalog](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).
    
+
    If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see Configure a UE-V settings template catalog.
    
 
 
 
 
- 
+
 
 ![ue-v generator process](images/ue-vgeneratorprocess.gif)
 
@@ -133,15 +132,15 @@ Many Windows desktop applications, such as Notepad
 
 Many Windows settings, such as desktop background or wallpaper
 
-**Note**  
+**Note**  
 You can also [customize UE-V to synchronize settings](https://technet.microsoft.com/library/dn458942.aspx) for applications other than those synchronized by default.
 
- 
+
 
 ## Compare UE-V to other Microsoft products
 
 
-Use this table to compare UE-V to Synchronize Profiles in Windows 7, Synchronize Profiles in Windows 8, and the Sync PC Settings feature of Microsoft account.
+Use this table to compare UE-V to Synchronize Profiles in Windows 7, Synchronize Profiles in Windows 8, and the Sync PC Settings feature of Microsoft account.
 
 @@ -156,7 +155,7 @@ Use this table to compare UE-V to Synchronize Profiles in Windows 7, Synchroniz
 
-
+
@@ -276,7 +275,7 @@ Use this table to compare UE-V to Synchronize Profiles in Windows 7, Synchroniz
 
    
 

 
    
 FeatureSynchronize Profiles using Windows 7Synchronize Profiles using Windows 7
 Synchronize Profiles using Windows 8
 Synchronize Profiles using Windows 10
 Microsoft account
 
    
 
- 
+
 
 ## UE-V 2.x Release Notes
 
@@ -315,9 +314,9 @@ Find documentation, videos, and other resources for MDOP technologies. You can a
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
index 2ce8a8a4cf..2716ff5ef7 100644
--- a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
+++ b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
@@ -1,8 +1,11 @@
 ---
 title: Manage Administrative Backup and Restore in UE-V 2.x
 description: Manage Administrative Backup and Restore in UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 2eb5ae75-65e5-4afc-adb6-4e83cf4364ae
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -87,10 +90,10 @@ Restoring a user’s device restores the currently registered Template’s setti
 
     If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device.
 
-    **Note**  
+    **Note**  
     Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied.
 
-     
+
 
 -   **Manual Restore**
 
@@ -126,7 +129,7 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
     
     
 
-     
+
 
 **To restore application settings and Windows settings with WMI**
 
@@ -153,12 +156,14 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
     
     
 
-     
 
-    **Note**  
-    UE-V does not provide a settings rollback for Windows apps.
 
-     
+~~~
+**Note**  
+UE-V does not provide a settings rollback for Windows apps.
+~~~
+
+
 
 
 
@@ -172,9 +177,9 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md b/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md
index 7158058f74..7b0ce9f869 100644
--- a/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Manage Configurations for UE-V 2.x
 description: Manage Configurations for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: e2332eca-a9cd-4446-8f7c-d17058b03466
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
index 0e5ca1170c..ba8db1fb4b 100644
--- a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI
 description: Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: 56e6780b-8b2c-4717-91c8-2af63062ab75
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,10 +23,10 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 
 1.  Stage the UE-V installer file in an accessible network share.
 
-    **Note**  
+    **Note**  
     Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer packages, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time by using the installation file, you must use the same file type.
 
-     
+
 
 2.  Use one of the following Windows PowerShell commands to install the UE-V Agent.
 
@@ -33,164 +36,164 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 
 **To configure the UE-V Agent by using Windows PowerShell**
 
-1.  Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights.
+1. Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights.
 
-2.  Use the following Windows PowerShell commands to configure the agent.
+2. Use the following Windows PowerShell commands to configure the agent.
+
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    Windows PowerShell commandDescription
    Get-UevConfiguration
    
+   
    Gets the effective UE-V Agent settings. User-specific settings have precedence over the computer settings.
    Get-UevConfiguration - CurrentComputerUser
    
+   
    Gets the UE-V Agent settings values for the current user only.
    Get-UevConfiguration -Computer
    Gets the UE-V Agent configuration settings values for all users on the computer.
    Get-UevConfiguration -Details
    Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.
    Set-UevConfiguration -Computer –ContactITDescription <IT description>
    Sets the text that is displayed in the Company Settings Center for the help link.
    Set-UevConfiguration -Computer -ContactITUrl <string>
    Sets the URL of the link in the Company Settings Center for the help link. Any URL protocol can be used.
    Set-UevConfiguration -Computer –EnableDontSyncWindows8AppSettings
    Configures the UE-V Agent to not synchronize any Windows apps for all users on the computer.
    Set-UevConfiguration -CurrentComputerUser – EnableDontSyncWindows8AppSettings
    Configures the UE-V Agent to not synchronize any Windows apps for the current computer user.
    Set-UevConfiguration -Computer –EnableFirstUseNotification
    Configures the UE-V Agent to display notification the first time the agent runs for all users on the computer.
    Set-UevConfiguration -Computer –DisableFirstUseNotification
    Configures the UE-V Agent to not display notification the first time that the agent runs for all users on the computer.
    Set-UevConfiguration -Computer –EnableSettingsImportNotify
    Configures the UE-V Agent to notify all users on the computer when settings synchronization is delayed.
    
+   
    Use the DisableSettingsImportNotify parameter to disable notification.
    Set-UevConfiguration - CurrentComputerUser -EnableSettingsImportNotify
    Configures the UE-V Agent to notify the current user when settings synchronization is delayed.
    
+   
    Use the DisableSettingsImportNotify parameter to disable notification.
    Set-UevConfiguration -Computer –EnableSyncUnlistedWindows8Apps
    Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI.
    
+   
    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.
    Set-UevConfiguration - CurrentComputerUser - EnableSyncUnlistedWindows8Apps
    Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI.
    
+   
    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.
    Set-UevConfiguration –Computer –DisableSync
    Disables UE-V for all the users on the computer.
    
+   
    Use the EnableSync parameter to enable or re-enable.
    Set-UevConfiguration –CurrentComputerUser -DisableSync
    Disables UE-V for the current user on the computer.
    
+   
    Use the EnableSync parameter to enable or re-enable.
    Set-UevConfiguration -Computer –EnableTrayIcon
    Enables the UE-V icon in the notification area for all users of the computer.
    
+   
    Use the DisableTrayIcon parameter to disable the icon.
    Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>
    Configures the UE-V agent to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.
    Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>
    Configures the UE-V agent to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.
    Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds
    Specifies the time in seconds before the user is notified for all users of the computer
    Set-UevConfiguration - CurrentComputerUser -SettingsImportNotifyDelayInSeconds
    Specifies the time in seconds before notification for the current user is sent.
    Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>
    Defines a per-computer settings storage location for all users of the computer.
    Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>
    Defines a per-user settings storage location.
    Set-UevConfiguration –Computer –SettingsTemplateCatalogPath <path to catalog>
    Sets the settings template catalog path for all users of the computer.
    Set-UevConfiguration -Computer -SyncMethod <sync method>
    Sets the synchronization method for all users of the computer: SyncProvider or None.
    Set-UevConfiguration -CurrentComputerUser  -SyncMethod <sync method>
    Sets the synchronization method for the current user: SyncProvider or None.
    Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>
    Sets the synchronization time-out in milliseconds for all users of the computer
    Set- UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>
    Set the synchronization time-out for the current user.
    Clear-UevConfiguration –Computer -<setting name>
    Clears the specified setting for all users on the computer.
    Clear-UevConfiguration –CurrentComputerUser -<setting name>
    Clears the specified setting for the current user only.
    Export-UevConfiguration <settings migration file>
    Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.
    
+   
    The Export cmdlet exports all UE-V Agent settings that are configurable with the Computer parameter.
    Import-UevConfiguration <settings migration file>
    Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.
    
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    Windows PowerShell commandDescription
    Get-UevConfiguration
    
-    
    Gets the effective UE-V Agent settings. User-specific settings have precedence over the computer settings.
    Get-UevConfiguration - CurrentComputerUser
    
-    
    Gets the UE-V Agent settings values for the current user only.
    Get-UevConfiguration -Computer
    Gets the UE-V Agent configuration settings values for all users on the computer.
    Get-UevConfiguration -Details
    Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.
    Set-UevConfiguration -Computer –ContactITDescription <IT description>
    Sets the text that is displayed in the Company Settings Center for the help link.
    Set-UevConfiguration -Computer -ContactITUrl <string>
    Sets the URL of the link in the Company Settings Center for the help link. Any URL protocol can be used.
    Set-UevConfiguration -Computer –EnableDontSyncWindows8AppSettings
    Configures the UE-V Agent to not synchronize any Windows apps for all users on the computer.
    Set-UevConfiguration -CurrentComputerUser – EnableDontSyncWindows8AppSettings
    Configures the UE-V Agent to not synchronize any Windows apps for the current computer user.
    Set-UevConfiguration -Computer –EnableFirstUseNotification
    Configures the UE-V Agent to display notification the first time the agent runs for all users on the computer.
    Set-UevConfiguration -Computer –DisableFirstUseNotification
    Configures the UE-V Agent to not display notification the first time that the agent runs for all users on the computer.
    Set-UevConfiguration -Computer –EnableSettingsImportNotify
    Configures the UE-V Agent to notify all users on the computer when settings synchronization is delayed.
    
-    
    Use the DisableSettingsImportNotify parameter to disable notification.
    Set-UevConfiguration - CurrentComputerUser -EnableSettingsImportNotify
    Configures the UE-V Agent to notify the current user when settings synchronization is delayed.
    
-    
    Use the DisableSettingsImportNotify parameter to disable notification.
    Set-UevConfiguration -Computer –EnableSyncUnlistedWindows8Apps
    Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md).
    
-    
    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.
    Set-UevConfiguration - CurrentComputerUser - EnableSyncUnlistedWindows8Apps
    Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md).
    
-    
    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.
    Set-UevConfiguration –Computer –DisableSync
    Disables UE-V for all the users on the computer.
    
-    
    Use the EnableSync parameter to enable or re-enable.
    Set-UevConfiguration –CurrentComputerUser -DisableSync
    Disables UE-V for the current user on the computer.
    
-    
    Use the EnableSync parameter to enable or re-enable.
    Set-UevConfiguration -Computer –EnableTrayIcon
    Enables the UE-V icon in the notification area for all users of the computer.
    
-    
    Use the DisableTrayIcon parameter to disable the icon.
    Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>
    Configures the UE-V agent to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.
    Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>
    Configures the UE-V agent to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.
    Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds
    Specifies the time in seconds before the user is notified for all users of the computer
    Set-UevConfiguration - CurrentComputerUser -SettingsImportNotifyDelayInSeconds
    Specifies the time in seconds before notification for the current user is sent.
    Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>
    Defines a per-computer settings storage location for all users of the computer.
    Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>
    Defines a per-user settings storage location.
    Set-UevConfiguration –Computer –SettingsTemplateCatalogPath <path to catalog>
    Sets the settings template catalog path for all users of the computer.
    Set-UevConfiguration -Computer -SyncMethod <sync method>
    Sets the synchronization method for all users of the computer: SyncProvider or None.
    Set-UevConfiguration -CurrentComputerUser  -SyncMethod <sync method>
    Sets the synchronization method for the current user: SyncProvider or None.
    Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>
    Sets the synchronization time-out in milliseconds for all users of the computer
    Set- UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>
    Set the synchronization time-out for the current user.
    Clear-UevConfiguration –Computer -<setting name>
    Clears the specified setting for all users on the computer.
    Clear-UevConfiguration –CurrentComputerUser -<setting name>
    Clears the specified setting for the current user only.
    Export-UevConfiguration <settings migration file>
    Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.
    
-    
    The Export cmdlet exports all UE-V Agent settings that are configurable with the Computer parameter.
    Import-UevConfiguration <settings migration file>
    Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.
    
 
-     
 
 **To export UE-V package settings and repair UE-V templates by using Windows PowerShell**
 
@@ -219,7 +222,7 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     
     
 
-     
+
 
 **To configure the UE-V Agent by using WMI**
 
@@ -315,13 +318,15 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     
     
 
-     
 
-    Upon configuration of the UE-V Agent with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
 
-    `\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+~~~
+Upon configuration of the UE-V Agent with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
 
-    `\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+
+`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+~~~
 
 **To export UE-V package settings and repair UE-V templates by using WMI**
 
@@ -352,9 +357,11 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     
     
 
-     
 
-    **Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev).
+
+~~~
+**Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev).
+~~~
 
 ## Related topics
 
@@ -363,9 +370,9 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
index 346ee43bd3..8de1e74734 100644
--- a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI
 description: Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI
-author: jamiejdt
+author: levinec
 ms.assetid: b5253050-acc3-4274-90d0-1fa4c480331d
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -23,7 +26,7 @@ The WMI and Windows PowerShell features of UE-V include the ability to enable, d
 
 You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates.
 
-****To manage settings location templates by using Windows PowerShell****
+***To manage settings location templates by using Windows PowerShell***
 
 1.  Use an account with administrator rights to open a Windows PowerShell command prompt.
 
@@ -152,7 +155,7 @@ You must have administrator permissions to update, register, or unregister a set
     
     
 
-     
+
 
 The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell.
 
@@ -331,12 +334,14 @@ User Experience Virtualization provides the following set of WMI commands. Admin
     
     
 
-     
 
-    **Note**  
-    Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `""`.
 
-     
+~~~
+**Note**  
+Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `""`.
+~~~
+
+
 
 ### Deploying the UE-V Agent using Windows PowerShell
 
@@ -344,10 +349,10 @@ User Experience Virtualization provides the following set of WMI commands. Admin
 
 1.  Stage the UE-V Agent installation package in an accessible network share.
 
-    **Note**  
+    **Note**  
     Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. The Windows Installer packages, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time by using the installation file, you must use the same file type.
 
-     
+
 
 2.  Use one of the following Windows PowerShell commands to install the UE-V Agent.
 
@@ -364,9 +369,9 @@ User Experience Virtualization provides the following set of WMI commands. Admin
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
index ac6a555603..72c09ecf9e 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes
 description: Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: 5ef66cd1-ba2b-4383-9f45-e7cde41f1ba1
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -132,81 +135,81 @@ This section contains hotfixes and KB articles for UE-V 2.0.
 
 
    2927019
    
 
    Hotfix Package 1 for Microsoft User Experience Virtualization 2.0
    
-
    [support.microsoft.com/kb/2927019](https://support.microsoft.com/kb/2927019)
    
+
    support.microsoft.com/kb/2927019
    
 
 
 
    2903501
    
 
    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles
    
-
    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)
    
+
    support.microsoft.com/kb/2903501/EN-US
    
 
 
 
    2770042
    
 
    UE-V Registry Settings
    
-
    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)
    
+
    support.microsoft.com/kb/2770042/EN-US
    
 
 
 
    2847017
    
 
    UE-V settings replicated by Internet Explorer
    
-
    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)
    
+
    support.microsoft.com/kb/2847017/EN-US
    
 
 
 
    2930271
    
 
    Understanding the limitations of roaming Outlook signatures in Microsoft UE-V
    
-
    [support.microsoft.com/kb/2930271/EN-US](https://support.microsoft.com/kb/2930271/EN-US)
    
+
    support.microsoft.com/kb/2930271/EN-US
    
 
 
 
    2769631
    
 
    How to repair a corrupted UE-V install
    
-
    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)
    
+
    support.microsoft.com/kb/2769631/EN-US
    
 
 
 
    2850989
    
 
    Migrating MAPI profiles with Microsoft UE-V is not supported
    
-
    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)
    
+
    support.microsoft.com/kb/2850989/EN-US
    
 
 
 
    2769586
    
 
    UE-V roams empty folders and registry keys
    
-
    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)
    
+
    support.microsoft.com/kb/2769586/EN-US
    
 
 
 
    2782997
    
 
    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)
    
-
    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)
    
+
    support.microsoft.com/kb/2782997/EN-US
    
 
 
 
    2769570
    
 
    UE-V does not update the theme on RDS or VDI sessions
    
-
    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)
    
+
    support.microsoft.com/kb/2769570/EN-US
    
 
 
 
    2901856
    
 
    Application settings do not sync after you force a restart on a UE-V-enabled computer
    
-
    [support.microsoft.com/kb/2901856/EN-US](https://support.microsoft.com/kb/2901856/EN-US)
    
+
    support.microsoft.com/kb/2901856/EN-US
    
 
 
 
    2850582
    
 
    How To Use Microsoft User Experience Virtualization With App-V Applications
    
-
    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)
    
+
    support.microsoft.com/kb/2850582/EN-US
    
 
 
 
    3041879
    
 
    Current file versions for Microsoft User Experience Virtualization
    
-
    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)
    
+
    support.microsoft.com/kb/3041879/EN-US
    
 
 
 
    2843592
    
 
    Information on User Experience Virtualization and High Availability
    
-
    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)
    
+
    support.microsoft.com/kb/2843592/EN-US
    
 
 
 
 
- 
+ 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
index c59140995e..d8f9534765 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes
 description: Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: 79a36c77-fa0c-4651-8028-4a79763a2fd2
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -65,7 +68,7 @@ WORKAROUND: The UE-V installer (.msi) has two new command-line parameters that s
 
 
 
- 
+ 
 
 ### Registry settings do not synchronize between App-V and native applications on the same computer
 
@@ -153,76 +156,76 @@ This section contains hotfixes and KB articles for UE-V 2.1.
 
 
    3018608
    
 
    UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing
    
-
    [support.microsoft.com/kb/3018608/EN-US](https://support.microsoft.com/kb/3018608/EN-US)
    
+
    support.microsoft.com/kb/3018608/EN-US
    
 
 
 
    2903501
    
 
    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles
    
-
    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)
    
+
    support.microsoft.com/kb/2903501/EN-US
    
 
 
 
    2770042
    
 
    UE-V Registry Settings
    
-
    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)
    
+
    support.microsoft.com/kb/2770042/EN-US
    
 
 
 
    2847017
    
 
    UE-V settings replicated by Internet Explorer
    
-
    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)
    
+
    support.microsoft.com/kb/2847017/EN-US
    
 
 
 
    2769631
    
 
    How to repair a corrupted UE-V install
    
-
    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)
    
+
    support.microsoft.com/kb/2769631/EN-US
    
 
 
 
    2850989
    
 
    Migrating MAPI profiles with Microsoft UE-V is not supported
    
-
    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)
    
+
    support.microsoft.com/kb/2850989/EN-US
    
 
 
 
    2769586
    
 
    UE-V roams empty folders and registry keys
    
-
    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)
    
+
    support.microsoft.com/kb/2769586/EN-US
    
 
 
 
    2782997
    
 
    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)
    
-
    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)
    
+
    support.microsoft.com/kb/2782997/EN-US
    
 
 
 
    2769570
    
 
    UE-V does not update the theme on RDS or VDI sessions
    
-
    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)
    
+
    support.microsoft.com/kb/2769570/EN-US
    
 
 
 
    2850582
    
 
    How To Use Microsoft User Experience Virtualization With App-V Applications
    
-
    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)
    
+
    support.microsoft.com/kb/2850582/EN-US
    
 
 
 
    3041879
    
 
    Current file versions for Microsoft User Experience Virtualization
    
-
    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)
    
+
    support.microsoft.com/kb/3041879/EN-US
    
 
 
 
    2843592
    
 
    Information on User Experience Virtualization and High Availability
    
-
    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)
    
+
    support.microsoft.com/kb/2843592/EN-US
    
 
 
 
 
- 
+ 
 
 
 
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
index de4f1b1e7b..643bc35ace 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
@@ -1,8 +1,11 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes
 description: Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes
-author: jamiejdt
+author: levinec
 ms.assetid: 561988c4-cc5c-4e15-970b-16e942c8f2ef
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -65,7 +68,7 @@ WORKAROUND: The UE-V installer (.msi) has two new command-line parameters that s
 
 
 
- 
+ 
 
 ### Registry settings do not synchronize between App-V and native applications on the same computer
 
@@ -164,76 +167,76 @@ This section contains hotfixes and KB articles for UE-V 2.1 SP1.
 
 
    3018608
    
 
    UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing
    
-
    [support.microsoft.com/kb/3018608/EN-US](https://support.microsoft.com/kb/3018608/EN-US)
    
+
    support.microsoft.com/kb/3018608/EN-US
    
 
 
 
    2903501
    
 
    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles
    
-
    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)
    
+
    support.microsoft.com/kb/2903501/EN-US
    
 
 
 
    2770042
    
 
    UE-V Registry Settings
    
-
    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)
    
+
    support.microsoft.com/kb/2770042/EN-US
    
 
 
 
    2847017
    
 
    UE-V settings replicated by Internet Explorer
    
-
    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)
    
+
    support.microsoft.com/kb/2847017/EN-US
    
 
 
 
    2769631
    
 
    How to repair a corrupted UE-V install
    
-
    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)
    
+
    support.microsoft.com/kb/2769631/EN-US
    
 
 
 
    2850989
    
 
    Migrating MAPI profiles with Microsoft UE-V is not supported
    
-
    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)
    
+
    support.microsoft.com/kb/2850989/EN-US
    
 
 
 
    2769586
    
 
    UE-V roams empty folders and registry keys
    
-
    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)
    
+
    support.microsoft.com/kb/2769586/EN-US
    
 
 
 
    2782997
    
 
    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)
    
-
    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)
    
+
    support.microsoft.com/kb/2782997/EN-US
    
 
 
 
    2769570
    
 
    UE-V does not update the theme on RDS or VDI sessions
    
-
    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)
    
+
    support.microsoft.com/kb/2769570/EN-US
    
 
 
 
    2850582
    
 
    How To Use Microsoft User Experience Virtualization With App-V Applications
    
-
    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)
    
+
    support.microsoft.com/kb/2850582/EN-US
    
 
 
 
    3041879
    
 
    Current file versions for Microsoft User Experience Virtualization
    
-
    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)
    
+
    support.microsoft.com/kb/3041879/EN-US
    
 
 
 
    2843592
    
 
    Information on User Experience Virtualization and High Availability
    
-
    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)
    
+
    support.microsoft.com/kb/2843592/EN-US
    
 
 
 
 
- 
+ 
 
 
 
 
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md b/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md
index 72c6be572e..6b13a80d3d 100644
--- a/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md
+++ b/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Migrating UE-V 2.x Settings Packages
 description: Migrating UE-V 2.x Settings Packages
-author: jamiejdt
+author: levinec
 ms.assetid: f79381f4-e142-405c-b728-5c048502aa70
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ Simply copying the files and folders does not preserve the security settings and
     **Note**  
     To monitor the copy progress, open MySettings.txt with a log viewer such as Trace32.
 
-     
+     
 
 4.  Grant share-level permissions to the new share. Leave the NTFS file system permissions as they were set by Robocopy.
 
@@ -50,9 +53,9 @@ Simply copying the files and folders does not preserve the security settings and
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 8c85680256..9d9a9348ec 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Prepare a UE-V 2.x Deployment
 description: Prepare a UE-V 2.x Deployment
-author: jamiejdt
+author: levinec
 ms.assetid: c429fd06-13ff-48c5-b9c9-fa1ec01ab800
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -83,10 +86,10 @@ See [User Experience Virtualization (UE-V) settings templates for Microsoft Offi
 
 When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
-**Tip**  
+**Tip**  
 **Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
- 
+
 
 @@ -102,7 +105,7 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of
 
+
    (Download a list of all settings synced)
    
+
    (Download a list of all settings synced)
    
@@ -161,21 +162,21 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of
 
    
 

 
    
 
    Microsoft Office 2010 applications
    
-
    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))
    		
 
    Microsoft Word 2010
    
 
    Microsoft Excel 2010
    
 
    Microsoft Outlook 2010
    
@@ -119,7 +122,7 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of
 
    
 
    
 
    Microsoft Office 2013 applications
    
-
    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))
    		
 
    Microsoft Word 2013
    
 
    Microsoft Excel 2013
    
 
    Microsoft Outlook 2013
    
@@ -136,22 +139,20 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of
 
    Microsoft OneDrive for Business 2013
    
 
    The UE-V 2.1 and 2.1 SP1 Microsoft Office 2013 settings location templates include improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails.
    
 
    
-Note  
-
    An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
    
+Note
    An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
    
 
    
 
    
- 
+
 
    		
 
    
 
    
 
    Browser options: Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11
    		
 
    Favorites, home page, tabs, and toolbars.
    
 
    
-Note  
-
    UE-V does not roam settings for Internet Explorer cookies.
    
+Note
    UE-V does not roam settings for Internet Explorer cookies.
    
 
    
 
    
- 
+
 
    		
 
    
 
    
 
    
 
- 
 
-**Note**  
+
+**Note**  
 UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
 
- 
+
 
 ### Desktop applications synchronized by default in UE-V 2.0
 
 When you install the UE-V 2.0 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
-**Tip**  
+**Tip**  
 **Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
 
- 
+
 
 @@ -191,7 +192,7 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo
 
+
    (Download a list of all settings synced)
    
+
    (Download a list of all settings synced)
    
@@ -240,7 +240,7 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo
 
    
 

 
    
 
    Microsoft Office 2007 applications
    
-
    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))
    		
 
    Microsoft Access 2007
    
 
    Microsoft Communicator 2007
    
 
    Microsoft Excel 2007
    
@@ -207,7 +208,7 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo
 
    
 
    
 
    Microsoft Office 2010 applications
    
-
    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))
    		
 
    Microsoft Word 2010
    
 
    Microsoft Excel 2010
    
 
    Microsoft Outlook 2010
    
@@ -226,11 +227,10 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo
 
    Browser options: Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10
    		
 
    Favorites, home page, tabs, and toolbars.
    
 
    
-Note  
-
    UE-V does not roam settings for Internet Explorer cookies.
    
+Note
    UE-V does not roam settings for Internet Explorer cookies.
    
 
    
 
    
- 
+
 
    		
 
    
 
    
 
    
 
- 
+
 
 ### Windows settings synchronized by default
 
@@ -288,17 +288,17 @@ UE-V includes settings location templates that capture settings values for these
 
 
 
- 
 
-**Note**  
+
+**Note**  
 Starting in Windows 8, UE-V does not roam settings related to the Start screen, such as items and locations. In addition, UE-V does not support synchronization of pinned taskbar items or Windows file shortcuts.
 
- 
 
-**Important**  
+
+**Important**  
 UE-V 2.1 SP1 roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems.
 
- 
+
 
 @@ -359,7 +359,7 @@ UE-V 2.1 SP1 roams taskbar settings between Windows 10 devices. However, UE-V do
 
    
 

 
    
 
- 
+
 
 ### UE-V-support for Windows Apps
 
@@ -367,10 +367,10 @@ For Windows apps, the app developer specifies the settings that are synchronized
 
 To display a list of Windows apps that can synchronize settings on a computer with their package family name, enabled status, and enabled source, at a Windows PowerShell command prompt, enter: `Get-UevAppxPackage`
 
-**Note**  
+**Note**  
 As of Windows 8, UE-V does not synchronize Windows app settings if the domain user links their sign-in credentials to their Microsoft Account. This linking synchronizes settings to Microsoft OneDrive so UE-V, which disables synchronization of Windows app settings.
 
- 
+
 
 ### UE-V-support for Roaming Printers
 
@@ -384,10 +384,10 @@ Printer roaming in UE-V requires one of these scenarios:
 
 -   The printer driver can be obtained from Windows Update.
 
-**Note**  
+**Note**  
 The UE-V printer roaming feature does **not** roam printer settings or preferences, such as printing double-sided.
 
- 
+
 
 ### Determine whether you need settings synchronized for other applications
 
@@ -437,7 +437,7 @@ If you’ve decided that you need settings synchronized for other applications,
 
 
 Checklist box
-
    Does the application store settings in the Program Files directory or in the file directory that is located in the Users\[User name]\AppData\LocalLow directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize.
    
+
    Does the application store settings in the Program Files directory or in the file directory that is located in the Users[User name]<strong>AppData<strong>LocalLow directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize.
    
 
 
 Checklist box
@@ -450,7 +450,7 @@ If you’ve decided that you need settings synchronized for other applications,
 
 
 
- 
+
 
 ## Other Considerations when Preparing a UE-V Deployment
 
@@ -475,10 +475,10 @@ You should also consider these things when you are preparing to deploy UE-V:
 
 Many enterprise applications, including Microsoft Outlook and Lync, prompt users for their domain credentials at login. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V 2.1 and 2.1 SP1.
 
-**Important**  
+**Important**  
 Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization during deployment to implement this feature.
 
- 
+
 
 UE-V 2.1 and 2.1 SP1 can synchronize enterprise credentials, but do not roam credentials intended only for use on the local computer.
 
@@ -486,10 +486,10 @@ Credentials are synchronous settings, meaning they are applied to your profile t
 
 Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings.
 
-**Important**  
+**Important**  
 If you are using Active Directory Credential Roaming in your environment, we recommend that you don’t enable the UE-V credential roaming template.
 
- 
+
 
 Use one of these methods to enable credentials synchronization:
 
@@ -499,10 +499,10 @@ Use one of these methods to enable credentials synchronization:
 
 -   Group Policy
 
-**Note**  
+**Note**  
 Credentials are encrypted during synchronization.
 
- 
+
 
 [Company Settings Center](https://technet.microsoft.com/library/dn458903.aspx)**:** Check the Roaming Credential Settings check box under Windows Settings to enable credential synchronization. Uncheck the box to disable it. This check box only appears in Company Settings Center if your account is not configured to synchronize settings using a Microsoft Account.
 
@@ -642,7 +642,7 @@ Before you proceed, make sure your environment includes these requirements for r
 
 
 
-
    Windows 7
    
+
    Windows 7
    
 
    Ultimate, Enterprise, or Professional Edition
    
 
    SP1
    
 
    32-bit or 64-bit
    
@@ -651,7 +651,7 @@ Before you proceed, make sure your environment includes these requirements for r
 
    .NET Framework 4 or higher for UE-V 2.0.
    
 
 
-
    Windows Server 2008 R2
    
+
    Windows Server 2008 R2
    
 
    Standard, Enterprise, Datacenter, or Web Server
    
 
    SP1
    
 
    64-bit
    
@@ -670,11 +670,10 @@ Before you proceed, make sure your environment includes these requirements for r
 
 
    Windows 10, pre-1607 version
    
 
    
-Note  
-
    Only UE-V 2.1 SP1 supports Windows 10, pre-1607 version
    
+Note
    Only UE-V 2.1 SP1 supports Windows 10, pre-1607 version
    
 
    
 
    
- 
+
 
    
 
    Enterprise or Pro
    
 
    None
    
@@ -701,7 +700,7 @@ Before you proceed, make sure your environment includes these requirements for r
 
 
 
- 
+
 
 Also…
 
@@ -709,16 +708,16 @@ Also…
 
 -   **Administrative Credentials** for any computer on which you’ll be installing
 
-**Note**  
+**Note**  
 
 -   Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
 
 -   The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
 
--   Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
+-   Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
 -   The “Delete Roaming Cache” policy for Mandatory profiles is not supported with UE-V and should not be used.
 
- 
+
 
 There are no special random access memory (RAM) requirements specific to UE-V.
 
@@ -744,30 +743,30 @@ Enable this configuration through one of these methods:
 
 -   During UE-V installation, at the command prompt or in a batch file, set the AgentSetup.exe parameter *SyncMethod = None*. [Deploying the UE-V 2.x Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) provides more information.
 
--   After the UE-V installation, use the Settings Management feature in System Center 2012 Configuration Manager or the MDOP ADMX templates to push the *SyncMethod = None* configuration.
+-   After the UE-V installation, use the Settings Management feature in System Center 2012 Configuration Manager or the MDOP ADMX templates to push the *SyncMethod = None* configuration.
 
 -   Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the *SyncMethod = None* configuration.
 
-    **Note**  
+    **Note**  
     These last two methods do not work for pooled virtual desktop infrastructure (VDI) environments.
 
-     
+
 
 You must restart the computer before the settings start to synchronize.
 
-**Note**  
+**Note**  
 If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path.
 
- 
+
 
 **Synchronization for external sync engines:** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access.
 
 **Support for shared VDI sessions:** UE-V 2.1 and 2.1 SP1 provide support for VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions.
 
-**Note**  
+**Note**  
 If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](https://technet.microsoft.com/library/dn878331.aspx).
 
- 
+
 
 The VDI template is provided with UE-V 2.1 and 2.1 SP1 and is typically available here after installation: C:\\Program Files\\Microsoft User Experience Virtualization\\Templates\\VdiState.xml
 
@@ -775,7 +774,7 @@ The VDI template is provided with UE-V 2.1 and 2.1 SP1 and is typically availabl
 
 Install the UE-V Generator on the computer that is used to create custom settings location templates. This computer should be able to run the applications whose settings are synchronized. You must be a member of the Administrators group on the computer that runs the UE-V Generator software.
 
-The UE-V Generator must be installed on a computer that uses an NTFS file system. The UE-V Generator software requires .NET Framework 4. For more information, see [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md).
+The UE-V Generator must be installed on a computer that uses an NTFS file system. The UE-V Generator software requires .NET Framework 4. For more information, see [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md).
 
 ## Other resources for this product
 
@@ -795,9 +794,9 @@ The UE-V Generator must be installed on a computer that uses an NTFS file system
 
 
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
index be09b357cf..bc93749e20 100644
--- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Security Considerations for UE-V 2.x
 description: Security Considerations for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 9d5c3cae-9fcb-4dea-bd67-741b3dea63be
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,7 +25,7 @@ This topic contains a brief overview of accounts and groups, log files, and othe
 **Important**  
 When you create the settings storage share, limit the share access to users who require access.
 
- 
+ 
 
 Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following:
 
@@ -55,7 +58,7 @@ Because settings packages might contain personal information, you should take ca
         | Everyone | No permissions |
         | Domain computers | Read permission Levels |
         | Administrators | Read/write permission levels |
-         
+         
     4.  Set the following NTFS permissions for the settings template catalog folder.
 
         | User account | Recommended permissions | Apply to |
@@ -110,7 +113,7 @@ Additional security can be configured when a Windows Server is used for the sett
 
 When this configuration setting is in place, the UE-V Agent verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V Agent does not grant access to the folder.
 
- 
+ 
 
 If you must create folders for the users, ensure that you have the correct permissions set.
 
@@ -130,9 +133,9 @@ If you redirect UE-V settings to a user’s home directory or a custom Active Di
 
 [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md
index 095f82e79c..4eefbd2641 100644
--- a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Sync Methods for UE-V 2.x
 description: Sync Methods for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: af0ae894-dfdc-41d2-927b-c2ab1b355ffe
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md
index c58d24cbd9..8b8c565dc8 100644
--- a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Sync Trigger Events for UE-V 2.x
 description: Sync Trigger Events for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 4ed71a13-6a4f-4376-996f-74b126536bbc
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -37,7 +40,7 @@ The following table explains the trigger events for classic applications and Win
 
    Windows Logon
    
 
      
 
    • Application and Windows settings are imported to the local cache from the settings storage location.
      • 
-
    • [Asynchronous Windows settings](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings2) are applied.
      • 
+
    • Asynchronous Windows settings are applied.
      • 
 
    • Synchronous Windows settings will be applied during the next Windows logon.
      • 
 
    • Application settings will be applied when the application starts.
      • 
 
    
@@ -79,19 +82,18 @@ The following table explains the trigger events for classic applications and Win
 
    
 
    Application and Windows settings are synchronized between the settings storage location and the local cache.
    
 
    
-Note  
-
    Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.
    
+Note
    Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.
    
 
    For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).
    
 
    
 
    
- 
+
 
    
 
    Settings are applied in these cases:
    
 
      
 
    • Asynchronous Windows settings are applied directly.
      • 
 
    • Application settings are applied when the application starts.
      • 
 
    • Both asynchronous and synchronous Windows settings are applied during the next Windows logon.
      • 
-
    • Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](https://technet.microsoft.com/library/dn458944.aspx) for more information.
      • 
+
    • Windows app (AppX) settings are applied during the next refresh. See Monitor Application Settings for more information.
      • 
 
    
 
    NA
    
 
@@ -103,7 +105,7 @@ The following table explains the trigger events for classic applications and Win
 
 
 
- 
+
 
 
 
@@ -119,9 +121,9 @@ The following table explains the trigger events for classic applications and Win
 
 [Choose the Configuration Method for UE-V 2.x](https://technet.microsoft.com/library/dn458891.aspx#config)
 
- 
-
- 
+
+
+
 
 
 
diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
index 62fd122e29..8d25af0236 100644
--- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
+++ b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Synchronizing Office 2013 with UE-V 2.0
 description: Synchronizing Office 2013 with UE-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: c46feb6d-28a8-4799-888d-053531dc5842
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md
index 3f0dd6974e..7df413058d 100644
--- a/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Technical Reference for UE-V 2.x
 description: Technical Reference for UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: 303cff9a-a96d-4e83-9e94-19b0d3744e1e
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
index 2bc7e08ad1..733876d705 100644
--- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Troubleshooting UE-V 2.x
 description: Troubleshooting UE-V 2.x
-author: jamiejdt
+author: levinec
 ms.assetid: a02847f8-6986-4612-8307-ba1b72d7919b
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md b/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md
index 9a038522f3..16c4897c6f 100644
--- a/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md
+++ b/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Using UE-V 2.x with Application Virtualization Applications
 description: Using UE-V 2.x with Application Virtualization Applications
-author: jamiejdt
+author: levinec
 ms.assetid: 4644b810-fc48-4fd0-96e4-2fc6cd64d8ad
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +35,7 @@ UE-V monitors when an application opens by the program name and, optionally, by
     **Note**  
     If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**.
 
-     
+     
 
 4.  Start the App-V package.
 
@@ -46,9 +49,9 @@ UE-V monitors when an application opens by the program name and, optionally, by
 
 [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md
index 7f84bd8f45..ad1e2132a4 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in UE-V 2.0
 description: What's New in UE-V 2.0
-author: jamiejdt
+author: levinec
 ms.assetid: 5d852beb-f293-4e3a-a33b-c40df59a7515
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -43,7 +46,7 @@ By default, UE-V synchronizes the settings of many of the Windows apps included
 **Note**  
 UE-V does not synchronize Windows app settings if the domain users link their sign-in credentials to their Microsoft account. This linking synchronizes settings to Microsoft OneDrive so UE-V only synchronizes the desktop applications.
 
- 
+ 
 
 ## Microsoft account linking
 
@@ -75,9 +78,9 @@ Company Settings Center displays which settings are synchronized and lets users
 
 [Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes](microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
index d9d06dbd1b..de567fa610 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in UE-V 2.1
 description: What's New in UE-V 2.1
-author: jamiejdt
+author: levinec
 ms.assetid: 7f385183-7d97-4602-b19a-baa710334ade
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -24,7 +27,7 @@ UE-V 2.1 includes the Microsoft Office 2013 settings location template with impr
 **Note**  
 An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
 
- 
+ 
 
 Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
@@ -55,7 +58,7 @@ UE-V 2.1 gives customers the ability to synchronize credentials and certificates
 **Note**  
 In Windows 8 and later, Credential Manager contains web credentials. These credentials are not synchronized between users’ devices.
 
- 
+ 
 
 ## UE-V and Microsoft Account Synchronization
 
@@ -75,7 +78,7 @@ UE-V 2.1 includes [support for VDI sessions](https://technet.microsoft.com/libra
 **Note**  
 If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as back-up/restore and LKG.
 
- 
+ 
 
 ## Administrative Backup and Restore
 
@@ -101,9 +104,9 @@ UE-V now synchronizes touch keyboard personalization, the spelling dictionary, a
 
 [Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
index b90480b137..b146bb839e 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
@@ -1,8 +1,11 @@
 ---
 title: What's New in UE-V 2.1 SP1
 description: What's New in UE-V 2.1 SP1
-author: jamiejdt
+author: levinec
 ms.assetid: 9a40c737-ad9a-4ec1-b42b-31bfabe0f170
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -53,7 +56,7 @@ Printer roaming in UE-V requires one of these scenarios:
 **Note**  
 The UE-V printer roaming feature does **not** roam printer settings or preferences, such as printing double-sided.
 
- 
+ 
 
 ## Office 2013 Settings Location Template
 
@@ -63,7 +66,7 @@ UE-V 2.1 and 2.1 SP1 include the Microsoft Office 2013 settings location templat
 **Note**  
 An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
 
- 
+ 
 
 Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
@@ -89,9 +92,9 @@ UE-V 2.1 ships [Office 2013 and Office 2010 templates](https://technet.microsoft
 
 [Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
index b1b19388d5..a925e62689 100644
--- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
+++ b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
@@ -1,8 +1,11 @@
 ---
 title: Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator
 description: Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator
-author: jamiejdt
+author: levinec
 ms.assetid: f0bb4920-0132-472c-a564-abf06a884275
+ms.reviewer: 
+manager: dansimp
+ms.author: ellevin
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -61,7 +64,7 @@ Use the UE-V Generator to edit settings location templates. When the revised set
 **Note**  
 If you edit a UE-V 1.0 template by using the UE-V 2 Generator, the template is automatically converted to a UE-V 2 template. UE-V 1.0 Agents can no longer use the edited template.
 
- 
+ 
 
 **To edit a UE-V settings location template with the UE-V Generator**
 
@@ -104,7 +107,7 @@ If you edit a UE-V 1.0 template by using the UE-V 2 Generator, the template is a
     **Note**  
     A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template.
 
-     
+     
 
 2.  Open the settings location template file with an XML editor.
 
@@ -162,9 +165,9 @@ Before you deploy any settings location template that you have downloaded from t
 
 [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
index 9e0b8c0154..e85552bb33 100644
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@@ -5,12 +5,14 @@ keywords: smb, full cloud IT solution, small to medium business, deploy, setup,
 ms.prod: w10
 ms.technology: smb-windows
 ms.topic: hero-article
-ms.author: celested
+ms.author: eravena
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: smb
-author: CelesteDG
+author: eavena
 ms.date: 10/30/2017
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
@@ -57,58 +59,58 @@ If this is the first time you're setting this up, and you'd like to see how it's
 
 1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**.
 
-  **Figure 1** - Try or buy Office 365
+   **Figure 1** - Try or buy Office 365
 
-  ![Office 365 for business sign up](images/office365_tryorbuy_now.png)
+   ![Office 365 for business sign up](images/office365_tryorbuy_now.png)
 
 2. Fill out the sign up form and provide information about you and your company.
 3. Create a user ID and password to use to sign into your account.
 
-  This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal).
+   This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal).
 
 4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
 5. Select **You're ready to go...** which will take you to the Office 365 portal.
 
-  > [!NOTE]  
-  > In the Office 365 portal, icons that are greyed out are still installing.
+   > [!NOTE]  
+   > In the Office 365 portal, icons that are greyed out are still installing.
 
-  **Figure 2** - Office 365 portal
+   **Figure 2** - Office 365 portal
 
-  ![Office 365 portal](images/office365_portal.png)
+   ![Office 365 portal](images/office365_portal.png)
 
 
 6. Select the **Admin** tile to go to the Office 365 admin center.
 7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
 
-  This may take up to a half hour to complete.
+   This may take up to a half hour to complete.
   
-  **Figure 3** - Office 365 admin center
+   **Figure 3** - Office 365 admin center
 
-  ![Office 365 admin center](images/office365_admin_portal.png)
+   ![Office 365 admin center](images/office365_admin_portal.png)
 
 
 8. Go back to the Office 365 admin center to add or buy a domain.
-  1. Select the **Domains** option.
+   1. Select the **Domains** option.
 
-    **Figure 4** - Option to add or buy a domain
+      **Figure 4** - Option to add or buy a domain
 
-    ![Add or buy a domain in Office 365 admin center](images/office365_buy_domain.png)
+      ![Add or buy a domain in Office 365 admin center](images/office365_buy_domain.png)
     
 
-  2.  In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
+   2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
 
-    **Figure 5** - Microsoft-provided domain
+      **Figure 5** - Microsoft-provided domain
 
-    ![Microsoft-provided domain](images/office365_ms_provided_domain.png)
+      ![Microsoft-provided domain](images/office365_ms_provided_domain.png)
 
-    - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
-    - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
+      - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
+      - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
 
-    Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
+      Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
 
-    **Figure 6** - Domains
+      **Figure 6** - Domains
 
-    ![Verify your domains in Office 365 admin center](images/office365_additional_domain.png)
+      ![Verify your domains in Office 365 admin center](images/office365_additional_domain.png)
 
 ### 1.2 Add users and assign product licenses
 Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Office 365 admin center.
@@ -119,32 +121,32 @@ When adding users, you can also assign admin privileges to certain users in your
 
 1. In the Office 365 admin center, select **Users > Active users**.
 
-  **Figure 7** - Add users
+   **Figure 7** - Add users
 
-  ![Add Office 365 users](images/office365_users.png)
+   ![Add Office 365 users](images/office365_users.png)
 
 2. In the **Home > Active users** page, add users individually or in bulk.
-  - To add users one at a time, select **+ Add a user**.
+   - To add users one at a time, select **+ Add a user**.
 
-    If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the Office 365 admin center* in Add users individually or in bulk to Office 365 - Admin Help.
+     If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the Office 365 admin center* in Add users individually or in bulk to Office 365 - Admin Help.
 
-    **Figure 8** - Add an individual user
+     **Figure 8** - Add an individual user
 
-    ![Add an individual user](images/office365_add_individual_user.png)
+     ![Add an individual user](images/office365_add_individual_user.png)
 
-  - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
+   - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
 
-    The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
+     The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
 
-    **Figure 9** - Import multiple users
+     **Figure 9** - Import multiple users
 
-    ![Import multiple users](images/office365_import_multiple_users.png)
+     ![Import multiple users](images/office365_import_multiple_users.png)
 
 3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
 
-  **Figure 10** - List of active users
+   **Figure 10** - List of active users
 
-  ![Verify users and assigned product licenses](images/o365_active_users.png)
+   ![Verify users and assigned product licenses](images/o365_active_users.png)
 
 ### 1.3 Add Microsoft Intune
 Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune?
@@ -156,16 +158,16 @@ Microsoft Intune provides mobile device management, app management, and PC manag
 3. Confirm your order to enable access to Microsoft Intune.
 4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
 
-  **Figure 11** - Assign Intune licenses
+   **Figure 11** - Assign Intune licenses
 
-  ![Assign Microsoft Intune licenses to users](images/o365_assign_intune_license.png)
+   ![Assign Microsoft Intune licenses to users](images/o365_assign_intune_license.png)
 
 5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
 6. Select **Intune**. This will take you to the Intune management portal.
 
-  **Figure 12** - Microsoft Intune management portal
+   **Figure 12** - Microsoft Intune management portal
 
-  ![Microsoft Intune management portal](images/intune_portal_home.png)
+   ![Microsoft Intune management portal](images/intune_portal_home.png)
 
 Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
 
@@ -176,30 +178,30 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
 
 1. In the Office 365 admin center, select **Admin centers > Azure AD**.
 
-  > [!NOTE]
-  > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
+   > [!NOTE]
+   > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
 
 2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription.
 
-  **Figure 13** - Access to Azure AD is not available
+   **Figure 13** - Access to Azure AD is not available
 
-  ![Access to Azure AD not available](images/azure_ad_access_not_available.png)
+   ![Access to Azure AD not available](images/azure_ad_access_not_available.png)
 
 3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365.
 4. Click **Azure subscription**. This will take you to a free trial sign up screen.
 
-  **Figure 14** - Sign up for Microsoft Azure
+   **Figure 14** - Sign up for Microsoft Azure
 
-  ![Sign up for Microsoft Azure](images/azure_ad_sign_up_screen.png)
+   ![Sign up for Microsoft Azure](images/azure_ad_sign_up_screen.png)
 
 5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
 6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
 
-  **Figure 15** - Start managing your Azure subscription
+   **Figure 15** - Start managing your Azure subscription
 
-  ![Start managing your Azure subscription](images/azure_ad_successful_signup.png)
+   ![Start managing your Azure subscription](images/azure_ad_successful_signup.png)
 
-  This will take you to the Microsoft Azure portal.
+   This will take you to the Microsoft Azure portal.
 
 ### 1.5 Add groups in Azure AD
 This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups.
@@ -210,38 +212,38 @@ To add Azure AD group(s), we will use the classic Azure portal, you will see a screen informing you that your directory is ready for use.
 
-  Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
+   Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
 
-  **Figure 16** - Azure first sign-in screen
+   **Figure 16** - Azure first sign-in screen
 
-  ![Select Azure AD](images/azure_portal_classic_configure_directory.png)
+   ![Select Azure AD](images/azure_portal_classic_configure_directory.png)
 
 2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
 
-  **Figure 17** - Directory home page
+   **Figure 17** - Directory home page
 
-  ![Directory home page](images/azure_portal_classic_directory_ready.png)
+   ![Directory home page](images/azure_portal_classic_directory_ready.png)
 
 3. From the menu options on top, select **Groups**.
 
-  **Figure 18** - Azure AD groups
+   **Figure 18** - Azure AD groups
 
-  ![Add groups in Azure AD](images/azure_portal_classic_groups.png)
+   ![Add groups in Azure AD](images/azure_portal_classic_groups.png)
 
 4. Select **Add a group** (from the top) or **Add group** at the bottom.
 5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
 
-  **Figure 19** - Newly added group in Azure AD
+   **Figure 19** - Newly added group in Azure AD
 
-  ![Verify the new group appears on the list](images/azure_portal_classic_all_users_group.png)
+   ![Verify the new group appears on the list](images/azure_portal_classic_all_users_group.png)
 
 6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
 
-  The members that were added to the group will appear on the list.
+   The members that were added to the group will appear on the list.
 
-  **Figure 20** - Members in the new group
+   **Figure 20** - Members in the new group
 
-  ![Members added to the new group](images/azure_portal_classic_members_added.png)
+   ![Members added to the new group](images/azure_portal_classic_members_added.png)
 
 7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
 
@@ -250,44 +252,44 @@ Now that you have Azure AD Premium and have it properly configured, you can conf
 
 You can read this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
 
-> [!IMPORTANT]  
+> [!IMPORTANT]
 > We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
 
 **To enable automatic MDM enrollment**
 
 1. In to the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. 
 
-  The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
+   The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
 
-  **Figure 21** - List of applications for your company
+   **Figure 21** - List of applications for your company
 
-  ![List of applications for your company](images/azure_portal_classic_applications.png)
+   ![List of applications for your company](images/azure_portal_classic_applications.png)
 
 2. Select **Microsoft Intune** to configure the application.
 3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
 
-  **Figure 22** - Configure Microsoft Intune in Azure
+   **Figure 22** - Configure Microsoft Intune in Azure
 
-  ![Configure Microsoft Intune in Azure](images/azure_portal_classic_configure_intune_app.png)
+   ![Configure Microsoft Intune in Azure](images/azure_portal_classic_configure_intune_app.png)
 
 4. In the Microsoft Intune configuration page:
-  - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
+   - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
 
-    > [!NOTE]  
-    > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
+     > [!NOTE]  
+     > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
 
-  - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
-    - **All** will enable all users' Windows 10 devices to be managed by Intune.
-    - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
+   - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
+     - **All** will enable all users' Windows 10 devices to be managed by Intune.
+     - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
 
-    > [!NOTE]  
-    > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
+     > [!NOTE]  
+     > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
 
 5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune.
 
-  **Figure 23** - Configure Microsoft Intune
+   **Figure 23** - Configure Microsoft Intune
 
-  ![Configure automatic MDM enrollment with Intune](images/azure_portal_classic_configure_intune_mdm_enrollment.png)
+   ![Configure automatic MDM enrollment with Intune](images/azure_portal_classic_configure_intune_mdm_enrollment.png)
 
 ### 1.7 Configure Microsoft Store for Business for app distribution
 Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
@@ -299,33 +301,33 @@ In this part of the walkthrough, we'll be working on the Microsoft Intune management portal, select **Admin**.
 2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
 
-  **Figure 24** - Mobile device management
+   **Figure 24** - Mobile device management
 
-  ![Set up mobile device management in Intune](images/intune_admin_mdm_configure.png)
+   ![Set up mobile device management in Intune](images/intune_admin_mdm_configure.png)
 
 3. Sign into Microsoft Store for Business using the same tenant account that you used to sign into Intune.
 4. Accept the EULA.
 5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
 6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
 
-  **Figure 25** - Activate Intune as the Store management tool
+   **Figure 25** - Activate Intune as the Store management tool
 
-  ![Activate Intune from the Store portal](images/wsfb_management_tools_activate.png)
+   ![Activate Intune from the Store portal](images/wsfb_management_tools_activate.png)
 
 7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
 
-  **Figure 26** - Configure Store for Business sync in Intune
+   **Figure 26** - Configure Store for Business sync in Intune
 
-  ![Configure Store for Business sync in Intune](images/intune_admin_mdm_store_sync.png)
+   ![Configure Store for Business sync in Intune](images/intune_admin_mdm_store_sync.png)
 
 9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
 
-  **Figure 27** - Enable Microsoft Store for Business sync in Intune
+   **Figure 27** - Enable Microsoft Store for Business sync in Intune
 
-  ![Enable Store for Business sync in Intune](images/intune_configure_store_app_sync_dialog.png)
+   ![Enable Store for Business sync in Intune](images/intune_configure_store_app_sync_dialog.png)
 
-  The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
+   The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
 
 **To buy apps from the Store**
 
@@ -344,9 +346,9 @@ In the following example, we'll show you how to buy apps through the Microsoft S
 
 1. In the Microsoft Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
 
-  **Figure 28** - Shop for Store apps
+   **Figure 28** - Shop for Store apps
 
-  ![Shop for Store apps](images/wsfb_shop_microsoft_apps.png)
+   ![Shop for Store apps](images/wsfb_shop_microsoft_apps.png)
 
 2. Click to select an app, such as **Reader**. This opens the app page.
 3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
@@ -354,12 +356,12 @@ In the following example, we'll show you how to buy apps through the Microsoft S
 5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app.
 6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory.
 
-  **Figure 29** - App inventory shows the purchased apps
+   **Figure 29** - App inventory shows the purchased apps
 
-  ![Confirm that your inventory shows purchased apps](images/wsfb_manage_inventory_newapps.png)
+   ![Confirm that your inventory shows purchased apps](images/wsfb_manage_inventory_newapps.png)
 
-  > [!NOTE]
-  > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
+   > [!NOTE]
+   > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
 
 **To sync recently purchased apps**
 
@@ -368,9 +370,9 @@ If you need to sync your most recently purchased apps and have it appear in your
 1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**.
 2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
 
-  **Figure 30** - Force a sync in Intune
+   **Figure 30** - Force a sync in Intune
 
-  ![Force a sync in Intune](images/intune_admin_mdm_forcesync.png)
+   ![Force a sync in Intune](images/intune_admin_mdm_forcesync.png)
 
 **To view purchased apps**
 - In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
@@ -385,33 +387,33 @@ To set up new Windows devices, go through the Windows initial device setup or fi
 
 **To set up a device**
 1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you:
-  - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
-  - Accept the EULA
-  - Customize the setup or use Express settings
+   - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
+   - Accept the EULA
+   - Customize the setup or use Express settings
 
-  **Figure 31** - First screen in Windows device setup
+   **Figure 31** - First screen in Windows device setup
 
-  ![First screen in Windows device setup](images/win10_hithere.png)
+   ![First screen in Windows device setup](images/win10_hithere.png)
 
-  > [!NOTE]  
-  > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
+   > [!NOTE]  
+   > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
 
 2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**.
 3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**.
 
-  **Figure 32** - Choose how you'll connect your Windows device
+   **Figure 32** - Choose how you'll connect your Windows device
 
-  ![Choose how you'll connect the Windows device](images/win10_choosehowtoconnect.png)
+   ![Choose how you'll connect the Windows device](images/win10_choosehowtoconnect.png)
 
 4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
 
-  **Figure 33** - Sign in using one of the accounts you added
+   **Figure 33** - Sign in using one of the accounts you added
 
-  ![Sign in using one of the accounts you added](images/win10_signin_admin_account.png)
+   ![Sign in using one of the accounts you added](images/win10_signin_admin_account.png)
 
 5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
 
-  Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
+   Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
 
 ### 2.2 Verify correct device setup
 Verify that the device is set up correctly and boots without any issues.
@@ -426,20 +428,20 @@ In the Intune management
 **To verify if the device is joined to Azure AD**
 1. Check the device name on your PC. To do this, on your Windows PC, select **Settings > System > About** and then check **PC name**.
 
-  **Figure 34** - Check the PC name on your device
+   **Figure 34** - Check the PC name on your device
 
-  ![Check the PC name on your device](images/win10_settings_pcname.png)
+   ![Check the PC name on your device](images/win10_settings_pcname.png)
   
 2. Log in to the Intune management portal.
 3. Select **Groups** and then go to **Devices**.
 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. 
-  - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
-  - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
-  - Check the **AAD Registered** column and confirm that it says **Yes**.
+   - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
+   - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
+   - Check the **AAD Registered** column and confirm that it says **Yes**.
 
-  **Figure 35** - Check that the device appears in Intune
+   **Figure 35** - Check that the device appears in Intune
 
-  ![Check that the device appears in Intune](images/intune_groups_devices_list.png)
+   ![Check that the device appears in Intune](images/intune_groups_devices_list.png)
 
 ## 3. Manage device settings and features
 You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
@@ -456,19 +458,19 @@ In some cases, if an app is missing from the device, you need to reconfigure the
 4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
 5. For each group that you selected, set **Approval** to **Required Install**. This automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
 
-  **Figure 36** - Reconfigure an app's deployment setting in Intune
+   **Figure 36** - Reconfigure an app's deployment setting in Intune
 
-  ![Reconfigure app deployment settings in Intune](images/intune_apps_deploymentaction.png)
+   ![Reconfigure app deployment settings in Intune](images/intune_apps_deploymentaction.png)
 
 6. Click **Finish**.
 7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
-6. Verify that the app shows up on the device. To do this:
-  - Make sure you're logged in to the Windows device.
-  - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
+8. Verify that the app shows up on the device. To do this:
+   - Make sure you're logged in to the Windows device.
+   - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
 
-    **Figure 37** - Confirm that additional apps were deployed to the device
+     **Figure 37** - Confirm that additional apps were deployed to the device
 
-    ![Confirm that additiional apps were deployed to the device](images/win10_deploy_apps_immediately.png)
+     ![Confirm that additiional apps were deployed to the device](images/win10_deploy_apps_immediately.png)
 
 ### 3.2 Configure other settings in Intune
 
@@ -478,36 +480,36 @@ In some cases, if an app is missing from the device, you need to reconfigure the
 3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
 4. On the **Create Policy** page, select **Device Capabilities**.
 5. In the **General** section, add a name and description for this policy. For example:
-  - **Name**: Test Policy - Disable Camera
-  - **Description**: Disables the camera
+   - **Name**: Test Policy - Disable Camera
+   - **Description**: Disables the camera
 6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list.
 
-  **Figure 38** - Add a configuration policy
+   **Figure 38** - Add a configuration policy
 
-  ![Add a configuration policy](images/intune_policy_disablecamera.png)
+   ![Add a configuration policy](images/intune_policy_disablecamera.png)
 
 7. Click **Save Policy**. A confirmation window will pop up.
 8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
 9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**. 
 10. Click **OK** to close the window. 
 
-  **Figure 39** - The new policy should appear in the **Policies** list.
+    **Figure 39** - The new policy should appear in the **Policies** list.
 
-  ![New policy appears on the list](images/intune_policies_newpolicy_deployed.png)
+    ![New policy appears on the list](images/intune_policies_newpolicy_deployed.png)
 
 **To turn off Windows Hello and PINs during device setup**
 1. In the Intune management portal, select **Admin**.
 2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
 3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
 
-  **Figure 40** - Policy to disable Windows Hello for Business
+   **Figure 40** - Policy to disable Windows Hello for Business
 
-  ![Disable Windows Hello for Business](images/intune_policy_disable_windowshello.png)
+   ![Disable Windows Hello for Business](images/intune_policy_disable_windowshello.png)
 
 4. Click **Save**.
 
-  > [!NOTE]
-  > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
+   > [!NOTE]
+   > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
 
 To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users. 
 
@@ -527,34 +529,34 @@ For other devices, such as those personally-owned by employees who need to conne
 2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
 3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device.
 
-  **Figure 41** - Add an Azure AD account to the device
+   **Figure 41** - Add an Azure AD account to the device
 
-  ![Add an Azure AD account to the device](images/win10_add_new_user_join_aad.png)
+   ![Add an Azure AD account to the device](images/win10_add_new_user_join_aad.png)
 
 4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
 
-  **Figure 42** - Enter the account details
+   **Figure 42** - Enter the account details
 
-  ![Enter the account details](images/win10_add_new_user_account_aadwork.png)
+   ![Enter the account details](images/win10_add_new_user_account_aadwork.png)
 
 5. You will be asked to update the password so enter a new password.
 6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
 
-  **Figure 43** - Make sure this is your organization
+   **Figure 43** - Make sure this is your organization
 
-  ![Make sure this is your organization](images/win10_confirm_organization_details.png)
+   ![Make sure this is your organization](images/win10_confirm_organization_details.png)
 
 7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
 
-  **Figure 44** - Confirmation that the device is now connected
+   **Figure 44** - Confirmation that the device is now connected
 
-  ![Confirmation that the device is now connected](images/win10_confirm_device_connected_to_org.png)
+   ![Confirmation that the device is now connected](images/win10_confirm_device_connected_to_org.png)
 
 8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
 
-  **Figure 45** - Device is now enrolled in Azure AD
+   **Figure 45** - Device is now enrolled in Azure AD
 
-  ![Device is enrolled in Azure AD](images/win10_device_enrolled_in_aad.png)
+   ![Device is enrolled in Azure AD](images/win10_device_enrolled_in_aad.png)
 
 9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
 
diff --git a/smb/docfx.json b/smb/docfx.json
index b86df232d5..5ea640e672 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -4,7 +4,7 @@
       {
         "files": [
           "**/*.md",
-		  "**/*.yml"
+          "**/*.yml"
         ],
         "exclude": [
           "**/obj/**",
@@ -29,21 +29,21 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT",
-		"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "TechNet.smb",
-			  "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "TechNet.smb",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
     "dest": "smb",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/smb/index.md b/smb/index.md
index 3f7bb09bc7..4df3e742c1 100644
--- a/smb/index.md
+++ b/smb/index.md
@@ -22,12 +22,12 @@ ms.localizationpriority: medium
 
 
    Windows 10 for business
    Learn how Windows 10 and Windows devices can help your business.
    
 
    SMB blog
    Read about the latest stories, technology insights, and business strategies for SMBs.
    
-
    How to buy
    Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.
    
+
    How to buy
    Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.
    
 
 
 ## ![Deploy a Microsoft solution for your business](images/deploy.png) Deploy
 
-
    [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)
    Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.
    
+
    Get started: Deploy and manage a full cloud IT solution for your business
    Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.
    
 
 
  ## Related topics
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index cf51aab7e8..e6907467fb 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -8,6 +8,8 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.date: 10/23/2018
+ms.reviewer: 
+manager: dansimp
 ms.topic: conceptual
 ms.localizationpriority: medium
 ---
@@ -76,4 +78,4 @@ Microsoft Store adds the app to your inventory. From **Products & services**, yo
 
 For info on distributing apps, see [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
 
-For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
\ No newline at end of file
+For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index dbd5c9acfb..c3ff428416 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -8,6 +8,8 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.date: 2/9/2018
+ms.reviewer: 
+manager: dansimp
 ms.topic: conceptual
 ms.localizationpriority: medium
 ---
diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
index 4ffb3b7e72..8c1e9402e7 100644
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
@@ -2,6 +2,8 @@
 title: Add unsigned app to code integrity policy (Windows 10)
 description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
 ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -91,11 +93,11 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr
 3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files).
 4. After the files are uploaded, click **Sign** to sign the catalog files.
 5. Click Download to download each item:
-    - signed catalog file
-    - default policy
-    - root certificate for your organization
+   - signed catalog file
+   - default policy
+   - root certificate for your organization
 
-    When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
+     When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
 
 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
-7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with System Center Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
\ No newline at end of file
+7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with System Center Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md
index e3c4b43dac..34320107bd 100644
--- a/store-for-business/app-inventory-management-microsoft-store-for-business.md
+++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: App inventory management for Microsoft Store for Business and Microsoft Store for Education (Windows 10)
 description: You can manage all apps that you've acquired on your Apps & Software page.
 ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -198,4 +200,4 @@ You can download a preview PoweShell script that uses REST APIs. The script is a
 - Perform bulk options using .csv files - this automates license management for customers with large numbers of licenses
 
 > [!NOTE]
-> The Microsoft Store for Business and Education Admin role is required to manage products and to use the MSStore module. This requires advanced knowledge of PowerShell.
\ No newline at end of file
+> The Microsoft Store for Business and Education Admin role is required to manage products and to use the MSStore module. This requires advanced knowledge of PowerShell.
diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md
index 1abad24d9a..cd057cb2a9 100644
--- a/store-for-business/apps-in-microsoft-store-for-business.md
+++ b/store-for-business/apps-in-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Apps in Microsoft Store for Business and Education (Windows 10)
 description: Microsoft Store for Business has thousands of apps from many different categories.
 ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -74,4 +76,4 @@ You have the following distribution options for offline-licensed apps:
 - Include the app in a provisioning package, and then use it as part of imaging a device.
 - Distribute the app through a management tool.
 
-For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
\ No newline at end of file
+For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md
index 9fadbfd8e6..5e7a6fcb96 100644
--- a/store-for-business/assign-apps-to-employees.md
+++ b/store-for-business/assign-apps-to-employees.md
@@ -2,6 +2,8 @@
 title: Assign apps to employees (Windows 10)
 description: Administrators can assign online-licensed apps to employees and students in their organization.
 ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md
index e3c23bf86e..9176f1da3d 100644
--- a/store-for-business/billing-payments-overview.md
+++ b/store-for-business/billing-payments-overview.md
@@ -11,6 +11,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 03/01/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Billing and payments
@@ -23,4 +25,4 @@ Access invoices and managed your payment methods.
 | ----- | ----------- |
 | [Understand your invoice](billing-understand-your-invoice-msfb.md) | Information about invoices provided by Microsoft Store for Business.  |
 | [Understand billing profiles](billing-profile.md) | Information about billing profiles and how they relate to invoices.  |
-| [Payment methods](payment-methods.md) | Information about managing payment methods.  |
\ No newline at end of file
+| [Payment methods](payment-methods.md) | Information about managing payment methods.  |
diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md
index 56a0be9b64..bdaffb8093 100644
--- a/store-for-business/billing-profile.md
+++ b/store-for-business/billing-profile.md
@@ -11,6 +11,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 03/01/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Understand billing profiles
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index d477d66085..7c7b84e370 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -10,6 +10,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 03/01/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Understand your Microsoft Customer Agreement invoice
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
index 502bdc4c27..298857630c 100644
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Configure an MDM provider (Windows 10)
 description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses.
 ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -43,4 +45,4 @@ Your MDM tool is ready to use with Microsoft Store. To learn how to configure sy
 - [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
 - [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 
-For third-party MDM providers or management servers, check your product documentation.
\ No newline at end of file
+For third-party MDM providers or management servers, check your product documentation.
diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
index f63f3ef6f6..2c0e080ed7 100644
--- a/store-for-business/device-guard-signing-portal.md
+++ b/store-for-business/device-guard-signing-portal.md
@@ -2,6 +2,8 @@
 title: Device Guard signing (Windows 10)
 description: Device Guard signing is a Device Guard feature that is available in the Microsoft Store for Business and Microsoft Store for Education.
 ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -41,7 +43,7 @@ When you're uploading files for Device Guard signing, there are a few limits for
 | Maximum size for multiple files (uploaded in a group) | 4 MB     |
 | Maximum number of files per upload                    | 15 files |
 
- ## File types
+ ## File types
 Catalog and policy files have required files types.
 
 | File          | Required file type |
@@ -49,8 +51,8 @@ Catalog and policy files have required files types.
 | catalog files | .cat               |
 | policy files  | .bin               |
 
- ##  Store for Business roles and permissions
+ ##  Store for Business roles and permissions
 Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role.
 
 ## Device Guard signing certificates
-All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
\ No newline at end of file
+All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index e83245f0e8..50f43122c5 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -2,6 +2,8 @@
 title: Distribute apps using your private store (Windows 10)
 description: The private store is a feature in Microsoft Store for Business and Microsoft Store for Education that organizations receive during the signup process.
 ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -49,7 +51,7 @@ Microsoft Store adds the app to **Products and services**. Click **Manage**, **A
 The value under **Private store** for the app will change to pending. It will take approximately thirty-six hours before the app is available in the private store.
 
 >[!Note]
- > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be avilable in **Products & services** before adding it to your private store. For more information, see [Working with line of business apps](working-with-line-of-business-apps.md). 
+ > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be available in **Products & services** before adding it to your private store. For more information, see [Working with line-of-business apps](working-with-line-of-business-apps.md). 
 
 ## Private store availability
 You can use security groups to scope which users can install an app from your private store. For more information, see [Private store availability](app-inventory-management-microsoft-store-for-business.md#private-store-availability).
@@ -66,4 +68,4 @@ Employees can claim apps that admins added to the private store by doing the fol
 ## Related topics
 - [Manage access to private store](manage-access-to-private-store.md)
 - [Manage private store settings](manage-private-store-settings.md)
-- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
\ No newline at end of file
+- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
index ecc09aa00e..dd349cde72 100644
--- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
+++ b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Distribute apps to your employees from the Microsoft Store for Business and Education (Windows 10)
 description: Distribute apps to your employees from Microsoft Store for Business or Microsoft Store for Education. You can assign apps to employees,or let employees install them from your private store.
 ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index cab9bdc670..f350acf242 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -2,6 +2,8 @@
 title: Distribute apps with a management tool (Windows 10)
 description: You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
 ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -57,4 +59,4 @@ This diagram shows how you can use a management tool to distribute an online-lic
 ## Related topics
 
 [Configure MDM Provider](configure-mdm-provider-microsoft-store-for-business.md)
-[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
\ No newline at end of file
+[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index c9b1df28bd..696f1be75a 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -2,6 +2,8 @@
 title: Distribute offline apps (Windows 10)
 description: Offline licensing is a new licensing option for Windows 10.
 ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index c36c5dff04..87b1471707 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -4,7 +4,7 @@
       {
         "files": [
           "**/*.md",
-		  "**/**.yml"
+          "**/**.yml"
         ],
         "exclude": [
           "**/obj/**",
@@ -31,26 +31,28 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"ms.author": "trudyha",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.date": "05/09/2017",
-		"searchScope": ["Store"],
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.store-for-business",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "ms.author": "trudyha",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.date": "05/09/2017",
+      "searchScope": [
+        "Store"
+      ],
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.store-for-business",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
     "dest": "store-for-business",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md
index d1c2b7f688..ef2a60a52a 100644
--- a/store-for-business/find-and-acquire-apps-overview.md
+++ b/store-for-business/find-and-acquire-apps-overview.md
@@ -2,6 +2,8 @@
 title: Find and acquire apps (Windows 10)
 description: Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
index dcf2a8f992..efb45d459f 100644
--- a/store-for-business/manage-access-to-private-store.md
+++ b/store-for-business/manage-access-to-private-store.md
@@ -2,6 +2,8 @@
 title: Manage access to private store (Windows 10)
 description: You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
 ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -67,4 +69,4 @@ You can also prevent employees from using Microsoft Store. For more information,
 ## Related topics
 
 [Distribute apps using your private store](distribute-apps-from-your-private-store.md)
-[Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
\ No newline at end of file
+[Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
index 5c9f41f018..01aedc65da 100644
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
@@ -2,6 +2,8 @@
 title: Manage products and services in Microsoft Store for Business (Windows 10)
 description: Manage apps, software, devices, products and services in Microsoft Store for Business.
 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -32,4 +34,4 @@ Manage products and services in Microsoft Store for Business and Microsoft Store
 | [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) | For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Microsoft Store management tool services work with your third-party management tool to manage content. |
 | [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. |
 | [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | Use PowerShell cmdlets to automate basic app license assignment.  |
-| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | Software purchased with the Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business and Education. This allows customers to manage online software purchases in one location. |
\ No newline at end of file
+| [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | Software purchased with the Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business and Education. This allows customers to manage online software purchases in one location. |
diff --git a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
index 4967eb20a1..95cb4a06a6 100644
--- a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
+++ b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
@@ -10,6 +10,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 3/20/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
@@ -58,4 +60,4 @@ We'll ask for a global admin if we need that info when you add a tenant to a pur
 
 -  On **Add a Global Admin**, click **Make me the Global Admin**, and then click **Submit**.
 -or-
--  On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**.
\ No newline at end of file
+-  On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**.
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
index 66650f1c89..9dad6e31d3 100644
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ b/store-for-business/manage-orders-microsoft-store-for-business.md
@@ -10,6 +10,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 11/10/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Manage app orders in Microsoft Store for Business and Education
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index ee4baa3b88..57fea58899 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -2,6 +2,8 @@
 title: Manage private store settings (Windows 10)
 description: The private store is a feature in the Microsoft Store for Business and Microsoft Store for Education that organizations receive during the sign up process.
 ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md
index 77cce4033a..351bc09205 100644
--- a/store-for-business/manage-settings-microsoft-store-for-business.md
+++ b/store-for-business/manage-settings-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Manage settings for Microsoft Store for Business and Microsoft Store for Education (Windows 10)
 description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index 7d6006d776..79cb86cf24 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)
 description: Microsoft Store for Business and Microsoft Store for Education manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups.
 ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 4b53678c9c..c3d282539a 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -11,12 +11,14 @@ ms.topic: conceptual
 ms.localizationpriority: medium
 ms.author:
 ms.date: 10/22/2017
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Microsoft Store for Business and Education PowerShell module - preview
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
 
@@ -50,7 +52,6 @@ To install **Microsoft Store for Business and Education PowerShell** with PowerS
 # Install the Microsoft Store for Business and Education PowerShell module from PowerShell Gallery
 
 Install-Module -Name MSStore
-
 ```
 
 ## Import Microsoft Store for Business and Education PowerShell module into the PowerShell session
@@ -60,7 +61,6 @@ Once you install the module on your Windows 10 device, you will need to then imp
 # Import the MSStore module into this session
 
 Import-Module -Name MSStore
-
 ```
 
 Next, authorize the module to call **Microsoft Store for Business and Education** on your behalf. This step is required once, per user of the PowerShell module.
@@ -71,7 +71,6 @@ To authorize the PowerShell module, run this command. You'll need to sign-in wit
 # Grant MSStore Access to your Microsoft Store for Business and Education
 
 Grant-MSStoreClientAppAccess
-
 ```
 You will be promted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Azure PowerShell cmdlets are loaded and ready to be used.
 
@@ -82,7 +81,6 @@ Service management should encounter no breaking changes as a result of the separ
 # View items in inventory (Apps & software)
 
 Get-MSStoreInventory
-
 ```
 
 >[!TIP]
@@ -100,7 +98,6 @@ Most items in **Products and Services** in **Microsoft Store for Business and Ed
 # View products assigned to people
 
 Get-MSStoreSeatAssignments -ProductId 9NBLGGH4R2R6 -SkuId 0016
-
 ```
 
 > [!Important]
@@ -127,7 +124,6 @@ Add-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user@my
 # Reclaim a product (Product ID and SKU ID combination) from a User (user@host.com)
 
 Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user@myorganization.onmicrosoft.com'
-
 ```
 
 ## Assign or reclaim a product with a .csv file
@@ -143,7 +139,6 @@ Add-MSStoreSeatAssignments  -ProductId 9NBLGGH4R2R6 -SkuId 0016 -PathToCsv C:\Pe
 # Reclaim a product (Product ID and SKU ID combination) from a User (user@host.com)
 
 Remove-MSStoreSeatAssignments  -ProductId 9NBLGGH4R2R6 -SkuId 0016 -PathToCsv C:\People.csv -ColumnName UserPrincipalName
-
 ```
 
 ## Uninstall Microsoft Store for Business and Education PowerShell module
@@ -153,5 +148,4 @@ You can remove **Microsoft Store for Business and Education PowerShell** from yo
 # Uninstall the MSStore Module
 
 Get-InstalledModule -Name "MSStore" -RequiredVersion 1.0 | Uninstall-Module
-
 ```
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 0bf1fdc2d4..9bed41bcbd 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -2,6 +2,8 @@
 title: Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)
 description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
 ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.pagetype: store, mobile
 ms.mktglfcycl: manage
@@ -28,8 +30,8 @@ Organizations or schools of any size can benefit from using Microsoft Store for
 - **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts or Office 365 accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate Microsoft Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
 - **Bulk app acquisition** - Acquire apps in volume from Microsoft Store for Business.
 - **Centralized management** – Microsoft Store provides centralized management for inventory, billing, permissions, and order history. You can use Microsoft Store to view, manage and distribute items purchased from:
-    - **Microsoft Store for Business** – Apps and subscriptions
-    - **Microsoft Store for Education** – Apps and subscriptions
+    - **Microsoft Store for Business** – Apps acquired from Microsoft Store for Business
+    - **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
     - **Office 365** – Subscriptions
     - **Volume licensing** - Apps purchased with volume licensing
 - **Private store** - Create a private store for your business that’s easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices. 
@@ -90,7 +92,7 @@ After your admin signs up for the Store for Business and Education, they can ass
 
 > [!NOTE]
 > Currently, the Basic purchaser role is only available for schools using Microsoft Store for Education. For more information, see [Microsoft Store for Education permissions](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business?toc=/microsoft-store/education/toc.json#manage-domain-settings).
- 
+
 In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](manage-users-and-groups-microsoft-store-for-business.md).
 
 Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with Store for Business and Education.
@@ -195,7 +197,7 @@ Store for Business and Education is currently available in these markets.
             
  • Colombia
    • 
             
  • Comoros
    • 
             
  • Costa Rica
    • 
-            
  • Côte D'ivoire
    • 
+            
  • Côte D'ivoire
    • 
             
  • Croatia
    • 
             
  • Curçao
    • 
             
  • Cyprus
    • 
@@ -330,8 +332,7 @@ Store for Business and Education is currently available in these markets.
             
  • Viet Nam
    • 
             
  • Virgin Islands, U.S.
    • 
             
  • Zambia
    • 
-            
  • Zimbabwe
       
    •          
-        
+            
  • Zimbabwe
       

    •         
     
    
 
@@ -372,9 +373,9 @@ This table summarize what customers can purchase, depending on which Microsoft S
 
 > [!NOTE]
 > **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition**
-- Admins can acquire free apps from **Microsoft Store for Education**.
-- Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices). 
-- Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**. 
+> - Admins can acquire free apps from **Microsoft Store for Education**.
+> - Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices). 
+> - Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**. 
 
 ## Privacy notice
 
@@ -382,7 +383,7 @@ Store for Business and Education services get names and email addresses of peopl
 - Granting and managing permissions
 - Managing app licenses 
 - Distributing apps to people (names appear in a list that admins can select from)
- 
+
 Store for Business and Education does not save names, or email addresses.
 
 Your use of Store for Business and Education is also governed by the [Microsoft Store for Business and Education Services Agreement](https://businessstore.microsoft.com/servicesagreement). 
diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md
index 478fb68e22..90199712a8 100644
--- a/store-for-business/notifications-microsoft-store-business.md
+++ b/store-for-business/notifications-microsoft-store-business.md
@@ -3,6 +3,8 @@ title: Notifications in Microsoft Store for Business and Education (Windows 10)
 description: Notifications alert you to issues or outages with Micrososft Store for Business and Education.
 keywords: notifications, alerts
 ms.assetid: 
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -33,4 +35,4 @@ Microsoft Store for Business and Microsoft Store for Education use a set of noti
 | Shop | We’re on it. Something happened on our end with purchasing. We’re working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
 | Private store | We’re on it. Something happened on our end with your organization’s private store. People in your organization can’t download apps right now. We’re working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
 | Acquistion and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. |
-| Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner.  |
\ No newline at end of file
+| Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner.  |
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
index e67c02d7b6..83f20ebfd1 100644
--- a/store-for-business/payment-methods.md
+++ b/store-for-business/payment-methods.md
@@ -11,6 +11,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 03/01/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Payment methods
@@ -48,4 +50,4 @@ Once you select **Add**, the information you provided will be validated with a t
 Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems.
 
 > [!NOTE]
-> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
\ No newline at end of file
+> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
index 618205cdd5..0d054ed947 100644
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
 description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
 ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -49,20 +51,20 @@ While not required, you can use a management tool to distribute and manage apps.
 
 If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:
 
--   login.live.com
--   login.windows.net
--   account.live.com
--   clientconfig.passport.net
--   windowsphone.com
--   \*.wns.windows.com
--   \*.microsoft.com
--   \*.s-microsoft.com
--   www.msftncsi.com (prior to Windows 10, version 1607)
--   www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
-starting with Windows 10, version 1607)
- 
+- login.live.com
+- login.windows.net
+- account.live.com
+- clientconfig.passport.net
+- windowsphone.com
+- \*.wns.windows.com
+- \*.microsoft.com
+- \*.s-microsoft.com
+- www.msftncsi.com (prior to Windows 10, version 1607)
+- www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
+  starting with Windows 10, version 1607)
+ 
 
- 
+ 
 
 
 
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index 2bcdcd39b9..cc3bbbad3c 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -9,6 +9,8 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.date: 10/31/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Microsoft Store for Business and Education release history
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
index 48a7bcf332..2163e6379a 100644
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
@@ -3,6 +3,8 @@ title: Roles and permissions in Microsoft Store for Business and Education (Wind
 description: The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.
 keywords: roles, permissions
 ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -30,7 +32,7 @@ This table lists the global user accounts and the permissions they have in Micro
 | Purchase apps                   |  X                    | X                     |
 | Distribute apps                |  X                    | X                     |
 | Purchase subscription-based software  |  X             | X                     |
- 
+ 
 
 **Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
 
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
index 8109fc1389..ccb33fc3e0 100644
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ b/store-for-business/settings-reference-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Settings reference Microsoft Store for Business and Education (Windows 10)
 description: The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
 ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
index eb426098c6..5a3a21a49f 100644
--- a/store-for-business/sfb-change-history.md
+++ b/store-for-business/sfb-change-history.md
@@ -9,12 +9,15 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.date: 3/2/2019
+ms.reviewer: 
+manager: dansimp
 ms.localizationpriority: medium
 ---
 
 # Change history for Microsoft Store for Business and Microsoft Store for Education  
 
 ## March 2019
+
 | New or changed topic | Description |
 | --- | --- |
 | [Understand your Microsoft Customer Agreement invoice](billing-understand-your-invoice-msfb.md) | New topic |
@@ -24,12 +27,14 @@ ms.localizationpriority: medium
 | [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md) | Add info for purchasing roles and permissions. |
 
 ## April 2018
+
 | New or changed topic | Description |
 | --- | --- |
 | [Configure access to Microsoft Store](https://docs.microsoft.com/windows/configuration/stop-employees-from-using-microsoft-store#a-href-idblock-store-group-policyablock-microsoft-store-using-group-policy) | Update on app updates when Microsoft Store is blocked. |
 | [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update |
 
 ## March 2018
+
 | New or changed topic | Description |
 | --- | --- |
 | [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) | New |
@@ -73,6 +78,7 @@ ms.localizationpriority: medium
 | [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. |
 
 ## June 2017
+
 | New or changed topic | Description |
 | -------------------- | ----------- |
 | [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
@@ -80,12 +86,12 @@ ms.localizationpriority: medium
 | [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. |
 
 ## July 2017
- 
+
 | New or changed topic | Description |
 | -------------------- | ----------- |
 | [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education.  |
 | [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. |
- 
+
 
 
 
diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
index f9feb738d7..e0db1ee7c7 100644
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
@@ -2,6 +2,8 @@
 title: Sign code integrity policy with Device Guard signing (Windows 10)
 description: Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
 ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -38,4 +40,4 @@ Before you get started, be sure to review these best practices:
 4.  After the files are uploaded, click **Sign** to sign the code integrity policy.
 5.  Click **Download** to download the signed code integrity policy.
 
-    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.
\ No newline at end of file
+    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index 8a9212cf86..0159084242 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -2,6 +2,8 @@
 title: Sign up and get started (Windows 10)
 description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
 ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/sign-up-microsoft-store-for-business.md b/store-for-business/sign-up-microsoft-store-for-business.md
index 7ee9e453ff..ac226cffdb 100644
--- a/store-for-business/sign-up-microsoft-store-for-business.md
+++ b/store-for-business/sign-up-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Sign up for Microsoft Store for Business or Microsoft Store for Education (Windows 10)
 description: Before you sign up for Microsoft Store for Business or Microsoft Store for Education, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization.
 ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
index 197eeba1a0..2855e4cd43 100644
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ b/store-for-business/troubleshoot-microsoft-store-for-business.md
@@ -2,6 +2,8 @@
 title: Troubleshoot Microsoft Store for Business (Windows 10)
 description: Troubleshooting topics for Microsoft Store for Business.
 ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -49,6 +51,10 @@ The private store for your organization is a page in Microsoft Store app that co
 
     ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png)
 
+## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager
+
+If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
+
 ## Still having trouble?
 
 If you are still having trouble using Microsoft Store or installing an app, Admins can sign in and look for topics on our **Support** page.
@@ -56,4 +62,4 @@ If you are still having trouble using Microsoft Store or installing an app, Admi
 **To view Support page** 
 
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com)
-2. Click **Manage**, and then click **Support**. 
\ No newline at end of file
+2.Choose **Manage**> **Support**. 
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index 212b62ecf0..bc20f75efc 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -11,6 +11,8 @@ ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 03/18/2019
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Update Billing account settings
@@ -137,4 +139,4 @@ Admins can decide whether or not offline licenses are shown for apps in Microsof
 You have the following distribution options for offline-licensed apps:
 - Include the app in a provisioning package, and then use it as part of imaging a device.
 - Distribute the app through a management tool.
-For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-with-management-tool.md). -->
\ No newline at end of file
+For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-with-management-tool.md). -->
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 45d4c68486..8d06648a0d 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -9,6 +9,8 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.date: 10/31/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # What's new in Microsoft Store for Business and Education
@@ -18,6 +20,7 @@ Microsoft Store for Business and Education regularly releases new and improved f
 ## Latest updates for Store for Business and Education
 
 **October 2018**
+
 |  |  |
 |-----------------------|---------------------------------|
 | ![Security groups](images/security-groups-icon.png) |**Use security groups with Private store apps**

     On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. 

    [Get more info](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business#private-store-availability)

    **Applies to**:
     Microsoft Store for Business 
     Microsoft Store for Education |
@@ -85,4 +88,4 @@ We’ve been working on bug fixes and performance improvements to provide you a
 - Manage prepaid Office 365 subscriptions
 - Manage Office 365 subscriptions acquired by partners
 - Edge extensions in Microsoft Store
-- Search results in Microsoft Store for Business
\ No newline at end of file
+- Search results in Microsoft Store for Business
diff --git a/store-for-business/work-with-partner-microsoft-store-business.md b/store-for-business/work-with-partner-microsoft-store-business.md
index 0f30df6697..9ca69eef76 100644
--- a/store-for-business/work-with-partner-microsoft-store-business.md
+++ b/store-for-business/work-with-partner-microsoft-store-business.md
@@ -10,6 +10,8 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.date: 10/12/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # Working with solution providers in Microsoft Store for Business
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
index 36b1eedf64..3085320530 100644
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@@ -2,6 +2,8 @@
 title: Working with line-of-business apps (Windows 10)
 description: Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your organization – they might be internal business apps, or apps specific to your school, business, or industry.
 ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -48,12 +50,12 @@ Admins need to invite developer or ISVs to become an LOB publisher.
 
 **To invite a developer to become an LOB publisher**
 
-1.  Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
-2.  Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
-3.  On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
+2. Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
+3. On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
  
- >[!Note]
- > This needs to be the email address listed in contact info for the developer account.
+   >[!Note]
+   > This needs to be the email address listed in contact info for the developer account.
   
 ## Submit apps (LOB publisher)
 
@@ -100,4 +102,4 @@ After you add the app to your inventory, you can choose how to distribute the ap
 -   [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
 -   [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
 -   [Assign apps to employees](assign-apps-to-employees.md)
--   [Distribute offline apps](distribute-offline-apps.md)
\ No newline at end of file
+-   [Distribute offline apps](distribute-offline-apps.md)
diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json
index b394742538..c24fcaa1ed 100644
--- a/windows/access-protection/docfx.json
+++ b/windows/access-protection/docfx.json
@@ -20,7 +20,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
-		  "**/*.gif"
+          "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",
@@ -31,20 +31,21 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.author": "justinha",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.win-access-protection",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.author": "justinha",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.win-access-protection",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
-    "dest": "win-access-protection"
+    "dest": "win-access-protection",
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index 9f0e645ab1..bb0195c0dc 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: article
-ms.author: elizapo
-author: lizap
+ms.author: tracyp
+author: msfttracyp
 ms.localizationpriority: medium
 ms.date: 04/26/2018
+ms.reviewer: 
+manager: dansimp
 ms.topic: article
 ---
 # How to add apps and features to Windows 10
@@ -25,4 +27,4 @@ Here's how you do that:
 
 And that's it. You can see the apps you have installed on the **Apps & features** page and the features on **Manage optional features**.
 
-You can manage and uninstall apps and features from the same Settings page. Just select the app or feature, and then select **Uninstall**.
\ No newline at end of file
+You can manage and uninstall apps and features from the same Settings page. Just select the app or feature, and then select **Uninstall**.
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index ed9e7d1801..91926ff30c 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -1,12 +1,15 @@
 ---
 title: What's new in App-V for Windows 10, version 1703 and earlier (Windows 10)
 description: Information about what's new in App-V for Windows 10, version 1703 and earlier. 
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # What's new in App-V for Windows 10, version 1703 and earlier
@@ -48,8 +51,8 @@ The changes in App-V for Windows 10, version 1607 impact existing implementation
 * The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
 * In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 
- >[!NOTE]
- >If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release.
+ > [!NOTE]
+  >If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release.
 
 For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](../app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](../app-v/appv-migrating-to-appv-from-a-previous-version.md).
 
@@ -67,4 +70,4 @@ App-V supports System Center 2016 and System Center 2012 R2 Configuration Manage
 ## Related topics
 
 * [Release Notes for App-V for Windows 10, version 1607](../app-v/appv-release-notes-for-appv-for-windows.md)
-* [Release Notes for App-V for Windows 10, version 1703](../app-v/appv-release-notes-for-appv-for-windows-1703.md)
\ No newline at end of file
+* [Release Notes for App-V for Windows 10, version 1703](../app-v/appv-release-notes-for-appv-for-windows-1703.md)
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index dc50a4c884..1ef657304d 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
 description: How to add or remove an administrator by using the Management Console
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to add or remove an administrator by using the Management Console
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index 65e751d061..ce050e817b 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
 description: How to add or upgrade packages by using the Management Console
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to add or upgrade packages by using the Management Console
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index e56d2e0b3a..ea02c9ad1f 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: Administering App-V by using Windows PowerShell (Windows 10)
 description: Administering App-V by Using Windows PowerShell
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Administering App-V by using Windows PowerShell
@@ -51,4 +54,4 @@ The following table describes Windows PowerShell error handling for App-V.
 
 ## Related topics
 
-* [Operations for App-V](appv-operations.md)
\ No newline at end of file
+* [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index 496cc0b738..82f1d28429 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: Administering App-V Virtual Applications by using the Management Console (Windows 10)
 description: Administering App-V Virtual Applications by using the Management Console
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Administering App-V Virtual Applications by using the Management Console
@@ -58,4 +61,4 @@ The main elements of the App-V Management Console are:
 ## Other resources for this App-V deployment
 
 - [Application Virtualization (App-V) overview](appv-for-windows.md)
-- [Operations for App-V](appv-operations.md)
\ No newline at end of file
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index cee9f0a966..e2ed065b74 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -1,12 +1,15 @@
 ---
 title: How to Allow Only Administrators to Enable Connection Groups (Windows 10)
 description: How to Allow Only Administrators to Enable Connection Groups
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to allow only administrators to enable connection groups
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 54a2eb8da6..45588fbda9 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1,12 +1,15 @@
 ---
 title: Application Publishing and Client Interaction (Windows 10)
 description: Application publishing and client interaction.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/08/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Application publishing and client interaction
@@ -376,46 +379,46 @@ The process then configures the client for package or connection group additions
 
 3. Configure the packages by identifying the **Add** or **Update** operations.
 
-    1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server.
+   1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server.
 
-    2. The package file is opened and the **AppXManifest.xml** and **StreamMap.xml** files are downloaded to the Package Store.
+   2. The package file is opened and the **AppXManifest.xml** and **StreamMap.xml** files are downloaded to the Package Store.
 
-    3. Completely stream publishing block data defined in the **StreamMap.xml** file. Publishing block data is stored in Package Store\\PkgGUID\\VerGUID\\Root.
+   3. Completely stream publishing block data defined in the **StreamMap.xml** file. Publishing block data is stored in Package Store\\PkgGUID\\VerGUID\\Root.
 
-        - Icons: Targets of extension points.
-        - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, accessed directly or through file types.
-        - Scripts: Download scripts directory for use throughout the publishing process.
+       - Icons: Targets of extension points.
+       - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, accessed directly or through file types.
+       - Scripts: Download scripts directory for use throughout the publishing process.
 
-    4. Populate the Package store by doing the following:
+   4. Populate the Package store by doing the following:
 
-        1. Create sparse files on disk that represent the extracted package for any directories listed.
+      1. Create sparse files on disk that represent the extracted package for any directories listed.
 
-        2. Stage top-level files and directories under root.
+      2. Stage top-level files and directories under root.
 
-        All other files are created when the directory is listed as sparse on disk and streamed on demand.
+         All other files are created when the directory is listed as sparse on disk and streamed on demand.
 
-    5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** files from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created).
+   5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** files from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created).
 
-    6. Create location of the package store in the registry **HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog**.
+   6. Create location of the package store in the registry **HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog**.
 
-    7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat**.
+   7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat**.
 
-    8. Register the package with the App-V Kernel Mode Driver at **HKLM\\Microsoft\\Software\\AppV\\MAV**.
+   8. Register the package with the App-V Kernel Mode Driver at **HKLM\\Microsoft\\Software\\AppV\\MAV**.
 
-    9. Invoke scripting from the **AppxManifest.xml** or **DeploymentConfig.xml** file for Package Add timing.
+   9. Invoke scripting from the **AppxManifest.xml** or **DeploymentConfig.xml** file for Package Add timing.
 
 4. Configure Connection Groups by adding and enabling or disabling.
 
 5. Remove objects that are not published to the target (user or machine).
 
-    >[!NOTE]
+   > [!NOTE]
     >This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
 
 6. Invoke background load mounting based on client configuration.
 
 7. Packages that already have publishing information for the machine or user are immediately restored.
 
-    >[!NOTE]
+   > [!NOTE]
     >This condition occurs as a product of removal without unpublishing with background addition of the package.
 
 This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user).
@@ -444,7 +447,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu
 
     2. Store backup information in the user’s registry and roaming profile (Shortcut Backups).
 
-        >[!NOTE]
+       > [!NOTE]
         >This enables restore extension points if the package is unpublished.
 
     3. Run scripts targeted for publishing timing.
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index 457b84aa95..b6d62b3219 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to apply the deployment configuration file by using Windows PowerShell (Windows 10)
 description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/15/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to apply the deployment configuration file by using Windows PowerShell
@@ -17,13 +20,13 @@ When you add or set a package to a computer running the App-V client before it's
 
 ## Apply the deployment configuration file with Windows PowerShell
 
->[!NOTE]
->The following example cmdlet uses the following two file paths for the package and configuration files:
-    >
-    >* C:\\Packages\\Contoso\\MyApp.appv
-    >* C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml
-    >
->If your package and configuration files use different file paths than the example, feel free to replace them as needed.
+> [!NOTE]
+> The following example cmdlet uses the following two file paths for the package and configuration files:
+> 
+> * C:\\Packages\\Contoso\\MyApp.appv
+> * C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml
+> 
+> If your package and configuration files use different file paths than the example, feel free to replace them as needed.
 
 To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, enter the following cmdlet:
 
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index 8b1e2d8168..e3abc3524a 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to apply the user configuration file by using Windows PowerShell (Windows 10)
 description: How to apply the user configuration file by using Windows PowerShell (Windows 10).
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/15/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to apply the user configuration file by using Windows PowerShell
@@ -19,12 +22,12 @@ When you publish a package to a specific user, you'll also need to specify a dyn
 
 Here's how to specify a user-specific configuration file:
 
->[!NOTE]
->The following example cmdlets use this example file path for its package:
-    >
-    >* C:\\Packages\\Contoso\\MyApp.appv.
-    >
->If your package file uses a different file path than the example, feel free to replace it as needed.
+> [!NOTE]
+> The following example cmdlets use this example file path for its package:
+> 
+> * C:\\Packages\\Contoso\\MyApp.appv.
+> 
+> If your package file uses a different file path than the example, feel free to replace it as needed.
 
 1. Enter the following cmdlet in Windows PowerShell to add the package to the computer:
 
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index d40b868aa0..67f5ad1826 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -1,12 +1,15 @@
 ---
 title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
 description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 6a74d97208..4a8dd9f493 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -1,12 +1,15 @@
 ---
 title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
 description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index acf707a514..5af97d8c38 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -1,12 +1,15 @@
 ---
 title: Automatically clean up unpublished packages on the App-V client (Windows 10)
 description: How to automatically clean up any unpublished packages on your App-V client devices.
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/15/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Automatically clean up unpublished packages on the App-V client
@@ -60,4 +63,4 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused App
 
 - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 - [Download the Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/en-us/download/details.aspx?id=41186)
-- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
\ No newline at end of file
+- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 9cb9b8fade..ddb1c30871 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -1,12 +1,15 @@
 ---
 title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
 description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 3429a4b616..6bb52f7eb3 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -1,12 +1,15 @@
 ---
 title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
 description: A list of the available MDM settings for App-V on Windows 10.
-author: jdeckerms
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/15/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # Available Mobile Device Management (MDM) settings for App-V
@@ -29,4 +32,4 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V
 |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.|
 |SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.|
 |PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.|
-|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.|
\ No newline at end of file
+|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.|
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 250809b68c..3d117f1d01 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -1,12 +1,15 @@
 ---
 title: App-V Capacity Planning (Windows 10)
 description: App-V Capacity Planning
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # App-V Capacity Planning
@@ -123,11 +126,11 @@ Example: Random delay for 500 clients with 120 requests per second is *4 × 500/
 
 Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and receive a response. Round trip response time is measured on the computer running the App-V client, while processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
 
->[!IMPORTANT]
->The following list displays the main factors to consider when setting up the App-V publishing server:
-  * The number of clients connecting simultaneously to a single publishing server.
-  * The number of packages in each refresh.
-  * The available network bandwidth in your environment between the client and the App-V publishing server.
+> [!IMPORTANT]
+> The following list displays the main factors to consider when setting up the App-V publishing server:
+>   * The number of clients connecting simultaneously to a single publishing server.
+>   * The number of packages in each refresh.
+>   * The available network bandwidth in your environment between the client and the App-V publishing server.
 
 |Scenario|Summary|
 |---|---|
@@ -148,11 +151,11 @@ Computers running the App-V client connect to the App-V publishing server to sen
 
 Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package.
 
->[!IMPORTANT]
->The following list identifies the main factors to consider when setting up the App-V streaming server:
-  * The number of clients streaming application packages simultaneously from a single streaming server.
-  * The size of the package being streamed.
-  * The available network bandwidth in your environment between the client and the streaming server.
+> [!IMPORTANT]
+> The following list identifies the main factors to consider when setting up the App-V streaming server:
+>   * The number of clients streaming application packages simultaneously from a single streaming server.
+>   * The size of the package being streamed.
+>   * The available network bandwidth in your environment between the client and the streaming server.
 
 |Scenario|Summary|
 |---|---|
@@ -193,4 +196,4 @@ Although there are many fault-tolerance strategies and technologies you can use,
 
 * [App-V supported configurations](appv-supported-configurations.md)
 * [Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md)
-* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
\ No newline at end of file
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 983ad32d49..1d23aca023 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -1,12 +1,15 @@
----
+---
 title: About Client Configuration Settings (Windows 10)
 description: About Client Configuration Settings
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # About Client Configuration Settings
@@ -21,94 +24,92 @@ You can use Group Policy to configure App-V client settings by navigating to the
 
 The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
 
-| Windows PowerShell cmdlet or cmdlets,
    **Option**
    Type  | Description  | Disabled policy state keys and values |
-|------------|------------|------------|------------|
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-PackageInstallationRoot**
    String  | Specifies directory where all new applications and updates will be installed.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-PackageSourceRoot**
    String  | Overrides source location for downloading package content.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-AllowHighCostLaunch**
    True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G).  | 0 |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReestablishmentRetries**
    Integer (0–99)  | Specifies the number of times to retry a dropped session.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReestablishmentInterval**
    Integer (0–3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-LocationProvider**
    String  | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-CertFilterForClientSsl**
    String  | Specifies the path to a valid certificate in the certificate store.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-VerifyCertificateRevocationList**
    True (enabled); False (Disabled state)  | Verifies Server certificate revocation status before streaming with HTTPS.  | 0 |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-SharedContentStoreMode**
    True (enabled); False (Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | 0 |
-| Set-AppvPublishingServer

    **-Name**
    String  | Displays the name of publishing server.  | Policy value not written (same as Not Configured) |
-| Set-AppvPublishingServer

    **-URL**
    String  | Displays the URL of publishing server.  | Policy value not written (same as Not Configured) |
-| Set-AppvPublishingServer

    **-GlobalRefreshEnabled**
    True (enabled); False (Disabled state)  | Enables global publishing refresh (Boolean)  | False |
-| Set-AppvPublishingServer

    **-GlobalRefreshOnLogon**
    True (enabled); False (Disabled state)  | Triggers a global publishing refresh on sign in. (Boolean)  | False |
-| Set-AppvPublishingServer

    **-GlobalRefreshInterval**
    Integer (0–744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, specify 0.  | 0 |
-| Set-AppvPublishingServer

    **-GlobalRefreshIntervalUnit** 
    0 for hour, 1 for day  | Specifies the interval unit (Hour 0–23, Day 0–31).  | 1 |
-| Set-AppvPublishingServer

    **-UserRefreshEnabled**
    True (enabled); False (Disabled state)  | Enables user publishing refresh (Boolean)  | False |
-| Set-AppvPublishingServer

    **-UserRefreshOnLogon**
    True (enabled); False (Disabled state)  | Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60  | False |
-| Set-AppvPublishingServer

    **-UserRefreshInterval**
    Word count (with spaces): 85
    Integer (0–744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
-| Set-AppvPublishingServer

    **-UserRefreshIntervalUnit**
    0 for hour, 1 for day  | Specifies the interval unit (Hour 0–23, Day 0–31).  | 1 |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-MigrationMode**
    True (enabled state); False (Disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V.  | |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-EnablePackageScripts**
    True (enabled); False (Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | |
-| Set-AppvClientConfiguration

    **-RoamingFileExclusions**
    String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'```  | |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-RoamingRegistryExclusions**
    String  | Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients```  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-IntegrationRootUser**
    String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-IntegrationRootGlobal**
    String  | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-VirtualizableExtensions**
    String  | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Policy value not written |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingEnabled**
    True (enabled); False (Disabled state)  | Returns information to a reporting server.  | False |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingServerURL**
    String  | Specifies the location on the reporting server where client information is saved.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingDataCacheLimit**
    Integer \[0–1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingDataBlockSize**
    Integer \[1024 - Unlimited\]  | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingStartTime**
    Integer (0–23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
    **Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingInterval**
    Integer  | Specifies the retry interval that the client will use to resend data to the reporting server.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\]  | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.  | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-EnableDynamicVirtualization
    **1 (Enabled), 0 (Disabled)  | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.  | |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)  | Enables the publishing refresh progress bar for the computer running the App-V Client.  | |
-| Sync-AppvPublishingServer

    **-HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)  | Hides the publishing refresh progress bar.  | |
-| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ProcessesUsingVirtualComponents**
    String  | Specifies a list of process paths (that may contain wildcards) that are candidates for using dynamic virtualization (such as supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Empty string. |
+
+|                                          Windows PowerShell cmdlet or cmdlets,
    **Option**
    Type                                           |                                                                                                                                                                                                                                                                                                                                                                        Description                                                                                                                                                                                                                                                                                                                                                                        |       Disabled policy state keys and values       |
+|------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------|
+|                     Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-PackageInstallationRoot**
    String                     |                                                                                                                                                                                                                                                                                                                                       Specifies directory where all new applications and updates will be installed.                                                                                                                                                                                                                                                                                                                                       | Policy value not written (same as Not Configured) |
+|                        Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-PackageSourceRoot**
    String                        |                                                                                                                                                                                                                                                                                                                                                Overrides source location for downloading package content.                                                                                                                                                                                                                                                                                                                                                 | Policy value not written (same as Not Configured) |
+|       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-AllowHighCostLaunch**
    True (enabled); False (Disabled state)       |                                                                                                                                                                                                                                                                                                  This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G).                                                                                                                                                                                                                                                                                                  |                         0                         |
+|                 Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReestablishmentRetries**
    Integer (0–99)                  |                                                                                                                                                                                                                                                                                                                                                 Specifies the number of times to retry a dropped session.                                                                                                                                                                                                                                                                                                                                                 | Policy value not written (same as Not Configured) |
+|                Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReestablishmentInterval**
    Integer (0–3600)                |                                                                                                                                                                                                                                                                                                                                    Specifies the number of seconds between attempts to reestablish a dropped session.                                                                                                                                                                                                                                                                                                                                     | Policy value not written (same as Not Configured) |
+|                        Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-LocationProvider**
    String                         |                                                                                                                                                                                                                                                                                                                            Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.                                                                                                                                                                                                                                                                                                                             | Policy value not written (same as Not Configured) |
+|                     Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-CertFilterForClientSsl**
    String                      |                                                                                                                                                                                                                                                                                                                                            Specifies the path to a valid certificate in the certificate store.                                                                                                                                                                                                                                                                                                                                            | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-VerifyCertificateRevocationList**
    True (enabled); False (Disabled state) |                                                                                                                                                                                                                                                                                                                                        Verifies Server certificate revocation status before streaming with HTTPS.                                                                                                                                                                                                                                                                                                                                         |                         0                         |
+|     Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-SharedContentStoreMode**
    True (enabled); False (Disabled state)      |                                                                                                                                                                                                                                                                                                                                   Specifies that streamed package contents will be not be saved to the local hard disk.                                                                                                                                                                                                                                                                                                                                   |                         0                         |
+|                                              Set-AppvPublishingServer

    **-Name**
    String                                               |                                                                                                                                                                                                                                                                                                                                                          Displays the name of publishing server.                                                                                                                                                                                                                                                                                                                                                          | Policy value not written (same as Not Configured) |
+|                                               Set-AppvPublishingServer

    **-URL**
    String                                               |                                                                                                                                                                                                                                                                                                                                                          Displays the URL of publishing server.                                                                                                                                                                                                                                                                                                                                                           | Policy value not written (same as Not Configured) |
+|                      Set-AppvPublishingServer

    **-GlobalRefreshEnabled**
    True (enabled); False (Disabled state)                       |                                                                                                                                                                                                                                                                                                                                                        Enables global publishing refresh (Boolean)                                                                                                                                                                                                                                                                                                                                                        |                       False                       |
+|                      Set-AppvPublishingServer

    **-GlobalRefreshOnLogon**
    True (enabled); False (Disabled state)                       |                                                                                                                                                                                                                                                                                                                                                Triggers a global publishing refresh on sign in. (Boolean)                                                                                                                                                                                                                                                                                                                                                 |                       False                       |
+|                                 Set-AppvPublishingServer

    **-GlobalRefreshInterval**
    Integer (0–744)                                  |                                                                                                                                                                                                                                                                                                                   Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, specify 0.                                                                                                                                                                                                                                                                                                                   |                         0                         |
+|                            Set-AppvPublishingServer

    **-GlobalRefreshIntervalUnit** 
    0 for hour, 1 for day                            |                                                                                                                                                                                                                                                                                                                                                    Specifies the interval unit (Hour 0–23, Day 0–31).                                                                                                                                                                                                                                                                                                                                                     |                         1                         |
+|                       Set-AppvPublishingServer

    **-UserRefreshEnabled**
    True (enabled); False (Disabled state)                        |                                                                                                                                                                                                                                                                                                                                                         Enables user publishing refresh (Boolean)                                                                                                                                                                                                                                                                                                                                                         |                       False                       |
+|                       Set-AppvPublishingServer

    **-UserRefreshOnLogon**
    True (enabled); False (Disabled state)                        |                                                                                                                                                                                                                                                                                                                                   Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60                                                                                                                                                                                                                                                                                                                                   |                       False                       |
+|               Set-AppvPublishingServer

    **-UserRefreshInterval**
    Word count (with spaces): 85
    Integer (0–744 Hours)                |                                                                                                                                                                                                                                                                                                                    Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.                                                                                                                                                                                                                                                                                                                     |                         0                         |
+|                             Set-AppvPublishingServer

    **-UserRefreshIntervalUnit**
    0 for hour, 1 for day                              |                                                                                                                                                                                                                                                                                                                                                    Specifies the interval unit (Hour 0–23, Day 0–31).                                                                                                                                                                                                                                                                                                                                                     |                         1                         |
+|       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-MigrationMode**
    True (enabled state); False (Disabled state)       |                                                                                                                                                                                                                                                                                                                 Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V.                                                                                                                                                                                                                                                                                                                 |                                                   |
+|      Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-EnablePackageScripts**
    True (enabled); False (Disabled state)       |                                                                                                                                                                                                                                                                                                                                  Enables scripts defined in the package manifest of configuration files that should run.                                                                                                                                                                                                                                                                                                                                  |                                                   |
+|                                    Set-AppvClientConfiguration

    **-RoamingFileExclusions**
    String                                     |                                                                                                                                                                                                                                                                                                Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'```                                                                                                                                                                                                                                                                                                 |                                                   |
+|                    Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-RoamingRegistryExclusions**
    String                    |                                                                                                                                                                                                                                                                                                   Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients```                                                                                                                                                                                                                                                                                                    | Policy value not written (same as Not Configured) |
+|                       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-IntegrationRootUser**
    String                       |                                                                                                                                                                            Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```.                                                                                                                                                                            | Policy value not written (same as Not Configured) |
+|                      Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-IntegrationRootGlobal**
    String                      |                                                                                                                                                                          Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```.                                                                                                                                                                           | Policy value not written (same as Not Configured) |
+|                     Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-VirtualizableExtensions**
    String                     | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). |             Policy value not written              |
+|        Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingEnabled**
    True (enabled); False (Disabled state)         |                                                                                                                                                                                                                                                                                                                                                        Returns information to a reporting server.                                                                                                                                                                                                                                                                                                                                                         |                       False                       |
+|                       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingServerURL**
    String                        |                                                                                                                                                                                                                                                                                                                                     Specifies the location on the reporting server where client information is saved.                                                                                                                                                                                                                                                                                                                                     | Policy value not written (same as Not Configured) |
+|               Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingDataCacheLimit**
    Integer \[0–1024\]               |                                                                                                                                                                                                                                                                 Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.                                                                                                                                                                                                                                                                 | Policy value not written (same as Not Configured) |
+|          Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingDataBlockSize**
    Integer \[1024 - Unlimited\]           |                                                                                                                                                                                                                                                               Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.                                                                                                                                                                                                                                                               | Policy value not written (same as Not Configured) |
+|                   Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingStartTime**
    Integer (0–23)                    |                                                                                                                                                                                 Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
    **Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.                                                                                                                                                                                  | Policy value not written (same as Not Configured) |
+|                       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingInterval**
    Integer                        |                                                                                                                                                                                                                                                                                                                               Specifies the retry interval that the client will use to resend data to the reporting server.                                                                                                                                                                                                                                                                                                                               | Policy value not written (same as Not Configured) |
+|       Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\]        |                                                                                                                                                                                                                     Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.                                                                                                                                                                                                                     | Policy value not written (same as Not Configured) |
+|   Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    -EnableDynamicVirtualization
    1 (Enabled), 0 (Disabled)   |                                                                                                                                                                                                                                                                                                          Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.                                                                                                                                                                                                                                                                                                           |                                                   |
+|          Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)           |                                                                                                                                                                                                                                                                                                                                  Enables the publishing refresh progress bar for the computer running the App-V Client.                                                                                                                                                                                                                                                                                                                                   |                                                   |
+|                           Sync-AppvPublishingServer

    **-HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)                           |                                                                                                                                                                                                                                                                                                                                                        Hides the publishing refresh progress bar.                                                                                                                                                                                                                                                                                                                                                         |                                                   |
+|                 Set-AppvClientConfiguration,
    Set-AppvPublishingServer

    **-ProcessesUsingVirtualComponents**
    String                 |                                                                                                                                                                                                                             Specifies a list of process paths (that may contain wildcards) that are candidates for using dynamic virtualization (such as supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.                                                                                                                                                                                                                             |                   Empty string.                   |
 
 ## App-V client configuration settings: registry keys
 
 The following table provides information about App-V client configuration settings that can be configured through the registry:
 
-| **Setting name**
    Type  | Registry key value  | Disabled policy state keys and values |
-|---------------------------|---------------------|---------------------------------------|
-| **PackageInstallationRoot**
    String  | Streaming\\PackageInstallationRoot  | Policy value not written (same as Not Configured) |
-| **PackageSourceRoot**
    String  | Streaming\\PackageSourceRoot  | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch**
    True (Enabled); False (Disabled state)  | Streaming\\AllowHighCostLaunch  | 0 |
-| **ReestablishmentRetries**
    Integer (0–99)  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval**
    Integer (0–3600)  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
-| **LocationProvider**
    String  | Streaming\\LocationProvider  | Policy value not written (same as Not Configured) |
-| **CertFilterForClientSsl**
    String  | Streaming\\CertFilterForClientSsl  | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList**
    True (Enabled); False (Disabled state)  | Streaming\\VerifyCertificateRevocationList  | 0 |
-| **SharedContentStoreMode**
    True (Enabled); False (Disabled state)  | Streaming\\SharedContentStoreMode  | 0 |
-| **Name**
    String  | Publishing\\Servers{serverId}\\FriendlyName  | Policy value not written (same as Not Configured) |
-| **URL**
    String  | Publishing\\Servers{serverId}\\URL  | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled**
    True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
-| **GlobalRefreshOnLogon**
    True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
-| **GlobalRefreshInterval**
    Integer (0–744)  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
-| **GlobalRefreshIntervalUnit** 
    0 for hour, 1 for day  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit  | 1 |
-| **UserRefreshEnabled**
    True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\UserEnabled  | False |
-| **UserRefreshOnLogon**
    True (Enabled); False (Disabled state)  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
-| **UserRefreshInterval**
    Word count (with spaces): 85; Integer (0–744 Hours)  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
-| **UserRefreshIntervalUnit**
    0 for hour, 1 for day  | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit  | 1 |
-| **MigrationMode**
    True(Enabled state); False (Disabled state)  | Coexistence\\MigrationMode  | |
-| **EnablePackageScripts**
    True (Enabled); False (Disabled state)  | \\Scripting\\EnablePackageScripts  | |
-| **RoamingFileExclusions**
    String  | | |
-| **RoamingRegistryExclusions**
    String  | Integration\\RoamingReglstryExclusions  | Policy value not written (same as Not Configured) |
-| **IntegrationRootUser**
    String  | Integration\\IntegrationRootUser  | Policy value not written (same as Not Configured) |
-| **IntegrationRootGlobal**
    String  | Integration\\IntegrationRootGlobal  | Policy value not written (same as Not Configured) |
-| **VirtualizableExtensions**
    String  | Integration\\VirtualizableExtensions  | Policy value not written |
-| **ReportingEnabled**
    True (Enabled); False (Disabled state)  | Reporting\\EnableReporting  | False |
-| **ReportingServerURL**
    String  | Reporting\\ReportingServer  | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit**
    Integer \[0–1024\]  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize**
    Integer \[1024–Unlimited\]  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
-| **ReportingStartTime**
    Integer (0–23)  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
-| **ReportingInterval**
    Integer  | Reporting\\RetryInterval  | Policy value not written (same as Not Configured) |
-| **ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\]  | Reporting\\RandomDelay  | Policy value not written (same as Not Configured) |
-| **EnableDynamicVirtualization
    **1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization  | |
-| **EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing  | |
-| **HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)  | | |
-| **ProcessesUsingVirtualComponents**
    String  | Virtualization\\ProcessesUsingVirtualComponents  | Empty string. |
-
-
-
 
+|                            **Setting name**
    Type                            |                           Registry key value                            |       Disabled policy state keys and values       |
+|--------------------------------------------------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------|
+|                     **PackageInstallationRoot**
    String                      |                   Streaming\\PackageInstallationRoot                    | Policy value not written (same as Not Configured) |
+|                        **PackageSourceRoot**
    String                         |                      Streaming\\PackageSourceRoot                       | Policy value not written (same as Not Configured) |
+|       **AllowHighCostLaunch**
    True (Enabled); False (Disabled state)        |                     Streaming\\AllowHighCostLaunch                      |                         0                         |
+|                  **ReestablishmentRetries**
    Integer (0–99)                  |                    Streaming\\ReestablishmentRetries                    | Policy value not written (same as Not Configured) |
+|                **ReestablishmentInterval**
    Integer (0–3600)                 |                   Streaming\\ReestablishmentInterval                    | Policy value not written (same as Not Configured) |
+|                         **LocationProvider**
    String                         |                       Streaming\\LocationProvider                       | Policy value not written (same as Not Configured) |
+|                      **CertFilterForClientSsl**
    String                      |                    Streaming\\CertFilterForClientSsl                    | Policy value not written (same as Not Configured) |
+| **VerifyCertificateRevocationList**
    True (Enabled); False (Disabled state)  |               Streaming\\VerifyCertificateRevocationList                |                         0                         |
+|      **SharedContentStoreMode**
    True (Enabled); False (Disabled state)      |                    Streaming\\SharedContentStoreMode                    |                         0                         |
+|                               **Name**
    String                               |               Publishing\\Servers{serverId}\\FriendlyName               | Policy value not written (same as Not Configured) |
+|                               **URL**
    String                                |                   Publishing\\Servers{serverId}\\URL                    | Policy value not written (same as Not Configured) |
+|       **GlobalRefreshEnabled**
    True (Enabled); False (Disabled state)       |              Publishing\\Servers{serverId}\\GlobalEnabled               |                       False                       |
+|       **GlobalRefreshOnLogon**
    True (Enabled); False (Disabled state)       |            Publishing\\Servers{serverId}\\GlobalLogonRefresh            |                       False                       |
+|                  **GlobalRefreshInterval**
    Integer (0–744)                  |      Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval       |                         0                         |
+|            **GlobalRefreshIntervalUnit** 
    0 for hour, 1 for day             |    Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit     |                         1                         |
+|        **UserRefreshEnabled**
    True (Enabled); False (Disabled state)        |               Publishing\\Servers{serverId}\\UserEnabled                |                       False                       |
+|        **UserRefreshOnLogon**
    True (Enabled); False (Disabled state)        |             Publishing\\Servers{serverId}\\UserLogonRefresh             |                       False                       |
+| **UserRefreshInterval**
    Word count (with spaces): 85; Integer (0–744 Hours) |       Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval        |                         0                         |
+|              **UserRefreshIntervalUnit**
    0 for hour, 1 for day              |     Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit      |                         1                         |
+|        **MigrationMode**
    True(Enabled state); False (Disabled state)        |                       Coexistence\\MigrationMode                        |                                                   |
+|       **EnablePackageScripts**
    True (Enabled); False (Disabled state)       |                    \\Scripting\\EnablePackageScripts                    |                                                   |
+|                      **RoamingFileExclusions**
    String                       |                                                                         |                                                   |
+|                    **RoamingRegistryExclusions**
    String                     |                 Integration\\RoamingReglstryExclusions                  | Policy value not written (same as Not Configured) |
+|                       **IntegrationRootUser**
    String                        |                    Integration\\IntegrationRootUser                     | Policy value not written (same as Not Configured) |
+|                      **IntegrationRootGlobal**
    String                       |                   Integration\\IntegrationRootGlobal                    | Policy value not written (same as Not Configured) |
+|                     **VirtualizableExtensions**
    String                      |                  Integration\\VirtualizableExtensions                   |             Policy value not written              |
+|         **ReportingEnabled**
    True (Enabled); False (Disabled state)         |                       Reporting\\EnableReporting                        |                       False                       |
+|                        **ReportingServerURL**
    String                        |                       Reporting\\ReportingServer                        | Policy value not written (same as Not Configured) |
+|               **ReportingDataCacheLimit**
    Integer \[0–1024\]                |                        Reporting\\DataCacheLimit                        | Policy value not written (same as Not Configured) |
+|            **ReportingDataBlockSize**
    Integer \[1024–Unlimited\]            |                        Reporting\\DataBlockSize                         | Policy value not written (same as Not Configured) |
+|                    **ReportingStartTime**
    Integer (0–23)                    |                          Reporting\\ StartTime                          | Policy value not written (same as Not Configured) |
+|                        **ReportingInterval**
    Integer                        |                        Reporting\\RetryInterval                         | Policy value not written (same as Not Configured) |
+|        **ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\]        |                         Reporting\\RandomDelay                          | Policy value not written (same as Not Configured) |
+|   EnableDynamicVirtualization
    1 (Enabled), 0 (Disabled)    | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization |                                                   |
+|           **EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)           |   HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing   |                                                   |
+|            **HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled)            |                                                                         |                                                   |
+|                 **ProcessesUsingVirtualComponents**
    String                  |             Virtualization\\ProcessesUsingVirtualComponents             |                   Empty string.                   |
 
 ## Related topics
 
-* [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
\ No newline at end of file
+* [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index df14d062d7..a4d1d3bb4f 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to configure access to packages by using the Management Console (Windows 10)
 description: How to configure access to packages by using the App-V Management Console.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to configure access to packages by using the Management Console
@@ -31,8 +34,8 @@ Use the following procedure to configure access to virtualized packages.
 
     1. Using the format **mydomain** \\ **groupname**, enter the name or part of the name of an Active Directory group object, then select **Check**.
 
-        >[!NOTE]  
-        >Ensure that you provide an associated domain name for the group that you are searching for.
+    > [!NOTE]
+    > Ensure that you provide an associated domain name for the group that you are searching for.
 
 3. Grant access to the package by first selecting the desired group, then selecting **Grant Access**. The newly added group is displayed in the **AD entities with access** pane.
 
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 2c4f458795..ae887fc389 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -1,12 +1,15 @@
 ---
 title: How to make a connection group ignore the package version (Windows 10)
 description: How to make a connection group ignore the package version.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to make a connection group ignore the package version
@@ -63,4 +66,4 @@ For more information, see [How to manage App-V packages running on a stand-alone
 
 ## Related topics
 
-- [Managing connection groups](appv-managing-connection-groups.md)
\ No newline at end of file
+- [Managing connection groups](appv-managing-connection-groups.md)
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index ac9673baaf..bef16f0060 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -1,12 +1,15 @@
 ---
 title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10)
 description: How to configure the client to receive package and connection groups updates from the publishing server.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/25/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # How to configure the client to receive package and connection groups updates from the publishing server
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index d19cfb0658..f878e5f7a4 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to connect to the Management Console (Windows 10)
 description: How to Connect to the App-V Management Console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/25/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to connect to the Management Console
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 284057363a..16d0bd518e 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -1,12 +1,15 @@
 ---
 title: About the connection group file (Windows 10)
 description: A summary of what the connection group file is and how to configure it.
-author: MaggiePucciEvans
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/25/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 ms.topic: article
 ---
 # About the connection group file
@@ -90,7 +93,7 @@ You can use the connection group file to configure each connection group by usin
 
 - Specify runtime priorities for connection groups. To edit priority by using the App-V Management Console, select the connection group and then select **Edit**.
 
-    >[!NOTE]
+   > [!NOTE]
     >A package only requires priority if it's associated with more than one connection group.
 - Specify package precedence within the connection group.
 
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 99932f11be..7fa1f3d1b5 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -1,12 +1,15 @@
 ---
 title: About the connection group virtual environment (Windows 10)
 description: Overview of how the connection group virtual environment works.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/25/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # About the connection group virtual environment
@@ -27,7 +30,20 @@ The connection group that is used is based on the order in which a package appea
 Consider the following example section:
 
 ```XML
-
+
+  
+  
+  
+
 ```
 
 Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package.
@@ -67,4 +83,4 @@ When a virtualized application tries to find a specific file, App-V will first f
 
 ## Related topics
 
-- [Managing Connection Groups](appv-managing-connection-groups.md)
\ No newline at end of file
+- [Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 36dcf56ffe..b6228dd6cd 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,12 +1,15 @@
 ---
 title: How to convert a package created in a previous version of App-V (Windows 10)
 description: How to convert a package created in a previous version of App-V.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to convert a package created in a previous version of App-V
@@ -15,7 +18,7 @@ ms.topic: article
 
 You can use the package converter utility to upgrade virtual application packages created by previous versions of App-V. This section will tell you how to convert existing virtual application packages for upgrade.
 
->[!NOTE]  
+>[!NOTE]
 >If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
 
 The package converter can only directly convert packages created by an App-V sequencer version 4.5 or later. Packages created with an App-V version earlier than 4.5 must be upgraded to at least App-V 4.5 before conversion.
@@ -35,24 +38,24 @@ The App-V package converter will save the App-V 4.6 installation root folder and
 
 2. You can enter the following cmdlets to check or convert packages:
 
-    - **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
+   - **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
 
-         ```PowerShell
-         Test-AppvLegacyPackage -?
-         ```
+        ```PowerShell
+        Test-AppvLegacyPackage -?
+        ```
 
-    - **ConvertFrom-AppvLegacyPackage**—This cmdlet converts packages from legacy versions to updated versions. To convert an existing package, enter the following cmdlet:
+   - **ConvertFrom-AppvLegacyPackage**—This cmdlet converts packages from legacy versions to updated versions. To convert an existing package, enter the following cmdlet:
 
-         ```PowerShell
-         ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
-         ```
+        ```PowerShell
+        ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
+        ```
 
      In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
 
      Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
 
-      >[!NOTE]  
-      >Before you specify the output directory, you must create the output directory.
+> [!NOTE]
+    >Before you specify the output directory, you must create the output directory.
 
 ### Advanced Conversion Tips
 
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 2ecf79eaaf..c7df167fba 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a connection croup with user-published and globally published packages (Windows 10)
 description: How to create a connection croup with user-published and globally published packages.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a connection croup with user-published and globally published packages
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index f5353a4be2..2dca44be85 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a connection group (Windows 10)
 description: How to create a connection group with the App-V Management Console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a connection group
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index e27f48c14a..098316aee4 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
 description: How to create a custom configuration file by using the App-V Management Console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a custom configuration file by using the App-V Management Console
@@ -27,13 +30,10 @@ You can create a dynamic user configuration file with the App-V Management Conso
 
 4. Select **Advanced**, and then select **Export Configuration**. Enter a file name and select **Save**. Now you can edit the file to configure a package for a user.
 
-    >[!NOTE]  
-    >If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enabled and set to block downloads, you won't be able to download anything from the App-V Server.
-
-
-
+   > [!NOTE]
+   > If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enalbed and set to block downloads, you won't be able to download anything from the App-V Server.
 
 
 ## Related topics
 
-- [Operations for App-V](appv-operations.md)
\ No newline at end of file
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index c9e6680de7..a33e8e481a 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a package accelerator by using Windows PowerShell (Windows 10)
 description: How to create a package accelerator with Windows PowerShell.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a package accelerator by using Windows PowerShell
@@ -24,20 +27,20 @@ App-V Package Accelerators automatically sequence large, complex applications. A
 
     The following parameters are required to use the package accelerator cmdlet:
 
-    - *InstalledFilesPath* specifies the application installation path.
-    - *Installer* specifies the path to the application installer media.
-    - *InputPackagePath* specifies the path to the .appv package.
-    - *Path* specifies the output directory for the package.
+   - *InstalledFilesPath* specifies the application installation path.
+   - *Installer* specifies the path to the application installer media.
+   - *InputPackagePath* specifies the path to the .appv package.
+   - *Path* specifies the output directory for the package.
 
-    The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media:
+     The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media:
 
-    ```PowerShell
-    New-AppvPackageAccelerator -InputPackagePath  -Installer  -Path 
-    ```
+     ```PowerShell
+     New-AppvPackageAccelerator -InputPackagePath  -Installer  -Path 
+     ```
 
-    You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet:
+     You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet:
 
-    - *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator.
+   - *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator.
 
 
 
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index 1aa2fa75c3..e16200acad 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a package accelerator (Windows 10)
 description: How to create a package accelerator.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a package accelerator
@@ -50,7 +53,7 @@ Use the following procedure to create a package accelerator.
 
 6. On the **Gathering Information** page, review the files that you couldn't find in the location specified by the **Installation Files** page. If the files displayed are not required, select **Remove these files**, then select **Next**. If the files are required, select **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-    >[!NOTE]
+   > [!NOTE]
     >You must either remove the unrequired files or select **Previous** and locate the required files to advance to the next page of this wizard.
 
 7. On the **Select Files** page, carefully review the detected files. Clear any file the package accelerator doesn't need to run successfully and select only the files that the application requires. When you're done, select **Next**.
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index 48dfcaf890..936ec0bf29 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -1,12 +1,15 @@
 ---
 title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
 description: How to create a virtual application package using an App-V Package Accelerator.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to create a virtual application package using an App-V Package Accelerator
@@ -37,7 +40,7 @@ Use the following procedure to create a virtual application package with the App
 
     Alternatively, if you have already copied the installation files to a directory on this computer, select **Make New Folder**, browse to the folder that contains the installation files, then select **Next**.
 
-    >[!NOTE]
+   > [!NOTE]
     >You can specify the following types of supported installation files:
     > - Windows Installer files (**.msi**)
     > - Cabinet files (.cab)
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 762a8c3837..5e2bef4061 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -1,12 +1,15 @@
 ---
 title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
 description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
-author: jdeckerms
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Create and apply an App-V project template to a sequenced App-V package
@@ -24,7 +27,7 @@ You must first create and save a project template, including a virtual app packa
 
 1. On the device running the App-V Sequencer, select **Start**, select **All Programs**, select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
 
-    >[!NOTE]
+   > [!NOTE]
     >If the virtual app package is currently open in the App-V Sequencer console, skip to Step 3 of this procedure.
 
 2. On the **File** menu, select **Open**, select **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V Project Template, and then select **Edit** to change any of the settings or info included in the file.
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index dca1b3b048..66e540afb8 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,12 +1,15 @@
 ---
 title: Creating and managing App-V virtualized applications (Windows 10)
 description: Creating and managing App-V virtualized applications
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Creating and managing App-V virtualized applications
@@ -28,7 +31,7 @@ You can use the App-V Sequencer to perform the following tasks:
 - Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
 - Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
 
-    >[!NOTE]
+   > [!NOTE]
     >You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
 
 - Convert existing virtual packages.
@@ -93,20 +96,11 @@ The following table lists the supported shell extensions:
 
 Copy on write (CoW) file extensions allow App-V to dynamically write to specific locations contained in the virtual package while it is being used.
 
-The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
+The following table displays the file types that can exist in a virtual package under the VFS directory, since App-V 5.1, but which cannot be updated on the computer running the App-V client. All other files and directories can be modified.
 
 | File Type||||||
 |---|---|---|---|---|---|
-| .acm | .asa | .asp | .aspx | .ax | .bat |
-| .cer  | .chm  | .clb | .cmd  | .cnt  | .cnv  |
-| .com | .cpl | .cpx  | .crt | .dll | .drv |
-| .esc | .exe  | .fon  | .grp | .hlp | .hta |
-| .ime | .inf  | .ins  | .isp | .its | .js |
-| .jse | .lnk | .msc | .msi | .msp | .mst |
-| .mui | .nls | .ocx  | .pal | .pcd | .pif |
-| .reg  | .scf | .scr | .sct | .shb | .shs  |
-| .sys  | .tlb  | .tsp | .url | .vb | .vbe |
-| .vbs  | .vsmacros | .ws  | .wsf | .wsh  |  |
+| .com | .exe | .dll | .ocx |  |
 
 ## Modifying an existing virtual application package
 
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index b6239f823f..d1a19673a2 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
 description: How to customize virtual application extensions for a specific AD group by using the Management Console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 07/10/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to customize virtual applications extensions for a specific AD group by using the Management Console
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 28ece19e12..cce79c8074 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -1,12 +1,15 @@
 ---
 title: How to delete a connection group (Windows 10)
 description: How to delete a connection group.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to delete a connection group
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index c1da202df9..efb08e96ef 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to delete a package in the Management Console (Windows 10)
 description: How to delete a package in the Management Console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to delete a package in the Management Console
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index c0a29eb10f..a8d4e50173 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -1,12 +1,15 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
 description: How to Deploy the App-V Databases by Using SQL Scripts
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to deploy the App-V databases by using SQL scripts
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 8dde4cdf22..f71def779b 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -1,12 +1,15 @@
 ---
 title: How to deploy App-V packages using electronic software distribution (Windows 10)
 description: How to deploy App-V packages using electronic software distribution.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to deploy App-V packages using electronic software distribution
@@ -43,4 +46,4 @@ Use one of the following methods to publish packages to App-V client computers w
 
 ## Related topics
 
-- [Operations for App-V](appv-operations.md)
\ No newline at end of file
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 52f16c2759..a2d5fcd633 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -1,12 +1,15 @@
----
+---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
 description: How to Deploy the App-V  Server Using a Script
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to deploy the App-V server using a script
@@ -520,4 +523,4 @@ To use a custom instance of Microsoft SQL Server, use these parameters:
 
 ## Related topics
 
-* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
\ No newline at end of file
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index d3ef14b85d..79a0d77597 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -1,12 +1,15 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
 description: How to Deploy the App-V Server in App-V for Windows 10
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to Deploy the App-V Server (new installation)
@@ -51,7 +54,7 @@ ms.topic: article
     | You are using a custom database name. | Select **Custom configuration** and type the database name.
    The database name must be unique, or the installation will fail.|
 8. On the **Configure** page, accept the default value, **Use this local computer**.
 
-    >[!NOTE]
+   > [!NOTE]
     >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
 9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
 
@@ -61,7 +64,7 @@ ms.topic: article
     | You are using a custom database name. | Select **Custom configuration** and type the database name.
    The database name must be unique, or the installation will fail.|
 10. On the **Configure** page, accept the default value: **Use this local computer**.
 
-    >[!NOTE]
+   > [!NOTE]
     >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
 11. On the **Configure** (Management Server Configuration) page, specify the following:
 
@@ -95,4 +98,4 @@ ms.topic: article
 * [Deploying App-V](appv-deploying-appv.md)
 * [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
 * [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
\ No newline at end of file
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index b90d7a848e..ee60adece8 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying App-V (Windows 10)
 description: Deploying App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying App-V for Windows 10
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 42f86ce251..126da2945c 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
 description: Deploying Microsoft Office 2010 by Using App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying Microsoft Office 2010 by Using App-V
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index ef4a648b31..ea9f0906f7 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
 description: Deploying Microsoft Office 2013 by Using App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying Microsoft Office 2013 by Using App-V
@@ -107,7 +110,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
         
         ```
 
-        >[!NOTE]
+       > [!NOTE]
         >The configuration XML is a sample XML file. This file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
 
         The previous example of an XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications by specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
@@ -160,51 +163,51 @@ After you download the Office 2013 applications through the Office Deployment To
 
 1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    * **SourcePath**: Point to the Office applications downloaded earlier.
-    * **ProductID**: Specify the type of licensing, as shown in the following examples:
-        * Subscription Licensing:
-        ```XML
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
-        In this example, the following changes were made to create a package with Subscription licensing:
+   * **SourcePath**: Point to the Office applications downloaded earlier.
+   * **ProductID**: Specify the type of licensing, as shown in the following examples:
+     * Subscription Licensing:
+       ```XML
+       
+        
+         
+           
+         
+         
+           
+         
+       
+       
+       ```
+       In this example, the following changes were made to create a package with Subscription licensing:
         
-        * **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
-        * **Product ID** for Office was changed to `O365ProPlusRetail`.
-        * **Product ID** for Visio was changed to `VisioProRetail`.
-        * Volume Licensing
-        ```XML
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
-        In this example, the following changes were made to create a package with Volume licensing:
+     * **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
+     * **Product ID** for Office was changed to `O365ProPlusRetail`.
+     * **Product ID** for Visio was changed to `VisioProRetail`.
+     * Volume Licensing
+       ```XML
+       
+        
+         
+           
+         
+         
+           
+         
+       
+       
+       ```
+       In this example, the following changes were made to create a package with Volume licensing:
         
-        * **SourcePath** is the source's path, which was changed to point to the Office applications that were downloaded earlier.
-        * **Product ID** for Office was changed to `ProPlusVolume`.
-        * **Product ID** for Visio was changed to `VisioProVolume`.
-    * **ExcludeApp** (optional) lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
-    * **PACKAGEGUID** (optional)—By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+     * **SourcePath** is the source's path, which was changed to point to the Office applications that were downloaded earlier.
+     * **Product ID** for Office was changed to `ProPlusVolume`.
+     * **Product ID** for Visio was changed to `VisioProVolume`.
+   * **ExcludeApp** (optional) lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+   * **PACKAGEGUID** (optional)—By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
         
-        An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
+       An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
         
-        >[!NOTE]
-        >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+      > [!NOTE]
+       >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
 2. Use the **/packager** command to convert the Office applications to an Office 2013 App-V package.
 
     For example:
@@ -225,11 +228,11 @@ After you download the Office 2013 applications through the Office Deployment To
 
     After you run the **/packager** command, the following folders will appear in the directory where you specified the package should be saved:
 
-    * **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.
    
-    * **WorkingDir**
+   * **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.
    
+   * **WorkingDir**
     
-    >[!NOTE]
-    >To troubleshoot any issues, see the log files in the %temp% directory (default).
+    > [!NOTE]
+     >To troubleshoot any issues, see the log files in the %temp% directory (default).
 3. Verify that the Office 2013 App-V package works correctly:
 
     1. Publish the Office 2013 App-V package that you created globally to a test computer and verify that the Office 2013 shortcuts appear.
@@ -378,10 +381,10 @@ To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a
 
 1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    >[!NOTE]
-    >Office App-V packages have two Version IDs:
-      * An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
-      * A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
+   > [!NOTE]
+   > Office App-V packages have two Version IDs:
+   >    * An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+   >    * A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
 2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
 3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index f2caa3c9f0..74b0b27728 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
 description: Deploying Microsoft Office 2016 by using App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying Microsoft Office 2016 by using App-V
@@ -92,8 +95,8 @@ After you download the Office Deployment Tool, you can use it to get the latest
 The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
 
 1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
-  1. Open the sample XML file in Notepad or your favorite text editor.
-  2. With the sample **configuration.xml** file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the **configuration.xml** file:
+   1. Open the sample XML file in Notepad or your favorite text editor.
+   2. With the sample **configuration.xml** file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the **configuration.xml** file:
 
       ```XML
       
@@ -108,7 +111,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
       
       ```
     
-      >[!NOTE]
+     > [!NOTE]
       >The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To uncomment these lines, remove the `````` from the end of the line.
 
       The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. Note that the Product ID of the applications will not affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
@@ -121,21 +124,21 @@ The XML file included in the Office Deployment Tool specifies the product detail
       | Language element     | Specifies which language the applications support.    | `Language ID="en-us"`   |
       | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
    Defaults to latest advertised build (as defined in v32.CAB at the Office source).   | `16.1.2.3`    |
       | SourcePath (attribute of **Add** element)   | Specifies the location the applications will be saved to.    | `Sourcepath = "\\Server\Office2016"`     |
-      | Channel (part of **Add** element)       | Optional. Defines which channel will be used to update Office after installation.
    The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client. 
    For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
    `Channel="Deferred"`
    `Channel="FirstReleaseDeferred"`
    `Channel="FirstReleaseCurrent"`  |
+      | Channel (part of **Add** element)       | Optional. Defines which channel will be used to update Office after installation.
    The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Desktop Client. 
    For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
    `Channel="Deferred"`
    `Channel="FirstReleaseDeferred"`
    `Channel="FirstReleaseCurrent"`  |
 
 After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
 2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
 
-  `\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
+   `\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
 
-  The following table describes the example command's elements:
+   The following table describes the example command's elements:
 
-  | Element | Description |
-  |-------------------------------|--------------------------------------|
-  | ```\\server\Office2016```    | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**.    |
-  | ``Setup.exe``   | This is the Office Deployment Tool.     |
-  | ```/download```  | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file.  |
-  | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
+   | Element | Description |
+   |-------------------------------|--------------------------------------|
+   | ```\\server\Office2016```    | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**.    |
+   | ``Setup.exe``   | This is the Office Deployment Tool.     |
+   | ```/download```  | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file.  |
+   | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
 
 ### Convert the Office applications into an App-V package
 
@@ -161,34 +164,34 @@ After you download the Office 2016 applications through the Office Deployment To
 
 1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    * **SourcePath**: Change to the location where you saved the Office applications you downloaded during setup.
-    * **ProductID**: Specify the type of licensing, as shown in the following example:
+   * **SourcePath**: Change to the location where you saved the Office applications you downloaded during setup.
+   * **ProductID**: Specify the type of licensing, as shown in the following example:
 
-        * Subscription Licensing:
-        ```XML
-        
-           
-            
-              
-            
-            
-              
-            
-          
-        
-        ```
-        This example made the following changes to create this Subscription Licensing package:
+     * Subscription Licensing:
+       ```XML
+       
+        
+         
+           
+         
+         
+           
+         
+       
+       
+       ```
+       This example made the following changes to create this Subscription Licensing package:
         
-        * **SourcePath** was changed to point to the Office applications that were downloaded earlier.
-        * **Product ID** for Office was changed to `O365ProPlusRetail`.
-        * **Product ID** for Visio was changed to `VisioProRetail`.
-    * **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package created by the Office Deployment Tool. For example, you can exclude Access.
-    * **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use **PACKAGEGUID** to specify a different package ID for each package, which allows you to publish multiple App-V packages created by the Office Deployment Tool, and then manage your published packages with the App-V Server.
+     * **SourcePath** was changed to point to the Office applications that were downloaded earlier.
+     * **Product ID** for Office was changed to `O365ProPlusRetail`.
+     * **Product ID** for Visio was changed to `VisioProRetail`.
+   * **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package created by the Office Deployment Tool. For example, you can exclude Access.
+   * **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use **PACKAGEGUID** to specify a different package ID for each package, which allows you to publish multiple App-V packages created by the Office Deployment Tool, and then manage your published packages with the App-V Server.
         
-        An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
+       An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
         
-        >[!NOTE]
-        >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+      > [!NOTE]
+       >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
 2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
 
     The following is an example packager command:
@@ -209,11 +212,11 @@ After you download the Office 2016 applications through the Office Deployment To
 
     After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
     
-    * **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
-    * **WorkingDir**
+   * **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
+   * **WorkingDir**
 
-    >[!NOTE]
-    >To troubleshoot any issues, see the log files in the %temp% directory (default).
+    > [!NOTE]
+     >To troubleshoot any issues, see the log files in the %temp% directory (default).
 3. Verify that the Office 2016 App-V package works correctly:
 
     1. Publish the Office 2016 App-V package that you created globally to a test computer and verify that the Office 2016 shortcuts appear.
@@ -356,7 +359,7 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
 
 1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
 
-    >[!NOTE]
+   > [!NOTE]
     >Office App-V packages have two Version IDs:
       >* An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
       >* A second App-V Package Version ID, formatted as X.X.X.X, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect the new version of Office. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 4f205bf71e..0bc8d491a1 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying App-V packages by using electronic software distribution (ESD)
 description: Deploying App-V packages by using electronic software distribution (ESD)
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying App-V packages by using electronic software distribution (ESD)
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index c50de9053a..b1535ba7a9 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying the App-V Sequencer and configuring the client (Windows 10)
 description: Deploying the App-V Sequencer and configuring the client
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying the App-V Sequencer and configuring the client
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index a8483ea6cb..ae16a7025e 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -1,12 +1,15 @@
 ---
 title: Deploying the App-V Server (Windows 10)
 description: Deploying the App-V Server in App-V for Windows 10
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Deploying the App-V server
@@ -32,7 +35,7 @@ App-V offers the following five server components, each of which serves a specif
 
 * **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
 
- >[!NOTE]
+ > [!NOTE]
     >If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
 * **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. For more information about the management database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
 * **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. To learn how to configure the publishing server, see [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md).
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index dbb94bed87..da297a75ef 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -1,12 +1,15 @@
 ---
 title: App-V Deployment Checklist (Windows 10)
 description: App-V Deployment Checklist
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # App-V Deployment Checklist
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 3e900c1a4b..61c8be02a4 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -1,12 +1,15 @@
 ---
 title: About App-V Dynamic Configuration (Windows 10)
 description: About App-V Dynamic Configuration
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # About App-V dynamic configuration
@@ -425,7 +428,7 @@ The body of the deployment configuration file includes two sections:
 
 ```
 
-User Configuration: see [Dynamic User Configuration](appv-dynamic-configuration.md#dynamic-user-configuration) for more information about this section.
+User Configuration: see [Dynamic User Configuration](#dynamic-user-configuration-file) for more information about this section.
 
 Machine Configuration: The Machine Configuration section of the Deployment Configuration File configures information that can only be set for an entire machine, not a specific user on the computer, like the HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. This element can have the following four subsections.
 
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index ed48d628a2..007503ac03 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -1,12 +1,15 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
 description: How to Enable Only Administrators to Publish Packages by Using an ESD
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to enable only administrators to publish packages by using an ESD
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 9aa52bfd1c..cbaef2e7a4 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to Enable Reporting on the App-V Client by Using Windows PowerShell
@@ -18,65 +21,64 @@ Use the following procedure to configure the App-V for reporting.
 
 **To configure the computer running the App-V client for reporting**
 
-1.  Enable the App-V client. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+1. Enable the App-V client. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
-2.  After you have enabled the App-V client, use the **Set-AppvClientConfiguration** cmdlet to configure appropriate Reporting Configuration settings:
+2. After you have enabled the App-V client, use the **Set-AppvClientConfiguration** cmdlet to configure appropriate Reporting Configuration settings:
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, https://<reportingservername>:<reportingportnumber>.
    
-    
    
-    Note  
-    
    This is the port number that was assigned during the Reporting Server setup
    
-    
    
-    
    
-     
-    
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
+   
+   +   +   +   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
+   
    



    SettingDescription
    ReportingEnabled
    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.
    ReportingServerURL
    Specifies the location on the reporting server where client information is saved. For example, https://<reportingservername>:<reportingportnumber>.
    
+   
    
+   Note
    This is the port number that was assigned during the Reporting Server setup
    
+   
    
+   
    
 
-     
+   
    Reporting Start Time
    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.
    ReportingRandomDelay
    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.
    ReportingInterval
    Specifies the retry interval that the client will use to resend data to the reporting server.
    ReportingDataCacheLimit
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    ReportingDataBlockSize
    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.
    
 
-3.  After the appropriate settings have been configured, the computer running the App-V client will automatically collect data and will send the data back to the reporting server.
 
-    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** cmdlet.
+
+3. After the appropriate settings have been configured, the computer running the App-V client will automatically collect data and will send the data back to the reporting server.
+
+   Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** cmdlet.
 
 
 
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 29f36ee761..39b561ebe4 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -1,12 +1,15 @@
 ---
 title: Enable the App-V in-box client (Windows 10)
 description: How to enable the App-V in-box client installed with Windows 10.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Enable the App-V in-box client
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index c17263348d..6381b20416 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Evaluating App-V (Windows 10)
 description: Evaluating App-V for Windows 10
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index efac1526d5..c05dd40169 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -1,12 +1,15 @@
 ---
 title: Application Virtualization (App-V) (Windows 10)
 description: Application Virtualization (App-V)
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Application Virtualization (App-V) for Windows 10 overview
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index d18e707951..a05b56167e 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -1,12 +1,15 @@
 ---
 title: Getting Started with App-V (Windows 10)
 description: Getting Started with App-V for Windows 10
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Getting started with App-V for Windows 10
@@ -55,4 +58,4 @@ If you're new to App-V, it's a good idea to read the documentation thoroughly. B
 * [Deploying App-V](appv-deploying-appv.md)
 * [Operations for App-V](appv-operations.md)
 * [Troubleshooting App-V](appv-troubleshooting.md)
-* [Technical reference for App-V](appv-technical-reference.md)
\ No newline at end of file
+* [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 6cd81600e8..a74cef34c4 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,12 +1,15 @@
 ---
 title: High-level architecture for App-V (Windows 10)
 description: High-level Architecture for App-V.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # High-level architecture for App-V
@@ -31,4 +34,4 @@ A typical App-V implementation consists of the following elements.
 
 ## Related topics
 
-- [Getting Started with App-V](appv-getting-started.md)
\ No newline at end of file
+- [Getting Started with App-V](appv-getting-started.md)
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index 24405d012e..90350a2913 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index a67f0ea3de..30f57f3cb7 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,12 +1,15 @@
 ---
 title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
@@ -26,11 +29,11 @@ Use the following procedure to install the database server and management server
 4. On the **Feature selection** page, select the components you want to install by first selecting the **Management Server Database** checkbox, then selecting **Next**.
 5. On the **Installation location** page, accept the default location and select **Next**.
 6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
-  * If you are using a custom SQL Server instance, select **Use a custom instance** and enter the name of the instance.
-  * If you are using a custom database name, select **Custom configuration** and enter the database name.
+   * If you are using a custom SQL Server instance, select **Use a custom instance** and enter the name of the instance.
+   * If you are using a custom database name, select **Custom configuration** and enter the database name.
 7. On the next **Create new management server database** page, select **Use a remote computer**, then enter the remote machine account using the following format: ```Domain\MachineAccount```.
 
-    >[!NOTE]
+   > [!NOTE]
     >If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: ```Domain\AdministratorLoginName```. After that, select **Next**.
 8. To start the installation, select **Install**.
 
@@ -42,11 +45,11 @@ Use the following procedure to install the database server and management server
 4. On the **Feature selection** page, select the components you want to install by first selecting the **Reporting Server Database** checkbox, then selecting **Next**.
 5. On the **Installation Location** page, accept the default location and select **Next**.
 6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
- * If you're using a custom SQL Server instance, select **Use a custom instance** and enter the instance name.
- * If you're using a custom database name, select **Custom configuration** and enter the database name.
+   * If you're using a custom SQL Server instance, select **Use a custom instance** and enter the instance name.
+   * If you're using a custom database name, select **Custom configuration** and enter the database name.
 7. On the next **Create new management server database** page, select **Use a remote computer**, and enter the remote machine account using the following format: ```Domain\MachineAccount```.
 
-    >[!NOTE]
+   > [!NOTE]
     >If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. After that, select **Next**.
 8. To start the installation, select **Install**.
 
@@ -55,18 +58,18 @@ Use the following procedure to install the database server and management server
 1. Copy the App-V server installation files to the computer on which you want to install it on.
 2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
 
-  ```SQL
+   ```SQL
     appv\_server\_setup.exe /LAYOUT /LAYOUTDIR=”InstallationExtractionLocation”
-  ```
+   ```
   
 3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
 
- * The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
- * The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
+   * The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
+   * The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
 4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
 
- >[!NOTE]
- >For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
+  > [!NOTE]
+   >For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
 5. Run the scripts on the computer running Microsoft SQL Server.
 
 
@@ -75,4 +78,4 @@ Use the following procedure to install the database server and management server
 
 ## Related topics
 
-* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 7e82f64b5b..314545131f 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -1,12 +1,15 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to install the Management Server on a Standalone Computer and Connect it to the Database
@@ -22,12 +25,12 @@ To install the management server on a standalone computer and connect it to the
 5. On the **Installation Location** page, accept the default location, then select **Next**.
 6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.
 
- >[!NOTE]
- >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
+  > [!NOTE]
+   >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
 7. On the **Configure management server configuration** page, specify the following items:
-  * The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
-  * The **Website Name** you want to use for the management service. Accept the default if you do not have a custom name.
-  * For the **Port Binding**, specify a unique port number, such as **12345**.
+   * The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+   * The **Website Name** you want to use for the management service. Accept the default if you do not have a custom name.
+   * For the **Port Binding**, specify a unique port number, such as **12345**.
 8. Select **Install**.
 9. To confirm that the setup has completed successfully, open a web browser and enter the following URL: https://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings displayed.
 
@@ -37,4 +40,4 @@ To install the management server on a standalone computer and connect it to the
 
 ## Related topics
 
-* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index a4d4a8ed1a..c2f081dd15 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,12 +1,15 @@
 ---
 title: How to Install the Publishing Server on a Remote Computer (Windows 10)
 description: How to Install the App-V Publishing Server on a Remote Computer
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to install the publishing server on a remote computer
@@ -24,16 +27,16 @@ Use the following procedure to install the publishing server on a separate compu
 5. On the **Installation location** page, accept the default location, then select **Next**.
 6. On the **Configure publishing server configuration** page, specify the following items:
 
- * The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
- * Specify the website name that you want to use for the publishing service. If you don't have a custom name, then use the default name.
- * For the **Port binding**, specify a unique port number that will be used by App-V. For example, **54321**.
+   * The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+   * Specify the website name that you want to use for the publishing service. If you don't have a custom name, then use the default name.
+   * For the **Port binding**, specify a unique port number that will be used by App-V. For example, **54321**.
 7. On the **Ready to install** page, select **Install**.
 8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
 
     1. Open the App-V management server console.
     2. In the left pane, select **Servers**, then select **Register New Server**.
     3. Enter the server name and a description (if required), then select **Add**.
-9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: **https://publishingserver:pubport**. If the server is running correctly, information like the following example should appear.
+9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: https://publishingserver:pubport. If the server is running correctly, information like the following example should appear.
 
     ```SQL
     
@@ -59,4 +62,4 @@ Use the following procedure to install the publishing server on a separate compu
 
 ## Related topics
 
-* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 9c1a1b5066..a0a7912e96 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,12 +1,15 @@
 ---
 title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to install the reporting server on a standalone computer and connect it to the database
@@ -27,7 +30,7 @@ Use the following procedure to install the reporting server on a standalone comp
 5. On the **Installation location** page, accept the default location and select **Next**.
 6. On the **Configure existing reporting database** page, select **Use a remote SQL Server**, then enter the machine name of the computer running Microsoft SQL Server. For example, you can name your computer **SqlServerMachine**.
 
-    >[!NOTE]
+   > [!NOTE]
     >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server instance, select **Use the default instance**. If you're using a custom Microsoft SQL Server instance, select **Use a custom instance**, then enter the name of your custom instance. Specify the **SQL Server Database name** that this reporting server will use; for example, you can name the server **AppvReporting**.
 7. On the **Configure reporting server configuration** page.
 
@@ -43,4 +46,4 @@ Use the following procedure to install the reporting server on a standalone comp
 
 * [About App-V reporting](appv-reporting.md)
 * [Deploying App-V](appv-deploying-appv.md)
-* [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
\ No newline at end of file
+* [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 59f1199d00..6fe3e63862 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,12 +1,15 @@
 ---
 title: Install the App-V Sequencer (Windows 10)
 description: Install the App-V Sequencer
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Install the App-V Sequencer
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index ae78cb69e8..a4597fb812 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -1,12 +1,15 @@
 ---
 title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index eab387ff9a..65f4a157a0 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Maintaining App-V (Windows 10)
 description: Maintaining App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Maintaining App-V
@@ -33,4 +36,4 @@ Additionally, ISVs who want to explicitly virtualize or not virtualize calls on
 
 ## Other resources for maintaining App-V
 
-* [Operations for App-V](appv-operations.md)
\ No newline at end of file
+* [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 4482877876..f0f0b0ad03 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/24/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
@@ -29,8 +32,8 @@ Get-AppvClientPackage –Name "ContosoApplication" -Version 2
 
 Use the **Add-AppvClientPackage** cmdlet to add a package to a computer.
 
->[!IMPORTANT]
->This example only adds a package. It does not publish the package to the user or the computer.
+> [!IMPORTANT]
+> This example only adds a package. It does not publish the package to the user or the computer.
 
 For example:
 
@@ -56,8 +59,8 @@ Publish-AppvClientPackage "ContosoApplication" -Global
 
 ## Publish a package to a specific user
 
->[!NOTE]  
->You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+> [!NOTE]
+> You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
 An administrator can publish a package to a specific user by specifying the optional *–UserSID* parameter with the **Publish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID).
 
@@ -96,8 +99,8 @@ Unpublish-AppvClientPackage "ContosoApplication"
 
 ## Unpublish a package for a specific user
 
->[!NOTE]
->You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+> [!NOTE]
+> You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
 An administrator can unpublish a package for a specific user by using the optional *-UserSID* parameter with the **Unpublish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID).
 
@@ -124,8 +127,8 @@ For example:
 Remove-AppvClientPackage "ContosoApplication"
 ```
 
->[!NOTE]
->App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
+> [!NOTE]
+> App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
 
 ## Enable only administrators to publish or unpublish packages
 
@@ -169,4 +172,4 @@ For more information about pending tasks, see [Upgrading an in-use App-V package
 ## Related topics
 
 - [Operations for App-V](appv-operations.md)
-- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
\ No newline at end of file
+- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 9e50ad3f0c..c3653ce3be 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index db17fbe2a0..76ced5b4de 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,12 +1,15 @@
 ---
 title: Managing Connection Groups (Windows 10)
 description: Managing Connection Groups
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
@@ -29,40 +32,40 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 
 
 
-
    [About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md)
    
+
    About the Connection Group Virtual Environment
    
 
    Describes the connection group virtual environment.
    
 
 
-
    [About the Connection Group File](appv-connection-group-file.md)
    
+
    About the Connection Group File
    
 
    Describes the connection group file.
    
 
 
-
    [How to Create a Connection Group](appv-create-a-connection-group.md)
    
+
    How to Create a Connection Group
    
 
    Explains how to create a new connection group.
    
 
 
-
    [How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)
    
+
    How to Create a Connection Group with User-Published and Globally Published Packages
    
 
    Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.
    
 
 
-
    [How to Delete a Connection Group](appv-delete-a-connection-group.md)
    
+
    How to Delete a Connection Group
    
 
    Explains how to delete a connection group.
    
 
 
-
    [How to Publish a Connection Group](appv-publish-a-connection-group.md)
    
+
    How to Publish a Connection Group
    
 
    Explains how to publish a connection group.
    
 
 
-
    [How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)
    
+
    How to Make a Connection Group Ignore the Package Version
    
 
    Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.
    
 
 
-
    [How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)
    
+
    How to Allow Only Administrators to Enable Connection Groups
    
 
    Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.
    
 
 
 
- 
+ 
 
 
 
@@ -74,9 +77,9 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 
 -   [Operations for App-V](appv-operations.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index 3776b26829..cd519bf28a 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,12 +1,15 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
 description: Migrating to App-V for Windows 10 from a previous version
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
@@ -52,7 +55,7 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
 
 
 
- 
+ 
 
 ### Example conversion statement
 
@@ -158,7 +161,7 @@ ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\
 
 
 
- 
+ 
 
 ## Converting packages created using a prior version of App-V
 
@@ -169,7 +172,7 @@ Use the package converter utility to upgrade virtual application packages create
 **Important**  
 After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful.
 
- 
+ 
 
 **What to know before you convert existing packages**
 
@@ -187,7 +190,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
    Virtual packages using DSC are not linked after conversion.
    
-
    Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).
    
+
    Link the packages using connection groups. See Managing Connection Groups.
    
 
 
 
    Environment variable conflicts are detected during conversion.
    
@@ -200,7 +203,7 @@ After you convert an existing package you should test the package prior to deplo
 
 
 
- 
+ 
 
 When converting a package check for failing files or shortcuts, locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
 
@@ -230,19 +233,19 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
 
 
 
    Review prerequisites.
    
-
    [App-V Server prerequisite software](appv-prerequisites.md#app-v-server-prerequisite-software).
    
+
    App-V Server prerequisite software.
    
 
 
 
    Enable the App-V client.
    
-
    [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
    
+
    Enable the App-V desktop client.
    
 
 
 
    Install App-V Server.
    
-
    [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).
    
+
    How to Deploy the App-V Server.
    
 
 
 
    Migrate existing packages.
    
-
    See [Converting packages created using a prior version of App-V](#converting-packages-created-using-a-prior-version-of-app-v) earlier in this topic.
    
+
    See Converting packages created using a prior version of App-V earlier in this topic.
    
 
 
 
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index e5e1aae356..a783bac0cb 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,12 +1,15 @@
 ---
 title: How to Modify an Existing Virtual Application Package (Windows 10)
 description: How to Modify an Existing Virtual Application Package
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 9f0295e52a..11bcc0117b 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,12 +1,15 @@
 ---
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
 description: How to Modify Client Configuration by Using Windows PowerShell
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 9cee0ac02c..de47148927 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,12 +1,15 @@
 ---
 title: How to Move the App-V Server to Another Computer (Windows 10)
 description: How to Move the App-V Server to Another Computer
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 13775f5a7a..d5f38d7982 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,12 +1,15 @@
 ---
 title: Operations for App-V (Windows 10)
 description: Operations for App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Operations for App-V
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 7c9215a248..40047a8bd9 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,12 +1,15 @@
 ---
 title: Performance Guidance for Application Virtualization (Windows 10)
 description: Performance Guidance for Application Virtualization
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
@@ -86,7 +89,7 @@ Deployment Environment
 
 
 
- 
+ 
 
 Expected Configuration
 
@@ -107,7 +110,7 @@ Expected Configuration
 
 
 
- 
+ 
 
 IT Administration
 
@@ -124,7 +127,7 @@ IT Administration
 
 
 
- 
+ 
 
 ### Usage Scenarios
 
@@ -144,14 +147,14 @@ As you review the two scenarios, keep in mind that these approach the extremes.
 
 
 
    To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.
    
-
    The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.
    
+
    The following describes many performance improvements in stateful non-persistent deployments. For more information, see Sequencing Steps to Optimize Packages for Publishing Performance later in this topic.
    
 
    The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.
    
-
    The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.
    
+
    The impact of this alteration is detailed in the User Experience Walk-through section of this document.
    
 
 
 
 
- 
+ 
 
 ### Preparing your Environment
 
@@ -174,9 +177,9 @@ The following table displays the required steps to prepare the base image and th
 
 
    
 
      
-
    • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
      • 
+
    • Enable the App-V client as described in Enable the App-V in-box client.
      • 
 
    • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
      • 
-
    • Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
      • 
+
    • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.
      • 
 
    • Configure Preserve User Integrations on Login Registry DWORD.
      • 
 
    • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.
      • 
 
    • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.
      • 
@@ -194,9 +197,9 @@ The following table displays the required steps to prepare the base image and th
 
    
 
    
 
      
-
    • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
      • 
+
    • Enable the App-V client as described in Enable the App-V in-box client.
      • 
 
    • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
      • 
-
    • Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
      • 
+
    • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.
      • 
 
    • Configure Preserve User Integrations on Login Registry DWORD.
      • 
 
    • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.
      • 
 
    • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.
      • 
@@ -207,7 +210,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+ 
 
 **Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information:
 
@@ -228,7 +231,7 @@ The following table displays the required steps to prepare the base image and th
 
 
      Shared Content Store (SCS) Mode
      
 
        
-
      • Configurable in Windows PowerShell with `Set-AppvClientConfiguration -SharedContentStoreMode 1`
        or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
        • 
+
      • Configurable in Windows PowerShell with Set-AppvClientConfiguration -SharedContentStoreMode 1
        or configurable with Group Policy, as described in Deploying the App-V Sequencer and Configuring the Client.
        • 
 
      
 
      When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
      
 
      This helps to conserve local storage and minimize disk I/O per second (IOPS).
      
@@ -259,7 +262,7 @@ The following table displays the required steps to prepare the base image and th
 
 
 
- 
+ 
 
 ### Configure UE-V solution for App-V Approach
 
@@ -285,7 +288,7 @@ UE-V will only support removing the .lnk file type from the exclusion list in th
 **Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
- 
+ 
 
 Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
 
@@ -308,7 +311,7 @@ To enable an optimized login experience, for example the App-V approach for the
 
     App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders.
 
-     
+     
 
 -   Capturing changes to the locations, which constitute the user integrations, prior to session logoff.
 
@@ -401,7 +404,7 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
 
 
- 
+ 
 
 @@ -426,7 +429,7 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
 
      
 

 
      
 
- 
+ 
 
 ### Impact to Package Life Cycle
 
@@ -513,7 +516,7 @@ Several App-V features facilitate new scenarios or enable new customer deploymen
 
 
 
- 
+ 
 
 ### Removing FB1
 
@@ -552,7 +555,7 @@ Removing FB1 does not require the original application installer. After completi
     **Note**  
     This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
 
-     
+     
 
 @@ -579,7 +582,7 @@ Removing FB1 does not require the original application installer. After completi
 
      
 

 
      
 
- 
+ 
 
 ### Creating a new virtual application package on the sequencer
 
@@ -616,7 +619,7 @@ When publishing a virtual application package, the App-V Client will detect if a
 
 
 
- 
+ 
 
 ### Disabling a Dynamic Configuration by using Windows PowerShell
 
@@ -666,7 +669,7 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 
 
- 
+ 
 
 ### Determining what virtual fonts exist in the package
 
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index fd5a908035..dc6488afb9 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -1,12 +1,15 @@
 ---
 title: App-V Planning Checklist (Windows 10)
 description: App-V Planning Checklist
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # App-V Planning Checklist
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index eb7f2408b6..3a1d781f17 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Planning to Use Folder Redirection with App-V (Windows 10)
 description: Planning to Use Folder Redirection with App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning to Use Folder Redirection with App-V
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index ba19107fe3..289e32ec6f 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -1,12 +1,15 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
 description: Planning for the App-V 5.1 Server Deployment
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning for the App-V server deployment
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 826d77a491..175946673a 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Planning for App-V (Windows 10)
 description: Planning for App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning for App-V
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 7f372f723d..e6167f8707 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Planning for High Availability with App-V Server
 description: Planning for High Availability with App-V Server
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning for high availability with App-V Server
@@ -84,8 +87,8 @@ Use the following steps to modify the connection string to include ```failover p
 2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
 3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the ```failover partner = ``` value.
 4. Restart management service using the IIS console.
- >[!NOTE]
- >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012]() due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
+  > [!NOTE]
+   >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012]() due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
 
 Click any of the following links for more information:
 
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index edeffdebaf..adcfe14ddc 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -1,12 +1,15 @@
 ---
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
 description: Planning for the App-V Sequencer and Client Deployment
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning for the App-V Sequencer and Client Deployment
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 3a1420dd69..ae79aea7c4 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,12 +1,15 @@
 ---
 title: Planning for Deploying App-V with Office (Windows 10)
 description: Planning for Using App-V with Office
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning for deploying App-V with Office
@@ -87,11 +90,11 @@ To bypass the auto-registration operation for native Word 2010, follow these ste
 1. Exit Word 2010.
 2. Start the Registry Editor by doing the following:
 
-    * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
+   * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
 
-    * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
+   * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
 
-    If you're prompted for an administrator password, enter the password. If you're prompted for a confirmation, select **Continue**.
+     If you're prompted for an administrator password, enter the password. If you're prompted for a confirmation, select **Continue**.
 3. Locate and then select the following registry subkey:
 
     ``` syntax
@@ -136,4 +139,4 @@ The Office 2013 or Office 2016 App-V package supports the following integration
 
 * [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
 * [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-* [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
\ No newline at end of file
+* [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index d8b89dd307..4fec6e664e 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -1,12 +1,15 @@
 ---
 title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning to Deploy App-V with an electronic software distribution system
@@ -30,4 +33,4 @@ Review the following component and architecture requirements options that apply
 
 * [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
 * [How to deploy App-V packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
-* [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
\ No newline at end of file
+* [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 24becb67a5..8b30ecd4ff 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -1,12 +1,15 @@
 ---
 title: Planning to Deploy App-V (Windows 10)
 description: Planning to Deploy App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Planning to Deploy App-V for Windows 10
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index 60612d1e5c..33dcf85901 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -1,12 +1,15 @@
 ---
 title: Preparing Your Environment for App-V (Windows 10)
 description: Preparing Your Environment for App-V
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # Preparing your environment for App-V
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 35032ce623..841c318800 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -1,12 +1,15 @@
 ---
 title: App-V Prerequisites (Windows 10)
 description: App-V Prerequisites
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # App-V for Windows 10 prerequisites
@@ -160,4 +163,4 @@ What to know before installing the prerequisites:
 ## Related topics
 
 * [Planning for App-V](appv-planning-for-appv.md)
-* [App-V Supported Configurations](appv-supported-configurations.md)
\ No newline at end of file
+* [App-V Supported Configurations](appv-supported-configurations.md)
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 2e3e097e03..c8c8da79fa 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -1,12 +1,15 @@
 ---
 title: How to Publish a Connection Group (Windows 10)
 description: How to Publish a Connection Group
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to Publish a Connection Group
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index 465bd880a0..47e033fcbe 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to publish a package by using the Management console (Windows 10)
 description: How to publish a package by using the Management console.
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ms.topic: article
 ---
 # How to publish a package by using the Management console
@@ -15,8 +18,8 @@ ms.topic: article
 
 Use the following procedure to publish an App-V package. Once you publish a package, computers running the App-V client can access and run the applications in that package.
 
->[!NOTE]  
->The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
+> [!NOTE]
+> The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
 
 ## Publish an App-V package
 
@@ -43,4 +46,4 @@ Use the following procedure to publish an App-V package. Once you publish a pack
 ## Related topics
 
 * [Operations for App-V](appv-operations.md)
-* [How to configure access to packages by using the Management console](appv-configure-access-to-packages-with-the-management-console.md)
\ No newline at end of file
+* [How to configure access to packages by using the Management console](appv-configure-access-to-packages-with-the-management-console.md)
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 14f6f70cad..da72c8bd99 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -1,12 +1,15 @@
 ---
 title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10)
 description: How to Register and Unregister a Publishing Server by Using the Management Console
-author: MaggiePucciEvans
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index 46c2626270..9179e46022 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -1,12 +1,15 @@
 ---
 title: Release Notes for App-V for Windows 10, version 1703 (Windows 10)
 description: A list of known issues and workarounds for App-V running on Windows 10, version 1703.
-author: jdeckerms
+author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: lomayor
 ---
 
 
@@ -25,7 +28,7 @@ The following are known issues and workarounds for Application Virtualization (A
     
         
             Unable to manually create a system-owned folder needed for the set-AppVClientConfiguration PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
-            Don't create this file manually, instead let the Add-AppVClientPackage cmdlet auto-generate it.
+            Don't create this file manually, instead let the Add-AppVClientPackage cmdlet auto-generate it.
         
         
             Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
@@ -33,71 +36,70 @@ The following are known issues and workarounds for Application Virtualization (A
         
         
             Unable to modify the locale for auto-sequencing.
-            Open the C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
+            Open the C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
         
         
-            Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
+            Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
             The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <appv:Extensions> tag:
 
      
 <appv:Extension Category="AppV.URLProtocol">
-	<appv:URLProtocol>
-		<appv:Name>ftp</appv:Name>
-		<appv:ApplicationURLProtocol>
-			<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-			<appv:ShellCommands>
-				<appv:DefaultCommand>open</appv:DefaultCommand>
-				<appv:ShellCommand>
-					<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-					<appv:Name>open</appv:Name>
-					<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-					<appv:DdeExec>
-						<appv:DdeCommand />
-					</appv:DdeExec>
-				</appv:ShellCommand>
-			</appv:ShellCommands>
-		</appv:ApplicationURLProtocol>
-	</appv:URLProtocol>
+    <appv:URLProtocol>
+        <appv:Name>ftp</appv:Name>
+        <appv:ApplicationURLProtocol>
+            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
+            <appv:ShellCommands>
+                <appv:DefaultCommand>open</appv:DefaultCommand>
+                <appv:ShellCommand>
+                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
+                    <appv:Name>open</appv:Name>
+                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
+                    <appv:DdeExec>
+                        <appv:DdeCommand />
+                    </appv:DdeExec>
+                </appv:ShellCommand>
+            </appv:ShellCommands>
+        </appv:ApplicationURLProtocol>
+    </appv:URLProtocol>
 </appv:Extension>
 <appv:Extension Category="AppV.URLProtocol">
-	<appv:URLProtocol>
-		<appv:Name>http</appv:Name>
-		<appv:ApplicationURLProtocol>
-			<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-			<appv:ShellCommands>
-				<appv:DefaultCommand>open</appv:DefaultCommand>
-				<appv:ShellCommand>
-					<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-					<appv:Name>open</appv:Name>
-					<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-					<appv:DdeExec>
-						<appv:DdeCommand />
-					</appv:DdeExec>
-				</appv:ShellCommand>
-			</appv:ShellCommands>
-		</appv:ApplicationURLProtocol>
-	</appv:URLProtocol>
+    <appv:URLProtocol>
+        <appv:Name>http</appv:Name>
+        <appv:ApplicationURLProtocol>
+            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
+            <appv:ShellCommands>
+                <appv:DefaultCommand>open</appv:DefaultCommand>
+                <appv:ShellCommand>
+                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
+                    <appv:Name>open</appv:Name>
+                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
+                    <appv:DdeExec>
+                        <appv:DdeCommand />
+                    </appv:DdeExec>
+                </appv:ShellCommand>
+            </appv:ShellCommands>
+        </appv:ApplicationURLProtocol>
+    </appv:URLProtocol>
 </appv:Extension>
 <appv:Extension Category="AppV.URLProtocol">
-	<appv:URLProtocol>
-		<appv:Name>https</appv:Name>
-		<appv:ApplicationURLProtocol>
-			<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-			<appv:ShellCommands>
-				<appv:DefaultCommand>open</appv:DefaultCommand>
-				<appv:ShellCommand>
-					<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-					<appv:Name>open</appv:Name>
-					<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-					<appv:DdeExec>
-						<appv:DdeCommand />
-					</appv:DdeExec>
-				</appv:ShellCommand>
-			</appv:ShellCommands>
-		</appv:ApplicationURLProtocol>
-	</appv:URLProtocol>
+    <appv:URLProtocol>
+        <appv:Name>https</appv:Name>
+        <appv:ApplicationURLProtocol>
+            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
+            <appv:ShellCommands>
+                <appv:DefaultCommand>open</appv:DefaultCommand>
+                <appv:ShellCommand>
+                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
+                    <appv:Name>open</appv:Name>
+                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
+                    <appv:DdeExec>
+                        <appv:DdeCommand />
+                    </appv:DdeExec>
+                </appv:ShellCommand>
+            </appv:ShellCommands>
+        </appv:ApplicationURLProtocol>
+    </appv:URLProtocol>
 </appv:Extension>
-
                  
-            
+

    diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md index 0e199f9a53..daf1783e49 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md @@ -1,12 +1,15 @@ --- title: Release Notes for App-V for Windows 10, version 1607 (Windows 10) description: A list of known issues and workarounds for App-V running on Windows 10, version 1607. -author: jdeckerms +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- # Release Notes for App-V for Windows 10, version 1607 @@ -33,7 +36,7 @@ MSI packages that were generated using an App-V sequencer from previous versions 4. From an elevated Windows PowerShell prompt, navigate to the following folder: - <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\** + <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\** By default, this path will be:
    **C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** @@ -134,8 +137,8 @@ The InsertVersionInfo.sql script is not required for versions of the App-V manag The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). ->[!IMPORTANT]  ->**Step 1** of the KB article listed above isn't required for versions of App-V later than App-V 5.0 SP3. +> [!IMPORTANT] +> **Step 1** of the KB article listed above isn't required for versions of App-V later than App-V 5.0 SP3. ## Microsoft Visual Studio 2012 not supported App-V doesn't support Visual Studio 2012. diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index e7c4fe6c64..99a25f7fda 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -1,12 +1,15 @@ --- title: About App-V Reporting (Windows 10) description: About App-V Reporting -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article --- # About App-V reporting @@ -21,15 +24,15 @@ The following list displays the end–to-end high-level workflow for reporting i 1. The App-V Reporting server requires the following things: - * Internet Information Service (IIS) web server role - * Windows Authentication role (under **IIS / Security**) - * SQL Server installed and running with SQL Server Reporting Services (SSRS) + * Internet Information Service (IIS) web server role + * Windows Authentication role (under **IIS / Security**) + * SQL Server installed and running with SQL Server Reporting Services (SSRS) - To confirm SQL Server Reporting Services is running, enter in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should appear. + To confirm SQL Server Reporting Services is running, enter in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should appear. 2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server. 3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports](https://www.microsoft.com/en-us/download/details.aspx?id=42630). - >[!NOTE] + > [!NOTE] >If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V. 4. After importing the App-V Windows PowerShell module using **Import-Module AppvClient** as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting: @@ -43,7 +46,7 @@ The following list displays the end–to-end high-level workflow for reporting i 5. After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server, which then notifies the App-V client. 6. When the App-V client receives the success notification, it empties the data cache to conserve space. - >[!NOTE] + > [!NOTE] >By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache. If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache. @@ -88,7 +91,7 @@ Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send For a complete list of client configuration settings, go to [About client configuration settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**. * Using Group Policy. If distributed using the domain controller, the settings are the same as previously listed. - >[!NOTE] + > [!NOTE] >Group Policy settings override local settings configured using Windows PowerShell. ## App-V Client reporting @@ -212,4 +215,4 @@ You should also ensure that the reporting server web service’s **Maximum Concu ## Related topics * [Deploying the App-V server](appv-deploying-the-appv-server.md) -* [How to install the reporting server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md) \ No newline at end of file +* [How to install the reporting server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md) diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index 491c148ac7..5582efb79c 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -1,12 +1,15 @@ --- title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10) description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 03/08/2018 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md index 53cf04a9a4..32939d5452 100644 --- a/windows/application-management/app-v/appv-security-considerations.md +++ b/windows/application-management/app-v/appv-security-considerations.md @@ -1,12 +1,15 @@ --- title: App-V Security Considerations (Windows 10) description: App-V Security Considerations -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article --- # App-V security considerations @@ -53,7 +56,7 @@ No groups are created automatically during App-V setup. You should create the fo Consider the following additional information: * Access to the package shares: If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share. - >[!NOTE] + > [!NOTE] >In previous versions of App-V, package share was referred to as content share. * Registering publishing servers with Management Server: A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API. @@ -69,4 +72,4 @@ During App-V setup, setup log files are created in the **%temp%** folder of the ## Related topics -[Preparing Your Environment for App-V](appv-preparing-your-environment.md) \ No newline at end of file +[Preparing Your Environment for App-V](appv-preparing-your-environment.md) diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md index 7a7d54cfee..bdb63f9a46 100644 --- a/windows/application-management/app-v/appv-sequence-a-new-application.md +++ b/windows/application-management/app-v/appv-sequence-a-new-application.md @@ -1,12 +1,15 @@ --- title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10) description: How to manually sequence a new app using the App-V Sequencer -author: jdeckerms +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article --- # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) @@ -52,7 +55,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD 5. On the **Select Installer** page, select **Browse** and specify the installation file for the application. - >[!NOTE] + > [!NOTE] >If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then select **Next**. @@ -70,7 +73,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD 9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then select **Run All**. To run specific programs, select the program or programs, and then select **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run. - >[!NOTE] + > [!NOTE] >To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step. Select **Next**. @@ -86,7 +89,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then select **Next**. - >[!NOTE] + > [!NOTE] >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened. After that, depending on how the background loading is configured, it will load the rest of the application. 13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. After that, select **Next**. @@ -150,7 +153,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD 13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all applications to run. After all applications have run, close each application. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Select **Next**. - >[!NOTE] + > [!NOTE] >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, select **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**. 14. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Select **Next**. diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md index 0a7aece481..1ccb908974 100644 --- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md +++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md @@ -1,12 +1,15 @@ --- title: How to sequence a package by using Windows PowerShell (Windows 10) description: How to sequence a package by using Windows PowerShell -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- @@ -17,10 +20,10 @@ ms.date: 04/19/2017 Use the following procedure to create a new App-V package using Windows PowerShell. -> [!NOTE]   +> [!NOTE] > Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). -  + **To create a new virtual application by using Windows PowerShell** 1. Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md). @@ -62,8 +65,8 @@ The following list displays additional optional parameters that can be used with In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. ->[!IMPORTANT] ->If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. +> [!IMPORTANT] +> If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. ## Related topics @@ -71,4 +74,4 @@ In Windows 10, version 1703, running the new-appvsequencerpackage or the update- -
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). \ No newline at end of file +
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index a28d2875c7..1618dde95c 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -1,12 +1,15 @@ --- title: App-V Supported Configurations (Windows 10) description: App-V Supported Configurations -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article --- # App-V Supported Configurations @@ -118,4 +121,4 @@ The App-V client works with System Center Configuration Manager versions startin ## Related topics * [Planning to deploy App-V](appv-planning-to-deploy-appv.md) -* [App-V prerequisites](appv-prerequisites.md) \ No newline at end of file +* [App-V prerequisites](appv-prerequisites.md) diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md index 74aec92cad..910287f6d3 100644 --- a/windows/application-management/app-v/appv-technical-reference.md +++ b/windows/application-management/app-v/appv-technical-reference.md @@ -1,12 +1,15 @@ --- title: Technical Reference for App-V (Windows 10) description: Technical Reference for App-V -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md index 89e0d58328..92cd2124d8 100644 --- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md @@ -1,12 +1,15 @@ --- title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10) description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md index 62e8e04338..fdacc04362 100644 --- a/windows/application-management/app-v/appv-troubleshooting.md +++ b/windows/application-management/app-v/appv-troubleshooting.md @@ -1,12 +1,15 @@ --- title: Troubleshooting App-V (Windows 10) description: Troubleshooting App-V -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md index 7c30f8d1f3..5234b80231 100644 --- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md +++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md @@ -1,12 +1,15 @@ --- title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10) description: Upgrading to App-V for Windows 10 from an existing installation -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- # Upgrading to App-V for Windows 10 from an existing installation @@ -96,4 +99,4 @@ Type the following cmdlet in a Windows PowerShell window: -
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). \ No newline at end of file +
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index 321ed70eaf..83bfa11219 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -1,12 +1,15 @@ --- title: Using the App-V Client Management Console (Windows 10) description: Using the App-V Client Management Console -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- @@ -21,8 +24,8 @@ This topic provides information about using the Application Virtualization (App- The client management console is separate from the App-V client itself. You can download the client management console from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186). -> [!NOTE] -To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client. +> [!NOTE] +> To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client. ## Options for managing the App-V client diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md index 64e4b04a27..2d1bb8bb98 100644 --- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md +++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md @@ -1,12 +1,15 @@ --- title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10) description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md index 3af98c9c73..771291c90e 100644 --- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md +++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md @@ -1,12 +1,15 @@ --- title: Viewing App-V Server Publishing Metadata (Windows 10) description: Viewing App-V Server Publishing Metadata -author: MaggiePucciEvans +author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor --- diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 637e02d729..5ce9e92dc8 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -1,12 +1,14 @@ --- title: Windows 10 - Apps +ms.reviewer: +manager: dansimp description: What are Windows, UWP, and Win32 apps ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -ms.author: elizapo -author: lizap +ms.author: tracyp +author: msfttracyp ms.localizationpriority: medium ms.topic: article --- @@ -153,32 +155,34 @@ System apps are integral to the operating system. Here are the typical system ap Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, and 1809. -| Name | Full name | 1709 | 1803 | 1809 | Uninstall through UI? | -|--------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:| -| Remote Desktop | Microsoft.RemoteDesktop | x | | x | Yes | -| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | | Yes | -| Eclipse Manager | 46928bounde.EclipseManager | x | x | | Yes | -| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | | Yes | -| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | | Yes | -| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | | Yes | -| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes | -| News | Microsoft.BingNews | x | x | x | Yes | -| Sway | Microsoft.Office.Sway | x | x | x | Yes | -| Microsoft.Advertising | Microsoft.Advertising.Xaml | x | x | x | Yes | -| | Microsoft.NET.Native.Framework.1.2 | x | x | | Yes | -| | Microsoft.NET.Native.Framework.1.3 | x | x | | Yes | -| | Microsoft.NET.Native.Framework.1.6 | x | x | x | Yes | -| | Microsoft.NET.Native.Framework.1.7 | | x | x | Yes | -| | Microsoft.NET.Native.Framework.2.0 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.1 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.3 | x | | | Yes | -| | Microsoft.NET.Native.Runtime.1.4 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.6 | x | x | x | Yes | -| | Microsoft.NET.Native.Runtime.1.7 | x | x | x | Yes | -| | Microsoft.NET.Native.Runtime.2.0 | x | x | | Yes | -| | Microsoft.Services.Store.Engagement | x | x | | Yes | -| | Microsoft.VCLibs.120.00 | x | x | | Yes | -| | Microsoft.VCLibs.140.00 | x | x | x | Yes | -| | Microsoft.VCLibs.120.00.Universal | x | | | Yes | -| | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes | + +| Name | Full name | 1709 | 1803 | 1809 | Uninstall through UI? | +|-----------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:| +| Remote Desktop | Microsoft.RemoteDesktop | x | | x | Yes | +| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | | Yes | +| Eclipse Manager | 46928bounde.EclipseManager | x | x | | Yes | +| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | | Yes | +| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | | Yes | +| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | | Yes | +| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes | +| News | Microsoft.BingNews | x | x | x | Yes | +| Sway | Microsoft.Office.Sway | x | x | x | Yes | +| Microsoft.Advertising | Microsoft.Advertising.Xaml | x | x | x | Yes | +| | Microsoft.NET.Native.Framework.1.2 | x | x | | Yes | +| | Microsoft.NET.Native.Framework.1.3 | x | x | | Yes | +| | Microsoft.NET.Native.Framework.1.6 | x | x | x | Yes | +| | Microsoft.NET.Native.Framework.1.7 | | x | x | Yes | +| | Microsoft.NET.Native.Framework.2.0 | x | x | | Yes | +| | Microsoft.NET.Native.Runtime.1.1 | x | x | | Yes | +| | Microsoft.NET.Native.Runtime.1.3 | x | | | Yes | +| | Microsoft.NET.Native.Runtime.1.4 | x | x | | Yes | +| | Microsoft.NET.Native.Runtime.1.6 | x | x | x | Yes | +| | Microsoft.NET.Native.Runtime.1.7 | x | x | x | Yes | +| | Microsoft.NET.Native.Runtime.2.0 | x | x | | Yes | +| | Microsoft.Services.Store.Engagement | x | x | | Yes | +| | Microsoft.VCLibs.120.00 | x | x | | Yes | +| | Microsoft.VCLibs.140.00 | x | x | x | Yes | +| | Microsoft.VCLibs.120.00.Universal | x | | | Yes | +| | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes | + --- diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md index 580efc16c4..394767a6af 100644 --- a/windows/application-management/change-history-for-application-management.md +++ b/windows/application-management/change-history-for-application-management.md @@ -7,10 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: msfttracyp +ms.author: tracyp ms.topic: article ms.date: 10/24/2017 +ms.reviewer: +manager: dansimp --- # Change history for Application management in Windows 10 diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index 3dffa46062..d2c0c0bc21 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -5,9 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -ms.author: kaushika-ainapure -author: kaushika-msft +ms.author: tracyp +author: msfttracyp ms.date: 07/21/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- # Deploy application upgrades on Windows 10 Mobile @@ -39,7 +41,7 @@ Before you can deploy the upgrade, make sure you import the new version of the a 4. Click **Add**, browse to the existing (older) version of the app that you're upgrading, and then click **OK**. 5. Under **New Deployment Type** select the new version of the app. (When you imported the new version, it comes in as a new deployment type. If you're upgrading a Universal application, you'll see only one type here.) ![Create a supersedence rule for the new version of the app](media/app-upgrade-supersede-deploy-type.png) - > [!IMPORTANT] + > [!IMPORTANT] > Do **NOT** select **Uninstall**. This tells Configuration Manager to uninstall the old version, but it does **NOT** then install the new version. 6. Click **OK**. @@ -56,4 +58,4 @@ You don't need to delete the deployment associated with the older version of the ![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png) -If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. \ No newline at end of file +If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index cf14d39f29..c2200ff029 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -20,7 +20,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -31,24 +31,24 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.author": "elizapo", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-app-management", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "ms.author": "elizapo", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-app-management", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], "dest": "win-app-management", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index 74e71f0072..dfb14cdb36 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -1,9 +1,11 @@ --- -author: TylerMSFT +author: msfttracyp title: Remove background task resource restrictions description: Allow enterprise background tasks unrestricted access to computer resources. -ms.author: twhitney +ms.author: tracyp ms.date: 10/03/2017 +ms.reviewer: +manager: dansimp ms.topic: article ms.prod: w10 ms.technology: uwp diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 20b71d39e8..5c0ec34d50 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -1,22 +1,23 @@ --- title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10) +ms.reviewer: +manager: dansimp description: Learn how to enable or block Windows Mixed Reality apps. keyboards: ["mr", "mr portal", "mixed reality portal", "mixed reality"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: msfttracyp +ms.author: tracyp ms.topic: article -ms.date: 10/02/2018 --- # Enable or block Windows Mixed Reality apps in the enterprise **Applies to** -- Windows 10 +- Windows 10 [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows 10 Feature on Demand (FOD)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows 10 PC needs a new feature, it can request the feature package from Windows Update. @@ -29,24 +30,24 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 1. [Check your version of Windows 10.](https://support.microsoft.com/help/13443/windows-which-operating-system) - >[!NOTE] - >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality. + >[!NOTE] + >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality. 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download the FOD .cab file for [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). - >[!NOTE] - >You must download the FOD .cab file that matches your operating system version. + >[!NOTE] + >You must download the FOD .cab file that matches your operating system version. - b. Use `Add-Package` to add Windows Mixed Reality FOD to the image. + b. Use `Add-Package` to add Windows Mixed Reality FOD to the image. ``` Add-Package Dism /Online /add-package /packagepath:(path) ``` - c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. + c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD. @@ -73,32 +74,31 @@ In the following example, the **Id** can be any generated GUID and the **Name** text/plain - <RuleCollection Type="Appx" EnforcementMode="Enabled"> - <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - </RuleCollection>> + + + + + + + + + + + + + + + + > - ``` ## Related topics -- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality) \ No newline at end of file +- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality) diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md index 0197cc67d9..1d38d2f161 100644 --- a/windows/application-management/msix-app-packaging-tool.md +++ b/windows/application-management/msix-app-packaging-tool.md @@ -6,9 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium -ms.author: mikeblodge +ms.author: tracyp ms.topic: article ms.date: 12/03/2018 +ms.reviewer: +manager: dansimp +author: msfttracyp --- # Repackage existing win32 applications to the MSIX format @@ -34,4 +37,4 @@ You can either run your installer interactively (through the UI) or create a pac 1. Use the MSA login associated with your Windows Insider Program credentials in the [Microsoft Store](https://www.microsoft.com/store/r/9N5LW3JBCXKF). 2. Open the product description page. -3. Click the install icon to begin installation. \ No newline at end of file +3. Click the install icon to begin installation. diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index 1391890a98..f6a1ae0b1d 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -5,9 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -ms.author: elizapo -author: lizap +ms.author: tracyp +author: msfttracyp ms.date: 09/14/2017 +ms.reviewer: +manager: dansimp --- # Per-user services in Windows 10 and Windows Server diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index b41972de75..371e401c1a 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -4,9 +4,11 @@ description: How to keep provisioned apps that were removed from your machine fr ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.author: helohr -author: HeidiLohr +ms.author: tracyp +author: msfttracyp ms.date: 05/25/2018 +ms.reviewer: +manager: dansimp --- # How to keep apps removed from Windows 10 from returning during an update @@ -39,12 +41,12 @@ Use the following steps to create a registry key: 1. Identify any provisioned apps you want removed. Record the package name for each app. 2. Create a .reg file to generate a registry key for each app. Use [this list of Windows 10, version 1709 registry keys](#registry-keys-for-provisioned-apps) as your starting point. - 1. Paste the list of registry keys into Notepad (or a text editor). - 2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key: - ```yaml - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe] - ``` - 3. Save the file with a .txt extension, then right-click the file and change the extension to .reg. + 1. Paste the list of registry keys into Notepad (or a text editor). + 2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key: + ```yaml + HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe] + ``` + 3. Save the file with a .txt extension, then right-click the file and change the extension to .reg. 3. Double-click the .reg file to create the registry keys. You can see the new keys in HKLM\\path-to-reg-keys. You're now ready to update your computer. After the update, check the list of apps in the computer to confirm the removed apps are still gone. diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index cd7c59e6d2..8052f02284 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -2,12 +2,15 @@ title: Sideload LOB apps in Windows 10 (Windows 10) description: Sideload line-of-business apps in Windows 10. ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D +ms.reviewer: +manager: dansimp +ms.author: tracyp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -author: greg-lindsay -ms.date: 04/19/2017 +author: msfttracyp +ms.date: 05/20/2019 --- # Sideload LOB apps in Windows 10 @@ -48,10 +51,16 @@ And here's what you'll need to do: ## How do I sideload an app on desktop You can sideload apps on managed or unmanaged devices. +>[!IMPORTANT] +> To install an app on Windows 10, in addition to following [these procedures](https://docs.microsoft.com/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package. + + **To turn on sideloading for managed devices** - Deploy an enterprise policy. + + **To turn on sideloading for unmanaged devices** 1. Open **Settings**. diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index e2c31b7f81..dddf40f87f 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -5,9 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -ms.author: kaushika-ainapure -author: kaushika-msft +ms.author: tracyp +author: msfttracyp ms.date: 07/20/2017 +ms.reviewer: +manager: dansimp --- # Changes to Service Host grouping in Windows 10 diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index bab488fec7..84c3b8c3d2 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -2,10 +2,13 @@ title: Administrative Tools in Windows 10 (Windows 10) description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8 +ms.reviewer: +manager: dansimp +ms.author: tracyp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: msfttracyp ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article @@ -28,7 +31,7 @@ The tools in the folder might vary depending on which edition of Windows you are These tools were included in previous versions of Windows and the associated documentation for each tool should help you use these tools in Windows 10. The following list links to documentation for each tool. -  + - [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489) - [Computer Management](https://support.microsoft.com/kb/308423) @@ -48,14 +51,14 @@ These tools were included in previous versions of Windows and the associated doc - [Windows Firewall with Advanced Security](https://go.microsoft.com/fwlink/p/?LinkId=708503) - [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507) ->[!TIP]   ->If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.  +> [!TIP] +> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.  ## Related topics [Diagnostic Data Viewer](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) -  + diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index 2a6671c21f..a9cb94cced 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -1,13 +1,15 @@ --- title: Advanced Troubleshooting 802.1X Authentication +ms.reviewer: +manager: dansimp description: Learn how 802.1X Authentication works keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: msfttracyp ms.localizationpriority: medium -ms.author: greg-lindsay +ms.author: tracyp ms.topic: troubleshooting --- diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 101ca103bc..e83a4bf8bd 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -3,10 +3,12 @@ title: Advanced troubleshooting for Windows boot problems description: Learn how to troubleshoot when Windows is unable to boot ms.prod: w10 ms.sitesec: library -author: kaushika-msft +author: msfttracyp ms.localizationpriority: medium -ms.author: elizapo +ms.author: tracyp ms.date: 11/16/2018 +ms.reviewer: +manager: dansimp ms.topic: troubleshooting --- @@ -19,13 +21,13 @@ ms.topic: troubleshooting There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck: -| **Phase** | **Boot Process** | **BIOS** | **UEFI** | -|--------|----------------------|------------------------------| | -| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware | -| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi | -| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi | -| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | | +| **Phase** | **Boot Process** | **BIOS** | **UEFI** | +|-----------|----------------------|------------------------------------|-----------------------------------| +| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware | +| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi | +| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi | +| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | | **1. PreBoot** @@ -175,7 +177,7 @@ After you run the command, you receive the following output: Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows Add installation to boot list? Yes/No/All: Y -5. Try again to start the system. +5. Try again to start the system. ### Method 4: Replace Bootmgr @@ -385,6 +387,6 @@ If the dump file shows an error that is related to a driver (for example, window 1. Start WinRE, and open a Command Prompt window. 2. Start a text editor, such as Notepad. - 3. Navigate to C\Windows\System32\Config\. + 3. Navigate to C:\Windows\System32\Config\. 4. Rename the all five hives by appending ".old" to the name. 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 2581981101..02586be4b6 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -1,13 +1,15 @@ --- title: Advanced Troubleshooting Wireless Network Connectivity +ms.reviewer: +manager: dansimp description: Learn how troubleshooting of establishing Wi-Fi connections keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: msfttracyp ms.localizationpriority: medium -ms.author: greg-lindsay +ms.author: tracyp ms.topic: troubleshooting --- @@ -36,6 +38,7 @@ The intention of this troubleshooter is to show how to find a starting point in ### Known Issues and fixes ** ** + | **OS version** | **Fixed in** | | --- | --- | | **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | @@ -52,7 +55,7 @@ Make sure that you install the latest Windows updates, cumulative updates, and r - [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) - [Windows Server 2012](https://support.microsoft.com/help/4009471) - [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469) - + ## Data Collection 1. Network Capture with ETW. Enter the following at an elevated command prompt: @@ -324,4 +327,4 @@ Copy and paste all the lines below and save them into a text file named "wifi.ta In the following example, the **View** settings are configured to **Show Only Filtered Lines**. -![TAT filter example](images/tat.png) \ No newline at end of file +![TAT filter example](images/tat.png) diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index 12912a98f5..771366616a 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -7,9 +7,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerMS -ms.author: jdecker +author: msfttracyp +ms.author: tracyp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 7812898ee3..e1365a820c 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -6,10 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.date: 08/02/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -35,17 +37,17 @@ From its release, Windows 10 has supported remote connections to PCs that are jo 1. Open system properties for the remote PC. 2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**. - ![Allow remote connections to this computer](images/allow-rdp.png) + ![Allow remote connections to this computer](images/allow-rdp.png) 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. - >[!NOTE] - >You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet: - > - >`net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD. - > - >In Windows 10, version 1709, the user does not have to sign in to the remote device first. - > - >In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. + >[!NOTE] + >You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet: + > + >`net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD. + > + >In Windows 10, version 1709, the user does not have to sign in to the remote device first. + > + >In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. @@ -88,9 +90,9 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC -  + -  + diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md index cc14ac0242..e866b0d7c4 100644 --- a/windows/client-management/data-collection-for-802-authentication.md +++ b/windows/client-management/data-collection-for-802-authentication.md @@ -1,13 +1,15 @@ --- title: Data collection for troubleshooting 802.1X authentication +ms.reviewer: +manager: dansimp description: Data needed for reviewing 802.1X Authentication issues keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: mikeblodge +ms.author: dansimp ms.topic: troubleshooting --- @@ -72,7 +74,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window ``` wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600 - ``` + ``` 7. Run the following command from the command prompt on the client machine and start PSR to capture screen images: > [!NOTE] @@ -90,13 +92,13 @@ Use the following steps to collect wireless and wired logs on Windows and Window 10. Run the following commands from the command prompt on the NPS server. - - To stop RAS trace log and wireless scenario log: + - To stop RAS trace log and wireless scenario log: ``` netsh trace stop netsh ras set tracing * disabled ``` - - To disable and copy CAPI2 log: + - To disable and copy CAPI2 log: ``` wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false @@ -104,13 +106,13 @@ Use the following steps to collect wireless and wired logs on Windows and Window ``` 11. Run the following commands on the client PC. - - To stop RAS trace log and wireless scenario log: + - To stop RAS trace log and wireless scenario log: ``` netsh trace stop netsh ras set tracing * disabled ``` - - To disable and copy the CAPI2 log: + - To disable and copy the CAPI2 log: ``` wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx @@ -118,14 +120,14 @@ Use the following steps to collect wireless and wired logs on Windows and Window 12. Save the following logs on the client and the NPS: - **Client** + **Client** - C:\MSLOG\%computername%_psr.zip - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx - C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl - C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab - All log files and folders in %Systemroot%\Tracing - **NPS** + **NPS** - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx - C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl (%COMPUTERNAME%_wired_nps.etl for wired scenario) - C:\MSLOG\%COMPUTERNAME%_wireless_nps.cab (%COMPUTERNAME%_wired_nps.cab for wired scenario) diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index 54140237f9..e896532c51 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -20,7 +20,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -31,23 +31,23 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-client-management", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-client-management", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], "dest": "win-client-management", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index 38beb2bfcd..8b2eb55f2f 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -4,9 +4,12 @@ description: Use this topic to learn about Group Policy settings that apply only ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: brianlic-msft +author: dansimp ms.localizationpriority: medium ms.date: 10/13/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: troubleshooting --- @@ -34,4 +37,4 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W - \ No newline at end of file + diff --git a/windows/client-management/images/tcp-ts-14.png b/windows/client-management/images/tcp-ts-14.png index f3a3cc4a35..b1db37cd1a 100644 Binary files a/windows/client-management/images/tcp-ts-14.png and b/windows/client-management/images/tcp-ts-14.png differ diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md index 19455fe9cd..e0d86a8a23 100644 --- a/windows/client-management/img-boot-sequence.md +++ b/windows/client-management/img-boot-sequence.md @@ -2,6 +2,10 @@ description: A full-sized view of the boot sequence flowchart. title: Boot sequence flowchart ms.date: 11/16/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.topic: article ms.prod: w10 --- diff --git a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md index 18a5683f62..688b2e776c 100644 --- a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md +++ b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md @@ -2,11 +2,14 @@ title: Join Windows 10 Mobile to Azure Active Directory (Windows 10) description: Devices running Windows 10 Mobile can join Azure Active Directory (Azure AD) when the device is configured during the out-of-box experience (OOBE). ms.assetid: 955DD9EC-3519-4752-827E-79CEB1EC8D6B +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 09/21/2017 ms.topic: article diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index 4d37e28f84..fad72959e6 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -2,12 +2,15 @@ title: Manage corporate devices (Windows 10) description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones. ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["MDM", "device management"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 09/21/2017 ms.topic: article diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 2f41baa313..ef2bf77cba 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -4,8 +4,11 @@ description: Find out how to manage the Settings app with Group Policy. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: brianlic-msft +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -38,7 +41,7 @@ Policy paths: The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). ->[!NOTE] +>[!NOTE] > When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string. Here are some examples: diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 759f45080d..4a0423c1e7 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -6,9 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: MariciaAlforque +author: dansimp ms.localizationpriority: medium ms.date: 04/26/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 2db6848263..1ac82401a1 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -5,9 +5,11 @@ keywords: [".man","ntuser"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -16,7 +18,7 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 @@ -52,68 +54,70 @@ First, you create a default user profile with the customizations that you want, 1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account. - > [!NOTE] + > [!NOTE] > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. - + 2. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. >[!NOTE] >Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics). 3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. - + 3. Uninstall any application you do not need or want from the PC. For examples on how to uninstall Windows 10 Application see [Remove-AppxProvisionedPackage](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage?view=winserver2012-ps). For a list of uninstallable applications, see [Understand the different apps included in Windows 10](https://docs.microsoft.com/windows/application-management/apps-in-windows-10). - - >[!NOTE] - >It is highly recommended to uninstall unwanted or unneeded apps as it will speed up user sign-in times. + +~~~ + >[!NOTE] + >It is highly recommended to uninstall unwanted or unneeded apps as it will speed up user sign-in times. +~~~ 3. At a command prompt, type the following command and press **ENTER**. `sysprep /oobe /reboot /generalize /unattend:unattend.xml` (Sysprep.exe is located at: C:\Windows\System32\sysprep. By default, Sysprep looks for unattend.xml in this same folder.) - - >[!TIP] - >If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following: - - >![Microsoft Bing Translator package](images/sysprep-error.png) - - >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. - -5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. -6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. - -7. In **User Profiles**, click **Default Profile**, and then click **Copy To**. + > [!TIP] + > If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following: + > + > ![Microsoft Bing Translator package](images/sysprep-error.png) + > + > Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. + +4. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. + +5. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. + +6. In **User Profiles**, click **Default Profile**, and then click **Copy To**. ![Example of UI](images/copy-to.png) -8. In **Copy To**, under **Permitted to use**, click **Change**. +7. In **Copy To**, under **Permitted to use**, click **Change**. ![Example of UI](images/copy-to-change.png) - -9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**. -10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607. +8. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**. + +9. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607. - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. - + ![Example of UI](images/copy-to-path.png) -9. Click **OK** to copy the default user profile. +10. Click **OK** to copy the default user profile. **To make the user profile mandatory** - + 3. In File Explorer, open the folder where you stored the copy of the profile. >[!NOTE] >If the folder is not displayed, click **View** > **Options** > **Change folder and search options**. On the **View** tab, select **Show hidden files and folders**, clear **Hide protected operating system files**, click **Yes** to confirm that you want to show operating system files, and then click **OK** to save your changes. -1. Rename `Ntuser.dat` to `Ntuser.man`. +4. Rename `Ntuser.dat` to `Ntuser.man`. ## How to apply a mandatory user profile to users diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 07e2cb8f96..79029616d0 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -127,6 +127,8 @@ #### [DynamicManagement DDF file](dynamicmanagement-ddf.md) ### [EMAIL2 CSP](email2-csp.md) #### [EMAIL2 DDF file](email2-ddf-file.md) +### [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) +#### [EnrollmentStatusTracking DDF file](enrollmentstatustracking-csp-ddf.md) ### [EnterpriseAPN CSP](enterpriseapn-csp.md) #### [EnterpriseAPN DDF](enterpriseapn-ddf.md) ### [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) @@ -243,6 +245,7 @@ #### [RestrictedGroups](policy-csp-restrictedgroups.md) #### [Search](policy-csp-search.md) #### [Security](policy-csp-security.md) +#### [ServiceControlManager](policy-csp-servicecontrolmanager.md) #### [Settings](policy-csp-settings.md) #### [SmartScreen](policy-csp-smartscreen.md) #### [Speech](policy-csp-speech.md) @@ -254,6 +257,7 @@ #### [TaskScheduler](policy-csp-taskscheduler.md) #### [TextInput](policy-csp-textinput.md) #### [TimeLanguageSettings](policy-csp-timelanguagesettings.md) +#### [Troubleshooting](policy-csp-troubleshooting.md) #### [Update](policy-csp-update.md) #### [UserRights](policy-csp-userrights.md) #### [Wifi](policy-csp-wifi.md) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 866c9e3470..7dd8c78df7 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -1,12 +1,14 @@ --- title: AccountManagement CSP description: Used to configure settings in the Account Manager service -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 03/23/2018 +ms.reviewer: +manager: dansimp --- # AccountManagement CSP @@ -14,7 +16,7 @@ ms.date: 03/23/2018 AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803. -> [!Note] +> [!NOTE] > The AccountManagement CSP is only supported in Windows Holographic for Business edition. @@ -57,4 +59,4 @@ Supported operations are Add, Get,Replace, and Delete. Value type is integer. **UserProfileManagement/ProfileInactivityThreshold** Start deleting profiles when they have not been logged on during the specified period, given as number of days. Default value is 30. -Supported operations are Add, Get,Replace, and Delete. Value type is integer. \ No newline at end of file +Supported operations are Add, Get,Replace, and Delete. Value type is integer. diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index 4e6eb780a7..b5d6a4375c 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -1,12 +1,14 @@ --- title: AccountManagement DDF file description: Used to configure settings in the Account Manager service -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 03/23/2018 +ms.reviewer: +manager: dansimp --- # AccountManagement DDF file @@ -195,4 +197,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 19820b0309..810e5c83fa 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -1,12 +1,14 @@ --- title: Accounts CSP description: The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group. -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 04/17/2018 +ms.reviewer: +manager: dansimp --- # Accounts CSP @@ -26,9 +28,14 @@ Root node. Interior node for the account domain information. **Domain/ComputerName** -This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. +This node specifies the DNS hostname for a device. This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters. -Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. +Available naming macros: + +|Macro|Description|Example|Generated Name| +|:---|:---|:---|:---| +|%RAND:<# of digits>|Generates the specified number of random digits.|Test%RAND:6%|Test123456| +|%SERIAL%|Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence.|Test-Device-%SERIAL%|Test-Device-456| Supported operation is Add. @@ -46,4 +53,4 @@ Supported operation is Add. **Users/_UserName_/LocalUserGroup** This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely. -Supported operation is Add. \ No newline at end of file +Supported operation is Add. diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index c0bc44f76f..df93402ac2 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -1,12 +1,14 @@ --- title: Accounts DDF file description: XML file containing the device description framework -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 04/17/2018 +ms.reviewer: +manager: dansimp --- # Accounts CSP @@ -174,4 +176,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index d77371ecc7..f8b87748fa 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -2,11 +2,13 @@ title: ActiveSync CSP description: ActiveSync CSP ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -24,7 +26,7 @@ On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is s The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in the short term. -  + The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. @@ -40,7 +42,7 @@ On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is s The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in the short term. -  + The supported operation is Get. @@ -203,7 +205,7 @@ Valid values are one of the following: - 5 – Email up to a month old is synced to the device. -**Options/ContentTypes/****_Content Type GUID_** +**Options/ContentTypes/***Content Type GUID* Defines the type of content to be individually enabled/disabled for sync. The *GUID* values allowed are one of the following: @@ -231,7 +233,7 @@ Required. A character string that specifies the name of the content type. > **Note**  In Windows 10, this node is currently not working. -  + Supported operations are Get, Replace, and Add (cannot Add after the account is created). @@ -255,9 +257,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index a1c9d4cb8d..94204a5b9a 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -2,11 +2,13 @@ title: ActiveSync DDF file description: ActiveSync DDF file ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index 5065235319..174966d463 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -2,11 +2,13 @@ title: Add an Azure AD tenant and Azure AD subscription description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription. ms.assetid: 36D94BEC-A6D8-47D2-A547-EBD7B7D163FA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -17,43 +19,43 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a > **Note**  If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. For step-by-step guide to register this free subscription, see [Register your free Azure Active Directory subscription.](#register-your-free-azure-active-directory-subscription) -1. Sign-up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization. +1. Sign-up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization. - ![sign up for azure ad tenant](images/azure-ad-add-tenant1.png) + ![sign up for azure ad tenant](images/azure-ad-add-tenant1.png) -2. Enter the information for your organization. Click **check availability** to verify that domain name that you selected is available. +2. Enter the information for your organization. Click **check availability** to verify that domain name that you selected is available. - ![sign up for azure ad](images/azure-ad-add-tenant2.png) + ![sign up for azure ad](images/azure-ad-add-tenant2.png) -3. Complete the login and country information. You must provide a valid phone number, then click **Send text message** or **Call me**. +3. Complete the login and country information. You must provide a valid phone number, then click **Send text message** or **Call me**. - ![create azure account](images/azure-ad-add-tenant3.png) + ![create azure account](images/azure-ad-add-tenant3.png) -4. Enter the code that you receive and then click **Verify code**. After the code is verified and the continue button turns green, click **continue**. +4. Enter the code that you receive and then click **Verify code**. After the code is verified and the continue button turns green, click **continue**. - ![add aad tenant](images/azure-ad-add-tenant3-b.png) + ![add aad tenant](images/azure-ad-add-tenant3-b.png) -5. After you finish creating your Azure account, you are ready to add an Azure AD subscription. +5. After you finish creating your Azure account, you are ready to add an Azure AD subscription. - If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to Office 356 portal, and then sign in using the admin account that you just created in Step 4 (for example, user1@contosoltd.onmicrosoftcom). + If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to Office 356 portal, and then sign in using the admin account that you just created in Step 4 (for example, user1@contosoltd.onmicrosoftcom). - ![login to office 365](images/azure-ad-add-tenant4.png) + ![login to office 365](images/azure-ad-add-tenant4.png) -6. Click **Install software**. +6. Click **Install software**. - ![login to office 365](images/azure-ad-add-tenant5.png) + ![login to office 365](images/azure-ad-add-tenant5.png) -7. In the Office 365 portal, select **Purchase Services** from the left nagivation. +7. In the Office 365 portal, select **Purchase Services** from the left nagivation. - ![purchase service option in admin center menu](images/azure-ad-add-tenant6.png) + ![purchase service option in admin center menu](images/azure-ad-add-tenant6.png) -8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then click to purchase. +8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then click to purchase. - ![azure active directory option in purchase services page](images/azure-ad-add-tenant7.png) + ![azure active directory option in purchase services page](images/azure-ad-add-tenant7.png) -9. Continue with your purchase. +9. Continue with your purchase. - ![azure active directory premium payment page](images/azure-ad-add-tenant8.png) + ![azure active directory premium payment page](images/azure-ad-add-tenant8.png) 10. After the purchase is completed, you can login to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc...). @@ -89,7 +91,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent ![register azuread](images/azure-ad-add-tenant15.png) -  + diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index 2362bb66f0..c2b7e64c26 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -2,11 +2,13 @@ title: AllJoynManagement CSP description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. ms.assetid: 468E0EE5-EED3-48FF-91C0-89F9D159AA8C -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -20,7 +22,7 @@ The AllJoynManagement configuration service provider (CSP) is only supported in This CSP was added in Windows 10, version 1511. -  + For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877). @@ -36,19 +38,19 @@ The root node for the AllJoynManagement configuration service provider. **Services** List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn objects that expose the "com.microsoft.alljoynmanagement.config" are included. -**Services/****_Node name_** +**Services/***Node name* The unique AllJoyn device ID (a GUID) that hosts one or more configurable objects. **Services/*Node name*/Port** The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it is possible to specify additional ports. -**Services/*Node name*/Port/****_Node name_** +**Services/*Node name*/Port/***Node name* Port number used for communication. This is specified by the configurable AllJoyn object and reflected here. **Services/*Node name*/Port/*Node name*/CfgObject** The set of configurable interfaces that are available on the port of the AllJoyn object. -**Services/*Node name*/Port/*Node name*/CfgObject/****_Node name_** +**Services/*Node name*/Port/*Node name*/CfgObject/***Node name* The remainder of this URI is an escaped path to the configurable AllJoyn object hosted by the parent ServiceID and accessible by the parent PortNum. For example an AllJoyn Bridge with the Microsoft specific AllJoyn configuration interface "\\FabrikamService\\BridgeConfig" would be specified in the URI as: %2FFabrikamService%2FBridgeConfig. @@ -58,7 +60,7 @@ This is the credential store. An administrator can set credentials for each AllJ When a SyncML request arrives in the CSP to replace or query a configuration item on an AllJoyn object that requires authentication, then the CSP uses the credentials stored here during the authentication phase. -**Credentials/****_Node name_** +**Credentials/***Node name* This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It is typically implemented as a GUID. **Credentials/*Node name*/Key** @@ -137,9 +139,9 @@ Get the firewall PrivateProfile ``` -  + -  + diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index c9da82f50a..371fedca49 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -2,11 +2,13 @@ title: AllJoynManagement DDF description: AllJoynManagement DDF ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 2f3b7f1d06..265cdca9fe 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -2,11 +2,13 @@ title: APPLICATION configuration service provider description: APPLICATION configuration service provider ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/applicationrestrictions-xsd.md b/windows/client-management/mdm/applicationrestrictions-xsd.md index 1a54b6702f..ae10e4ef5e 100644 --- a/windows/client-management/mdm/applicationrestrictions-xsd.md +++ b/windows/client-management/mdm/applicationrestrictions-xsd.md @@ -2,11 +2,13 @@ title: ApplicationRestrictions XSD description: Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy. ms.assetid: A5AA2B59-3736-473E-8F70-A90FD61EE426 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index c9d931e3e6..b44da942dd 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -2,11 +2,13 @@ title: AppLocker CSP description: AppLocker CSP ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 04/30/2018 --- @@ -15,10 +17,10 @@ ms.date: 04/30/2018 The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked. -> **Note**   +> **Note** > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. > -> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. +> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. > > Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. @@ -33,15 +35,15 @@ Defines the root node for the AppLocker configuration service provider. **ApplicationLaunchRestrictions** Defines restrictions for applications. -> [!NOTE]   +> [!NOTE] > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. > -> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. +> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. Additional information: - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps. -- [Whitelist example](#whitelist-example) - example for Windows 10 Mobile that denies all apps except the ones listed. +- [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed. **EnterpriseDataProtection** Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md). @@ -62,7 +64,7 @@ Exempt examples: Additional information: -- [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. +- [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. Each of the previously listed nodes contains a **Grouping** node. @@ -87,7 +89,7 @@ Each of the previously listed nodes contains a **Grouping** node. -  + In addition, each **Grouping** node contains one or more of the following nodes: @@ -135,7 +137,7 @@ In addition, each **Grouping** node contains one or more of the following nodes: -  + Each of the previous nodes contains one or more of the following leaf nodes: @@ -155,7 +157,7 @@ Each of the previous nodes contains one or more of the following leaf nodes:

    Policy

    Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

    Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.

    -

    For CodeIntegrity/Policy, you can use the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.

    +

    For CodeIntegrity/Policy, you can use the certutil -encode command line tool to encode the data to base-64.

    Here is a sample certutil invocation:

    ``` @@ -184,16 +186,16 @@ certutil -encode WinSiPolicy.p7b WinSiPolicy.cer -  + ## Find publisher and product name of apps -You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. This procedure describes pairing your phone to your desktop using WiFi. +You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. This procedure describes pairing your phone to your desktop using WiFi. If this procedure does not work for you, try the other methods for pairing described in [Device Portal for Mobile](https://msdn.microsoft.com/windows/uwp/debug-test-perf/device-portal-mobile). -**To find Publisher and PackageFullName for apps installed on Windows 10 Mobile** +**To find Publisher and PackageFullName for apps installed on Windows 10 Mobile** 1. On your Windows Phone, go to **Settings**. Choose **Update & security**. Then choose **For developers**. 2. Choose **Developer mode**. @@ -253,7 +255,7 @@ The following table show the mapping of information to the AppLocker publisher r -  + Here is an example AppLocker publisher rule: @@ -287,26 +289,28 @@ You can get the publisher name and product name of apps using a web API. -   - Here is the example for Microsoft OneNote: - Request +~~~ +Here is the example for Microsoft OneNote: - ``` syntax - https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata - ``` +Request - Result +``` syntax +https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata +``` - ``` syntax - { - "packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe", - "packageIdentityName": "Microsoft.Office.OneNote", - "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d", - "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" - } - ``` +Result + +``` syntax +{ + "packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe", + "packageIdentityName": "Microsoft.Office.OneNote", + "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d", + "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" +} +``` +~~~ @@ -337,12 +341,12 @@ You can get the publisher name and product name of apps using a web API.
    -  + ## Settings apps that rely on splash apps -When you create a list of allowed apps in Windows 10 Mobile, you must also include the subset of Settings apps that rely on splash apps in your list of allowed apps. These apps are blocked unless they are explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps . +When you create a list of allowed apps in Windows 10 Mobile, you must also include the subset of Settings apps that rely on splash apps in your list of allowed apps. These apps are blocked unless they are explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps . The product name is first part of the PackageFullName followed by the version number. @@ -364,16 +368,16 @@ The product name is first part of the PackageFullName followed by the version nu | SettingsPageAppsCorner | 5b04b775-356b-4aa0-aaf8-6491ffea580a\_1.0.0.0\_neutral\_\_4vefaa8deck74 | 5b04b775-356b-4aa0-aaf8-6491ffea580a | | SettingsPagePhoneNfc | b0894dfd-4671-4bb9-bc17-a8b39947ffb6\_1.0.0.0\_neutral\_\_1prqnbg33c1tj | b0894dfd-4671-4bb9-bc17-a8b39947ffb6 | -  + ## Inbox apps and components The following list shows the apps that may be included in the inbox. -> **Note**  This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience. +> **Note** This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience. + -  @@ -587,7 +591,7 @@ The following list shows the apps that may be included in the inbox. +

    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

    @@ -832,7 +836,7 @@ The following list shows the apps that may be included in the inbox.
    Microsoft Frameworks ProductID = 00000000-0000-0000-0000-000000000000 -

    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
    -  + ## Whitelist examples @@ -939,7 +943,7 @@ The following example disables the Mixed Reality Portal. In the example, the **I ``` -The following example for Windows 10 Mobile denies all apps and allows the following apps: +The following example for Windows 10 Mobile denies all apps and allows the following apps: - [settings app that rely on splash apps](#settingssplashapps) - most of the [inbox apps](#inboxappsandcomponents), but not all. @@ -1655,7 +1659,7 @@ The following example for Windows 10 Holographic for Business denies all apps an ``` ## Recommended deny list for Windows Information Protection -The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. +The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. In this example, Contoso is the node name. We recommend using a GUID for this node. @@ -1815,9 +1819,9 @@ In this example, Contoso is the node name. We recommend using a GUID for this no [Configuration service provider reference](configuration-service-provider-reference.md) -  - -  + + + diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index b61780ae9e..e714495ff9 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -2,11 +2,13 @@ title: AppLocker DDF file description: AppLocker DDF file ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index ea7901dc45..56b3e56fe3 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -2,11 +2,13 @@ title: AppLocker XSD description: Here's the XSD for the AppLocker CSP. ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index cd811d320d..076cd9d157 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -1,12 +1,14 @@ --- title: Deploy and configure App-V apps using MDM description: Deploy and configure App-V apps using MDM -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # Deploy and configure App-V apps using MDM @@ -451,4 +453,4 @@ ms.date: 06/26/2017 -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 1033a9f800..a69a0c6478 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -2,11 +2,13 @@ title: Assign seat description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business. ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 13f0987eca..644edc9197 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -2,11 +2,13 @@ title: AssignedAccess CSP description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. ms.assetid: 421CC07D-6000-48D9-B6A3-C638AAF83984 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 09/18/2018 --- @@ -22,6 +24,9 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u > [!Warning] > You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups. +> [!Note] +> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a convenience PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. + > [!Note] > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. @@ -55,7 +60,7 @@ Here's an example: > [!Tip] > In this example the double \\\ is required because it's in JSON and JSON escapes \ into \\\\. If an MDM server uses JSON parser\composer, they should ask customers to type only one \\, which will be \\\ in the JSON. If user types \\\\, it'll become \\\\\\\ in JSON, which will cause erroneous results. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (need to) escape \\. -> +> > This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string.  When configuring the kiosk mode app, the account name will be used to find the target user. The account name includes domain name and user name. @@ -388,51 +393,51 @@ KioskModeApp Replace ``` syntax -    -      -        -          -          -          -          -          -          -          -        -      -      -        -                      -                      -                        -                          -                            -                              -                              -                              -                              -                              -                            -                            -                              -                              -                            -                          -                        -                      -                    -                ]]> -      -      -    -    -      MultiAppKioskUser -      -    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + MultiAppKioskUser + + + ``` diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index e68f76f543..2df27888cf 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -2,11 +2,13 @@ title: AssignedAccess DDF description: AssignedAccess DDF ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 02/22/2018 --- diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 8cc949f6b9..6b89551570 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -2,11 +2,13 @@ title: Azure Active Directory integration with MDM description: Azure Active Directory is the world largest enterprise cloud identity management service. ms.assetid: D03B0765-5B5F-4C7B-9E2B-18E747D504EE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 09/05/2017 --- @@ -41,7 +43,7 @@ Azure AD Join also enables company owned devices to be automatically enrolled in > **Important**  Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](https://msdn.microsoft.com/library/azure/dn499825.aspx) license. -  + ### BYOD scenario Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If that’s the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. It’s important to note that in the BYOD case, users can reject the MDM Terms of Use—in which case the device is not enrolled in MDM and access to corporate resources is typically restricted. @@ -64,7 +66,7 @@ Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, th > **Note**  Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account. -  + ### MDM endpoints involved in Azure AD integrated enrollment Azure AD MDM enrollment is a two-step process: @@ -107,7 +109,7 @@ The MDM vendor must first register the application in their home tenant and mark > **Note**  For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. -  + The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs. Use the following steps to register a cloud-based MDM application with Azure AD. At this time, you need to work with the Azure AD engineering team to expose this application through the Azure AD app gallery. @@ -202,7 +204,7 @@ You should work with the Azure AD engineering team if your MDM application is cl -  + ### Add on-premises MDM to the app gallery There are no special requirements for adding on-premises MDM to the app gallery.There is a generic entry for administrator to add an app to their tenant. @@ -263,7 +265,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is -  + ## Terms of Use protocol semantics The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows performs a full-page redirect to this endpoint. This enables the MDM to display the terms and conditions that apply and allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue. @@ -305,7 +307,7 @@ The following parameters are passed in the query string: -  + ### Access token A bearer access token is issued by Azure AD is passed in the authorization header of the HTTP request. Here is a typical format: @@ -336,7 +338,7 @@ The following claims are expected in the access token passed by Windows to the T

    TID

    -

    A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.

    +

    A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.

    Resource

    @@ -344,10 +346,10 @@ The following claims are expected in the access token passed by Windows to the T -  -> **Note**  There is no device ID claim in the access token because the device may not yet be enrolled at this time. + +> Note There is no device ID claim in the access token because the device may not yet be enrolled at this time. -  + To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). Here's an example URL. @@ -448,7 +450,7 @@ The following table shows the error codes. -  + ## Enrollment protocol with Azure AD With Azure integrated MDM enrollment, there is no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments. @@ -588,7 +590,7 @@ With Azure integrated MDM enrollment, there is no discovery phase and the discov -  + ## Management protocol with Azure AD @@ -916,9 +918,9 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di -  + -  + diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md index c0a57334bc..548ad13c84 100644 --- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md +++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md @@ -1,12 +1,14 @@ --- title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 01/17/2018 +ms.reviewer: +manager: dansimp --- # Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 917fb0bafa..839842e41e 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -1,12 +1,14 @@ --- title: BitLocker CSP description: BitLocker CSP -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 05/02/2019 +ms.reviewer: +manager: dansimp --- # BitLocker CSP @@ -15,7 +17,7 @@ ms.date: 05/02/2019 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro. -> [!Note] +> [!NOTE] > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. > You must send all the settings together in a single SyncML to be effective. @@ -36,22 +38,22 @@ The following diagram shows the BitLocker configuration service provider in tree - - - - - - - + + + + + + + - - - - - - - + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcross markcross markcross markcross markcheck markcheck markcross markcross markcross markcross markcross markcheck markcheck mark
    @@ -61,7 +63,7 @@ The following diagram shows the BitLocker configuration service provider in tree - 1 – Require Storage cards to be encrypted.

    Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.

    - +

    If you want to disable this policy use the following SyncML:

    ``` syntax @@ -91,22 +93,22 @@ The following diagram shows the BitLocker configuration service provider in tree - - - - - - - + + + + + + + - - - - - - - + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcheck markcheck markcross markcheck markcheck markcheck markcheck markcheck markcheck mark
    @@ -136,36 +138,36 @@ The following diagram shows the BitLocker configuration service provider in tree

    Data type is integer. Supported operations are Add, Get, Replace, and Delete.

    **EncryptionMethodByDriveType** -

    Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".

    +

    Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".

    - - - - - - - + + + + + + + - - - - - - - + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

    ADMX Info:

      -
    • GP English name: *Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)*
      • -
    • GP name: *EncryptionMethodWithXts_Name*
      • -
    • GP path: *Windows Components/Bitlocker Drive Encryption*
      • -
    • GP ADMX file name: *VolumeEncryption.admx*
      • +
    • GP English name: Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
      • +
    • GP name: EncryptionMethodWithXts_Name
      • +
    • GP path: Windows Components/Bitlocker Drive Encryption
      • +
    • GP ADMX file name: VolumeEncryption.admx
    -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

    This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.

    @@ -184,14 +186,14 @@ The following diagram shows the BitLocker configuration service provider in tree

    EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.

    EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.

    -

    The possible values for 'xx' are:

    +

    The possible values for 'xx' are:

    - 3 = AES-CBC 128 - 4 = AES-CBC 256 - 6 = XTS-AES 128 - 7 = XTS-AES 256 -> [!Note] +> [!NOTE] > When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.

    If you want to disable this policy use the following SyncML:

    @@ -214,55 +216,55 @@ The following diagram shows the BitLocker configuration service provider in tree

    Data type is string. Supported operations are Add, Get, Replace, and Delete.

    **SystemDrivesRequireStartupAuthentication** -

    This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".

    +

    This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".

    - - - - - - - + + + + + + + - - - - - - - + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

    ADMX Info:

      -
    • GP English name: *Require additional authentication at startup*
      • -
    • GP name: *ConfigureAdvancedStartup_Name*
      • -
    • GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
      • -
    • GP ADMX file name: *VolumeEncryption.admx*
      • +
    • GP English name: Require additional authentication at startup
      • +
    • GP name: ConfigureAdvancedStartup_Name
      • +
    • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
      • +
    • GP ADMX file name: VolumeEncryption.admx
    -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

    This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This setting is applied when you turn on BitLocker.

    -> [!Note] +> [!NOTE] > Only one of the additional authentication options can be required at startup, otherwise an error occurs. -

    If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.

    +

    If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.

    On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.

    -> [!Note] +> [!NOTE] > In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.

    If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.

    If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.

    -> [!Note] +> [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.

    Sample value for this node to enable this policy is:

    @@ -279,13 +281,13 @@ The following diagram shows the BitLocker configuration service provider in tree
  • ConfigureTPMUsageDropDown_Name = (for computer with TPM) Configure TPM startup.
    • -

    The possible values for 'xx' are:

    +

    The possible values for 'xx' are:

    • true = Explicitly allow
    • false = Policy not set
    -

    The possible values for 'yy' are:

    +

    The possible values for 'yy' are:

    • 2 = Optional
    • 1 = Required
      • @@ -311,41 +313,41 @@ The following diagram shows the BitLocker configuration service provider in tree

      Data type is string. Supported operations are Add, Get, Replace, and Delete.

      **SystemDrivesMinimumPINLength** -

      This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".

      +

      This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".

      - - - - - - - + + + + + + + - - - - - - - + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

      ADMX Info:

        -
      • GP English name:*Configure minimum PIN length for startup*
        • -
      • GP name: *MinimumPINLength_Name*
        • -
      • GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
        • -
      • GP ADMX file name: *VolumeEncryption.admx*
        • +
      • GP English name:Configure minimum PIN length for startup
        • +
      • GP name: MinimumPINLength_Name
        • +
      • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
        • +
      • GP ADMX file name: VolumeEncryption.admx
      -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

      This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.

      -> [!Note] +> [!NOTE] > In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. > >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2. @@ -380,53 +382,53 @@ The following diagram shows the BitLocker configuration service provider in tree

      Data type is string. Supported operations are Add, Get, Replace, and Delete.

      **SystemDrivesRecoveryMessage** -

      This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name).

      +

      This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name).

      - - - - - - - + + + + + + + - - - - - - - + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

      ADMX Info:

        -
      • GP English name: *Configure pre-boot recovery message and URL*
        • -
      • GP name: *PrebootRecoveryInfo_Name*
        • -
      • GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
        • -
      • GP ADMX file name: *VolumeEncryption.admx*
        • +
      • GP English name: Configure pre-boot recovery message and URL
        • +
      • GP name: PrebootRecoveryInfo_Name
        • +
      • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
        • +
      • GP ADMX file name: VolumeEncryption.admx
      -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

      This setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.

      -

      If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL). - -

      If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.

      - -

      If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.

      - +

      If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL). + +

      If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.

      + +

      If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.

      +

      Sample value for this node to enable this policy is:

      ``` syntax ``` -

      The possible values for 'xx' are:

      +

      The possible values for 'xx' are:

      - 0 = Empty - 1 = Use default recovery message and URL (in this case you don't need to specify a value for "RecoveryMessage_Input" or "RecoveryUrl_Input"). @@ -435,7 +437,7 @@ The following diagram shows the BitLocker configuration service provider in tree - 'yy' = string of max length 900. - 'zz' = string of max length 500. -> [!Note] +> [!NOTE] > When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.

      Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:

      @@ -455,58 +457,57 @@ The following diagram shows the BitLocker configuration service provider in tree ``` -> [!Note] +> [!NOTE] > Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.

      Data type is string. Supported operations are Add, Get, Replace, and Delete.

      **SystemDrivesRecoveryOptions** -

      This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).

      +

      This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).

      - - - - - - - + + + + + + + - - - - - - - + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

      ADMX Info:

        -
      • GP English name: *Choose how BitLocker-protected operating system drives can be recovered*
        • -
      • GP name: *OSRecoveryUsage_Name*
        • -
      • GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
        • -
      • GP ADMX file name: *VolumeEncryption.admx*
        • +
      • GP English name: Choose how BitLocker-protected operating system drives can be recovered
        • +
      • GP name: OSRecoveryUsage_Name
        • +
      • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
        • +
      • GP ADMX file name: VolumeEncryption.admx
      -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

      This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.

      -

      The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.

      - -

      In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.

      - -

      Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.

      - -

      Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services), to choose which BitLocker recovery information to store in AD DS for operating system drives (OSActiveDirectoryBackupDropDown_Name). If you set "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you set "2" (Backup recovery password only), only the recovery password is stored in AD DS.

      - -

      Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.

      - -> [!Note] -> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated. +

      The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.

      + +

      In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.

      + +

      Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.

      + +

      Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services), to choose which BitLocker recovery information to store in AD DS for operating system drives (OSActiveDirectoryBackupDropDown_Name). If you set "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you set "2" (Backup recovery password only), only the recovery password is stored in AD DS.

      + +

      Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.

      + +> [!Note]
      > If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.

      If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.

      @@ -518,21 +519,21 @@ The following diagram shows the BitLocker configuration service provider in tree ``` -

      The possible values for 'xx' are:

      +

      The possible values for 'xx' are:

      • true = Explicitly allow
      • false = Policy not set
      -

      The possible values for 'yy' are:

      +

      The possible values for 'yy' are:

      • 2 = Allowed
      • 1 = Required
      • 0 = Disallowed
      -

      The possible values for 'zz' are:

      +

      The possible values for 'zz' are:

      • 2 = Store recovery passwords only
      • 1 = Store recovery passwords and key packages
        • @@ -559,54 +560,53 @@ The following diagram shows the BitLocker configuration service provider in tree

        Data type is string. Supported operations are Add, Get, Replace, and Delete.

        **FixedDrivesRecoveryOptions** -

        This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().

        +

        This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().

        - - - - - - - + + + + + + + - - - - - - - + + + + + + +
        HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
        cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

        ADMX Info:

          -
        • GP English name: *Choose how BitLocker-protected fixed drives can be recovered*
          • -
        • GP name: *FDVRecoveryUsage_Name*
          • -
        • GP path: *Windows Components/Bitlocker Drive Encryption/Fixed Drives*
          • -
        • GP ADMX file name: *VolumeEncryption.admx*
          • +
        • GP English name: Choose how BitLocker-protected fixed drives can be recovered
          • +
        • GP name: FDVRecoveryUsage_Name
          • +
        • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
          • +
        • GP ADMX file name: VolumeEncryption.admx
        -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

        This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.

        -

        The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.

        - -

        In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.

        - -

        Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.

        - -

        Set "FDVActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services) to enable saving the recovery key to AD.

        - -

        Set the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.

        +

        The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.

        -

        Set the "FDVActiveDirectoryBackupDropDown_Name" (Configure storage of BitLocker recovery information to AD DS) to choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "2" (Backup recovery password only) only the recovery password is stored in AD DS.

        - -> [!Note] -> If the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated. +

        In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.

        + +

        Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.

        + +

        Set "FDVActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services) to enable saving the recovery key to AD.

        + +

        Set the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.

        + +

        Set the "FDVActiveDirectoryBackupDropDown_Name" (Configure storage of BitLocker recovery information to AD DS) to choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "2" (Backup recovery password only) only the recovery password is stored in AD DS.

        + +> [!Note]
        > If the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated.

        If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.

        @@ -618,13 +618,13 @@ The following diagram shows the BitLocker configuration service provider in tree ``` -

        The possible values for 'xx' are:

        +

        The possible values for 'xx' are:

        • true = Explicitly allow
        • false = Policy not set
        -

        The possible values for 'yy' are:

        +

        The possible values for 'yy' are:

        • 2 = Allowed
        • 1 = Required
          • @@ -632,7 +632,7 @@ The following diagram shows the BitLocker configuration service provider in tree
        -

        The possible values for 'zz' are:

        +

        The possible values for 'zz' are:

        • 2 = Store recovery passwords only
        • 1 = Store recovery passwords and key packages
          • @@ -658,36 +658,36 @@ The following diagram shows the BitLocker configuration service provider in tree

          Data type is string. Supported operations are Add, Get, Replace, and Delete.

          **FixedDrivesRequireEncryption** -

          This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).

          +

          This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).

          - - - - - - - + + + + + + + - - - - - - - + + + + + + +
          HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
          cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

          ADMX Info:

            -
          • GP English name: *Deny write access to fixed drives not protected by BitLocker*
            • -
          • GP name: *FDVDenyWriteAccess_Name*
            • -
          • GP path: *Windows Components/Bitlocker Drive Encryption/Fixed Drives*
            • -
          • GP ADMX file name: *VolumeEncryption.admx*
            • +
          • GP English name: Deny write access to fixed drives not protected by BitLocker
            • +
          • GP name: FDVDenyWriteAccess_Name
            • +
          • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
            • +
          • GP ADMX file name: VolumeEncryption.admx
          -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

          This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.

          @@ -720,48 +720,47 @@ The following diagram shows the BitLocker configuration service provider in tree

          Data type is string. Supported operations are Add, Get, Replace, and Delete.

          **RemovableDrivesRequireEncryption** -

          This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).

          +

          This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).

          - - - - - - - + + + + + + + - - - - - - - + + + + + + +
          HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
          cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark

          ADMX Info:

            -
          • GP English name: *Deny write access to removable drives not protected by BitLocker*
            • -
          • GP name: *RDVDenyWriteAccess_Name*
            • -
          • GP path: *Windows Components/Bitlocker Drive Encryption/Removeable Drives*
            • -
          • GP ADMX file name: *VolumeEncryption.admx*
            • +
          • GP English name: Deny write access to removable drives not protected by BitLocker
            • +
          • GP name: RDVDenyWriteAccess_Name
            • +
          • GP path: Windows Components/Bitlocker Drive Encryption/Removeable Drives
            • +
          • GP ADMX file name: VolumeEncryption.admx
          -> [!Tip] +> [!TIP] > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).

          This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.

          If you enable this setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.

          -

          If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.

          - +

          If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.

          +

          If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.

          - -> [!Note] -> This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored. + +> [!Note]
          > This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.

          Sample value for this node to enable this policy is:

          @@ -769,7 +768,7 @@ The following diagram shows the BitLocker configuration service provider in tree ``` -

          The possible values for 'xx' are:

          +

          The possible values for 'xx' are:

          • true = Explicitly allow
          • false = Policy not set
            • @@ -796,7 +795,7 @@ The following diagram shows the BitLocker configuration service provider in tree

            Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.

            -> [!Important] +> [!IMPORTANT] > Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview). > [!Warning] @@ -804,22 +803,22 @@ The following diagram shows the BitLocker configuration service provider in tree - - - - - - - + + + + + + + - - - - - - - + + + + + + +
            HomeProBusinessEnterpriseEducationMobileMobile EnterpriseHomeProBusinessEnterpriseEducationMobileMobile Enterprise
            cross markcheck markcheck markcheck markcheck markcross markcross markcross markcheck markcheck markcheck markcheck markcross markcross mark
            @@ -830,20 +829,20 @@ The following diagram shows the BitLocker configuration service provider in tree ``` syntax - 110 - - - ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption - - - int - - 0 - + 110 + + + ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption + + + int + + 0 + ``` ->[!NOTE] +> [!NOTE] >When you disable the warning prompt, the OS drive's recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who receives the prompt can select where to back up the OS drive's recovery key. > >The endpoint for a fixed data drive's backup is chosen in the following order: @@ -856,11 +855,11 @@ The following diagram shows the BitLocker configuration service provider in tree **AllowStandardUserEncryption** Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account. -> [!Note] +> [!NOTE] > This policy is only supported in Azure AD accounts. - + "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, silent encryption is enforced. - + If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system. The expected values for this policy are: @@ -934,7 +933,7 @@ The following example is provided to show proper format and should not be taken - + $CmdID$ @@ -951,7 +950,7 @@ The following example is provided to show proper format and should not be taken - + $CmdID$ @@ -964,7 +963,7 @@ The following example is provided to show proper format and should not be taken - + $CmdID$ @@ -979,7 +978,7 @@ The following example is provided to show proper format and should not be taken - + $CmdID$ @@ -1029,7 +1028,7 @@ The following example is provided to show proper format and should not be taken - + $CmdID$ @@ -1042,7 +1041,7 @@ The following example is provided to show proper format and should not be taken - + diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 9d1fd9bf4d..0947f35b1a 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -1,12 +1,14 @@ --- title: BitLocker DDF file description: BitLocker DDF file -ms.author: maricia +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/29/2018 +ms.reviewer: +manager: dansimp --- # BitLocker DDF file @@ -736,4 +738,4 @@ The XML below is the current version Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md index e59f02fc74..509638a1e4 100644 --- a/windows/client-management/mdm/bootstrap-csp.md +++ b/windows/client-management/mdm/bootstrap-csp.md @@ -2,11 +2,13 @@ title: BOOTSTRAP CSP description: BOOTSTRAP CSP ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -16,12 +18,12 @@ ms.date: 06/26/2017 The BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device. > **Note**  BOOTSTRAP CSP is only supported in Windows 10 Mobile. - -  - +> +> +> > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. -  + The following image shows the BOOTSTRAP configuration service provider in tree format as used by Open Mobile Alliance (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider. @@ -38,9 +40,9 @@ Required. Specifies the location of a Trusted Provisioning Server (TPS). The PRO [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index 343ffbf2c3..c2cbd2a8d2 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -2,11 +2,13 @@ title: BrowserFavorite CSP description: BrowserFavorite CSP ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -17,14 +19,14 @@ The BrowserFavorite configuration service provider is used to add and remove URL > **Note**  BrowserFavorite CSP is only supported in Windows Phone 8.1. -  + The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder. > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application. -  + The following diagram shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider. @@ -35,7 +37,7 @@ Required. Specifies the user-friendly name of the favorite URL that is displayed > **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > | -  + Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite. @@ -96,16 +98,16 @@ The following table shows the Microsoft custom elements that this configuration -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index 953ec2e528..9e077af341 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -2,11 +2,13 @@ title: Bulk assign and reclaim seats from users description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business. ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 09/18/2017 --- @@ -35,7 +37,7 @@ The **Bulk assign and reclaim seats from users** operation returns reclaimed or -  + ### URI parameters The following parameters may be specified in the request URI. @@ -71,13 +73,13 @@ The following parameters may be specified in the request URI.

            seatAction

            -

            [SeatAction](data-structures-windows-store-for-business.md#seataction)

            +

            SeatAction

            -  + ## Response ### Response body @@ -110,9 +112,9 @@ The response body contains [BulkSeatOperationResultSet](data-structures-windows- -  + -  + diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 8aa018c18c..955a7207d1 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -30,12 +32,12 @@ On the desktop, you can create an Active Directory account, such as "enrollment@ On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as "enroll@contoso.com" and "enrollmentpassword." These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them. ->[!NOTE]   +> [!NOTE] > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. -  + ## What you need @@ -51,27 +53,27 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). -2. Click **Advanced Provisioning**. +1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +2. Click **Advanced Provisioning**. - ![icd start page](images/bulk-enrollment7.png) -3. Enter a project name and click **Next**. -4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**. -5. Skip **Import a provisioning package (optional)** and click **Finish**. -6. Expand **Runtime settings** > **Workplace**. -7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**. - The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com". -8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process. - Here is the list of available settings: - - **AuthPolicy** - Select **OnPremise**. - - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service. - - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. - - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - - **Secret** - Password - For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). - Here is the screenshot of the ICD at this point. - ![bulk enrollment screenshot](images/bulk-enrollment.png) -9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). + ![icd start page](images/bulk-enrollment7.png) +3. Enter a project name and click **Next**. +4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**. +5. Skip **Import a provisioning package (optional)** and click **Finish**. +6. Expand **Runtime settings** > **Workplace**. +7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**. + The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com". +8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process. + Here is the list of available settings: + - **AuthPolicy** - Select **OnPremise**. + - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service. + - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. + - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. + - **Secret** - Password + For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). + Here is the screenshot of the ICD at this point. + ![bulk enrollment screenshot](images/bulk-enrollment.png) +9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 10. When you are done adding all the settings, on the **File** menu, click **Save**. 11. On the main menu click **Export** > **Provisioning package**. @@ -91,34 +93,34 @@ Using the ICD, create a provisioning package using the enrollment information re Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). -2. Click **Advanced Provisioning**. -3. Enter a project name and click **Next**. -4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions. -5. Skip **Import a provisioning package (optional)** and click **Finish**. -6. Specify the certificate. - 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**. - 2. Enter a **CertificateName** and then click **Add**. - 3. Enter the **CertificatePasword**. - 4. For **CertificatePath**, browse and select the certificate to be used. - 5. Set **ExportCertificate** to False. - 6. For **KeyLocation**, select **Software only**. +1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +2. Click **Advanced Provisioning**. +3. Enter a project name and click **Next**. +4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions. +5. Skip **Import a provisioning package (optional)** and click **Finish**. +6. Specify the certificate. + 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**. + 2. Enter a **CertificateName** and then click **Add**. + 3. Enter the **CertificatePasword**. + 4. For **CertificatePath**, browse and select the certificate to be used. + 5. Set **ExportCertificate** to False. + 6. For **KeyLocation**, select **Software only**. - ![icd certificates section](images/bulk-enrollment8.png) -7. Specify the workplace settings. - 1. Got to **Workplace** > **Enrollments**. - 2. Enter the **UPN** for the enrollment and then click **Add**. - The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com". - 3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process. - Here is the list of available settings: - - **AuthPolicy** - Select **Certificate**. - - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service. - - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. - - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - - **Secret** - the certificate thumbprint. - For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). -8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). -9. When you are done adding all the settings, on the **File** menu, click **Save**. + ![icd certificates section](images/bulk-enrollment8.png) +7. Specify the workplace settings. + 1. Got to **Workplace** > **Enrollments**. + 2. Enter the **UPN** for the enrollment and then click **Add**. + The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com". + 3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process. + Here is the list of available settings: + - **AuthPolicy** - Select **Certificate**. + - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service. + - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. + - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. + - **Secret** - the certificate thumbprint. + For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). +8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). +9. When you are done adding all the settings, on the **File** menu, click **Save**. 10. Export and build the package (steps 10-13 in the procedure above). 11. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package). 12. Apply the package to your devices. @@ -161,7 +163,7 @@ Here are links to step-by-step provisioning topics in Technet. - [Provision PCs with apps and certificates for initial deployment](https://technet.microsoft.com/itpro/windows/deploy/provision-pcs-with-apps-and-certificates) - [Provision PCs with common settings for initial deployment](https://technet.microsoft.com/itpro/windows/deploy/provision-pcs-for-initial-deployment) -  + diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index 19669fb1b1..d982a50e25 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -2,11 +2,13 @@ title: CellularSettings CSP description: CellularSettings CSP ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -51,16 +53,16 @@ The following image shows the CellularSettings CSP in tree format as used by Ope -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index 680d7840ab..3e90f99dc8 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -2,11 +2,13 @@ title: Certificate authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy. ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index a857467f1a..162fbea922 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.certificate\_renewal' - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm' ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index aff0b23244..514837edc2 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -2,11 +2,13 @@ title: CertificateStore CSP description: CertificateStore CSP ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The CertificateStore configuration service provider is used to add secure socket > **Note**   The CertificateStore configuration service provider does not support installing client certificates. -  + For the CertificateStore CSP, you cannot use the Replace command unless the node already exists. @@ -32,7 +34,7 @@ Supported operation is Get. > **Note**  Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates. -  + **CA/System** Defines the certificate store that contains cryptographic information, including intermediary certification authorities. @@ -41,7 +43,7 @@ Supported operation is Get. > **Note**  CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates. -  + **My/User** Defines the certificate store that contains public keys for client certificates. This is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications. @@ -50,7 +52,7 @@ Supported operation is Get. > **Note**  My/User is case sensitive. -  + **My/System** Defines the certificate store that contains public key for client certificate. This is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading. @@ -59,7 +61,7 @@ Supported operation is Get. > **Note**  My/System is case sensitive. -  + ***CertHash*** Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. @@ -103,9 +105,9 @@ Supported operation is Get. > **Note**  Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP. -  + -**My/SCEP/****_UniqueID_** +**My/SCEP/***UniqueID* Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node. Supported operations are Get, Add, Replace, and Delete. @@ -117,7 +119,7 @@ Supported operations are Add, Replace, and Delete. > **Note**   Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values. -  + **My/SCEP/*UniqueID*/Install/ServerURL** Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string. @@ -211,7 +213,7 @@ Valid values are one of the following: > **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. -  + **My/SCEP/*UniqueID*/Install/ValidPeriodUnits** Optional. Specifies desired number of units used in validity period and subject to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. The valid period specified by MDM overwrites the valid period specified in the certificate template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Value type is an integer. @@ -220,7 +222,7 @@ Supported operations are Get, Add, Delete, and Replace. > **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. -  + **My/SCEP/*UniqueID*/Install/Enroll** Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node does not contain a value. @@ -277,7 +279,7 @@ Optional. Specifies the URL of certificate renewal server. If this node does not > **Note**  The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service. -  + Supported operations are Add, Get, Delete, and Replace. @@ -290,7 +292,7 @@ Supported operations are Add, Get, Delete, and Replace. > **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -  + **My/WSTEP/Renew/RetryInterval** Optional. Specifies the retry interval (in days) when the previous renewal failed. It applies to both manual certificate renewal and ROBO automatic certificate renewal. The retry schedule stops at the certificate expiration date. @@ -305,7 +307,7 @@ Supported operations are Add, Get, Delete, and Replace. > **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -  + **My/WSTEP/Renew/ROBOSupport** Optional. Notifies the client if the MDM enrollment server supports ROBO auto certificate renewal. Value type is bool. @@ -316,7 +318,7 @@ Supported operations are Add, Get, Delete, and Replace. > **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -  + **My/WSTEP/Renew/Status** Required. Shows the latest action status for this certificate. Value type is an integer. @@ -627,9 +629,9 @@ Configure the device to automatically renew an MDM client certificate with the s [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index 820779ea14..dfda88db79 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -2,11 +2,13 @@ title: CertificateStore DDF file description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: lomayor ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 4ce39d12fb..5b7d432911 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -1,12 +1,14 @@ --- title: CleanPC CSP description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # CleanPC CSP diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 1c1c3ded0a..116930deb1 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -2,11 +2,13 @@ title: CleanPC DDF description: This topic shows the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index f3c9fd3fc3..5664409319 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -2,11 +2,13 @@ title: ClientCertificateInstall CSP description: ClientCertificateInstall CSP ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: pashort +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: shortpatti +author: manikadhiman ms.date: 10/16/2018 --- @@ -28,7 +30,7 @@ The following image shows the ClientCertificateInstall configuration service pro ![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png) **Device or User** -

            For device certificates, use **./Device/Vendor/MSFT** path and for user certificates use **./User/Vendor/MSFT** path. +

            For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path. **ClientCertificateInstall**

            The root node for the ClientCertificateInstaller configuration service provider. @@ -38,7 +40,7 @@ The following image shows the ClientCertificateInstall configuration service pro

            Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/****_UniqueID_** +**ClientCertificateInstall/PFXCertInstall/***UniqueID*

            Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.

            The data type format is node. @@ -70,7 +72,7 @@ The following image shows the ClientCertificateInstall configuration service pro

            Supported operations are Get, Add, Delete, and Replace. **ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob** -

            CRYPT\_DATA\_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation. +

            CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.

            The data type format is binary. @@ -80,7 +82,7 @@ The following image shows the ClientCertificateInstall configuration service pro

            If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail. -

            In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT\_DATA\_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](https://go.microsoft.com/fwlink/p/?LinkId=523871). +

            In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in CRYPT_INTEGER_BLOB. **ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**

            Password that protects the PFX blob. This is required if the PFX is password protected. @@ -107,7 +109,7 @@ The following image shows the ClientCertificateInstall configuration service pro > **Note**  You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. -  +

            The data type bool.

            Supported operations are Get, Add, and Replace. @@ -138,8 +140,8 @@ The following image shows the ClientCertificateInstall configuration service pro > **Note**  An alert is sent after the SCEP certificate is installed. -  -**ClientCertificateInstall/SCEP/****_UniqueID_** + +**ClientCertificateInstall/SCEP/***UniqueID*

            A unique ID to differentiate different certificate installation requests. @@ -150,7 +152,7 @@ The following image shows the ClientCertificateInstall configuration service pro > **Note**  Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and make sure the device is not at an unknown state before changing child node values. -  + **ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**

            Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons. @@ -166,7 +168,7 @@ The following image shows the ClientCertificateInstall configuration service pro

            Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** -

            Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus **+**. For example, *OID1*+*OID2*+*OID3*. +

            Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus +. For example, OID1+OID2+OID3. Data type is string.

            Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have the second (0x20), fourth (0x80) or both bits set. If the value doesn’t have those bits set, the configuration will fail. @@ -187,7 +189,7 @@ Data type is string. > **Note**  Even if the private key is protected by TPM, it is not protected with a TPM PIN. -  +

            The data type is an integer corresponding to one of the following values: | Value | Description | @@ -197,7 +199,7 @@ Data type is string. | 3 | (Default) Private key saved in software KSP. | | 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specifed, otherwise enrollment will fail. | -  +

            Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage** @@ -234,7 +236,7 @@ Data type is string. > **Note**  This name is typically ignored by the SCEP server; therefore the MDM server typically doesn’t need to provide it. -  +

            Data type is string.

            Supported operations are Add, Get, Delete, and Replace. @@ -251,7 +253,7 @@ Data type is string.

            Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm** -

            Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with **+**. +

            Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with +.

            For Windows Hello for Business, only SHA256 is the supported algorithm. @@ -269,7 +271,7 @@ Data type is string. **ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**

            Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information. -

            Each pair is separated by semicolon. For example, multiple SANs are presented in the format of *\[name format1\]*+*\[actual name1\]*;*\[name format 2\]*+*\[actual name2\]*. +

            Each pair is separated by semicolon. For example, multiple SANs are presented in the format of [name format1]+[actual name1];[name format 2]+[actual name2].

            Data type is string. @@ -288,7 +290,7 @@ Data type is string. > **Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. -  +

            Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** @@ -298,7 +300,7 @@ Data type is string. >**Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. -  +

            Supported operations are Add, Get, Delete, and Replace. **ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** @@ -352,7 +354,7 @@ Data type is string. | 16 | Action failed | | 32 | Unknown | -  + **ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode**

            Optional. An integer value that indicates the HRESULT of the last enrollment error code. @@ -666,9 +668,9 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index b5ef7a8349..7c2db0122d 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -2,11 +2,13 @@ title: ClientCertificateInstall DDF file description: ClientCertificateInstall DDF file ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index adffb8bef0..6ef3f48d8b 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -2,11 +2,13 @@ title: CM\_CellularEntries CSP description: CM\_CellularEntries CSP ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/02/2017 --- @@ -20,24 +22,24 @@ The following diagram shows the CM\_CellularEntries configuration service provid ![cm\-cellularentries csp](images/provisioning-csp-cm-cellularentries.png) -**_entryname_** +***entryname***

            Defines the name of the connection.

            -

            The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy.

            +

            The CMPolicy configuration service provider uses the value of entryname to identify the connection that is associated with a policy and CM_ProxyEntries configuration service provider uses the value of entryname to identify the connection that is associated with a proxy.

            **AlwaysOn**

            Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available. -

            A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS. +

            A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS. -

            A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs. +

            A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.

            There must be at least one AlwaysOn Internet connection provisioned for the mobile operator. **AuthType**

            Optional. Type: String. Specifies the method of authentication used for a connection. -

            A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None". +

            A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None". **ConnectionType**

            Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available: @@ -75,48 +77,48 @@ The following diagram shows the CM\_CellularEntries configuration service provid -  + **Desc.langid**

            Optional. Specifies the UI display string used by the defined language ID. -

            A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as `Desc.0409` with a value of `"GPRS Connection"` will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no **Desc** parameter is provisioned for a given language, the system will default to the name used to create the entry. +

            A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry. **Enabled**

            Specifies if the connection is enabled. -

            A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled. +

            A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled. **IpHeaderCompression**

            Optional. Specifies if IP header compression is enabled. -

            A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled. +

            A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled. **Password** -

            Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN. +

            Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN. **SwCompression**

            Optional. Specifies if software compression is enabled. -

            A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled. +

            A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled. **UserName** -

            Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN. +

            Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN. **UseRequiresMappingsPolicy**

            Optional. Specifies if the connection requires a corresponding mappings policy. -

            A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present. +

            A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present. -

            For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic. +

            For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic. **Version** -

            Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider. +

            Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider. -

            This value must be "1" if included. +

            This value must be "1" if included. **GPRSInfoAccessPointName** -

            Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT". +

            Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT". **Roaming**

            Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available: @@ -132,22 +134,22 @@ The following diagram shows the CM\_CellularEntries configuration service provid

            Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices. **ApnId** -

            Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices. +

            Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices. **IPType** -

            Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4". +

            Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4". -> [!Warning]   +> [!WARNING] > Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6. -  + **ExemptFromDisablePolicy** -

            Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt). +

            Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt). -

            To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed. +

            To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed. -> [!Important]   +> [!IMPORTANT] > Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections.

            To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should: @@ -155,26 +157,25 @@ The following diagram shows the CM\_CellularEntries configuration service provid - Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1) - Set AllowMMSIfDataIsOff to 1 (default is 0) -  + **ExemptFromRoaming** -

            Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt). +

            Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt). **TetheringNAI** -

            Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0". +

            Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0". **IdleDisconnectTimeout**

            Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds. -> [!Important]   -

            You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used. +> [!IMPORTANT] +>

            You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used. -  -> [!Note]   +> [!NOTE] > If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds. -  + **SimIccId**

            For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection. @@ -183,6 +184,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid

            Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: - Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F +- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD - MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 - IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 - SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD @@ -297,16 +299,16 @@ The following table shows the Microsoft custom elements that this configuration -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 50b393f039..432b10a418 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -2,11 +2,13 @@ title: CM\_ProxyEntries CSP description: CM\_ProxyEntries CSP ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -16,12 +18,12 @@ ms.date: 06/26/2017 The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device. > **Note**  CM\_ProxyEntries CSP is only supported in Windows 10 Mobile. - -  - +> +> +> > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -  + The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607. @@ -133,16 +135,16 @@ The following table shows the Microsoft custom elements that this configuration -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 6b1ae02496..e9c0f37c15 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -2,11 +2,13 @@ title: CMPolicy CSP description: CMPolicy CSP ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -18,7 +20,7 @@ The CMPolicy configuration service provider defines rules that the Connection Ma > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -  + Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies @@ -61,7 +63,7 @@ Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. -**Conn****_XXX_** +**Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** @@ -110,7 +112,7 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th -  + For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: @@ -185,7 +187,7 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ -  + For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available: @@ -220,7 +222,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. -  + **Type** Specifies the type of connection being referenced. The following list describes the available connection types: @@ -496,16 +498,16 @@ Adding a host-based mapping policy: -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 46f6724edb..f601f858de 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -2,11 +2,13 @@ title: CMPolicyEnterprise CSP description: CMPolicyEnterprise CSP ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -18,7 +20,7 @@ The CMPolicyEnterprise configuration service provider is used by the enterprise > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -  + Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies @@ -61,7 +63,7 @@ Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. -**Conn****_XXX_** +**Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** @@ -110,7 +112,7 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th -  + For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: @@ -185,7 +187,7 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ -  + For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available: @@ -220,7 +222,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. -  + **Type** Specifies the type of connection being referenced. The following list describes the available connection types: @@ -496,16 +498,16 @@ Adding a host-based mapping policy: -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index 8082e19a7b..231c3a42a1 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -2,11 +2,13 @@ title: CMPolicyEnterprise DDF file description: CMPolicyEnterprise DDF file ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 8f8ef0ecd3..b8cce9175a 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2,16 +2,20 @@ title: Configuration service provider reference description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. ms.assetid: 71823658-951f-4163-9c40-c4d4adceaaec -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 08/27/2018 +author: manikadhiman +ms.date: 05/13/2019 --- # Configuration service provider reference +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. @@ -23,14 +27,6 @@ Additional lists: - [List of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport) - [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport) -The following tables show the configuration service providers support in Windows 10. -Footnotes: -- 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 -- 3 - Added in Windows 10, version 1709 -- 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, version 1809 -

            @@ -932,6 +928,34 @@ Footnotes: + +[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) + + + + + + + + + + + + + + + + + + + + + +
            HomeProBusinessEnterpriseEducationMobileMobile Enterprise
            check mark6check mark6check mark6check mark6check mark6cross markcross mark
            + + + + [EnterpriseAPN CSP](enterpriseapn-csp.md) @@ -2646,14 +2670,6 @@ Footnotes:
            - - Footnotes: -- 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 -- 3 - Added in Windows 10, version 1709 -- 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, version 1809 - ## CSP DDF files download You can download the DDF files for various CSPs from the links below: @@ -2696,13 +2712,7 @@ The following list shows the configuration service providers supported in Window | [WiFi CSP](wifi-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [WindowsLicensing CSP](windowslicensing-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | - Footnotes: -- 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 -- 3 - Added in Windows 10, version 1709 -- 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, version 1809 - + ## CSPs supported in Microsoft Surface Hub - [AccountManagement CSP](accountmanagement-csp.md) @@ -2750,12 +2760,19 @@ The following list shows the configuration service providers supported in Window - [Policy CSP](policy-configuration-service-provider.md) - [Provisioning CSP (Provisioning only)](provisioning-csp.md) - [Reboot CSP](reboot-csp.md) -- [RemoteWipe CSP](remotewipe-csp.md) 1 +- [RemoteWipe CSP](remotewipe-csp.md)5 - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) - [Update CSP](update-csp.md) - [VPNv2 CSP](vpnv2-csp.md) - [WiFi CSP](wifi-csp.md) - Footnotes: -- 1 - Added in Windows 10, version 1809 +
            + + Footnotes: +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. +- 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md index 8604379b77..cb8579e827 100644 --- a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md +++ b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md @@ -2,11 +2,13 @@ title: Create a custom configuration service provider description: Create a custom configuration service provider ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -43,11 +45,11 @@ This code must be compiled into a single .dll file and added to a package by usi

            File location

            -

            %DataDrive%\SharedData\OEM\CSP\

            +

            %DataDrive%\SharedData\OEM\CSP</p>

            Registry location

            -

            $(HKLM.SOFTWARE)\OEM\CSP\

            +

            $(HKLM.SOFTWARE)\OEM\CSP</p> @@ -86,7 +88,7 @@ To make the configuration service provider accessible from WAP XML, you must reg ``` -  + diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 06c4308457..6e5b89a1b1 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -2,11 +2,13 @@ title: CustomDeviceUI CSP description: CustomDeviceUI CSP ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -28,7 +30,7 @@ AppID string value is the default appid/AUMID to launch during startup. The supp **BackgroundTasksToLaunch** List of package names of background tasks that need to be launched on device startup. The supported operation is Get. -**BackgroundTasksToLaunch/****_BackgroundTaskPackageName_** +**BackgroundTasksToLaunch/***BackgroundTaskPackageName* Package Full Name of the App that needs be launched in the background. This can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace. ## SyncML examples @@ -96,9 +98,9 @@ Package Full Name of the App that needs be launched in the background. This can ``` -  + -  + diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index d862212b6c..e77efa5c6f 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -2,11 +2,13 @@ title: CustomDeviceUI DDF description: CustomDeviceUI DDF ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 3b6a66593b..0bd426ee5a 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -4,12 +4,14 @@ MS-HAID: - 'p\_phdevicemgmt.business\_store\_data\_structures' - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business' ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B +ms.reviewer: +manager: dansimp description: -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- @@ -79,7 +81,7 @@ Specifies the properties of the alternate identifier. -  + ## BulkSeatOperationResultSet @@ -98,16 +100,16 @@ Specifies the properties of the alternate identifier.

            seatDetails

            -

            collection of [SeatDetails](#seatdetails)

            +

            collection of SeatDetails

            failedSeatOperations

            -

            collection of [FailedSeatRequest](#failedseatrequest)

            +

            collection of FailedSeatRequest

            -  + ## FailedSeatRequest @@ -130,7 +132,7 @@ Specifies the properties of the alternate identifier.

            productKey

            -

            [ProductKey](#productkey)

            +

            ProductKey

            userName

            @@ -139,7 +141,7 @@ Specifies the properties of the alternate identifier. -  + ## FrameworkPackageDetails @@ -170,7 +172,7 @@ Specifies the properties of the alternate identifier.

            location

            -

            [PackageLocation](#packagelocation)

            +

            PackageLocation

            @@ -185,17 +187,17 @@ Specifies the properties of the alternate identifier.

            architectures

            -

            collection of [ProductArchitectures](#productarchitectures)

            +

            collection of ProductArchitectures

            packageFormat

            -

            [ProductPackageFormat](#productpackageformat)

            +

            ProductPackageFormat

            platforms

            -

            collection of [ProductPlatform](#productplatform)

            +

            collection of ProductPlatform

            @@ -211,7 +213,7 @@ Specifies the properties of the alternate identifier. -  + ## InventoryDistributionPolicy @@ -239,7 +241,7 @@ Specifies the properties of the alternate identifier. -  + ## InventoryEntryDetails @@ -260,7 +262,7 @@ Specifies the properties of the alternate identifier.

            productKey

            -

            [ProductKey](#productkey)

            +

            ProductKey

            Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

            @@ -280,23 +282,23 @@ Specifies the properties of the alternate identifier.

            licenseType

            -

            [LicenseType](#licensetype)

            +

            LicenseType

            Indicates whether the set of seats for a given application supports online or offline licensing.

            distributionPolicy

            -

            [InventoryDistributionPolicy](#inventorydistributionpolicy)

            +

            InventoryDistributionPolicy

            status

            -

            [InventoryStatus](#inventorystatus)

            +

            InventoryStatus

            -  + ## InventoryResultSet @@ -322,13 +324,13 @@ Specifies the properties of the alternate identifier.

            inventoryEntries

            -

            collection of [InventoryEntryDetails](#inventoryentrydetails)

            +

            collection of InventoryEntryDetails

            -  + ## InventoryStatus @@ -356,7 +358,7 @@ Specifies the properties of the alternate identifier. -  + ## LicenseType @@ -384,7 +386,7 @@ Specifies the properties of the alternate identifier. -  + ## LocalizedProductDetail @@ -422,18 +424,18 @@ Specifies the properties of the localized product.

            images

            -

            collection of [ProductImage](#productimage)

            +

            collection of ProductImage

            Artwork and icon associated with the application.

            publisher

            -

            [PublisherDetails](#publisherdetails)

            +

            PublisherDetails

            Publisher of the application.

            -  + ## OfflineLicense @@ -454,7 +456,7 @@ Specifies the properties of the localized product.

            productKey

            -

            [ProductKey](#productkey)

            +

            ProductKey

            Identifies a set of seats associated with an application.

            @@ -480,7 +482,7 @@ Specifies the properties of the localized product. -  + ## PackageContentInfo @@ -499,7 +501,7 @@ Specifies the properties of the localized product.

            productPlatforms

            -

            collection of [ProductPlatform](#productplatform)

            +

            collection of ProductPlatform

            packageFormat

            @@ -508,7 +510,7 @@ Specifies the properties of the localized product. -  + ## PackageLocation @@ -535,7 +537,7 @@ Specifies the properties of the localized product. -  + ## ProductArchitectures @@ -565,7 +567,7 @@ Specifies the properties of the localized product. -  + ## ProductDetails @@ -586,7 +588,7 @@ Specifies the properties of the localized product.

            productKey

            -

            [ProductKey](#productkey)

            +

            ProductKey

            Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

            @@ -611,7 +613,7 @@ Specifies the properties of the localized product.

            alternateIds

            -

            collection of [AlternateIdentifier](#alternateidentifier)

            +

            collection of AlternateIdentifier

            The identifiers that can be used to instantiate the installation of on online application.

            @@ -621,13 +623,13 @@ Specifies the properties of the localized product.

            supportedPlatforms

            -

            collection of [ProductPlatform](#productplatform)

            +

            collection of ProductPlatform

            -  + ## ProductImage @@ -656,7 +658,7 @@ Specifies the properties of the product image.

            purpose

            string

            -

            Tag for the purpose of the image, e.g. "screenshot" or "logo".

            +

            Tag for the purpose of the image, e.g. "screenshot" or "logo".

            height

            @@ -676,12 +678,12 @@ Specifies the properties of the product image.

            backgroundColor

            string

            -

            Format "#RRGGBB"

            +

            Format "#RRGGBB"

            foregroundColor

            string

            -

            Format "#RRGGBB"

            +

            Format "#RRGGBB"

            fileSize

            @@ -691,7 +693,7 @@ Specifies the properties of the product image. -  + ## ProductKey @@ -725,7 +727,7 @@ Specifies the properties of the product key. -  + ## ProductPackageDetails @@ -746,7 +748,7 @@ Specifies the properties of the product key.

            frameworkDependencyPackages

            -

            collection of [FrameworkPackageDetails](#frameworkpackagedetails)

            +

            collection of FrameworkPackageDetails

            @@ -761,7 +763,7 @@ Specifies the properties of the product key.

            location

            -

            [PackageLocation](#packagelocation)

            +

            PackageLocation

            @@ -776,17 +778,17 @@ Specifies the properties of the product key.

            architectures

            -

            collection of [ProductArchitectures](#productarchitectures)

            +

            collection of ProductArchitectures

            Values {x86, x64, arm, neutral}

            packageFormat

            -

            [ProductPackageFormat](#productpackageformat)

            +

            ProductPackageFormat

            Extension of the package file.

            platforms

            -

            collection of [ProductPlatform](#productplatform)

            +

            collection of ProductPlatform

            @@ -802,7 +804,7 @@ Specifies the properties of the product key. -  + ## ProductPackageFormat @@ -829,7 +831,7 @@ Specifies the properties of the product key. -  + ## ProductPackageSet @@ -855,13 +857,13 @@ Specifies the properties of the product key.

            productPackages

            -

            collection of [ProductPackageDetails](#productpackagedetails)

            +

            collection of ProductPackageDetails

            A collection of application packages.

            -  + ## ProductPlatform @@ -884,16 +886,16 @@ Specifies the properties of the product key.

            minVersion

            -

            [VersionInfo](#versioninfo)

            +

            VersionInfo

            maxTestedVersion

            -

            [VersionInfo](#versioninfo)

            +

            VersionInfo

            -  + ## PublisherDetails @@ -927,7 +929,7 @@ Specifies the properties of the publisher details. -  + ## SeatAction @@ -951,7 +953,7 @@ Specifies the properties of the publisher details. -  + ## SeatDetails @@ -973,7 +975,7 @@ Specifies the properties of the publisher details.

            assignedTo

            string

            -

            Format = UPN (user@domain)

            +

            Format = UPN (user

            dateAssigned

            @@ -982,18 +984,18 @@ Specifies the properties of the publisher details.

            state

            -

            [SeatState](#seatstate)

            +

            SeatState

            productKey

            -

            [ProductKey](#productkey)

            +

            ProductKey

            -  + ## SeatDetailsResultSet @@ -1012,7 +1014,7 @@ Specifies the properties of the publisher details.

            seats

            -

            collection of [SeatDetails](#seatdetails)

            +

            collection of SeatDetails

            continuationToken

            @@ -1021,7 +1023,7 @@ Specifies the properties of the publisher details. -  + ## SeatState @@ -1045,7 +1047,7 @@ Specifies the properties of the publisher details. -  + ## SupportedProductPlatform @@ -1068,20 +1070,20 @@ Specifies the properties of the publisher details.

            minVersion

            -

            [VersionInfo](#versioninfo)

            +

            VersionInfo

            maxTestedVersion

            -

            [VersionInfo](#versioninfo)

            +

            VersionInfo

            architectures

            -

            collection of [ProductArchitecture](#productarchitecture)

            +

            collection of ProductArchitectures

            -  + ## VersionInfo diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 9782ed9ad1..2579fa4d39 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -2,11 +2,13 @@ title: Defender CSP description: Defender CSP ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/19/2018 --- @@ -26,7 +28,7 @@ An interior node to group all threats detected by Windows Defender. Supported operation is Get. -**Detections/****_ThreatId_** +**Detections/***ThreatId* The ID of a threat that has been detected by Windows Defender. Supported operation is Get. @@ -120,7 +122,7 @@ The following table describes the supported values: | 50 | Ransomware | | 51 | ASR Rule | -  + Supported operation is Get. diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 7d4f147be9..0fdd2a3569 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -2,11 +2,13 @@ title: Defender DDF file description: Defender DDF file ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/12/2018 --- @@ -697,4 +699,4 @@ The XML below is for Windows 10, version 1809. ## Related topics -[Defender configuration service provider](defender-csp.md) \ No newline at end of file +[Defender configuration service provider](defender-csp.md) diff --git a/windows/client-management/mdm/design-a-custom-windows-csp.md b/windows/client-management/mdm/design-a-custom-windows-csp.md index 66df907c0c..583e098cdc 100644 --- a/windows/client-management/mdm/design-a-custom-windows-csp.md +++ b/windows/client-management/mdm/design-a-custom-windows-csp.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phDeviceMgmt.designing\_a\_custom\_configuration\_service\_provider' - 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp' ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -34,13 +36,13 @@ Nodes can represent anything from abstract concepts or collections (such as emai For example, a hypothetical Email configuration service provider might have these nodes: -- Account: The name of the email account (such as "Hotmail") +- Account: The name of the email account (such as "Hotmail") -- Username: The user name or email address ("exampleAccount@hotmail.com") +- Username: The user name or email address ("exampleAccount@hotmail.com") -- Password: The user's password +- Password: The user's password -- Server: The DNS address of the server ("mail-serv1-example.mail.hotmail.com") +- Server: The DNS address of the server ("mail-serv1-example.mail.hotmail.com") The `Account`, `Username`, and `Server` nodes would hold text-based information about the email account, the user's email address, and the server address associated with that account. The `Password` node, however, might hold a binary hash of the user's password. @@ -157,9 +159,9 @@ For internally transactioned nodes, the practice of implementing the contrary co -  + -  + diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 5f9609bccf..9292eb002c 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -2,11 +2,13 @@ title: DevDetail CSP description: DevDetail CSP ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/11/2018 --- @@ -37,9 +39,9 @@ The following diagram shows the DevDetail configuration service provider managem

            Supported operation is Get. **FwV** -

            Required. Returns the firmware version, as defined in the registry key HKEY\_LOCAL\_MACHINE\\System\\Platform\\DeviceTargetingInfo\\PhoneFirmwareRevision. +

            Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision. -

            For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\BIOSVersion. +

            For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.

            Supported operation is Get. @@ -49,9 +51,9 @@ The following diagram shows the DevDetail configuration service provider managem

            Supported operation is Get. **HwV** -

            Required. Returns the hardware version, as defined in the registry key HKEY\_LOCAL\_MACHINE\\System\\Platform\\DeviceTargetingInfo\\PhoneRadioHardwareRevision. +

            Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision. -

            For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\BIOSVersion. +

            For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.

            Supported operation is Get. @@ -94,12 +96,12 @@ The following diagram shows the DevDetail configuration service provider managem

            Supported operation is Get. **Ext/Microsoft/OSPlatform** -

            Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName. +

            Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.

            Supported operation is Get. **Ext/Microsoft/ProcessorType** -

            Required. Returns the processor type of the device as documented in SYSTEM\_INFO. +

            Required. Returns the processor type of the device as documented in SYSTEM_INFO.

            Supported operation is Get. @@ -109,7 +111,7 @@ The following diagram shows the DevDetail configuration service provider managem

            Supported operation is Get. **Ext/Microsoft/Resolution** -

            Required. Returns the UI screen resolution of the device (example: "480x800"). +

            Required. Returns the UI screen resolution of the device (example: "480x800").

            Supported operation is Get. @@ -119,7 +121,7 @@ The following diagram shows the DevDetail configuration service provider managem

            Supported operation is Get. **Ext/Microsoft/ProcessorArchitecture** -

            Required. Returns the processor architecture of the device as "arm" or "x86". +

            Required. Returns the processor architecture of the device as "arm" or "x86".

            Supported operation is Get. @@ -186,7 +188,7 @@ Value type is string. Supported operation is Get. **Ext/DeviceHardwareData**

            Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device. -> [!Note] +> [!NOTE] > This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.

            Supported operation is Get. @@ -195,9 +197,9 @@ Value type is string. Supported operation is Get. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index e84b804e6c..c9b634f3d6 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -2,11 +2,13 @@ title: DevDetail DDF file description: DevDetail DDF file ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/11/2018 --- @@ -700,4 +702,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index 0d91af34b6..40e1d4d82e 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -2,11 +2,13 @@ title: DeveloperSetup CSP description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703. ms.assetid: -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2018 --- @@ -15,7 +17,7 @@ ms.date: 06/26/2018 The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](https://msdn.microsoft.com/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. > [!NOTE] -The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM. +> The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM. The following diagram shows the DeveloperSetup configuration service provider in tree format. @@ -59,11 +61,11 @@ The user name must contain only ASCII characters and cannot contain a colon (:). **DevicePortal/Connection/HttpPort**

            An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. -If authentication is enabled, **HttpPort** will redirect the user to the (required) **HttpsPort**. +If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.

            The only supported operation is Replace. **DevicePortal/Connection/HttpsPort**

            An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service. -

            The only supported operation is Replace. \ No newline at end of file +

            The only supported operation is Replace. diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index 6ca207820f..2348237256 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -2,11 +2,13 @@ title: DeveloperSetup DDF file description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. ms.assetid: -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 82cf5ef7d9..4ab3bfd23f 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -2,12 +2,14 @@ title: Mobile device management MDM for device updates description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777 +ms.reviewer: +manager: dansimp keywords: mdm,management,administrator -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/15/2017 --- @@ -144,7 +146,7 @@ The following diagram shows the Update policies in a tree format. > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -

            Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. +

            Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] > The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. @@ -169,7 +171,7 @@ The following diagram shows the Update policies in a tree format. > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -

            Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. +

            Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] > The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. @@ -198,7 +200,7 @@ The following diagram shows the Update policies in a tree format. > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. -  +

            If the policy is not configured, end-users get the default behavior (Auto install and restart). @@ -288,7 +290,7 @@ The following diagram shows the Update policies in a tree format. **Update/DeferFeatureUpdatesPeriodInDays** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. -

            Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +>

            Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.

            Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. @@ -320,9 +322,9 @@ The following diagram shows the Update policies in a tree format. - Update/RequireDeferUpgrade must be set to 1 - System/AllowTelemetry must be set to 1 or higher -

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

            If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -389,9 +391,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

            Supported values are 0-8, which refers to the number of months to defer upgrades. -

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

            If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. **Update/EngagedRestartDeadline** > [!NOTE] @@ -494,14 +496,14 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – Deferrals are not paused. - 1 – Deferrals are paused. -

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

            If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +

            If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. **Update/PauseFeatureUpdates** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. -

            Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +>

            Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.

            Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. @@ -672,7 +674,7 @@ Example

            To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. -

            Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. +

            Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. > [!Note] > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. @@ -701,11 +703,11 @@ The update approval list enables IT to approve individual updates and update cla > **Note**  For the Windows 10 build, the client may need to reboot after additional updates are added. -  + Supported operations are Get and Add. -**ApprovedUpdates/****_Approved Update Guid_** +**ApprovedUpdates/***Approved Update Guid* Specifies the update GUID. To auto-approve a class of updates, you can specify the [Update Classifications](https://go.microsoft.com/fwlink/p/?LinkId=526723) GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. @@ -728,7 +730,7 @@ Specifies the approved updates that failed to install on a device. Supported operation is Get. -**FailedUpdates/****_Failed Update Guid_** +**FailedUpdates/***Failed Update Guid* Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install. Supported operation is Get. @@ -748,7 +750,7 @@ The updates that are installed on the device. Supported operation is Get. -**InstalledUpdates/****_Installed Update Guid_** +**InstalledUpdates/***Installed Update Guid* UpdateIDs that represent the updates installed on a device. Supported operation is Get. @@ -758,7 +760,7 @@ The updates that are applicable and not yet installed on the device. This includ Supported operation is Get. -**InstallableUpdates/****_Installable Update Guid_** +**InstallableUpdates/***Installable Update Guid* Update identifiers that represent the updates applicable and not installed on a device. Supported operation is Get. @@ -782,7 +784,7 @@ The updates that require a reboot to complete the update session. Supported operation is Get. -**PendingRebootUpdates/****_Pending Reboot Update Guid_** +**PendingRebootUpdates/***Pending Reboot Update Guid* Update identifiers for the pending reboot state. Supported operation is Get. @@ -883,7 +885,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici

            -  + Here is the list of older policies that are still supported for backward compatibility. You can use these for Windows 10, version 1511 devices. @@ -902,7 +904,7 @@ For policies supported for Windows Update for Business, when you set policies fo For policies supported for Windows Update for Business, when you set 1511 policies on a device running 1607, the you will get the expected behavior for 1511 policies. -  + ## Update management user experience screenshot @@ -966,7 +968,7 @@ The following diagram and screenshots show the process flow of the device update ![mdm device update management screenshot](images/deviceupdatescreenshot3.png)![mdm device update management screenshot](images/deviceupdatescreenshot4.png)![mdm device update management screenshot](images/deviceupdatescreenshot5.png)![mdm device update management screenshot](images/deviceupdatescreenshot6.png)![mdm device update management screenshot](images/deviceupdatescreenshot7.png)![mdm device update management screenshot](images/deviceupdatescreenshot8.png)![mdm device update management screenshot](images/deviceupdatescreenshot9.png) -  + diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md index 9c8435dbaa..40379541ed 100644 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ b/windows/client-management/mdm/deviceinstanceservice-csp.md @@ -2,11 +2,13 @@ title: DeviceInstanceService CSP description: DeviceInstanceService CSP ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -20,7 +22,7 @@ Stop using DeviceInstanceService CSP and use the updated [DeviceStatus CSP](devi The DeviceInstance CSP is only supported in Windows 10 Mobile. -  + The following diagram shows the DeviceInstanceService configuration service provider in tree format. @@ -108,9 +110,9 @@ Response from the phone. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index 8d44aca043..b2cf37371d 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -2,11 +2,13 @@ title: DeviceLock CSP description: DeviceLock CSP ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index 11ec6e0bf0..db0167e5b9 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -2,11 +2,13 @@ title: DeviceLock DDF file description: DeviceLock DDF file ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index fb86e76896..724027f5f0 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -2,11 +2,13 @@ title: DeviceManageability CSP description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 44440337e3..947982a58a 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -2,11 +2,13 @@ title: DeviceManageability DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607. ms.assetid: D7FA8D51-95ED-40D2-AA84-DCC4BBC393AB -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index a20317c21f..8d704d0165 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -2,12 +2,14 @@ title: DeviceStatus CSP description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 07/26/2018 +author: manikadhiman +ms.date: 04/30/2019 --- # DeviceStatus CSP @@ -36,9 +38,9 @@ Required. Node for queries on the SIM cards. > **Note**  Multiple SIMs are supported. -  + -**DeviceStatus/CellularIdentities/****_IMEI_** +**DeviceStatus/CellularIdentities/***IMEI* The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device. **DeviceStatus/CellularIdentities/*IMEI*/IMSI** @@ -74,7 +76,7 @@ Supported operation is Get. **DeviceStatus/NetworkIdentifiers** Node for queries on network and device properties. -**DeviceStatus/NetworkIdentifiers/****_MacAddress_** +**DeviceStatus/NetworkIdentifiers/***MacAddress* MAC address of the wireless network card. A MAC address is present for each network card on the device. **DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4** @@ -157,6 +159,12 @@ Valid values: Supported operation is Get. +If more than one antivirus provider is active, this node returns: +- 1 – If every active antivirus provider has a valid signature status. +- 0 – If any of the active antivirus providers has an invalid signature status. + +This node also returns 0 when no antivirus provider is active. + **DeviceStatus/Antivirus/Status** Added in Windows, version 1607. Integer that specifies the status of the antivirus. @@ -186,6 +194,12 @@ Valid values: Supported operation is Get. +If more than one antispyware provider is active, this node returns: +- 1 – If every active antispyware provider has a valid signature status. +- 0 – If any of the active antispyware providers has an invalid signature status. + +This node also returns 0 when no antispyware provider is active. + **DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the antispyware. diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 8f0e5a3364..3cae11b3ff 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -2,11 +2,13 @@ title: DeviceStatus DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 --- @@ -883,4 +885,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index bbff58b76c..7252e076c2 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -2,11 +2,13 @@ title: DevInfo CSP description: DevInfo CSP ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index 8b88fb1918..9abf8c4152 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -2,11 +2,13 @@ title: DevInfo DDF file description: DevInfo DDF file ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 699a3d4489..d110f44282 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -2,11 +2,13 @@ title: Diagnose MDM failures in Windows 10 description: To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs. ms.assetid: 12D8263B-D839-4B19-9346-31E0CDD0CBF9 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/25/2018 --- diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 17d1ddd6e7..2ef2e01721 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -2,11 +2,13 @@ title: DiagnosticLog CSP description: DiagnosticLog CSP ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -49,7 +51,7 @@ The changes on **State**, **Keywords** and **TraceLevel** takes effect immediate > **Note**  Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. -  + ### Channel-based tracing @@ -112,7 +114,7 @@ Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/****_CollectorName_** +**EtwLog/Collectors/***CollectorName* Dynamic nodes to represent active collector configuration. Supported operations are Add, Delete, and Get. @@ -172,7 +174,7 @@ The following table represents the possible values: | 0 | Stopped | | 1 | Started | -  + **EtwLog/Collectors/*CollectorName*/TraceLogFileMode** Specifies the log file logging mode. @@ -206,7 +208,7 @@ The following table lists the possible values: -  + **EtwLog/Collectors/*CollectorName*/TraceControl** Specifies the logging and report action state. @@ -220,7 +222,7 @@ The following table lists the possible values: | START | Start log tracing. | | STOP | Stop log tracing | -  + The supported operation is Execute. @@ -288,12 +290,12 @@ Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/*CollectorName*/Providers/****_ProviderGUID_** +**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID* Dynamic nodes to represent active provider configuration per provider GUID. > **Note**  Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. -  + Supported operations are Add, Delete, and Get. @@ -382,7 +384,7 @@ The following table lists the possible values. -  + Set provider **TraceLevel** @@ -493,7 +495,7 @@ The following table lists the possible values. Default value is TRUE. -  + Set provider **State** @@ -523,7 +525,7 @@ Interior node to contain dynamic child interior nodes for registered channels. The supported operation is Get. -**EtwLog/Channels/****_ChannelName_** +**EtwLog/Channels/***ChannelName* Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin" Supported operations are Add, Delete, and Get. @@ -653,7 +655,7 @@ The following table lists the possible values. -  + Get channel **State** @@ -732,7 +734,7 @@ Node to contain child nodes for log file transportation protocols and correspond **FileDownload/DMChannel** Node to contain child nodes using DM channel for transport protocol. -**FileDownload/DMChannel/****_FileContext_** +**FileDownload/DMChannel/***FileContext* Dynamic interior nodes that represents per log file context. **FileDownload/DMChannel/*FileContext*/BlockSizeKB** @@ -892,7 +894,7 @@ Get **BlockData** **FileDownload/DMChannel/*FileContext*/DataBlocks** Node to transfer the selected log file block to the DM server. -**FileDownload/DMChannel/*FileContext*/DataBlocks/****_BlockNumber_** +**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber* The data type is Base64. The only supported operation is Get. @@ -909,9 +911,9 @@ The only supported operation is Get. 7. Increase **BlockIndexToRead** 8. Repeat step 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)** -  + -  + diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 97ae506323..dc23032029 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -2,11 +2,13 @@ title: DiagnosticLog DDF description: DiagnosticLog DDF ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index d794478a6f..6c7e0be2f3 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_' - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment' ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 8db057501d..09b61984c1 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -2,11 +2,13 @@ title: DMAcc CSP description: DMAcc CSP ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The DMAcc configuration service provider allows an OMA Device Management (DM) ve > **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. -  + For the DMAcc CSP, you cannot use the Replace command unless the node already exists. @@ -62,7 +64,7 @@ Interior node for DM server address. Required. -**AppAddr/****_ObjectName_** +**AppAddr/***ObjectName* Required. Defines the OMA DM server address. Only one server address can be configured. When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1". This is the first DM address encountered in the w7 APPLICATION configuration service provider, other DM accounts are ignored. @@ -84,7 +86,7 @@ Interior node for port information. Optional. -**Port/****_ObjectName_** +**Port/***ObjectName* Required. Only one port number can be configured. When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1". @@ -106,7 +108,7 @@ Value type is string. Supported operations are Add, Get, and Replace. ***AccountUID*/AppAuth** Optional. Defines authentication settings. -**AppAuth/****_ObjectName_** +**AppAuth/***ObjectName* Required. Defines one set of authentication settings. When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED"). @@ -256,7 +258,7 @@ Stores specifies which certificate stores the DM client will search to find the > **Note**   %EF%80%80 is the UTF8-encoded character U+F000. -  + Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: @@ -277,9 +279,9 @@ Supported operations are Add, and Replace. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 93a041f3d1..88579bda87 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -2,11 +2,13 @@ title: DMAcc DDF file description: DMAcc DDF file ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 0caa97871c..4dd6ad8b3d 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -2,11 +2,13 @@ title: DMClient CSP description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 --- @@ -35,7 +37,7 @@ Required. The root node for all settings that belong to a single management serv Supported operation is Get. -**Provider/****_ProviderID_** +**Provider/***ProviderID* Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM server. As a best practice, use text that doesn’t require XML/URI escaping. For Intune, use **MS DM Server** for Windows desktop or **SCConfigMgr** for Windows mobile for the _ProviderID_. @@ -55,14 +57,14 @@ Supported operations are Get and Add. > **Note**   Although hardware device IDs are guaranteed to be unique, there is a concern that this is not ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION configuration service provider’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server. This node is required and must be set by the server before the client certificate renewal is triggered. -  + **Provider/*ProviderID*/ExchangeID** Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that is managed by exchange and natively managed by a dedicated management server. > **Note**  In some cases for the desktop, this node will return "not found" until the user sets up their email. -  + Supported operation is Get. @@ -99,7 +101,7 @@ Required. The character string that contains the device management server addres > **Note**  When the ManagementServerAddressList value is set, the device ignores the value in ManagementServiceAddress. -  + The DMClient configuration service provider will save the address to the same location as the w7 and DMS configuration service providers to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION configuration service provider](w7-application-csp.md). @@ -146,7 +148,7 @@ This node is only supported in Windows 10 and later. Once you set the value to 2.0, it will not go back to 1.0. -  + Supported operations are Get, Replace, and Delete. @@ -225,7 +227,7 @@ Added in Windows 10, version 1607. The list of management server URLs in the fo > **Note**  The < and > should be escaped. -  + ``` syntax @@ -320,7 +322,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch -  + **Valid poll schedule: initial enrollment only \[no infinite schedule\]** @@ -371,13 +373,13 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch -  + **Invalid poll schedule: disable all poll schedules** > **Note**   Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero. -  + @@ -426,7 +428,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
            -  + **Invalid poll schedule: two infinite schedules** @@ -485,7 +487,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch -  + If the device was previously enrolled in MDM with polling schedule configured via registry key values directly, the MDM server that supports using DMClient CSP to update polling schedule must first send an Add command to add a **./Vendor/MSFT/DMClient/Enrollment/<ProviderID>/Poll** node before it sends a Get/Replace command to query or update polling parameters via DMClient CSP @@ -622,7 +624,7 @@ The status error mapping is listed below. -  + **Provider/*ProviderID*/CustomEnrollmentCompletePage** Optional. Added in Windows 10, version 1703. @@ -789,9 +791,9 @@ The following SyncML shows how to remotely unenroll the device. Note that this c [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 1c171bbb0f..4e1cabc80d 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -2,11 +2,13 @@ title: DMClient DDF file description: DMClient DDF file ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- @@ -1966,4 +1968,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 09918702d2..25b59bccc1 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -3,6 +3,8 @@ title: DMProcessConfigXMLFiltered function description: Configures phone settings by using OMA Client Provisioning XML. Search.Refinement.TopicID: 184 ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F +ms.reviewer: +manager: dansimp keywords: ["DMProcessConfigXMLFiltered function"] topic_type: - apiref @@ -12,11 +14,11 @@ api_location: - dmprocessxmlfiltered.dll api_type: - DllExport -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -44,16 +46,16 @@ Microsoft recommends that this function is not used to configure the following t > **Note**  The **DMProcessConfigXMLFiltered** function has full functionality in Windows 10 Mobile and Windows Phone 8.1, but it has a read-only functionality in Windows 10 desktop. -  + ## Syntax ```C++ HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered( -        LPCWSTR pszXmlIn, -  const WCHAR   **rgszAllowedCspNode, -  const DWORD   dwNumAllowedCspNodes, -        BSTR    *pbstrXmlOut + LPCWSTR pszXmlIn, + const WCHAR   **rgszAllowedCspNode, + const DWORD   dwNumAllowedCspNodes, + BSTR    *pbstrXmlOut ); ``` @@ -61,25 +63,25 @@ HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered( *pszXmlIn*

              -
            • \[in\] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).
              • +
            • [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. DMProcessConfigXMLFiltered accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).

            *rgszAllowedCspNode*
              -
            • \[in\] Array of **WCHAR\*** that specify which configuration service provider nodes are allowed to be invoked.
              • +
            • [in] Array of WCHAR\* that specify which configuration service provider nodes are allowed to be invoked.

            *dwNumAllowedCspNodes*
              -
            • \[in\] Number of elements passed in *rgszAllowedCspNode*.
              • +
            • [in] Number of elements passed in rgszAllowedCspNode.

            *pbstrXmlOut*
              -
            • \[out\] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the *pbstrXmlOut* parameter references. Use [**SysFreeString**](https://msdn.microsoft.com/library/windows/hardware/ms221481) to free the memory.
              • +
            • [out] The resulting null–terminated XML from configuration. The caller of DMProcessConfigXMLFiltered is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use SysFreeString to free the memory.

            @@ -124,7 +126,7 @@ Returns the standard **HRESULT** value **S\_OK** to indicate success. The follow -  + ## Remarks @@ -134,20 +136,20 @@ The usage of **DMProcessConfigXMLFiltered** depends on the configuration service ``` XML -    -        -            -            -            -            -            -        -    -    -        -            -        -    + + + + + + + + + + + + + + ``` @@ -156,8 +158,8 @@ Then, the second parameter in the call to **DMProcessConfigXMLFiltered** would h ``` C++ LPCWSTR rgszAllowedCspNodes[] = { -    L"NAPDEF", -    L"BrowserFavorite" + L"NAPDEF", + L"BrowserFavorite" }; ``` @@ -170,18 +172,18 @@ WCHAR szProvxmlContent[] = L"..."; BSTR bstr = NULL; HRESULT hr = DMProcessConfigXMLFiltered( -                szProvxmlContent, -                rgszAllowedCspNodes, -                _countof(rgszAllowedCspNodes), -                &bstr -                ); + szProvxmlContent, + rgszAllowedCspNodes, + _countof(rgszAllowedCspNodes), + &bstr + ); /* check error */ if ( bstr != NULL ) { -    SysFreeString( bstr ); -    bstr = NULL; + SysFreeString( bstr ); + bstr = NULL; } ``` @@ -224,7 +226,7 @@ if ( bstr != NULL ) [**SysFreeString**](https://msdn.microsoft.com/library/windows/hardware/ms221481) -  + diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index 6e8aa70785..b395c7c3ba 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -1,12 +1,14 @@ --- title: DMSessionActions CSP description: DMSessionActions CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # DMSessionActions CSP @@ -26,25 +28,25 @@ The following diagram shows the DMSessionActions configuration service provider **./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**

            Defines the root node for the DMSessionActions configuration service provider.

            -**_ProviderID_** +***ProviderID***

            Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means that there should be only one ProviderID node under NodeCache.

            Scope is dynamic. Supported operations are Get, Add, and Delete.

            -**_ProviderID_/CheckinAlertConfiguration** +***ProviderID*/CheckinAlertConfiguration**

            Node for the custom configuration of alerts to be sent during MDM sync session.

            -**_ProviderID_/CheckinAlertConfiguration/Nodes** +***ProviderID*/CheckinAlertConfiguration/Nodes**

            Required. Root node for URIs to be queried. Scope is dynamic.

            Supported operation is Get.

            -**_ProviderID_/CheckinAlertConfiguration/Nodes/_NodeID_** +***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID***

            Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.

            Supported operations are Get, Add, and Delete.

            -**_ProviderID_/CheckinAlertConfiguration/Nodes/_NodeID_/NodeURI** +***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI**

            Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.

            Value type is string. Supported operations are Add, Get, Replace, and Delete.

            @@ -61,4 +63,4 @@ The following diagram shows the DMSessionActions configuration service provider **PowerSettings/MaxTimeSessionsSkippedInLowPowerState**

            Maximum time in minutes when the device can skip the check-in with the server if the device is in low power state.

            -

            Value type is integer. Supported operations are Add, Get, Replace, and Delete.

            \ No newline at end of file +

            Value type is integer. Supported operations are Add, Get, Replace, and Delete.

            diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index e587b4c69f..20f2578b73 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -1,12 +1,14 @@ --- title: DMSessionActions DDF file description: DMSessionActions DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # DMSessionActions DDF file @@ -462,4 +464,4 @@ The XML below is the current version for this CSP. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 710e19855a..d8747df10d 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -1,12 +1,14 @@ --- title: DynamicManagement CSP description: DynamicManagement CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # DynamicManagement CSP @@ -221,4 +223,4 @@ Get ContextStatus and SignalDefinition from a specific context -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 0ca27a4ec0..53a5e36596 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -2,11 +2,13 @@ title: DynamicManagement DDF file description: DynamicManagement DDF file ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- @@ -312,4 +314,4 @@ The XML below is the current version for this CSP. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 38dc886b20..6a2d231208 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -2,11 +2,13 @@ title: EAP configuration description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10. ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index e54767ae8b..ddb14a8d3f 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -2,11 +2,13 @@ title: EMAIL2 CSP description: EMAIL2 CSP ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index cad330322f..3042c4df79 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -2,11 +2,13 @@ title: EMAIL2 DDF file description: EMAIL2 DDF file ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index f6e7f9cc49..791d0949e0 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -1,12 +1,14 @@ --- title: Enable ADMX-backed policies in MDM description: Guide to configuring ADMX-backed policies in MDM -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 +ms.reviewer: +manager: dansimp --- # Enable ADMX-backed policies in MDM @@ -59,7 +61,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune]( In this example you configure **Enable App-V Client** to **Enabled**. -> [!Note] +> [!NOTE] > The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type. ``` syntax @@ -91,137 +93,137 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune]( In this example, the policy is in **Administrative Templates > System > App-V > Publishing**. - 1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy. + 1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy. - ![Enable publishing server 2 policy](images/admx-appv-publishingserver2.png) + ![Enable publishing server 2 policy](images/admx-appv-publishingserver2.png) - ![Enable publishing server 2 settings](images/admx-app-v-enablepublishingserver2settings.png) + ![Enable publishing server 2 settings](images/admx-app-v-enablepublishingserver2settings.png) - 2. Find the variable names of the parameters in the ADMX file. + 2. Find the variable names of the parameters in the ADMX file. - You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2). + You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2). - ![Publishing server 2 policy description](images/admx-appv-policy-description.png) + ![Publishing server 2 policy description](images/admx-appv-policy-description.png) - 3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx. + 3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx. - 4. Search for GP name **Publishing_Server2_policy**. + 4. Search for GP name **Publishing_Server2_policy**. - 5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor. + 5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor. - Here is the snippet from appv.admx: + Here is the snippet from appv.admx: - ``` syntax - - + ``` syntax + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - ``` + + ``` - 6. From the \ tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor. + 6. From the \ tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor. - Here is the example XML for Publishing_Server2_Policy : + Here is the example XML for Publishing_Server2_Policy : - ``` syntax - - - - - - - - - - - ``` + ``` syntax + + + + + + + + + + + ``` - 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs. + 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs. - Here is the example for **AppVirtualization/PublishingAllowServer2**: + Here is the example for **AppVirtualization/PublishingAllowServer2**: -> [!Note] +> [!NOTE] > The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type. ``` syntax diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index 4c21520591..645484d8fa 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -2,11 +2,13 @@ title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices description: Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 24e4a9039a..1d7810f0e3 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -1,12 +1,14 @@ --- title: Enroll a Windows 10 device automatically using Group Policy description: Enroll a Windows 10 device automatically using Group Policy -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/04/2017 +ms.reviewer: +manager: dansimp --- # Enroll a Windows 10 device automatically using Group Policy @@ -19,7 +21,7 @@ Requirements: - The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md) - The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`) -> [!Tip] +> [!TIP] > [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup) To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line. @@ -30,12 +32,12 @@ Here is a partial screenshot of the result: The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered. -> [!Note] +> [!NOTE] > In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. -In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy is take precedence over MDM). In the future release of Windows 10, we are considering a feature that allows the admin to control which policy takes precedence. +In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. See [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/) to learn more. For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices. @@ -107,11 +109,27 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. +>[!IMPORTANT] +>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: +> 1. Download: +> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or +> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576). +> 2. Install the package on the Primary Domain Controller (PDC). +> 3. Navigate, depending on the version to the folder: +> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or +> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** +> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. +> 5. Restart the Primary Domain Controller for the policy to be available. +> This procedure will work for any future version as well. + 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. 2. Create a Security Group for the PCs. 3. Link the GPO. 4. Filter using Security Groups. -5. Enforce a GPO link +5. Enforce a GPO link. + +> [!NOTE] +> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903). ### Related topics @@ -120,3 +138,8 @@ Requirements: - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) + +### Useful Links +- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) +- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) + diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md new file mode 100644 index 0000000000..36057caacf --- /dev/null +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -0,0 +1,906 @@ +--- +title: EnrollmentStatusTracking CSP +description: EnrollmentStatusTracking CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 05/17/2019 +--- + +# EnrollmentStatusTracking DDF + + +This topic shows the OMA DM device description framework (DDF) for the **EnrollmentStatusTracking** configuration service provider. DDF files are used only with OMA DM provisioning XML. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +### EnrollmentStatusTracking CSP + +``` syntax + +]> + + 1.2 + + EnrollmentStatusTracking + ./User/Vendor/MSFT + + + + + These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. + + + + + + + + + + + com.microsoft/1.0/MDM/EnrollmentStatusTracking + + + + Setup + + + + + These settings are read by the Enrollment Status Page (ESP) during the Account Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. + + + + + + + + + + + + + + + + + + Apps + + + + + Policy providers use these settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user. + + + + + + + + + + + + + + + + + + PolicyProviders + + + + + These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. + + + + + + + + + + + + + + + + + + + + + + + + + + This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + + + + + + + + + + + + + ProviderName + + + + + + TrackingPoliciesCreated + + + + + + + + Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. + + + + + + + + + + + + + + text/plain + + + + + + + Tracking + + + + + This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + + + + + + + + + + + + + + + + + + + + + + + + + + The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page. + + + + + + + + + + + + + ProviderName + + + + + + + + + + + + + + A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses. + + + + + + + + + + + + + AppName + + + + + + TrackingUri + + + + + + + + An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node. + + + + + + + + + + + + + + text/plain + + + + + InstallationState + + + + + + + + The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error + + + + + + + + + + + + + + text/plain + + + + + RebootRequired + + + + + + + + An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install. + + + + + + + + + + + + + + text/plain + + + + + + + + + HasProvisioningCompleted + + + + + false + This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves. + + + + + + + + + + + + + + text/plain + + + + + + + EnrollmentStatusTracking + ./Device/Vendor/MSFT + + + + + These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. + + + + + + + + + + + com.microsoft/1.0/MDM/EnrollmentStatusTracking + + + + DevicePreparation + + + + + These settings are read by the Enrollment Status Page (ESP) during the the Device Preparation phase. These setting are used to orchestrate any setup activities prior to provisioning the device in the Device Setup phase of the ESP. + + + + + + + + + + + + + + + + + + PolicyProviders + + + + + These nodes indicate to the Enrollment Status Page (ESP) that it should wait in the Device Preparation phase until all PolicyProviders are installed or marked as not required. + + + + + + + + + + + + + + + + + + + + + + + + + + This node represents a policy provider for the Enrollment Status Page (ESP). The node should be given a unique name for the policy provider. Registration of a policy provider indicates to the Enrollment Status Page that it should block in the Device Preparation phase until the provider sets its InstallationState node to 1 (not required) or 2 (complete). Once all registered policy providers have been marked as completed (or not required), the Enrollment Status Page will progress to the Device Setup phase. + + + + + + + + + + ProviderName + + + + + + InstallationState + + + + + + + + This node communicates the policy provider installation state back to the Enrollment Status Page. Expected values: 1 = NotInstalled, 2 = NotRequired, 3= Completed, 4 = Error. + + + + + + + + + + + + + + text/plain + + + + + LastError + + + + + + + + If a policy provider fails to install, it can optionally set an HRESULT error code that the Enrollment Status Page can display in an error message to the user. This node will only be read by the Enrollment Status Page when the provider's InstallationState node is set to 3 (Error). This node is only intended to be set by the policy provider itself, not the MDM server. + + + + + + + + + + + text/plain + + + + + Timeout + + + + + + + + An optional timeout (in minutes) for provider installation to complete before the Enrollment Status Page shows an error. Provider installation is considered complete when the InstallationState node is set to 2 (NotRequired) or 3 (Complete). If no timeout value is supplied the ESP will choose a default timeout value of 15 minutes. + + + + + + + + + + + + + + text/plain + + + + + TrackedResourceTypes + + + + + + + + This node's children registers which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with Enrollment Status Page tracking message. + + + + + + + + + + + + + + + + + + Apps + + + + + + + + false + This node registers the policy provider for App provisioning. + + + + + + + + + + + + + + text/plain + + + + + + + + + Setup + + + + + These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates. + + + + + + + + + + + + + + + + + + Apps + + + + + These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message. + + + + + + + + + + + + + + + + + + PolicyProviders + + + + + App policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with status to the user. + + + + + + + + + + + + + + + + + + + + + + + + + + This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + + + + + + + + + + + + + ProviderName + + + + + + TrackingPoliciesCreated + + + + + + + + Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. + + + + + + + + + + + + + + text/plain + + + + + + + Tracking + + + + + These are the set of apps that are being tracked by the Enrollment Status Page. + + + + + + + + + + + + + + + + + + + + + + + + + + The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page. + + + + + + + + + + + + + ProviderName + + + + + + + + + + + + + + A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses. + + + + + + + + + + + + + AppName + + + + + + TrackingUri + + + + + + + + An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node. + + + + + + + + + + + + + + text/plain + + + + + InstallationState + + + + + + + + The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error + + + + + + + + + + + + + + text/plain + + + + + RebootRequired + + + + + + + + An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install. + + + + + + + + + + + + + + text/plain + + + + + + + + + HasProvisioningCompleted + + + + + false + This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves. + + + + + + + + + + + + + + text/plain + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md new file mode 100644 index 0000000000..f7c3018c82 --- /dev/null +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -0,0 +1,180 @@ +--- +title: EnrollmentStatusTracking CSP +description: EnrollmentStatusTracking CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 05/21/2019 +--- + +# EnrollmentStatusTracking CSP + + +During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/enrollment-status). + +ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information. + +The EnrollmentStatusTracking CSP was added in Windows 10, version 1903. + + +The following diagram shows the EnrollmentStatusTracking CSP in tree format. + +![tree diagram for enrollmentstatustracking csp](images/provisioning-csp-enrollmentstatustracking.png) + +**./Vendor/MSFT** +For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path. + +**EnrollmentStatusTracking** +Required. Root node for the CSP. This node is supported in both user context and device context. +Provides the settings to communicate what policies the ESP must block on. Using these settings, policy providers register themselves and the set of policies that must be tracked. The ESP includes the counts of these policy settings in the status message that is displayed to the user. It also blocks ESP until all the policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which are then reflected in the ESP status message. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/DevicePreparation** +Required. This node is supported only in device context. +Specifies the settings that ESP reads during the device preparation phase. These settings are used to orchestrate any setup activities prior to provisioning the device in the device setup phase of the ESP. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders** +Required. This node is supported only in device context. +Indicates to the ESP that it should wait in the device preparation phase until all the policy providers have their InstallationState node set as 2 (NotRequired) or 3 (Completed). + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_** +Optional. This node is supported only in device context. +Represents a policy provider for the ESP. The node should be given a unique name for the policy provider. Registration of a policy provider indicates to ESP that it should block in the device preparation phase until the provider sets its InstallationState node to 2 (NotRequired) or 3 (Completed). Once all the registered policy providers are marked as Completed or NotRequired, the ESP progresses to the device setup phase. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState** +Required. This node is supported only in device context. +Communicates the policy provider installation state back to ESP. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is integer. Expected values are as follows: +- 1 — NotInstalled +- 2 — NotRequired +- 3 — Completed +- 4 — Error + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError** +Required. This node is supported only in device context. +Represents the last error code during the application installation process. If a policy provider fails to install, it can optionally set an HRESULT error code that the ESP can display in an error message to the user. ESP reads this node only when the provider's InstallationState node is set to 4 (Error). This node must be set only by the policy provider, and not by the MDM server. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is integer. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout** +Optional. This node is supported only in device context. +Represents the amount of time, in minutes, that the provider installation process can run before the ESP shows an error. Provider installation is complete when the InstallationState node is set to 2 (NotRequired) or 3 (Completed). If no timeout value is specified, ESP selects the default timeout value of 15 minutes. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is integer. The default is 15 minutes. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes** +Required. This node is supported only in device context. +This node's children register which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with ESP tracking message. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps** +Required. This node is supported only in device context. +This node specifies if the policy provider is registered for app provisioning. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is boolean. Expected values are as follows: +- false — Indicates that the policy provider is not registered for app provisioning. This is the default. +- true — Indicates that the policy provider is registered for app provisioning. + +**EnrollmentStatusTracking/Setup** +Required. This node is supported in both user context and device context. +Provides the settings that ESP reads during the account setup phase in the user context and device setup phase in the device context. Policy providers use this node to communicate progress status back to the ESP, which is then displayed to the user through progress messages. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/Setup/Apps** +Required. This node is supported in both user context and device context. +Provides the settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders** +Required. This node is supported in both user context and device context. +Specifies the app policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with the status to the user. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName*** +Optional. This node is supported in both user context and device context. +Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated** +Required. This node is supported in both user context and device context. +Indicates if the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is boolean. The expected values are as follows: +- true — Indicates that the provider has created the required policies. +- false — Indicates that the provider has not created the required policies. This is the default. + +**EnrollmentStatusTracking/Setup/Apps/Tracking** +Required. This node is supported in both user context and device context. +Root node for the app installations being tracked by the ESP. + +Scope is permanent. Supported operation is Get. + +**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_** +Optional. This node is supported in both user context and device context. +Indicates the provider name responsible for installing the apps and providing status back to ESP. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_** +Optional. This node is supported in both user context and device context. +Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP does not use the app name directly. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState** +Optional. This node is supported in both user context and device context. +Represents the installation state for the app. The policy providers (not the MDM server) must update this node for the ESP to track the installation progress and update the status message. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is integer. Expected values are as follows: +- 1 — NotInstalled +- 2 — InProgress +- 3 — Completed +- 4 — Error + +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired** +Optional. This node is supported in both user context and device context. +Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers do not set this node, the ESP will not reboot the device for the app installation. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is integer. Expected values are as follows: +- 1 — NotRequired +- 2 — SoftReboot +- 3 — HardReboot + +**EnrollmentStatusTracking/Setup/HasProvisioningCompleted** +Required. This node is supported in both user context and device context. +ESP sets this node when it completes. Providers can query this node to determine if the ESP is showing, which allows them to determine if they still need to provide status updates for the ESP through this CSP. + +Scope is permanent. Supported operation is Get. + +Value type is boolean. Expected values are as follows: +- true — Indicates that ESP has completed. This is the default. +- false — Indicates that ESP is displayed, and provisioning is still going. \ No newline at end of file diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index 755b31d58e..2502635341 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -2,11 +2,13 @@ title: Enterprise app management description: This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/22/2017 --- @@ -49,7 +51,7 @@ Inventory is specific to the package full name and lists bundled packs and resou > **Note**  On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name. -  + Here are the nodes for each package full name: - Name @@ -301,14 +303,14 @@ If you purchased an app from the Store for Business and the app is specified for Here are the requirements for this scenario: -- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_ -- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements. -- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled. -- The user must be logged in, but association with AAD identity is not required. +- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_ +- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements. +- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled. +- The user must be logged in, but association with AAD identity is not required. > **Note**  You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user). -  + The Add command for the package family name is required to ensure proper removal of the app at unenrollment. Here is an example of a line-of-business app installation. @@ -418,18 +420,18 @@ Provisioning allows you to stage the app to the device and all users of the devi Here are the requirements for this scenario: -- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_ -- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements. -- The device does not need to have connectivity to the Microsoft Store, or store services enabled. -- The device does not need any AAD identity or domain membership. -- For nonStore app, your device must be unlocked. -- For Store offline apps, the required licenses must be deployed prior to deploying the apps. +- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_ +- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements. +- The device does not need to have connectivity to the Microsoft Store, or store services enabled. +- The device does not need any AAD identity or domain membership. +- For nonStore app, your device must be unlocked. +- For Store offline apps, the required licenses must be deployed prior to deploying the apps. To provision app for all users of a device from a hosted location, the management server performs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment. > **Note**  When you remove the provisioned app, it will not remove it from the users that already installed the app. -  + Here is an example of app installation. @@ -624,7 +626,7 @@ You can remove provisioned apps from a device for a specific version or for all > **Note**  You can only remove an app that has an inventory value IsProvisioned = 1. -  + Removing provisioned app occurs in the device context. Here is an example for removing a provisioned app from a device. @@ -825,7 +827,7 @@ In Windows 10 Mobile IT administrators can set a policy to restrict user applic > **Note**  The feature is only for Windows 10 Mobile. -  + The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-service-provider.md) enables you to restrict all user application data to stay on the system volume. When the policy is not configured or if it is disabled, and you move a package or when it is installed to a difference volume, then the user application data will moved to the same volume. You can set this policy to 0 (off, default) or 1. Here is an example. @@ -897,7 +899,7 @@ Here is an example. ``` -  + diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index ecf0ae28ec..2b091686b2 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -2,11 +2,13 @@ title: EnterpriseAPN CSP description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet. ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/22/2017 --- @@ -15,7 +17,7 @@ ms.date: 09/22/2017 The EnterpriseAPN configuration service provider (CSP) is used by the enterprise to provision an APN for the Internet. > [!Note] -Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions. +> Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions. The following image shows the EnterpriseAPN configuration service provider in tree format. @@ -24,7 +26,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr **EnterpriseAPN**

            The root node for the EnterpriseAPN configuration service provider.

            -**EnterpriseAPN/****_ConnectionName_** +**EnterpriseAPN/***ConnectionName*

            Name of the connection as seen by Windows Connection Manager.

            Supported operations are Add, Get, Delete, and Replace.

            @@ -50,7 +52,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr

            Supported operations are Add, Get, Delete, and Replace.

            **EnterpriseAPN/*ConnectionName*/ClassId** -

            GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM\_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.

            +

            GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.

            Supported operations are Add, Get, Delete, and Replace.

            @@ -276,9 +278,9 @@ atomicZ [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index ebd171a390..76e41839cc 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -2,11 +2,13 @@ title: EnterpriseAPN DDF description: EnterpriseAPN DDF ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index d5e7c87b9c..e5e5177782 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -2,11 +2,13 @@ title: EnterpriseAppManagement CSP description: EnterpriseAppManagement CSP ms.assetid: 698b8bf4-652e-474b-97e4-381031357623 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The EnterpriseAppManagement enterprise configuration service provider is used to > **Note**   The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile. -  + The following diagram shows the EnterpriseAppManagement configuration service provider in tree format. @@ -55,7 +57,7 @@ Supported operations are Get and Add. > **Note**   Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 -  + ***EnterpriseID*/Status** Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic. @@ -77,7 +79,7 @@ Required. The root node for individual enterprise application inventory settings Supported operation is Get. -**/Inventory/****_ProductID_** +**/Inventory/***ProductID* Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic. Supported operation is Get. @@ -107,7 +109,7 @@ Required. This node groups application download-related parameters. The enterpri Supported operation is Get. -**/Download/****_ProductID_** +**/Download/***ProductID* Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic. Supported operations are Get, Add, and Replace. @@ -166,12 +168,12 @@ Required. The integer value that indicates the status of the current download pr

            7:DOWNLOAD_FAILED

            -

            Unable to connect to server, file doesn't exist, etc.

            +

            Unable to connect to server, file doesn't exist, etc.

            -  + Scope is dynamic. Supported operations are Get, Add, and Replace. @@ -436,11 +438,11 @@ Install or update the installed app with the product ID “{B316008A-141D-4A79-8 To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. > **Note**   -1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). +> 1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). -2. The application product ID curly braces need to be escaped where { is %7B and } is %7D. +2. The application product ID curly braces need to be escaped where { is %7B and } is %7D. -  + ``` syntax @@ -533,9 +535,9 @@ Uninstall an installed enterprise application with product ID “{7BB316008A-141 [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index 5b6097fb0f..1fe417dd0f 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -1,12 +1,14 @@ --- title: EnterpriseAppVManagement CSP description: EnterpriseAppVManagement CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # EnterpriseAppVManagement CSP @@ -24,47 +26,47 @@ The following diagram shows the EnterpriseAppVManagement configuration service p

            Used to query App-V package information (post-publish).

            **AppVPackageManagement/EnterpriseID** -

            Used to query package information. Value is always "HostedInstall".

            +

            Used to query package information. Value is always "HostedInstall".

            **AppVPackageManagement/EnterpriseID/PackageFamilyName**

            Package ID of the published App-V package.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***

            Version ID of the published App-V package.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/Name** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**

            Name specified in the published AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/Version** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**

            Version specified in the published AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/Publisher** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**

            Publisher as specified in the published asset information of the AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/InstallLocation** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**

            Local package path specified in the published asset information of the AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/InstallDate** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**

            Date the app was installed, as specified in the published asset information of the AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/Users** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**

            Registered users for app, as specified in the published asset information of the AppV package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/AppVPackageId** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**

            Package ID of the published App-V package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/AppVVersionId** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**

            Version ID of the published App-V package.

            Value type is string. Supported operation is Get.

            -**AppVPackageManagement/_EnterpriseID_/_PackageFamilyName_/_PackageFullName_/AppVPackageUri** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**

            Package URI of the published App-V package.

            Value type is string. Supported operation is Get.

            @@ -101,9 +103,8 @@ The following diagram shows the EnterpriseAppVManagement configuration service p - SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress.

            Value type is string. Supported operation is Get.

            - -**AppVPublishing/LastSync/SyncProgress** -

            Latest sync state. One of the following values may be returned:

            + +AppVPublishing/LastSync/SyncProgress

            Latest sync state. One of the following values may be returned:

            - SYNC\_STATUS_IDLE (0) - App-V Sync is idle. - SYNC\_STATUS\_PUBLISH_STARTED (1) - App-V Sync is initializing. @@ -117,17 +118,17 @@ The following diagram shows the EnterpriseAppVManagement configuration service p

            Used to perform App-V synchronization.

            **AppVPublishing/Sync/PublishXML** -

            Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](https://msdn.microsoft.com/library/mt739986.aspx).

            +

            Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol.

            Supported operations are Get, Delete, and Execute.

            **AppVDynamicPolicy**

            Used to set App-V Policy Configuration documents for publishing packages.

            -**AppVDynamicPolicy/_ConfigurationId_** +**AppVDynamicPolicy/*ConfigurationId***

            ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).

            -**AppVDynamicPolicy/_ConfigurationId_/Policy** +**AppVDynamicPolicy/*ConfigurationId*/Policy**

            XML for App-V Policy Configuration documents for publishing packages.

            Value type is xml. Supported operations are Add, Get, Delete, and Replace.

            diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index bc28fee863..bd17f6df77 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -1,12 +1,14 @@ --- title: EnterpriseAppVManagement DDF file description: EnterpriseAppVManagement DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # EnterpriseAppVManagement DDF file @@ -585,4 +587,4 @@ SYNC_STATUS_PUBLISH_REBOOT_REQUIRED (4) - App-V Sync requires device reboot. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 1497a04465..eada56f7eb 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -2,11 +2,13 @@ title: EnterpriseAssignedAccess CSP description: EnterpriseAssignedAccess CSP ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/12/2017 --- @@ -39,7 +41,7 @@ Supported operations are Add, Delete, Get and Replace. The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML. -> [!Important]    +> [!IMPORTANT] > When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters. @@ -266,7 +268,7 @@ Here is an example for Windows 10, version 1703. Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). -> [!Note] +> [!NOTE] > Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
              @@ -374,7 +376,7 @@ Buttons | The following list identifies the hardware buttons on the device that

            • Custom3

            -> [!Note] +> [!NOTE] > Lock down of the Start button only prevents the press and hold event. > > Custom buttons are hardware buttons that can be added to devices by OEMs. @@ -398,7 +400,7 @@ Buttons example: ``` The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users. -> [!Note] +> [!NOTE] > The lockdown settings for a button, per user role, will apply regardless of the button mapping. > > Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. @@ -496,7 +498,7 @@ Entry | Description ----------- | ------------ MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create. -> [!Important] +> [!IMPORTANT] > If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps. MenuItems example: @@ -511,12 +513,12 @@ Entry | Description ----------- | ------------ Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. -> [!Important] +> [!IMPORTANT] > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. The following sample file contains configuration for enabling tile manipulation. -> [!Note] +> [!NOTE] > Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. ``` syntax @@ -594,7 +596,7 @@ The following sample file contains configuration for enabling tile manipulation. Entry | Description ----------- | ------------ CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role. -  + **LockscreenWallpaper/** The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace. @@ -720,7 +722,7 @@ The accent color to apply as the foreground color for tiles, controls, and other -  + Supported operations are Get and Replace. @@ -1166,7 +1168,7 @@ Supported operations are Get and Replace.

            2500

            -

            UTC+13 Nuku'alofa

            +

            UTC+13 Nuku'alofa

            @@ -1188,7 +1190,7 @@ The XML examples in this section show how to perform various tasks by using OMA > **Note**  These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file. -  + ### Assigned Access settings @@ -1196,12 +1198,12 @@ The following example shows how to add a new policy. ``` syntax -    -      "/> -    + + + "/> + + ``` @@ -1211,11 +1213,11 @@ The following example shows how to specify the language to display on the device ``` syntax -    -      + + -    + ``` @@ -1251,22 +1253,22 @@ The following example shows how to change the accent color to one of the standar ``` syntax -    -       -         1 -          -             -             ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID -             -             -               int -             -             -            7 -          -       -       -    + + + 1 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID + + + int + + + 7 + + + + ``` @@ -1274,22 +1276,22 @@ The following example shows how to change the theme. ``` syntax -    -       -           1 -           -               -                   ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground -               -               -                   int -               -               -               1 -           -       -       -    + + + 1 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground + + + int + + + 1 + + + + ``` @@ -1297,19 +1299,19 @@ The following example shows how to set a custom theme accent color for the enter ``` syntax -    -      1 -       -          -             ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID -          -          -            int -          -          -         151 -       -    + + 1 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID + + + int + + + 151 + + 2 @@ -1333,17 +1335,17 @@ Use the examples in this section to set a new lock screen and manage the lock sc ``` syntax 2 -    -      ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName -    -      chr -      text/plain -    -    c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg -    + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName + + chr + text/plain + + c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg + + ``` @@ -1351,12 +1353,12 @@ The following example shows how to query the device for the file being used as t ``` syntax 2 -    -      ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName -    + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName + + ``` @@ -1364,22 +1366,22 @@ The following example shows how to change the existing lock screen image to one ``` syntax -    -       -         2 -          -             -               ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName -             -             -               chr -               text/plain -             -            c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg -          -       -       -    + + + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName + + + chr + text/plain + + c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg + + + + ``` @@ -1389,21 +1391,21 @@ The following example shows how to set the time zone to UTC-07 Mountain Time (US ``` syntax -    -       -         2 -          -             -               ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone -             -             -               int -             -            500 -          -       -       -    + + + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone + + + int + + 500 + + + + ``` @@ -1411,21 +1413,21 @@ The following example shows how to set the time zone to Pacific Standard Time (U ``` syntax -    -       -         2 -          -             -               ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone -             -             -               int -             -            400  -          -       -       -    + + + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone + + + int + + 400  + + + + ``` @@ -1435,21 +1437,21 @@ The following example shows how to set the language. ``` syntax -    -       -         1 -          -             -               ./Vendor/MSFT/EnterpriseAssignedAccess/Locale/Language -             -             -               int -             -            1033 -          -       -       -    + + + 1 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/Locale/Language + + + int + + 1033 + + + + ``` @@ -1663,16 +1665,4 @@ The following table lists the product ID and AUMID for each app that is included Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp - - -  - -  - -  - - - - - - + \ No newline at end of file diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index 890112e13c..1620155242 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -2,11 +2,13 @@ title: EnterpriseAssignedAccess DDF description: EnterpriseAssignedAccess DDF ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index f2a5bb4e4b..63acfd38b3 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -2,11 +2,13 @@ title: EnterpriseAssignedAccess XSD description: EnterpriseAssignedAccess XSD ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 80641c3b91..3e69ceaa92 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -2,11 +2,13 @@ title: EnterpriseDataProtection CSP description: The EnterpriseDataProtection configuration service provider (CSP) is used to configure Windows Information Protection (WIP) (formerly known as Enterprise Data Protection) specific settings. ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2017 --- @@ -18,7 +20,7 @@ The EnterpriseDataProtection configuration service provider (CSP) is used to con >- To make WIP functional the AppLocker CSP and the network isolation specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md). >- This CSP was added in Windows 10, version 1607. -  + While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md). @@ -50,13 +52,13 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format.

            Supported operations are Add, Get, Replace and Delete. Value type is integer. **Settings/EnterpriseProtectedDomainNames** -

            A list of domains used by the enterprise for its user identities separated by pipes ("|").The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running. +

            A list of domains used by the enterprise for its user identities separated by pipes ("|").The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.

            Changing the primary enterprise ID is not supported and may cause unexpected behavior on the client. > **Note**  The client requires domain name to be canonical, otherwise the setting will be rejected by the client. -  +

            Here are the steps to create canonical domain names: @@ -69,7 +71,7 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format. **Settings/AllowUserDecryption**

            Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user will not be able to remove protection from enterprise content through the operating system or the application user experiences. -> [!Important] +> [!IMPORTANT] > Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.

            The following list shows the supported values: @@ -95,7 +97,7 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format. > **Note**  This setting is only supported in Windows 10 Mobile. -  +

            Supported operations are Add, Get, Replace and Delete. Value type is integer. @@ -111,122 +113,122 @@ The binary blob is the serialized version of following structure: // //  Recovery Policy Data Structures // -  + typedef struct _RECOVERY_POLICY_HEADER { -    USHORT      MajorRevision; -    USHORT      MinorRevision; -    ULONG       RecoveryKeyCount; + USHORT      MajorRevision; + USHORT      MinorRevision; + ULONG       RecoveryKeyCount; } RECOVERY_POLICY_HEADER, *PRECOVERY_POLICY_HEADER; -  + typedef struct _RECOVERY_POLICY_1_1    { -        RECOVERY_POLICY_HEADER  RecoveryPolicyHeader; -        RECOVERY_KEY_1_1        RecoveryKeyList[1]; + RECOVERY_POLICY_HEADER  RecoveryPolicyHeader; + RECOVERY_KEY_1_1        RecoveryKeyList[1]; }   RECOVERY_POLICY_1_1, *PRECOVERY_POLICY_1_1; -  + #define EFS_RECOVERY_POLICY_MAJOR_REVISION_1   (1) #define EFS_RECOVERY_POLICY_MINOR_REVISION_0   (0) -  + #define EFS_RECOVERY_POLICY_MINOR_REVISION_1   (1) -  + /////////////////////////////////////////////////////////////////////////////// //                                                                            / //  RECOVERY_KEY Data Structure                                               / //                                                                            / /////////////////////////////////////////////////////////////////////////////// -  + // // Current format of recovery data. // -  + typedef struct _RECOVERY_KEY_1_1   { -        ULONG               TotalLength; -        EFS_PUBLIC_KEY_INFO PublicKeyInfo; + ULONG               TotalLength; + EFS_PUBLIC_KEY_INFO PublicKeyInfo; } RECOVERY_KEY_1_1, *PRECOVERY_KEY_1_1; -  -  + + typedef struct _EFS_PUBLIC_KEY_INFO { -  -    // -    // The length of this entire structure, including string data -    // appended to the end. The length should be a multiple of 8 for -    // 64 bit alignment -    // -  -    ULONG Length; -  -    // -    // Sid of owner of the public key (regardless of format). -   // This field is to be treated as a hint only. -    // -  -    ULONG PossibleKeyOwner; -  -    // -    // Contains information describing how to interpret -    // the public key information -    // -  -    ULONG KeySourceTag; -  -    union { -  -        struct { -  -            // -            // The following fields contain offsets based at the -            // beginning of the structure.  Each offset is to -            // a NULL terminated WCHAR string. -            // -  -            ULONG ContainerName; -            ULONG ProviderName; -  -            // -            // The exported public key used to encrypt the FEK. -            // This field contains an offset from the beginning of the -            // structure. -            // -  -            ULONG PublicKeyBlob; -  -            // -            // Length of the PublicKeyBlob in bytes -            // -  -            ULONG PublicKeyBlobLength; -  -        } ContainerInfo; -  -        struct { -  -            ULONG CertificateLength;       // in bytes -            ULONG Certificate;             // offset from start of structure -  -        } CertificateInfo; -  -  -        struct { -  -            ULONG ThumbprintLength;        // in bytes -            ULONG CertHashData;            // offset from start of structure -  -        } CertificateThumbprint; -    }; -  -  -  + + // + // The length of this entire structure, including string data + // appended to the end. The length should be a multiple of 8 for + // 64 bit alignment + // + + ULONG Length; + + // + // Sid of owner of the public key (regardless of format). + // This field is to be treated as a hint only. + // + + ULONG PossibleKeyOwner; + + // + // Contains information describing how to interpret + // the public key information + // + + ULONG KeySourceTag; + + union { + + struct { + + // + // The following fields contain offsets based at the + // beginning of the structure.  Each offset is to + // a NULL terminated WCHAR string. + // + + ULONG ContainerName; + ULONG ProviderName; + + // + // The exported public key used to encrypt the FEK. + // This field contains an offset from the beginning of the + // structure. + // + + ULONG PublicKeyBlob; + + // + // Length of the PublicKeyBlob in bytes + // + + ULONG PublicKeyBlobLength; + + } ContainerInfo; + + struct { + + ULONG CertificateLength;       // in bytes + ULONG Certificate;             // offset from start of structure + + } CertificateInfo; + + + struct { + + ULONG ThumbprintLength;        // in bytes + ULONG CertHashData;            // offset from start of structure + + } CertificateThumbprint; + }; + + + } EFS_PUBLIC_KEY_INFO, *PEFS_PUBLIC_KEY_INFO; -  + // // Possible KeyTag values // -  + typedef enum _PUBLIC_KEY_SOURCE_TAG { -    EfsCryptoAPIContainer = 1, -    EfsCertificate, -    EfsCertificateThumbprint + EfsCryptoAPIContainer = 1, + EfsCertificate, + EfsCertificateThumbprint } PUBLIC_KEY_SOURCE_TAG, *PPUBLIC_KEY_SOURCE_TAG; -  + ```

            For EFSCertificate KeyTag, it is expected to be a DER ENCODED binary certificate. @@ -234,7 +236,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {

            Supported operations are Add, Get, Replace and Delete. Value type is base-64 encoded certificate. **Settings/RevokeOnUnenroll** -

            This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1. +

            This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.

            The following list shows the supported values: @@ -244,7 +246,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {

            Supported operations are Add, Get, Replace and Delete. Value type is integer. **Settings/RevokeOnMDMHandoff** -

            Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from MAM to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service. +

            Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from MAM to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service. - 0 - Don't revoke keys - 1 (dafault) - Revoke keys @@ -265,7 +267,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {

            Supported operations are Add, Get, Replace and Delete. Value type is integer. **Settings/SMBAutoEncryptedFileExtensions** -

            Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list. +

            Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary as defined in the Policy CSP nodes for NetworkIsolation/EnterpriseIPRange and NetworkIsolation/EnterpriseNetworkDomainNames. Use semicolon (;) delimiter in the list.

            When this policy is not specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted.

            Supported operations are Add, Get, Replace and Delete. Value type is string. @@ -315,7 +317,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG { -  +

            Bit 0 indicates whether WIP is on or off. @@ -323,7 +325,7 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {

            Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies are not configured, the bit 3 is set to 0 (zero). -

            Here's the list of mandatory WIP policies: +

            Here's the list of mandatory WIP policies: - EDPEnforcementLevel in EnterpriseDataProtection CSP - DataRecoveryCertificate in EnterpriseDataProtection CSP @@ -335,9 +337,9 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {

            Supported operation is Get. Value type is integer. -  + -  + diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index 15c68b54d0..4073cc2aa7 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -2,11 +2,13 @@ title: EnterpriseDataProtection DDF file description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. ms.assetid: C6427C52-76F9-4EE0-98F9-DE278529D459 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- @@ -14,7 +16,7 @@ ms.date: 12/05/2017 The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. -> [!Important] +> [!IMPORTANT] > Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 221d222f22..8bdd114ece 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -2,11 +2,13 @@ title: EnterpriseDesktopAppManagement CSP description: The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications. ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/11/2017 --- @@ -27,7 +29,7 @@ The root node for the EnterpriseDesktopAppManagement configuration service provi **MSI** Node for all settings. -**MSI/****_ProductID_** +**MSI/***ProductID* The MSI product code for the application. **MSI/*ProductID*/Version** @@ -84,7 +86,7 @@ Status of the application. Value type is string. Supported operation is Get. | Enforcement Failed | 60 | | Enforcement Completed | 70 | -  + **MSI/*ProductID*/LastError** The last error code during the application installation process. This is typically stored as an HRESULT format. Depending on what was occurring when the error happened, this could be the result of executing MSIExec.exe or the error result from an API that failed. @@ -134,7 +136,7 @@ The following table describes the fields in the previous sample: | CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | | LocURI | Path to Win32 CSP command processor. | -  + **SyncML to perform MSI operations for application uninstall** @@ -162,7 +164,7 @@ The following table describes the fields in the previous sample: | CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | | LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. | -  + **SyncML to perform MSI operations for application status reporting** @@ -190,7 +192,7 @@ The following table describes the fields in the previous sample: | CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. | | LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. | -  + **SyncML to perform MSI install operations for an application targeted to a specific user on the device. The Add command is required to preceed the Exec command.** @@ -280,11 +282,11 @@ The following table describes the fields in the previous sample: -  + > **Note**  Information status on the MSI job will be reported using standard OMA-DM notification mechanism. The status reported is represented using standard MSIEXEC return codes as HRESULT as defined in the MSIEXEC topic on Microsoft TechNet at . -  + **SyncML to perform MSI install operations for an application targeted to all users on the device (per-device installation)** @@ -405,7 +407,7 @@ The following table MsiInstallJob describes the schema elements. -  + Here is an example of a common response to a request @@ -477,7 +479,7 @@ For Intune standalone environment, the MSI package will determine the MSI execut -  + The following table applies to SCCM hybrid environment. @@ -518,7 +520,7 @@ The following table applies to SCCM hybrid environment. -  + ## How to determine the package type from the MSI package @@ -556,9 +558,9 @@ Here's a list of references: ``` -  + -  + diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index 26ff1f5785..01692d547d 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -2,11 +2,13 @@ title: EnterpriseDesktopAppManagement DDF description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider. ms.assetid: EF448602-65AC-4D59-A0E8-779876542FE3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 79f6ff63e1..a6138b5f04 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -2,11 +2,13 @@ title: EnterpriseDesktopAppManagement XSD description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. ms.assetid: 60980257-4F48-4A68-8E8E-1EF0A3F090E2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md index ccb3b770da..15eb1eeea4 100644 --- a/windows/client-management/mdm/enterpriseext-csp.md +++ b/windows/client-management/mdm/enterpriseext-csp.md @@ -2,11 +2,13 @@ title: EnterpriseExt CSP description: EnterpriseExt CSP ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md index 72451bab66..dc43984b7c 100644 --- a/windows/client-management/mdm/enterpriseext-ddf.md +++ b/windows/client-management/mdm/enterpriseext-ddf.md @@ -2,11 +2,13 @@ title: EnterpriseExt DDF description: EnterpriseExt DDF ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md index b7afdf089e..b5db3a8ed9 100644 --- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md +++ b/windows/client-management/mdm/enterpriseextfilessystem-csp.md @@ -2,11 +2,13 @@ title: EnterpriseExtFileSystem CSP description: EnterpriseExtFileSystem CSP ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The EnterpriseExtFileSystem configuration service provider (CSP) allows IT admin > **Note**  The EnterpriseExtFileSystem CSP is only supported in Windows 10 Mobile. -  + File contents are embedded directly into the syncML message, so there is a limit to the size of the file that can be retrieved from the device. The default limit is 0x100000 (1 MB). You can configure this limit by using the following registry key: **Software\\Microsoft\\Provisioning\\CSPs\\.\\Vendor\\MSFT\\EnterpriseExtFileSystem\\MaxFileReadSize**. @@ -31,32 +33,32 @@ The following list describes the characteristics and parameters.

            The root node for the EnterpriseExtFileSystem configuration service provider. Supported operations are Add and Get.

            **Persistent** -

            The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.

            +

            The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.

            > **Important**  There is a limit to the amount of data that can be persisted, which varies depending on how much disk space is available on one of the partitions. This data cap amount (that can be persisted) varies by manufacturer. - -  - +> +> +> > **Note**   When the IT admin triggers a **doWipePersistProvisionedData** action using [RemoteWipe CSP](remotewipe-csp.md), items stored in the Persistent folder are persisted over wipe and restored when the device boots again. The contents are not persisted if a **doWipe** action is triggered. -  + **NonPersistent** -

            The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.

            +

            The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.

            When the device is wiped, any data stored in the NonPersistent folder is deleted.

            **OemProfile** -

            Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \\data\\shareddata\\oem\\public\\profile\\ folder of the device.

            +

            Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \data\shareddata\oem\public\profile\ folder of the device.

            ***Directory*** -

            The name of a directory in the device file system. Any *Directory* node can have directories and files as child nodes.

            +

            The name of a directory in the device file system. Any Directory node can have directories and files as child nodes.

            Use the Add command to create a new directory. You cannot use it to add a new directory under a file system root.

            -

            Use the Get command to return the list of child node names under *Directory*.

            +

            Use the Get command to return the list of child node names under Directory.

            -

            Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under *Directory*.

            +

            Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under Directory.

            ***Filename***

            The name of a file in the device file system.

            @@ -117,9 +119,9 @@ The following example shows how to push a file to the device. ``` -  + -  + diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md index eafe9dc1ab..2aef5100cf 100644 --- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md +++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md @@ -2,11 +2,13 @@ title: EnterpriseExtFileSystem DDF description: EnterpriseExtFileSystem DDF ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index a4f77849fe..16b3c88b7c 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -2,11 +2,13 @@ title: EnterpriseModernAppManagement CSP description: EnterpriseModernAppManagement CSP ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/27/2018 --- @@ -28,7 +30,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path. > [!Note] -> Windows Holographic and Windows 10 Mobile only support per-user configuration of the EnterpriseModernAppManagement CSP. +> Windows Holographic and Windows 10 Mobile only support per-user configuration of the EnterpriseModernAppManagement CSP. **AppManagement** Required. Used for inventory and app management (post-install). @@ -44,7 +46,7 @@ Required. Reports the last error code returned by the update scan. Supported operation is Get. **AppManagement/AppInventoryResults** -Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation. +Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation. Supported operation is Get. @@ -62,7 +64,7 @@ Here's an example of AppInventoryResults operation. ``` **AppManagement/AppInventoryQuery** -Added in Windows 10, version 1511. Required. Specifies the query for app inventory. +Added in Windows 10, version 1511. Required. Specifies the query for app inventory. Query parameters: @@ -127,8 +129,7 @@ Parameters:
        • User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed.
          • -
        - +

      Supported operation is Execute. The following example removes a package for all users: @@ -166,7 +167,7 @@ Supported operations are Get and Delete. **AppManagement/AppStore/ReleaseManagement** Added in Windows 10, version 1809. Interior node for the managing updates through the Microsoft Store. These settings allow the IT admin to specify update channels for apps that they want their users to use for receiving updates. It allows the IT admin to assign a specific release to a smaller group for testing before the large deployment to the rest of the organization. -> [!Note] +> [!NOTE] > ReleaseManagement settings only apply to updates through the Microsoft Store. **AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_** @@ -196,7 +197,7 @@ Added in Windows 10, version 1809. Returns the last user release ID on the devic Value type is string. Supported operation is Get. -**.../****_PackageFamilyName_** +**.../***PackageFamilyName* Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin. Supported operations are Get and Delete. @@ -224,7 +225,7 @@ Here's an example for uninstalling an app: ``` -**.../*PackageFamilyName*/****_PackageFullName_** +**.../*PackageFamilyName*/***PackageFullName* Optional. Full name of the package installed. Supported operations are Get and Delete. @@ -232,7 +233,7 @@ Supported operations are Get and Delete. > [!Note] > XAP files use a product ID in place of PackageFullName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. -  + **.../*PackageFamilyName*/*PackageFullName*/Name** Required. Name of the app. Value type is string. @@ -261,7 +262,7 @@ Required. Install location of the app on the device. Value type is string. > [!Note] > Not applicable to XAP files. -  + Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/IsFramework** @@ -270,7 +271,7 @@ Required. Whether or not the app is a framework package. Value type is int. The > [!Note] > Not applicable to XAP files. - Supported operation is Get. + Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/IsBundle** Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int. @@ -287,7 +288,7 @@ Required. Resource ID of the app. This is null for the main app, ~ for a bundle, > [!Note] > Not applicable to XAP files. -  + Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/PackageStatus** @@ -309,7 +310,7 @@ Required. Specifies whether the package state has changed and requires a reinsta > [!Note] > Not applicable to XAP files. -  + Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/Users** @@ -333,10 +334,10 @@ Required. Specifies whether you want to block a specific app from being updated Supported operations are Add, Get, Delete, and Replace. **.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT) -Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context. +Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context. -**.../*PackageFamilyName*/AppSettingPolicy/****_SettingValue_** (only for ./User/Vendor/MSFT) -Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container. +**.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT) +Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container. This setting only works for apps that support the feature and it is only supported in the user context. @@ -398,8 +399,8 @@ NonRemovable requires admin permission. This can only be set per device, not per Value type is integer. Supported operations are Add, Get, and Replace. Valid values: -- 0 – app is not in the nonremovable app policy list -- 1 – app is included in the nonremovable app policy list +- 0 – app is not in the nonremovable app policy list +- 1 – app is included in the nonremovable app policy list **Examples:** @@ -467,7 +468,7 @@ Data 1 = app is in the app policy list **AppInstallation** Required node. Used to perform app installation. -**AppInstallation/****_PackageFamilyName_** +**AppInstallation/***PackageFamilyName* Optional node. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin. Supported operations are Get and Add. @@ -475,7 +476,7 @@ Supported operations are Get and Add. > [!Note] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. -  + **AppInstallation/*PackageFamilyName*/StoreInstall** Required. Command to perform an install of an app and a license from the Microsoft Store. @@ -494,7 +495,7 @@ Supported operation is Get. > [!Note] > This element is not present after the app is installed. -  + **AppInstallation/*PackageFamilyName*/LastErrorDescription** Required. Description of last error relating to the app installation. @@ -504,7 +505,7 @@ Supported operation is Get. > [!Note] > This element is not present after the app is installed. -  + **AppInstallation/*PackageFamilyName*/Status** Required. Status of app installation. The following values are returned: @@ -518,7 +519,7 @@ Supported operation is Get. > [!Note] > This element is not present after the app is installed. -  + **AppInstallation/*PackageFamilyName*/ProgessStatus** Required. An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero). @@ -527,20 +528,20 @@ Supported operation is Get. > [!Note] > This element is not present after the app is installed. -  + **AppLicenses** Required node. Used to manage licenses for app scenarios. **AppLicenses/StoreLicenses** Required node. Used to manage licenses for store apps. -**AppLicenses/StoreLicenses/****_LicenseID_** +**AppLicenses/StoreLicenses/***LicenseID* Optional node. License ID for a store installed app. The license ID is generally the PFN of the app. Supported operations are Add, Get, and Delete. **AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory** -Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid value: +Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid value: - Unknown - unknown license category - Retail - license sold through retail channels, typically from the Microsoft Store @@ -551,7 +552,7 @@ Added in Windows 10, version 1511. Required. Category of license that is used Supported operation is Get. **AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage** -Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values: +Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values: - Unknown - usage is unknown - Online - the license is only valid for online usage. This is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time. @@ -561,7 +562,7 @@ Added in Windows 10, version 1511. Required. Indicates the allowed usage for t Supported operation is Get. **AppLicenses/StoreLicenses/*LicenseID*/RequesterID** -Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID. +Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID. Supported operation is Get. @@ -571,7 +572,7 @@ Required. Command to add license. Supported operation is Execute. **AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore** -Added in Windows 10, version 1511. Required. Command to get license from the store. +Added in Windows 10, version 1511. Required. Command to get license from the store. Supported operation is Execute. @@ -598,7 +599,7 @@ The result contains a list of apps, such as \App1/App2/App\. Subsequent query for a specific app for its properties. ``` syntax - + 1 @@ -621,9 +622,9 @@ Subsequent query for a specific app for its properties. [Configuration service provider reference](configuration-service-provider-reference.md) -  - -  + + + diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 10a37ce63c..9dcc1e70a6 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -2,11 +2,13 @@ title: EnterpriseModernAppManagement DDF description: EnterpriseModernAppManagement DDF ms.assetid: -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/27/2018 --- @@ -1103,4 +1105,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index 3c81c009ea..fb66cbc068 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -2,11 +2,13 @@ title: EnterpriseModernAppManagement XSD description: Here is the XSD for the application parameters. ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md new file mode 100644 index 0000000000..1fad0a54a6 --- /dev/null +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -0,0 +1,26 @@ +--- +title: eSIM Enterprise Management +description: Managing eSIM devices in an enterprise +keywords: eSIM enterprise management +ms.prod: w10 +ms.mktglfcycl: +ms.sitesec: library +author: dansimp +ms.localizationpriority: medium +ms.author: dansimp +ms.topic: +--- + +# How Mobile Device Management Providers support eSIM Management on Windows +The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management. + If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following: +- Onboard to Azure Active Directory +- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. +- Assess solution type that you would like to provide your customers +- Batch/offline solution +- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices. +- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to +- Real-time solution +- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time. +- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used +**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator. diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 8e493b7fa5..43626310a0 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -1,12 +1,14 @@ --- title: eUICCs CSP description: eUICCs CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/02/2018 +ms.reviewer: +manager: dansimp --- # eUICCs CSP @@ -89,4 +91,4 @@ Supported operation is Execute. Value type is string. **_eUICC_/Actions/Status** Required. Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors. -Supported value is Get. Value type is integer. Default is 0. \ No newline at end of file +Supported value is Get. Value type is integer. Default is 0. diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 6649a7a42d..a2495584e3 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -2,11 +2,13 @@ title: eUICCs DDF file description: eUICCs DDF file ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/02/2018 --- @@ -367,4 +369,4 @@ The XML below if for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 22ee108fb4..f173630cc1 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -2,11 +2,13 @@ title: Federated authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using federated authentication policy. ms.assetid: 049ECA6E-1AF5-4CB2-8F1C-A5F22D722DAA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/28/2017 --- @@ -35,7 +37,7 @@ The discovery web service provides the configuration information necessary for a > **Note**  The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com. -  + The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc @@ -131,7 +133,7 @@ The discovery response is in the XML format and includes the following fields: > **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message. -  + When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be leveraged by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call. @@ -140,13 +142,13 @@ When authentication policy is set to be Federated, Web Authentication Broker (WA > - Append the OS version as a parameter in the AuthenticationServiceURL. > - Parse out the OS version from the AuthenticiationServiceURL when the OS sends the response for authentication. -  + A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse XML to allow the server to specify the WAB page start URL. For Federated authentication, this XML tag must exist. > **Note**  The enrollment client is agnostic with regards to the protocol flows for authenticating and returning the security token. While the server might prompt for user credentials directly or enter into a federation protocol with another server and directory service, the enrollment client is agnostic to all of this. To remain agnostic, all protocol flows pertaining to authentication that involve the enrollment client are passive, that is, browser-implemented. -  + The following are the explicit requirements for the server. @@ -160,8 +162,8 @@ The enrollment client issues an HTTPS request as follows: AuthenticationServiceUrl?appru=&login_hint= ``` -- <appid> is of the form ms-app://string -- <User Principal Name> is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication. +- <appid> is of the form ms-app://string +- <User Principal Name> is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication. After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter. @@ -299,7 +301,7 @@ MS-XCEP supports very flexible enrollment policies using various Complex Types a > **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message. -  + The following snippet shows the policy web service response. @@ -393,7 +395,7 @@ The RST may also specify a number of AdditionalContext items, such as DeviceType > **Note**  The policy service and the enrollment service must be on the same server; that is, they must have the same host name. -  + The following example shows the enrollment web service request for federated authentication. @@ -484,7 +486,7 @@ After validating the request, the web service looks up the assigned certificate > **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message. -  + Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc), because the token is more than an X.509 v3 certificate. @@ -553,7 +555,7 @@ The following code shows sample provisioning XML (presented in the preceding pac - + @@ -562,7 +564,7 @@ The following code shows sample provisioning XML (presented in the preceding pac - + @@ -636,7 +638,7 @@ The following code shows sample provisioning XML (presented in the preceding pac - Also important is SSLCLIENTCERTSEARCHCRITERIA, which is used for selecting the certificate to be used for client authentication. The search is based on the subject attribute of the signed user certificate. - CertificateStore/WSTEP enables certificate renewal. If the server does not support it, do not set it. -  + diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md index 5e2ce038a2..653b03b527 100644 --- a/windows/client-management/mdm/filesystem-csp.md +++ b/windows/client-management/mdm/filesystem-csp.md @@ -2,11 +2,13 @@ title: FileSystem CSP description: FileSystem CSP ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -16,12 +18,12 @@ ms.date: 06/26/2017 The FileSystem configuration service provider is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device. It can retrieve information about or manage files in ROM, files in persistent store and files on any removable storage card that is present in the device. It works for files that are hidden from the user as well as those that are visible to the user. > **Note**  FileSystem CSP is only supported in Windows 10 Mobile. - -  - +> +> +> > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application. -  + The following diagram shows the FileSystem configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider. @@ -101,9 +103,9 @@ The following properties are supported for files: [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index f64d0cdc9d..69bc4965a1 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -1,12 +1,14 @@ --- title: Firewall CSP description: Firewall CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 01/26/2018 +ms.reviewer: +manager: dansimp --- # Firewall CSP @@ -38,11 +40,11 @@ The following diagram shows the Firewall configuration service provider in tree

      Value type in integer. Supported operation is Get.

      **MdmStore/Global/CurrentProfiles** -

      Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See [FW_PROFILE_TYPE](https://msdn.microsoft.com/library/cc231559.aspx) for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.

      +

      Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.

      Value type in integer. Supported operation is Get.

      **MdmStore/Global/DisableStatefulFtp** -

      Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.

      +

      Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.

      Default value is false.

      Data type is bool. Supported operations are Add, Get, Replace, and Delete.

      @@ -52,12 +54,12 @@ The following diagram shows the Firewall configuration service provider in tree

      Value type is integer. Supported operations are Add, Get, Replace, and Delete.

      **MdmStore/Global/PresharedKeyEncoding** -

      Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the [PRESHARED_KEY_ENCODING_VALUES enumeration](https://msdn.microsoft.com/library/cc231525.aspx). The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

      +

      Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

      Default value is 1.

      Value type is integer. Supported operations are Add, Get, Replace, and Delete.

      **MdmStore/Global/IPsecExempt** -

      This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in [IPSEC_EXEMPT_VALUES](https://msdn.microsoft.com/library/cc231523.aspx); therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

      +

      This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.

      Default value is 0.

      Value type is integer. Supported operations are Add, Get, Replace, and Delete.

      @@ -76,7 +78,7 @@ The following diagram shows the Firewall configuration service provider in tree

      Value type is string. Supported operation is Get.

      **MdmStore/Global/BinaryVersionSupported** -

      This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.

      +

      This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.

      Value type is string. Supported operation is Get.

      **MdmStore/Global/OpportunisticallyMatchAuthSetPerKM** @@ -115,7 +117,7 @@ The following diagram shows the Firewall configuration service provider in tree

      Value type is bool. Supported operations are Add, Get and Replace.

      **/Shielded** -

      Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.

      +

      Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.

      Default value is false.

      Value type is bool. Supported operations are Get and Replace.

      @@ -192,12 +194,12 @@ Sample syncxml to provision the firewall settings to evaluate

      Value type is integer. Supported operations are Add, Get and Replace.

      **/DisableStealthModeIpsecSecuredPacketExemption** -

      Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

      +

      Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

      Default value is true.

      Value type is bool. Supported operations are Add, Get and Replace.

      **FirewallRules** -

      A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.

      +

      A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.

      **FirewallRules/_FirewallRuleName_**

      Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).

      @@ -245,39 +247,39 @@ Sample syncxml to provision the firewall settings to evaluate

      If not specified, the default is All.

      Value type is string. Supported operations are Add, Get, Replace, and Delete.

      -**FirewallRules/_FirewallRuleName_/LocalAddressRanges** -

      Comma separated list of local addresses covered by the rule. The default value is "\*". Valid tokens include:

      +**FirewallRules/*FirewallRuleName*/LocalAddressRanges** +

      Comma separated list of local addresses covered by the rule. The default value is "". Valid tokens include:

        -
      • "\*" indicates any local address. If present, this must be the only token included.
        • +
      • "" indicates any local address. If present, this must be the only token included.
      • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
      • A valid IPv6 address.
        • -
      • An IPv4 address range in the format of "start address - end address" with no spaces included.
        • -
      • An IPv6 address range in the format of "start address - end address" with no spaces included.
        • +
      • An IPv4 address range in the format of "start address - end address" with no spaces included.
        • +
      • An IPv6 address range in the format of "start address - end address" with no spaces included.

      If not specified, the default is All.

      Value type is string. Supported operations are Add, Get, Replace, and Delete.

      -**FirewallRules/_FirewallRuleName_/RemoteAddressRanges** -

      List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "\*". Valid tokens include:

      +**FirewallRules/*FirewallRuleName*/RemoteAddressRanges** +

      List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "". Valid tokens include:

        -
      • "\*" indicates any remote address. If present, this must be the only token included.
        • -
      • "Defaultgateway"
        • -
      • "DHCP"
        • -
      • "DNS"
        • -
      • "WINS"
        • -
      • "Intranet"
        • -
      • "RmtIntranet"
        • -
      • "Internet"
        • -
      • "Ply2Renders"
        • -
      • "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
        • +
      • "" indicates any remote address. If present, this must be the only token included.
        • +
      • "Defaultgateway"
        • +
      • "DHCP"
        • +
      • "DNS"
        • +
      • "WINS"
        • +
      • "Intranet"
        • +
      • "RmtIntranet"
        • +
      • "Internet"
        • +
      • "Ply2Renders"
        • +
      • "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
      • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
      • A valid IPv6 address.
        • -
      • An IPv4 address range in the format of "start address - end address" with no spaces included.
        • -
      • An IPv6 address range in the format of "start address - end address" with no spaces included.
        • +
      • An IPv4 address range in the format of "start address - end address" with no spaces included.
        • +
      • An IPv6 address range in the format of "start address - end address" with no spaces included.

      If not specified, the default is All.

      Value type is string. Supported operations are Add, Get, Replace, and Delete.

      -

      The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.

      +

      The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.

      **FirewallRules/_FirewallRuleName_/Description**

      Specifies the description of the rule.

      @@ -289,7 +291,7 @@ Sample syncxml to provision the firewall settings to evaluate

      Boolean value. Supported operations are Get and Replace.

      **FirewallRules/_FirewallRuleName_/Profiles** -

      Specifies the profiles to which the rule belongs: Domain, Private, Public. . See [FW_PROFILE_TYPE](https://msdn.microsoft.com/library/cc231559.aspx) for the bitmasks that are used to identify profile types.

      +

      Specifies the profiles to which the rule belongs: Domain, Private, Public. . See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.

      If not specified, the default is All.

      Value type is integer. Supported operations are Get and Replace.

      diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index f9a9e98d71..1242224bc0 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -1,12 +1,14 @@ --- title: Firewall DDF file description: Firewall DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # Firewall CSP @@ -1840,4 +1842,4 @@ This is a string in Security Descriptor Definition Language (SDDL) format.. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index b40c8c4274..94c9465267 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.get\_seatblock' - 'p\_phDeviceMgmt.get\_inventory' ms.assetid: C5485722-FC49-4358-A097-74169B204E74 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- @@ -39,7 +41,7 @@ The **Get Inventory** operation retrieves information from the Microsoft Store f -  + ### URI parameters @@ -75,7 +77,7 @@ The following parameters may be specified in the request URI.

      licenseTypes

      -

      collection of [LicenseType](data-structures-windows-store-for-business.md#licensetype)

      +

      collection of LicenseType

      {online,offline}

      Optional. A collection of license types

      @@ -163,7 +165,7 @@ Here are some examples. The response contains [InventoryResultSet](data-structures-windows-store-for-business.md#inventoryresultset). -  + diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 990c816be4..c2e89912d8 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -2,11 +2,13 @@ title: Get localized product details description: The Get localized product details operation retrieves the localization information of a product from the Micosoft Store for Business. ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 65ae6a7b6a..772d402b87 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -2,11 +2,13 @@ title: Get offline license description: The Get offline license operation retrieves the offline license information of a product from the Micosoft Store for Business. ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 30ec8b7d37..9ab64f1f8b 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -2,11 +2,13 @@ title: Get product details description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application. ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 15dd879715..7f75857534 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -2,11 +2,13 @@ title: Get product package description: The Get product package operation retrieves the information about a specific application in the Micosoft Store for Business. ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index cda326c9e5..394b64e58c 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -2,11 +2,13 @@ title: Get product packages description: The Get product packages operation retrieves the information about applications in the Micosoft Store for Business. ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index ae6f05d26d..2169488622 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -2,11 +2,13 @@ title: Get seat description: The Get seat operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business. ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 1209d5aa2a..016e2a8711 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -2,11 +2,13 @@ title: Get seats assigned to a user description: The Get seats assigned to a user operation retrieves information about assigned seats in the Micosoft Store for Business. ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index f65e6988e2..21d8f631c1 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -2,11 +2,13 @@ title: Get seats description: The Get seats operation retrieves the information about active seats in the Micosoft Store for Business. ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 8fb792fea4..fda1c7d218 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -2,11 +2,13 @@ title: Device HealthAttestation CSP description: Device HealthAttestation CSP ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -53,9 +55,8 @@ The following is a list of functions performed by the Device HealthAttestation C
    -![healthattestation session diagram](images/healthattestation_1.png) - -**DHA session data (Device HealthAttestation session data)** +healthattestation session diagram
    +DHA session data (Device HealthAttestation session data)

    The following list of data is produced or consumed in one DHA-Transaction:

    • DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot and TPM counters) that are required for validating device boot health.
      • @@ -71,7 +72,7 @@ The following is a list of functions performed by the Device HealthAttestation C
    • Nonce: a crypto protected number that is generated by MDM-Server, which protects the DHA-Session from man-in-the-middle type attacks
    -**DHA-Enabled MDM (Device HealthAttestation enabled device management solution)** +DHA-Enabled MDM (Device HealthAttestation enabled device management solution)

    Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.

    DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromized by advanced security threats or running a malicious (jailbroken) operating system.

    The following list of operations are performed by DHA-Enabled-MDM:

    @@ -82,7 +83,7 @@ The following is a list of functions performed by the Device HealthAttestation C
  • Gets the device health report (DHA-Report) from DHA-Service, which triggers compliance action
    • -**DHA-CSP (Device HealthAttestation Configuration Service Provider)** +DHA-CSP (Device HealthAttestation Configuration Service Provider)

    The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device’s TPM and firmware to measure critical security properties of the device’s BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.

    The following list of operations are performed by DHA-CSP:

      @@ -92,7 +93,7 @@ The following is a list of functions performed by the Device HealthAttestation C
    • Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
    -**DHA-Service (Device HealthAttestation Service)** +DHA-Service (Device HealthAttestation Service)

    Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.

    DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.

    @@ -192,7 +193,7 @@ The following diagram shows the Device HealthAttestation configuration service p

    The supported operation is Get.

    -

    The following list shows some examples of supported values. For the complete list of status see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).

    +

    The following list shows some examples of supported values. For the complete list of status see Device HealthAttestation CSP status and error codes.

    - 0 - (HEALTHATTESTATION\_CERT\_RETRI_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service - 1 - (HEALTHATTESTATION\_CERT\_RETRI_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device @@ -398,8 +399,8 @@ Here is an example: AAAAAAAAAFFFFFFF - - + + 2 @@ -408,7 +409,7 @@ Here is an example: - + 3 @@ -536,7 +537,7 @@ Each of these are described in further detail in the following sections, along w - Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks. **BitlockerStatus** (at boot time) -

    When Bitlocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.

    +

    When Bitlocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.

    Windows BitLocker Drive Encryption, encrypts all data stored on the Windows operating system volume. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.

    @@ -554,9 +555,9 @@ Each of these are described in further detail in the following sections, along w **BootManagerRevListVersion**

    This attribute indicates the version of the Boot Manager that is running on the device, to allow you to track and manage the security of the boot sequence/environment.

    -

    If BootManagerRevListVersion = \[CurrentVersion\], then allow access.

    +

    If BootManagerRevListVersion = [CurrentVersion], then allow access.

    -

    If BootManagerRevListVersion != \[CurrentVersion\], then take one of the following actions that align with your enterprise policies:

    +

    If BootManagerRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:

    - Disallow all access - Disallow access to HBI and MBI assets @@ -566,9 +567,9 @@ Each of these are described in further detail in the following sections, along w **CodeIntegrityRevListVersion**

    This attribute indicates the version of the code that is performing integrity checks during the boot sequence. Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it is exposed to security risks (revoked) and enforce an appropriate policy action.

    -

    If CodeIntegrityRevListVersion = \[CurrentVersion\], then allow access.

    +

    If CodeIntegrityRevListVersion = [CurrentVersion], then allow access.

    -

    If CodeIntegrityRevListVersion != \[CurrentVersion\], then take one of the following actions that align with your enterprise policies:

    +

    If CodeIntegrityRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:

    - Disallow all access - Disallow access to HBI and MBI assets @@ -668,7 +669,7 @@ Each of these are described in further detail in the following sections, along w

    If WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.

    **ELAMDriverLoaded** (Windows Defender) -

    To use this reporting feature you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.

    +

    To use this reporting feature you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.

    In the current release, this attribute only monitors/reports if a Microsoft 1st party ELAM (Windows Defender) was loaded during initial boot.

    @@ -732,7 +733,7 @@ Each of these are described in further detail in the following sections, along w **TPMVersion**

    This attribute identifies the version of the TPM that is running on the attested device.

    -

    TPMVersion node provides to replies "1" and "2":

    +

    TPMVersion node provides to replies "1" and "2":

    • 1 means TPM specification version 1.2
    • 2 means TPM specification version 2.0
      • @@ -746,15 +747,15 @@ Each of these are described in further detail in the following sections, along w - Direct the device to an enterprise honeypot, to further monitor the device's activities. **PCR0** -

      The measurement that is captured in PCR\[0\] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.

      +

      The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.

      -

      Enterprise managers can create a whitelist of trusted PCR\[0\] values, compare the PCR\[0\] value of the managed devices (the value that is verified and reported by HAS) with the whitelist, and then make a trust decision based on the result of the comparison.

      +

      Enterprise managers can create a whitelist of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the whitelist, and then make a trust decision based on the result of the comparison.

      -

      If your enterprise does not have a whitelist of accepted PCR\[0\] values, then take no action.

      +

      If your enterprise does not have a whitelist of accepted PCR[0] values, then take no action.

      -

      If PCR\[0\] equals an accepted whitelisted value, then allow access.

      +

      If PCR[0] equals an accepted whitelisted value, then allow access.

      -

      If PCR\[0\] does not equal any accepted whitelisted value, then take one of the following actions that align with your enterprise policies:

      +

      If PCR[0] does not equal any accepted whitelisted value, then take one of the following actions that align with your enterprise policies:

      - Disallow all access - Direct the device to an enterprise honeypot, to further monitor the device's activities. @@ -807,212 +808,212 @@ Each of these are described in further detail in the following sections, along w ## **Device HealthAttestation CSP status and error codes** - - - - - - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - + + + + + +
      Error codeError nameDescription
      0HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZEDThis is the initial state for devices that have never participated in a DHA-Session.
      Error codeError nameDescription
      1HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTEDThis state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
      0HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZEDThis is the initial state for devices that have never participated in a DHA-Session.
      2HEALTHATTESTATION_CERT_RETRIEVAL_FAILEDThis state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
      1HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTEDThis state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
      3HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETEThis state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
      2HEALTHATTESTATION_CERT_RETRIEVAL_FAILEDThis state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
      4HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAILDeprecated in Windows 10, version 1607.
      3HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETEThis state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
      5HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAILDHA-CSP failed to get a claim quote.
      4HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAILDeprecated in Windows 10, version 1607.
      6HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READYDHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
      5HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAILDHA-CSP failed to get a claim quote.
      7HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAILDHA-CSP failed in retrieving Windows AIK
      6HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READYDHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
      8HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAILDeprecated in Windows 10, version 1607.
      7HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAILDHA-CSP failed in retrieving Windows AIK
      9HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSIONInvalid TPM version (TPM version is not 1.2 or 2.0)
      8HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAILDeprecated in Windows 10, version 1607.
      10HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAILNonce was not found in the registry.
      9HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSIONInvalid TPM version (TPM version is not 1.2 or 2.0)
      11HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAILCorrelation ID was not found in the registry.
      10HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAILNonce was not found in the registry.
      12HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAILDeprecated in Windows 10, version 1607.
      11HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAILCorrelation ID was not found in the registry.
      13HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAILDeprecated in Windows 10, version 1607.
      12HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAILDeprecated in Windows 10, version 1607.
      14HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAILFailure in Encoding functions. (Extremely unlikely scenario)
      13HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAILDeprecated in Windows 10, version 1607.
      15HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAILDeprecated in Windows 10, version 1607.
      14HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAILFailure in Encoding functions. (Extremely unlikely scenario)
      16HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XMLDHA-CSP failed to load the payload it received from DHA-Service
      15HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAILDeprecated in Windows 10, version 1607.
      17HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XMLDHA-CSP received a corrupted response from DHA-Service.
      16HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XMLDHA-CSP failed to load the payload it received from DHA-Service
      18HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XMLDHA-CSP received an empty response from DHA-Service.
      17HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XMLDHA-CSP received a corrupted response from DHA-Service.
      19HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EKDHA-CSP failed in decrypting the AES key from the EK challenge.
      18HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XMLDHA-CSP received an empty response from DHA-Service.
      20HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EKDHA-CSP failed in decrypting the health cert with the AES key.
      19HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EKDHA-CSP failed in decrypting the AES key from the EK challenge.
      21HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUBDHA-CSP failed in exporting the AIK Public Key.
      20HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EKDHA-CSP failed in decrypting the health cert with the AES key.
      22HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLYDHA-CSP failed in trying to create a claim with AIK attestation data.
      21HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUBDHA-CSP failed in exporting the AIK Public Key.
      23HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUBDHA-CSP failed in appending the AIK Pub to the request blob.
      22HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLYDHA-CSP failed in trying to create a claim with AIK attestation data.
      24HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERTDHA-CSP failed in appending the AIK Cert to the request blob.
      23HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUBDHA-CSP failed in appending the AIK Pub to the request blob.
      25HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLEDHA-CSP failed to obtain a Session handle.
      24HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERTDHA-CSP failed in appending the AIK Cert to the request blob.
      26HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLEDHA-CSP failed to connect to the DHA-Service.
      25HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLEDHA-CSP failed to obtain a Session handle.
      27HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLEDHA-CSP failed to create a HTTP request handle.
      26HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLEDHA-CSP failed to connect to the DHA-Service.
      28HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTIONDHA-CSP failed to set options.
      27HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLEDHA-CSP failed to create a HTTP request handle.
      29HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERSDHA-CSP failed to add request headers.
      28HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTIONDHA-CSP failed to set options.
      30HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUESTDHA-CSP failed to send the HTTP request.
      29HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERSDHA-CSP failed to add request headers.
      31HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSEDHA-CSP failed to receive a response from the DHA-Service.
      30HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUESTDHA-CSP failed to send the HTTP request.
      32HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERSDHA-CSP failed to query headers when trying to get HTTP status code.
      31HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSEDHA-CSP failed to receive a response from the DHA-Service.
      33HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSEDHA-CSP received an empty response from DHA-Service even though HTTP status was OK.
      32HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERSDHA-CSP failed to query headers when trying to get HTTP status code.
      34HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSEDHA-CSP received an empty response along with a HTTP error code from DHA-Service.
      33HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSEDHA-CSP received an empty response from DHA-Service even though HTTP status was OK.
      35HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USERDHA-CSP failed to impersonate user.
      34HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSEDHA-CSP received an empty response along with a HTTP error code from DHA-Service.
      36HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATORDHA-CSP failed to acquire the PDC activators that are needed for network communication when the device is in Connected standby mode.
      35HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USERDHA-CSP failed to impersonate user.
      0xFFFFHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWNDHA-CSP failed due to an unknown reason, this error is highly unlikely to occur.
      36HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATORDHA-CSP failed to acquire the PDC activators that are needed for network communication when the device is in Connected standby mode.
      400Bad_Request_From_ClientDHA-CSP has received a bad (malformed) attestation request.
      0xFFFFHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWNDHA-CSP failed due to an unknown reason, this error is highly unlikely to occur.
      404Endpoint_Not_ReachableDHA-Service is not reachable by DHA-CSP
      400Bad_Request_From_ClientDHA-CSP has received a bad (malformed) attestation request.
      404Endpoint_Not_ReachableDHA-Service is not reachable by DHA-CSP
      ## DHA-Report V3 schema @@ -1068,12 +1069,12 @@ Each of these are described in further detail in the following sections, along w - + diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 8296982379..fa43c860a4 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -2,11 +2,13 @@ title: HealthAttestation DDF description: HealthAttestation DDF ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md index 0c314eeaa0..ce1fcddfbb 100644 --- a/windows/client-management/mdm/hotspot-csp.md +++ b/windows/client-management/mdm/hotspot-csp.md @@ -2,11 +2,13 @@ title: HotSpot CSP description: HotSpot CSP ms.assetid: ec49dec1-fa79-420a-a9a7-e86668b3eebf -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -16,12 +18,12 @@ ms.date: 06/26/2017 The HotSpot configuration service provider is used to configure and enable Internet sharing on the device, in which the device can be configured to share its cellular connection over Wi-Fi with up to eight client devices or computers. > **Note**  HotSpot CSP is only supported in Windows 10 Mobile. - -  - +> +> +> > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application. -  + The following diagram shows the HotSpot configuration service provider management object in tree format as used by OMA Client Provisioning. The OMA DM protocol is not supported by this configuration service provider. @@ -45,7 +47,7 @@ Specified connections will be mapped, by policy, to the Internet sharing service > **Note**   The mapping policy will also include the connection specified in the **TetheringNAIConnection** value as well. -  + If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share @@ -60,7 +62,7 @@ Specified connections will be mapped, by policy, to the Internet sharing service > **Note**   The mapping policy will also include the connections specified in the **DedicatedConnections** as well. -  + If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share @@ -92,7 +94,7 @@ Where `` is the path to the resource dll that contains the stri > **Note**  MOAppLink is required to use the MOHelpMessage setting. -  + **EntitlementRequired** Optional. Specifies whether the device requires an entitlement check to determine if Internet sharing should be enabled. This node is set to a Boolean value. The default value is **True**. @@ -120,12 +122,12 @@ Changes to this node require a reboot. **MinWifiKeyLength** > **Important**   This parm is no longer supported for Windows Phone 8.1. The enforced minimum allowed length of the Wi-Fi key is 8. -  + **MinWifiSSIDLength** > **Important**   This parm is no longer supported for Windows Phone 8.1. The enforced minimum allowed length of the Wi-Fi SSID is 1. -  + ## Additional requirements for CDMA networks @@ -152,7 +154,7 @@ For CDMA networks that use a separate Network Access Identity (NAI) for Internet > **Note**  CDMA devices are limited to one active data connection at a time. This means any application or service (such as email or MMS) that is bound to another connection may not work while Internet sharing is turned on. -  + ## Creating an Entitlement DLL @@ -194,7 +196,7 @@ During an entitlement check the Internet Sharing service loads the specified DLL -  + The definition for the **ICS\_ENTITLEMENT\_RESULT** is in the header file `IcsEntitlementh`, which ships with the Windows Adaptation Kit. @@ -203,9 +205,9 @@ The definition for the **ICS\_ENTITLEMENT\_RESULT** is in the header file `IcsEn [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/iconfigserviceprovider2.md b/windows/client-management/mdm/iconfigserviceprovider2.md index fbdb51d309..c73e0ce0b4 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2.md +++ b/windows/client-management/mdm/iconfigserviceprovider2.md @@ -2,11 +2,13 @@ title: IConfigServiceProvider2 description: IConfigServiceProvider2 ms.assetid: 8deec0fb-59a6-4d08-8ddb-6d0d3d868a10 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -30,23 +32,23 @@ The following table shows the methods defined by this interface that OEMs must i -

      [IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md)

      +

      IConfigServiceProvider2::ConfigManagerNotification

      Enables ConfigManager2 to send notifications to a configuration service provider of events such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.

      -

      [IConfigServiceProvider2::GetNode](iconfigserviceprovider2getnode.md)

      +

      IConfigServiceProvider2::GetNode

      Returns a node from the configuration service provider based on the path relative to the root node.

      -  + ## Related topics [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md index 1ae5155478..67ed91ca36 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md +++ b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md @@ -2,11 +2,13 @@ title: IConfigServiceProvider2 ConfigManagerNotification description: IConfigServiceProvider2 ConfigManagerNotification ms.assetid: b1f0fe0f-afbe-4b36-a75d-34239a86a75c -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -97,7 +99,7 @@ The following events are supported by all configuration service providers. *lpParam*
      • -Normally NULL, but contains a pointer to an IConfigSession2 instance if *cmnfState* is CFGMGR\_NOTIFICATION\_SETSESSIONOBJ. +Normally NULL, but contains a pointer to an IConfigSession2 instance if cmnfState is CFGMGR_NOTIFICATION_SETSESSIONOBJ.

      @@ -135,7 +137,7 @@ Each configuration service provider will receive the relevant BEGIN/END notifica **Header:** None -  + diff --git a/windows/client-management/mdm/iconfigserviceprovider2getnode.md b/windows/client-management/mdm/iconfigserviceprovider2getnode.md index df315b2ba4..b1ed4618c7 100644 --- a/windows/client-management/mdm/iconfigserviceprovider2getnode.md +++ b/windows/client-management/mdm/iconfigserviceprovider2getnode.md @@ -2,11 +2,13 @@ title: IConfigServiceProvider2 GetNode description: IConfigServiceProvider2 GetNode ms.assetid: 4dc10a59-f6a2-45c0-927c-d594afc9bb91 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -29,18 +31,18 @@ HRESULT GetNode([in] IConfigManager2URI* pURI, *pUri*
      • -URI of the child node, relative to the root node. For example, to access the "./Vendor/Contoso/SampleCSP/ContainerA/UserName" node, ConfigManager2 calls the configuration service provider's `GetNode` method and passes in an IConfigManager2URI instance representing the URI “SampleCSP/ContainerA/UserName”. +URI of the child node, relative to the root node. For example, to access the "./Vendor/Contoso/SampleCSP/ContainerA/UserName" node, ConfigManager2 calls the configuration service provider's GetNode method and passes in an IConfigManager2URI instance representing the URI “SampleCSP/ContainerA/UserName”.

      -*ppNode* +ppNode
      • -If the query is successful, this returns the ICSPNode instance at the *pUri* location in the configuration service provider's tree. +If the query is successful, this returns the ICSPNode instance at the pUri location in the configuration service provider's tree.

      -*pgrfNodeOptions* +pgrfNodeOptions
      • Nodes support the following features. @@ -67,7 +69,7 @@ Nodes support the following features.

        CSPNODE_OPTION_INTERNALTRANSACTION

        0x02

        -

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the [ICSPNodeTransactioning](icspnodetransactioning.md).

        +

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

        CSPNODE_OPTION_HANDLEALLPROPERTIES

        @@ -95,7 +97,7 @@ A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_NODENO **Header:** None -  + diff --git a/windows/client-management/mdm/icspnode.md b/windows/client-management/mdm/icspnode.md index dedf93e0b1..bb66997ee8 100644 --- a/windows/client-management/mdm/icspnode.md +++ b/windows/client-management/mdm/icspnode.md @@ -2,11 +2,13 @@ title: ICSPNode description: ICSPNode ms.assetid: 023466e6-a8ab-48ad-8548-291409686ac2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -33,67 +35,67 @@ The following table shows the methods defined by this interface that OEMs must i -

        [ICSPNode::Add](icspnodeadd.md)

        +

        ICSPNode::Add

        Adds an immediate child to a configuration service provider node and returns a pointer to the new child node.

        -

        [ICSPNode::Clear](icspnodeclear.md)

        -

        Deletes the contents and children of the current configuration service provider node. Called before [ICSPNode::DeleteChild](icspnodedeletechild.md).

        +

        ICSPNode::Clear

        +

        Deletes the contents and children of the current configuration service provider node. Called before ICSPNode::DeleteChild.

        -

        [ICSPNode::Copy](icspnodecopy.md)

        +

        ICSPNode::Copy

        Makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten.

        -

        [ICSPNode::DeleteChild](icspnodedeletechild.md)

        +

        ICSPNode::DeleteChild

        Deletes the specified child node from the configuration service provider node.

        -

        [ICSPNode::DeleteProperty](icspnodedeleteproperty.md)

        +

        ICSPNode::DeleteProperty

        Deletes a property from a configuration service provider node.

        -

        [ICSPNode::Execute](icspnodeexecute.md)

        +

        ICSPNode::Execute

        Runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result.

        -

        [ICSPNode::GetChildNodeNames](icspnodegetchildnodenames.md)

        +

        ICSPNode::GetChildNodeNames

        Returns the list of children for a configuration service provider node.

        -

        [ICSPNode::GetProperty](icspnodegetproperty.md)

        +

        ICSPNode::GetProperty

        Returns a property value from a configuration service provider node.

        -

        [ICSPNode::GetPropertyIdentifiers](icspnodegetpropertyidentifiers.md)

        +

        ICSPNode::GetPropertyIdentifiers

        Returns a list of non-standard properties supported by the node. The returned array must be allocated with CoTaskMemAlloc.

        -

        [ICSPNode::GetValue](icspnodegetvalue.md)

        +

        ICSPNode::GetValue

        Gets the value and data type for the node. Interior (non-leaf) nodes may not have a value.

        -

        [ICSPNode::Move](icspnodemove.md)

        +

        ICSPNode::Move

        Moves this node to a new location within the configuration service provider. If the target node already exists, it should be overwritten.

        -

        [ICSPNode::SetProperty](icspnodesetproperty.md)

        +

        ICSPNode::SetProperty

        Sets a property value for a configuration service provider node.

        -

        [ICSPNode::SetValue](icspnodesetvalue.md)

        +

        ICSPNode::SetValue

        Sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.

        -  + ## Related topics [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodeadd.md b/windows/client-management/mdm/icspnodeadd.md index 504d0751e1..81f5b2cce5 100644 --- a/windows/client-management/mdm/icspnodeadd.md +++ b/windows/client-management/mdm/icspnodeadd.md @@ -2,11 +2,13 @@ title: ICSPNode Add description: ICSPNode Add ms.assetid: 5f03d350-c82b-4747-975f-385fd8b5b3a8 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -73,7 +75,7 @@ HRESULT Add([in] IConfigManager2URI* pChildName,

        CSPNODE_OPTION_INTERNALTRANSACTION

        0x02

        -

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the [ICSPNodeTransactioning](icspnodetransactioning.md).

        +

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

        CSPNODE_OPTION_HANDLEALLPROPERTIES

        @@ -88,7 +90,7 @@ HRESULT Add([in] IConfigManager2URI* pChildName, -  + ## Return Value This method returns an ICSPNode and the feature options supported on that child node. If the method returns null, call GetLastError to get the error value. @@ -107,7 +109,7 @@ For externally–transactioned nodes, if this method is implemented, then [ICSPN [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodeclear.md b/windows/client-management/mdm/icspnodeclear.md index 2c0e45ea99..89db169b0f 100644 --- a/windows/client-management/mdm/icspnodeclear.md +++ b/windows/client-management/mdm/icspnodeclear.md @@ -2,11 +2,13 @@ title: ICSPNode Clear description: ICSPNode Clear ms.assetid: b414498b-110a-472d-95c0-2d5b38cd78a6 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/icspnodecopy.md b/windows/client-management/mdm/icspnodecopy.md index 1061d2b6b9..1771aad0fa 100644 --- a/windows/client-management/mdm/icspnodecopy.md +++ b/windows/client-management/mdm/icspnodecopy.md @@ -2,11 +2,13 @@ title: ICSPNode Copy description: ICSPNode Copy ms.assetid: cd5ce0bc-a08b-4f82-802d-c7ff8701b41f -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -55,7 +57,7 @@ HRESULT Copy([in] IConfigManager2URI* puriDestination,

        CSPNODE_OPTION_INTERNALTRANSACTION

        0x02

        -

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the [ICSPNodeTransactioning](icspnodetransactioning.md).

        +

        The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

        CSPNODE_OPTION_HANDLEALLPROPERTIES

        @@ -70,7 +72,7 @@ HRESULT Copy([in] IConfigManager2URI* puriDestination, -  + ## Return Value A value of S\_OK indicates that the node was successfully copied to the new location. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Copy** method. diff --git a/windows/client-management/mdm/icspnodedeletechild.md b/windows/client-management/mdm/icspnodedeletechild.md index 147c0f4af3..e08d2b025d 100644 --- a/windows/client-management/mdm/icspnodedeletechild.md +++ b/windows/client-management/mdm/icspnodedeletechild.md @@ -2,11 +2,13 @@ title: ICSPNode DeleteChild description: ICSPNode DeleteChild ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/icspnodedeleteproperty.md b/windows/client-management/mdm/icspnodedeleteproperty.md index b771500d38..6bcd73cc62 100644 --- a/windows/client-management/mdm/icspnodedeleteproperty.md +++ b/windows/client-management/mdm/icspnodedeleteproperty.md @@ -2,11 +2,13 @@ title: ICSPNode DeleteProperty description: ICSPNode DeleteProperty ms.assetid: 7e21851f-d663-4558-b3e8-590d24b4f6c4 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/icspnodeexecute.md b/windows/client-management/mdm/icspnodeexecute.md index 12c428de69..b5008f4972 100644 --- a/windows/client-management/mdm/icspnodeexecute.md +++ b/windows/client-management/mdm/icspnodeexecute.md @@ -2,11 +2,13 @@ title: ICSPNode Execute description: ICSPNode Execute ms.assetid: 5916e7b7-256d-49fd-82b6-db0547a215ec -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/icspnodegetchildnodenames.md b/windows/client-management/mdm/icspnodegetchildnodenames.md index 72d72c56ac..176e294eb1 100644 --- a/windows/client-management/mdm/icspnodegetchildnodenames.md +++ b/windows/client-management/mdm/icspnodegetchildnodenames.md @@ -2,11 +2,13 @@ title: ICSPNode GetChildNodeNames description: ICSPNode GetChildNodeNames ms.assetid: dc057f2b-282b-49ac-91c4-bb83bd3ca4dc -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -27,7 +29,7 @@ HRESULT GetChildNodeNames([out] ULONG* pulCount,

        The number of child nodes to return.

        *pbstrNodeNames* -

        The array of child node names. The returned array must be allocated with `CoTaskMemAlloc`. Each element of the array must be a valid, non-NULL `BSTR`, allocated by `SysAllocString` or `SysAllocStringLen`. The names returned must not be encoded in any way, including URI-encoding, for canonicalization reasons.

        +

        The array of child node names. The returned array must be allocated with CoTaskMemAlloc. Each element of the array must be a valid, non-NULL BSTR, allocated by SysAllocString or SysAllocStringLen. The names returned must not be encoded in any way, including URI-encoding, for canonicalization reasons.

        ## Return Value @@ -45,7 +47,7 @@ For externally–transactioned nodes, no additional methods are required for suc [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodegetproperty.md b/windows/client-management/mdm/icspnodegetproperty.md index 0778b71554..e617650c97 100644 --- a/windows/client-management/mdm/icspnodegetproperty.md +++ b/windows/client-management/mdm/icspnodegetproperty.md @@ -2,11 +2,13 @@ title: ICSPNode GetProperty description: ICSPNode GetProperty ms.assetid: a2bdc158-72e0-4cdb-97ce-f5cf1a44b7db -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -47,7 +49,7 @@ For externally–transactioned nodes, no additional methods are required for suc [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md index d0c557b04f..479913e683 100644 --- a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md +++ b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md @@ -2,11 +2,13 @@ title: ICSPNode GetPropertyIdentifiers description: ICSPNode GetPropertyIdentifiers ms.assetid: 8a052cd3-d74c-40c4-845f-f804b920deb4 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -27,7 +29,7 @@ HRESULT GetPropertyIdentifiers([out] ULONG* pulCount,

        The number of non-standard properties to return.

        *pguidProperties* -

        The array of property GUIDs to return. This array must be allocated with `CoTaskMemAlloc`.

        +

        The array of property GUIDs to return. This array must be allocated with CoTaskMemAlloc.

        ## Return Value @@ -45,7 +47,7 @@ For externally–transactioned nodes, no additional methods are required for suc [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodegetvalue.md b/windows/client-management/mdm/icspnodegetvalue.md index 6207cb507c..0e8d591f35 100644 --- a/windows/client-management/mdm/icspnodegetvalue.md +++ b/windows/client-management/mdm/icspnodegetvalue.md @@ -2,11 +2,13 @@ title: ICSPNode GetValue description: ICSPNode GetValue ms.assetid: c684036d-98be-4659-8ce8-f72436a39b90 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -23,7 +25,7 @@ HRESULT GetValue([in,out] VARIANT* pvarValue); ## Parameters *pvarValue* -

        Data value to return. A node containing a password value returns 16 asterisks (‘\*’) for this method. A leaf node whose value has not been set returns a variant whose type is `VT_NULL`. +

        Data value to return. A node containing a password value returns 16 asterisks (‘*’) for this method. A leaf node whose value has not been set returns a variant whose type is VT_NULL.

        ## Return Value @@ -42,7 +44,7 @@ For externally–transactioned nodes, this node is not required to implement any [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodemove.md b/windows/client-management/mdm/icspnodemove.md index 5540b3727d..40d917ca2f 100644 --- a/windows/client-management/mdm/icspnodemove.md +++ b/windows/client-management/mdm/icspnodemove.md @@ -2,11 +2,13 @@ title: ICSPNode Move description: ICSPNode Move ms.assetid: efb359c3-5c86-4975-bf6f-a1c33922442a -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -23,7 +25,7 @@ HRESULT Move([in] IConfigManager2URI* puriDestination); ## Parameters *puriDestination* -

        Path and name of the node's new location, relative to the configuration service provider's root node.

        +

        Path and name of the node's new location, relative to the configuration service provider's root node.

        ## Return Value @@ -41,7 +43,7 @@ For externally–transactioned nodes, if this method is implemented, then [ICSPN [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodesetproperty.md b/windows/client-management/mdm/icspnodesetproperty.md index 6f455d56f5..8052bf2d5d 100644 --- a/windows/client-management/mdm/icspnodesetproperty.md +++ b/windows/client-management/mdm/icspnodesetproperty.md @@ -2,11 +2,13 @@ title: ICSPNode SetProperty description: ICSPNode SetProperty ms.assetid: e235c38f-ea04-4cd8-adec-3c6c0ce7172d -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -47,7 +49,7 @@ For externally–transactioned nodes, no additional methods are required for suc [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodesetvalue.md b/windows/client-management/mdm/icspnodesetvalue.md index eff2b58e9e..afcbc3b99d 100644 --- a/windows/client-management/mdm/icspnodesetvalue.md +++ b/windows/client-management/mdm/icspnodesetvalue.md @@ -2,11 +2,13 @@ title: ICSPNode SetValue description: ICSPNode SetValue ms.assetid: b218636d-fe8b-4a0f-b4e8-a621f65619d3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -23,7 +25,7 @@ HRESULT SetValue([in] VARIANT varValue); ## Parameters *varValue* -

        Value to set. To clear a leaf node’s value, set *varValue*’s type to `VT_NULL`.

        +

        Value to set. To clear a leaf node’s value, set varValue’s type to VT_NULL.

        ## Return Value @@ -41,7 +43,7 @@ For externally–transactioned nodes, no additional methods must be implemented [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -  + diff --git a/windows/client-management/mdm/icspnodetransactioning.md b/windows/client-management/mdm/icspnodetransactioning.md index 4bb80100aa..93b4a35b7b 100644 --- a/windows/client-management/mdm/icspnodetransactioning.md +++ b/windows/client-management/mdm/icspnodetransactioning.md @@ -2,11 +2,13 @@ title: ICSPNodeTransactioning description: ICSPNodeTransactioning ms.assetid: 24dc518a-4a8d-41fe-9bc6-217bbbdf6a3f -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/icspvalidate.md b/windows/client-management/mdm/icspvalidate.md index f1c05d21fd..3d59448e68 100644 --- a/windows/client-management/mdm/icspvalidate.md +++ b/windows/client-management/mdm/icspvalidate.md @@ -2,11 +2,13 @@ title: ICSPValidate description: ICSPValidate ms.assetid: b0993f2d-6269-412f-a329-af25fff34ca2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png b/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png new file mode 100644 index 0000000000..3025185664 Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png differ diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index a96e092f35..61a7890782 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -1,12 +1,14 @@ --- title: Implement server-side support for mobile application management on Windows description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: dansimp ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- @@ -32,10 +34,10 @@ To make applications WIP-aware, app developers need to include the following dat ``` syntax // Mark this binary as Allowed for WIP (EDP) purpose  -    MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID -     BEGIN -         0x0001 -     END  + MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID + BEGIN + 0x0001 + END  ``` ## Configuring an Azure AD tenant for MAM enrollment @@ -59,13 +61,13 @@ Here is an example provisioning XML for MAM enrollment. ``` syntax -    -    -    -    -    + + + + + + + ``` @@ -149,20 +151,20 @@ We have updated Skype for Business to work with MAM. The following table explain -[Current channel](https://technet.microsoft.com/library/mt455210.aspx#BKMK_CB) +Current channel Provide pilot users and application compatibility testers the opportunity to test the next Deferred Channel. March 9 2017

        Visio Pro for Office 365

        -

        Project Online Desktop Client

        +

        Project Desktop Client

        Office 365 Business (the version of Office that comes with some Office 365 plans, such as Business Premium.)

        -[Deferred channel](https://technet.microsoft.com/library/mt455210.aspx#BKMK_CBB) +Deferred channel Provide users with new features of Office only a few times a year. October 10 2017 Office 365 ProPlus -[First release for deferred channel](https://technet.microsoft.com/library/mt455210.aspx#BKMK_FRCBB) +First release for deferred channel Provide pilot users and application compatibility testers the opportunity to test the next Deferred Channel. June 13 2017 diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 2fbd4d1bce..781e0924d0 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -5,11 +5,11 @@ MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: jdeckerms +author: dansimp ms.date: 01/25/2019 --- @@ -29,7 +29,7 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices. ->[!NOTE] +> [!NOTE] >Intune support for the MDM security baseline is coming soon. The MDM security baseline includes policies that cover the following areas: @@ -41,7 +41,11 @@ The MDM security baseline includes policies that cover the following areas: - Legacy technology policies that offer alternative solutions with modern technology - And much more -For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see [MDM Security baseline (Preview) for Windows 10, version 1809](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip). +For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see: +- [MDM Security baseline for Windows 10, version 1903](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip) + +- [MDM Security baseline for Windows 10, version 1809](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip) + For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/en-us/intune/security-baseline-settings-windows) @@ -79,9 +83,9 @@ When an organization wants to move to MDM to manage devices, they should prepare - [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) - [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224) -  + -  + diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index 1c0fd67bf1..98f5020545 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool' - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business' ms.assetid: 0E39AE85-1703-4B24-9A7F-831C6455068F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/27/2017 --- @@ -51,7 +53,7 @@ The Store for Business provides services that enable a management tool to synchr -  + ### Offline-licensed application distribution @@ -81,39 +83,39 @@ For code samples, see [Microsoft Azure Active Directory Samples and Documentatio Here are the steps to configure your Azure AD app. For additional information, see [Integrating Applications with Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=623021): -1. Log into Microsoft Azure Management Portal (https:manage.windowsazure.com) -2. Go to the Active Directory module. -3. Select your directory. -4. Click the **Applications** tab. +1. Log into Microsoft Azure Management Portal (https:manage.windowsazure.com) +2. Go to the Active Directory module. +3. Select your directory. +4. Click the **Applications** tab. - ![business store management tool](images/businessstoreportalservices8.png) + ![business store management tool](images/businessstoreportalservices8.png) -5. Click **Add**. +5. Click **Add**. - ![business store management tool](images/businessstoreportalservices9.png) + ![business store management tool](images/businessstoreportalservices9.png) -6. Select **Add an application that my organization is developing**. +6. Select **Add an application that my organization is developing**. - ![business store management tool](images/businessstoreportalservices10.png) + ![business store management tool](images/businessstoreportalservices10.png) -7. Specify a name and then select **WEB APPLICATION AND/OR WEB API**. +7. Specify a name and then select **WEB APPLICATION AND/OR WEB API**. - ![business store management tool](images/businessstoreportalservices11.png) + ![business store management tool](images/businessstoreportalservices11.png) -8. Specify the **SIGN-ON URL** to your application. +8. Specify the **SIGN-ON URL** to your application. - ![business store management tool](images/businessstoreportalservices12.png) + ![business store management tool](images/businessstoreportalservices12.png) -9. Specify whether your app is multi-tenant or single tenant. For more information, see [Integrating Applications with Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=623021). +9. Specify whether your app is multi-tenant or single tenant. For more information, see [Integrating Applications with Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=623021). - ![business store management tool](images/businessstoreportalservices13.png) + ![business store management tool](images/businessstoreportalservices13.png) 10. Create a client key. ![business store management tool](images/businessstoreportalservices14.png) - > **Note**  In the prior version of the tool, an update to the app manifest was required to authorize the application. This is no longer necessary. -   + > **Note** In the prior version of the tool, an update to the app manifest was required to authorize the application. This is no longer necessary. + 11. Login to Store for Business and enable your application. For step-by-step guide, see [Configure an MDM provider](https://technet.microsoft.com/library/mt606939.aspx). @@ -156,7 +158,7 @@ The diagram below shows the call patterns for acquiring a new or updated applica - [Bulk assign and reclaim seats for users](bulk-assign-and-reclaim-seats-from-user.md) - [Get seats assigned to a user](get-seats-assigned-to-a-user.md) -  + diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md index 85296234bf..3de2401e8b 100644 --- a/windows/client-management/mdm/maps-csp.md +++ b/windows/client-management/mdm/maps-csp.md @@ -2,11 +2,13 @@ title: Maps CSP description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511. ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The Maps configuration service provider (CSP) is used to configure the maps to d > **Note**  The Maps CSP is only supported in Windows 10 Mobile. -  + The following diagram shows the Maps configuration service provider in tree format. @@ -29,7 +31,7 @@ Root node. **Packages** Represents the map packages installed on the device. -**Packages/****_Package_** +**Packages/***Package* A GUID that represents a map package. When you add a *Package* node, Windows adds it to the queue for download to the device. See the table below for the list of various maps and corresponding GUIDS. **Packages/*Package*/Status** @@ -120,7 +122,7 @@ Here is a list of GUIDs of the most downloaded reqions. | Wisconsin | 0b5a98f7-489d-4a07-859b-4e01fe9e1b32 | | Wyoming | 360e0c25-a3bb-4e29-939a-3631eae46e9a | -  + Here is an example queuing a map package of New York for download. @@ -158,9 +160,9 @@ Here is an example that gets the status of the New York map package on the devic ``` -  + -  + diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md index b0788414da..e5e4c7b7ad 100644 --- a/windows/client-management/mdm/maps-ddf-file.md +++ b/windows/client-management/mdm/maps-ddf-file.md @@ -2,11 +2,13 @@ title: Maps DDF file description: This topic shows the OMA DM device description framework (DDF) for the Maps configuration service provider. This CSP was added in Windows 10, version 1511. ms.assetid: EF22DBB6-0578-4FD0-B8A6-19DC03288FAF -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 7c84c08b31..d2c9ee214d 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.enrollment\_ui' - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices' ms.assetid: 4651C81B-D2D6-446A-AA24-04D01C1D0883 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/15/2017 --- @@ -22,7 +24,7 @@ In today’s cloud-first world, enterprise IT departments increasingly want to l > **Note**  When you connect your device using mobile device management (MDM) enrollment, your organization may enforce certain policies on your device. -  + ## Connecting corporate-owned Windows 10-based devices @@ -37,7 +39,7 @@ Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Educatio > **Note**  Mobile devices cannot be connected to an Active Directory domain. -  + ### Out-of-box-experience (OOBE) @@ -92,7 +94,7 @@ There are a few instances where your device cannot be connected to an Active Dir | You are logged in as a standard user. | Your device can only be connected to an Azure AD domain if you are logged in as an administrative user. You’ll need to switch to an administrator account to continue. | | Your device is running Windows 10 Home. | This feature is not available on Windows 10 Home, so you will be unable to connect to an Active Directory domain. You will need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. | -  + ### Connecting your device to an Azure AD domain (Join Azure AD) @@ -165,7 +167,7 @@ There are a few instances where your device cannot be connected to an Azure AD d | Your device is already managed by MDM. | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. | | Your device is running Windows 10 Home. | This feature is not available on Windows 10 Home, so you will be unable to connect to an Azure AD domain. You will need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. | -  + ## Connecting personally-owned devices (Bring your own device) @@ -214,33 +216,33 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an ### Using the Settings app -1. Launch the Settings app. +1. Launch the Settings app. - ![windows settings page](images/unifiedenrollment-rs1-28.png) + ![windows settings page](images/unifiedenrollment-rs1-28.png) -2. Next, navigate to **Accounts**. +2. Next, navigate to **Accounts**. - ![windows settings accounts page](images/unifiedenrollment-rs1-29.png) + ![windows settings accounts page](images/unifiedenrollment-rs1-29.png) -3. Navigate to **Access work or school**. +3. Navigate to **Access work or school**. - ![access work or school](images/unifiedenrollment-rs1-30.png) + ![access work or school](images/unifiedenrollment-rs1-30.png) -4. Click the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934) . For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link). +4. Click the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934) . For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link). - ![connect to work or school](images/unifiedenrollment-rs1-31.png) + ![connect to work or school](images/unifiedenrollment-rs1-31.png) -5. Type in your work email address. +5. Type in your work email address. - ![set up work or school account](images/unifiedenrollment-rs1-32.png) + ![set up work or school account](images/unifiedenrollment-rs1-32.png) -6. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. +6. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. - Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. Starting in Windows 10, version 1709, you will see the enrollment progress on screen. + Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. Starting in Windows 10, version 1709, you will see the enrollment progress on screen. - ![corporate sign in](images/unifiedenrollment-rs1-33-b.png) + ![corporate sign in](images/unifiedenrollment-rs1-33-b.png) - After you complete the flow, your device will be connected to your organization’s MDM. + After you complete the flow, your device will be connected to your organization’s MDM. ### Connecting to MDM on a phone (Enrolling in device management) @@ -281,7 +283,7 @@ There are a few instances where your device may not be able to connect to work, | You don’t have the right privileges to perform this operation. Please talk to your admin. | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. | | We couldn’t auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. | -  + ## Connecting your Windows 10-based device to work using a deep link @@ -313,7 +315,7 @@ The deep link used for connecting your device to work will always use the follow When connecting to MDM using a deep link, the URI you should use is **ms-device-enrollment:?mode=mdm** -**ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=https://example.server.com** +**ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=** The following procedure describes how users can connect their devices to MDM using deep links. @@ -362,7 +364,8 @@ Starting in Windows 10, version 1709, clicking the **Info** button will show a l ![work or school info](images/unifiedenrollment-rs1-35-b.png) -> [Note] Starting in Windows 10, version 1709, the **Manage** button is no longer available. +> [NOTE] +> Starting in Windows 10, version 1709, the **Manage** button is no longer available. ### Disconnect @@ -382,7 +385,7 @@ Starting in Windows 10, version 1709, you can get the advanced diagnostic report ![collecting enrollment management log files](images/unifiedenrollment-rs1-37-c.png) -  + diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md index a8b9de322a..f593722476 100644 --- a/windows/client-management/mdm/messaging-csp.md +++ b/windows/client-management/mdm/messaging-csp.md @@ -1,12 +1,14 @@ --- title: Messaging CSP description: Messaging CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # Messaging CSP @@ -22,7 +24,7 @@ The following diagram shows the Messaging configuration service provider in tree

        Root node for the Messaging configuration service provider.

        **AuditingLevel** -

        Turns on the "Text" auditing feature.

        +

        Turns on the "Text" auditing feature.

        The following list shows the supported values:

        • 0 (Default) - Off
          • diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md index 67dc397e58..2f92333731 100644 --- a/windows/client-management/mdm/messaging-ddf.md +++ b/windows/client-management/mdm/messaging-ddf.md @@ -1,12 +1,14 @@ --- title: Messaging DDF file description: Messaging DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # Messaging DDF file diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index 75b369db78..747ecc45c4 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -2,11 +2,13 @@ title: Mobile device enrollment description: Mobile device enrollment is the first phase of enterprise management. ms.assetid: 08C8B3DB-3263-414B-A368-F47B94F47A11 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/11/2017 --- diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 1b3e56a680..3e06ed3bd7 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -1,12 +1,14 @@ --- title: MultiSIM CSP description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/22/2018 +ms.reviewer: +manager: dansimp --- # MultiSIM CSP @@ -150,4 +152,4 @@ Select slot -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index 54c76ae742..6474094dc5 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -1,12 +1,14 @@ --- title: MultiSIM DDF file description: XML file containing the device description framework -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 02/27/2018 +ms.reviewer: +manager: dansimp --- # MultiSIM CSP @@ -286,4 +288,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index ba2ef8f0b2..c4dbd6410a 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -2,11 +2,13 @@ title: NAP CSP description: NAP CSP ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index f94af70c0f..80a87e53d1 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -2,11 +2,13 @@ title: NAPDEF CSP description: NAPDEF CSP ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -16,12 +18,12 @@ ms.date: 06/26/2017 The NAPDEF configuration service provider is used to add, modify, or delete WAP network access points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a. > **Note**  You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list. - -  - +> +> +> > **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -  + The following diagram shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **initial bootstrapping of the phone**. The OMA DM protocol is not supported by this configuration service provider. @@ -49,7 +51,7 @@ The only permitted values for this element are "POP" (Password Authentication Pr > **Note**  **AuthName** and **AuthSecret** are not created if **AuthType** is not included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** is not included in the provisioning XML used to make the change. -  + **BEARER** Specifies the type of bearer. @@ -129,16 +131,16 @@ The following table shows the Microsoft custom elements that this configuration -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 6a783571df..e4613c29a9 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -1,19 +1,21 @@ --- title: NetworkProxy CSP description: NetworkProxy CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/29/2018 +ms.reviewer: +manager: dansimp --- # NetworkProxy CSP The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703. -> [!Note] +> [!NOTE] > In Windows 10 Mobile, the NetworkProxy CSP only works in ethernet connections. Use the WiFi CSP to configure per-network proxy for Wi-Fi connections in mobile devices. How the settings work: @@ -38,7 +40,7 @@ Added in Windows 10, version 1803. When set to 0, it enables proxy configuration Supported operations are Add, Get, Replace, and Delete. -> [!Note] +> [!NOTE] > Per user proxy configuration setting is not supported. **AutoDetect** diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index b8fbd90dbc..bf158a3cc1 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -1,12 +1,14 @@ --- title: NetworkProxy DDF file description: AppNetworkProxyLocker DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # NetworkProxy DDF file @@ -173,4 +175,4 @@ The XML below is the current version for this CSP. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 4ccc4536e2..564059ef4e 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -1,12 +1,14 @@ --- title: NetworkQoSPolicy CSP description: he NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # NetworkQoSPolicy CSP @@ -39,10 +41,10 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

          The only supported operation is Get. -**_Name_** +***Name***

          Node for the QoS policy name. -**_Name_/IPProtocolMatchCondition** +***Name*/IPProtocolMatchCondition**

          Specifies the IP protocol used to match the network traffic.

          Valid values are: @@ -55,14 +57,14 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

          The supported operations are Add, Get, Delete, and Replace. -**_Name_/AppPathNameMatchCondition** +***Name*/AppPathNameMatchCondition**

          Specifies the name of an application to be used to match the network traffic, such as application.exe or %ProgramFiles%\application.exe.

          The data type is char.

          The supported operations are Add, Get, Delete, and Replace. -**_Name_/SourcePortMatchCondition** +***Name*/SourcePortMatchCondition**

          Specifies a single port or a range of ports to be used to match the network traffic source.

          Valid values are: @@ -74,7 +76,7 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

          The supported operations are Add, Get, Delete, and Replace. -**_Name_/DestinationPortMatchCondition** +***Name*/DestinationPortMatchCondition**

          Specifies a single source port or a range of ports to be used to match the network traffic destination.

          Valid values are: @@ -86,7 +88,7 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

          The supported operations are Add, Get, Delete, and Replace. -**_Name_/PriorityValue8021Action** +***Name*/PriorityValue8021Action**

          Specifies the IEEE 802.1p priority value to apply to matching network traffic.

          Valid values are 0-7. @@ -95,7 +97,7 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

          The supported operations are Add, Get, Delete, and Replace. -**_Name_/DSCPAction** +***Name*/DSCPAction**

          The differentiated services code point (DSCP) value to apply to matching network traffic.

          Valid values are 0-63. diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 12c6572869..0eb83d5178 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -2,11 +2,13 @@ title: NetworkQoSPolicy DDF description: This topic shows the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index b7d977b310..385ec75ea5 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -5,50 +5,60 @@ MS-HAID: - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview' - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management' ms.assetid: 9C42064F-091C-4901-BC73-9ABE79EE4224 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 12/06/2018 +author: manikadhiman +ms.date: 05/15/2019 --- -# What's new in MDM enrollment and management +# What's new in mobile device enrollment and management This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. -For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). +For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). -## In this section +- **What’s new in MDM for Windows 10 versions** + - [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903) + - [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809) + - [What’s new in MDM for Windows 10, version 1803](#whats-new-in-mdm-for-windows-10-version-1803) + - [What’s new in MDM for Windows 10, version 1709](#whats-new-in-mdm-for-windows-10-version-1709) + - [What’s new in MDM for Windows 10, version 1703](#whats-new-in-mdm-for-windows-10-version-1703) + - [What’s new in MDM for Windows 10, version 1607](#whats-new-in-mdm-for-windows-10-version-1607) + - [What’s new in MDM for Windows 10, version 1511](#whats-new-in-mdm-for-windows-10-version-1511) -- [What's new in MDM enrollment and management](#whats-new-in-mdm-enrollment-and-management) - - [In this section](#in-this-section) - - [What's new in Windows 10, version 1511](#a-href%22%22-id%22whatsnew%22awhats-new-in-windows-10-version-1511) - - [What's new in Windows 10, version 1607](#a-href%22%22-id%22whatsnew1607%22awhats-new-in-windows-10-version-1607) - - [What's new in Windows 10, version 1703](#a-href%22%22-id%22whatsnew10%22awhats-new-in-windows-10-version-1703) - - [What's new in Windows 10, version 1709](#a-href%22%22-id%22whatsnew1709%22awhats-new-in-windows-10-version-1709) - - [What's new in Windows 10, version 1803](#a-href%22%22-id%22whatsnew1803%22awhats-new-in-windows-10-version-1803) - - [What's new in Windows 10, version 1809](#a-href%22%22-id%22whatsnew1809%22awhats-new-in-windows-10-version-1809) - - [Breaking changes and known issues](#breaking-changes-and-known-issues) - - [Get command inside an atomic command is not supported](#a-href%22%22-id%22getcommand%22aget-command-inside-an-atomic-command-is-not-supported) - - [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#a-href%22%22-id%22notification%22anotification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10) - - [Apps installed using WMI classes are not removed](#a-href%22%22-id%22appsnotremoved%22aapps-installed-using-wmi-classes-are-not-removed) - - [Passing CDATA in SyncML does not work](#a-href%22%22-id%22cdata%22apassing-cdata-in-syncml-does-not-work) - - [SSL settings in IIS server for SCEP must be set to "Ignore"](#a-href%22%22-id%22sslsettings%22assl-settings-in-iis-server-for-scep-must-be-set-to-%22ignore%22) - - [MDM enrollment fails on the mobile device when traffic is going through proxy](#a-href%22%22-id%22enrollmentviaproxy%22amdm-enrollment-fails-on-the-mobile-device-when-traffic-is-going-through-proxy) - - [Server-initiated unenrollment failure](#a-href%22%22-id%22unenrollment%22aserver-initiated-unenrollment-failure) - - [Certificates causing issues with Wi-Fi and VPN](#a-href%22%22-id%22certissues%22acertificates-causing-issues-with-wi-fi-and-vpn) - - [Version information for mobile devices](#a-href%22%22-id%22versioninformation%22aversion-information-for-mobile-devices) - - [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#a-href%22%22-id%22whitelist%22aupgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues) - - [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#a-href%22%22-id%22frameworks%22aapps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218) - - [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#a-href%22%22-id%22wificertissue%22amultiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile) - - [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#a-href%22%22-id%22remote%22aremote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices) - - [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#a-href%22%22-id%22renewwns%22amdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri) - - [User provisioning failure in Azure Active Directory joined Windows 10 PC](#a-href%22%22-id%22userprovisioning%22auser-provisioning-failure-in-azure-active-directory-joined-windows-10-pc) - - [Requirements to note for VPN certificates also used for Kerberos Authentication](#a-href%22%22-id%22kerberos%22arequirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication) - - [Device management agent for the push-button reset is not working](#a-href%22%22-id%22pushbuttonreset%22adevice-management-agent-for-the-push-button-reset-is-not-working) - - [Change history in MDM documentation](#change-history-in-mdm-documentation) +- **Breaking changes and known issues** + - [Get command inside an atomic command is not supported](#get-command-inside-an-atomic-command-is-not-supported) + - [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10) + - [Apps installed using WMI classes are not removed](#apps-installed-using-wmi-classes-are-not-removed) + - [Passing CDATA in SyncML does not work](#passing-cdata-in-syncml-does-not-work) + - [SSL settings in IIS server for SCEP must be set to "Ignore"](#ssl-settings-in-iis-server-for-scep-must-be-set-to-ignore) + - [MDM enrollment fails on the mobile device when traffic is going through proxy](#mdm-enrollment-fails-on-the-mobile-device-when-traffic-is-going-through-proxy) + - [Server-initiated unenrollment failure](#server-initiated-unenrollment-failure) + - [Certificates causing issues with Wi-Fi and VPN](#certificates-causing-issues-with-wi-fi-and-vpn) + - [Version information for mobile devices](#version-information-for-mobile-devices) + - [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#upgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues) + - [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#apps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218) + - [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#multiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile) + - [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#remote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices) + - [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#mdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri) + - [User provisioning failure in Azure Active Directory joined Windows 10 PC](#user-provisioning-failure-in-azure-active-directory-joined-windows-10-pc) + - [Requirements to note for VPN certificates also used for Kerberos Authentication](#requirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication) + - [Device management agent for the push-button reset is not working](#device-management-agent-for-the-push-button-reset-is-not-working) + +- **Frequently Asked Questions** + - [Can there be more than 1 MDM server to enroll and manage devices in Windows 10?](#can-there-be-more-than-1-mdm-server-to-enroll-and-manage-devices-in-windows-10) + - [How do I set the maximum number of Azure Active Directory joined devices per user?](#how-do-i-set-the-maximum-number-of-azure-active-directory-joined-devices-per-user) + - [What is dmwappushsvc?](#what-is-dmwappushsvc) + +- **Change history in MDM documentation** + - [May 2019](#may-2019) + - [April 2019](#april-2019) + - [March 2019](#march-2019) - [February 2019](#february-2019) - [January 2019](#january-2019) - [December 2018](#december-2018) @@ -66,9 +76,644 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [October 2017](#october-2017) - [September 2017](#september-2017) - [August 2017](#august-2017) - - [FAQ](#faq) -## What's new in Windows 10, version 1511 +## What’s new in MDM for Windows 10, version 1903 + ++++ + + + + + + + + + + + + + + +
          New or updated topicDescription
          Policy CSP

          Added the following new policies in Windows 10, version 1903:

          + +
          EnrollmentStatusTracking CSP

          Added new CSP in Windows 10, version 1903.

          +
          + +## What’s new in MDM for Windows 10, version 1809 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          New or updated topicDescription
          Policy CSP

          Added the following new policies in Windows 10, version 1809:

          +
            +
          • ApplicationManagement/LaunchAppAfterLogOn
            • +
          • ApplicationManagement/ScheduleForceRestartForUpdateFailures
            • +
          • Authentication/EnableFastFirstSignIn (Preview mode only)
            • +
          • Authentication/EnableWebSignIn (Preview mode only)
            • +
          • Authentication/PreferredAadTenantDomainName
            • +
          • Browser/AllowFullScreenMode
            • +
          • Browser/AllowPrelaunch
            • +
          • Browser/AllowPrinting
            • +
          • Browser/AllowSavingHistory
            • +
          • Browser/AllowSideloadingOfExtensions
            • +
          • Browser/AllowTabPreloading
            • +
          • Browser/AllowWebContentOnNewTabPage
            • +
          • Browser/ConfigureFavoritesBar
            • +
          • Browser/ConfigureHomeButton
            • +
          • Browser/ConfigureKioskMode
            • +
          • Browser/ConfigureKioskResetAfterIdleTimeout
            • +
          • Browser/ConfigureOpenMicrosoftEdgeWith
            • +
          • Browser/ConfigureTelemetryForMicrosoft365Analytics
            • +
          • Browser/PreventCertErrorOverrides
            • +
          • Browser/SetHomeButtonURL
            • +
          • Browser/SetNewTabPageURL
            • +
          • Browser/UnlockHomeButton
            • +
          • Defender/CheckForSignaturesBeforeRunningScan
            • +
          • Defender/DisableCatchupFullScan
            • +
          • Defender/DisableCatchupQuickScan
            • +
          • Defender/EnableLowCPUPriority
            • +
          • Defender/SignatureUpdateFallbackOrder
            • +
          • Defender/SignatureUpdateFileSharesSources
            • +
          • DeviceGuard/ConfigureSystemGuardLaunch
            • +
          • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
            • +
          • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
            • +
          • DeviceInstallation/PreventDeviceMetadataFromNetwork
            • +
          • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
            • +
          • DmaGuard/DeviceEnumerationPolicy
            • +
          • Experience/AllowClipboardHistory
            • +
          • Experience/DoNotSyncBrowserSettings
            • +
          • Experience/PreventUsersFromTurningOnBrowserSyncing
            • +
          • Kerberos/UPNNameHints
            • +
          • Privacy/AllowCrossDeviceClipboard
            • +
          • Privacy/DisablePrivacyExperience
            • +
          • Privacy/UploadUserActivities
            • +
          • Security/RecoveryEnvironmentAuthentication
            • +
          • System/AllowDeviceNameInDiagnosticData
            • +
          • System/ConfigureMicrosoft365UploadEndpoint
            • +
          • System/DisableDeviceDelete
            • +
          • System/DisableDiagnosticDataViewer
            • +
          • Storage/RemovableDiskDenyWriteAccess
            • +
          • TaskManager/AllowEndTask
            • +
          • Update/EngagedRestartDeadlineForFeatureUpdates
            • +
          • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
            • +
          • Update/EngagedRestartTransitionScheduleForFeatureUpdates
            • +
          • Update/SetDisablePauseUXAccess
            • +
          • Update/SetDisableUXWUAccess
            • +
          • WindowsDefenderSecurityCenter/DisableClearTpmButton
            • +
          • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
            • +
          • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
            • +
          • WindowsLogon/DontDisplayNetworkSelectionUI
            • +
          +
          PassportForWork CSP

          Added new settings in Windows 10, version 1809.

          +
          EnterpriseModernAppManagement CSP

          Added NonRemovable setting under AppManagement node in Windows 10, version 1809.

          +
          Win32CompatibilityAppraiser CSP

          Added new configuration service provider in Windows 10, version 1809.

          +
          WindowsLicensing CSP

          Added S mode settings and SyncML examples in Windows 10, version 1809.

          +
          SUPL CSP

          Added 3 new certificate nodes in Windows 10, version 1809.

          +
          Defender CSP

          Added a new node Health/ProductStatus in Windows 10, version 1809.

          +
          BitLocker CSP

          Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro.

          +
          DevDetail CSP

          Added a new node SMBIOSSerialNumber in Windows 10, version 1809.

          +
          Wifi CSP

          Added a new node WifiCost in Windows 10, version 1809.

          +
          WindowsDefenderApplicationGuard CSP

          Added new settings in Windows 10, version 1809.

          +
          RemoteWipe CSP

          Added new settings in Windows 10, version 1809.

          +
          TenantLockdown CSP

          Added new CSP in Windows 10, version 1809.

          +
          Office CSP

          Added FinalStatus setting in Windows 10, version 1809.

          +
          + +## What’s new in MDM for Windows 10, version 1803 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          New or updated topicDescription
          Policy CSP

          Added the following new policies for Windows 10, version 1803:

          +
            +
          • ApplicationDefaults/EnableAppUriHandlers
            • +
          • ApplicationManagement/MSIAllowUserControlOverInstall
            • +
          • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
            • +
          • Bluetooth/AllowPromptedProximalConnections
            • +
          • Browser/AllowConfigurationUpdateForBooksLibrary
            • +
          • Browser/AlwaysEnableBooksLibrary
            • +
          • Browser/EnableExtendedBooksTelemetry
            • +
          • Browser/UseSharedFolderForBooks
            • +
          • Connectivity/AllowPhonePCLinking
            • +
          • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
            • +
          • DeliveryOptimization/DODelayForegroundDownloadFromHttp
            • +
          • DeliveryOptimization/DOGroupIdSource
            • +
          • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
            • +
          • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
            • +
          • DeliveryOptimization/DORestrictPeerSelectionBy
            • +
          • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
            • +
          • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
            • +
          • Display/DisablePerProcessDpiForApps
            • +
          • Display/EnablePerProcessDpi
            • +
          • Display/EnablePerProcessDpiForApps
            • +
          • Experience/AllowWindowsSpotlightOnSettings
            • +
          • KioskBrowser/BlockedUrlExceptions
            • +
          • KioskBrowser/BlockedUrls
            • +
          • KioskBrowser/DefaultURL
            • +
          • KioskBrowser/EnableEndSessionButton
            • +
          • KioskBrowser/EnableHomeButton
            • +
          • KioskBrowser/EnableNavigationButtons
            • +
          • KioskBrowser/RestartOnIdleTime
            • +
          • LanmanWorkstation/EnableInsecureGuestLogons
            • +
          • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
            • +
          • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
            • +
          • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
            • +
          • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
            • +
          • LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
            • +
          • LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
            • +
          • LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges
            • +
          • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
            • +
          • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
            • +
          • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
            • +
          • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
            • +
          • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
            • +
          • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
            • +
          • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
            • +
          • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
            • +
          • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
            • +
          • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
            • +
          • LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
            • +
          • Notifications/DisallowCloudNotification
            • +
          • RestrictedGroups/ConfigureGroupMembership
            • +
          • Search/AllowCortanaInAAD
            • +
          • Search/DoNotUseWebResults
            • +
          • Security/ConfigureWindowsPasswords
            • +
          • Start/DisableContextMenus
            • +
          • System/FeedbackHubAlwaysSaveDiagnosticsLocally
            • +
          • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
            • +
          • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
            • +
          • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
            • +
          • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
            • +
          • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
            • +
          • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
            • +
          • TaskScheduler/EnableXboxGameSaveTask
            • +
          • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
            • +
          • TextInput/ForceTouchKeyboardDockedState
            • +
          • TextInput/TouchKeyboardDictationButtonAvailability
            • +
          • TextInput/TouchKeyboardEmojiButtonAvailability
            • +
          • TextInput/TouchKeyboardFullModeAvailability
            • +
          • TextInput/TouchKeyboardHandwritingModeAvailability
            • +
          • TextInput/TouchKeyboardNarrowModeAvailability
            • +
          • TextInput/TouchKeyboardSplitModeAvailability
            • +
          • TextInput/TouchKeyboardWideModeAvailability
            • +
          • Update/ConfigureFeatureUpdateUninstallPeriod
            • +
          • UserRights/AccessCredentialManagerAsTrustedCaller
            • +
          • UserRights/AccessFromNetwork
            • +
          • UserRights/ActAsPartOfTheOperatingSystem
            • +
          • UserRights/AllowLocalLogOn
            • +
          • UserRights/BackupFilesAndDirectories
            • +
          • UserRights/ChangeSystemTime
            • +
          • UserRights/CreateGlobalObjects
            • +
          • UserRights/CreatePageFile
            • +
          • UserRights/CreatePermanentSharedObjects
            • +
          • UserRights/CreateSymbolicLinks
            • +
          • UserRights/CreateToken
            • +
          • UserRights/DebugPrograms
            • +
          • UserRights/DenyAccessFromNetwork
            • +
          • UserRights/DenyLocalLogOn
            • +
          • UserRights/DenyRemoteDesktopServicesLogOn
            • +
          • UserRights/EnableDelegation
            • +
          • UserRights/GenerateSecurityAudits
            • +
          • UserRights/ImpersonateClient
            • +
          • UserRights/IncreaseSchedulingPriority
            • +
          • UserRights/LoadUnloadDeviceDrivers
            • +
          • UserRights/LockMemory
            • +
          • UserRights/ManageAuditingAndSecurityLog
            • +
          • UserRights/ManageVolume
            • +
          • UserRights/ModifyFirmwareEnvironment
            • +
          • UserRights/ModifyObjectLabel
            • +
          • UserRights/ProfileSingleProcess
            • +
          • UserRights/RemoteShutdown
            • +
          • UserRights/RestoreFilesAndDirectories
            • +
          • UserRights/TakeOwnership
            • +
          • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
            • +
          • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
            • +
          • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
            • +
          • WindowsDefenderSecurityCenter/HideSecureBoot
            • +
          • WindowsDefenderSecurityCenter/HideTPMTroubleshooting
            • +
          +

          Security/RequireDeviceEncryption - updated to show it is supported in desktop.

          +
          BitLocker CSP

          Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

          +
          DMClient CSP

          Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

          +
            +
          • AADSendDeviceToken
            • +
          • BlockInStatusPage
            • +
          • AllowCollectLogsButton
            • +
          • CustomErrorText
            • +
          • SkipDeviceStatusPage
            • +
          • SkipUserStatusPage
            • +
          +
          Defender CSP

          Added new node (OfflineScan) in Windows 10, version 1803.

          +
          UEFI CSP

          Added a new CSP in Windows 10, version 1803.

          +
          Update CSP

          Added the following nodes in Windows 10, version 1803:

          +
            +
          • Rollback
            • +
          • Rollback/FeatureUpdate
            • +
          • Rollback/QualityUpdateStatus
            • +
          • Rollback/FeatureUpdateStatus
            • +
          +
          AssignedAccess CSP

          Added the following nodes in Windows 10, version 1803:

          +
            +
          • Status
            • +
          • ShellLauncher
            • +
          • StatusConfiguration
            • +
          +

          Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.

          +
          MultiSIM CSP

          Added a new CSP in Windows 10, version 1803.

          +
          EnterpriseModernAppManagement CSP

          Added the following node in Windows 10, version 1803:

          +
            +
          • MaintainProcessorArchitectureOnUpdate
            • +
          +
          eUICCs CSP

          Added the following node in Windows 10, version 1803:

          +
            +
          • IsEnabled
            • +
          +
          DeviceStatus CSP

          Added the following node in Windows 10, version 1803:

          +
            +
          • OS/Mode
            • +
          +
          AccountManagement CSP

          Added a new CSP in Windows 10, version 1803.

          +
          RootCATrustedCertificates CSP

          Added the following node in Windows 10, version 1803:

          +
            +
          • UntrustedCertificates
            • +
          +
          NetworkProxy CSP

          Added the following node in Windows 10, version 1803:

          +
            +
          • ProxySettingsPerUser
            • +
          +
          Accounts CSP

          Added a new CSP in Windows 10, version 1803.

          +
          MDM Migration Analysis Too (MMAT)

          Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.

          +
          CSP DDF files download

          Added the DDF download of Windows 10, version 1803 configuration service providers.

          +
          + +## What’s new in MDM for Windows 10, version 1709 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          ItemDescription
          The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2

          The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

          +
            +
          • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
            • +
          • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
            • +
          • DomainName - fully qualified domain name if the device is domain-joined.
            • +
          +

          For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

          +
          Firewall CSP

          Added new CSP in Windows 10, version 1709.

          +
          eUICCs CSP

          Added new CSP in Windows 10, version 1709.

          +
          WindowsDefenderApplicationGuard CSPNew CSP added in Windows 10, version 1709. Also added the DDF topic WindowsDefenderApplicationGuard DDF file.
          CM_ProxyEntries CSP and CMPolicy CSPIn Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the Configuration service provider reference was updated.
          WindowsDefenderApplicationGuard CSPNew CSP added in Windows 10, version 1709. Also added the DDF topic WindowsDefenderApplicationGuard DDF file.
          VPNv2 CSP

          Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.

          +
          DeviceStatus CSP

          Added the following settings in Windows 10, version 1709:

          +
            +
          • DeviceStatus/DomainName
            • +
          • DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq
            • +
          • DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus
            • +
          • DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus
            • +
          +
          AssignedAccess CSP

          Added the following setting in Windows 10, version 1709.

          +
            +
          • Configuration
            • +
          +

          Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.

          +
          DeviceManageability CSP

          Added the following settings in Windows 10, version 1709:

          +
            +
          • Provider/ProviderID/ConfigInfo
            • +
          • Provider/ProviderID/EnrollmentInfo
            • +
          +
          Office CSP

          Added the following setting in Windows 10, version 1709:

          +
            +
          • Installation/CurrentStatus
            • +
          +
          DMClient CSP

          Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

          +
          Bitlocker CSP

          Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.

          +
          ADMX-backed policies in Policy CSP

          Added new policies.

          +
          Microsoft Store for Business and Microsoft Store

          Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.

          +
          MDM enrollment of Windows-based devices

          New features in the Settings app:

          +
            +
          • User sees installation progress of critical policies during MDM enrollment.
            • +
          • User knows what policies, profiles, apps MDM has configured
            • +
          • IT helpdesk can get detailed MDM diagnostic information using client tools
            • +
          +

          For details, see Managing connection and Collecting diagnostic logs

          +
          Enroll a Windows 10 device automatically using Group Policy

          Added new topic to introduce a new Group Policy for automatic MDM enrollment.

          +
          Policy CSP

          Added the following new policies for Windows 10, version 1709:

          +
            +
          • Authentication/AllowAadPasswordReset
            • +
          • Authentication/AllowFidoDeviceSignon
            • +
          • Browser/LockdownFavorites
            • +
          • Browser/ProvisionFavorites
            • +
          • Cellular/LetAppsAccessCellularData
            • +
          • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
            • +
          • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
            • +
          • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
            • +
          • CredentialProviders/DisableAutomaticReDeploymentCredentials
            • +
          • DeviceGuard/EnableVirtualizationBasedSecurity
            • +
          • DeviceGuard/RequirePlatformSecurityFeatures
            • +
          • DeviceGuard/LsaCfgFlags
            • +
          • DeviceLock/MinimumPasswordAge
            • +
          • ExploitGuard/ExploitProtectionSettings
            • +
          • Games/AllowAdvancedGamingServices
            • +
          • Handwriting/PanelDefaultModeDocked
            • +
          • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
            • +
          • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
            • +
          • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
            • +
          • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
            • +
          • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
            • +
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
            • +
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
            • +
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
            • +
          • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
            • +
          • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
            • +
          • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
            • +
          • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
            • +
          • LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
            • +
          • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
            • +
          • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
            • +
          • Power/DisplayOffTimeoutOnBattery
            • +
          • Power/DisplayOffTimeoutPluggedIn
            • +
          • Power/HibernateTimeoutOnBattery
            • +
          • Power/HibernateTimeoutPluggedIn
            • +
          • Power/StandbyTimeoutOnBattery
            • +
          • Power/StandbyTimeoutPluggedIn
            • +
          • Privacy/EnableActivityFeed
            • +
          • Privacy/PublishUserActivities
            • +
          • Defender/AttackSurfaceReductionOnlyExclusions
            • +
          • Defender/AttackSurfaceReductionRules
            • +
          • Defender/CloudBlockLevel
            • +
          • Defender/CloudExtendedTimeout
            • +
          • Defender/ControlledFolderAccessAllowedApplications
            • +
          • Defender/ControlledFolderAccessProtectedFolders
            • +
          • Defender/EnableControlledFolderAccess
            • +
          • Defender/EnableNetworkProtection
            • +
          • Education/DefaultPrinterName
            • +
          • Education/PreventAddingNewPrinters
            • +
          • Education/PrinterNames
            • +
          • Search/AllowCloudSearch
            • +
          • Security/ClearTPMIfNotReady
            • +
          • Settings/AllowOnlineTips
            • +
          • Start/HidePeopleBar
            • +
          • Storage/AllowDiskHealthModelUpdates
            • +
          • System/DisableEnterpriseAuthProxy
            • +
          • System/LimitEnhancedDiagnosticDataWindowsAnalytics
            • +
          • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
            • +
          • Update/DisableDualScan
            • +
          • Update/ManagePreviewBuilds
            • +
          • Update/ScheduledInstallEveryWeek
            • +
          • Update/ScheduledInstallFirstWeek
            • +
          • Update/ScheduledInstallFourthWeek
            • +
          • Update/ScheduledInstallSecondWeek
            • +
          • Update/ScheduledInstallThirdWeek
            • +
          • WindowsDefenderSecurityCenter/CompanyName
            • +
          • WindowsDefenderSecurityCenter/DisableAppBrowserUI
            • +
          • WindowsDefenderSecurityCenter/DisableEnhancedNotifications
            • +
          • WindowsDefenderSecurityCenter/DisableFamilyUI
            • +
          • WindowsDefenderSecurityCenter/DisableHealthUI
            • +
          • WindowsDefenderSecurityCenter/DisableNetworkUI
            • +
          • WindowsDefenderSecurityCenter/DisableNotifications
            • +
          • WindowsDefenderSecurityCenter/DisableVirusUI
            • +
          • WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
            • +
          • WindowsDefenderSecurityCenter/Email
            • +
          • WindowsDefenderSecurityCenter/EnableCustomizedToasts
            • +
          • WindowsDefenderSecurityCenter/EnableInAppCustomization
            • +
          • WindowsDefenderSecurityCenter/Phone
            • +
          • WindowsDefenderSecurityCenter/URL
            • +
          • WirelessDisplay/AllowMdnsAdvertisement
            • +
          • WirelessDisplay/AllowMdnsDiscovery
            • +
          +
          + +## What’s new in MDM for Windows 10, version 1703 @@ -83,124 +728,414 @@ For details about Microsoft mobile device management protocols for Windows 10 s - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - + + - - - - - - - - - - + - - + + - - + + - - + + - - + - - + +
        • InBoxApps/SkypeForBusiness
          • +
        • InBoxApps/SkypeForBusiness/DomainName
          • +
        • InBoxApps/Connect
          • +
        • InBoxApps/Connect/AutoLaunch
          • +
        • Properties/DefaultVolume
          • +
        • Properties/ScreenTimeout
          • +
        • Properties/SessionTimeout
          • +
        • Properties/SleepTimeout
          • +
        • Properties/AllowSessionResume
          • +
        • Properties/AllowAutoProxyAuth
          • +
        • Properties/DisableSigninSuggestions
          • +
        • Properties/DoNotShowMyMeetingsAndFiles
          • + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -

          New configuration service providers added in Windows 10, version 1511

            -
          • [AllJoynManagement CSP](alljoynmanagement-csp.md)
            • -
          • [Maps CSP](maps-csp.md)
            • -
          • [Reporting CSP](reporting-csp.md)
            • -
          • [SurfaceHub CSP](surfacehub-csp.md)
            • -
          • [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
            • -

          New and updated policies in Policy CSP

          The following policies have been added to the [Policy CSP](policy-configuration-service-provider.md):

          +

          Update CSP

          Added the following nodes:

            -
          • Accounts/DomainNamesForEmailSync
            • -
          • ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution
            • -
          • Bluetooth/ServicesAllowedList
            • -
          • DataProtection/AllowAzureRMSForEDP
            • -
          • DataProtection/RevokeOnUnenroll
            • -
          • DeviceLock/DevicePasswordExpiration
            • -
          • DeviceLock/DevicePasswordHistory
            • -
          • TextInput/AllowInputPanel
            • -
          • Update/PauseDeferrals
            • -
          • Update/RequireDeferUpdate
            • -
          • Update/RequireUpdateApproval
            • +
          • FailedUpdates/Failed Update Guid/RevisionNumber
            • +
          • InstalledUpdates/Installed Update Guid/RevisionNumber
            • +
          • PendingRebootUpdates/Pending Reboot Update Guid/RevisionNumber
          -

          The following policies have been updated in the Policy CSP:

          +
          CM_CellularEntries CSP

          To PurposeGroups setting, added the following values:

            -
          • System/AllowLocation
            • -
          • Update/RequireDeferUpgrade
            • +
          • Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
            • +
          • Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364
          -

          The following policies have been deprecated in the Policy CSP:

          +

          CertificateStore CSP

          Added the following setting:

            -
          • TextInput/AllowKoreanExtendedHanja
            • -
          • WiFi/AllowWiFiHotSpotReporting
            • +
          • My/WSTEP/Renew/RetryAfterExpiryInterval
            • +
          +

          ClientCertificateInstall CSP

          Added the following setting:

          +
            +
          • SCEP/UniqueID/Install/AADKeyIdentifierList
            • +
          +

          DMAcc CSP

          Added the following setting:

          +
            +
          • AccountUID/EXT/Microsoft/InitiateSession
            • +
          +

          DMClient CSP

          Added the following nodes and settings:

          +
            +
          • HWDevID
            • +
          • Provider/ProviderID/ManagementServerToUpgradeTo
            • +
          • Provider/ProviderID/CustomEnrollmentCompletePage
            • +
          • Provider/ProviderID/CustomEnrollmentCompletePage/Title
            • +
          • Provider/ProviderID/CustomEnrollmentCompletePage/BodyText
            • +
          • Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkHref
            • +
          • Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkText
            • +
          +

          CellularSettings CSP

          CM_CellularEntries CSP

          EnterpriseAPN CSP

          For these CSPs, support was added for Windows 10 Home, Pro, Enterprise, and Education editions.

          +
          SecureAssessment CSP

          Added the following settings:

          +
            +
          • AllowTextSuggestions
            • +
          • RequirePrinting
            • +
          +
          EnterpriseAPN CSP

          Added the following setting:

          +
            +
          • Roaming
            • +
          +
          Messaging CSP

          Added new CSP. This CSP is only supported in Windows 10 Mobile and Mobile Enteprise editions.

          +
          Policy CSP

          Added the following new policies:

          +
            +
          • Accounts/AllowMicrosoftAccountSignInAssistant
            • +
          • ApplicationDefaults/DefaultAssociationsConfiguration
            • +
          • Browser/AllowAddressBarDropdown
            • +
          • Browser/AllowFlashClickToRun
            • +
          • Browser/AllowMicrosoftCompatibilityList
            • +
          • Browser/AllowSearchEngineCustomization
            • +
          • Browser/ClearBrowsingDataOnExit
            • +
          • Browser/ConfigureAdditionalSearchEngines
            • +
          • Browser/DisableLockdownOfStartPages
            • +
          • Browser/PreventFirstRunPage
            • +
          • Browser/PreventLiveTileDataCollection
            • +
          • Browser/SetDefaultSearchEngine
            • +
          • Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
            • +
          • Connectivity/AllowConnectedDevices
            • +
          • DeliveryOptimization/DOAllowVPNPeerCaching
            • +
          • DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
            • +
          • DeliveryOptimization/DOMinDiskSizeAllowedToPeer
            • +
          • DeliveryOptimization/DOMinFileSizeToCache
            • +
          • DeliveryOptimization/DOMinRAMAllowedToPeer
            • +
          • DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
            • +
          • Display/TurnOffGdiDPIScalingForApps
            • +
          • Display/TurnOnGdiDPIScalingForApps
            • +
          • EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
            • +
          • EnterpriseCloudPrint/CloudPrintOAuthAuthority
            • +
          • EnterpriseCloudPrint/CloudPrintOAuthClientId
            • +
          • EnterpriseCloudPrint/CloudPrintResourceId
            • +
          • EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
            • +
          • EnterpriseCloudPrint/MopriaDiscoveryResourceId
            • +
          • Experience/AllowFindMyDevice
            • +
          • Experience/AllowTailoredExperiencesWithDiagnosticData
            • +
          • Experience/AllowWindowsSpotlightOnActionCenter
            • +
          • Experience/AllowWindowsSpotlightWindowsWelcomeExperience
            • +
          • Location/EnableLocation
            • +
          • Messaging/AllowMMS
            • +
          • Messaging/AllowRCS
            • +
          • Privacy/LetAppsAccessTasks
            • +
          • Privacy/LetAppsAccessTasks_ForceAllowTheseApps
            • +
          • Privacy/LetAppsAccessTasks_ForceDenyTheseApps
            • +
          • Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
            • +
          • Privacy/LetAppsGetDiagnosticInfo
            • +
          • Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
            • +
          • Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
            • +
          • Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
            • +
          • Privacy/LetAppsRunInBackground
            • +
          • Privacy/LetAppsRunInBackground_ForceAllowTheseApps
            • +
          • Privacy/LetAppsRunInBackground_ForceDenyTheseApps
            • +
          • Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
            • +
          • Settings/ConfigureTaskbarCalendar
            • +
          • Settings/PageVisibilityList
            • +
          • SmartScreen/EnableAppInstallControl
            • +
          • SmartScreen/EnableSmartScreenInShell
            • +
          • SmartScreen/PreventOverrideForFilesInShell
            • +
          • Start/AllowPinnedFolderDocuments
            • +
          • Start/AllowPinnedFolderDownloads
            • +
          • Start/AllowPinnedFolderFileExplorer
            • +
          • Start/AllowPinnedFolderHomeGroup
            • +
          • Start/AllowPinnedFolderMusic
            • +
          • Start/AllowPinnedFolderNetwork
            • +
          • Start/AllowPinnedFolderPersonalFolder
            • +
          • Start/AllowPinnedFolderPictures
            • +
          • Start/AllowPinnedFolderSettings
            • +
          • Start/AllowPinnedFolderVideos
            • +
          • Start/HideAppList
            • +
          • Start/HideChangeAccountSettings
            • +
          • Start/HideFrequentlyUsedApps
            • +
          • Start/HideHibernate
            • +
          • Start/HideLock
            • +
          • Start/HidePowerButton
            • +
          • Start/HideRecentJumplists
            • +
          • Start/HideRecentlyAddedApps
            • +
          • Start/HideRestart
            • +
          • Start/HideShutDown
            • +
          • Start/HideSignOut
            • +
          • Start/HideSleep
            • +
          • Start/HideSwitchAccount
            • +
          • Start/HideUserTile
            • +
          • Start/ImportEdgeAssets
            • +
          • Start/NoPinningToTaskbar
            • +
          • System/AllowFontProviders
            • +
          • System/DisableOneDriveFileSync
            • +
          • TextInput/AllowKeyboardTextSuggestions
            • +
          • TimeLanguageSettings/AllowSet24HourClock
            • +
          • Update/ActiveHoursMaxRange
            • +
          • Update/AutoRestartDeadlinePeriodInDays
            • +
          • Update/AutoRestartNotificationSchedule
            • +
          • Update/AutoRestartRequiredNotificationDismissal
            • +
          • Update/DetectionFrequency
            • +
          • Update/EngagedRestartDeadline
            • +
          • Update/EngagedRestartSnoozeSchedule
            • +
          • Update/EngagedRestartTransitionSchedule
            • +
          • Update/IgnoreMOAppDownloadLimit
            • +
          • Update/IgnoreMOUpdateDownloadLimit
            • +
          • Update/PauseFeatureUpdatesStartTime
            • +
          • Update/PauseQualityUpdatesStartTime
            • +
          • Update/SetAutoRestartNotificationDisable
            • +
          • Update/SetEDURestart
            • +
          • WiFi/AllowWiFiDirect
            • +
          • WindowsLogon/HideFastUserSwitching
            • +
          • WirelessDisplay/AllowProjectionFromPC
            • +
          • WirelessDisplay/AllowProjectionFromPCOverInfrastructure
            • +
          • WirelessDisplay/AllowProjectionToPCOverInfrastructure
            • +
          • WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
            • +

          Removed TextInput/AllowLinguisticDataCollection

          +

          Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in Windows 10 Mobile Enteprise and IoT Enterprise

          +

          Starting in Windows 10, version 1703, the maximum value of Update/DeferFeatureUpdatesPeriodInDays has been increased from 180 days, to 365 days.

          +

          Starting in Windows 10, version 1703, in Browser/HomePages you can use the "<about:blank>" value if you don’t want to send traffic to Microsoft.

          +

          Starting in Windows 10, version 1703, Start/StartLayout can now be set on a per-device basis in addition to the pre-existing per-user basis.

          +

          Added the ConfigOperations/ADMXInstall node and setting, which is used to ingest ADMX files.

          +
          DevDetail CSP

          Added the following setting:

          +
            +
          • DeviceHardwareData
            • +
          +
          CleanPC CSP

          Added new CSP.

          DeveloperSetup CSP

          Added new CSP.

          NetworkProxy CSP

          Added new CSP.

          BitLocker CSP

          Added new CSP.

          +

          Added the following setting:

          +
            +
          • AllowWarningForOtherDiskEncryption
            • +
          +
          EnterpriseDataProtection CSP

          Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.

          Added the following settings:

          +
            +
          • RevokeOnMDMHandoff
            • +
          • SMBAutoEncryptedFileExtensions

          Management tool for the Micosoft Store for Business

          New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.

          		DynamicManagement CSP

          Added new CSP.

          Custom header for generic alert

          The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format:

          -MDM-GenericAlert: <AlertType1><AlertType2> -

          If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).

          		Implement server-side support for mobile application management on Windows

          New mobile application management (MAM) support added in Windows 10, version 1703.

          Alert message for slow client response

          When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.

          -

          To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the [DMClient CSP](dmclient-csp.md).

          New node in DMClient CSP

          Added a new node EnableOmaDmKeepAliveMessage to the [DMClient CSP](dmclient-csp.md) and updated the ManagementServerAddress to indicate that it can contain a list of URLs.

          New nodes in EnterpriseModernAppManagement CSP

          Added the following nodes to the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md):

          +

          PassportForWork CSP

          Added the following new node and settings:

            -
          • AppManagement/GetInventoryQuery
            • -
          • AppManagement/GetInventoryResults
            • -
          • .../PackageFamilyName/AppSettingPolicy/SettingValue
            • -
          • AppLicenses/StoreLicenses/LicenseID/LicenseCategory
            • -
          • AppLicenses/StoreLicenses/LicenseID/LicenseUsage
            • -
          • AppLicenses/StoreLicenses/LicenseID/RequesterID
            • -
          • AppLicenses/StoreLicenses/LicenseID/GetLicenseFromStore
            • +
          • TenantId/Policies/ExcludeSecurityDevices (only for ./Device/Vendor/MSFT)
            • +
          • TenantId/Policies/ExcludeSecurityDevices/TPM12 (only for ./Device/Vendor/MSFT)
            • +
          • TenantId/Policies/EnablePinRecovery

          New nodes in EnterpriseExt CSP

          Added the following nodes to the [EnterpriseExt CSP](enterpriseext-csp.md):

          -
            -
          • DeviceCustomData (CustomID, CustomeString)
            • -
          • Brightness (Default, MaxAuto)
            • -
          • LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount)
            • -
          		Office CSP

          Added new CSP.

          New node in EnterpriseExtFileSystem CSP

          Added OemProfile node to [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md).

          		Personalization CSP

          Added new CSP.

          New nodes in PassportForWork CSP

          Added the following nodes to [PassportForWork CSP](passportforwork-csp.md):

          -
            -
          • TenantId/Policies/PINComplexity/History
            • -
          • TenantId/Policies/PINComplexity/Expiration
            • -
          • TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)
            • -
          • Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)
            • -
          • Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT)
            • -
          		EnterpriseAppVManagement CSP

          Added new CSP.

          Updated EnterpriseAssignedAccess CSP

          Here are the changes to the [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md):

          +          		HealthAttestation CSP

          Added the following settings:

            -
          • In AssignedAccessXML node, added new page settings and quick action settings.
            • -
          • In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.
            • -
          • Updated the [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) topic.
            • +
          • HASEndpoint - added in Windows 10, version 1607, but not documented
            • +
          • TpmReadyStatus - added in the March service release of Windows 10, version 1607

          New nodes in the DevDetail CSP

          Here are the changes to the [DevDetail CSP](devdetail-csp.md):

          +

          SurfaceHub CSP

          Added the following nodes and settings:

            -
          • Added TotalStore and TotalRAM settings.
            • -
          • Added support for Replace command for the DeviceName setting.
            • -

          Handling large objects

          Added support for the client to handle uploading of large objects to the server.

          		NetworkQoSPolicy CSP

          Added new CSP.

          WindowsLicensing CSP

          Added the following setting:

          +
            +
          • ChangeProductKey
            • +
          +
          WindowsAdvancedThreatProtection CSP

          Added the following setting:

          +
            +
          • Configuration/TelemetryReportingFrequency
            • +
          +
          DMSessionActions CSP

          Added new CSP.

          +
          SharedPC CSP

          Added new settings in Windows 10, version 1703.

          +
            +
          • RestrictLocalStorage
            • +
          • KioskModeAUMID
            • +
          • KioskModeUserTileDisplayText
            • +
          • InactiveThreshold
            • +
          • MaxPageFileSizeMB
            • +
          +

          The default value for SetEduPolicies changed to false. The default value for SleepTimeout changed to 300.

          +
          RemoteLock CSP

          Added following setting:

          +
            +
          • LockAndRecoverPIN
            • +
          +
          NodeCache CSP

          Added following settings:

          +
            +
          • ChangedNodesData
            • +
          • AutoSetExpectedValue
            • +
          +
          Download all the DDF files for Windows 10, version 1703

          Added a zip file containing the DDF XML files of the CSPs. The link to the download is available in the DDF topics of various CSPs.

          +
          RemoteWipe CSP

          Added new setting in Windows 10, version 1703.

          +
            +
          • doWipeProtected
            • +
          +
          MDM Bridge WMI Provider

          Added new classes and properties.

          +
          Understanding ADMX-backed policies

          Added a section describing SyncML examples of various ADMX elements.

          +
          Win32 and Desktop Bridge app policy configurationNew topic.
          Deploy and configure App-V apps using MDM

          Added a new topic describing how to deploy and configure App-V apps using MDM.

          +
          EnterpriseDesktopAppManagement CSP

          Added new setting in the March service release of Windows 10, version 1607.

          +
            +
          • MSI/UpgradeCode/[Guid]
            • +
          +
          Reporting CSP

          Added new settings in Windows 10, version 1703.

          +
            +
          • EnterpriseDataProtection/RetrieveByTimeRange/Type
            • +
          • EnterpriseDataProtection/RetrieveByCount/Type
            • +
          +
          Connecting your Windows 10-based device to work using a deep link

          Added following deep link parameters to the table:

          +
            +
          • Username
            • +
          • Servername
            • +
          • Accesstoken
            • +
          • Deviceidentifier
            • +
          • Tenantidentifier
            • +
          • Ownership
            • +
          +
          MDM support for Windows 10 S

          Updated the following topics to indicate MDM support in Windows 10 S.

          + +
          TPMPolicy CSPNew CSP added in Windows 10, version 1703.
          +  -## What's new in Windows 10, version 1607 +## What’s new in MDM for Windows 10, version 1607 @@ -216,25 +1151,25 @@ For details about Microsoft mobile device management protocols for Windows 10 s - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

          Sideloading of apps

          Starting in Windows 10, version 1607, sideloading of apps is only allowed through [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices.

          Starting in Windows 10, version 1607, sideloading of apps is only allowed through EnterpriseModernAppManagement CSP. Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices.

          New value for [NodeCache CSP](nodecache-csp.md)

          In [NodeCache CSP](nodecache-csp.md), the value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache.

          New value for NodeCache CSP

          In NodeCache CSP, the value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache.
          [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)EnterpriseDataProtection CSP

          New CSP.
          [Policy CSP](policy-configuration-service-provider.md)Policy CSP

          Removed the following policies:

            -
          • DataProtection/AllowAzureRMSForEDP - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
            • -
          • DataProtection/AllowUserDecryption - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
            • -
          • DataProtection/EDPEnforcementLevel - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
            • -
          • DataProtection/RequireProtectionUnderLockConfig - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
            • -
          • DataProtection/RevokeOnUnenroll - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
            • +
          • DataProtection/AllowAzureRMSForEDP - moved this policy to EnterpriseDataProtection CSP
            • +
          • DataProtection/AllowUserDecryption - moved this policy to EnterpriseDataProtection CSP
            • +
          • DataProtection/EDPEnforcementLevel - moved this policy to EnterpriseDataProtection CSP
            • +
          • DataProtection/RequireProtectionUnderLockConfig - moved this policy to EnterpriseDataProtection CSP
            • +
          • DataProtection/RevokeOnUnenroll - moved this policy to EnterpriseDataProtection CSP
          • DataProtection/EnterpriseCloudResources - moved this policy to NetworkIsolation policy
          • DataProtection/EnterpriseInternalProxyServers - moved this policy to NetworkIsolation policy
          • DataProtection/EnterpriseIPRange - moved this policy to NetworkIsolation policy
            • @@ -371,7 +1306,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s

            Updated Security/AntiTheftMode description to clarify what each supported value does.
          [DMClient CSP](dmclient-csp.md)DMClient CSP

          Added the following settings:

          • ManagementServerAddressList
            • @@ -383,11 +1318,11 @@ For details about Microsoft mobile device management protocols for Windows 10 s

            Removed the EnrollmentID setting.
          [DeviceManageability CSP](devicemanageability-csp.md)DeviceManageability CSP

          New CSP.
          [DeviceStatus CSP](devicestatus-csp.md)DeviceStatus CSP

          Added the following new settings:

          • DeviceStatus/TPM/SpecificationVersion
            • @@ -404,23 +1339,23 @@ For details about Microsoft mobile device management protocols for Windows 10 s
          [AssignedAccess CSP](assignedaccess-csp.md)AssignedAccess CSP

          Added SyncML examples.
          [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)EnterpriseAssignedAccess CSP
          • Added a new Folder table entry in the AssignedAccess/AssignedAccessXml description.
          • Updated the DDF and XSD file sections.
          [SecureAssessment CSP](secureassessment-csp.md)SecureAssessment CSP

          New CSP for Windows 10, version 1607
          [DiagnosticLog CSP](diagnosticlog-csp.md) -

          [DiagnosticLog DDF](diagnosticlog-ddf.md)

          		DiagnosticLog CSP +

          DiagnosticLog DDF

          Added version 1.3 of the CSP with two new settings. Added the new 1.3 version of the DDF. Added the following new settings in Windows 10, version 1607.

          • DeviceStateData
            • @@ -428,15 +1363,15 @@ For details about Microsoft mobile device management protocols for Windows 10 s
          [Reboot CSP](reboot-csp.md)Reboot CSP

          New CSP for Windows 10, version 1607
          [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)CMPolicyEnterprise CSP

          New CSP for Windows 10, version 1607
          [VPNv2 CSP](vpnv2-csp.md)VPNv2 CSP

          Added the following settings for Windows 10, version 1607

          • ProfileName/RouteList/routeRowId/ExclusionRoute
            • @@ -459,38 +1394,38 @@ For details about Microsoft mobile device management protocols for Windows 10 s
          [Win32AppInventory CSP](win32appinventory-csp.md) -

          [Win32AppInventory DDF](win32appinventory-ddf-file.md)

          		Win32AppInventory CSP +

          Win32AppInventory DDF

          New CSP for Windows 10, version 1607.
          [SharedPC CSP](sharedpc-csp.md)SharedPC CSP

          New CSP for Windows 10, version 1607.
          [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)WindowsAdvancedThreatProtection CSP

          New CSP for Windows 10, version 1607.
          [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224)MDM Bridge WMI Provider

          Added new classes for Windows 10, version 1607.
          [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)MDM enrollment of Windows devices

          Topic renamed from "Enrollment UI".

          Completely updated enrollment procedures and screenshots.
          [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) -

          [UnifiedWriteFilter DDF File](unifiedwritefilter-ddf.md)

          		UnifiedWriteFilter CSP +

          UnifiedWriteFilter DDF File

          Added the following new setting for Windows 10, version 1607:

          • NextSession/HORMEnabled
          [CertificateStore CSP](certificatestore-csp.md) -

          [CertificateStore DDF file](certificatestore-ddf-file.md)

          		CertificateStore CSP +

          CertificateStore DDF file

          Added the following new settings in Windows 10, version 1607:

          • My/WSTEP/Renew/LastRenewalAttemptTime
            • @@ -498,7 +1433,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s

          [WindowsLicensing CSP](windowslicensing-csp.md)

          WindowsLicensing CSP

          Added the following new node and settings in Windows 10, version 1607, but not documented:

          • Subscriptions
            • @@ -511,7 +1446,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
          -## What's new in Windows 10, version 1703 +## What’s new in MDM for Windows 10, version 1511 @@ -526,1036 +1461,167 @@ For details about Microsoft mobile device management protocols for Windows 10 s - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - + + - - + + - - + + - - + + + + + + + + + - - + +
        • DeviceCustomData (CustomID, CustomeString)
          • +
        • Brightness (Default, MaxAuto)
          • +
        • LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount)
          • + - - + + - - + +
        • TenantId/Policies/PINComplexity/History
          • +
        • TenantId/Policies/PINComplexity/Expiration
          • +
        • TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)
          • +
        • Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)
          • +
        • Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT)
          • + - - + +
        • In AssignedAccessXML node, added new page settings and quick action settings.
          • +
        • In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.
          • +
        • Updated the EnterpriseAssignedAccess XSD topic.
          • + - - - - - + - - - - - - - - - - - - - - - - - - - - +
        • Added TotalStore and TotalRAM settings.
          • +
        • Added support for Replace command for the DeviceName setting.
          • + - - - - - - - - - - - - - - - - - + + -

          [Update CSP](update-csp.md)

          Added the following nodes:

          -
            -
          • FailedUpdates/Failed Update Guid/RevisionNumber
            • -
          • InstalledUpdates/Installed Update Guid/RevisionNumber
            • -
          • PendingRebootUpdates/Pending Reboot Update Guid/RevisionNumber
            • -
          -
          [CM_CellularEntries CSP](cm-cellularentries-csp.md)

          To PurposeGroups setting, added the following values:

          -
            -
          • Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
            • -
          • Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364
            • -
          -

          [CertificateStore CSP](certificatestore-csp.md)

          Added the following setting:

          -
            -
          • My/WSTEP/Renew/RetryAfterExpiryInterval
            • -
          -

          [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)

          Added the following setting:

          -
            -
          • SCEP/UniqueID/Install/AADKeyIdentifierList
            • -
          -

          [DMAcc CSP](dmacc-csp.md)

          Added the following setting:

          -
            -
          • AccountUID/EXT/Microsoft/InitiateSession
            • -
          -

          [DMClient CSP](dmclient-csp.md)

          Added the following nodes and settings:

          -
            -
          • HWDevID
            • -
          • Provider/ProviderID/ManagementServerToUpgradeTo
            • -
          • Provider/ProviderID/CustomEnrollmentCompletePage
            • -
          • Provider/ProviderID/CustomEnrollmentCompletePage/Title
            • -
          • Provider/ProviderID/CustomEnrollmentCompletePage/BodyText
            • -
          • Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkHref
            • -
          • Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkText
            • -
          -

          [CellularSettings CSP](cellularsettings-csp.md)

          [CM_CellularEntries CSP](cm-cellularentries-csp.md)

          [EnterpriseAPN CSP](enterpriseapn-csp.md)

          For these CSPs, support was added for Windows 10 Home, Pro, Enterprise, and Education editions.

          -
          [SecureAssessment CSP](secureassessment-csp.md)

          Added the following settings:

          -
            -
          • AllowTextSuggestions
            • -
          • RequirePrinting
            • -
          -
          [EnterpriseAPN CSP](enterpriseapn-csp.md)

          Added the following setting:

          -
            -
          • Roaming
            • -
          -
          [Messaging CSP](messaging-csp.md)

          Added new CSP. This CSP is only supported in Windows 10 Mobile and Mobile Enteprise editions.

          -
          [Policy CSP](policy-configuration-service-provider.md)

          Added the following new policies:

          -
            -
          • Accounts/AllowMicrosoftAccountSignInAssistant
            • -
          • ApplicationDefaults/DefaultAssociationsConfiguration
            • -
          • Browser/AllowAddressBarDropdown
            • -
          • Browser/AllowFlashClickToRun
            • -
          • Browser/AllowMicrosoftCompatibilityList
            • -
          • Browser/AllowSearchEngineCustomization
            • -
          • Browser/ClearBrowsingDataOnExit
            • -
          • Browser/ConfigureAdditionalSearchEngines
            • -
          • Browser/DisableLockdownOfStartPages
            • -
          • Browser/PreventFirstRunPage
            • -
          • Browser/PreventLiveTileDataCollection
            • -
          • Browser/SetDefaultSearchEngine
            • -
          • Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
            • -
          • Connectivity/AllowConnectedDevices
            • -
          • DeliveryOptimization/DOAllowVPNPeerCaching
            • -
          • DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
            • -
          • DeliveryOptimization/DOMinDiskSizeAllowedToPeer
            • -
          • DeliveryOptimization/DOMinFileSizeToCache
            • -
          • DeliveryOptimization/DOMinRAMAllowedToPeer
            • -
          • DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
            • -
          • Display/TurnOffGdiDPIScalingForApps
            • -
          • Display/TurnOnGdiDPIScalingForApps
            • -
          • EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
            • -
          • EnterpriseCloudPrint/CloudPrintOAuthAuthority
            • -
          • EnterpriseCloudPrint/CloudPrintOAuthClientId
            • -
          • EnterpriseCloudPrint/CloudPrintResourceId
            • -
          • EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
            • -
          • EnterpriseCloudPrint/MopriaDiscoveryResourceId
            • -
          • Experience/AllowFindMyDevice
            • -
          • Experience/AllowTailoredExperiencesWithDiagnosticData
            • -
          • Experience/AllowWindowsSpotlightOnActionCenter
            • -
          • Experience/AllowWindowsSpotlightWindowsWelcomeExperience
            • -
          • Location/EnableLocation
            • -
          • Messaging/AllowMMS
            • -
          • Messaging/AllowRCS
            • -
          • Privacy/LetAppsAccessTasks
            • -
          • Privacy/LetAppsAccessTasks_ForceAllowTheseApps
            • -
          • Privacy/LetAppsAccessTasks_ForceDenyTheseApps
            • -
          • Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
            • -
          • Privacy/LetAppsGetDiagnosticInfo
            • -
          • Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
            • -
          • Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
            • -
          • Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
            • -
          • Privacy/LetAppsRunInBackground
            • -
          • Privacy/LetAppsRunInBackground_ForceAllowTheseApps
            • -
          • Privacy/LetAppsRunInBackground_ForceDenyTheseApps
            • -
          • Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
            • -
          • Settings/ConfigureTaskbarCalendar
            • -
          • Settings/PageVisibilityList
            • -
          • SmartScreen/EnableAppInstallControl
            • -
          • SmartScreen/EnableSmartScreenInShell
            • -
          • SmartScreen/PreventOverrideForFilesInShell
            • -
          • Start/AllowPinnedFolderDocuments
            • -
          • Start/AllowPinnedFolderDownloads
            • -
          • Start/AllowPinnedFolderFileExplorer
            • -
          • Start/AllowPinnedFolderHomeGroup
            • -
          • Start/AllowPinnedFolderMusic
            • -
          • Start/AllowPinnedFolderNetwork
            • -
          • Start/AllowPinnedFolderPersonalFolder
            • -
          • Start/AllowPinnedFolderPictures
            • -
          • Start/AllowPinnedFolderSettings
            • -
          • Start/AllowPinnedFolderVideos
            • -
          • Start/HideAppList
            • -
          • Start/HideChangeAccountSettings
            • -
          • Start/HideFrequentlyUsedApps
            • -
          • Start/HideHibernate
            • -
          • Start/HideLock
            • -
          • Start/HidePowerButton
            • -
          • Start/HideRecentJumplists
            • -
          • Start/HideRecentlyAddedApps
            • -
          • Start/HideRestart
            • -
          • Start/HideShutDown
            • -
          • Start/HideSignOut
            • -
          • Start/HideSleep
            • -
          • Start/HideSwitchAccount
            • -
          • Start/HideUserTile
            • -
          • Start/ImportEdgeAssets
            • -
          • Start/NoPinningToTaskbar
            • -
          • System/AllowFontProviders
            • -
          • System/DisableOneDriveFileSync
            • -
          • TextInput/AllowKeyboardTextSuggestions
            • -
          • TimeLanguageSettings/AllowSet24HourClock
            • -
          • Update/ActiveHoursMaxRange
            • -
          • Update/AutoRestartDeadlinePeriodInDays
            • -
          • Update/AutoRestartNotificationSchedule
            • -
          • Update/AutoRestartRequiredNotificationDismissal
            • -
          • Update/DetectionFrequency
            • -
          • Update/EngagedRestartDeadline
            • -
          • Update/EngagedRestartSnoozeSchedule
            • -
          • Update/EngagedRestartTransitionSchedule
            • -
          • Update/IgnoreMOAppDownloadLimit
            • -
          • Update/IgnoreMOUpdateDownloadLimit
            • -
          • Update/PauseFeatureUpdatesStartTime
            • -
          • Update/PauseQualityUpdatesStartTime
            • -
          • Update/SetAutoRestartNotificationDisable
            • -
          • Update/SetEDURestart
            • -
          • WiFi/AllowWiFiDirect
            • -
          • WindowsLogon/HideFastUserSwitching
            • -
          • WirelessDisplay/AllowProjectionFromPC
            • -
          • WirelessDisplay/AllowProjectionFromPCOverInfrastructure
            • -
          • WirelessDisplay/AllowProjectionToPCOverInfrastructure
            • -
          • WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
            • -

          Removed TextInput/AllowLinguisticDataCollection

          -

          Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in Windows 10 Mobile Enteprise and IoT Enterprise

          -

          Starting in Windows 10, version 1703, the maximum value of Update/DeferFeatureUpdatesPeriodInDays has been increased from 180 days, to 365 days.

          -

          Starting in Windows 10, version 1703, in Browser/HomePages you can use the "<about:blank>" value if you don’t want to send traffic to Microsoft.

          -

          Starting in Windows 10, version 1703, Start/StartLayout can now be set on a per-device basis in addition to the pre-existing per-user basis.

          -

          Added the ConfigOperations/ADMXInstall node and setting, which is used to ingest ADMX files.

          -
          [DevDetail CSP](devdetail-csp.md)

          Added the following setting:

          -
            -
          • DeviceHardwareData
            • -
          -
          [CleanPC CSP](cleanpc-csp.md)

          Added new CSP.

          [DeveloperSetup CSP](developersetup-csp.md)

          Added new CSP.

          [NetworkProxy CSP](networkproxy-csp.md)

          Added new CSP.

          [BitLocker CSP](bitlocker-csp.md)

          Added new CSP.

          -

          Added the following setting:

          -
            -
          • AllowWarningForOtherDiskEncryption
            • -
          -
          [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)

          Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.

          Added the following settings:

          -
            -
          • RevokeOnMDMHandoff
            • -
          • SMBAutoEncryptedFileExtensions
            • -
          [DynamicManagement CSP](dynamicmanagement-csp.md)

          Added new CSP.

          [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md)

          New mobile application management (MAM) support added in Windows 10, version 1703.

          [PassportForWork CSP](passportforwork-csp.md)

          Added the following new node and settings:

          -
            -
          • TenantId/Policies/ExcludeSecurityDevices (only for ./Device/Vendor/MSFT)
            • -
          • TenantId/Policies/ExcludeSecurityDevices/TPM12 (only for ./Device/Vendor/MSFT)
            • -
          • TenantId/Policies/EnablePinRecovery
            • +

          New configuration service providers added in Windows 10, version 1511
          [Office CSP](office-csp.md)

          Added new CSP.

          New and updated policies in Policy CSP

          The following policies have been added to the Policy CSP:

          +
            +
          • Accounts/DomainNamesForEmailSync
            • +
          • ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution
            • +
          • Bluetooth/ServicesAllowedList
            • +
          • DataProtection/AllowAzureRMSForEDP
            • +
          • DataProtection/RevokeOnUnenroll
            • +
          • DeviceLock/DevicePasswordExpiration
            • +
          • DeviceLock/DevicePasswordHistory
            • +
          • TextInput/AllowInputPanel
            • +
          • Update/PauseDeferrals
            • +
          • Update/RequireDeferUpdate
            • +
          • Update/RequireUpdateApproval
            • +
          +

          The following policies have been updated in the Policy CSP:

          +
            +
          • System/AllowLocation
            • +
          • Update/RequireDeferUpgrade
            • +
          +

          The following policies have been deprecated in the Policy CSP:

          +
            +
          • TextInput/AllowKoreanExtendedHanja
            • +
          • WiFi/AllowWiFiHotSpotReporting
            • +
          [Personalization CSP](personalization-csp.md)

          Added new CSP.

          Management tool for the Micosoft Store for Business

          New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.
          [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)

          Added new CSP.

          Custom header for generic alert

          The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format:

          +MDM-GenericAlert: <AlertType1><AlertType2> +

          If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this OMA website.
          [HealthAttestation CSP](healthattestation-csp.md)

          Added the following settings:

          +

          Alert message for slow client response

          When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.

          +

          To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the DMClient CSP.

          New node in DMClient CSP

          Added a new node EnableOmaDmKeepAliveMessage to the DMClient CSP and updated the ManagementServerAddress to indicate that it can contain a list of URLs.

          New nodes in EnterpriseModernAppManagement CSP

          Added the following nodes to the EnterpriseModernAppManagement CSP:

            -
          • HASEndpoint - added in Windows 10, version 1607, but not documented
            • -
          • TpmReadyStatus - added in the March service release of Windows 10, version 1607
            • +
          • AppManagement/GetInventoryQuery
            • +
          • AppManagement/GetInventoryResults
            • +
          • .../PackageFamilyName/AppSettingPolicy/SettingValue
            • +
          • AppLicenses/StoreLicenses/LicenseID/LicenseCategory
            • +
          • AppLicenses/StoreLicenses/LicenseID/LicenseUsage
            • +
          • AppLicenses/StoreLicenses/LicenseID/RequesterID
            • +
          • AppLicenses/StoreLicenses/LicenseID/GetLicenseFromStore

          [SurfaceHub CSP](surfacehub-csp.md)

          Added the following nodes and settings:

          +

          New nodes in EnterpriseExt CSP

          Added the following nodes to the EnterpriseExt CSP:

            -
          • InBoxApps/SkypeForBusiness
            • -
          • InBoxApps/SkypeForBusiness/DomainName
            • -
          • InBoxApps/Connect
            • -
          • InBoxApps/Connect/AutoLaunch
            • -
          • Properties/DefaultVolume
            • -
          • Properties/ScreenTimeout
            • -
          • Properties/SessionTimeout
            • -
          • Properties/SleepTimeout
            • -
          • Properties/AllowSessionResume
            • -
          • Properties/AllowAutoProxyAuth
            • -
          • Properties/DisableSigninSuggestions
            • -
          • Properties/DoNotShowMyMeetingsAndFiles
            • -
          -
          [NetworkQoSPolicy CSP](networkqospolicy-csp.md)

          Added new CSP.

          New node in EnterpriseExtFileSystem CSP

          Added OemProfile node to EnterpriseExtFileSystem CSP.

          [WindowsLicensing CSP](windowslicensing-csp.md)

          Added the following setting:

          +

          New nodes in PassportForWork CSP

          Added the following nodes to PassportForWork CSP:

            -
          • ChangeProductKey
            • -
          -
          [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)

          Added the following setting:

          +

          Updated EnterpriseAssignedAccess CSP

          Here are the changes to the EnterpriseAssignedAccess CSP:

            -
          • Configuration/TelemetryReportingFrequency
            • -
          -
          [DMSessionActions CSP](dmsessionactions-csp.md)

          Added new CSP.

          -
          [SharedPC CSP](dmsessionactions-csp.md)

          Added new settings in Windows 10, version 1703.

          +

          New nodes in the DevDetail CSP

          Here are the changes to the DevDetail CSP:

            -
          • RestrictLocalStorage
            • -
          • KioskModeAUMID
            • -
          • KioskModeUserTileDisplayText
            • -
          • InactiveThreshold
            • -
          • MaxPageFileSizeMB
            • -
          -

          The default value for SetEduPolicies changed to false. The default value for SleepTimeout changed to 300.

          -
          [RemoteLock CSP](remotelock-csp.md)

          Added following setting:

          -
            -
          • LockAndRecoverPIN
            • -
          -
          [NodeCache CSP](nodecache-csp.md)

          Added following settings:

          -
            -
          • ChangedNodesData
            • -
          • AutoSetExpectedValue
            • -
          -
          [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)

          Added a zip file containing the DDF XML files of the CSPs. The link to the download is available in the DDF topics of various CSPs.

          -
          [RemoteWipe CSP](remotewipe-csp.md)

          Added new setting in Windows 10, version 1703.

          -
            -
          • doWipeProtected
            • -
          -
          [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224)

          Added new classes and properties.

          -
          [Understanding ADMX-backed policies](understanding-admx-backed-policies.md)

          Added a section describing SyncML examples of various ADMX elements.

          -
          [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md)New topic.
          [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md)

          Added a new topic describing how to deploy and configure App-V apps using MDM.

          -
          [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)

          Added new setting in the March service release of Windows 10, version 1607.

          -
            -
          • MSI/UpgradeCode/[Guid]
            • -
          -
          [Reporting CSP](reporting-csp.md)

          Added new settings in Windows 10, version 1703.

          -
            -
          • EnterpriseDataProtection/RetrieveByTimeRange/Type
            • -
          • EnterpriseDataProtection/RetrieveByCount/Type
            • -
          -
          [Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link)

          Added following deep link parameters to the table:

          -
            -
          • Username
            • -
          • Servername
            • -
          • Accesstoken
            • -
          • Deviceidentifier
            • -
          • Tenantidentifier
            • -
          • Ownership
            • -
          -
          MDM support for Windows 10 S

          Updated the following topics to indicate MDM support in Windows 10 S.

          -
            -
          • [Configuration service provider reference](configuration-service-provider-reference.md)
            • -
          • [Policy CSP](policy-configuration-service-provider.md)
            • -
          -
          [TPMPolicy CSP](tpmpolicy-csp.md)New CSP added in Windows 10, version 1703.

          Handling large objects

          Added support for the client to handle uploading of large objects to the server.
            - -## What's new in Windows 10, version 1709 - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
          ItemDescription
          The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx)

          The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

          -
            -
          • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
            • -
          • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
            • -
          • DomainName - fully qualified domain name if the device is domain-joined.
            • -
          -

          For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

          -
          [Firewall CSP](firewall-csp.md)

          Added new CSP in Windows 10, version 1709.

          -
          [eUICCs CSP](euiccs-csp.md)

          Added new CSP in Windows 10, version 1709.

          -
          [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).
          [CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md)In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated.
          [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).
          [VPNv2 CSP](vpnv2-csp.md)

          Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.

          -
          [DeviceStatus CSP](devicestatus-csp.md)

          Added the following settings in Windows 10, version 1709:

          -
            -
          • DeviceStatus/DomainName
            • -
          • DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq
            • -
          • DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus
            • -
          • DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus
            • -
          -
          [AssignedAccess CSP](assignedaccess-csp.md)

          Added the following setting in Windows 10, version 1709.

          -
            -
          • Configuration
            • -
          -

          Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.

          -
          [DeviceManageability CSP](devicemanageability-csp.md)

          Added the following settings in Windows 10, version 1709:

          -
            -
          • Provider/_ProviderID_/ConfigInfo
            • -
          • Provider/_ProviderID_/EnrollmentInfo
            • -
          -
          [Office CSP](office-csp.md)

          Added the following setting in Windows 10, version 1709:

          -
            -
          • Installation/CurrentStatus
            • -
          -
          [DMClient CSP](dmclient-csp.md)

          Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

          -
          [Bitlocker CSP](bitlocker-csp.md)

          Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.

          -
          [ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)

          Added new policies.

          -
          Microsoft Store for Business and Microsoft Store

          Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.

          -
          [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)

          New features in the Settings app:

          -
            -
          • User sees installation progress of critical policies during MDM enrollment.
            • -
          • User knows what policies, profiles, apps MDM has configured
            • -
          • IT helpdesk can get detailed MDM diagnostic information using client tools
            • -
          -

          For details, see [Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)

          -
          [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)

          Added new topic to introduce a new Group Policy for automatic MDM enrollment.

          -
          [Policy CSP](policy-configuration-service-provider.md)

          Added the following new policies for Windows 10, version 1709:

          -
            -
          • Authentication/AllowAadPasswordReset
            • -
          • Authentication/AllowFidoDeviceSignon
            • -
          • Browser/LockdownFavorites
            • -
          • Browser/ProvisionFavorites
            • -
          • Cellular/LetAppsAccessCellularData
            • -
          • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
            • -
          • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
            • -
          • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
            • -
          • CredentialProviders/DisableAutomaticReDeploymentCredentials
            • -
          • DeviceGuard/EnableVirtualizationBasedSecurity
            • -
          • DeviceGuard/RequirePlatformSecurityFeatures
            • -
          • DeviceGuard/LsaCfgFlags
            • -
          • DeviceLock/MinimumPasswordAge
            • -
          • ExploitGuard/ExploitProtectionSettings
            • -
          • Games/AllowAdvancedGamingServices
            • -
          • Handwriting/PanelDefaultModeDocked
            • -
          • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
            • -
          • LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
            • -
          • LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
            • -
          • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
            • -
          • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
            • -
          • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
            • -
          • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
            • -
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
            • -
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
            • -
          • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
            • -
          • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
            • -
          • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
            • -
          • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
            • -
          • LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
            • -
          • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
            • -
          • Power/DisplayOffTimeoutOnBattery
            • -
          • Power/DisplayOffTimeoutPluggedIn
            • -
          • Power/HibernateTimeoutOnBattery
            • -
          • Power/HibernateTimeoutPluggedIn
            • -
          • Power/StandbyTimeoutOnBattery
            • -
          • Power/StandbyTimeoutPluggedIn
            • -
          • Privacy/EnableActivityFeed
            • -
          • Privacy/PublishUserActivities
            • -
          • Defender/AttackSurfaceReductionOnlyExclusions
            • -
          • Defender/AttackSurfaceReductionRules
            • -
          • Defender/CloudBlockLevel
            • -
          • Defender/CloudExtendedTimeout
            • -
          • Defender/ControlledFolderAccessAllowedApplications
            • -
          • Defender/ControlledFolderAccessProtectedFolders
            • -
          • Defender/EnableControlledFolderAccess
            • -
          • Defender/EnableNetworkProtection
            • -
          • Education/DefaultPrinterName
            • -
          • Education/PreventAddingNewPrinters
            • -
          • Education/PrinterNames
            • -
          • Search/AllowCloudSearch
            • -
          • Security/ClearTPMIfNotReady
            • -
          • Settings/AllowOnlineTips
            • -
          • Start/HidePeopleBar
            • -
          • Storage/AllowDiskHealthModelUpdates
            • -
          • System/DisableEnterpriseAuthProxy
            • -
          • System/LimitEnhancedDiagnosticDataWindowsAnalytics
            • -
          • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
            • -
          • Update/DisableDualScan
            • -
          • Update/ManagePreviewBuilds
            • -
          • Update/ScheduledInstallEveryWeek
            • -
          • Update/ScheduledInstallFirstWeek
            • -
          • Update/ScheduledInstallFourthWeek
            • -
          • Update/ScheduledInstallSecondWeek
            • -
          • Update/ScheduledInstallThirdWeek
            • -
          • WindowsDefenderSecurityCenter/CompanyName
            • -
          • WindowsDefenderSecurityCenter/DisableAppBrowserUI
            • -
          • WindowsDefenderSecurityCenter/DisableEnhancedNotifications
            • -
          • WindowsDefenderSecurityCenter/DisableFamilyUI
            • -
          • WindowsDefenderSecurityCenter/DisableHealthUI
            • -
          • WindowsDefenderSecurityCenter/DisableNetworkUI
            • -
          • WindowsDefenderSecurityCenter/DisableNotifications
            • -
          • WindowsDefenderSecurityCenter/DisableVirusUI
            • -
          • WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
            • -
          • WindowsDefenderSecurityCenter/Email
            • -
          • WindowsDefenderSecurityCenter/EnableCustomizedToasts
            • -
          • WindowsDefenderSecurityCenter/EnableInAppCustomization
            • -
          • WindowsDefenderSecurityCenter/Phone
            • -
          • WindowsDefenderSecurityCenter/URL
            • -
          • WirelessDisplay/AllowMdnsAdvertisement
            • -
          • WirelessDisplay/AllowMdnsDiscovery
            • -
          -
          -## What's new in Windows 10, version 1803 - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
          New or updated topicDescription
          [Policy CSP](policy-configuration-service-provider.md)

          Added the following new policies for Windows 10, version 1803:

          -
            -
          • ApplicationDefaults/EnableAppUriHandlers
            • -
          • ApplicationManagement/MSIAllowUserControlOverInstall
            • -
          • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
            • -
          • Bluetooth/AllowPromptedProximalConnections
            • -
          • Browser/AllowConfigurationUpdateForBooksLibrary
            • -
          • Browser/AlwaysEnableBooksLibrary
            • -
          • Browser/EnableExtendedBooksTelemetry
            • -
          • Browser/UseSharedFolderForBooks
            • -
          • Connectivity/AllowPhonePCLinking
            • -
          • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
            • -
          • DeliveryOptimization/DODelayForegroundDownloadFromHttp
            • -
          • DeliveryOptimization/DOGroupIdSource
            • -
          • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
            • -
          • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
            • -
          • DeliveryOptimization/DORestrictPeerSelectionBy
            • -
          • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
            • -
          • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
            • -
          • Display/DisablePerProcessDpiForApps
            • -
          • Display/EnablePerProcessDpi
            • -
          • Display/EnablePerProcessDpiForApps
            • -
          • Experience/AllowWindowsSpotlightOnSettings
            • -
          • KioskBrowser/BlockedUrlExceptions
            • -
          • KioskBrowser/BlockedUrls
            • -
          • KioskBrowser/DefaultURL
            • -
          • KioskBrowser/EnableEndSessionButton
            • -
          • KioskBrowser/EnableHomeButton
            • -
          • KioskBrowser/EnableNavigationButtons
            • -
          • KioskBrowser/RestartOnIdleTime
            • -
          • LanmanWorkstation/EnableInsecureGuestLogons
            • -
          • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
            • -
          • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
            • -
          • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
            • -
          • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
            • -
          • LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
            • -
          • LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
            • -
          • LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges
            • -
          • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
            • -
          • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
            • -
          • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
            • -
          • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
            • -
          • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
            • -
          • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
            • -
          • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
            • -
          • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
            • -
          • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
            • -
          • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
            • -
          • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
            • -
          • LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
            • -
          • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
            • -
          • Notifications/DisallowCloudNotification
            • -
          • RestrictedGroups/ConfigureGroupMembership
            • -
          • Search/AllowCortanaInAAD
            • -
          • Search/DoNotUseWebResults
            • -
          • Security/ConfigureWindowsPasswords
            • -
          • Start/DisableContextMenus
            • -
          • System/FeedbackHubAlwaysSaveDiagnosticsLocally
            • -
          • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
            • -
          • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
            • -
          • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
            • -
          • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
            • -
          • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
            • -
          • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
            • -
          • TaskScheduler/EnableXboxGameSaveTask
            • -
          • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
            • -
          • TextInput/ForceTouchKeyboardDockedState
            • -
          • TextInput/TouchKeyboardDictationButtonAvailability
            • -
          • TextInput/TouchKeyboardEmojiButtonAvailability
            • -
          • TextInput/TouchKeyboardFullModeAvailability
            • -
          • TextInput/TouchKeyboardHandwritingModeAvailability
            • -
          • TextInput/TouchKeyboardNarrowModeAvailability
            • -
          • TextInput/TouchKeyboardSplitModeAvailability
            • -
          • TextInput/TouchKeyboardWideModeAvailability
            • -
          • Update/ConfigureFeatureUpdateUninstallPeriod
            • -
          • UserRights/AccessCredentialManagerAsTrustedCaller
            • -
          • UserRights/AccessFromNetwork
            • -
          • UserRights/ActAsPartOfTheOperatingSystem
            • -
          • UserRights/AllowLocalLogOn
            • -
          • UserRights/BackupFilesAndDirectories
            • -
          • UserRights/ChangeSystemTime
            • -
          • UserRights/CreateGlobalObjects
            • -
          • UserRights/CreatePageFile
            • -
          • UserRights/CreatePermanentSharedObjects
            • -
          • UserRights/CreateSymbolicLinks
            • -
          • UserRights/CreateToken
            • -
          • UserRights/DebugPrograms
            • -
          • UserRights/DenyAccessFromNetwork
            • -
          • UserRights/DenyLocalLogOn
            • -
          • UserRights/DenyRemoteDesktopServicesLogOn
            • -
          • UserRights/EnableDelegation
            • -
          • UserRights/GenerateSecurityAudits
            • -
          • UserRights/ImpersonateClient
            • -
          • UserRights/IncreaseSchedulingPriority
            • -
          • UserRights/LoadUnloadDeviceDrivers
            • -
          • UserRights/LockMemory
            • -
          • UserRights/ManageAuditingAndSecurityLog
            • -
          • UserRights/ManageVolume
            • -
          • UserRights/ModifyFirmwareEnvironment
            • -
          • UserRights/ModifyObjectLabel
            • -
          • UserRights/ProfileSingleProcess
            • -
          • UserRights/RemoteShutdown
            • -
          • UserRights/RestoreFilesAndDirectories
            • -
          • UserRights/TakeOwnership
            • -
          • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
            • -
          • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
            • -
          • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
            • -
          • WindowsDefenderSecurityCenter/HideSecureBoot
            • -
          • WindowsDefenderSecurityCenter/HideTPMTroubleshooting
            • -
          -

          Security/RequireDeviceEncryption - updated to show it is supported in desktop.

          -
          [BitLocker CSP](bitlocker-csp.md)

          Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

          -
          [DMClient CSP](dmclient-csp.md)

          Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

          -
            -
          • AADSendDeviceToken
            • -
          • BlockInStatusPage
            • -
          • AllowCollectLogsButton
            • -
          • CustomErrorText
            • -
          • SkipDeviceStatusPage
            • -
          • SkipUserStatusPage
            • -
          -
          [Defender CSP](defender-csp.md)

          Added new node (OfflineScan) in Windows 10, version 1803.

          -
          [UEFI CSP](uefi-csp.md)

          Added a new CSP in Windows 10, version 1803.

          -
          [Update CSP](update-csp.md)

          Added the following nodes in Windows 10, version 1803:

          -
            -
          • Rollback
            • -
          • Rollback/FeatureUpdate
            • -
          • Rollback/QualityUpdateStatus
            • -
          • Rollback/FeatureUpdateStatus
            • -
          -
          [AssignedAccess CSP](assignedaccess-csp.md)

          Added the following nodes in Windows 10, version 1803:

          -
            -
          • Status
            • -
          • ShellLauncher
            • -
          • StatusConfiguration
            • -
          -

          Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.

          -
          [MultiSIM CSP](multisim-csp.md)

          Added a new CSP in Windows 10, version 1803.

          -
          [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)

          Added the following node in Windows 10, version 1803:

          -
            -
          • MaintainProcessorArchitectureOnUpdate
            • -
          -
          [eUICCs CSP](euiccs-csp.md)

          Added the following node in Windows 10, version 1803:

          -
            -
          • IsEnabled
            • -
          -
          [DeviceStatus CSP](devicestatus-csp.md)

          Added the following node in Windows 10, version 1803:

          -
            -
          • OS/Mode
            • -
          -
          [AccountManagement CSP](accountmanagement-csp.md)

          Added a new CSP in Windows 10, version 1803.

          -
          [RootCATrustedCertificates CSP](rootcacertificates-csp.md)

          Added the following node in Windows 10, version 1803:

          -
            -
          • UntrustedCertificates
            • -
          -
          [NetworkProxy CSP](\networkproxy--csp.md)

          Added the following node in Windows 10, version 1803:

          -
            -
          • ProxySettingsPerUser
            • -
          -
          [Accounts CSP](accounts-csp.md)

          Added a new CSP in Windows 10, version 1803.

          -
          [MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat)

          Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.

          -
          [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)

          Added the DDF download of Windows 10, version 1803 configuration service providers.

          -
          - -## What's new in Windows 10, version 1809 - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
          New or updated topicDescription
          [Policy CSP](policy-configuration-service-provider.md)

          Added the following new policies in Windows 10, version 1809:

          -
            -
          • ApplicationManagement/LaunchAppAfterLogOn
            • -
          • ApplicationManagement/ScheduleForceRestartForUpdateFailures
            • -
          • Authentication/EnableFastFirstSignIn
            • -
          • Authentication/EnableWebSignIn
            • -
          • Authentication/PreferredAadTenantDomainName
            • -
          • Browser/AllowFullScreenMode
            • -
          • Browser/AllowPrelaunch
            • -
          • Browser/AllowPrinting
            • -
          • Browser/AllowSavingHistory
            • -
          • Browser/AllowSideloadingOfExtensions
            • -
          • Browser/AllowTabPreloading
            • -
          • Browser/AllowWebContentOnNewTabPage
            • -
          • Browser/ConfigureFavoritesBar
            • -
          • Browser/ConfigureHomeButton
            • -
          • Browser/ConfigureKioskMode
            • -
          • Browser/ConfigureKioskResetAfterIdleTimeout
            • -
          • Browser/ConfigureOpenMicrosoftEdgeWith
            • -
          • Browser/ConfigureTelemetryForMicrosoft365Analytics
            • -
          • Browser/PreventCertErrorOverrides
            • -
          • Browser/SetHomeButtonURL
            • -
          • Browser/SetNewTabPageURL
            • -
          • Browser/UnlockHomeButton
            • -
          • Defender/CheckForSignaturesBeforeRunningScan
            • -
          • Defender/DisableCatchupFullScan
            • -
          • Defender/DisableCatchupQuickScan
            • -
          • Defender/EnableLowCPUPriority
            • -
          • Defender/SignatureUpdateFallbackOrder
            • -
          • Defender/SignatureUpdateFileSharesSources
            • -
          • DeviceGuard/ConfigureSystemGuardLaunch
            • -
          • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
            • -
          • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
            • -
          • DeviceInstallation/PreventDeviceMetadataFromNetwork
            • -
          • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
            • -
          • DmaGuard/DeviceEnumerationPolicy
            • -
          • Experience/AllowClipboardHistory
            • -
          • Experience/DoNotSyncBrowserSettings
            • -
          • Experience/PreventUsersFromTurningOnBrowserSyncing
            • -
          • Kerberos/UPNNameHints
            • -
          • Privacy/AllowCrossDeviceClipboard
            • -
          • Privacy/DisablePrivacyExperience
            • -
          • Privacy/UploadUserActivities
            • -
          • Security/RecoveryEnvironmentAuthentication
            • -
          • System/AllowDeviceNameInDiagnosticData
            • -
          • System/ConfigureMicrosoft365UploadEndpoint
            • -
          • System/DisableDeviceDelete
            • -
          • System/DisableDiagnosticDataViewer
            • -
          • Storage/RemovableDiskDenyWriteAccess
            • -
          • TaskManager/AllowEndTask
            • -
          • Update/EngagedRestartDeadlineForFeatureUpdates
            • -
          • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
            • -
          • Update/EngagedRestartTransitionScheduleForFeatureUpdates
            • -
          • Update/SetDisablePauseUXAccess
            • -
          • Update/SetDisableUXWUAccess
            • -
          • WindowsDefenderSecurityCenter/DisableClearTpmButton
            • -
          • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
            • -
          • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
            • -
          • WindowsLogon/DontDisplayNetworkSelectionUI
            • -
          -
          [PassportForWork CSP](passportforwork-csp.md)

          Added new settings in Windows 10, version 1809.

          -
          [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)

          Added NonRemovable setting under AppManagement node in Windows 10, version 1809.

          -
          [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)

          Added new configuration service provider in Windows 10, version 1809.

          -
          [WindowsLicensing CSP](windowslicensing-csp.md)

          Added S mode settings and SyncML examples in Windows 10, version 1809.

          -
          [SUPL CSP](supl-csp.md)

          Added 3 new certificate nodes in Windows 10, version 1809.

          -
          [Defender CSP](defender-csp.md)

          Added a new node Health/ProductStatus in Windows 10, version 1809.

          -
          [BitLocker CSP](bitlocker-csp.md)

          Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro.

          -
          [DevDetail CSP](devdetail-csp.md)

          Added a new node SMBIOSSerialNumber in Windows 10, version 1809.

          -
          [Wifi CSP](wifi-csp.md)

          Added a new node WifiCost in Windows 10, version 1809.

          -
          [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)

          Added new settings in Windows 10, version 1809.

          -
          [RemoteWipe CSP](remotewipe-csp.md)

          Added new settings in Windows 10, version 1809.

          -
          [TenantLockdown CSP](tenantlockdown-csp.md)

          Added new CSP in Windows 10, version 1809.

          -
          [Office CSP](office-csp.md)

          Added FinalStatus setting in Windows 10, version 1809.

          -
          - - ## Breaking changes and known issues -### Get command inside an atomic command is not supported +### Get command inside an atomic command is not supported In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1. -### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10 +### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10 During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret. After upgrading to Windows 10, you should call MDM\_WNSConfiguration class to recreate the notification channel URI. -### Apps installed using WMI classes are not removed +### Apps installed using WMI classes are not removed Applications installed using WMI classes are not removed when the MDM account is removed from device. -### Passing CDATA in SyncML does not work +### Passing CDATA in SyncML does not work Passing CDATA in data in SyncML to ConfigManager and CSPs does not work in Windows 10. It worked in Windows Phone 8. -### SSL settings in IIS server for SCEP must be set to "Ignore" +### SSL settings in IIS server for SCEP must be set to "Ignore" The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10. In Windows Phone 8.1, when you set the client certificate to "Accept," it works fine. ![ssl settings](images/ssl-settings.png) -### MDM enrollment fails on the mobile device when traffic is going through proxy +### MDM enrollment fails on the mobile device when traffic is going through proxy When the mobile device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network. -### Server-initiated unenrollment failure +### Server-initiated unenrollment failure Server-initiated unenrollment for a device enrolled by adding a work account silently fails leaving the MDM account active. MDM policies and resources are still in place and the client can continue to sync with the server. Remote server unenrollment is disabled for mobile devices enrolled via Azure Active Directory Join. It returns an error message to the server. The only way to remove enrollment for a mobile device that is Azure AD joined is by remotely wiping the device. -### Certificates causing issues with Wi-Fi and VPN +### Certificates causing issues with Wi-Fi and VPN Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue. -### Version information for mobile devices +### Version information for mobile devices The software version information from **DevDetail/SwV** does not match the version in **Settings** under **System/About**. -### Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues +### Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues - When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile using ApplicationRestrictions with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps. @@ -1575,7 +1641,7 @@ The software version information from **DevDetail/SwV** does not match the versi No workaround is available at this time. An OS update to fix this issue is coming soon. -### Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218 +### Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218 Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework Id to your list of allowed apps. @@ -1583,7 +1649,7 @@ Applies only to phone prior to build 10586.218: When ApplicationManagement/Appli ``` -### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile +### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate. @@ -1624,10 +1690,10 @@ The following list describes the prerequisites for a certificate to be used with The following XML sample explains the properties for the EAP TLS XML including certificate filtering. ->[!NOTE] +> [!NOTE] >For PEAP or TTLS Profiles the EAP TLS XML is embedded within some PEAP or TTLS specific elements. -  + ``` syntax @@ -1727,10 +1793,10 @@ The following XML sample explains the properties for the EAP TLS XML including c ``` ->[!NOTE] +> [!NOTE] >The EAP TLS XSD is located at **%systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd** -  + Alternatively you can use the following procedure to create an EAP Configuration XML. @@ -1752,33 +1818,87 @@ Alternatively you can use the following procedure to create an EAP Configuration 7. Close the rasphone dialog box. 8. Continue following the procedure in the [EAP configuration](eap-configuration.md) topic from Step 9 to get an EAP TLS profile with appropriate filtering. ->[!NOTE] +> [!NOTE] >You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) topic. -### Remote PIN reset not supported in Azure Active Directory joined mobile devices +### Remote PIN reset not supported in Azure Active Directory joined mobile devices In Windows 10 Mobile, remote PIN reset in Azure AD joined devices are not supported. Devices are wiped when you issue a remote PIN reset command using the RemoteLock CSP. -### MDM client will immediately check-in with the MDM server after client renews WNS channel URI +### MDM client will immediately check-in with the MDM server after client renews WNS channel URI Starting in Windows 10, after the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary. -### User provisioning failure in Azure Active Directory joined Windows 10 PC +### User provisioning failure in Azure Active Directory joined Windows 10 PC In Azure AD joined Windows 10 PC, provisioning /.User resources fails when the user is not logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, make sure to log off and log on with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design. -### Requirements to note for VPN certificates also used for Kerberos Authentication +### Requirements to note for VPN certificates also used for Kerberos Authentication If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that do not meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication. This issue primarily impacts Windows Phone. -### Device management agent for the push-button reset is not working +### Device management agent for the push-button reset is not working The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/push-button-reset-overview) keeps the registry settings for OMA DM sessions, but deletes the task schedules. The client enrollment is retained, but it never syncs with the MDM service. +## Frequently Asked Questions + + +### **Can there be more than 1 MDM server to enroll and manage devices in Windows 10?** +No. Only one MDM is allowed. + +### **How do I set the maximum number of Azure Active Directory joined devices per user?** +1. Login to the portal as tenant admin: https://manage.windowsazure.com. +2. Click Active Directory on the left pane. +3. Choose your tenant. +4. Click **Configure**. +5. Set quota to unlimited. + + ![aad maximum joined devices](images/faq-max-devices.png) + + +### **What is dmwappushsvc?** + +Entry | Description +--------------- | -------------------- +What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. | +What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. | +How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | ## Change history in MDM documentation +### May 2019 + +|New or updated topic | Description| +|--- | ---| +|[DeviceStatus CSP](devicestatus-csp.md)|Updated description of the following nodes:
          DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.| +|[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.| +|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added the following new policies:
          DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.

          Updated description of the following policies:
          DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.| +|[Policy CSP - Experience](policy-csp-experience.md)|Added the following new policy:
          ShowLockOnUserTile.| +|[Policy CSP - InternetExplorer](policy-csp-internetexplorer.md)|Added the following new policies:
          AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.| +|[Policy CSP - Power](policy-csp-power.md)|Added the following new policies:
          EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.| +|[Policy CSP - Search](policy-csp-search.md)|Added the following new policy:
          AllowFindMyFiles.| +|[Policy CSP - ServiceControlManager](policy-csp-servicecontrolmanager.md)|Added the following new policy:
          SvchostProcessMitigation.| +|[Policy CSP - System](policy-csp-system.md)|Added the following new policies:
          AllowCommercialDataPipeline, TurnOffFileHistory.| +|[Policy CSP - Troubleshooting](policy-csp-troubleshooting.md)|Added the following new policy:
          AllowRecommendations.| +|[Policy CSP - Update](policy-csp-update.md)|Added the following new policies:
          AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.| +|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies:
          AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.| + +### April 2019 + +| New or updated topic | Description | +|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
          Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. | +| [Policy CSP - UserRights](policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. | + +### March 2019 + +|New or updated topic | Description| +|--- | ---| +|[Policy CSP - Storage](policy-csp-storage.md)|Updated ADMX Info of the following policies:
          AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.

          Updated description of ConfigStorageSenseDownloadsCleanupThreshold.| + + ### February 2019 |New or updated topic | Description| @@ -1821,31 +1941,31 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[BitLocker CSP](bitlocker-csp.md) +BitLocker CSP

          Added support for Windows 10 Pro starting in the version 1809.

          -[Office CSP](office-csp.md) +Office CSP

          Added FinalStatus setting in Windows 10, version 1809.

          -[RemoteWipe CSP](remotewipe-csp.md) +RemoteWipe CSP

          Added new settings in Windows 10, version 1809.

          -[TenantLockdown CSP](\tenantlockdown--csp.md) +TenantLockdown CSP

          Added new CSP in Windows 10, version 1809.

          -[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) +WindowsDefenderApplicationGuard CSP

          Added new settings in Windows 10, version 1809.

          -[Policy DDF file](policy-ddf-file.md) +Policy DDF file

          Posted an updated version of the Policy DDF for Windows 10, version 1809.

          -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

          Added the following new policies in Windows 10, version 1809:

          • Browser/AllowFullScreenMode
            • @@ -1899,52 +2019,52 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[AssignedAccess CSP](assignedaccess-csp.md) +AssignedAccess CSP

            Added the following note:

            • You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
            -[PassportForWork CSP](passportforwork-csp.md) +PassportForWork CSP

            Added new settings in Windows 10, version 1809.

            -[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +EnterpriseModernAppManagement CSP

            Added NonRemovable setting under AppManagement node in Windows 10, version 1809.

            -[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) +Win32CompatibilityAppraiser CSP

            Added new configuration service provider in Windows 10, version 1809.

            -[WindowsLicensing CSP](windowslicensing-csp.md) +WindowsLicensing CSP

            Added S mode settings and SyncML examples in Windows 10, version 1809.

            -[SUPL CSP](supl-csp.md) +SUPL CSP

            Added 3 new certificate nodes in Windows 10, version 1809.

            -[Defender CSP](defender-csp.md) +Defender CSP

            Added a new node Health/ProductStatus in Windows 10, version 1809.

            -[BitLocker CSP](bitlocker-csp.md) +BitLocker CSP

            Added a new node AllowStandardUserEncryption in Windows 10, version 1809.

            -[DevDetail CSP](devdetail-csp.md) +DevDetail CSP

            Added a new node SMBIOSSerialNumber in Windows 10, version 1809.

            -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

            Added the following new policies in Windows 10, version 1809:

            • ApplicationManagement/LaunchAppAfterLogOn
            • ApplicationManagement/ScheduleForceRestartForUpdateFailures
              • -
            • Authentication/EnableFastFirstSignIn
              • -
            • Authentication/EnableWebSignIn
              • +
            • Authentication/EnableFastFirstSignIn (Preview mode only)
              • +
            • Authentication/EnableWebSignIn (Preview mode only)
            • Authentication/PreferredAadTenantDomainName
            • Defender/CheckForSignaturesBeforeRunningScan
            • Defender/DisableCatchupFullScan
              • @@ -1989,11 +2109,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Wifi CSP](wifi-csp.md) +Wifi CSP

              Added a new node WifiCost in Windows 10, version 1809.

              -[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md) +Diagnose MDM failures in Windows 10

              Recent changes:

              • Added procedure for collecting logs remotely from Windows 10 Holographic.
                • @@ -2001,11 +2121,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
              -[Bitlocker CSP](bitlocker-csp.md) +Bitlocker CSP

              Added new node AllowStandardUserEncryption in Windows 10, version 1809.

              -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

              Recent changes:

              • AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.
                • @@ -2027,7 +2147,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
              -[WiredNetwork CSP](wirednetwork-csp.md) +WiredNetwork CSP New CSP added in Windows 10, version 1809. @@ -2049,11 +2169,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy DDF file](policy-ddf-file.md) +Policy DDF file

              Updated the DDF files in the Windows 10 version 1703 and 1709.

              @@ -2074,7 +2194,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) +WindowsDefenderApplicationGuard CSP

              Added the following node in Windows 10, version 1803:

              • Settings/AllowVirtualGPU
                • @@ -2082,26 +2202,26 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
              -[NetworkProxy CSP](\networkproxy--csp.md) +NetworkProxy CSP

              Added the following node in Windows 10, version 1803:

              • ProxySettingsPerUser
              -[Accounts CSP](accounts-csp.md) +Accounts CSP

              Added a new CSP in Windows 10, version 1803.

              -[MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat) +MDM Migration Analysis Too (MMAT)

              Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.

              -[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) +CSP DDF files download

              Added the DDF download of Windows 10, version 1803 configuration service providers.

              -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

              Added the following new policies for Windows 10, version 1803:

              • Bluetooth/AllowPromptedProximalConnections
                • @@ -2133,40 +2253,40 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[eUICCs CSP](euiccs-csp.md) +eUICCs CSP

                Added the following node in Windows 10, version 1803:

                • IsEnabled
                -[DeviceStatus CSP](devicestatus-csp.md) +DeviceStatus CSP

                Added the following node in Windows 10, version 1803:

                • OS/Mode
                -[Understanding ADMX-backed policies](understanding-admx-backed-policies.md) +Understanding ADMX-backed policies

                Added the following videos:

                -[AccountManagement CSP](accountmanagement-csp.md) +AccountManagement CSP

                Added a new CSP in Windows 10, version 1803.

                -[RootCATrustedCertificates CSP](rootcacertificates-csp.md) +RootCATrustedCertificates CSP

                Added the following node in Windows 10, version 1803:

                • UntrustedCertificates
                -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                Added the following new policies for Windows 10, version 1803:

                • ApplicationDefaults/EnableAppUriHandlers
                  • @@ -2185,19 +2305,19 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                Added a new section:

                  -
                • [Policies supported by GP](policy-configuration-service-provider.md#policies-supported-by-gp) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
                  • +
                • Policies supported by GP - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
                -[Policy CSP - Bluetooth](policy-csp-bluetooth.md) -

                Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).

                +Policy CSP - Bluetooth +

                Added new section ServicesAllowedList usage guide.

                -[MultiSIM CSP](multisim-csp.md) +MultiSIM CSP

                Added SyncML examples and updated the settings descriptions.

                -[RemoteWipe CSP](remotewipe-csp.md) +RemoteWipe CSP

                Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.

                @@ -2218,7 +2338,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                Added the following new policies for Windows 10, version 1803:

                • Display/DisablePerProcessDpiForApps
                  • @@ -2236,11 +2356,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                    -[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md) +VPNv2 ProfileXML XSD

                    Updated the XSD and Plug-in profile example for VPNv2 CSP.

                    -[AssignedAccess CSP](assignedaccess-csp.md) +AssignedAccess CSP

                    Added the following nodes in Windows 10, version 1803:

                    • Status
                      • @@ -2250,11 +2370,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                      Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.

                      -[MultiSIM CSP](multisim-csp.md) +MultiSIM CSP

                      Added a new CSP in Windows 10, version 1803.

                      -[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +EnterpriseModernAppManagement CSP

                      Added the following node in Windows 10, version 1803:

                      • MaintainProcessorArchitectureOnUpdate
                        • @@ -2278,7 +2398,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                        Added the following new policies for Windows 10, version 1803:

                        • Browser/AllowConfigurationUpdateForBooksLibrary
                          • @@ -2377,15 +2497,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                          Security/RequireDeviceEncryption - updated to show it is supported in desktop.

                          -[BitLocker CSP](bitlocker-csp.md) +BitLocker CSP

                          Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

                          -[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +EnterpriseModernAppManagement CSP

                          Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.

                          -[DMClient CSP](dmclient-csp.md) +DMClient CSP

                          Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

                          • AADSendDeviceToken
                            • @@ -2397,15 +2517,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                          -[Defender CSP](defender-csp.md) +Defender CSP

                          Added new node (OfflineScan) in Windows 10, version 1803.

                          -[UEFI CSP](uefi-csp.md) +UEFI CSP

                          Added a new CSP in Windows 10, version 1803.

                          -[Update CSP](update-csp.md) +Update CSP

                          Added the following nodes in Windows 10, version 1803:

                          • Rollback
                            • @@ -2432,8 +2552,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Configuration service provider reference](configuration-service-provider-reference.md) -

                            Added new section [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)

                            +Configuration service provider reference +

                            Added new section CSP DDF files download

                            @@ -2453,7 +2573,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                            Added the following policies for Windows 10, version 1709:

                            • Authentication/AllowFidoDeviceSignon
                              • @@ -2491,11 +2611,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy DDF file](policy-ddf-file.md) +Policy DDF file

                              Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.

                              -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                              Updated the following policies:

                              • Defender/ControlledFolderAccessAllowedApplications - string separator is |.
                                • @@ -2503,15 +2623,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                              -[eUICCs CSP](euiccs-csp.md) +eUICCs CSP

                              Added new CSP in Windows 10, version 1709.

                              -[AssignedAccess CSP](assignedaccess-csp.md) +AssignedAccess CSP

                              Added SyncML examples for the new Configuration node.

                              -[DMClient CSP](dmclient-csp.md) +DMClient CSP

                              Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

                              @@ -2533,7 +2653,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                              Added the following new policies for Windows 10, version 1709:

                              • Authentication/AllowAadPasswordReset
                                • @@ -2544,7 +2664,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                                Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.

                                -[AssignedAccess CSP](assignedaccess-csp.md) +AssignedAccess CSP

                                Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.

                                @@ -2552,7 +2672,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                                Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.

                                -The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx) +The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2

                                The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

                                • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                                  • @@ -2562,26 +2682,26 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

                                  For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

                                  -[EntepriseAPN CSP](enterpriseapn-csp.md) +EntepriseAPN CSP

                                  Added a SyncML example.

                                  -[VPNv2 CSP](vpnv2-csp.md) +VPNv2 CSP

                                  Added RegisterDNS setting in Windows 10, version 1709.

                                  -[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) +Enroll a Windows 10 device automatically using Group Policy

                                  Added new topic to introduce a new Group Policy for automatic MDM enrollment.

                                  -[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md) +MDM enrollment of Windows-based devices

                                  New features in the Settings app:

                                  • User sees installation progress of critical policies during MDM enrollment.
                                  • User knows what policies, profiles, apps MDM has configured
                                  • IT helpdesk can get detailed MDM diagnostic information using client tools
                                  -

                                  For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#managing-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)

                                  +

                                  For details, see Managing connections and Collecting diagnostic logs

                                  @@ -2601,22 +2721,22 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware -[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md) +Enable ADMX-backed policies in MDM

                                  Added new step-by-step guide to enable ADMX-backed policies.

                                  -[Mobile device enrollment](mobile-device-enrollment.md) +Mobile device enrollment

                                  Added the following statement:

                                  • Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
                                  -[CM\_CellularEntries CSP](cm-cellularentries-csp.md) +CM_CellularEntries CSP

                                  Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.

                                  -[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) +EnterpriseDataProtection CSP

                                  Updated the Settings/EDPEnforcementLevel values to the following:

                                  • 0 (default) – Off / No protection (decrypts previously protected data).
                                    • @@ -2626,30 +2746,30 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                                  -[AppLocker CSP](applocker-csp.md) -

                                  Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Whitelist examples](applocker-csp.md#whitelist-examples).

                                  +AppLocker CSP +

                                  Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Whitelist examples.

                                  -[DeviceManageability CSP](devicemanageability-csp.md) +DeviceManageability CSP

                                  Added the following settings in Windows 10, version 1709:

                                    -
                                  • Provider/_ProviderID_/ConfigInfo
                                    • -
                                  • Provider/_ProviderID_/EnrollmentInfo
                                    • +
                                  • Provider/ProviderID/ConfigInfo
                                    • +
                                  • Provider/ProviderID/EnrollmentInfo
                                  -[Office CSP](office-csp.md) +Office CSP

                                  Added the following setting in Windows 10, version 1709:

                                  • Installation/CurrentStatus
                                  -[BitLocker CSP](bitlocker-csp.md) +BitLocker CSP Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. -[Firewall CSP](firewall-csp.md) +Firewall CSP Updated the CSP and DDF topics. Here are the changes:
                                  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                                    • @@ -2659,8 +2779,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                                  -[Policy DDF file](policy-ddf-file.md) -Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies: +Policy DDF file +Added another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies:
                                  • Browser/AllowMicrosoftCompatibilityList
                                  • Update/DisableDualScan
                                    • @@ -2668,7 +2788,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                                  -[Policy CSP](policy-configuration-service-provider.md) +Policy CSP

                                  Added the following new policies for Windows 10, version 1709:

                                  • Browser/ProvisionFavorites
                                    • @@ -2676,8 +2796,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                                  • ExploitGuard/ExploitProtectionSettings
                                  • Games/AllowAdvancedGamingServices
                                  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                                    • -
                                  • LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
                                    • -
                                  • LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
                                  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                                  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                                  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                                    • @@ -2711,7 +2829,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
                                  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                                  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
                                  -

                                  Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

                                  +

                                  Added links to the additional ADMX-backed BitLocker policies.

                                  There were issues reported with the previous release of the following policies. These issues were fixed in Window 10, version 1709:

                                  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                                    • @@ -2720,35 +2838,3 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware - -  - -## FAQ - - -**Can there be more than 1 MDM server to enroll and manage devices in Windows 10?** -No. Only one MDM is allowed. - -**How do I set the maximum number of Azure Active Directory joined devices per user?** -1. Login to the portal as tenant admin: https://manage.windowsazure.com. -2. Click Active Directory on the left pane. -3. Choose your tenant. -4. Click **Configure**. -5. Set quota to unlimited. - - ![aad maximum joined devices](images/faq-max-devices.png) -  - -**What is dmwappushsvc?** - -Entry | Description ---------------- | -------------------- -What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. | -What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. | -How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | - - - - - - diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index 28bcf637f6..8c0ee39bfb 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -2,11 +2,13 @@ title: NodeCache CSP description: NodeCache CSP ms.assetid: b4dd2b0d-79ef-42ac-ab5b-ee07b3097876 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -30,7 +32,7 @@ The following diagram shows the NodeCache configuration service provider in tree ![nodecache csp](images/provisioning-csp-nodecache.png) **./Device/Vendor/MSFT and ./User/Vendor/MSFT** -Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax. Starting in Windows 10, version 1607 the value is com.microsoft/\/MDM/NodeCache. +Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax. ***ProviderID*** Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic. @@ -57,7 +59,7 @@ Required. Root node for cached nodes. Scope is dynamic. Supported operation is Get. -**/Nodes/****_NodeID_** +**/Nodes/***NodeID* Optional. Information about each cached node is stored under *NodeID* as specified by the server. This value must not contain a comma. Scope is dynamic. Supported operations are Get, Add, and Delete. @@ -355,9 +357,9 @@ The value inside of the node tag is the actual value returned by the Uri, which [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 3fd58485ce..49bf9cc94e 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -2,11 +2,13 @@ title: NodeCache DDF file description: NodeCache DDF file ms.assetid: d7605098-12aa-4423-89ae-59624fa31236 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index cfaec14999..71f0be5de5 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -1,18 +1,18 @@ --- title: Office CSP description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/15/2018 +ms.reviewer: +manager: dansimp --- # Office CSP -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/library/jj219426.aspx) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](https://docs.microsoft.com/intune/apps-add-office365). @@ -30,12 +30,12 @@ The root node for the Office configuration service provider.

                                    **Installation** Specifies the options for the Microsoft Office installation. -The supported operations are Add, Delete, Get, and Replace. +The supported operations are Add, Delete, and Get. **Installation/_id_** Specifies a unique identifier that represents the ID of the Microsoft Office product to install. -The supported operations are Add, Delete, Get, and Replace. +The supported operations are Add, Delete, and Get. **Installation/_id_/Install** Installs Office by using the XML data specified in the configuration.xml file. @@ -265,4 +265,4 @@ To get the current status of Office 365 on the device. Failure - \ No newline at end of file + diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index 1fb6d40a20..e1946d8691 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -2,11 +2,13 @@ title: Office DDF description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index 72df15b90d..5378bd3600 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -2,11 +2,13 @@ title: OMA DM protocol support description: OMA DM protocol support ms.assetid: e882aaae-447e-4bd4-9275-463824da4fa0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -62,7 +64,7 @@ The following table shows the OMA DM standards that Windows uses.

                                    DM protocol commands

                                    -

                                    The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).

                                    +

                                    The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the OMA website.

                                    • Add (Implicit Add supported)

                                    • Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.

                                      • @@ -121,23 +123,22 @@ The following table shows the OMA DM standards that Windows uses.

                                      Provisioning Files

                                      -

                                      Provisioning XML must be well formed and follow the definition in [SyncML Representation Protocol](https://go.microsoft.com/fwlink/p/?LinkId=526905) specification.

                                      +

                                      Provisioning XML must be well formed and follow the definition in SyncML Representation Protocol specification.

                                      If an XML element that is not a valid OMA DM command is under SyncBody, the status code 400 is returned for that element.

                                      -Note   -

                                      To represent a Unicode string as a URI, first encode the string as UTF-8. Then encode each of the UTF-8 bytes using URI encoding.

                                      +Note

                                      To represent a Unicode string as a URI, first encode the string as UTF-8. Then encode each of the UTF-8 bytes using URI encoding.

                                      -  +

                                      WBXML support

                                      -

                                      Windows supports sending and receiving SyncML in both XML format and encoded WBXML format. This is configurable by using the DEFAULTENCODING node under the w7 APPLICATION characteristic during enrollment. For more information about WBXML encoding, see section 8 of the [SyncML Representation Protocol](https://go.microsoft.com/fwlink/p/?LinkId=526905) specification.

                                      +

                                      Windows supports sending and receiving SyncML in both XML format and encoded WBXML format. This is configurable by using the DEFAULTENCODING node under the w7 APPLICATION characteristic during enrollment. For more information about WBXML encoding, see section 8 of the SyncML Representation Protocol specification.

                                      Handling of large objects

                                      -

                                      In Windows 10, version 1511, client support for uploading large objects to the server was added.

                                      +

                                      In Windows 10, version 1511, client support for uploading large objects to the server was added.

                                      @@ -208,10 +209,10 @@ Common elements are used by other OMA DM element types. The following table list

                                      SessionID

                                      Specifies the identifier of the OMA DM session associated with the containing message.

                                      -Note  If the server does not notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the desktop client returns the SessionID in integer in decimal format and the mobile device client returns 2 bytes as a string. If the server supports DM session sync version 2.0, which is used in Windows 10, the desktop and mobile device client returns 2 bytes. +Note If the server does not notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the desktop client returns the SessionID in integer in decimal format and the mobile device client returns 2 bytes as a string. If the server supports DM session sync version 2.0, which is used in Windows 10, the desktop and mobile device client returns 2 bytes.
                                      -  +
                                      @@ -371,13 +372,13 @@ When using SyncML in OMA DM, there are standard response status codes that are r | 507 | `Atomic` failed. One of the operations in an `Atomic` block failed. | | 516 | `Atomic` roll back failed. An `Atomic` operation failed and the command was not rolled back successfully. | -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index 6431b3c083..b7d49d16a9 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -2,11 +2,13 @@ title: On-premises authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy. ms.assetid: 626AC8B4-7575-4C41-8D59-185D607E3A47 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -28,7 +30,7 @@ For the list of enrollment scenarios not supported in Windows 10, see [Enrollme The discovery web service provides the configuration information necessary for a user to enroll a device with a management service. The service is a restful web service over HTTPS (server authentication only). ->[!NOTE] +> [!NOTE] >The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com. The device’s automatic discovery flow uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc @@ -127,7 +129,7 @@ The discovery response is in the XML format and includes the following fields: - Authentication policy (AuthPolicy) – Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory. - Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance. ->[!NOTE] +> [!NOTE] >The HTTP server response must not be chunked; it must be sent as one message. The following example shows a response received from the discovery web service for OnPremise authentication: @@ -212,7 +214,7 @@ After the user is authenticated, the web service retrieves the certificate templ MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. We will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms. ->[!NOTE] +> [!NOTE] >The HTTP server response must not be chunked; it must be sent as one message. The following snippet shows the policy web service response. @@ -304,7 +306,7 @@ The RequestSecurityToken will use a custom TokenType (http://schema The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration. ->[!NOTE] +> [!NOTE] >The policy service and the enrollment service must be on the same server; that is, they must have the same host name. The following example shows the enrollment web service request for OnPremise authentication. @@ -515,4 +517,4 @@ The following example shows the encoded provisioning XML. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 7bc515edc2..b7ead6856e 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -2,11 +2,13 @@ title: PassportForWork CSP description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). ms.assetid: 3BAE4827-5497-41EE-B47F-5C071ADB2C51 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/31/2018 --- @@ -36,7 +38,7 @@ The following diagram shows the PassportForWork configuration service provider i Root node for PassportForWork configuration service provider. ***TenantId*** -A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. +A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet [Get-AzureAccount](https://docs.microsoft.com/powershell/module/servicemanagement/azure/get-azureaccount). For more information see [Get Windows Azure Active Directory Tenant ID in Windows PowerShell](https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell). ***TenantId*/Policies** Node for defining the Windows Hello for Business policy settings. diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 79bf2a8409..f9dcc69e22 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -2,11 +2,13 @@ title: PassportForWork DDF description: This topic shows the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/26/2017 --- diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 0d0848e6fe..dc8858c569 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -1,12 +1,14 @@ --- title: Personalization CSP description: Personalization CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # Personalization CSP diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index ccdfdff645..a346eab607 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -1,12 +1,14 @@ --- title: Personalization DDF file description: Personalization DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # Personalization DDF file diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 500b6cd676..aba19d4c12 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2,20 +2,20 @@ title: Policy CSP description: Policy CSP ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 --- # Policy CSP -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. +The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. The Policy configuration service provider has the following sub-categories: @@ -57,12 +57,12 @@ The following diagram shows the Policy configuration service provider in tree fo

                                      Supported operation is Get. -**Policy/Config/****_AreaName_** +**Policy/Config/***AreaName*

                                      The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.

                                      Supported operations are Add, Get, and Delete. -**Policy/Config/****_AreaName/PolicyName_** +**Policy/Config/***AreaName/PolicyName*

                                      Specifies the name/value pair used in the policy.

                                      The following list shows some tips to help you when configuring policies: @@ -70,7 +70,7 @@ The following diagram shows the Policy configuration service provider in tree fo - Separate substring values by the Unicode &\#xF000; in the XML file. > [!NOTE] -> A query from a different caller could provide a different value as each caller could have different values for a named policy. +> A query from a different caller could provide a different value as each caller could have different values for a named policy. - In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction. - Supported operations are Add, Get, Delete, and Replace. @@ -81,12 +81,12 @@ The following diagram shows the Policy configuration service provider in tree fo

                                      Supported operation is Get. -**Policy/Result/****_AreaName_** +**Policy/Result/***AreaName*

                                      The area group that can be configured by a single technology independent of the providers.

                                      Supported operation is Get. -**Policy/Result/****_AreaName/PolicyName_** +**Policy/Result/***AreaName/PolicyName*

                                      Specifies the name/value pair used in the policy.

                                      Supported operation is Get. @@ -97,36 +97,36 @@ The following diagram shows the Policy configuration service provider in tree fo

                                      Supported operations are Add, Get, and Delete. **Policy/ConfigOperations/ADMXInstall** -

                                      Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md). +

                                      Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see Win32 and Desktop Bridge app policy configuration. > [!NOTE] > The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](https://technet.microsoft.com/library/cc179097.aspx). -

                                      ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}`. +

                                      ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.

                                      Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/****_AppName_** +**Policy/ConfigOperations/ADMXInstall/***AppName*

                                      Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.

                                      Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy** +**Policy/ConfigOperations/ADMXInstall/***AppName*/Policy

                                      Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.

                                      Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy/_UniqueID_** +**Policy/ConfigOperations/ADMXInstall/***AppName*/Policy/*UniqueID*

                                      Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.

                                      Supported operations are Add and Get. Does not support Delete. -**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference** +**Policy/ConfigOperations/ADMXInstall/***AppName*/Preference

                                      Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.

                                      Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference/_UniqueID_** +**Policy/ConfigOperations/ADMXInstall/***AppName*/Preference/*UniqueID*

                                      Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.

                                      Supported operations are Add and Get. Does not support Delete. @@ -364,10 +364,10 @@ The following diagram shows the Policy configuration service provider in tree fo Authentication/AllowSecondaryAuthenticationDevice

                                      - Authentication/EnableFastFirstSignIn + Authentication/EnableFastFirstSignIn (Preview mode only)
                                      - Authentication/EnableWebSignIn + Authentication/EnableWebSignIn (Preview mode only)
                                      Authentication/PreferredAadTenantDomainName @@ -738,10 +738,10 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      - Cryptography/AllowFipsAlgorithmPolicy + Cryptography/AllowFipsAlgorithmPolicy
                                      - Cryptography/TLSCipherSuites + Cryptography/TLSCipherSuites
                                      @@ -913,6 +913,12 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      DeliveryOptimization/DODelayForegroundDownloadFromHttp
                                      +
                                      + DeliveryOptimization/DODelayCacheServerFallbackBackground +
                                      +
                                      + DeliveryOptimization/DODelayCacheServerFallbackForeground +
                                      DeliveryOptimization/DODownloadMode
                                      @@ -1262,6 +1268,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      Experience/PreventUsersFromTurningOnBrowserSyncing
                                      +
                                      + Experience/ShowLockOnUserTile +
                                      ### ExploitGuard policies @@ -1323,6 +1332,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      InternetExplorer/AllowEnhancedProtectedMode
                                      +
                                      + InternetExplorer/AllowEnhancedSuggestionsInAddressBar +
                                      InternetExplorer/AllowEnterpriseModeFromToolsMenu
                                      @@ -1390,6 +1402,8 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
                                      + InternetExplorer/DisableActiveXVersionListAutoDownload +

                                      InternetExplorer/DisableAdobeFlash
                                      @@ -1398,6 +1412,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
                                      +
                                      + InternetExplorer/DisableCompatView +
                                      InternetExplorer/DisableConfiguringHistory
                                      @@ -1416,12 +1433,18 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      InternetExplorer/DisableEncryptionSupport
                                      +
                                      + InternetExplorer/DisableFeedsBackgroundSync +
                                      InternetExplorer/DisableFirstRunWizard
                                      InternetExplorer/DisableFlipAheadFeature
                                      +
                                      + InternetExplorer/DisableGeolocation +
                                      InternetExplorer/DisableHomePageChange
                                      @@ -1449,6 +1472,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      InternetExplorer/DisableUpdateCheck
                                      +
                                      + InternetExplorer/DisableWebAddressAutoComplete +
                                      InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
                                      @@ -1842,6 +1868,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
                                      +
                                      + InternetExplorer/NewTabDefaultPage +
                                      InternetExplorer/NotificationBarInternetExplorerProcesses
                                      @@ -2116,12 +2145,6 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                                      -
                                      - LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus -
                                      -
                                      - LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus -
                                      LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                                      @@ -2413,6 +2436,14 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      Power/DisplayOffTimeoutPluggedIn
                                      +
                                      + Power/EnergySaverBatteryThresholdOnBattery +
                                      +
                                      + Power/EnergySaverBatteryThresholdPluggedIn +
                                      Power/HibernateTimeoutOnBattery
                                      @@ -2425,12 +2456,52 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      Power/RequirePasswordWhenComputerWakesPluggedIn
                                      +
                                      + Power/SelectLidCloseActionOnBattery +
                                      +
                                      + Power/SelectLidCloseActionPluggedIn +
                                      +
                                      + Power/SelectPowerButtonActionOnBattery +
                                      +
                                      + Power/SelectPowerButtonActionPluggedIn +
                                      +
                                      + Power/SelectSleepButtonActionOnBattery +
                                      +
                                      + Power/SelectSleepButtonActionPluggedIn +
                                      Power/StandbyTimeoutOnBattery
                                      Power/StandbyTimeoutPluggedIn
                                      +
                                      + Power/TurnOffHybridSleepOnBattery +
                                      +
                                      + Power/TurnOffHybridSleepPluggedIn +
                                      +
                                      + Power/UnattendedSleepTimeoutOnBattery +
                                      +
                                      + Power/UnattendedSleepTimeoutPluggedIn +
                                      ### Printers policies @@ -2848,6 +2919,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      Search/AllowCortanaInAAD
                                      +
                                      + Search/AllowFindMyFiles +
                                      Search/AllowIndexingEncryptedStoresOrItems
                                      @@ -2927,6 +3001,13 @@ The following diagram shows the Policy configuration service provider in tree fo +### ServiceControlManager policies +
                                      +
                                      + ServiceControlManager/SvchostProcessMitigation +
                                      +
                                      + ### Settings policies
                                      @@ -3111,6 +3192,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      System/AllowBuildPreview
                                      +
                                      + System/AllowCommercialDataPipeline +
                                      System/AllowDeviceNameInDiagnosticData
                                      @@ -3171,6 +3255,9 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      System/TelemetryProxy
                                      +
                                      + System/TurnOffFileHistory +
                                      ### SystemServices policies @@ -3300,6 +3387,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### Troubleshooting policies + +
                                      +
                                      + Troubleshooting/AllowRecommendations +
                                      +
                                      + ### Update policies
                                      @@ -3339,9 +3434,24 @@ The following diagram shows the Policy configuration service provider in tree fo
                                      Update/AutoRestartRequiredNotificationDismissal
                                      +
                                      + Update/AutomaticMaintenanceWakeUp +
                                      Update/BranchReadinessLevel
                                      +
                                      + Update/ConfigureDeadlineForFeatureUpdates +
                                      +
                                      + Update/ConfigureDeadlineForQualityUpdates +
                                      +
                                      + Update/ConfigureDeadlineGracePeriod +
                                      +
                                      + Update/ConfigureDeadlineNoAutoReboot +
                                      Update/ConfigureFeatureUpdateUninstallPeriod
                                      @@ -3681,22 +3791,28 @@ The following diagram shows the Policy configuration service provider in tree fo ### WindowsLogon policies
                                      +
                                      + WindowsLogon/AllowAutomaticRestartSignOn +
                                      +
                                      + WindowsLogon/ConfigAutomaticRestartSignOn +
                                      WindowsLogon/DisableLockScreenAppNotifications
                                      WindowsLogon/DontDisplayNetworkSelectionUI
                                      +
                                      + WindowsLogon/EnableFirstLogonAnimation +
                                      WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
                                      WindowsLogon/HideFastUserSwitching
                                      -
                                      - WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart -
                                      -
                                      +
                                      ### WindowsPowerShell policies @@ -3815,6 +3931,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning) - [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit) - [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode) +- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar) - [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu) - [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist) - [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3) @@ -3837,17 +3954,21 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation) - [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms) - [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses) +- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload) - [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash) - [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings) - [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles) +- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview) - [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory) - [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection) - [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation) - [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites) - [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading) - [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport) +- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync) - [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard) - [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature) +- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation) - [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange) - [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors) - [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing) @@ -3857,6 +3978,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange) - [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck) - [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck) +- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete) - [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode) - [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites) - [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies) @@ -3987,6 +4109,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes) - [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses) - [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses) +- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage) - [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses) - [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter) - [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols) @@ -4115,14 +4238,16 @@ The following diagram shows the Policy configuration service provider in tree fo - [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses) - [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells) - [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) +- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) - [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork) +- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon) +- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon) - [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications) - [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui) - [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers) -- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart) - [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging) @@ -4256,7 +4381,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials) - [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal) - [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators) -- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy) - [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g) - [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning) - [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring) @@ -4296,11 +4421,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval) - [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent) - [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction) -- [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize) + [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize) - [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching) - [DeliveryOptimization/DOCacheHost](./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost) - [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp) - [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp) +- [DeliveryOptimization/DODelayCacheServerFallbackBackground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground) +- [DeliveryOptimization/DODelayCacheServerFallbackForeground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground) - [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode) - [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid) - [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource) @@ -4316,6 +4443,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive) - [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap) - [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) - [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth) - [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby) - [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) @@ -4365,6 +4493,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications) - [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting) - [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing) +- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile) - [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings) - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer) - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption) @@ -4376,6 +4505,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning) - [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit) - [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode) +- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar) - [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu) - [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist) - [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3) @@ -4398,17 +4528,21 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation) - [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms) - [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses) +- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload) - [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash) - [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings) - [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles) +- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview) - [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory) - [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection) - [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation) - [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites) - [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading) - [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport) +- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync) - [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard) - [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature) +- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation) - [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange) - [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors) - [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing) @@ -4418,6 +4552,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange) - [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck) - [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck) +- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete) - [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode) - [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites) - [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies) @@ -4548,6 +4683,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes) - [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses) - [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses) +- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage) - [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses) - [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter) - [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols) @@ -4623,8 +4759,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation) - [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation) - [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts) -- [LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus) -- [LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus) - [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly) - [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount) - [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount) @@ -4702,12 +4836,24 @@ The following diagram shows the Policy configuration service provider in tree fo - [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin) - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) - [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) +- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) +- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) - [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery) - [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin) - [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery) - [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin) +- [Power/SelectLidCloseActionOnBattery](./policy-csp-power.md#power-selectlidcloseactiononbattery) +- [Power/SelectLidCloseActionPluggedIn](./policy-csp-power.md#power-selectlidcloseactionpluggedin) +- [Power/SelectPowerButtonActionOnBattery](./policy-csp-power.md#power-selectpowerbuttonactiononbattery) +- [Power/SelectPowerButtonActionPluggedIn](./policy-csp-power.md#power-selectpowerbuttonactionpluggedin) +- [Power/SelectSleepButtonActionOnBattery](./policy-csp-power.md#power-selectsleepbuttonactiononbattery) +- [Power/SelectSleepButtonActionPluggedIn](./policy-csp-power.md#power-selectsleepbuttonactionpluggedin) - [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) - [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) +- [Power/TurnOffHybridSleepOnBattery](./policy-csp-power.md#power-turnoffhybridsleeponbattery) +- [Power/TurnOffHybridSleepPluggedIn](./policy-csp-power.md#power-turnoffhybridsleeppluggedin) +- [Power/UnattendedSleepTimeoutOnBattery](./policy-csp-power.md#power-unattendedsleeptimeoutonbattery) +- [Power/UnattendedSleepTimeoutPluggedIn](./policy-csp-power.md#power-unattendedsleeptimeoutpluggedin) - [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions) - [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user) - [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters) @@ -4826,6 +4972,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) - [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch) - [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad) +- [Search/AllowFindMyFiles](./policy-csp-search.md#search-allowfindmyfiles) - [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems) - [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation) - [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics) @@ -4836,6 +4983,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb) - [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries) - [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready) +- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips) - [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar) - [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) @@ -4850,6 +4998,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) - [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview) +- [System/AllowCommercialDataPipeline](./policy-csp-system.md#system-allowcommercialdatapipeline) - [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata) - [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders) - [System/AllowLocation](./policy-csp-system.md#system-allowlocation) @@ -4865,6 +5014,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) - [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics) - [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy) +- [System/TurnOffFileHistory](./policy-csp-system.md#system-turnofffilehistory) - [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode) - [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode) - [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode) @@ -4873,6 +5023,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode) - [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall) - [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection) +- [Troubleshooting/AllowRecommendations](./policy-csp-troubleshooting.md#troubleshooting-allowrecommendations) - [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) - [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) @@ -4884,7 +5035,12 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates) - [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule) - [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal) +- [Update/AutomaticMaintenanceWakeUp](./policy-csp-update.md#update-automaticmaintenancewakeup) - [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel) +- [Update/ConfigureDeadlineForFeatureUpdates](./policy-csp-update.md#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](./policy-csp-update.md#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](./policy-csp-update.md#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](./policy-csp-update.md#update-configuredeadlinenoautoreboot) - [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays) - [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod) @@ -4978,11 +5134,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url) - [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) - [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace) +- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon) +- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon) - [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications) - [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui) +- [WindowsLogon/EnableFirstLogonAnimation](./policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation) - [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers) - [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching) -- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart) - [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging) - [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc) - [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing) @@ -4990,203 +5148,281 @@ The following diagram shows the Policy configuration service provider in tree fo ## Policies supported by Windows Holographic for Business -- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) -- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) -- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) -- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) -- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) -- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname) -- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) -- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) -- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) -- [Browser/AllowAutofill](#browser-allowautofill) -- [Browser/AllowCookies](#browser-allowcookies) -- [Browser/AllowDoNotTrack](#browser-allowdonottrack) -- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) -- [Browser/AllowPopups](#browser-allowpopups) -- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) -- [Browser/AllowSmartScreen](#browser-allowsmartscreen) -- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) -- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) -- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) -- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) -- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) -- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) -- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) -- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) -- [Experience/AllowCortana](#experience-allowcortana) -- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) -- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) -- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) -- [Settings/AllowDateTime](#settings-allowdatetime) -- [Settings/AllowVPN](#settings-allowvpn) -- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) -- [System/AllowLocation](#system-allowlocation) -- [System/AllowTelemetry](#system-allowtelemetry) -- [Update/AllowAutoUpdate](#update-allowautoupdate) -- [Update/AllowUpdateService](#update-allowupdateservice) -- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Update/RequireUpdateApproval](#update-requireupdateapproval) -- [Update/ScheduledInstallDay](#update-scheduledinstallday) -- [Update/ScheduledInstallTime](#update-scheduledinstalltime) -- [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowAutofill](#browser-allowautofill) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [Experience/AllowCortana](#experience-allowcortana) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay](#update-scheduledinstallday) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) ## Policies supported by Windows Holographic -- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) -- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) -- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) -- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) -- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) -- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) -- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) -- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) -- [Browser/AllowDoNotTrack](#browser-allowdonottrack) -- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) -- [Browser/AllowPopups](#browser-allowpopups) -- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) -- [Browser/AllowSmartScreen](#browser-allowsmartscreen) -- [Browser/AllowCookies](#browser-allowcookies) -- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) -- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) -- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) -- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) -- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) -- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) -- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) -- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) -- [Experience/AllowCortana](#experience-allowcortana) -- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) -- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) -- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) -- [Settings/AllowDateTime](#settings-allowdatetime) -- [Settings/AllowVPN](#settings-allowvpn) -- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) -- [System/AllowTelemetry](#system-allowtelemetry) -- [System/AllowLocation](#system-allowlocation) -- [Update/AllowAutoUpdate](#update-allowautoupdate) -- [Update/AllowUpdateService](#update-allowupdateservice) -- [Update/RequireUpdateApproval](#update-requireupdateapproval) -- [Update/ScheduledInstallDay](#update-scheduledinstallday) -- [Update/ScheduledInstallTime](#update-scheduledinstalltime) -- [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Browser/AllowCookies](#browser-allowcookies) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [Experience/AllowCortana](#experience-allowcortana) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) +- [System/AllowTelemetry](#system-allowtelemetry) +- [System/AllowLocation](#system-allowlocation) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay](#update-scheduledinstallday) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) ## Policies supported by Microsoft Surface Hub -- [Camera/AllowCamera](#camera-allowcamera) -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) -- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) -- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) -- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) -- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) -- [Defender/AllowCloudProtection](#defender-allowcloudprotection) -- [Defender/AllowEmailScanning](#defender-allowemailscanning) -- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) -- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) -- [Defender/AllowIOAVProtection](#defender-allowioavprotection) -- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) -- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) -- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) -- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) -- [Defender/AllowScriptScanning](#defender-allowscriptscanning) -- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) -- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) -- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) -- [Defender/ExcludedExtensions](#defender-excludedextensions) -- [Defender/ExcludedPaths](#defender-excludedpaths) -- [Defender/ExcludedProcesses](#defender-excludedprocesses) -- [Defender/PUAProtection](#defender-puaprotection) -- [Defender/RealTimeScanDirection](#defender-realtimescandirection) -- [Defender/ScanParameter](#defender-scanparameter) -- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) -- [Defender/ScheduleScanDay](#defender-schedulescanday) -- [Defender/ScheduleScanTime](#defender-schedulescantime) -- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) -- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) -- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) -- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) -- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) -- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) -- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) -- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) -- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) -- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) -- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) -- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) -- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) -- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) -- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) -- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) -- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) -- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) -- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) -- [TextInput/AllowIMELogging](#textinput-allowimelogging) -- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) -- [TextInput/AllowInputPanel](#textinput-allowinputpanel) -- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) -- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) -- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) -- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) -- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) -- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) -- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) -- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) -- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting) +- [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites) +- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) +- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) +- [Defender/AllowCloudProtection](#defender-allowcloudprotection) +- [Defender/AllowEmailScanning](#defender-allowemailscanning) +- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) +- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) +- [Defender/AllowIOAVProtection](#defender-allowioavprotection) +- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) +- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) +- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) +- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) +- [Defender/AllowScriptScanning](#defender-allowscriptscanning) +- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) +- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) +- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) +- [Defender/ExcludedExtensions](#defender-excludedextensions) +- [Defender/ExcludedPaths](#defender-excludedpaths) +- [Defender/ExcludedProcesses](#defender-excludedprocesses) +- [Defender/PUAProtection](#defender-puaprotection) +- [Defender/RealTimeScanDirection](#defender-realtimescandirection) +- [Defender/ScanParameter](#defender-scanparameter) +- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) +- [Defender/ScheduleScanDay](#defender-schedulescanday) +- [Defender/ScheduleScanTime](#defender-schedulescantime) +- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) +- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) +- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) +- [TextInput/AllowIMELogging](#textinput-allowimelogging) +- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) +- [TextInput/AllowInputPanel](#textinput-allowinputpanel) +- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) +- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) +- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) +- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) +- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) +- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) +- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting) ## Policies supported by Windows 10 IoT Core -- [Camera/AllowCamera](#camera-allowcamera) -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) -- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) -- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) -- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) -- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) -- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) -- [Wifi/AllowWiFi](#wifi-allowwifi) -- [Wifi/WLANScanMode](#wifi-wlanscanmode) +- [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) +- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) +- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) +- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) +- [InternetExplorer/DisableActiveXVersionListAutoDownload](#internetexplorer-disableactivexversionlistautodownload) +- [InternetExplorer/DisableCompatView](#internetexplorer-disablecompatview) +- [InternetExplorer/DisableGeolocation](#internetexplorer-disablegeolocation) +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost) +- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) +- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) +- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground) +- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) +- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby) +- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) +- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) +- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) +- [Wifi/WLANScanMode](#wifi-wlanscanmode) + +## Policies supported by Windows 10 IoT Enterprise + +- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](#internetexplorer-allowenhancedsuggestionsinaddressbar) +- [InternetExplorer/DisableActiveXVersionListAutoDownload](#internetexplorer-disableactivexversionlistautodownload) +- [InternetExplorer/DisableCompatView](#internetexplorer-disablecompatview) +- [InternetExplorer/DisableFeedsBackgroundSync](#internetexplorer-disablefeedsbackgroundsync) +- [InternetExplorer/DisableGeolocation](#internetexplorer-disablegeolocation) +- [InternetExplorer/DisableWebAddressAutoComplete](#internetexplorer-disablewebaddressautocomplete) +- [InternetExplorer/NewTabDefaultPage](#internetexplorer-newtabdefaultpage) +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost) +- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) +- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) +- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground) +- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) +- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby) +- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) +- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) + + + ## Policies that can be set using Exchange Active Sync (EAS) -- [Browser/AllowBrowser](#browser-allowbrowser) -- [Camera/AllowCamera](#camera-allowcamera) -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) -- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) -- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) -- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) -- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) -- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) -- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) -- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) -- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) -- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) -- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) -- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) -- [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow) -- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) -- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) -- [System/AllowStorageCard](#system-allowstoragecard) -- [System/TelemetryProxy](#system-telemetryproxy) -- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) -- [Wifi/AllowWiFi](#wifi-allowwifi) - +- [Browser/AllowBrowser](#browser-allowbrowser) +- [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [System/AllowStorageCard](#system-allowstoragecard) +- [System/TelemetryProxy](#system-telemetryproxy) +- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) +- [Wifi/AllowWiFi](#wifi-allowwifi) + ## Examples @@ -5236,4 +5472,4 @@ Do not allow NFC. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index f91a9e7031..b5cb013a88 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -1,12 +1,14 @@ --- title: Policy CSP - AboveLock description: Policy CSP - AboveLock -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 882f3767a3..55f72ccd70 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Accounts description: Policy CSP - Accounts -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 64bdd52d8f..09639791f8 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ActiveXControls description: Policy CSP - ActiveXControls -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - ActiveXControls @@ -74,9 +76,9 @@ Note: Wild card characters cannot be used when specifying the host URLs. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 3961d870d8..09d3644c12 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ApplicationDefaults description: Policy CSP - ApplicationDefaults -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 994c53f7ca..29d419c3dd 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ApplicationManagement description: Policy CSP - ApplicationManagement -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - ApplicationManagement @@ -598,7 +600,7 @@ For this policy to work, the Windows apps need to declare in their manifest that ``` -> [!Note] +> [!NOTE] > This policy only works on modern apps. diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 5bddec2b4c..6f998bebf9 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -1,12 +1,14 @@ --- title: Policy CSP - AppRuntime description: Policy CSP - AppRuntime -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - AppRuntime @@ -71,9 +73,9 @@ If you disable or do not configure this policy setting, users will need to sign > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index d3d1e3c5a4..7ecd3a228b 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -1,12 +1,14 @@ --- title: Policy CSP - AppVirtualization description: Policy CSP - AppVirtualization -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - AppVirtualization @@ -149,9 +151,9 @@ This policy setting allows you to enable or disable Microsoft Application Virtua > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -207,9 +209,9 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -265,9 +267,9 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -323,9 +325,9 @@ Enables scripts defined in the package manifest of configuration files that shou > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -381,9 +383,9 @@ Enables a UX to display to the user when a publishing refresh is performed on th > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -449,9 +451,9 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -507,9 +509,9 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -565,9 +567,9 @@ Specifies the registry paths that do not roam with a user profile. Example usage > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -623,9 +625,9 @@ Specifies how new packages should be loaded automatically by App-V on a specific > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -681,9 +683,9 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -739,9 +741,9 @@ Specifies the location where symbolic links are created to the current version o > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -797,9 +799,9 @@ Specifies the location where symbolic links are created to the current version o > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -873,9 +875,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -949,9 +951,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1025,9 +1027,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1101,9 +1103,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1177,9 +1179,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1235,9 +1237,9 @@ Specifies the path to a valid certificate in the certificate store. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1293,9 +1295,9 @@ This setting controls whether virtualized applications are launched on Windows 8 > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1351,9 +1353,9 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1409,9 +1411,9 @@ Specifies directory where all new applications and updates will be installed. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1467,9 +1469,9 @@ Overrides source location for downloading package content. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1525,9 +1527,9 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1583,9 +1585,9 @@ Specifies the number of times to retry a dropped session. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1641,9 +1643,9 @@ Specifies that streamed package contents will be not be saved to the local hard > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1699,9 +1701,9 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1757,9 +1759,9 @@ Verifies Server certificate revocation status before streaming using HTTPS. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1815,9 +1817,9 @@ Specifies a list of process paths (may contain wildcards) which are candidates f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 65d3b9a405..f5630e76f5 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -1,12 +1,14 @@ --- title: Policy CSP - AttachmentManager description: Policy CSP - AttachmentManager -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - AttachmentManager @@ -80,9 +82,9 @@ If you do not configure this policy setting, Windows marks file attachments with > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -144,9 +146,9 @@ If you do not configure this policy setting, Windows hides the check box and Unb > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -208,9 +210,9 @@ If you do not configure this policy setting, Windows does not call the registere > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 7708a220e7..71ca1629b3 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -1,19 +1,18 @@ --- title: Policy CSP - Authentication description: Policy CSP - Authentication -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/01/2019 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Authentication -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
                                      @@ -354,6 +353,9 @@ The following list shows the supported values: +> [!Warning] +> This policy is in preview mode only and therefore not meant or recommended for production purposes. + This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts. Value type is integer. Supported values: @@ -412,9 +414,12 @@ Value type is integer. Supported values: +> [!Warning] +> This policy is in preview mode only and therefore not meant or recommended for production purposes. + "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for non-ADFS federated providers (e.g. SAML). -> [!Note] +> [!Note] > Web Sign-in is only supported on Azure AD Joined PCs. Value type is integer. Supported values: @@ -504,8 +509,8 @@ Value type is string. - [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) - [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname) - -
                                      + +
                                      Footnotes: @@ -514,4 +519,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index efefb6de1e..0845e952f8 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Autoplay description: Policy CSP - Autoplay -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Autoplay @@ -79,9 +81,9 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -151,9 +153,9 @@ If you disable or not configure this policy setting, Windows Vista or later will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -224,9 +226,9 @@ Note: This policy setting appears in both the Computer Configuration and User Co > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 55976c06ee..a1ba855654 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Bitlocker description: Policy CSP - Bitlocker -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/22/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Bitlocker diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index dfad46a493..32fe01163f 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -1,12 +1,14 @@ --- title: Policy CSP - BITS description: Policy CSP - BITS -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/29/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - BITS @@ -454,7 +456,7 @@ ADMX Info: This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk. -> [!Note] +> [!NOTE] > Any property changes to the job or any successful download action will reset this timeout. Value type is integer. Default is 90 days. diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 8abc1aaa7a..51c93e97d7 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Bluetooth description: Policy CSP - Bluetooth -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Bluetooth @@ -356,8 +358,8 @@ The default value is an empty string. For more information, see [ServicesAllowed - [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) - [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) - [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) - -
                                      + +
                                      Footnotes: diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index cf8010c0ce..b49fa49949 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -4,9 +4,11 @@ description: Policy CSP - Browser ms.topic: article ms.prod: w10 ms.technology: windows -author: shortpatti -ms.author: pashort +author: dansimp +ms.author: dansimp ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Browser @@ -2468,7 +2470,7 @@ Most restricted value: 0    > [!NOTE] > This policy has no effect when the Browser/HomePages policy is not configured.  -  + > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy). @@ -2599,7 +2601,7 @@ Most restricted value: 0 > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -  + @@ -3282,7 +3284,7 @@ Supported values: - Blank (default) - Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. -- String - Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:

                                            _Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_

                                      After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

                                      Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. +- String - Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper extension prevents users from turning it off:

                                            _Microsoft.OneNoteWebClipper8wekyb3d8bbwe_

                                      After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

                                      Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. @@ -3398,14 +3400,14 @@ Most restricted value: 1 >*Supported versions: Microsoft Edge on Windows 10, version 1709 or later* [!INCLUDE [provision-favorites-shortdesc](../../../browsers/edge/shortdesc/provision-favorites-shortdesc.md)] -  + Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off. To define a default list of favorites: 1. In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**. 2. Click **Import from another browser**, click **Export to file** and save the file. -3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.

                                      Specify the URL as:

                                      • HTTP location: "SiteList"=http://localhost:8080/URLs.html
                                      • Local network: "SiteList"="\network\shares\URLs.html"
                                      • Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
                                      +3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.

                                      Specify the URL as:

                                      • HTTP location: "SiteList"=
                                      • Local network: "SiteList"="\network\shares\URLs.html"
                                      • Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
                                      >[!IMPORTANT] @@ -3805,7 +3807,7 @@ Most restricted value: 0 [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../../../browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)] -> [!NOTE] +> [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -3829,7 +3831,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
                                      1. Open Internet Explorer and add some favorites. -
                                      2. Open Microsoft Edge, then select **Hub > Favorites**. +
                                      3. Open Microsoft Edge, then select Hub > Favorites.
                                      4. Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge.
                                      diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index bb7caec67c..0852d91632 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Camera description: Policy CSP - Camera -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Camera @@ -98,18 +100,18 @@ Footnote: ## Camera policies that can be set using Exchange Active Sync (EAS) -- [Camera/AllowCamera](#camera-allowcamera) - +- [Camera/AllowCamera](#camera-allowcamera) + ## Camera policies supported by IoT Core -- [Camera/AllowCamera](#camera-allowcamera) - +- [Camera/AllowCamera](#camera-allowcamera) + ## Camera policies supported by Microsoft Surface Hub -- [Camera/AllowCamera](#camera-allowcamera) - +- [Camera/AllowCamera](#camera-allowcamera) + diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 0712d689ac..ff738aa2e1 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Cellular description: Policy CSP - Cellular -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Cellular @@ -311,9 +313,9 @@ If this policy setting is disabled or is not configured, the link to the per-app > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -339,18 +341,18 @@ Footnote: ## Cellular policies that can be set using Exchange Active Sync (EAS) -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + ## Cellular policies supported by IoT Core -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + ## Cellular policies supported by Microsoft Surface Hub -- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 34d9585326..f1fc3f9445 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Connectivity description: Policy CSP - Connectivity -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Connectivity @@ -638,9 +640,9 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -704,9 +706,9 @@ If you disable or do not configure this policy setting, users can download print > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -770,9 +772,9 @@ See the documentation for the web publishing and online ordering wizards for mor > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -823,7 +825,7 @@ ADMX Info: -Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com. +Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com. Value type is integer. @@ -883,9 +885,9 @@ If you enable this policy, Windows only allows access to the specified UNC paths > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -947,9 +949,9 @@ If you disable this setting or do not configure it, the user will be able to cre > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index f6626284ef..c9d03ef5de 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ControlPolicyConflict description: Policy CSP - ControlPolicyConflict -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - ControlPolicyConflict @@ -64,10 +66,10 @@ ms.date: 03/12/2018 Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device. -> [!Note] +> [!NOTE] > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers. -This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. Note: This policy doesn’t support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index f471a91b35..1e3b1dd91e 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -1,12 +1,14 @@ --- title: Policy CSP - CredentialProviders description: Policy CSP - CredentialProviders -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - CredentialProviders @@ -82,9 +84,9 @@ To configure Windows Hello for Business, use the Administrative Template policie > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -146,9 +148,9 @@ Note that the user's domain password will be cached in the system vault when usi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -226,7 +228,7 @@ Footnote: ## CredentialProviders policies supported by IoT Core -- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) -- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) - +- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) +- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) + diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 309848708a..80a987c29b 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -1,12 +1,14 @@ --- title: Policy CSP - CredentialsDelegation description: Policy CSP - CredentialsDelegation -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - CredentialsDelegation @@ -73,9 +75,9 @@ If you disable or do not configure this policy setting, Restricted Administratio > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 12f8698b09..723426a323 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -1,12 +1,14 @@ --- title: Policy CSP - CredentialsUI description: Policy CSP - CredentialsUI -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - CredentialsUI @@ -80,9 +82,9 @@ The policy applies to all Windows components and applications that use the Windo > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -142,9 +144,9 @@ If you disable this policy setting, users will always be required to type a user > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 69f8321a8b..4dd0e68d3c 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -1,59 +1,39 @@ --- title: Policy CSP - Cryptography description: Policy CSP - Cryptography -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Cryptography - -
                                      ## Cryptography policies -
                                      -
                                      - Cryptography/AllowFipsAlgorithmPolicy -
                                      -
                                      - Cryptography/TLSCipherSuites -
                                      -
                                      - +* [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy) +* [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites) +* [Cryptography/Microsoft Surface Hub](#cryptography-policies-supported-by-microsoft-surface-hub)
                                      -**Cryptography/AllowFipsAlgorithmPolicy** + +## Cryptography/AllowFipsAlgorithmPolicy - - - - - - - - - - - - - - - - - - - -
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck markcheck markcheck markcheck markcheck markcheck mark
                                      + +|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | +| :---: | :---: | :---: | :---: | :---: | :---: | :---: | +|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]| + @@ -87,29 +67,14 @@ The following list shows the supported values:
                                      -**Cryptography/TLSCipherSuites** + +## Cryptography/TLSCipherSuites - - - - - - - - - - - - - - - - - - - -
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck markcheck markcheck markcheck markcheck markcheck mark
                                      +|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | +| :---: | :---: | :---: | :---: | :---: | :---: | :---: | +|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]| + @@ -138,9 +103,13 @@ Footnote: -## Cryptography policies supported by Microsoft Surface Hub +## Cryptography policies supported by Microsoft Surface Hub -- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) -- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) - +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) + + + +[check]: images/checkmark.png "Check" +[x]: images/crossmark.png "X" diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index aabd7f1845..cfa533aef2 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -1,12 +1,14 @@ --- title: Policy CSP - DataProtection description: Policy CSP - DataProtection -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 01/26/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - DataProtection @@ -121,7 +123,7 @@ The following list shows the supported values: > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. -  + Setting used by Windows 8.1 Selective Wipe. > [!NOTE] @@ -143,6 +145,6 @@ Footnote: ## DataProtection policies supported by IoT Core -- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) - +- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) + diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index b1a2f2dfa1..1268e6243c 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -1,12 +1,14 @@ --- title: Policy CSP - DataUsage description: Policy CSP - DataUsage -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/13/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - DataUsage @@ -93,9 +95,9 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 0605b3bb03..f796a9ae53 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Defender description: Policy CSP - Defender -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 01/26/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Defender @@ -250,7 +252,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Allows or disallows Windows Defender Behavior Monitoring functionality. @@ -561,7 +563,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Allows or disallows Windows Defender IOAVP Protection functionality. @@ -801,7 +803,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Allows or disallows a scanning of network files. @@ -1097,7 +1099,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Represents the average CPU load factor for the Windows Defender scan (in percent). @@ -1241,8 +1243,8 @@ Added in Windows 10, version 1709. This policy setting determines how aggressive If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus documentation site. -      -> [!Note] + +> [!NOTE] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. @@ -1313,7 +1315,7 @@ The typical cloud check timeout is 10 seconds. To enable the extended cloud chec For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. -> [!Note] +> [!NOTE] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". @@ -1479,7 +1481,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Time period (in days) that quarantine items will be stored on the system. @@ -1888,7 +1890,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". @@ -2006,7 +2008,7 @@ Allows an administrator to specify a list of files opened by processes to ignore > [!IMPORTANT] > The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path. -  + Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". @@ -2247,13 +2249,13 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Selects the time of day that the Windows Defender quick scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -  + For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. @@ -2605,7 +2607,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. @@ -2672,7 +2674,7 @@ Valid values: 0–24. > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. @@ -2736,11 +2738,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -  + Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. -This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 +This value is a list of threat severity level IDs and corresponding actions, separated by a| using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 The following list shows the supported values for threat severity levels: @@ -2785,32 +2787,32 @@ Footnote: ## Defender policies supported by Microsoft Surface Hub -- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) -- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) -- [Defender/AllowCloudProtection](#defender-allowcloudprotection) -- [Defender/AllowEmailScanning](#defender-allowemailscanning) -- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) -- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) -- [Defender/AllowIOAVProtection](#defender-allowioavprotection) -- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) -- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) -- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) -- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) -- [Defender/AllowScriptScanning](#defender-allowscriptscanning) -- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) -- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) -- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) -- [Defender/ExcludedExtensions](#defender-excludedextensions) -- [Defender/ExcludedPaths](#defender-excludedpaths) -- [Defender/ExcludedProcesses](#defender-excludedprocesses) -- [Defender/PUAProtection](#defender-puaprotection) -- [Defender/RealTimeScanDirection](#defender-realtimescandirection) -- [Defender/ScanParameter](#defender-scanparameter) -- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) -- [Defender/ScheduleScanDay](#defender-schedulescanday) -- [Defender/ScheduleScanTime](#defender-schedulescantime) -- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) -- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) -- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) - +- [Defender/AllowArchiveScanning](#defender-allowarchivescanning) +- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) +- [Defender/AllowCloudProtection](#defender-allowcloudprotection) +- [Defender/AllowEmailScanning](#defender-allowemailscanning) +- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives) +- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning) +- [Defender/AllowIOAVProtection](#defender-allowioavprotection) +- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem) +- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection) +- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring) +- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles) +- [Defender/AllowScriptScanning](#defender-allowscriptscanning) +- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess) +- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor) +- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware) +- [Defender/ExcludedExtensions](#defender-excludedextensions) +- [Defender/ExcludedPaths](#defender-excludedpaths) +- [Defender/ExcludedProcesses](#defender-excludedprocesses) +- [Defender/PUAProtection](#defender-puaprotection) +- [Defender/RealTimeScanDirection](#defender-realtimescandirection) +- [Defender/ScanParameter](#defender-scanparameter) +- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime) +- [Defender/ScheduleScanDay](#defender-schedulescanday) +- [Defender/ScheduleScanTime](#defender-schedulescantime) +- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval) +- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent) +- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction) + diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 95e6d74539..66ac43c7f6 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -1,19 +1,18 @@ --- title: Policy CSP - DeliveryOptimization description: Policy CSP - DeliveryOptimization -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 07/06/2018 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - DeliveryOptimization -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
                                      @@ -36,6 +35,12 @@ ms.date: 07/06/2018
                                      DeliveryOptimization/DODelayForegroundDownloadFromHttp
                                      +
                                      + DeliveryOptimization/DODelayCacheServerFallbackBackground +
                                      +
                                      + DeliveryOptimization/DODelayCacheServerFallbackForeground +
                                      DeliveryOptimization/DODownloadMode
                                      @@ -403,6 +408,144 @@ The following list shows the supported values as number of seconds:
                                      + +**DeliveryOptimization/DODelayCacheServerFallbackBackground** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + + +Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download. + +> [!NOTE] +> The [DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) policy takes precedence over this policy to allow downloads from peers first. + + + + +ADMX Info: +- GP English name: *Delay Background download Cache Server fallback (in seconds)* +- GP name: *DelayCacheServerFallbackBackground* +- GP element: *DelayCacheServerFallbackBackground* +- GP path: *Windows Components/Delivery Optimization* +- GP ADMX file name: *DeliveryOptimization.admx* + + + + +This policy is specified in seconds. +Supported values: 0 - one month (in seconds) + + + + + + + + + + +
                                      + + + +**DeliveryOptimization/DODelayCacheServerFallbackForeground** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + + +Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download. + +> [!NOTE] +> The [DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) policy takes precedence over this policy to allow downloads from peers first. + + + + +ADMX Info: +- GP English name: *Delay Foreground download Cache Server fallback (in seconds)* +- GP name: *DelayCacheServerFallbackForeground* +- GP element: *DelayCacheServerFallbackForeground* +- GP path: *Windows Components/Delivery Optimization* +- GP ADMX file name: *DeliveryOptimization.admx* + + + +This policy is specified in seconds. +Supported values: 0 - one month (in seconds) + + + + + + + + +
                                      + **DeliveryOptimization/DODownloadMode** @@ -695,7 +838,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -  + Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). The default value is 20. @@ -752,7 +895,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -  + Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. @@ -811,7 +954,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -  + Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization. The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). @@ -985,7 +1128,7 @@ ADMX Info: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB. +Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB. > [!NOTE] > If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy. @@ -1046,7 +1189,7 @@ ADMX Info: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB. +Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB. The default value is 100 MB. @@ -1104,7 +1247,7 @@ ADMX Info: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. +Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. The default value is 4 GB. @@ -1470,9 +1613,9 @@ Added in Windows 10, version 1803. Specifies the maximum background downloa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1536,9 +1679,9 @@ Added in Windows 10, version 1803. Specifies the maximum foreground downloa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1558,36 +1701,108 @@ This policy allows an IT Admin to define the following: + + + + + + + + + + + +## DeliveryOptimization policies supported by IoT Core + +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost) +- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) +- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) +- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground) +- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) +- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby) +- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) +- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) + + + +## DeliveryOptimization policies supported by IoT Enterprise + +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost) +- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) +- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) +- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground) +- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) +- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) +- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby) +- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) +- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) + + + + +## DeliveryOptimization policies supported by Microsoft Surface Hub + +- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) +- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) +- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) +- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) +- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) +- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) +- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) +- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) +- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) +- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) +- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) +- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) +- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) +- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) +- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) + +
                                      -Footnote: +Footnotes: - 1 - Added in Windows 10, version 1607. - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. - - - - -## DeliveryOptimization policies supported by Microsoft Surface Hub - -- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize) -- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching) -- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode) -- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid) -- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage) -- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize) -- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth) -- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth) -- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos) -- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer) -- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache) -- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer) -- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive) -- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) -- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) - - +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index ac8fca65ac..ebe8a9efb2 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Desktop description: Policy CSP - Desktop -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Desktop @@ -72,9 +74,9 @@ If you enable this setting, users are unable to type a new location in the Targe > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -100,6 +102,6 @@ Footnote: ## Desktop policies supported by Microsoft Surface Hub -- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) - +- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) + diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 248f11d3fd..44a9b306d9 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -1,12 +1,14 @@ --- title: Policy CSP - DeviceGuard description: Policy CSP - DeviceGuard -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/20/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - DeviceGuard diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index a976e68696..bf819d4ba5 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -1,11 +1,13 @@ --- title: Policy CSP - DeviceInstallation +ms.reviewer: +manager: dansimp description: Policy CSP - DeviceInstallation -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman --- # Policy CSP - DeviceInstallation @@ -91,9 +93,9 @@ Peripherals can be specified by their [hardware identity](https://docs.microsoft > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -202,9 +204,9 @@ Peripherals can be specified by their [hardware identity](https://docs.microsoft > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -314,9 +316,9 @@ If you disable or do not configure this policy setting, the setting in the Devic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -388,9 +390,9 @@ If you disable or do not configure this policy setting, Windows is allowed to in > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -497,9 +499,9 @@ Peripherals can be specified by their [hardware identity](https://docs.microsoft > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -514,7 +516,7 @@ ADMX Info:
                                      -To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `` as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true. +To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use &#xF000; as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true. ``` syntax @@ -599,9 +601,9 @@ Peripherals can be specified by their [hardware identity](https://docs.microsoft > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 1d4948e92a..78f0468640 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -1,12 +1,14 @@ --- title: Policy CSP - DeviceLock description: Policy CSP - DeviceLock -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - DeviceLock @@ -117,7 +119,7 @@ ms.date: 05/01/2019 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -  + Specifies whether the user must input a PIN or password when the device resumes from an idle state. > [!NOTE] @@ -174,7 +176,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -  + Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. > [!NOTE] @@ -357,7 +359,7 @@ Specifies whether device lock is enabled. > This policy must be wrapped in an Atomic command. > > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -  + > [!IMPORTANT] @@ -881,7 +883,7 @@ The default value is 1. The following list shows the supported values and actual

                                      Desktop Microsoft Accounts

                                      1,2

                                      - +<p2

                                      Desktop Domain Accounts

                                      @@ -1075,9 +1077,9 @@ If you enable this setting, users will no longer be able to enable or disable lo > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1137,9 +1139,9 @@ If you enable this setting, users will no longer be able to modify slide show se > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1192,7 +1194,7 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -  + Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices. Minimum supported value is 10. diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 7e1be2a448..e6bdb26828 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Display description: Policy CSP - Display -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 9c1747dae9..84edbd082b 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -1,12 +1,14 @@ --- title: Policy CSP - DmaGuard description: Policy CSP - DmaGuard -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/17/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - DmaGuard @@ -71,7 +73,7 @@ Device memory sandboxing allows the OS to leverage the I/O Memory Management Uni This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. -> [!Note] +> [!NOTE] > This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices. Supported values: diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index aba6597add..75f755f4fb 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Education description: Policy CSP - Education -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Education diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 472aa8161b..606cfc2ceb 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -1,12 +1,14 @@ --- title: Policy CSP - EnterpriseCloudPrint description: Policy CSP - EnterpriseCloudPrint -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 04063822ba..d498c385d6 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ErrorReporting description: Policy CSP - ErrorReporting -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - ErrorReporting @@ -94,9 +96,9 @@ If you disable or do not configure this policy setting, then the default consent > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -156,9 +158,9 @@ If you disable or do not configure this policy setting, the Turn off Windows Err > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -222,9 +224,9 @@ See also the Configure Error Reporting policy setting. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -284,9 +286,9 @@ If you disable or do not configure this policy setting, then consent policy sett > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -346,9 +348,9 @@ If you disable or do not configure this policy setting, Windows Error Reporting > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 991eab8855..a12bf88937 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -1,12 +1,14 @@ --- title: Policy CSP - EventLogService description: Policy CSP - EventLogService -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - EventLogService @@ -83,9 +85,9 @@ Note: Old events may or may not be retained according to the "Backup log automat > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -145,9 +147,9 @@ If you disable or do not configure this policy setting, the maximum size of the > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -207,9 +209,9 @@ If you disable or do not configure this policy setting, the maximum size of the > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -269,9 +271,9 @@ If you disable or do not configure this policy setting, the maximum size of the > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index c0d7b7cad4..a342fd84c7 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -1,20 +1,18 @@ --- title: Policy CSP - Experience description: Policy CSP - Experience -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/01/2019 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Experience -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
                                      @@ -96,6 +94,9 @@ ms.date: 05/01/2019
                                      Experience/PreventUsersFromTurningOnBrowserSyncing
                                      +
                                      + Experience/ShowLockOnUserTile +
                                      @@ -936,6 +937,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. +> Prior to Windows 10, version 1803, this policy had User scope. This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. @@ -1569,6 +1571,75 @@ Validation procedure: +
                                      + + +**Experience/ShowLockOnUserTile** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcross markcheck mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Shows or hides lock from the user tile menu. + +If you enable this policy setting, the lock option is shown in the User Tile menu. + +If you disable this policy setting, the lock option is never shown in the User Tile menu. + +If you do not configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel. + + + +ADMX Info: +- GP English name: *Show lock in the user tile menu* +- GP name: *ShowLockOption* +- GP path: *File Explorer* +- GP ADMX file name: *WindowsExplorer.admx* + + + +Supported values: +- false - The lock option is not displayed in the User Tile menu. +- true (default) - The lock option is displayed in the User Tile menu. + + + + + + + + + + @@ -1592,4 +1663,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 5dda241c5f..772d25390b 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -1,12 +1,14 @@ --- title: Policy CSP - ExploitGuard description: Policy CSP - ExploitGuard -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - ExploitGuard diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index d427a7ed5c..f2666b4442 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -1,12 +1,14 @@ --- title: Policy CSP - FileExplorer description: Policy CSP - FileExplorer -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - FileExplorer @@ -70,9 +72,9 @@ Disabling data execution prevention can allow certain legacy plug-in application > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -128,9 +130,9 @@ Disabling heap termination on corruption can allow certain legacy plug-in applic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 4b7c9efb2d..750f00f237 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Games description: Policy CSP - Games -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Games diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index a74fbeccf3..12cb543539 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Handwriting description: Policy CSP - Handwriting -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Handwriting diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 823af29f0b..6f746062f9 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -1,18 +1,19 @@ --- title: Policy CSP - InternetExplorer description: Policy CSP - InternetExplorer -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/14/2018 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - InternetExplorer -
                                      @@ -40,6 +41,9 @@ ms.date: 05/14/2018
                                      InternetExplorer/AllowEnhancedProtectedMode
                                      +
                                      + InternetExplorer/AllowEnhancedSuggestionsInAddressBar +
                                      InternetExplorer/AllowEnterpriseModeFromToolsMenu
                                      @@ -106,6 +110,9 @@ ms.date: 05/14/2018
                                      InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
                                      +
                                      + InternetExplorer/DisableActiveXVersionListAutoDownload +
                                      InternetExplorer/DisableAdobeFlash
                                      @@ -115,6 +122,9 @@ ms.date: 05/14/2018
                                      InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
                                      +
                                      + InternetExplorer/DisableCompatView +
                                      InternetExplorer/DisableConfiguringHistory
                                      @@ -133,12 +143,18 @@ ms.date: 05/14/2018
                                      InternetExplorer/DisableEncryptionSupport
                                      +
                                      + InternetExplorer/DisableFeedsBackgroundSync +
                                      InternetExplorer/DisableFirstRunWizard
                                      InternetExplorer/DisableFlipAheadFeature
                                      +
                                      + InternetExplorer/DisableGeolocation +
                                      InternetExplorer/DisableHomePageChange
                                      @@ -166,6 +182,9 @@ ms.date: 05/14/2018
                                      InternetExplorer/DisableUpdateCheck
                                      +
                                      + InternetExplorer/DisableWebAddressAutoComplete +
                                      InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
                                      @@ -559,6 +578,9 @@ ms.date: 05/14/2018
                                      InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
                                      +
                                      + InternetExplorer/NewTabDefaultPage +
                                      InternetExplorer/NotificationBarInternetExplorerProcesses
                                      @@ -808,9 +830,9 @@ If you disable or do not configure this policy setting, the user can configure t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -871,9 +893,9 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -940,9 +962,9 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1004,9 +1026,9 @@ If you do not configure this setting, the user has the freedom of turning on Aut > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1067,9 +1089,9 @@ If you disable or do not configure this policy setting, the user can choose whet > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1134,9 +1156,9 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1199,9 +1221,9 @@ If you do not configure this policy, users will be able to turn on or turn off E > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1216,6 +1238,82 @@ ADMX Info:
                                      + +**InternetExplorer/AllowEnhancedSuggestionsInAddressBar** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user's keystrokes are sent to Microsoft through Microsoft services. + +If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users cannot change the Suggestions setting on the Settings charm. + +If you disable this policy setting, users do not receive enhanced suggestions while typing in the Address bar. In addition, users cannot change the Suggestions setting on the Settings charm. + +If you do not configure this policy setting, users can change the Suggestions setting on the Settings charm. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar* +- GP name: *AllowServicePoweredQSA* +- GP path: *Windows Components/Internet Explorer* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- 0 - Disabled +- 1 - Enabled (Default) + + + + + + + + + +
                                      + **InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1262,9 +1360,9 @@ If you disable or don't configure this policy setting, the menu option won't app > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1325,9 +1423,9 @@ If you disable or don't configure this policy setting, Internet Explorer opens a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1389,9 +1487,9 @@ If you disable this policy, system defaults will be used. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1452,9 +1550,9 @@ If you disable or do not configure this policy setting, the user can add and rem > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1517,9 +1615,9 @@ If you do not configure this policy setting, Internet Explorer uses an Internet > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1586,9 +1684,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1655,9 +1753,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1724,9 +1822,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1793,9 +1891,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1862,9 +1960,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1931,9 +2029,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2000,9 +2098,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2063,9 +2161,9 @@ If you disable or do not configure this policy setting, Internet Explorer does n > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2123,13 +2221,13 @@ Internet Explorer has 4 security zones, numbered 1-4, and these are used by this If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information: -Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. +Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments. -> [!Note] +> [!NOTE] > This policy is a list that contains the site and index value. The list is a set of pairs of strings. Each string is seperated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below. @@ -2137,9 +2235,9 @@ The list is a set of pairs of strings. Each string is seperated by F000. Each pa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2227,9 +2325,9 @@ If you do not configure this policy, users can choose to run or install files wi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2292,9 +2390,9 @@ If you do not configure this policy setting, the user can turn on and turn off t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2361,9 +2459,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2430,9 +2528,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2499,9 +2597,9 @@ Note. It is recommended to configure template policy settings in one Group Polic > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2564,9 +2662,9 @@ If you do not configure this policy setting, Internet Explorer will not check se > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2629,9 +2727,9 @@ If you do not configure this policy, Internet Explorer will not check the digita > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2696,9 +2794,9 @@ If you do not configure this policy setting, Internet Explorer requires consiste > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2713,6 +2811,80 @@ ADMX Info:
                                      + +**InternetExplorer/DisableActiveXVersionListAutoDownload** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
                                      + + + +This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading. + +> [!Caution] +> If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the [out-of-date ActiveX control blocking feature](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. + +If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off automatic download of the ActiveX VersionList* +- GP name: *VersionListAutomaticDownloadDisable* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- 0 - Enabled +- 1 - Disabled (Default) + + + + + + + + + +
                                      + **InternetExplorer/DisableAdobeFlash** @@ -2761,9 +2933,9 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2824,9 +2996,9 @@ If you disable or do not configure this policy setting, the user can bypass Smar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2887,9 +3059,9 @@ If you disable or do not configure this policy setting, the user can bypass Smar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -2904,6 +3076,80 @@ ADMX Info:
                                      + +**InternetExplorer/DisableCompatView** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This policy setting controls the Compatibility View feature, which allows users to fix website display problems that they may encounter while browsing. + +If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list. + +If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Compatibility View* +- GP name: *CompatView_DisableList* +- GP path: *Windows Components/Internet Explorer/Compatibility View* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- 0 - Disabled (Default) +- 1 - Enabled + + + + + + + + + +
                                      + **InternetExplorer/DisableConfiguringHistory** @@ -2950,9 +3196,9 @@ If you disable or do not configure this policy setting, a user can set the numbe > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3013,9 +3259,9 @@ If you disable or do not configure this policy setting, the crash detection feat > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3078,9 +3324,9 @@ If you do not configure this policy setting, the user can choose to participate > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3145,9 +3391,9 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3208,9 +3454,9 @@ If you disable or do not configure this policy setting, the user can set the Fee > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3273,9 +3519,9 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3290,6 +3536,80 @@ ADMX Info:
                                      + +**InternetExplorer/DisableFeedsBackgroundSync** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This policy setting allows you to choose whether or not to have background synchronization for feeds and Web Slices. + +If you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off. + +If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off background synchronization for feeds and Web Slices* +- GP name: *Disable_Background_Syncing* +- GP path: *Windows Components/RSS Feeds* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- 0 - Enabled (Default) +- 1 - Disabled + + + + + + + + + +
                                      + **InternetExplorer/DisableFirstRunWizard** @@ -3340,9 +3660,9 @@ If you disable or do not configure this policy setting, Internet Explorer may ru > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3407,9 +3727,9 @@ If you don't configure this setting, users can turn this behavior on or off, usi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3424,6 +3744,82 @@ ADMX Info:
                                      + +**InternetExplorer/DisableGeolocation** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This policy setting allows you to disable browser geolocation support. This prevents websites from requesting location data about the user. + +If you enable this policy setting, browser geolocation support is turned off. + +If you disable this policy setting, browser geolocation support is turned on. + +If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off browser geolocation* +- GP name: *GeolocationDisable* +- GP path: *Windows Components/Internet Explorer* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- 0 - Disabled (Default) +- 1 - Enabled + + + + + + + + + +
                                      + **InternetExplorer/DisableHomePageChange** @@ -3469,9 +3865,9 @@ If you disable or do not configure this policy setting, the Home page box is ena > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3532,9 +3928,9 @@ If you disable or do not configure this policy setting, the user can choose to i > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3599,9 +3995,9 @@ If you do not configure this policy setting, InPrivate Browsing can be turned on > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3666,9 +4062,9 @@ If you don't configure this policy setting, users can turn this feature on or of > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3729,9 +4125,9 @@ If you disable or do not configure this policy setting, the user can configure p > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3792,9 +4188,9 @@ If you disable or do not configure this policy setting, the user can change the > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3857,9 +4253,9 @@ Note: If the “Disable Changing Home Page Settings” policy is enabled, the us > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3920,9 +4316,9 @@ If you disable or do not configure this policy setting, the feature is turned on > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -3984,9 +4380,9 @@ This policy is intended to help the administrator maintain version control for I > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4001,6 +4397,82 @@ ADMX Info:
                                      + +**InternetExplorer/DisableWebAddressAutoComplete** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. + +If you enable this policy setting, users are not suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting. + +If you disable this policy setting, users are suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting. + +If you do not configure this policy setting, users can choose to turn the auto-complete setting for web-addresses on or off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off the auto-complete feature for web addresses* +- GP name: *RestrictWebAddressSuggest* +- GP path: *Windows Components/Internet Explorer* +- GP ADMX file name: *inetres.admx* + + + +Supported values: +- yes - Disabled (Default) +- no - Enabled + + + + + + + + + +
                                      + **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -4051,9 +4523,9 @@ If you disable or do not configure this policy setting, Internet Explorer notifi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4119,9 +4591,9 @@ Also, see the "Security zones: Use only machine settings" policy. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4187,9 +4659,9 @@ Also, see the "Security zones: Use only machine settings" policy. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4252,9 +4724,9 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4321,9 +4793,9 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4386,9 +4858,9 @@ If you do not configure this policy setting, users choose whether to force local > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4451,9 +4923,9 @@ If you do not configure this policy setting, users choose whether network paths > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4516,9 +4988,9 @@ If you do not configure this policy setting, users cannot load a page in the zon > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4581,9 +5053,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4644,9 +5116,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4711,9 +5183,9 @@ If you do not configure this policy setting, a script can perform a clipboard op > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4776,9 +5248,9 @@ If you do not configure this policy setting, users can drag files or copy and pa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4841,9 +5313,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4906,9 +5378,9 @@ If you do not configure this policy setting, Web sites from less privileged zone > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -4971,9 +5443,9 @@ If you do not configure this policy setting, the user can decide whether to load > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5036,9 +5508,9 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5099,9 +5571,9 @@ If you disable this policy setting, the user does not see the per-site ActiveX p > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5162,9 +5634,9 @@ If you disable this policy setting, the TDC Active X control will run from all s > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5227,9 +5699,9 @@ If you do not configure this policy setting, the possible harmful actions contai > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5292,9 +5764,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5357,9 +5829,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5424,9 +5896,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5487,9 +5959,9 @@ If you disable or do not configure this policy setting, script is not allowed to > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5552,9 +6024,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5619,9 +6091,9 @@ If you do not configure or disable this policy setting, VBScript is prevented fr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5684,9 +6156,9 @@ If you don't configure this policy setting, Internet Explorer always checks with > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5749,9 +6221,9 @@ If you do not configure this policy setting, users are queried whether to downlo > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5814,9 +6286,9 @@ If you do not configure this policy setting, users cannot run unsigned controls. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5877,9 +6349,9 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -5944,9 +6416,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6011,9 +6483,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6076,9 +6548,9 @@ If you do not configure this policy setting, the MIME Sniffing Safety Feature wi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6141,9 +6613,9 @@ If you do not configure this policy setting, the user can turn on or turn off Pr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6206,9 +6678,9 @@ If you do not configure this policy setting, the user can choose whether path in > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6273,9 +6745,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6377,9 +6849,9 @@ If you do not configure this policy setting, the permission is set to High Safet > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6442,9 +6914,9 @@ If you do not configure this policy setting, users are queried to choose whether > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6515,9 +6987,9 @@ If you do not configure this policy setting, logon is set to Automatic logon onl > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6580,9 +7052,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6645,9 +7117,9 @@ If you do not configure this policy setting, Internet Explorer will execute sign > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6710,9 +7182,9 @@ If you do not configure this policy setting, the user can configure how the comp > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6775,9 +7247,9 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6840,9 +7312,9 @@ If you do not configure this policy setting, users are queried to choose whether > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6905,9 +7377,9 @@ If you do not configure this policy setting, users will receive a prompt when a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -6968,9 +7440,9 @@ If you disable or do not configure this setting, users will receive a file downl > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7033,9 +7505,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7098,9 +7570,9 @@ If you do not configure this policy setting, Web sites from less privileged zone > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7163,9 +7635,9 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7228,9 +7700,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7295,9 +7767,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7360,9 +7832,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7425,9 +7897,9 @@ If you don't configure this policy setting, Internet Explorer won't check with y > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7492,9 +7964,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7563,9 +8035,9 @@ If you do not configure this policy setting, the permission is set to Medium Saf > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7628,9 +8100,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7693,9 +8165,9 @@ If you do not configure this policy setting, users can load a page in the zone t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7758,9 +8230,9 @@ If you do not configure this policy setting, users will receive a prompt when a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7821,9 +8293,9 @@ If you disable or do not configure this setting, users will receive a file downl > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7886,9 +8358,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -7951,9 +8423,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8016,9 +8488,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8081,9 +8553,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8148,9 +8620,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8213,9 +8685,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8278,9 +8750,9 @@ If you don't configure this policy setting, Internet Explorer won't check with y > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8345,9 +8817,9 @@ If you do not configure this policy setting, users are queried whether to allow > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8416,9 +8888,9 @@ If you do not configure this policy setting, the permission is set to Medium Saf > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8481,9 +8953,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8546,9 +9018,9 @@ If you do not configure this policy setting, users cannot load a page in the zon > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8611,9 +9083,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8674,9 +9146,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8739,9 +9211,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8804,9 +9276,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8869,9 +9341,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -8934,9 +9406,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9001,9 +9473,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9066,9 +9538,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9133,9 +9605,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9204,9 +9676,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9269,9 +9741,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9340,9 +9812,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9405,9 +9877,9 @@ If you do not configure this policy setting, users are queried to choose whether > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9470,9 +9942,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9533,9 +10005,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9598,9 +10070,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9663,9 +10135,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9728,9 +10200,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9793,9 +10265,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9860,9 +10332,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9925,9 +10397,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -9992,9 +10464,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10057,9 +10529,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10122,9 +10594,9 @@ If you do not configure this policy setting, users can load a page in the zone t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10187,9 +10659,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10250,9 +10722,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10315,9 +10787,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10380,9 +10852,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10445,9 +10917,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10510,9 +10982,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10577,9 +11049,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10642,9 +11114,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10709,9 +11181,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10780,9 +11252,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10845,9 +11317,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10910,9 +11382,9 @@ If you do not configure this policy setting, users cannot load a page in the zon > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -10975,9 +11447,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11038,9 +11510,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11103,9 +11575,9 @@ If you do not configure this policy setting, users are queried whether to allow > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11168,9 +11640,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11233,9 +11705,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11298,9 +11770,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11365,9 +11837,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11430,9 +11902,9 @@ If you do not configure this policy setting, users cannot preserve information i > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11497,9 +11969,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11568,9 +12040,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11633,9 +12105,9 @@ If you do not configure this policy setting, users cannot open other windows and > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11698,9 +12170,9 @@ If you do not configure this policy setting, users can load a page in the zone t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11763,9 +12235,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11826,9 +12298,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11891,9 +12363,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -11956,9 +12428,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12021,9 +12493,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12086,9 +12558,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12153,9 +12625,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12218,9 +12690,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12285,9 +12757,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12356,9 +12828,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12421,9 +12893,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12486,9 +12958,9 @@ If you do not configure this policy setting, the MK Protocol is prevented for Fi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12551,9 +13023,9 @@ If you do not configure this policy setting, MIME sniffing will never promote a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12568,6 +13040,83 @@ ADMX Info:
                                      + +**InternetExplorer/NewTabDefaultPage** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6cross markcross mark
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
                                      + + + +This policy setting allows you to specify what is displayed when the user opens a new tab. + +If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, the new tab page or the new tab page with my news feed. + +If you disable or do not configure this policy setting, users can select their preference for this behavior. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify default behavior for a new tab* +- GP name: *NewTabAction* +- GP path: *Windows Components/Internet Explorer* +- GP ADMX file name: *inetres.admx* + + + + +Supported values: +- 0 - NewTab_AboutBlank (about:blank) +- 1 - NewTab_Homepage (Home page) +- 2 - NewTab_AboutTabs (New tab page) +- 3 - NewTab_AboutNewsFeed (New tab page with my news feed) (Default) + + + + + + + + + +
                                      + **InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -12616,9 +13165,9 @@ If you do not configure this policy setting, the Notification bar will be displa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12679,9 +13228,9 @@ If you disable or do not configure this policy setting, the user is prompted to > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12742,9 +13291,9 @@ If you disable or do not configure this policy setting, ActiveX controls can be > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12807,9 +13356,9 @@ If you do not configure this policy setting, any zone can be protected from zone > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12872,9 +13421,9 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -12937,9 +13486,9 @@ If you do not configure this policy setting, the user's preference will be used > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13002,9 +13551,9 @@ If you do not configure this policy setting, the user's preference determines wh > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13067,9 +13616,9 @@ If you do not configure this policy setting, users cannot load a page in the zon > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13132,9 +13681,9 @@ If you do not configure this policy setting, script code on pages in the zone is > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13197,9 +13746,9 @@ If you do not configure this policy setting, ActiveX control installations will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13260,9 +13809,9 @@ If you disable or do not configure this setting, file downloads that are not use > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13325,9 +13874,9 @@ If you do not configure this policy setting, binary and script behaviors are not > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13392,9 +13941,9 @@ If you do not configure this policy setting, a script cannot perform a clipboard > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13457,9 +14006,9 @@ If you do not configure this policy setting, users are queried to choose whether > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13522,9 +14071,9 @@ If you do not configure this policy setting, files are prevented from being down > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13587,9 +14136,9 @@ If you do not configure this policy setting, users are queried whether to allow > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13652,9 +14201,9 @@ If you do not configure this policy setting, the possibly harmful navigations ar > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13717,9 +14266,9 @@ If you do not configure this policy setting, the user can decide whether to load > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13782,9 +14331,9 @@ If you do not configure this policy setting, a user's browser that loads a page > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13847,9 +14396,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13910,9 +14459,9 @@ If you disable this policy setting, the user does not see the per-site ActiveX p > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -13973,9 +14522,9 @@ If you disable this policy setting, the TDC Active X control will run from all s > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14038,9 +14587,9 @@ If you do not configure this policy setting, the possible harmful actions contai > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14103,9 +14652,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14168,9 +14717,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14235,9 +14784,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14298,9 +14847,9 @@ If you disable or do not configure this policy setting, script is not allowed to > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14363,9 +14912,9 @@ If you do not configure this policy setting, users cannot preserve information i > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14430,9 +14979,9 @@ If you do not configure or disable this policy setting, VBScript is prevented fr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14495,9 +15044,9 @@ If you don't configure this policy setting, Internet Explorer always checks with > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14560,9 +15109,9 @@ If you do not configure this policy setting, signed controls cannot be downloade > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14625,9 +15174,9 @@ If you do not configure this policy setting, users cannot run unsigned controls. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14688,9 +15237,9 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14755,9 +15304,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14822,9 +15371,9 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14887,9 +15436,9 @@ If you do not configure this policy setting, the actions that may be harmful can > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -14952,9 +15501,9 @@ If you do not configure this policy setting, the user can choose whether path in > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15019,9 +15568,9 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15090,9 +15639,9 @@ If you do not configure this policy setting, Java applets are disabled. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15155,9 +15704,9 @@ If you do not configure this policy setting, users are prevented from running ap > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15228,9 +15777,9 @@ If you do not configure this policy setting, logon is set to Prompt for username > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15293,9 +15842,9 @@ If you do not configure this policy setting, users cannot open other windows and > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15360,9 +15909,9 @@ If you do not configure this policy setting, controls and plug-ins are prevented > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15425,9 +15974,9 @@ If you do not configure this policy setting, Internet Explorer will not execute > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15492,9 +16041,9 @@ If you do not configure this policy setting, script interaction is prevented fro > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15559,9 +16108,9 @@ If you do not configure this policy setting, scripts are prevented from accessin > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15624,9 +16173,9 @@ If you do not configure this policy setting, the user can configure how the comp > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15689,9 +16238,9 @@ If you do not configure this policy setting, the user can turn on or turn off Pr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15754,9 +16303,9 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15819,9 +16368,9 @@ If you do not configure this policy setting, popup windows and other restriction > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15882,9 +16431,9 @@ If you disable or do not configure this policy setting, the user can configure h > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -15948,9 +16497,9 @@ Also, see the "Security zones: Do not allow users to change policies" policy. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16011,9 +16560,9 @@ If you disable or do not configure this policy setting, ActiveX controls, includ > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16076,9 +16625,9 @@ If you do not configure this policy setting, users can load a page in the zone t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16141,9 +16690,9 @@ If you do not configure this policy setting, users will receive a prompt when a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16204,9 +16753,9 @@ If you disable or do not configure this setting, users will receive a file downl > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16269,9 +16818,9 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16334,9 +16883,9 @@ If you do not configure this policy setting, a warning is issued to the user tha > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16399,9 +16948,9 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16464,9 +17013,9 @@ If you do not configure this policy setting, the user can enable or disable scri > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16531,9 +17080,9 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16596,9 +17145,9 @@ If you do not configure this policy setting, users can preserve information in t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16661,9 +17210,9 @@ If you don't configure this policy setting, Internet Explorer won't check with y > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16728,9 +17277,9 @@ If you do not configure this policy setting, users are queried whether to allow > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16799,9 +17348,9 @@ If you do not configure this policy setting, the permission is set to Low Safety > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16864,9 +17413,9 @@ If you do not configure this policy setting, users can open windows and frames f > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -16878,14 +17427,45 @@ ADMX Info: + + + + + + + + + + + + +## InternetExplorer policies supported by IoT Core + +- [InternetExplorer/DisableActiveXVersionListAutoDownload](#internetexplorer-disableactivexversionlistautodownload) +- [InternetExplorer/DisableCompatView](#internetexplorer-disablecompatview) +- [InternetExplorer/DisableGeolocation](#internetexplorer-disablegeolocation) + + + +## InternetExplorer policies supported by IoT Enterprise + +- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](#internetexplorer-allowenhancedsuggestionsinaddressbar) +- [InternetExplorer/DisableActiveXVersionListAutoDownload](#internetexplorer-disableactivexversionlistautodownload) +- [InternetExplorer/DisableCompatView](#internetexplorer-disablecompatview) +- [InternetExplorer/DisableFeedsBackgroundSync](#internetexplorer-disablefeedsbackgroundsync) +- [InternetExplorer/DisableGeolocation](#internetexplorer-disablegeolocation) +- [InternetExplorer/DisableWebAddressAutoComplete](#internetexplorer-disablewebaddressautocomplete) +- [InternetExplorer/NewTabDefaultPage](#internetexplorer-newtabdefaultpage) + + +
                                      -Footnote: +Footnotes: - 1 - Added in Windows 10, version 1607. - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - - - +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 276d6b2c9e..2df8f06e1a 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Kerberos description: Policy CSP - Kerberos -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Kerberos @@ -89,9 +91,9 @@ If you disable or do not configure this policy setting, the Kerberos client does > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -150,9 +152,9 @@ If you disable or do not configure this policy setting, the client devices will > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -216,9 +218,9 @@ If you disable or do not configure this policy setting, the client computers in > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -278,9 +280,9 @@ If you disable or do not configure this policy setting, the Kerberos client requ > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -344,9 +346,9 @@ Note: This policy setting configures the existing MaxTokenSize registry value in > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 57cbcfb347..99fb4e9a1b 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -1,12 +1,14 @@ --- title: Policy CSP - KioskBrowser description: Policy CSP - KioskBrowser -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - KioskBrowser @@ -86,7 +88,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -132,7 +134,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -178,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart. -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -267,7 +269,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -313,7 +315,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back). -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -361,7 +363,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. -> [!Note] +> [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 18bcc8cfed..d185745718 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -1,12 +1,14 @@ --- title: Policy CSP - LanmanWorkstation description: Policy CSP - LanmanWorkstation -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - LanmanWorkstation diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 79d19dcdbb..4c7c69815e 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Licensing description: Policy CSP - Licensing -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index b1594d5d38..b74019c352 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1,12 +1,14 @@ --- title: Policy CSP - LocalPoliciesSecurityOptions description: Policy CSP - LocalPoliciesSecurityOptions -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - LocalPoliciesSecurityOptions @@ -24,12 +26,6 @@ ms.date: 06/26/2018
                                      LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                                      -
                                      - LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus -
                                      -
                                      - LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus -
                                      LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                                      @@ -255,131 +251,6 @@ The following list shows the supported values:
                                      - -**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** - - - - - - - - - - - - - - - - - - - - - -
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark3check mark3check mark3check mark3cross markcross mark
                                      - - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
                                      - - - -This security setting determines whether the local Administrator account is enabled or disabled. - -If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. -Disabling the Administrator account can become a maintenance issue under certain circumstances. - -Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. - -Default: Disabled. - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - -GP Info: -- GP English name: *Accounts: Administrator account status* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - -Valid values: -- 0 - local Administrator account is disabled -- 1 - local Administrator account is enabled - - - - -
                                      - - -**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** - - - - - - - - - - - - - - - - - - - - - -
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark3check mark3check mark3check mark3cross markcross mark
                                      - - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
                                      - - - -This security setting determines if the Guest account is enabled or disabled. - -Default: Disabled. - -Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - -GP Info: -- GP English name: *Accounts: Guest account status* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - -Valid values: -- 0 - local Guest account is disabled -- 1 - local Guest account is enabled - - - - -
                                      - **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -821,7 +692,7 @@ GP Info: -> [!Warning] +> [!WARNING] > Starting in the version 1809 of Windows, this policy is deprecated. Domain member: Digitally encrypt or sign secure channel data (always) @@ -891,7 +762,7 @@ GP Info: -> [!Warning] +> [!WARNING] > Starting in the version 1809 of Windows, this policy is deprecated. Domain member: Digitally encrypt secure channel data (when possible) @@ -958,7 +829,7 @@ GP Info: -> [!Warning] +> [!WARNING] > Starting in the version 1809 of Windows, this policy is deprecated. Domain member: Disable machine account password changes diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index afa30b7b07..0f90b19790 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -1,12 +1,14 @@ --- title: Policy CSP - LockDown description: Policy CSP - LockDown -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 37f9f79bdb..1028e204b8 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Maps description: Policy CSP - Maps -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 9e96723b2f..b2efd6a840 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Messaging description: Policy CSP - Messaging -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 5b9f201e0a..4e53332f72 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -1,12 +1,14 @@ --- title: Policy CSP - MSSecurityGuide description: Policy CSP - MSSecurityGuide -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - MSSecurityGuide @@ -81,9 +83,9 @@ ms.date: 04/16/2018 > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -136,9 +138,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -191,9 +193,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -246,9 +248,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -301,9 +303,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -356,9 +358,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index dd2518efdf..722b58c97c 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -1,12 +1,14 @@ --- title: Policy CSP - MSSLegacy description: Policy CSP - MSSLegacy -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - MSSLegacy @@ -75,9 +77,9 @@ ms.date: 04/16/2018 > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -130,9 +132,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -185,9 +187,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -240,9 +242,9 @@ ADMX Info: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 2e5574d79b..9404b184fc 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -1,12 +1,14 @@ --- title: Policy CSP - NetworkIsolation description: Policy CSP - NetworkIsolation -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 2d3a5e15e8..1624dfe21f 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Notifications description: Policy CSP - Notifications -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Notifications @@ -79,7 +81,7 @@ If you disable or do not configure this policy setting, the client computer will No reboots or service restarts are required for this policy setting to take effect. -> [!Warning] +> [!WARNING] > This policy is designed for zero exhaust. This policy may cause some MDM processes to break because WNS notification is used by the MDM server to send real time tasks to the device, such as remote wipe, unenroll, remote find, and mandatory app installation. When this policy is set to disallow WNS, those real time processes will no longer work and some time-sensitive actions such as remote wipe when the device is stolen or unenrollment when the device is compromised will not work. diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 51f9efc4a5..643ff5cea3 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -1,18 +1,19 @@ --- title: Policy CSP - Power description: Policy CSP - Power -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 04/16/2018 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Power -
                                      @@ -31,6 +32,12 @@ ms.date: 04/16/2018
                                      Power/DisplayOffTimeoutPluggedIn
                                      +
                                      + Power/EnergySaverBatteryThresholdOnBattery +
                                      +
                                      + Power/EnergySaverBatteryThresholdPluggedIn +
                                      Power/HibernateTimeoutOnBattery
                                      @@ -43,12 +50,42 @@ ms.date: 04/16/2018
                                      Power/RequirePasswordWhenComputerWakesPluggedIn
                                      +
                                      + Power/SelectLidCloseActionOnBattery +
                                      +
                                      + Power/SelectLidCloseActionPluggedIn +
                                      +
                                      + Power/SelectPowerButtonActionOnBattery +
                                      +
                                      + Power/SelectPowerButtonActionPluggedIn +
                                      +
                                      + Power/SelectSleepButtonActionOnBattery +
                                      +
                                      + Power/SelectSleepButtonActionPluggedIn +
                                      Power/StandbyTimeoutOnBattery
                                      Power/StandbyTimeoutPluggedIn
                                      +
                                      + Power/TurnOffHybridSleepOnBattery +
                                      +
                                      + Power/TurnOffHybridSleepPluggedIn +
                                      +
                                      + Power/UnattendedSleepTimeoutOnBattery +
                                      +
                                      + Power/UnattendedSleepTimeoutPluggedIn +
                                      @@ -99,9 +136,9 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -161,9 +198,9 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -225,9 +262,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -289,9 +326,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -306,6 +343,139 @@ ADMX Info:
                                      + +**Power/EnergySaverBatteryThresholdOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + + +Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must specify a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level. + +If you disable or do not configure this policy setting, users control this setting. + + + + +ADMX Info: +- GP English name: *Energy Saver Battery Threshold (on battery)* +- GP name: *EsBattThresholdDC* +- GP element: *EnterEsBattThreshold* +- GP path: *System/Power Management/Energy Saver Settings* +- GP ADMX file name: *power.admx* + + + +Supported values: 0-100. The default is 70. + + + + + + + + + +
                                      + + +**Power/EnergySaverBatteryThresholdPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must provide a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level. + +If you disable or do not configure this policy setting, users control this setting. + + + + +ADMX Info: +- GP English name: *Energy Saver Battery Threshold (plugged in)* +- GP name: *EsBattThresholdAC* +- GP element: *EnterEsBattThreshold* +- GP path: *System/Power Management/Energy Saver Settings* +- GP ADMX file name: *power.admx* + + + +Supported values: 0-100. The default is 70. + + + + + + + + + +
                                      + **Power/HibernateTimeoutOnBattery** @@ -353,9 +523,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -417,9 +587,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -479,9 +649,9 @@ If you disable this policy setting, the user is not prompted for a password when > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -541,9 +711,9 @@ If you disable this policy setting, the user is not prompted for a password when > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -558,6 +728,438 @@ ADMX Info:
                                      + +**Power/SelectLidCloseActionOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the lid switch action (on battery)* +- GP name: *DCSystemLidAction_2* +- GP element: *SelectDCSystemLidAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported lid close switch actions (on battery): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + + +**Power/SelectLidCloseActionPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the lid switch action (plugged in)* +- GP name: *ACSystemLidAction_2* +- GP element: *SelectACSystemLidAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported lid close switch actions (plugged in): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + + +**Power/SelectPowerButtonActionOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the Power button action (on battery)* +- GP name: *DCPowerButtonAction_2* +- GP element: *SelectDCPowerButtonAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported Power button actions (on battery): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + + +**Power/SelectPowerButtonActionPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the Power button action (plugged in)* +- GP name: *ACPowerButtonAction_2* +- GP element: *SelectACPowerButtonAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported Power button actions (plugged in): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + + +**Power/SelectSleepButtonActionOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the Sleep button action (on battery)* +- GP name: *DCSleepButtonAction_2* +- GP element: *SelectDCSleepButtonAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported Sleep button actions (on battery): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + + +**Power/SelectSleepButtonActionPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button. + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + +ADMX Info: +- GP English name: *Select the Sleep button action (plugged in)* +- GP name: *ACSleepButtonAction_2* +- GP element: *SelectACSleepButtonAction* +- GP path: *System/Power Management/Button Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported Sleep button actions (plugged in): +- 0 - Take no action +- 1 - Sleep +- 2 - System hibernate sleep state +- 3 - System shutdown + + + + + + + + + + +
                                      + **Power/StandbyTimeoutOnBattery** @@ -605,9 +1207,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -669,9 +1271,9 @@ If the user has configured a slide show to run on the lock screen when the machi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -683,14 +1285,291 @@ ADMX Info: +
                                      -Footnote: + +**Power/TurnOffHybridSleepOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep. + +If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you set this policy setting to 1 or do not configure this policy setting, users control this setting. + + + + +ADMX Info: +- GP English name: *Turn off hybrid sleep (on battery)* +- GP name: *DCStandbyWithHiberfileEnable_2* +- GP path: *System/Power Management/Sleep Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported values for Hybrid sleep (on battery): +- 0 - no hibernation file for sleep (default) +- 1 - hybrid sleep + + + + + + + + + + +
                                      + + +**Power/TurnOffHybridSleepPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep. + +If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you set this policy setting to 1 or do not configure this policy setting, users control this setting. + + + + +ADMX Info: +- GP English name: *Turn off hybrid sleep (plugged in)* +- GP name: *ACStandbyWithHiberfileEnable_2* +- GP path: *System/Power Management/Sleep Settings* +- GP ADMX file name: *power.admx* + + + + +The following are the supported values for Hybrid sleep (plugged in): +- 0 - no hibernation file for sleep (default) +- 1 - hybrid sleep + + + + + + + + + + +
                                      + + +**Power/UnattendedSleepTimeoutOnBattery** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + +ADMX Info: +- GP English name: *Specify the unattended sleep timeout (on battery)* +- GP name: *UnattendedSleepTimeOutDC* +- GP element: *EnterUnattendedSleepTimeOut* +- GP path: *System/Power Management/Sleep Settings* +- GP ADMX file name: *power.admx* + + + +Default value for unattended sleep timeout (on battery): +300 + + + + + + + + + +
                                      + + +**Power/UnattendedSleepTimeoutPluggedIn** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + +ADMX Info: +- GP English name: *Specify the unattended sleep timeout (plugged in)* +- GP name: *UnattendedSleepTimeOutAC* +- GP element: *EnterUnattendedSleepTimeOut* +- GP path: *System/Power Management/Sleep Settings* +- GP ADMX file name: *power.admx* + + + +Default value for unattended sleep timeout (plugged in): +300 + + + + + + + + + + +
                                      + +Footnotes: - 1 - Added in Windows 10, version 1607. - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - - - +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index ae57e495a7..b8ebc7042d 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Printers description: Policy CSP - Printers -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Printers @@ -91,9 +93,9 @@ If you disable this policy setting: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -166,9 +168,9 @@ If you disable this policy setting: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -230,9 +232,9 @@ Note: This settings takes priority over the setting "Automatically publish new p > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index e59ee6fa01..3395ba9cee 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Privacy description: Policy CSP - Privacy -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Privacy @@ -316,7 +318,7 @@ ms.date: 05/01/2019 Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. -> [!Note] +> [!NOTE] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. @@ -4875,4 +4877,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in the next major release of Windows 10. diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index d66ad8a1f8..4a64d0d55d 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RemoteAssistance description: Policy CSP - RemoteAssistance -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RemoteAssistance @@ -87,9 +89,9 @@ If you do not configure this policy setting, the user sees the default warning m > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -151,9 +153,9 @@ If you do not configure this setting, application-based settings are used. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -223,9 +225,9 @@ If you enable this policy setting you should also enable appropriate firewall ex > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -318,9 +320,9 @@ Allow Remote Desktop Exception > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 6621ddedd2..4a7f1eebd5 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RemoteDesktopServices description: Policy CSP - RemoteDesktopServices -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RemoteDesktopServices @@ -93,9 +95,9 @@ You can limit the number of users who can connect simultaneously by configuring > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -165,9 +167,9 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -231,9 +233,9 @@ If you do not configure this policy setting, client drive redirection and Clipbo > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -293,9 +295,9 @@ If you disable this setting or leave it not configured, the user will be able to > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -361,9 +363,9 @@ If you do not configure this policy setting, automatic logon is not specified at > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -429,9 +431,9 @@ Note: The RPC interface is used for administering and configuring Remote Desktop > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 39752ff60e..ba8a7d6310 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RemoteManagement description: Policy CSP - RemoteManagement -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RemoteManagement @@ -114,9 +116,9 @@ If you disable or do not configure this policy setting, the WinRM client does no > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -176,9 +178,9 @@ If you disable or do not configure this policy setting, the WinRM service does n > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -238,9 +240,9 @@ If you disable or do not configure this policy setting, the WinRM client does no > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -300,9 +302,9 @@ If you disable or do not configure this policy setting, the WinRM service does n > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -375,9 +377,9 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FE > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -437,9 +439,9 @@ If you disable or do not configure this policy setting, the WinRM client sends o > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -499,9 +501,9 @@ If you disable or do not configure this policy setting, the WinRM client sends o > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -561,9 +563,9 @@ If you disable or do not configure this policy setting, the WinRM client uses Di > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -623,9 +625,9 @@ If you disable or do not configure this policy setting, the WinRM client uses Ne > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -685,9 +687,9 @@ If you disable or do not configure this policy setting, the WinRM service accept > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -749,9 +751,9 @@ If you enable and then disable this policy setting,any values that were previous > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -817,9 +819,9 @@ If HardeningLevel is set to None, all requests are accepted (though they are not > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -879,9 +881,9 @@ If you disable or do not configure this policy setting and the WinRM client need > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -945,9 +947,9 @@ A listener might be automatically created on port 80 to ensure backward compatib > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1011,9 +1013,9 @@ A listener might be automatically created on port 443 to ensure backward compati > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 3422d53682..ade921ae21 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RemoteProcedureCall description: Policy CSP - RemoteProcedureCall -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RemoteProcedureCall @@ -79,9 +81,9 @@ Note: This policy will not be applied until the system is rebooted. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -153,9 +155,9 @@ Note: This policy setting will not be applied until the system is rebooted. > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 300e4c4f1f..21cfd117d2 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RemoteShell description: Policy CSP - RemoteShell -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RemoteShell @@ -90,9 +92,9 @@ If you set this policy to ‘disabled’, new remote shell connections are rejec > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -154,9 +156,9 @@ If you disable or do not configure this policy setting, the default number is fi > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -218,9 +220,9 @@ If you do not configure or disable this policy setting, the default value of 900 > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -282,9 +284,9 @@ If you disable or do not configure this policy setting, the value 150 is used by > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -344,9 +346,9 @@ If you disable or do not configure this policy setting, the limit is five proce > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -408,9 +410,9 @@ If you disable or do not configure this policy setting, by default the limit is > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -466,9 +468,9 @@ This policy setting is deprecated and has no effect when set to any state: Enabl > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 9b75fbd479..9c125b8c0f 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -1,12 +1,14 @@ --- title: Policy CSP - RestrictedGroups description: Policy CSP - RestrictedGroups -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/15/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - RestrictedGroups diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 3106f2b945..d5903f1493 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -1,18 +1,19 @@ --- title: Policy CSP - Search description: Policy CSP - Search -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/01/2019 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Search -
                                      @@ -25,6 +26,9 @@ ms.date: 05/01/2019
                                      Search/AllowCortanaInAAD
                                      +
                                      + Search/AllowFindMyFiles +
                                      Search/AllowIndexingEncryptedStoresOrItems
                                      @@ -181,6 +185,71 @@ The following list shows the supported values: +
                                      + + +**Search/AllowFindMyFiles** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. + + + +ADMX Info: +- GP English name: *Allow Find My Files* +- GP name: *AllowFindMyFiles* +- GP path: *Computer Configuration/Administrative Templates/Windows Components/Search* +- GP ADMX file name: *Search.admx* + + + +The following list shows the supported values: + +- 1 (Default) - Find My Files feature can be toggled (still off by default), and the settings UI is present. +- 0 - Find My Files feature is turned off completely, and the settings UI is disabled. + + + + + + + + + + +
                                      @@ -872,4 +941,5 @@ Footnotes: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. \ No newline at end of file +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index e6bce4de0b..4467309f6d 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Security description: Policy CSP - Security -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Security @@ -763,4 +765,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in the next major release of Windows 10. diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md new file mode 100644 index 0000000000..9ce3ab68b9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -0,0 +1,112 @@ +--- +title: Policy CSP - ServiceControlManager +description: Policy CSP - ServiceControlManager +ms.author: Heidi.Lohr +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: Heidilohr +ms.date: 05/21/2019 +--- + +# Policy CSP - ServiceControlManager + + +
                                      + + +## ServiceControlManager policies + +
                                      +
                                      + ServiceControlManager/SvchostProcessMitigation +
                                      +
                                      + +
                                      + + +**ServiceControlManager/SvchostProcessMitigation** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcross markcheck mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +This policy setting enables process mitigation options on svchost.exe processes. + +If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. + +This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code. + +If you disable or do not configure this policy setting, the stricter security settings will not be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable svchost.exe mitigation options* +- GP name: *SvchostProcessMitigationEnable* +- GP path: *System/Service Control Manager Settings/Security Settings* +- GP ADMX file name: *ServiceControlManager.admx* + + + +Supported values: +- disabled - Do not add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. +- enabled - Add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. + + + + + + + + + + + +
                                      + +Footnotes: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. +- 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 5ff09bf3e4..cecaec5871 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Settings description: Policy CSP - Settings -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Settings @@ -864,4 +866,4 @@ Footnotes: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. \ No newline at end of file +- 5 - Added in Windows 10, version 1809. diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index e7bdc48ee7..61a11806fa 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -1,12 +1,14 @@ --- title: Policy CSP - SmartScreen description: Policy CSP - SmartScreen -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index bd274c38df..9d1d87faa3 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Speech description: Policy CSP - Speech -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Speech @@ -105,4 +107,4 @@ Footnotes: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. \ No newline at end of file +- 5 - Added in Windows 10, version 1809. diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index ee31dd0aa6..05e37d1dc9 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Start description: Policy CSP - Start -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 101a8715e5..02d36e60d9 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Storage description: Policy CSP - Storage -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 01/14/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Storage @@ -572,9 +574,9 @@ If you disable or do not configure this policy setting, Windows will activate un > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 77c58a2714..3781130045 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1,19 +1,18 @@ --- title: Policy CSP - System description: Policy CSP - System -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/01/2019 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - System -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
                                      @@ -24,6 +23,9 @@ ms.date: 05/01/2019
                                      System/AllowBuildPreview
                                      +
                                      + System/AllowCommercialDataPipeline +
                                      System/AllowDeviceNameInDiagnosticData
                                      @@ -84,6 +86,9 @@ ms.date: 05/01/2019
                                      System/TelemetryProxy
                                      +
                                      + System/TurnOffFileHistory +
                                      @@ -128,7 +133,6 @@ ms.date: 05/01/2019 > [!NOTE] > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. - This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software. If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. @@ -154,6 +158,80 @@ The following list shows the supported values:
                                      + +**System/AllowCommercialDataPipeline** + + + + + + + + + + + + + + + + + + + + + +
                                      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                      cross markcheck mark6check mark6check mark6check mark6
                                      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                      + + + +> [!NOTE] +> This policy setting applies only to the Windows operating system and apps included with Windows, it does not apply to third-party apps or services running on Windows 10. + +This policy setting opts the device into the Windows enterprise data pipeline. + +If you enable this setting, data collected from the device is opted into the Windows enterprise data pipeline. + +If you disable or do not configure this setting, all data from the device is collected and processed in accordance with the policies for the Windows standard data pipeline. + +Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. + + + +ADMX Info: +- GP English name: *Allow commercial data pipeline* +- GP name: *AllowCommercialDataPipeline* +- GP element: *AllowCommercialDataPipeline* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 (default) - Do not use the Windows Commercial Data Pipeline +- 1 - Use the Windows Commercial Data Pipeline + + + + + + + + + + +
                                      + **System/AllowDeviceNameInDiagnosticData** @@ -366,7 +444,7 @@ This MDM setting corresponds to the EnableFontProviders Group Policy setting. If This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content. -> [!Note] +> [!NOTE] > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service. @@ -688,9 +766,9 @@ Most restricted value is 0. > [!TIP] > This policy is also applicable to Windows 10 and not exclusive to phone. - -The following list shows the supported values: -orted values: +> +> The following list shows the supported values: +> orted values: - 0 – Not allowed. - 1 (default) – Allowed to reset to factory default settings. @@ -751,9 +829,9 @@ If your malware detection application does not include an Early Launch Antimalwa > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1250,9 +1328,9 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -1362,7 +1440,7 @@ To enable this behavior you must complete two steps:
                                    • Set Allow Telemetry to level 2 (Enhanced)
                                    -When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594). +When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics. Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. @@ -1434,6 +1512,73 @@ ADMX Info: +
                                    + + +**System/TurnOffFileHistory** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting allows you to turn off File History. + +If you enable this policy setting, File History cannot be activated to create regular, automatic backups. + +If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups. + + + +ADMX Info: +- GP English name: *Turn off File History* +- GP name: *DisableFileHistory* +- GP path: *Windows Components/File History* +- GP ADMX file name: *FileHistory.admx* + + + +The following list shows the supported values: + +- false (default) - allow File History +- true - turn off File History + + + + + + + + + @@ -1459,4 +1604,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 89a649fe5c..1b98e5a487 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -1,12 +1,14 @@ --- title: Policy CSP - SystemServices description: Policy CSP - SystemServices -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - SystemServices diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index e806cf4108..5e4b03fa34 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -1,12 +1,14 @@ --- title: Policy CSP - TaskManager description: Policy CSP - TaskManager -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/05/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - TaskManager diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 94c33279b8..ca2b448d50 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -1,12 +1,14 @@ --- title: Policy CSP - TaskScheduler description: Policy CSP - TaskScheduler -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - TaskScheduler diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index a6403f3b61..ce3e59ecc4 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -1,12 +1,14 @@ --- title: Policy CSP - TextInput description: Policy CSP - TextInput -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - TextInput @@ -1342,16 +1344,16 @@ Footnote: ## TextInput policies supported by Microsoft Surface Hub -- [TextInput/AllowIMELogging](#textinput-allowimelogging) -- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) -- [TextInput/AllowInputPanel](#textinput-allowinputpanel) -- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) -- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) -- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) -- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) -- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) -- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) -- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) -- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) - +- [TextInput/AllowIMELogging](#textinput-allowimelogging) +- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess) +- [TextInput/AllowInputPanel](#textinput-allowinputpanel) +- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters) +- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters) +- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph) +- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary) +- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) +- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) +- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) + diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 789ee01b85..b4e998c79c 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -1,18 +1,18 @@ --- title: Policy CSP - TimeLanguageSettings description: Policy CSP - TimeLanguageSettings -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/09/2019 +author: manikadhiman +ms.date: 03/12/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - TimeLanguageSettings -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
                                    diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md new file mode 100644 index 0000000000..ec68e060bc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -0,0 +1,141 @@ +--- +title: Policy CSP - Troubleshooting +description: Policy CSP - Troubleshooting +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: MariciaAlforque +ms.date: 05/21/2019 +--- + +# Policy CSP - Troubleshooting + + +
                                    + + +## Troubleshooting policies + +
                                    +
                                    + Troubleshooting/AllowRecommendations +
                                    +
                                    + + +
                                    + + +**Troubleshooting/AllowRecommendations** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments. + + + + +This is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios. + +Supported values: +- 0 (default) - Turn this feature off. +- 1 - Turn this feature off but still apply critical troubleshooting. +- 2 - Notify users when recommended troubleshooting is available, then allow the user to run or ignore it. +- 3 - Run recommended troubleshooting automatically and notify the user after it ran successfully. +- 4 - Run recommended troubleshooting automatically without notifying the user. +- 5 - Allow the user to choose their own recommended troubleshooting settings. + +By default, this policy is not configured and the SKU based defaults are used for managed devices. Current policy values for SKU's are as follows: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                    SKUUnmanaged DefaultManaged Default
                                    HomePrompt (OOBE)Off
                                    ProPrompt (OOBE)Off
                                    EducationOn (auto)Off
                                    EnterpriseOffOff
                                    GovernmentOffOff
                                    + + + +ADMX Info:
                                    - GP English name: Troubleshooting: Allow users to access recommended troubleshooting for known problems +- GP name: TroubleshootingAllowRecommendations +- GP path: Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool +- GP ADMX file name: MSDT.admx + + + + + + + + + + + + +
                                    + +Footnotes: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. +- 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index ab8f25ac1d..7fe7216b40 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1,19 +1,18 @@ --- title: Policy CSP - Update description: Policy CSP - Update -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/01/2019 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Update -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
                                    @@ -57,9 +56,24 @@ ms.date: 05/01/2019
                                    Update/AutoRestartRequiredNotificationDismissal
                                    +
                                    + Update/AutomaticMaintenanceWakeUp +
                                    Update/BranchReadinessLevel
                                    +
                                    + Update/ConfigureDeadlineForFeatureUpdates +
                                    +
                                    + Update/ConfigureDeadlineForQualityUpdates +
                                    +
                                    + Update/ConfigureDeadlineGracePeriod +
                                    +
                                    + Update/ConfigureDeadlineNoAutoReboot +
                                    Update/ConfigureFeatureUpdateUninstallPeriod
                                    @@ -189,6 +203,7 @@ ms.date: 05/01/2019
                                    + > [!NOTE] > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). @@ -411,7 +426,7 @@ Supported operations are Get and Replace. > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. -  + If the policy is not configured, end-users get the default behavior (Auto install and restart). @@ -933,6 +948,75 @@ The following list shows the supported values:
                                    + +**Update/AutomaticMaintenanceWakeUp** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting allows you to configure if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. + +> [!Note] +> If the OS power wake policy is explicitly disabled, then this setting has no effect. + +If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required. + +If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. + + + +ADMX Info: +- GP English name: *Automatic Maintenance WakeUp Policy* +- GP name: *WakeUpPolicy* +- GP path: *Windows Components/Maintenance Scheduler* +- GP ADMX file name: *msched.admx* + + + +Supported values: +- true - Enable +- false - Disable (Default) + + + + + + + + + +
                                    + **Update/BranchReadinessLevel** @@ -995,6 +1079,306 @@ The following list shows the supported values:
                                    + +**Update/ConfigureDeadlineForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. + +Default value is 7. + + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineForFeatureUpdates* +- GP element: *ConfigureDeadlineForFeatureUpdates* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + + + + + + + + + +
                                    + + +**Update/ConfigureDeadlineForQualityUpdates** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineForQualityUpdates* +- GP element: *ConfigureDeadlineForQualityUpdates* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. + +Default value is 7. + + + + + + + + + +
                                    + + +**Update/ConfigureDeadlineGracePeriod** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. + + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineGracePeriod* +- GP element: *ConfigureDeadlineGracePeriod* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. + +Default value is 2. + + + + + + + + + +
                                    + + +**Update/ConfigureDeadlineNoAutoReboot** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +Added in Windows 10, version 1903. If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart. + +When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. + + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineNoAutoReboot* +- GP element: *ConfigureDeadlineNoAutoReboot* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supported values: +- 1 - Enabled +- 0 (default) - Disabled + + + + + + + + + +
                                    + + +**Update/ConfigureFeatureUpdateUninstallPeriod** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark4check mark4check mark4check mark4cross markcross mark
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. + + + + +
                                    + **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -1205,31 +1589,31 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. OS upgrade: -- Maximum deferral: 8 months -- Deferral increment: 1 month -- Update type/notes: - - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 +- Maximum deferral: 8 months +- Deferral increment: 1 month +- Update type/notes: + - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 Update: -- Maximum deferral: 1 month -- Deferral increment: 1 week -- Update type/notes: - If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. - - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 - - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 - - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F - - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 - - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB - - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F - - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 - - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 +- Maximum deferral: 1 month +- Deferral increment: 1 week +- Update type/notes: + If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. + - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 + - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 + - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F + - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 + - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB + - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F + - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 + - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 Other/cannot defer: -- Maximum deferral: No deferral -- Deferral increment: No deferral -- Update type/notes: - Any update category not specifically enumerated above falls into this category. - - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B +- Maximum deferral: No deferral +- Deferral increment: No deferral +- Update type/notes: + Any update category not specifically enumerated above falls into this category. + - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B @@ -3402,7 +3786,7 @@ Options: - 1 – Turn off all notifications, excluding restart warnings - 2 – Turn off all notifications, including restart warnings -> [!Important] +> [!IMPORTANT] > If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk. @@ -3463,7 +3847,7 @@ ADMX Info: -> [!Important] +> [!IMPORTANT] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. @@ -3555,7 +3939,7 @@ To use this setting, you must set two server name values: the server from which Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. -> [!Note] +> [!NOTE] > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. > If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. @@ -3579,11 +3963,12 @@ ADMX Info: - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) + @@ -3591,14 +3976,32 @@ ADMX Info: - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) + -
                                    + +## Update policies supported by IoT Core + +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) + + + +## Update policies supported by IoT Enterprise + +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) + +
                                    Footnotes: @@ -3607,4 +4010,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 75e19260d4..a045fc0a48 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1,12 +1,14 @@ --- title: Policy CSP - UserRights description: Policy CSP - UserRights -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/31/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - UserRights @@ -42,31 +44,31 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator. -- Grant an user right to Administrators group via SID: - ``` - *S-1-5-32-544 - ``` +- Grant an user right to Administrators group via SID: + ``` + *S-1-5-32-544 + ``` -- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID - ``` - *S-1-5-32-544*S-1-5-11 - ``` +- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID + ``` + *S-1-5-32-544*S-1-5-11 + ``` -- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings - ``` - *S-1-5-32-544Authenticated Users - ``` +- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings + ``` + *S-1-5-32-544Authenticated Users + ``` -- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings - ``` - Authenticated UsersAdministrators - ``` +- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings + ``` + Authenticated UsersAdministrators + ``` -- Empty input indicates that there are no users configured to have that user right - ``` - - ``` -If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. +- Empty input indicates that there are no users configured to have that user right + ``` + + ``` + If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. > [!Note] > `` is the entity encoding of 0xF000. diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index ff2649412f..ec997ee27b 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -1,12 +1,14 @@ --- title: Policy CSP - Wifi description: Policy CSP - Wifi -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/01/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - Wifi @@ -387,7 +389,7 @@ Supported operations are Add, Delete, Get, and Replace. - [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) - [Wifi/AllowWiFi](#wifi-allowwifi) - + ## Wifi policies supported by Windows Holographic @@ -408,13 +410,13 @@ Supported operations are Add, Delete, Get, and Replace. - [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) - [Wifi/AllowWiFi](#wifi-allowwifi) - [Wifi/WLANScanMode](#wifi-wlanscanmode) - + ## Wifi policies supported by Microsoft Surface Hub - [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting) - +
                                    @@ -424,4 +426,4 @@ Footnotes: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. \ No newline at end of file +- 5 - Added in Windows 10, version 1809. diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 8f02a364ba..6824a34e5c 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -1,12 +1,14 @@ --- title: Policy CSP - WindowsConnectionManager description: Policy CSP - WindowsConnectionManager -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - WindowsConnectionManager @@ -79,9 +81,9 @@ If this policy setting is not configured or is disabled, computers are allowed t > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index d8a9e0a74b..cc8580325d 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -1,12 +1,14 @@ --- title: Policy CSP - WindowsDefenderSecurityCenter description: Policy CSP - WindowsDefenderSecurityCenter -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - WindowsDefenderSecurityCenter @@ -434,7 +436,7 @@ Valid values: Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users. -> [!Note] +> [!NOTE] > If Suppress notification is enabled then users will not see critical or non-critical messages. Value type is integer. Supported operations are Add, Get, Replace and Delete. diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 200331150b..ca2a0c7b72 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -1,12 +1,14 @@ --- title: Policy CSP - WindowsInkWorkspace description: Policy CSP - WindowsInkWorkspace -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 05/14/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index e75a0cf6de..e147d62c40 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -1,41 +1,201 @@ --- title: Policy CSP - WindowsLogon description: Policy CSP - WindowsLogon -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 07/12/2018 +author: manikadhiman +ms.date: 05/21/2019 +ms.reviewer: +manager: dansimp --- # Policy CSP - WindowsLogon -
                                    ## WindowsLogon policies
                                    +
                                    + WindowsLogon/AllowAutomaticRestartSignOn +
                                    +
                                    + WindowsLogon/ConfigAutomaticRestartSignOn +
                                    WindowsLogon/DisableLockScreenAppNotifications
                                    WindowsLogon/DontDisplayNetworkSelectionUI
                                    +
                                    + WindowsLogon/EnableFirstLogonAnimation +
                                    WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
                                    WindowsLogon/HideFastUserSwitching
                                    -
                                    - WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart -
                                    +
                                    + + +**WindowsLogon/AllowAutomaticRestartSignOn** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    check mark6check mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot. + +This occurs only if the last interactive user did not sign out before the restart or shutdown.​ + +If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.​ + +If you do not configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​ + +After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​. + +If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Sign-in and lock last interactive user automatically after a restart* +- GP name: *AutomaticRestartSignOn* +- GP path: *Windows Components/Windows Logon Options* +- GP ADMX file name: *WinLogon.admx* + + + + + + + + + + + + + +
                                    + + +**WindowsLogon/ConfigAutomaticRestartSignOn** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    check mark6check mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting controls the configuration under which an automatic restart, sign on, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign on does not occur and this policy need not be configured. + +If you enable this policy setting, you can choose one of the following two options: + +- Enabled if BitLocker is on and not suspended: Specifies that automatic sign on and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. +BitLocker is suspended during updates if: + - The device does not have TPM 2.0 and PCR7 + - The device does not use a TPM-only protector +- Always Enabled: Specifies that automatic sign on happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location. + +If you disable or do not configure this setting, automatic sign on defaults to the “Enabled if BitLocker is on and not suspended” behavior. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot* +- GP name: *ConfigAutomaticRestartSignOn* +- GP path: *Windows Components/Windows Logon Options* +- GP ADMX file name: *WinLogon.admx* + + + + + + + + + + + +
                                    @@ -84,9 +244,9 @@ If you disable or do not configure this policy setting, users can choose which a > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -171,9 +331,9 @@ Here is an example to enable this policy: > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -188,6 +348,78 @@ ADMX Info:
                                    + +**WindowsLogon/EnableFirstLogonAnimation** + + + + + + + + + + + + + + + + + + + + + +
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck mark6check mark6check mark6check mark6
                                    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                                    + + + +This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in. + +If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation. + +If you disable this policy setting, users do not see the animation and Microsoft account users do not see the opt-in prompt for services. + +If you do not configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer do not see the animation. + +> [!NOTE] +> The first sign-in animation is not displayed on Server, so this policy has no effect. + + + + +ADMX Info: +- GP English name: *Show first sign-in animation* +- GP name: *EnableFirstLogonAnimation* +- GP path: *System/Logon* +- GP ADMX file name: *Logon.admx* + + + +Supported values: +- 0 - disabled +- 1 - enabled + + + + + + + + + +
                                    + **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** @@ -233,9 +465,9 @@ If you disable or do not configure this policy setting, the Logon UI will not en > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -313,75 +545,15 @@ To validate on Desktop, do the following: -
                                    - - -**WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart** - - - - - - - - - - - - - - - - - - - - - -
                                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                                    cross markcheck markcheck markcheck markcheck markcross markcross mark
                                    - - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device +
                                    - - -This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system. - -If you enable or do not configure this policy setting, the device securely saves the user's credentials (including the user name, domain and encrypted password) to configure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the session is automatically locked with all the lock screen apps configured for that user. - -If you disable this policy setting, the device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Sign-in last interactive user automatically after a system-initiated restart* -- GP name: *AutomaticRestartSignOn* -- GP path: *Windows Components/Windows Logon Options* -- GP ADMX file name: *WinLogon.admx* - - - -
                                    - -Footnote: +Footnotes: - 1 - Added in Windows 10, version 1607. - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - - - +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 9fc4dd7314..9e2d0223b5 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -1,12 +1,14 @@ --- title: Policy CSP - WindowsPowerShell description: Policy CSP - WindowsPowerShell -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/16/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - WindowsPowerShell @@ -76,9 +78,9 @@ Note: This policy setting exists under both Computer Configuration and User Conf > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 96beff9c33..1ba5d5ec2d 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -1,12 +1,14 @@ --- title: Policy CSP - WirelessDisplay description: Policy CSP - WirelessDisplay -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Policy CSP - WirelessDisplay diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index e9e1339f46..82449daa56 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -2,23 +2,25 @@ title: Policy DDF file description: Policy DDF file ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 08/29/2018 +author: manikadhiman +ms.date: 05/21/2019 --- # Policy DDF file -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can download the DDF files from the links below: +- [Download the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) +- [Download the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/PolicyDDF_all_1809.xml) - [Download the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml) - [Download the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml) - [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml) @@ -27,7 +29,7 @@ You can download the DDF files from the links below: - [Download the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) - [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) -The XML below is the DDF for Windows 10, version 1809. +The XML below is the DDF for Windows 10, version 1903. ``` syntax @@ -53,7 +55,7 @@ The XML below is the DDF for Windows 10, version 1809. - com.microsoft/8.0/MDM/Policy + com.microsoft/9.0/MDM/Policy @@ -1420,12 +1422,12 @@ Related policy: If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: - + <support.contoso.com><support.microsoft.com> If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: -If you do not want to send traffic to Microsoft, enable this policy and use the value, which honors domain- and non-domain-joined devices, when it is the only configured URL. +If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. @@ -1642,7 +1644,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -1653,11 +1655,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -2733,6 +2735,30 @@ Related policy: + + AllowEnhancedSuggestionsInAddressBar + + + + + + + + + + + + + + + + + + + text/plain + + + AllowEnterpriseModeFromToolsMenu @@ -3237,6 +3263,30 @@ Related policy: + + DisableActiveXVersionListAutoDownload + + + + + + + + + + + + + + + + + + + text/plain + + + DisableAdobeFlash @@ -3309,6 +3359,30 @@ Related policy: + + DisableCompatView + + + + + + + + + + + + + + + + + + + text/plain + + + DisableConfiguringHistory @@ -3453,6 +3527,30 @@ Related policy: + + DisableFeedsBackgroundSync + + + + + + + + + + + + + + + + + + + text/plain + + + DisableFirstRunWizard @@ -3501,6 +3599,30 @@ Related policy: + + DisableGeolocation + + + + + + + + + + + + + + + + + + + text/plain + + + DisableHomePageChange @@ -3693,6 +3815,30 @@ Related policy: + + DisableWebAddressAutoComplete + + + + + + + + + + + + + + + + + + + text/plain + + + DoNotAllowActiveXControlsInProtectedMode @@ -6765,6 +6911,30 @@ Related policy: + + NewTabDefaultPage + + + + + + + + + + + + + + + + + + + text/plain + + + NotificationBarInternetExplorerProcesses @@ -10235,7 +10405,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on - + 0 The favorites bar shows your user's links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page. If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu. @@ -10603,12 +10773,12 @@ Related policy: If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: - + <support.contoso.com><support.microsoft.com> If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: -If you do not want to send traffic to Microsoft, enable this policy and use the value, which honors domain- and non-domain-joined devices, when it is the only configured URL. +If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. @@ -10851,7 +11021,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -10862,11 +11032,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -12022,6 +12192,33 @@ Related policy: LastWrite + + AllowEnhancedSuggestionsInAddressBar + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + AllowServicePoweredQSA + LastWrite + + AllowEnterpriseModeFromToolsMenu @@ -12589,6 +12786,33 @@ Related policy: LastWrite + + DisableActiveXVersionListAutoDownload + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement + VersionListAutomaticDownloadDisable + LastWrite + + DisableAdobeFlash @@ -12670,6 +12894,33 @@ Related policy: LastWrite + + DisableCompatView + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView + CompatView_DisableList + LastWrite + + DisableConfiguringHistory @@ -12832,6 +13083,33 @@ Related policy: LastWrite + + DisableFeedsBackgroundSync + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~RSS_Feeds + Disable_Background_Syncing + LastWrite + + DisableFirstRunWizard @@ -12886,6 +13164,33 @@ Related policy: LastWrite + + DisableGeolocation + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + GeolocationDisable + LastWrite + + DisableHomePageChange @@ -13102,6 +13407,33 @@ Related policy: LastWrite + + DisableWebAddressAutoComplete + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + RestrictWebAddressSuggest + LastWrite + + DoNotAllowActiveXControlsInProtectedMode @@ -16558,6 +16890,33 @@ Related policy: LastWrite + + NewTabDefaultPage + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + NewTabAction + LastWrite + + NotificationBarInternetExplorerProcesses @@ -19148,7 +19507,7 @@ Related policy: - com.microsoft/8.0/MDM/Policy + com.microsoft/9.0/MDM/Policy @@ -20830,6 +21189,30 @@ Related policy: + + ConfigureWebcamAccessDomainNames + + + + + + + + Specifies a list of domains that are allowed to access the webcam in CXH-based authentication scenarios. + + + + + + + + + + + text/plain + + + EnableFastFirstSignIn @@ -22414,12 +22797,12 @@ Related policy: If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: - + <support.contoso.com><support.microsoft.com> If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: -If you do not want to send traffic to Microsoft, enable this policy and use the value, which honors domain- and non-domain-joined devices, when it is the only configured URL. +If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. @@ -22636,7 +23019,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -22647,11 +23030,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -23525,6 +23908,7 @@ Related policy: + @@ -24870,6 +25254,30 @@ Related policy: + + SecurityIntelligenceLocation + + + + + + + + + + + + + + + + + + + text/plain + + + SignatureUpdateFallbackOrder @@ -25108,6 +25516,54 @@ Related policy: + + DODelayCacheServerFallbackBackground + + + + + + + + + + + + + + + + + + + text/plain + + + + + DODelayCacheServerFallbackForeground + + + + + + + + + + + + + + + + + + + text/plain + + + DODelayForegroundDownloadFromHttp @@ -25731,6 +26187,100 @@ Related policy: + + DeviceHealthMonitoring + + + + + + + + + + + + + + + + + + + + + AllowDeviceHealthMonitoring + + + + + + + + Enable/disable 4Nines device health monitoring on devices. + + + + + + + + + + + text/plain + + + + + ConfigDeviceHealthMonitoringScope + + + + + + + + If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored. + + + + + + + + + + + text/plain + + + + + ConfigDeviceHealthMonitoringUploadDestination + + + + + + + + If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded. + + + + + + + + + + + text/plain + + + + DeviceInstallation @@ -27260,6 +27810,35 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + ShowLockOnUserTile + + + + + + + + Shows or hides lock from the user tile menu. +If you enable this policy setting, the lock option will be shown in the User Tile menu. + +If you disable this policy setting, the lock option will never be shown in the User Tile menu. + +If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel. + + + + + + + + + + + text/plain + + + ExploitGuard @@ -27634,6 +28213,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + AllowEnhancedSuggestionsInAddressBar + + + + + + + + + + + + + + + + + + + text/plain + + + AllowEnterpriseModeFromToolsMenu @@ -28162,6 +28765,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableActiveXVersionListAutoDownload + + + + + + + + + + + + + + + + + + + text/plain + + + DisableAdobeFlash @@ -28234,6 +28861,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableCompatView + + + + + + + + + + + + + + + + + + + text/plain + + + DisableConfiguringHistory @@ -28378,6 +29029,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableFeedsBackgroundSync + + + + + + + + + + + + + + + + + + + text/plain + + + DisableFirstRunWizard @@ -28426,6 +29101,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableGeolocation + + + + + + + + + + + + + + + + + + + text/plain + + + DisableIgnoringCertificateErrors @@ -28618,6 +29317,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + DisableWebAddressAutoComplete + + + + + + + + + + + + + + + + + + + text/plain + + + DoNotAllowActiveXControlsInProtectedMode @@ -31738,6 +32461,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor + + NewTabDefaultPage + + + + + + + + + + + + + + + + + + + text/plain + + + NotificationBarInternetExplorerProcesses @@ -34140,7 +34887,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) -Do not display user information (3) +Do not display user information (3) +Domain and user names only (4) @@ -35488,52 +36236,6 @@ The options are: - - Location - - - - - - - - - - - - - - - - - - - - - EnableLocation - - - - - - - - - - - - - - - - - - - text/plain - - - - LockDown @@ -36405,6 +37107,62 @@ The options are: + + EnergySaverBatteryThresholdOnBattery + + + + + + + + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. + +If you disable or do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + + + EnergySaverBatteryThresholdPluggedIn + + + + + + + + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. + +If you disable or do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + HibernateTimeoutOnBattery @@ -36501,6 +37259,210 @@ The options are: + + SelectLidCloseActionOnBattery + + + + + + + + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + + + SelectLidCloseActionPluggedIn + + + + + + + + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + + + SelectPowerButtonActionOnBattery + + + + + + + + This policy setting specifies the action that Windows takes when a user presses the power button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + + + SelectPowerButtonActionPluggedIn + + + + + + + + This policy setting specifies the action that Windows takes when a user presses the power button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + + + SelectSleepButtonActionOnBattery + + + + + + + + This policy setting specifies the action that Windows takes when a user presses the sleep button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + + + SelectSleepButtonActionPluggedIn + + + + + + + + This policy setting specifies the action that Windows takes when a user presses the sleep button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + StandbyTimeoutOnBattery @@ -36549,6 +37511,122 @@ The options are: + + TurnOffHybridSleepOnBattery + + + + + + + + This policy setting allows you to turn off hybrid sleep. + +If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + + + TurnOffHybridSleepPluggedIn + + + + + + + + This policy setting allows you to turn off hybrid sleep. + +If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + + + UnattendedSleepTimeoutOnBattery + + + + + + + + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + + + + + + + + text/plain + + + + + UnattendedSleepTimeoutPluggedIn + + + + + + + + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + + + + + + + + text/plain + + + Printers @@ -38321,6 +39399,54 @@ The options are: + + LetAppsActivateWithVoice + + + + + + + + This policy setting specifies whether Windows apps can be activated by voice. + + + + + + + + + + + text/plain + + + + + LetAppsActivateWithVoiceAboveLock + + + + + + + + This policy setting specifies whether Windows apps can be activated by voice while the system is locked. + + + + + + + + + + + text/plain + + + LetAppsGetDiagnosticInfo @@ -39700,6 +40826,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + AllowFindMyFiles + + + + + + + + This feature allows you to disable find my files completely on the machine + + + + + + + + + + + text/plain + + + AllowIndexingEncryptedStoresOrItems @@ -40275,6 +41425,52 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + ServiceControlManager + + + + + + + + + + + + + + + + + + + + + SvchostProcessMitigation + + + + + + + + + + + + + + + + + + + text/plain + + + + Settings @@ -41512,6 +42708,150 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + AllowStorageSenseGlobal + + + + + + + + + + + + + + + + + + + text/plain + + + + + AllowStorageSenseTemporaryFilesCleanup + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigStorageSenseCloudContentDehydrationThreshold + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigStorageSenseDownloadsCleanupThreshold + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigStorageSenseGlobalCadence + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigStorageSenseRecycleBinCleanupThreshold + + + + + + + + + + + + + + + + + + + text/plain + + + EnhancedStorageDevices @@ -41606,6 +42946,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + AllowCommercialDataPipeline + + + + + + + + + + + + + + + + + + + text/plain + + + AllowDeviceNameInDiagnosticData @@ -41942,6 +43306,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + DisableDirectXDatabaseUpdate + + + + + + + + This group policy allows control over whether the DirectX Database Updater task will be run on the system. + + + + + + + + + + + text/plain + + + DisableEnterpriseAuthProxy @@ -42086,6 +43474,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + TurnOffFileHistory + + + + + + + + This policy setting allows you to turn off File History. + +If you enable this policy setting, File History cannot be activated to create regular, automatic backups. + +If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups. + + + + + + + + + + + text/plain + + + SystemServices @@ -42964,6 +44380,85 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + ConfigureTimeZone + + + + + + + + Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone. + + + + + + + + + + + text/plain + + + + + + Troubleshooting + + + + + + + + + + + + + + + + + + + + + AllowRecommendations + + + + + + + + This policy setting applies recommended troubleshooting for known problems on the device and lets administrators configure how it's applied to their domains/IT environments. +Not configuring this policy setting will allow the user to configure if and how recommended troubleshooting is applied. + +Enabling this policy allows you to configure how recommended troubleshooting is applied on the user's device. You can select from one of the following values: +0 = Turn this feature off. +1 = Turn this feature off but still apply critical troubleshooting. +2 = Notify users when recommended troubleshooting is available, then allow the user to run or ignore it. +3 = Run recommended troubleshooting automatically and notify the user after it's been successfully run. +4 = Run recommended troubleshooting automatically without notifying the user. +5 = Allow the user to choose their own recommended troubleshooting settings. + + + + + + + + + + + text/plain + + + Update @@ -43178,6 +44673,36 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + AutomaticMaintenanceWakeUp + + + + + + + + This policy setting allows you to configure Automatic Maintenance wake up policy. + +The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect. + +If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required. + +If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. + + + + + + + + + + + text/plain + + + AutoRestartDeadlinePeriodInDays @@ -43298,6 +44823,102 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + ConfigureDeadlineForFeatureUpdates + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigureDeadlineForQualityUpdates + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigureDeadlineGracePeriod + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigureDeadlineNoAutoReboot + + + + + + + + + + + + + + + + + + + text/plain + + + ConfigureFeatureUpdateUninstallPeriod @@ -45882,6 +47503,54 @@ Because of these factors, users do not usually need this user right. Warning: If + + AllowAutomaticRestartSignOn + + + + + + + + + + + + + + + + + + + text/plain + + + + + ConfigAutomaticRestartSignOn + + + + + + + + + + + + + + + + + + + text/plain + + + DisableLockScreenAppNotifications @@ -45930,6 +47599,38 @@ Because of these factors, users do not usually need this user right. Warning: If + + EnableFirstLogonAnimation + + + + + + + + This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in. + +If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation. + +If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services. + +If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation. + +Note: The first sign-in animation will not be shown on Server, so this policy will have no effect. + + + + + + + + + + + text/plain + + + EnumerateLocalUsersOnDomainJoinedComputers @@ -45978,30 +47679,6 @@ Because of these factors, users do not usually need this user right. Warning: If - - SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart - - - - - - - - - - - - - - - - - - - text/plain - - - WindowsPowerShell @@ -47993,6 +49670,30 @@ Because of these factors, users do not usually need this user right. Warning: If LowestValueMostSecure + + ConfigureWebcamAccessDomainNames + + + + + + Specifies a list of domains that are allowed to access the webcam in CXH-based authentication scenarios. + + + + + + + + + + + text/plain + + LastWrite + ; + + EnableFastFirstSignIn @@ -49356,7 +51057,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on - + 0 The favorites bar shows your user's links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page. If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu. @@ -49724,12 +51425,12 @@ Related policy: If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: - + <support.contoso.com><support.microsoft.com> If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: -If you do not want to send traffic to Microsoft, enable this policy and use the value, which honors domain- and non-domain-joined devices, when it is the only configured URL. +If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. @@ -49972,7 +51673,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. -When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. +When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. @@ -49983,11 +51684,11 @@ If disabled or not configured, extensions defined as part of this policy get ign Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: -- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) -- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business) -- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy) -- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) -- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows) +- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) +- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) +- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) +- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) @@ -52448,6 +54149,34 @@ Related policy: LastWrite + + SecurityIntelligenceLocation + + + + + + + + + + + + + + + + + text/plain + + phone + WindowsDefender.admx + SignatureUpdate_SharedSignaturesLocation + WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate + SignatureUpdate_SharedSignaturesLocation + LastWrite + + SignatureUpdateFallbackOrder @@ -52721,6 +54450,62 @@ Related policy: LastWrite + + DODelayCacheServerFallbackBackground + + + + + 0 + + + + + + + + + + + + text/plain + + + DeliveryOptimization.admx + DelayCacheServerFallbackBackground + DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat + DelayCacheServerFallbackBackground + LastWrite + + + + DODelayCacheServerFallbackForeground + + + + + 0 + + + + + + + + + + + + text/plain + + + DeliveryOptimization.admx + DelayCacheServerFallbackForeground + DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat + DelayCacheServerFallbackForeground + LastWrite + + DODelayForegroundDownloadFromHttp @@ -52824,7 +54609,7 @@ Related policy: text/plain - + DeliveryOptimization.admx GroupIdSource DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat @@ -53272,9 +55057,6 @@ Related policy: text/plain - DeliveryOptimization.admx - DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat - SetHoursToLimitBackgroundDownloadBandwidth LastWrite @@ -53307,7 +55089,7 @@ Related policy: + /> @@ -53334,9 +55116,6 @@ Related policy: text/plain - DeliveryOptimization.admx - DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat - SetHoursToLimitForegroundDownloadBandwidth LastWrite @@ -53369,7 +55148,7 @@ Related policy: + /> @@ -53512,6 +55291,96 @@ Related policy: + + DeviceHealthMonitoring + + + + + + + + + + + + + + + + + + + AllowDeviceHealthMonitoring + + + + + 0 + Enable/disable 4Nines device health monitoring on devices. + + + + + + + + + + + text/plain + + + LastWrite + + + + ConfigDeviceHealthMonitoringScope + + + + + + If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which types of events are monitored. + + + + + + + + + + + text/plain + + LastWrite + + + + ConfigDeviceHealthMonitoringUploadDestination + + + + + + If the device is not opted-in to the DeviceHealthMonitoring service via the AllowDeviceHealthMonitoring then this policy has no meaning. For devices which are opted in, the value of this policy modifies which destinations are in-scope for monitored events to be uploaded. + + + + + + + + + + + text/plain + + LastWrite + + + DeviceInstallation @@ -55136,6 +57005,38 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor HighestValueMostSecure + + ShowLockOnUserTile + + + + + 1 + Shows or hides lock from the user tile menu. +If you enable this policy setting, the lock option will be shown in the User Tile menu. + +If you disable this policy setting, the lock option will never be shown in the User Tile menu. + +If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel. + + + + + + + + + + + text/plain + + + WindowsExplorer.admx + WindowsExplorer~AT~WindowsExplorer + ShowLockOption + HighestValueMostSecure + + ExploitGuard @@ -55531,6 +57432,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + AllowEnhancedSuggestionsInAddressBar + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + AllowServicePoweredQSA + LastWrite + + AllowEnterpriseModeFromToolsMenu @@ -56125,6 +58053,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + DisableActiveXVersionListAutoDownload + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement + VersionListAutomaticDownloadDisable + LastWrite + + DisableAdobeFlash @@ -56206,6 +58161,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + DisableCompatView + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView + CompatView_DisableList + LastWrite + + DisableConfiguringHistory @@ -56368,6 +58350,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + DisableFeedsBackgroundSync + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~RSS_Feeds + Disable_Background_Syncing + LastWrite + + DisableFirstRunWizard @@ -56422,6 +58431,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + DisableGeolocation + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + GeolocationDisable + LastWrite + + DisableIgnoringCertificateErrors @@ -56638,6 +58674,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + DisableWebAddressAutoComplete + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + RestrictWebAddressSuggest + LastWrite + + DoNotAllowActiveXControlsInProtectedMode @@ -60148,6 +62211,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor LastWrite + + NewTabDefaultPage + + + + + + + + + + + + + + + + + text/plain + + phone + inetres.admx + inetres~AT~WindowsComponents~InternetExplorer + NewTabAction + LastWrite + + NotificationBarInternetExplorerProcesses @@ -62109,6 +64199,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor phone LastWrite + 0xF000 @@ -62792,7 +64883,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l Interactive Logon:Display user information when the session is locked User display name, domain and user names (1) User display name only (2) -Do not display user information (3) +Do not display user information (3) +Domain and user names only (4) @@ -62805,7 +64897,7 @@ Do not display user information (3) text/plain - + phone Windows Settings~Security Settings~Local Policies~Security Options Interactive logon: Display user information when the session is locked @@ -64255,53 +66347,6 @@ The options are: - - Location - - - - - - - - - - - - - - - - - - - EnableLocation - - - - - 0 - - - - - - - - - - - - text/plain - - - LocationProviderAdm.admx - LocationProviderAdm~AT~LocationAndSensors~WindowsLocationProvider - DisableWindowsLocationProvider_1 - LastWrite - - - LockDown @@ -65234,6 +67279,70 @@ The options are: LastWrite + + EnergySaverBatteryThresholdOnBattery + + + + + 0 + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. + +If you disable or do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + Power.admx + EnterEsBattThreshold + Power~AT~System~PowerManagementCat~EnergySaverSettingsCat + EsBattThresholdDC + LastWrite + + + + EnergySaverBatteryThresholdPluggedIn + + + + + 0 + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. + +If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. + +If you disable or do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + Power.admx + EnterEsBattThreshold + Power~AT~System~PowerManagementCat~EnergySaverSettingsCat + EsBattThresholdAC + LastWrite + + HibernateTimeoutOnBattery @@ -65342,6 +67451,234 @@ The options are: LastWrite + + SelectLidCloseActionOnBattery + + + + + 1 + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectDCSystemLidAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + DCSystemLidAction_2 + LastWrite + + + + SelectLidCloseActionPluggedIn + + + + + 1 + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectACSystemLidAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + ACSystemLidAction_2 + LastWrite + + + + SelectPowerButtonActionOnBattery + + + + + 1 + This policy setting specifies the action that Windows takes when a user presses the power button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectDCPowerButtonAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + DCPowerButtonAction_2 + LastWrite + + + + SelectPowerButtonActionPluggedIn + + + + + 1 + This policy setting specifies the action that Windows takes when a user presses the power button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectACPowerButtonAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + ACPowerButtonAction_2 + LastWrite + + + + SelectSleepButtonActionOnBattery + + + + + 1 + This policy setting specifies the action that Windows takes when a user presses the sleep button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectDCSleepButtonAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + DCSleepButtonAction_2 + LastWrite + + + + SelectSleepButtonActionPluggedIn + + + + + 1 + This policy setting specifies the action that Windows takes when a user presses the sleep button. + +Possible actions include: +0 - Take no action +1 - Sleep +2 - Hibernate +3 - Shut down + +If you enable this policy setting, you must select the desired action. + +If you disable this policy setting or do not configure it, users can see and change this setting. + + + + + + + + + + + text/plain + + + Power.admx + SelectACSleepButtonAction + Power~AT~System~PowerManagementCat~PowerButtonActionSettingsCat + ACSleepButtonAction_2 + LastWrite + + StandbyTimeoutOnBattery @@ -65396,6 +67733,136 @@ The options are: LastWrite + + TurnOffHybridSleepOnBattery + + + + + 0 + This policy setting allows you to turn off hybrid sleep. + +If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + Power.admx + Power~AT~System~PowerManagementCat~PowerSleepSettingsCat + DCStandbyWithHiberfileEnable_2 + LastWrite + + + + TurnOffHybridSleepPluggedIn + + + + + 0 + This policy setting allows you to turn off hybrid sleep. + +If you set this to 0, a hiberfile is not generated when the system transitions to sleep (Stand By). + +If you do not configure this policy setting, users control this setting. + + + + + + + + + + + text/plain + + + Power.admx + Power~AT~System~PowerManagementCat~PowerSleepSettingsCat + ACStandbyWithHiberfileEnable_2 + LastWrite + + + + UnattendedSleepTimeoutOnBattery + + + + + 0 + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + + + + + + + + text/plain + + + Power.admx + EnterUnattendedSleepTimeOut + Power~AT~System~PowerManagementCat~PowerSleepSettingsCat + UnattendedSleepTimeOutDC + LastWrite + + + + UnattendedSleepTimeoutPluggedIn + + + + + 0 + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. + +If you disable or do not configure this policy setting, users control this setting. + +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + + + + + + + + + + + text/plain + + + Power.admx + EnterUnattendedSleepTimeOut + Power~AT~System~PowerManagementCat~PowerSleepSettingsCat + UnattendedSleepTimeOutAC + LastWrite + + Printers @@ -67427,6 +69894,62 @@ The options are: ; + + LetAppsActivateWithVoice + + + + + 0 + This policy setting specifies whether Windows apps can be activated by voice. + + + + + + + + + + + text/plain + + + AppPrivacy.admx + LetAppsActivateWithVoice_Enum + AppPrivacy~AT~WindowsComponents~AppPrivacy + LetAppsActivateWithVoice + HighestValueMostSecure + + + + LetAppsActivateWithVoiceAboveLock + + + + + 0 + This policy setting specifies whether Windows apps can be activated by voice while the system is locked. + + + + + + + + + + + text/plain + + + AppPrivacy.admx + LetAppsActivateWithVoiceAboveLock_Enum + AppPrivacy~AT~WindowsComponents~AppPrivacy + LetAppsActivateWithVoiceAboveLock + HighestValueMostSecure + + LetAppsGetDiagnosticInfo @@ -68989,6 +71512,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LowestValueMostSecure + + AllowFindMyFiles + + + + + 1 + This feature allows you to disable find my files completely on the machine + + + + + + + + + + + text/plain + + + phone + Search.admx + Search~AT~WindowsComponents~Search + AllowFindMyFiles + LowestValueMostSecure + + AllowIndexingEncryptedStoresOrItems @@ -69598,6 +72149,53 @@ Caution: If a Restricted Groups policy is applied, any current member not on the + + ServiceControlManager + + + + + + + + + + + + + + + + + + + SvchostProcessMitigation + + + + + + + + + + + + + + + + + text/plain + + phone + ServiceControlManager.admx + ServiceControlManager~AT~System~ServiceControlManagerCat~ServiceControlManagerSecurityCat + SvchostProcessMitigationEnable + LastWrite + + + Settings @@ -70893,6 +73491,174 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LastWrite + + AllowStorageSenseGlobal + + + + + 0 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_AllowStorageSenseGlobal + LastWrite + + + + AllowStorageSenseTemporaryFilesCleanup + + + + + 1 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_AllowStorageSenseTemporaryFilesCleanup + LastWrite + + + + ConfigStorageSenseCloudContentDehydrationThreshold + + + + + 0 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_ConfigStorageSenseCloudContentDehydrationThreshold + LastWrite + + + + ConfigStorageSenseDownloadsCleanupThreshold + + + + + 0 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_ConfigStorageSenseDownloadsCleanupThreshold + LastWrite + + + + ConfigStorageSenseGlobalCadence + + + + + 0 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_ConfigStorageSenseGlobalCadence + LastWrite + + + + ConfigStorageSenseRecycleBinCleanupThreshold + + + + + 30 + + + + + + + + + + + + text/plain + + + phone + StorageSense.admx + StorageSense~AT~System~StorageSense + SS_ConfigStorageSenseRecycleBinCleanupThreshold + LastWrite + + EnhancedStorageDevices @@ -70995,6 +73761,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LowestValueMostSecure + + AllowCommercialDataPipeline + + + + + 0 + + + + + + + + + + + + text/plain + + + DataCollection.admx + AllowCommercialDataPipeline + DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds + AllowCommercialDataPipeline + HighestValueMostSecure + + AllowDeviceNameInDiagnosticData @@ -71367,6 +74161,33 @@ Caution: If a Restricted Groups policy is applied, any current member not on the HighestValueMostSecure + + DisableDirectXDatabaseUpdate + + + + + 0 + This group policy allows control over whether the DirectX Database Updater task will be run on the system. + + + + + + + + + + + text/plain + + + GroupPolicy.admx + GroupPolicy~AT~Network~DirectXDatabase + DisableDirectXDatabaseUpdate + HighestValueMostSecure + + DisableEnterpriseAuthProxy @@ -71528,6 +74349,37 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LastWrite + + TurnOffFileHistory + + + + + 0 + This policy setting allows you to turn off File History. + +If you enable this policy setting, File History cannot be activated to create regular, automatic backups. + +If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups. + + + + + + + + + + + text/plain + + + FileHistory.admx + FileHistory~AT~WindowsComponents~FileHistory + DisableFileHistory + LowestValueMostSecure + + SystemServices @@ -72432,6 +75284,87 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LowestValueMostSecure + + ConfigureTimeZone + + + + + + Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone. + + + + + + + + + + + text/plain + + phone + LastWrite + + + + + Troubleshooting + + + + + + + + + + + + + + + + + + + AllowRecommendations + + + + + 1 + This policy setting applies recommended troubleshooting for known problems on the device and lets administrators configure how it's applied to their domains/IT environments. +Not configuring this policy setting will allow the user to configure if and how recommended troubleshooting is applied. + +Enabling this policy allows you to configure how recommended troubleshooting is applied on the user's device. You can select from one of the following values: +0 = Turn this feature off. +1 = Turn this feature off but still apply critical troubleshooting. +2 = Notify users when recommended troubleshooting is available, then allow the user to run or ignore it. +3 = Run recommended troubleshooting automatically and notify the user after it's been successfully run. +4 = Run recommended troubleshooting automatically without notifying the user. +5 = Allow the user to choose their own recommended troubleshooting settings. + + + + + + + + + + + text/plain + + + phone + MSDT.admx + MSDT~AT~System~Troubleshooting~WdiScenarioCategory + TroubleshootingAllowRecommendations + LowestValueMostSecure + + Update @@ -72671,6 +75604,39 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LowestValueMostSecure + + AutomaticMaintenanceWakeUp + + + + + 1 + This policy setting allows you to configure Automatic Maintenance wake up policy. + +The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect. + +If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required. + +If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. + + + + + + + + + + + text/plain + + + msched.admx + msched~AT~WindowsComponents~MaintenanceScheduler + WakeUpPolicy + HighestValueMostSecure + + AutoRestartDeadlinePeriodInDays @@ -72803,7 +75769,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the text/plain - + WindowsUpdate.admx BranchReadinessLevelId WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat @@ -72811,6 +75777,118 @@ Caution: If a Restricted Groups policy is applied, any current member not on the LastWrite + + ConfigureDeadlineForFeatureUpdates + + + + + 7 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + ConfigureDeadlineForFeatureUpdates + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + ConfigureDeadlineForFeatureUpdates + LastWrite + + + + ConfigureDeadlineForQualityUpdates + + + + + 7 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + ConfigureDeadlineForQualityUpdates + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + ConfigureDeadlineForQualityUpdates + LastWrite + + + + ConfigureDeadlineGracePeriod + + + + + 2 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + ConfigureDeadlineGracePeriod + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + ConfigureDeadlineGracePeriod + LastWrite + + + + ConfigureDeadlineNoAutoReboot + + + + + 0 + + + + + + + + + + + + text/plain + + + WindowsUpdate.admx + ConfigureDeadlineNoAutoReboot + WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat + ConfigureDeadlineNoAutoReboot + HighestValueMostSecure + + ConfigureFeatureUpdateUninstallPeriod @@ -75715,6 +78793,60 @@ Because of these factors, users do not usually need this user right. Warning: If + + AllowAutomaticRestartSignOn + + + + + + + + + + + + + + + + + text/plain + + phone + WinLogon.admx + WinLogon~AT~WindowsComponents~Logon + AutomaticRestartSignOn + LastWrite + + + + ConfigAutomaticRestartSignOn + + + + + + + + + + + + + + + + + text/plain + + phone + WinLogon.admx + WinLogon~AT~WindowsComponents~Logon + ConfigAutomaticRestartSignOn + LastWrite + + DisableLockScreenAppNotifications @@ -75769,6 +78901,41 @@ Because of these factors, users do not usually need this user right. Warning: If LastWrite + + EnableFirstLogonAnimation + + + + + 1 + This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in. + +If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation. + +If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services. + +If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation. + +Note: The first sign-in animation will not be shown on Server, so this policy will have no effect. + + + + + + + + + + + text/plain + + + Logon.admx + Logon~AT~System~Logon + EnableFirstLogonAnimation + HighestValueMostSecure + + EnumerateLocalUsersOnDomainJoinedComputers @@ -75823,33 +78990,6 @@ Because of these factors, users do not usually need this user right. Warning: If HighestValueMostSecure - - SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart - - - - - - - - - - - - - - - - - text/plain - - phone - WinLogon.admx - WinLogon~AT~WindowsComponents~Logon - AutomaticRestartSignOn - LastWrite - - WindowsPowerShell @@ -76131,4 +79271,5 @@ Because of these factors, users do not usually need this user right. Warning: If -``` \ No newline at end of file + +``` diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index 366179d7ac..ad4bb24be7 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -2,11 +2,13 @@ title: PolicyManager CSP description: PolicyManager CSP ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/28/2017 --- diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 88ff7aac70..9dfabcfba3 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -2,11 +2,13 @@ title: Provisioning CSP description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. ms.assetid: 5D6C17BE-727A-4AFA-9F30-B34C1EA1D2AE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The Provisioning configuration service provider is used for bulk user enrollment > **Note**  Bulk enrollment does not work when two factor authentication is enabled. -  + For bulk enrollment step-by-step guide, see [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md). @@ -31,7 +33,7 @@ Root node for Provisioning CSP. **Provisioning/Enrollments** Node for defining bulk enrollment of users into an MDM service. -**Provisioning/Enrollments/****_UPN_** +**Provisioning/Enrollments/***UPN* Unique identifier for the enrollment. For bulk enrollment, this must a service account that is allowed to enroll multiple users. Example, "generic-device@contoso.com" **Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** @@ -56,9 +58,9 @@ Specifies the policy service URL. **Provisioning/Enrollments/*UPN*/EnrollmentServiceFullURL** Specifies the enrollment service URL. -  + -  + diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 31a3e8994f..cced09bc2b 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -2,11 +2,13 @@ title: PROXY CSP description: PROXY CSP ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -19,7 +21,7 @@ The PROXY configuration service provider is used to configure proxy connections. This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -  + For the PROXY CSP, you cannot use the Replace command unless the node already exists. @@ -61,7 +63,7 @@ Depending on the ProxyID, the valid values are ISA, WAP, SOCKS, or NULL. ***ProxyName*/Ports** Node for port information. -***ProxyName*/Ports/****_PortName_** +***ProxyName*/Ports/***PortName* Defines the name of a port. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names. @@ -72,7 +74,7 @@ Specifies the port number to be associated with the parent port. ***ProxyName*/Ports/*PortName*/Services** Node for services information. -***ProxyName*/Ports/Services/****_ServiceName_** +***ProxyName*/Ports/Services/***ServiceName* Defines the name of a service. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names. @@ -85,7 +87,7 @@ One commonly used value is "HTTP". ***ProxyName*/ConRefs** Node for connection reference information -***ProxyName*/ConRefs/****_ConRefName_** +***ProxyName*/ConRefs/***ConRefName* Defines the name of a connection reference. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names. @@ -98,9 +100,9 @@ Specifies one single connectivity object associated with the proxy connection. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index e8db3d3e21..bcae3dceaf 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management' - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm' ms.assetid: 9031C4FE-212A-4481-A1B0-4C3190B388AE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 8a137d239f..5e0bc0b2d9 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -2,11 +2,13 @@ title: PXLOGICAL configuration service provider description: PXLOGICAL configuration service provider ms.assetid: b5fc84d4-aa32-4edd-95f1-a6a9c0feb459 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 77dea602cf..9711b4b2a4 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -2,11 +2,13 @@ title: Reboot CSP description: Reboot CSP ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -27,10 +29,10 @@ The following diagram shows the Reboot configuration service provider management **RebootNow**

                                    This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.

                                    -> [!Note]   +> [!NOTE] > If this node is set to execute during a sync session, the device will reboot at the end of the sync session. -

                                    The supported operations are Execute and Get. +

                                    The supported operations are Execute and Get.

                                    **Schedule**

                                    The supported operation is Get.

                                    @@ -52,9 +54,9 @@ Example to configure: 2018-10-25T18:00:00

                                    [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index 36baf398e0..0c9d5f0df2 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -2,11 +2,13 @@ title: Reboot DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: ABBD850C-E744-462C-88E7-CA3F43D80DB1 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index e3351b8c80..ae536fae17 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -2,11 +2,13 @@ title: Reclaim seat from user description: The Reclaim seat from user operation returns reclaimed seats for a user in the Micosoft Store for Business. ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- @@ -29,7 +31,7 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t -

                                    POST

                                    +

                                    DELETE

                                    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

                                    diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index dd6f9467a1..0f8b376074 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -2,11 +2,13 @@ title: Register your free Azure Active Directory subscription description: If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index fecf3f5a44..61d34774a7 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -2,11 +2,13 @@ title: Registry CSP description: Registry CSP ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md index 7477a7c981..533315cd32 100644 --- a/windows/client-management/mdm/registry-ddf-file.md +++ b/windows/client-management/mdm/registry-ddf-file.md @@ -2,11 +2,13 @@ title: Registry DDF file description: Registry DDF file ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index d84582b492..55e3d22e71 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -2,11 +2,13 @@ title: RemoteFind CSP description: The RemoteFind configuration service provider retrieves the location information for a particular device. ms.assetid: 2EB02824-65BF-4B40-A338-672D219AF5A0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index 814fadbb25..8a7cd4c7f1 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -2,11 +2,13 @@ title: RemoteFind DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: 5864CBB8-2030-459E-BCF6-9ACB69206FEA -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 3d49884cd8..ea985de378 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -2,11 +2,13 @@ title: RemoteLock CSP description: RemoteLock CSP ms.assetid: c7889331-5aa3-4efe-9a7e-20d3f433659b -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md index 99fa47713c..1d172ed36b 100644 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ b/windows/client-management/mdm/remotelock-ddf-file.md @@ -2,11 +2,13 @@ title: RemoteLock DDF file description: RemoteLock DDF file ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 0d72fa4640..21149dd08e 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -2,11 +2,13 @@ title: RemoteRing CSP description: RemoteRing CSP ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index 01fe0aa96f..46d67265a2 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -2,11 +2,13 @@ title: RemoteRing DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteRing configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: 6815267F-212B-4370-8B72-A457E8000F7B -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 82818fd8da..bdf604d6d8 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -2,11 +2,13 @@ title: RemoteWipe CSP description: RemoteWipe CSP ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index 990cf2ae5a..1f2d44f7e1 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -2,11 +2,13 @@ title: RemoteWipe DDF file description: RemoteWipe DDF file ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/13/2018 --- @@ -218,4 +220,4 @@ The XML below is the DDF for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 924654540b..44828e2d90 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -2,11 +2,13 @@ title: Reporting CSP description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. ms.assetid: 148441A6-D9E1-43D8-ADEE-FB62E85A39F7 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index 6387fc0b59..4d44544d12 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -2,11 +2,13 @@ title: Reporting DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607. ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index aae4546ae8..efafe7ae2f 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' ms.assetid: 8C48A879-525A-471F-B0FD-506E743A7D2F -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 4f6ec839e8..453649322c 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -2,11 +2,13 @@ title: RootCATrustedCertificates CSP description: RootCATrustedCertificates CSP ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/06/2018 --- diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 587008f3f5..f2d82abb8a 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -2,11 +2,13 @@ title: RootCATrustedCertificates DDF file description: RootCATrustedCertificates DDF file ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/07/2018 --- @@ -1983,4 +1985,4 @@ The XML below is for Windows 10, version 1803. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md b/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md index 63260885d9..0ee7ef78f1 100644 --- a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md +++ b/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md @@ -2,11 +2,13 @@ title: Samples for writing a custom configuration service provider description: Samples for writing a custom configuration service provider ms.assetid: ccda4d62-7ce1-483b-912f-25d50c974270 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 4d4507311e..7d972a5a96 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -2,11 +2,13 @@ title: SecureAssessment CSP description: SecureAssessment CSP ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -31,9 +33,9 @@ The supported operations are Add, Delete, Get, and Replace. **TesterAccount** The user name of the test taking account. -- To specify a domain account, use domain\\user. -- To specify an AAD account, use username@tenant.com. -- To specify a local account, use the username. +- To specify a domain account, use domain\\user. +- To specify an AAD account, use username@tenant.com. +- To specify a local account, use the username. The supported operations are Add, Delete, Get, and Replace. @@ -58,9 +60,9 @@ Supported operations are Get and Replace. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index a17b7547dd..6e40e13d37 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -2,11 +2,13 @@ title: SecureAssessment DDF file description: This topic shows the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.assetid: 68D17F2A-FAEA-4608-8727-DBEC1D7BE48A -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 20ef07773e..91478addbe 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -2,11 +2,13 @@ title: SecurityPolicy CSP description: SecurityPolicy CSP ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index 862a062eba..50b8b73b30 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm' - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm' ms.assetid: 5b90b631-62a6-4949-b53a-01275fd304b2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 6e97992194..eaae458518 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -2,11 +2,13 @@ title: SharedPC CSP description: SharedPC CSP ms.assetid: 31273166-1A1E-4F96-B176-CB42ECB80957 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 01/16/2019 --- @@ -43,7 +45,7 @@ The default value changed to false in Windows 10, version 1703. The default valu **SetPowerPolicies** Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -53,7 +55,7 @@ The default value is Not Configured and the effective power settings are determi **MaintenanceStartTime** Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440. -> [!Note] +> [!NOTE] >  If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -63,7 +65,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p **SignInOnResume** Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -73,7 +75,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p **SleepTimeout** The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -83,7 +85,7 @@ The default value is Not Configured, and effective behavior is determined by the **EnableAccountManager** A boolean that enables the account manager for shared PC mode. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -93,7 +95,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p **AccountModel** Configures which type of accounts are allowed to use the PC. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -109,7 +111,7 @@ Its value in the SharedPC provisioning package is 1 or 2. **DeletionPolicy** Configures when accounts are deleted. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The supported operations are Add, Get, Replace, and Delete. @@ -130,7 +132,7 @@ The default value is Not Configured. Its value in the SharedPC provisioning pack **DiskLevelDeletion** Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first. -> [!Note] +> [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. The default value is Not Configured. Its default value in the SharedPC provisioning package is 25. @@ -142,7 +144,7 @@ The supported operations are Add, Get, Replace, and Delete. **DiskLevelCaching** Sets the percentage of available disk space a PC should have before it stops deleting cached accounts. -> [!Note] +> [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. The default value is Not Configured. The default value in the SharedPC provisioning package is 25. @@ -156,7 +158,7 @@ Added in Windows 10, version 1703. Restricts the user from using local storage. The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False. -> [!Note] +> [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. **KioskModeAUMID** @@ -164,7 +166,7 @@ Added in Windows 10, version 1703. Specifies the AUMID of the app to use with as Value type is string. Supported operations are Add, Get, Replace, and Delete. -> [!Note] +> [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. **KioskModeUserTileDisplayText** @@ -172,7 +174,7 @@ Added in Windows 10, version 1703. Specifies the display text for the account sh Value type is string. Supported operations are Add, Get, Replace, and Delete. -> [!Note] +> [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. **InactiveThreshold** @@ -185,7 +187,7 @@ The default in the SharedPC provisioning package is 30. **MaxPageFileSizeMB** Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional. -> [!Note] +> [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. Default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index b17d1adabd..2f9bb6cbf0 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -2,11 +2,13 @@ title: SharedPC DDF file description: SharedPC DDF file ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index 26207420d9..6ed19c97e1 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -2,11 +2,13 @@ title: Storage CSP description: Storage CSP ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 46d64527ac..c73dcc0f08 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -2,11 +2,13 @@ title: Storage DDF file description: Storage DDF file ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 31e9f26469..7791fe19fd 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -2,11 +2,13 @@ title: Structure of OMA DM provisioning files description: Structure of OMA DM provisioning files ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 5ff2a27abd..8674049e20 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -2,11 +2,13 @@ title: SUPL CSP description: SUPL CSP ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/20/2018 --- diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 2d75e82287..fd4eac6e4d 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -2,11 +2,13 @@ title: SUPL DDF file description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider. ms.assetid: 514B7854-80DC-4ED9-9805-F5276BF38034 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/20/2018 --- diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index f6ec67db21..50b1862e82 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -2,11 +2,13 @@ title: SurfaceHub CSP description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. ms.assetid: 36FBBC32-AD6A-41F1-86BF-B384891AA693 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/28/2017 --- @@ -34,8 +36,8 @@ The following diagram shows the SurfaceHub CSP management objects in tree format > [!NOTE] > If the device cannot auto-discover the Exchange server and Session Initiation Protocol (SIP) address from this information, you should specify the ExchangeServer and SipAddress. -  -

                                    Here's a SyncML example. + +

                                    Here's a SyncML example. ``` syntax @@ -95,37 +97,37 @@ The following diagram shows the SurfaceHub CSP management objects in tree format **DeviceAccount/DomainName**

                                    Domain of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **DeviceAccount/UserName**

                                    Username of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **DeviceAccount/UserPrincipalName**

                                    User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **DeviceAccount/SipAddress**

                                    Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **DeviceAccount/Password**

                                    Password for the device account. -

                                    The data type is char. Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank. +

                                    The data type is string. Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank. **DeviceAccount/ValidateAndCommit**

                                    This method validates the data provided and then commits the changes. -

                                    The data type is char. Supported operation is Execute. +

                                    The data type is string. Supported operation is Execute. **DeviceAccount/Email**

                                    Email address of the device account. -

                                    The data type is char. +

                                    The data type is string. **DeviceAccount/PasswordRotationEnabled**

                                    Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD). @@ -135,17 +137,17 @@ The following diagram shows the SurfaceHub CSP management objects in tree format - 0 - password rotation enabled - 1 - disabled -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **DeviceAccount/ExchangeServer**

                                    Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **DeviceAccount/CalendarSyncEnabled**

                                    Specifies whether calendar sync and other Exchange server services is enabled. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **DeviceAccount/ErrorContext**

                                    If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values: @@ -202,7 +204,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format   -

                                    The data type is int. Supported operation is Get. +

                                    The data type is integer. Supported operation is Get. **MaintenanceHoursSimple/Hours**

                                    Node for maintenance schedule. @@ -210,12 +212,12 @@ The following diagram shows the SurfaceHub CSP management objects in tree format **MaintenanceHoursSimple/Hours/StartTime**

                                    Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120. -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **MaintenanceHoursSimple/Hours/Duration**

                                    Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180. -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **InBoxApps**

                                    Node for the in-box app settings. @@ -224,9 +226,9 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

                                    Added in Windows 10, version 1703. Node for the Skype for Business settings. **InBoxApps/SkypeForBusiness/DomainName** -

                                    Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see [Set up Skype for Business Online](https://support.office.com/en-us/article/Set-up-Skype-for-Business-Online-40296968-e779-4259-980b-c2de1c044c6e?ui=en-US&rs=en-US&ad=US#bkmk_users). +

                                    Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online. -

                                    The data type is char. Supported operation is Get and Replace. +

                                    The data type is string. Supported operation is Get and Replace. **InBoxApps/Welcome**

                                    Node for the welcome screen. @@ -234,7 +236,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format **InBoxApps/Welcome/AutoWakeScreen**

                                    Automatically turn on the screen using motion sensors. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath**

                                    Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). @@ -249,7 +251,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format - 0 - Organizer and time only - 1 - Organizer, time, and subject. Subject is hidden in private meetings. -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **InBoxApps/WirelessProjection**

                                    Node for the wireless projector app settings. @@ -257,12 +259,12 @@ The following diagram shows the SurfaceHub CSP management objects in tree format **InBoxApps/WirelessProjection/PINRequired**

                                    Users must enter a PIN to wirelessly project to the device. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **InBoxApps/WirelessProjection/Enabled**

                                    Enables wireless projection to the device. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **InBoxApps/WirelessProjection/Channel**

                                    Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. @@ -288,10 +290,10 @@ The following diagram shows the SurfaceHub CSP management objects in tree format -  -

                                    The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). + +

                                    The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **InBoxApps/Connect**

                                    Added in Windows 10, version 1703. Node for the Connect app. @@ -301,7 +303,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

                                    If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **Properties**

                                    Node for the device properties. @@ -314,7 +316,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format **Properties/DefaultVolume**

                                    Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **Properties/ScreenTimeout**

                                    Added in Windows 10, version 1703. Specifies the number of minutes until the Hub screen turns off. @@ -366,7 +368,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **Properties/SessionTimeout**

                                    Added in Windows 10, version 1703. Specifies the number of minutes until the session times out. @@ -418,7 +420,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **Properties/SleepTimeout**

                                    Added in Windows 10, version 1703. Specifies the number of minutes until the Hub enters sleep mode. @@ -470,35 +472,35 @@ The following diagram shows the SurfaceHub CSP management objects in tree format -

                                    The data type is int. Supported operation is Get and Replace. +

                                    The data type is integer. Supported operation is Get and Replace. **Properties/AllowSessionResume**

                                    Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out. -

                                    If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated. +

                                    If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **Properties/AllowAutoProxyAuth**

                                    Added in Windows 10, version 1703. Specifies whether to use the device account for proxy authentication.

                                    If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **Properties/DisableSigninSuggestions**

                                    Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.

                                    If this setting is true, the sign-in dialog will not be populated. If false, the dialog will auto-populate. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **Properties/DoNotShowMyMeetingsAndFiles** -

                                    Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. +

                                    Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.

                                    If this setting is true, the “My meetings and files” feature will not be shown. When false, the “My meetings and files” feature will be shown. -

                                    The data type is bool. Supported operation is Get and Replace. +

                                    The data type is boolean. Supported operation is Get and Replace. **MOMAgent**

                                    Node for the Microsoft Operations Management Suite. @@ -513,9 +515,9 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

                                    The data type is string. Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string. -  + -  + diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index c3b580b0e5..e6e08bb81c 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -2,11 +2,13 @@ title: SurfaceHub DDF file description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. ms.assetid: D34DA1C2-09A2-4BA3-BE99-AC483C278436 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index a52598d88f..5ce1c2c024 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -1,12 +1,14 @@ --- title: TenantLockdown CSP description: -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/13/2018 +ms.reviewer: +manager: dansimp --- # TenantLockdown CSP @@ -16,7 +18,7 @@ ms.date: 08/13/2018 The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes. -> [!Note] +> [!NOTE] > The forced network connection is only applicable to devices after reset (not new). The following diagram shows the TenantLockdown configuration service provider in tree format. @@ -36,4 +38,4 @@ Value type is bool. Supported operations are Get and Replace. - true - Require network in OOBE - false - No network connection requirement in OOBE -Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account. \ No newline at end of file +Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account. diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 041e4c97ff..c0f974476b 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -1,12 +1,14 @@ --- title: TenantLockdown DDF file description: XML file containing the device description framework -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/13/2018 +ms.reviewer: +manager: dansimp --- # TenantLockdown DDF file @@ -72,4 +74,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 2a39e0fa82..e546efa7f6 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -1,12 +1,14 @@ --- title: TPMPolicy CSP description: TPMPolicy CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 +ms.reviewer: +manager: dansimp --- # TPMPolicy CSP @@ -36,19 +38,19 @@ The following diagram shows the TPMPolicy configuration service provider in tree Here is an example: ``` syntax -                -                    101 -                    -                        -                            -                                ./Vendor/MSFT/TpmPolicy/IsActiveZeroExhaust -                            -                        -                         + + 101 + + + + ./Vendor/MSFT/TpmPolicy/IsActiveZeroExhaust + + + bool -               text/plain -        -        true -                     -                 -``` \ No newline at end of file + text/plain + + true + + +``` diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md index e4f359684a..8d9a434022 100644 --- a/windows/client-management/mdm/tpmpolicy-ddf-file.md +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -1,12 +1,14 @@ --- title: TPMPolicy DDF file description: TPMPolicy DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 +ms.reviewer: +manager: dansimp --- # TPMPolicy DDF file @@ -69,4 +71,4 @@ The XML below is the current version for this CSP. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 85542e6932..ff3e25edce 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -1,12 +1,14 @@ --- title: UEFI CSP description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # UEFI CSP @@ -14,10 +16,10 @@ ms.date: 10/02/2018 The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809. -> [!Note] +> [!NOTE] > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809). -> [!Note] +> [!NOTE] > The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface. The specification for this interface and compatible firmware is not yet available. The following diagram shows the UEFI CSP in tree format. diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md index ddfe446519..992695a945 100644 --- a/windows/client-management/mdm/uefi-ddf.md +++ b/windows/client-management/mdm/uefi-ddf.md @@ -1,12 +1,14 @@ --- title: UEFI DDF file description: UEFI DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # UEFI DDF file @@ -510,4 +512,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 84a4a9551f..233e581a91 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -1,12 +1,14 @@ --- title: Understanding ADMX-backed policies description: Starting in Windows 10, version 1703, you can use ADMX-backed policies for Windows 10 mobile device management (MDM) across Windows 10 devices. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 03/02/2018 +ms.reviewer: +manager: dansimp --- # Understanding ADMX-backed policies diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index ae18f01c72..f9ff52da32 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -2,11 +2,13 @@ title: UnifiedWriteFilter CSP description: The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type. ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -17,7 +19,7 @@ The UnifiedWriteFilter (UWF) configuration service provider enables the IT admin > **Note**  The UnifiedWriteFilter CSP is only supported in Windows 10 Enterprise and Windows 10 Education. -  + The following diagram shows the UWF configuration service provider in tree format. @@ -74,7 +76,7 @@ The only supported operation is Get. **CurrentSession/RegistryExclusions** Required. The root node that contains all registry exclusions. -**CurrentSession/RegistryExclusions/****_ExcludedRegistry_** +**CurrentSession/RegistryExclusions/***ExcludedRegistry* Optional. A registry key in the registry exclusion list for UWF in the current session. The only supported operation is Get. @@ -87,7 +89,7 @@ The only supported operation is Get. **CurrentSession/Volume** Required. The root node to contain all volumes protected by UWF in the current session. -**CurrentSession/Volume/****_Volume_** +**CurrentSession/Volume/***Volume* Optional. Represents a specific volume in the current session. **CurrentSession/Volume/*Volume*/Protected** @@ -108,7 +110,7 @@ The only supported operation is Get. **CurrentSession/Volume/*Volume*/Exclusions** Required. The root node that contains all file exclusions for the volume. -**CurrentSession/Volume/*Volume*/Exclusions/****_ExclusionPath_** +**CurrentSession/Volume/*Volume*/Exclusions/***ExclusionPath* Optional. A string that contains the full path of the file or folder relative to the volume. The only supported operation is Get. @@ -178,7 +180,7 @@ Required. The root node that contains all registry exclusions for the next sessi Supported operations are Add, Delete, and Replace. -**NextSession/RegistryExclusions/****_ExcludedRegistry_** +**NextSession/RegistryExclusions/***ExcludedRegistry* Optional. A registry key in the registry exclusion list for UWF. Supported operations are Add, Delete, Get, and Replace. @@ -191,7 +193,7 @@ Supported operations are Get and Replace. **NextSession/Volume** Required. The root node that contains all volumes protected by UWF for the next session. -**NextSession/Volume/****_Volume_** +**NextSession/Volume/***Volume* Optional. Represents a specific volume in the next session. Supported operations are Add, Delete, and Replace. @@ -214,7 +216,7 @@ The only supported operation is Get. **NextSession/Volume/*Volume*/Exclusions** Required. The root node that contains all file exclusions for this volume in the next session. -**NextSession/Volume/*Volume*/Exclusions/****_ExclusionPath_** +**NextSession/Volume/*Volume*/Exclusions/***ExclusionPath* Optional. A string that contains the full path of the file or folder relative to the volume. Supported operations are Add, Delete, Get, and Replace. @@ -239,9 +241,9 @@ Supported operations are Get and Execute. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index b2757575a6..032f82bfea 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -2,11 +2,13 @@ title: UnifiedWriteFilter DDF File description: UnifiedWriteFilter DDF File ms.assetid: 23A7316E-A298-43F7-9407-A65155C8CEA6 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 4b82f8c477..1c2165a735 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -2,11 +2,13 @@ title: Update CSP description: Update CSP ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 02/23/2018 --- @@ -29,7 +31,7 @@ The following diagram shows the Update configuration service provider in tree fo > [!NOTE] > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list. -

                                    The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update. +

                                    The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.

                                    The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (i.e., updates to the virus and spyware definitions on devices) and Security Updates (i.e., product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID. @@ -38,10 +40,10 @@ The following diagram shows the Update configuration service provider in tree fo

                                    Supported operations are Get and Add. -**ApprovedUpdates/****_Approved Update Guid_** +**ApprovedUpdates/***Approved Update Guid*

                                    Specifies the update GUID. -

                                    To auto-approve a class of updates, you can specify the [Update Classifications](https://go.microsoft.com/fwlink/p/?LinkId=526723) GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. +

                                    To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.

                                    Supported operations are Get and Add. @@ -60,7 +62,7 @@ The following diagram shows the Update configuration service provider in tree fo

                                    Supported operation is Get. -**FailedUpdates/****_Failed Update Guid_** +**FailedUpdates/***Failed Update Guid*

                                    Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install.

                                    Supported operation is Get. @@ -85,7 +87,7 @@ The following diagram shows the Update configuration service provider in tree fo

                                    Supported operation is Get. -**InstalledUpdates/****_Installed Update Guid_** +**InstalledUpdates/***Installed Update Guid*

                                    UpdateIDs that represent the updates installed on a device.

                                    Supported operation is Get. @@ -100,7 +102,7 @@ The following diagram shows the Update configuration service provider in tree fo

                                    Supported operation is Get. -**InstallableUpdates/****_Installable Update Guid_** +**InstallableUpdates/***Installable Update Guid*

                                    Update identifiers that represent the updates applicable and not installed on a device.

                                    Supported operation is Get. @@ -124,7 +126,7 @@ The following diagram shows the Update configuration service provider in tree fo

                                    Supported operation is Get. -**PendingRebootUpdates/****_Pending Reboot Update Guid_** +**PendingRebootUpdates/***Pending Reboot Update Guid*

                                    Update identifiers for the pending reboot state.

                                    Supported operation is Get. @@ -185,9 +187,9 @@ Added in Windows 10, version 1803. Returns the result of last RollBack FeatureUp [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index c4858fe6d8..ea12784169 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -2,11 +2,13 @@ title: Update DDF file description: Update DDF file ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index 1db424cd03..300711d733 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -2,11 +2,13 @@ title: Using PowerShell scripting with the WMI Bridge Provider description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the WMI Bridge Provider. ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index ef49ec3a51..7b8f154145 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -2,11 +2,13 @@ title: VPN CSP description: VPN CSP ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 04/02/2017 --- diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 79be87ff7f..3e277d92c5 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -2,11 +2,13 @@ title: VPN DDF file description: VPN DDF file ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index af1097e973..5fa7655902 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -2,11 +2,13 @@ title: VPNv2 CSP description: VPNv2 CSP ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 --- @@ -38,28 +40,28 @@ The following diagram shows the VPNv2 configuration service provider in tree for **Device or User profile** For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path. -**VPNv2/***ProfileName* +**VPNv2/**ProfileName Unique alpha numeric identifier for the profile. The profile name must not include a forward slash (/). Supported operations include Get, Add, and Delete. > **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. -**VPNv2/***ProfileName***/AppTriggerList** +**VPNv2/**ProfileName**/AppTriggerList** Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. -**VPNv2/***ProfileName***/AppTriggerList/***appTriggerRowId* +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/AppTriggerList/***appTriggerRowId***/App** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App** App Node under the Row Id. -**VPNv2/***ProfileName***/AppTriggerList/***appTriggerRowId***/App/Id** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field -**VPNv2/***ProfileName***/AppTriggerList/***appTriggerRowId***/App/Type** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** Returns the type of **App/Id**. This value can be either of the following: - PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application. @@ -67,34 +69,34 @@ Returns the type of **App/Id**. This value can be either of the following: Value type is chr. Supported operation is Get. -**VPNv2/***ProfileName***/RouteList/** +**VPNv2/**ProfileName**/RouteList/** Optional node. List of routes to be added to the routing table for the VPN interface. This is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Please check with your VPN server administrator to determine whether you need this information in the VPN profile. -**VPNv2/***ProfileName***/RouteList/***routeRowId* +**VPNv2/**ProfileName**/RouteList/**routeRowId A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/RouteList/***routeRowId***/Address** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/Address** Subnet address in IPv4/v6 address format which, along with the prefix will be used to determine the destination prefix to send via the VPN Interface. This is the IP address part of the destination prefix. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Example, `192.168.0.0` -**VPNv2/***ProfileName***/RouteList/***routeRowId***/PrefixSize** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/PrefixSize** The subnet prefix size part of the destination prefix for the route entry. This, along with the address will be used to determine the destination prefix to route through the VPN Interface. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/RouteList/***routeRowId***/Metric** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/Metric** Added in Windows 10, version 1607. The route's metric. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/RouteList/***routeRowId***/ExclusionRoute** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/ExclusionRoute** Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values: - False (default) - This route will direct traffic over the VPN @@ -102,17 +104,17 @@ Added in Windows 10, version 1607. A boolean value that specifies if the route Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DomainNameInformationList** +**VPNv2/**ProfileName**/DomainNameInformationList** Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile. The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId* +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId A sequential integer identifier for the Domain Name information. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/DomainName** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainName** Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types: - FQDN - Fully qualified domain name @@ -120,7 +122,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/DomainNameType** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** Returns the namespace type. This value can be one of the following: - FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host. @@ -128,21 +130,21 @@ Returns the namespace type. This value can be one of the following: Value type is chr. Supported operation is Get. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/DnsServers** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DnsServers** List of comma separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/WebProxyServers** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet. > **Note**  Currently only one web proxy server is supported. -  + Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/AutoTrigger** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN. If set to False, this DomainName rule will not trigger the VPN. @@ -153,7 +155,7 @@ By default, this value is false. Value type is bool. -**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/Persistent** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values: - False (default) - This DomainName rule will only be applied when VPN is connected. @@ -161,22 +163,22 @@ Added in Windows 10, version 1607. A boolean value that specifies if the rule b Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList** +**VPNv2/**ProfileName**/TrafficFilterList** An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface. > **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules. -  + When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId* +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/App** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App** Per app VPN rule. This will allow only the apps specified to be allowed over the VPN interface. Value type is chr. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/App/Id** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Id** App identity for the app-based traffic filter. The value for this node can be one of the following: @@ -187,48 +189,48 @@ The value for this node can be one of the following: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/App/Type** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Type** Returns the type of ID of the **App/Id**. Value type is chr. Supported operation is Get. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/Claims** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Claims** Reserved for future use. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/Protocol** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Protocol** Numeric value from 0-255 representing the IP protocol to allow. For example, TCP = 6 and UDP = 17. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/LocalPortRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges** A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`. > **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17. -  + Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/RemotePortRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges** A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`. > **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17. -  + Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/LocalAddressRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalAddressRanges** A list of comma separated values specifying local IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/RemoteAddressRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemoteAddressRanges** A list of comma separated values specifying remote IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/TrafficFilterList/***trafficFilterId***/RoutingPolicyType** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType** Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following: - SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces. @@ -238,19 +240,19 @@ This is only applicable for App ID based Traffic Filter rules. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/EdpModeId** +**VPNv2/**ProfileName**/EdpModeId** Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/RememberCredentials** +**VPNv2/**ProfileName**/RememberCredentials** Boolean value (true or false) for caching credentials. Default is false, which means do not cache credentials. If set to true, credentials are cached whenever possible. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/AlwaysOn** +**VPNv2/**ProfileName**/AlwaysOn** An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects. > **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active. @@ -271,7 +273,7 @@ Valid values: Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/LockDown** (./Device only profile) +**VPNv2/**ProfileName**/LockDown** (./Device only profile) Lockdown profile. Valid values: @@ -290,7 +292,7 @@ A Lockdown profile must be deleted before you can add, remove, or connect other Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DeviceTunnel** (./Device only profile) +**VPNv2/**ProfileName**/DeviceTunnel** (./Device only profile) Device tunnel profile. Valid values: @@ -308,7 +310,7 @@ A device tunnel profile must be deleted before another device tunnel profile can Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/RegisterDNS** +**VPNv2/**ProfileName**/RegisterDNS** Allows registration of the connection's address in DNS. Valid values: @@ -316,112 +318,112 @@ Valid values: - False = Do not register the connection's address in DNS (default). - True = Register the connection's addresses in DNS. -**VPNv2/***ProfileName***/DnsSuffix** +**VPNv2/**ProfileName**/DnsSuffix** Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/ByPassForLocal** +**VPNv2/**ProfileName**/ByPassForLocal** Reserved for future use. -**VPNv2/***ProfileName***/TrustedNetworkDetection** +**VPNv2/**ProfileName**/TrustedNetworkDetection** Optional. Comma separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/ProfileXML** +**VPNv2/**ProfileName**/ProfileXML** Added in Windows 10, version 1607. The XML schema for provisioning all the fields of a VPN. For the XSD, see [ProfileXML XSD](vpnv2-profile-xsd.md). Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/Proxy** +**VPNv2/**ProfileName**/Proxy** A collection of configuration objects to enable a post-connect proxy support for VPN. The proxy defined for this profile is applied when this profile is active and connected. -**VPNv2/***ProfileName***/Proxy/Manual** +**VPNv2/**ProfileName**/Proxy/Manual** Optional node containing the manual server settings. -**VPNv2/***ProfileName***/Proxy/Manual/Server** +**VPNv2/**ProfileName**/Proxy/Manual/Server** Optional. Proxy server address as a fully qualified hostname or an IP address. You should set this element together with Port. Example, proxy.contoso.com. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/Proxy/AutoConfigUrl** +**VPNv2/**ProfileName**/Proxy/AutoConfigUrl** Optional. URL to automatically retrieve the proxy settings. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/APNBinding** +**VPNv2/**ProfileName**/APNBinding** Reserved for future use. -**VPNv2/***ProfileName***/APNBinding/ProviderId** +**VPNv2/**ProfileName**/APNBinding/ProviderId** Reserved for future use. Optional node. -**VPNv2/***ProfileName***/APNBinding/AccessPointName** +**VPNv2/**ProfileName**/APNBinding/AccessPointName** Reserved for future use. -**VPNv2/***ProfileName***/APNBinding/UserName** +**VPNv2/**ProfileName**/APNBinding/UserName** Reserved for future use. -**VPNv2/***ProfileName***/APNBinding/Password** +**VPNv2/**ProfileName**/APNBinding/Password** Reserved for future use. -**VPNv2/***ProfileName***/APNBinding/IsCompressionEnabled** +**VPNv2/**ProfileName**/APNBinding/IsCompressionEnabled** Reserved for future use. -**VPNv2/***ProfileName***/APNBinding/AuthenticationType** +**VPNv2/**ProfileName**/APNBinding/AuthenticationType** Reserved for future use. -**VPNv2/***ProfileName***/DeviceCompliance** +**VPNv2/**ProfileName**/DeviceCompliance** Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN. -**VPNv2/***ProfileName***/DeviceCompliance/Enabled** +**VPNv2/**ProfileName**/DeviceCompliance/Enabled** Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory. Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DeviceCompliance/Sso** +**VPNv2/**ProfileName**/DeviceCompliance/Sso** Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication in the case of Device Compliance. -**VPNv2/***ProfileName***/DeviceCompliance/Sso/Enabled** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/Enabled** Added in Windows 10, version 1607. If this field is set to True, the VPN Client will look for a separate certificate for Kerberos Authentication. Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DeviceCompliance/Sso/IssuerHash** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/IssuerHash** Added in Windows 10, version 1607. Hashes for the VPN Client to look for the correct certificate for Kerberos Authentication. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/DeviceCompliance/Sso/Eku** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/Eku** Added in Windows 10, version 1607. Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/PluginProfile** +**VPNv2/**ProfileName**/PluginProfile** Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin. -**VPNv2/***ProfileName***/PluginProfile/ServerUrlList** +**VPNv2/**ProfileName**/PluginProfile/ServerUrlList** Required for plug-in profiles. Semicolon-separated list of servers in URL, hostname, or IP format. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/PluginProfile/CustomConfiguration** +**VPNv2/**ProfileName**/PluginProfile/CustomConfiguration** Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/PluginProfile/PluginPackageFamilyName** +**VPNv2/**ProfileName**/PluginProfile/PluginPackageFamilyName** Required for plug-in profiles. Package family name for the SSL-VPN plug-in. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/PluginProfile/CustomStoreUrl** +**VPNv2/**ProfileName**/PluginProfile/CustomStoreUrl** Reserved for future use. -**VPNv2/***ProfileName***/NativeProfile** +**VPNv2/**ProfileName**/NativeProfile** Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, L2TP). -**VPNv2/***ProfileName***/NativeProfile/Servers** +**VPNv2/**ProfileName**/NativeProfile/Servers** Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. @@ -430,7 +432,7 @@ You can make a list of server by making a list of server names (with optional fr Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/RoutingPolicyType** +**VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType** Optional for native profiles. Type of routing policy. This value can be one of the following: - SplitTunnel - Traffic can go over any interface as determined by the networking stack. @@ -438,7 +440,7 @@ Optional for native profiles. Type of routing policy. This value can be one of t Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/NativeProtocolType** +**VPNv2/**ProfileName**/NativeProfile/NativeProtocolType** Required for native profiles. Type of tunneling protocol used. This value can be one of the following: - PPTP @@ -450,10 +452,10 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. > **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: IKEv2, PPTP and then L2TP. This order is not customizable. -**VPNv2/***ProfileName***/NativeProfile/Authentication** +**VPNv2/**ProfileName**/NativeProfile/Authentication** Required node for native profile. It contains authentication information for the native VPN profile. -**VPNv2/***ProfileName***/NativeProfile/Authentication/UserMethod** +**VPNv2/**ProfileName**/NativeProfile/Authentication/UserMethod** This value can be one of the following: - EAP @@ -461,7 +463,7 @@ This value can be one of the following: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/Authentication/MachineMethod** +**VPNv2/**ProfileName**/NativeProfile/Authentication/MachineMethod** This is only supported in IKEv2. This value can be one of the following: @@ -470,32 +472,32 @@ This value can be one of the following: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Eap** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap** Required when the native profile specifies EAP authentication. EAP configuration XML. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Eap/Configuration** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Configuration** HTML encoded XML of the EAP configuration. For more information about EAP configuration XML, see [EAP configuration](eap-configuration.md). Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Eap/Type** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Type** Reserved for future use. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Certificate** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate** Reserved for future use. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Certificate/Issuer** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Issuer** Reserved for future use. -**VPNv2/***ProfileName***/NativeProfile/Authentication/Certificate/Eku** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Eku** Reserved for future use. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite** Added in Windows 10, version 1607. Properties of IPSec tunnels. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/AuthenticationTransformConstants** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/AuthenticationTransformConstants** Added in Windows 10, version 1607. The following list contains the valid values: @@ -509,7 +511,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/CipherTransformConstants** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/CipherTransformConstants** Added in Windows 10, version 1607. The following list contains the valid values: @@ -525,7 +527,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/EncryptionMethod** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/EncryptionMethod** Added in Windows 10, version 1607. The following list contains the valid values: @@ -540,7 +542,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/IntegrityCheckMethod** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/IntegrityCheckMethod** Added in Windows 10, version 1607. The following list contains the valid values: @@ -552,7 +554,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/DHGroup** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/DHGroup** Added in Windows 10, version 1607. The following list contains the valid values: @@ -566,7 +568,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/CryptographySuite/PfsGroup** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/PfsGroup** Added in Windows 10, version 1607. The following list contains the valid values: @@ -581,12 +583,12 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/L2tpPsk** +**VPNv2/**ProfileName**/NativeProfile/L2tpPsk** Added in Windows 10, version 1607. The preshared key used for an L2TP connection. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/***ProfileName***/NativeProfile/DisableClassBasedDefaultRoute** +**VPNv2/**ProfileName**/NativeProfile/DisableClassBasedDefaultRoute** Added in Windows 10, version 1607. Specifies the class based default routes. For example, if the interface IP begins with 10, it assumes a class a IP and pushes the route to 10.0.0.0/8 Value type is bool. Supported operations include Get, Add, Replace, and Delete. @@ -1314,9 +1316,9 @@ Servers [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index ffaae7d39e..fa270b2170 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -2,11 +2,13 @@ title: VPNv2 DDF file description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider. ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- @@ -4320,4 +4322,4 @@ The XML below is for Windows 10, version 1709. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 87b64762f7..2a971cb6c5 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -2,11 +2,13 @@ title: ProfileXML XSD description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 02/05/2018 --- @@ -132,7 +134,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 7ed090af21..e4c93ad525 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -2,11 +2,13 @@ title: w4 APPLICATION CSP description: w4 APPLICATION CSP ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 129f56db57..0a7adafa8c 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -2,11 +2,13 @@ title: w7 APPLICATION CSP description: w7 APPLICATION CSP ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index d19d79eaec..a9b74522ef 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -2,11 +2,13 @@ title: WiFi CSP description: WiFi CSP ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 10/24/2018 --- @@ -41,7 +43,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is Supported operation is Get. -****** +**** Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted. SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, ./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml. @@ -226,9 +228,9 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetw [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 71a6c46d45..df735b07d8 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -2,11 +2,13 @@ title: WiFi DDF file description: WiFi DDF file ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/28/2018 --- diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 543252e8f2..cb2908dda2 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -1,12 +1,14 @@ --- title: Win32 and Desktop Bridge app policy configuration description: Starting in Windows 10, version 1703, you can import ADMX files and set those ADMX-backed policies for Win32 and Desktop Bridge apps. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 +ms.reviewer: +manager: dansimp --- # Win32 and Desktop Bridge app policy configuration @@ -50,6 +52,9 @@ When the ADMX policies are imported, the registry keys to which each policy is w > [!Warning] > Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. +> [!NOTE] +> Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). + ## Ingesting an app ADMX file The following ADMX file example shows how to ingest a Win32 or Desktop Bridge app ADMX file and set policies from the file. The ADMX file defines eight policies. @@ -394,10 +399,10 @@ The policy {AreaName} format is {AppName}~{SettingType}~{CategoryPathFromAdmx}. {CategoryPathFromAdmx} is derived by traversing the parentCategory parameter. In this example, {CategoryPathFromAdmx} is ParentCategoryArea~Category2~Category3. Therefore, {AreaName} is ContosoCompanyApp~ Policy~ ParentCategoryArea~Category2~Category3. Therefore, from the example: - - Class: User - - Policy name: L_PolicyPreventRun_1 - - Policy area name: ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3 - - URI: `./user/Vendor/MSFT/Policy/Config/ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3/L_PolicyPreventRun_1` +- Class: User +- Policy name: L_PolicyPreventRun_1 +- Policy area name: ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3 +- URI: `./user/Vendor/MSFT/Policy/Config/ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3/L_PolicyPreventRun_1` ## ADMX-backed app policy examples diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index b7431d69f0..abcbb92914 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -2,11 +2,13 @@ title: Win32AppInventory CSP description: Win32AppInventory CSP ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -29,30 +31,30 @@ This represents an inventory of installed Win32 applications on the device. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram* +**Win32InstalledProgram/**InstalledProgram A node that contains information for a specific application. -**Win32InstalledProgram/***InstalledProgram***/Name** +**Win32InstalledProgram/**InstalledProgram**/Name** A string that specifies the name of the application. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/Publisher** +**Win32InstalledProgram/**InstalledProgram**/Publisher** A string that specifies the publisher of the application. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/Version** +**Win32InstalledProgram/**InstalledProgram**/Version** A string that specifies the version of the application. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/Language** +**Win32InstalledProgram/**InstalledProgram**/Language** A string that specifies the language of the application. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/RegKey** +**Win32InstalledProgram/**InstalledProgram**/RegKey** A string that specifies product code or registry subkey. For MSI-based applications this is the product code. @@ -61,17 +63,17 @@ For applications found in Add/Remove Programs, this is the registry subkey. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/Source** +**Win32InstalledProgram/**InstalledProgram**/Source** A string that specifies where the application was discovered, such as MSI or Add/Remove Programs. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/MsiProductCode** +**Win32InstalledProgram/**InstalledProgram**/MsiProductCode** A GUID that uniquely identifies a particular MSI product. The supported operation is Get. -**Win32InstalledProgram/***InstalledProgram***/MsiPackageCode** +**Win32InstalledProgram/**InstalledProgram**/MsiPackageCode** A GUID that identifies an MSI package. Multiple products can make up a single package. The supported operation is Get. @@ -81,9 +83,9 @@ The supported operation is Get. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 9521871934..5e44fb6db0 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -2,11 +2,13 @@ title: Win32AppInventory DDF file description: Win32AppInventory DDF file ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index d519cb965d..f4394c7d54 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -1,12 +1,14 @@ --- title: Win32CompatibilityAppraiser CSP description: -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/19/2018 +ms.reviewer: +manager: dansimp --- # Win32CompatibilityAppraiser CSP @@ -612,4 +614,4 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index 1b6e03919f..b2712fa5f5 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -1,12 +1,14 @@ --- title: Win32CompatibilityAppraiser DDF file description: XML file containing the device description framework -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/19/2018 +ms.reviewer: +manager: dansimp --- # Win32CompatibilityAppraiser DDF file @@ -534,4 +536,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index c33b128242..75f0d91a1b 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management' - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings' ms.assetid: 92711D65-3022-4789-924B-602BE3187E23 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 642dc9ac95..6ae22efd72 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -2,11 +2,13 @@ title: WindowsAdvancedThreatProtection CSP description: WindowsAdvancedThreatProtection CSP ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 11/01/2017 --- @@ -231,9 +233,9 @@ The following list describes the characteristics and parameters. [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index eee40a5341..3764799784 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -2,11 +2,13 @@ title: WindowsAdvancedThreatProtection DDF file description: WindowsAdvancedThreatProtection DDF file ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index b0bf8c6cf3..0b9e8aa3aa 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -1,12 +1,14 @@ --- title: WindowsDefenderApplicationGuard CSP description: WindowsDefenderApplicationGuard CSP -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/10/2018 +ms.reviewer: +manager: dansimp --- # WindowsDefenderApplicationGuard CSP @@ -48,7 +50,7 @@ This policy setting allows you to decide how the clipboard behaves while in Appl - 2 - Turns On clipboard operation from the host to an isolated session - 3 - Turns On clipboard operation in both the directions -> [!Important] +> [!IMPORTANT] > Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended. **Settings/PrintingSettings** @@ -126,7 +128,7 @@ If you enable this policy, applications inside Windows Defender Application Guar If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device. -> [!Important] +> [!IMPORTANT] > If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed. **Status** diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index eff9174d89..6b319f1404 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -1,12 +1,14 @@ --- title: WindowsDefenderApplicationGuard DDF file description: WindowsDefenderApplicationGuard DDF file -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 09/10/2018 +ms.reviewer: +manager: dansimp --- # WindowsDefenderApplicationGuard DDF file @@ -478,4 +480,4 @@ This XML is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index e9ec81150e..f5372d05f6 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -2,11 +2,13 @@ title: WindowsLicensing CSP description: WindowsLicensing CSP ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 08/15/2018 --- @@ -29,10 +31,10 @@ The supported operation is Get. **UpgradeEditionWithProductKey** Enters a product key for an edition upgrade of Windows 10 desktop devices. -> [!NOTE]   +> [!NOTE] > This upgrade process requires a system restart. -  + The date type is a chr. @@ -42,10 +44,10 @@ When a product key is pushed from an MDM server to a user's device, **changepk.e After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade. -> [!IMPORTANT]   +> [!IMPORTANT] > If another policy requires a system reboot that occurs when **changepk.exe** is running, the edition upgrade will fail. -  + If a product key is entered in a provisioning package and the user begins installation of the package, a notification is shown to the user that their system will restart to complete the package installation. Upon explicit consent from the user to proceed, the package continues installation and **changepk.exe** runs using the product key. The user will receive a reminder notification 30 seconds before the automatic restart. @@ -53,10 +55,10 @@ After the device restarts, the edition upgrade process completes. The user will This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key does not require a reboot and is a silent process for the user. -> [!IMPORTANT]   +> [!IMPORTANT] > The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal. -  + The following are valid edition upgrade paths when using this node through an MDM: @@ -95,19 +97,19 @@ The supported operation is Get. **UpgradeEditionWithLicense** Provides a license for an edition upgrade of Windows 10 mobile devices. -> [!NOTE]   +> [!NOTE] > This upgrade process does not require a system restart. -  + The date type is XML. The supported operation is Execute. -> [!IMPORTANT]   +> [!IMPORTANT] > The XML license file contents must be properly escaped (that is, it should not simply be a copied XML), otherwise the edition upgrade on Windows 10 mobile devices will fail. For more information on proper escaping of the XML license file, see Section 2.4 of the [W3C XML spec](http://www.w3.org/TR/xml/) . The XML license file is acquired from the Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal. -  + The following are valid edition upgrade paths when using this node through an MDM or provisioning package: @@ -214,10 +216,10 @@ Values: ``` -> [!NOTE]   +> [!NOTE] > `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key. -  + **Edition** @@ -295,10 +297,10 @@ Values: ``` -> [!NOTE]   +> [!NOTE] > `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key. -  + **UpgradeEditionWithLicense** @@ -461,9 +463,9 @@ Values: [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index c96286763c..82afb39947 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -2,11 +2,13 @@ title: WindowsLicensing DDF file description: WindowsLicensing DDF file ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 07/16/2017 --- @@ -394,4 +396,4 @@ The XML below is for Windows 10, version 1809. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index 74aa8f8b40..ea9dd8e10a 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -2,11 +2,13 @@ title: WindowsSecurityAuditing CSP description: The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511. ms.assetid: 611DF7FF-21CE-476C-AAB5-3D09C1CDF08A -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index 666177f587..d5b309a9ab 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -2,11 +2,13 @@ title: WindowsSecurityAuditing DDF file description: This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511. ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0 -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index baade346a3..c5727c4674 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -1,12 +1,14 @@ --- title: WiredNetwork CSP description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/27/2018 +ms.reviewer: +manager: dansimp --- # WiredNetwork CSP @@ -31,4 +33,4 @@ Supported operations are Add, Get, Replace, and Delete. Value type is string. **EnableBlockPeriod** Optional. Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt. -Supported operations are Add, Get, Replace, and Delete. Value type is integer. \ No newline at end of file +Supported operations are Add, Get, Replace, and Delete. Value type is integer. diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md index 1fbdc8f4c3..d47048db2f 100644 --- a/windows/client-management/mdm/wirednetwork-ddf-file.md +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -1,12 +1,14 @@ --- title: WiredNetwork DDF file description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. -ms.author: maricia +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/28/2018 +ms.reviewer: +manager: dansimp --- # WiredNetwork DDF file @@ -164,4 +166,4 @@ The XML below is the current version for this CSP. -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 55704baa15..4d421e7c6a 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -5,11 +5,13 @@ MS-HAID: - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' ms.assetid: 7D533044-AAD7-4B8F-B71B-9D52C15A168A -ms.author: maricia +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque +author: manikadhiman ms.date: 06/26/2017 --- @@ -19,7 +21,7 @@ Windows Management Infrastructure (WMI) providers (and the classes they support) > **Note**  Applications installed using WMI classes are not removed when the MDM account is removed from device. -  + The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query. @@ -67,55 +69,55 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro -[MDM_AppInstallJob](https://msdn.microsoft.com/library/windows/hardware/dn610368) +MDM_AppInstallJob

                                    Currently testing.

                                    -[MDM_Application](https://msdn.microsoft.com/library/windows/hardware/dn610369) +MDM_Application

                                    Currently testing.

                                    -[MDM_ApplicationFramework](https://msdn.microsoft.com/library/windows/hardware/dn610370) +MDM_ApplicationFramework

                                    Currently testing.

                                    -[MDM_ApplicationSetting](https://msdn.microsoft.com/library/windows/hardware/dn610382) +MDM_ApplicationSetting

                                    Currently testing.

                                    -[MDM_BrowserSecurityZones](https://msdn.microsoft.com/library/windows/hardware/dn610383) +MDM_BrowserSecurityZones cross mark -[MDM_BrowserSettings](https://msdn.microsoft.com/library/windows/hardware/dn610384) +MDM_BrowserSettings cross mark -[MDM_Certificate](https://msdn.microsoft.com/library/windows/hardware/dn610385) +MDM_Certificate cross mark -[MDM_CertificateEnrollment](https://msdn.microsoft.com/library/windows/hardware/dn610386) +MDM_CertificateEnrollment cross mark -[MDM_Client](https://msdn.microsoft.com/library/windows/hardware/dn610387) +MDM_Client

                                    Currently testing.

                                    -[MDM_ConfigSetting](https://msdn.microsoft.com/library/windows/hardware/dn610388) +MDM_ConfigSetting cross mark -[MDM_DeviceRegistrationInfo](https://msdn.microsoft.com/library/windows/hardware/dn610389) +MDM_DeviceRegistrationInfo -[MDM_EASPolicy](https://msdn.microsoft.com/library/windows/hardware/dn610390) +MDM_EASPolicy cross mark -[MDM_MgMtAuthority](https://msdn.microsoft.com/library/windows/hardware/dn610391) +MDM_MgMtAuthority cross mark @@ -127,39 +129,39 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro -[MDM_RemoteApplication](https://msdn.microsoft.com/library/windows/hardware/dn610371) +MDM_RemoteApplication

                                    Test not started.

                                    -[MDM_RemoteAppUseCookie](https://msdn.microsoft.com/library/windows/hardware/dn610372) +MDM_RemoteAppUseCookie

                                    Test not started.

                                    -[MDM_Restrictions](https://msdn.microsoft.com/library/windows/hardware/dn610392) +MDM_Restrictions cross mark -[MDM_RestrictionsUser](https://msdn.microsoft.com/library/windows/hardware/dn610393) +MDM_RestrictionsUser

                                    Test not started.

                                    -[MDM_SecurityStatus](https://msdn.microsoft.com/library/windows/hardware/dn610394) +MDM_SecurityStatus cross mark -[MDM_SideLoader](https://msdn.microsoft.com/library/windows/hardware/dn610395) +MDM_SideLoader -[MDM_SecurityStatusUser](https://msdn.microsoft.com/library/windows/hardware/dn920104) +MDM_SecurityStatusUser

                                    Currently testing.

                                    -[MDM_Updates](https://msdn.microsoft.com/library/windows/hardware/dn920105) +MDM_Updates cross mark -[MDM_VpnApplicationTrigger](https://msdn.microsoft.com/library/windows/hardware/dn610396) +MDM_VpnApplicationTrigger cross mark @@ -167,45 +169,45 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro -[MDM_WebApplication](https://msdn.microsoft.com/library/windows/hardware/dn610373) +MDM_WebApplication

                                    Currently testing.

                                    -[MDM_WirelessProfile](https://msdn.microsoft.com/library/windows/hardware/dn610397) +MDM_WirelessProfile cross mark -[MDM_WirelesssProfileXML](https://msdn.microsoft.com/library/windows/hardware/dn610398) +MDM_WirelesssProfileXML cross mark -[MDM_WNSChannel](https://msdn.microsoft.com/library/windows/hardware/dn610399) +MDM_WNSChannel cross mark -[MDM_WNSConfiguration](https://msdn.microsoft.com/library/windows/hardware/dn610400) +MDM_WNSConfiguration cross mark -[MSFT_NetFirewallProfile](https://msdn.microsoft.com/library/windows/hardware/jj676842) +MSFT_NetFirewallProfile cross mark -[MSFT_VpnConnection](https://msdn.microsoft.com/library/windows/hardware/jj206647) +MSFT_VpnConnection cross mark -[SoftwareLicensingProduct](https://msdn.microsoft.com/library/windows/hardware/cc534596) +SoftwareLicensingProduct -[SoftwareLicensingService](https://msdn.microsoft.com/library/windows/hardware/cc534597) +SoftwareLicensingService -  + ### Parental control WMI classes @@ -222,7 +224,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro | [**wpcusersettings**](https://msdn.microsoft.com/library/windows/hardware/ms711334) | ![cross mark](images/checkmark.png) | | [**wpcwebsettings**](https://msdn.microsoft.com/library/windows/hardware/ms711334) | ![cross mark](images/checkmark.png) | -  + ### Win32 WMI classes @@ -296,16 +298,16 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro [**Win32\_UTCTime**](https://msdn.microsoft.com/library/windows/hardware/aa394510) | ![cross mark](images/checkmark.png) [**Win32\_VideoController**](https://msdn.microsoft.com/library/windows/hardware/aa394505) | **Win32\_WindowsUpdateAgentVersion** | -  + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) -  + -  + 10/10/2016 diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 7d77e94d7d..2c02926ece 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -2,11 +2,14 @@ title: New policies for Windows 10 (Windows 10) description: Windows 10 includes the following new policies for management. ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["MDM", "Group Policy"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 10/24/2017 ms.topic: reference @@ -254,6 +257,7 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId= ## Related topics +[Group Policy Settings Reference Spreadsheet Windows 1803](https://www.microsoft.com/download/details.aspx?id=56946) [Manage corporate devices](manage-corporate-devices.md) diff --git a/windows/client-management/reset-a-windows-10-mobile-device.md b/windows/client-management/reset-a-windows-10-mobile-device.md index dbd44ec56d..945ba0f15a 100644 --- a/windows/client-management/reset-a-windows-10-mobile-device.md +++ b/windows/client-management/reset-a-windows-10-mobile-device.md @@ -2,11 +2,14 @@ title: Reset a Windows 10 Mobile device (Windows 10) description: There are two methods for resetting a Windows 10 Mobile device factory reset and \ 0034;wipe and persist \ 0034; reset. ms.assetid: B42A71F4-DFEE-4D6E-A904-7942D1AAB73F +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index 349f5fce9f..1117085ca7 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -5,10 +5,12 @@ ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/11/2018 +ms.reviewer: +manager: dansimp --- # Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device @@ -61,7 +63,7 @@ A list of the physical disks that are attached to the computer should be display Disk 0 Online **size* GB 0 B * ``` -If the computer uses a Unified Extensible Firmware Interface (UEFI) startup interface, there will be an asterisk (*) in the **GPT** column. +If the computer uses a Unified Extensible Firmware Interface (UEFI) startup interface, there will be an asterisk () in the **GPT* column. If the computer uses a basic input/output system (BIOS) interface, there will not be an asterisk in the **Dyn** column. @@ -92,28 +94,28 @@ Check whether the Boot Configuration Database (BCD) has all the correct entries. To verify the BCD entries: -1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path** entries point to the correct device and boot loader file. +1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path** entries point to the correct device and boot loader file. - An example output if the computer is UEFI-based: + An example output if the computer is UEFI-based: - ``` - device partition=\Device\HarddiskVolume2 - path \EFI\Microsoft\Boot\bootmgfw.efi - ``` + ``` + device partition=\Device\HarddiskVolume2 + path \EFI\Microsoft\Boot\bootmgfw.efi + ``` - An example output if the machine is BIOS based: - ``` - Device partition=C: - ``` - >[!NOTE] - >This output may not contain a path. + An example output if the machine is BIOS based: + ``` + Device partition=C: + ``` + >[!NOTE] + >This output may not contain a path. -2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device** , **path** , **osdevice,** and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. +2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device** , **path** , **osdevice,** and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder. - >[!NOTE] - >If the computer is UEFI-based, the **bootmgr** and **winload** entires under **{default}** will contain an **.efi** extension. + >[!NOTE] + >If the computer is UEFI-based, the **bootmgr** and **winload** entires under **{default}** will contain an **.efi** extension. - ![bcdedit](images/screenshot1.png) + ![bcdedit](images/screenshot1.png) If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that is named **bcdbackup** . To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup** . @@ -136,20 +138,20 @@ D:\> Mkdir BootBackup R:\> Copy *.* D:\BootBackup ``` -2. If you are using Windows 10, or if you are troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, as follows: +2. If you are using Windows 10, or if you are troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, as follows: - ```cmd - Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL - ``` + ```cmd + Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL + ``` - For example: if we assign the ,System Drive> (WinRE drive) the letter R and the is the letter D, this command would be the following: + For example: if we assign the ,System Drive> (WinRE drive) the letter R and the is the letter D, this command would be the following: - ```cmd - Bcdboot D:\windows /s R: /f ALL - ``` + ```cmd + Bcdboot D:\windows /s R: /f ALL + ``` - >[!NOTE] - >The **ALL** part of the **bcdboot** command writes all the boot files (both UEFI and BIOS) to their respective locations. + >[!NOTE] + >The **ALL** part of the **bcdboot** command writes all the boot files (both UEFI and BIOS) to their respective locations. If you do not have a Windows 10 ISO, you must format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do this, follow these steps: @@ -237,14 +239,14 @@ copy OSdrive:\Windows\System32\config\RegBack\SYSTEM OSdrive:\Windows\System32\c Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they do not exist on another, similar working computer. if they do exist, remove the upper and lower filter drivers: -1. Expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001\Control**. +1. Expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001\Control**. -2. Look for any **UpperFilters** or **LowerFilters** entries. +2. Look for any **UpperFilters** or **LowerFilters** entries. - >[!NOTE] - >These filters are mainly related to storage. After you expand the **Control** key in the registry, you can search for **UpperFilters** and **LowerFilters**. + >[!NOTE] + >These filters are mainly related to storage. After you expand the **Control** key in the registry, you can search for **UpperFilters** and **LowerFilters**. - The following are some of the different registry entries in which you may find these filter drivers. These entries are located under **ControlSet** and are designated as **Default** : + The following are some of the different registry entries in which you may find these filter drivers. These entries are located under **ControlSet** and are designated as **Default** : \Control\Class\\{4D36E96A-E325-11CE-BFC1-08002BE10318} diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md index 184a70c8f0..9562483162 100644 --- a/windows/client-management/troubleshoot-networking.md +++ b/windows/client-management/troubleshoot-networking.md @@ -1,12 +1,14 @@ --- title: Advanced troubleshooting for Windows networking +ms.reviewer: +manager: dansimp description: Learn how to troubleshoot networking ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp --- # Advanced troubleshooting for Windows networking @@ -31,4 +33,4 @@ The following topics are available to help you troubleshoot common problems rela [Network Monitor](https://docs.microsoft.com/windows/desktop/netmon2/network-monitor)
                                    [RPC and the network](https://docs.microsoft.com/windows/desktop/rpc/rpc-and-the-network)
                                    [How RPC works](https://docs.microsoft.com/windows/desktop/rpc/how-rpc-works)
                                    -[NPS reason codes](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
                                    \ No newline at end of file +[NPS reason codes](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
                                    diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 75df2a087d..42fb6ef17e 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -1,13 +1,15 @@ --- title: Advanced troubleshooting for Stop error or blue screen error issue +ms.reviewer: +manager: dansimp description: Learn how to troubleshoot Stop error or blue screen issues. ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp --- # Advanced troubleshooting for Stop error or blue screen error issue @@ -42,18 +44,18 @@ To troubleshoot Stop error messages, follow these general steps: a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: - - [Windows 10, version 1809](https://support.microsoft.com/help/4464619) - - [Windows 10, version 1803](https://support.microsoft.com/help/4099479) - - [Windows 10, version 1709](https://support.microsoft.com/help/4043454) - - [Windows 10, version 1703](https://support.microsoft.com/help/4018124) - - [Windows Server 2016 and Windows 10, version 1607](https://support.microsoft.com/help/4000825) - - [Windows 10, version 1511](https://support.microsoft.com/help/4000824) - - [Windows Server 2012 R2 and Windows 8.1](https://support.microsoft.com/help/4009470) - - [Windows Server 2008 R2 and Windows 7 SP1](https://support.microsoft.com/help/4009469) + - [Windows 10, version 1809](https://support.microsoft.com/help/4464619) + - [Windows 10, version 1803](https://support.microsoft.com/help/4099479) + - [Windows 10, version 1709](https://support.microsoft.com/help/4043454) + - [Windows 10, version 1703](https://support.microsoft.com/help/4018124) + - [Windows Server 2016 and Windows 10, version 1607](https://support.microsoft.com/help/4000825) + - [Windows 10, version 1511](https://support.microsoft.com/help/4000824) + - [Windows Server 2012 R2 and Windows 8.1](https://support.microsoft.com/help/4009470) + - [Windows Server 2008 R2 and Windows 7 SP1](https://support.microsoft.com/help/4009469) - b. Make sure that the BIOS and firmware are up-to-date. + b. Make sure that the BIOS and firmware are up-to-date. - c. Run any relevant hardware and memory tests. + c. Run any relevant hardware and memory tests. 3. Run the [Machine Memory Dump Collector](https://home.diagnostics.support.microsoft.com/selfhelp?knowledgebasearticlefilter=2027760&wa=wsignin1.0) Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions. @@ -63,18 +65,18 @@ To troubleshoot Stop error messages, follow these general steps: 6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios: - - The error message indicates that a specific driver is causing the problem. - - You are seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash. - - You have made any software or hardware changes. + - The error message indicates that a specific driver is causing the problem. + - You are seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash. + - You have made any software or hardware changes. - >[!NOTE] - >If there are no updates available from a specific manufacturer, it is recommended that you disable the related service. - > - >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135) - > - >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071). - > - >You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll Back a Device Driver to a Previous Version](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)). + >[!NOTE] + >If there are no updates available from a specific manufacturer, it is recommended that you disable the related service. + > + >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135) + > + >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071). + > + >You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll Back a Device Driver to a Previous Version](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)). ### Memory dump collection diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md index ba947f741a..cff5317a5f 100644 --- a/windows/client-management/troubleshoot-tcpip-connectivity.md +++ b/windows/client-management/troubleshoot-tcpip-connectivity.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot TCP/IP connectivity. ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Troubleshoot TCP/IP connectivity @@ -106,4 +108,4 @@ You can then review the Security event logs to see for a packet drop on a partic Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. Once you open this file and filter for the ID you find in the above event (2944008), you will be able to see a firewall rule name associated with this ID which is blocking the connection. -![Screenshot of wfpstate.xml file](images/tcp-ts-13.png) \ No newline at end of file +![Screenshot of wfpstate.xml file](images/tcp-ts-13.png) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 5863c1b847..739c11d55d 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -4,10 +4,12 @@ description: Learn how to run Network Monitor to collect data for troubleshootin ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Collect data using Network Monitor diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md index 8fb6da7063..2049a34777 100644 --- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md +++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot port exhaustion issues. ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Troubleshoot port exhaustion issues @@ -99,15 +101,17 @@ You may also see CLOSE_WAIT state connections in the same output, however CLOSE_ >[!Note] >Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion. > ->Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state. An update for Windows 8.1 and Windows Server 2012R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports. +>Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state. An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports. +> +>Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more. -4. Open a command prompt in admin mode and run the below command +4. Open a command prompt in admin mode and run the below command - ```cmd - Netsh trace start scenario=netconnection capture=yes tracefile=c:\Server.etl - ``` + ```cmd + Netsh trace start scenario=netconnection capture=yes tracefile=c:\Server.etl + ``` -5. Open the server.etl file with [Network Monitor](troubleshoot-tcpip-netmon.md) and in the filter section, apply the filter **Wscore_MicrosoftWindowsWinsockAFD.AFD_EVENT_BIND.Status.LENTStatus.Code == 0x209**. You should see entries which say **STATUS_TOO_MANY_ADDRESSES**. If you do not find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion. +5. Open the server.etl file with [Network Monitor](troubleshoot-tcpip-netmon.md) and in the filter section, apply the filter **Wscore_MicrosoftWindowsWinsockAFD.AFD_EVENT_BIND.Status.LENTStatus.Code == 0x209**. You should see entries which say **STATUS_TOO_MANY_ADDRESSES**. If you do not find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion. ## Troubleshoot Port exhaustion @@ -192,5 +196,5 @@ goto loop - [Port Exhaustion and You!](https://blogs.technet.microsoft.com/askds/2008/10/29/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend/) - this article gives a detail on netstat states and how you can use netstat output to determine the port status -- [Detecting ephemeral port exhaustion](https://blogs.technet.microsoft.com/clinth/2013/08/09/detecting-ephemeral-port-exhaustion/): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10) +- [Detecting ephemeral port exhaustion](https://blogs.technet.microsoft.com/yongrhee/2018/01/09/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes/): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10) diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index c747c000a8..7022b0feb4 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot Remote Procedure Call (RPC) errors ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Troubleshoot Remote Procedure Call (RPC) errors @@ -18,7 +20,7 @@ You might encounter an **RPC server unavailable** error when connecting to Windo This is a commonly encountered error message in the networking world and one can lose hope very fast without trying to understand much, as to what is happening ‘under the hood’. -Before getting in to troubleshooting the **RPC server unavailable*- error, let’s first understand basics about the error. There are a few important terms to understand: +Before getting in to troubleshooting the *RPC server unavailable- error, let’s first understand basics about the error. There are a few important terms to understand: - Endpoint mapper – a service listening on the server, which guides client apps to server apps by port and UUID. - Tower – describes the RPC protocol, to allow the client and server to negotiate a connection. @@ -111,24 +113,24 @@ The best thing to always troubleshoot RPC issues before even getting in to trace Portqry.exe -n -e 135 ``` -This would give you a lot of output to look for, but you should be looking for **ip_tcp*- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”: +This would give you a lot of output to look for, but you should be looking for *ip_tcp- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”: ```cmd Portqry.exe -n 169.254.0.2 -e 135 ``` Partial output below: ->Querying target system called: ->169.254.0.2 ->Attempting to resolve IP address to a name... ->IP address resolved to RPCServer.contoso.com ->querying... ->TCP port 135 (epmap service): LISTENING ->Using ephemeral source port ->Querying Endpoint Mapper Database... ->Server's response: ->UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d ->ncacn_ip_tcp:169.254.0.10**[49664]** +> Querying target system called: +> 169.254.0.2 +> Attempting to resolve IP address to a name... +> IP address resolved to RPCServer.contoso.com +> querying... +> TCP port 135 (epmap service): LISTENING +> Using ephemeral source port +> Querying Endpoint Mapper Database... +> Server's response: +> UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d +> ncacn_ip_tcp:169.254.0.10[49664] The one in bold is the ephemeral port number that you made a connection to successfully. @@ -138,14 +140,14 @@ The one in bold is the ephemeral port number that you made a connection to succe You can run the commands below to leverage Windows inbuilt netsh captures, to collect a simultaneous trace. Remember to execute the below on an “Admin CMD”, it requires elevation. - On the client -```cmd -Netsh trace start scenario=netconnection capture=yes tracefile=c:\client_nettrace.etl maxsize=512 overwrite=yes report=yes -``` + ```cmd + Netsh trace start scenario=netconnection capture=yes tracefile=c:\client_nettrace.etl maxsize=512 overwrite=yes report=yes + ``` - On the Server -```cmd -Netsh trace start scenario=netconnection capture=yes tracefile=c:\server_nettrace.etl maxsize=512 overwrite=yes report=yes -``` + ```cmd + Netsh trace start scenario=netconnection capture=yes tracefile=c:\server_nettrace.etl maxsize=512 overwrite=yes report=yes + ``` Now try to reproduce your issue from the client machine and as soon as you feel the issue has been reproduced, go ahead and stop the traces using the command ```cmd diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md index f758b36a67..b6a0283109 100644 --- a/windows/client-management/troubleshoot-tcpip.md +++ b/windows/client-management/troubleshoot-tcpip.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot TCP/IP issues. ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Advanced troubleshooting for TCP/IP issues @@ -17,4 +19,4 @@ In these topics, you will learn how to troubleshoot common problems in a TCP/IP - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) - [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md) -- [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) \ No newline at end of file +- [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 81c672993c..31c0d456f6 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -1,20 +1,22 @@ --- title: Advanced troubleshooting for Windows-based computer freeze issues +ms.reviewer: +manager: dansimp description: Learn how to troubleshoot computer freeze issues. ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp --- # Advanced troubleshooting for Windows-based computer freeze issues This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues. -> [!Note] +> [!NOTE] > The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. ## Identify the problem @@ -74,69 +76,69 @@ To collect data for a server freeze, check the following table, and use one or m ### Method 1: Memory dump -> [!Note] +> [!NOTE] > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected. If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump. -> [!Note] +> [!NOTE] > If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process. -1. Make sure that the computer is set up to get a complete memory dump file. To do this, follow these steps: +1. Make sure that the computer is set up to get a complete memory dump file. To do this, follow these steps: - 1. Go to **Run** and enter `Sysdm.cpl`, and then press enter. + 1. Go to **Run** and enter `Sysdm.cpl`, and then press enter. - 2. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**, and then check or change the virtual memory by clicking **Change**. + 2. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**, and then check or change the virtual memory by clicking **Change**. - 2. Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**. + 2. Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**. - 3. In the **Write Debugging Information** section, select **Complete Memory Dump**. + 3. In the **Write Debugging Information** section, select **Complete Memory Dump**. - > [!Note] - > For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD): - >**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled** + > [!NOTE] + > For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD): + >**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled** - 4. Select **Overwrite any existing file**. + 4. Select **Overwrite any existing file**. - 5. Make sure that there's a paging file (pagefile.sys) on the system drive and that it’s at least 100 megabytes (MB) over the installed RAM (Initial and Maximum Size). + 5. Make sure that there's a paging file (pagefile.sys) on the system drive and that it’s at least 100 megabytes (MB) over the installed RAM (Initial and Maximum Size). - Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008). + Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008). - 6. Make sure that there's more available space on the system drive than there is physical RAM. + 6. Make sure that there's more available space on the system drive than there is physical RAM. -2. Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: +2. Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: - 1. Go to Registry Editor, and then locate the following registry keys: + 1. Go to Registry Editor, and then locate the following registry keys: * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` - 2. Create the following CrashOnCtrlScroll registry entry in the two registry keys: + 2. Create the following CrashOnCtrlScroll registry entry in the two registry keys: - - **Value Name**: `CrashOnCtrlScroll` - - **Data Type**: `REG_DWORD` - - **Value**: `1` + - **Value Name**: `CrashOnCtrlScroll` + - **Data Type**: `REG_DWORD` + - **Value**: `1` - 3. Exit Registry Editor. + 3. Exit Registry Editor. - 4. Restart the computer. + 4. Restart the computer. -3. On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump. +3. On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump. - To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change. + To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change. - > [!Note] - > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146). + > [!NOTE] + > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146). -4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file. +4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file. - > [!Note] - > By default, the dump file is located in the following path:
                                    - > %SystemRoot%\MEMORY.DMP + > [!NOTE] + > By default, the dump file is located in the following path:
                                    + > %SystemRoot%\MEMORY.DMP ### Method 2: Data sanity check @@ -185,65 +187,65 @@ The Performance Monitor log is located in the path: C:\PERFLOGS #### Use memory dump to collect data for the physical computer that's running in a frozen state -> [!Warning] +> [!WARNING] > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump: -1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps: - > [!Note] - > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified. +1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps: + > [!NOTE] + > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified. - 1. Try to access the desktop of the computer by any means. + 1. Try to access the desktop of the computer by any means. - > [!Note] - > In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured. + > [!NOTE] + > In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured. - 2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: + 2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: - * ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled` + * ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled` - Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`. + Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`. - * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump` + * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump` - On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management capabilities (such as DRAC, iLo, and RSA). + On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management capabilities (such as DRAC, iLo, and RSA). - * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles` + * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles` - If the value of the **Pagefile** registry entry is system managed, the size won't be reflected in the registry (Example value: ?:\pagefile.sys). + If the value of the **Pagefile** registry entry is system managed, the size won't be reflected in the registry (Example value: ?:\pagefile.sys). - If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size. + If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size. - > [!Note] - > If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$). + > [!NOTE] + > If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$). - 3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM. + 3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM. - 4. Make sure that there's more free space on the hard disk drives of the computer than there is physical RAM. + 4. Make sure that there's more free space on the hard disk drives of the computer than there is physical RAM. -2. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: +2. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: - 1. From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the concerned computer and locate the following registry keys: + 1. From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the concerned computer and locate the following registry keys: - * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` + * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` - * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` + * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` - 2. Create the following CrashOnCtrlScroll registry entry in the two registry keys: + 2. Create the following CrashOnCtrlScroll registry entry in the two registry keys: - **Value Name**: `CrashOnCtrlScroll` - **Data Type**: `REG_DWORD` - **Value**: `1` + **Value Name**: `CrashOnCtrlScroll` + **Data Type**: `REG_DWORD` + **Value**: `1` - 3. Exit Registry Editor. + 3. Exit Registry Editor. - 4. Restart the computer. + 4. Restart the computer. -3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump. - > [!Note] - > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP +3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump. + > [!NOTE] + > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP ### Use Pool Monitor to collect data for the physical computer that is no longer frozen @@ -265,7 +267,7 @@ To debug the virtual machines on Hyper-V, run the following cmdlet in Windows Po Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname ``` -> [!Note] +> [!NOTE] > This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section. #### VMware @@ -282,4 +284,4 @@ On Windows Server 2008, you may not have enough free disk space to generate a co Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028). -For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). \ No newline at end of file +For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md index 47d03fef10..1dcdb40a64 100644 --- a/windows/client-management/troubleshoot-windows-startup.md +++ b/windows/client-management/troubleshoot-windows-startup.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot Windows start-up issues. ms.prod: w10 ms.sitesec: library ms.topic: troubleshooting -author: kaushika-msft +author: dansimp ms.localizationpriority: medium -ms.author: kaushika +ms.author: dansimp ms.date: +ms.reviewer: +manager: dansimp --- # Advanced troubleshooting for Windows start-up issues diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index b206069663..f78666d243 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -2,13 +2,16 @@ title: Windows 10 Mobile deployment and management guide (Windows 10) description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: Mobile, diagnostic data, BYOD, MDM ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile, devices, security ms.localizationpriority: medium -author: AMeeus +author: dansimp ms.date: 01/26/2019 ms.topic: article --- @@ -307,13 +310,13 @@ In addition to SCEP certificate management, Windows 10 Mobile supports deploymen Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile). Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently. ->**Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you: -- View a summary of all personal certificates -- View the details of individual certificates -- View the certificates used for VPN, Wi-Fi, and email authentication -- Identify which certificates may have expired -- Verify the certificate path and confirm that you have the correct intermediate and root CA certificates -- View the certificate keys stored in the device TPM +> **Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you: +> - View a summary of all personal certificates +> - View the details of individual certificates +> - View the certificates used for VPN, Wi-Fi, and email authentication +> - Identify which certificates may have expired +> - Verify the certificate path and confirm that you have the correct intermediate and root CA certificates +> - View the certificate keys stored in the device TPM ### Wi-Fi profiles @@ -708,7 +711,7 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au Wi-Fi Device is connected to a personal or corporate Wi-Fi network (no data charges) Yes -Yes/td> +Yes/td> Yes Yes – outside of Active Hours (forced restart after 7 days if user postpones restart) @@ -768,7 +771,7 @@ Update availability depends on what servicing option you choose for the device. Windows Insider Builds As appropriate during development cycle, released to Windows Insiders only Variable, until the next Insider build is released to Windows Insiders -Allows Insiders to test new feature and application compatibility before a Feature Update is released/td> +Allows Insiders to test new feature and application compatibility before a Feature Update is released/td> Mobile @@ -776,7 +779,7 @@ Update availability depends on what servicing option you choose for the device. Immediately after the Feature Update is published to Windows Update by Microsoft Microsoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer) Makes new features available to users as soon as possible -Mobile & Mobile Enterprise +Mobile & Mobile Enterprise Current Branch for Business (CBB) diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md index 797e4ea336..afcec998a5 100644 --- a/windows/client-management/windows-10-support-solutions.md +++ b/windows/client-management/windows-10-support-solutions.md @@ -1,11 +1,13 @@ --- title: Top support solutions for Windows 10 +ms.reviewer: +manager: dansimp description: Get links to solutions for Windows 10 issues ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.author: elizapo -author: kaushika-msft +ms.author: dansimp +author: dansimp ms.localizationpriority: medium ms.topic: troubleshooting --- diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md index 10f9efd44b..c6dc6eab15 100644 --- a/windows/client-management/windows-libraries.md +++ b/windows/client-management/windows-libraries.md @@ -1,12 +1,14 @@ --- ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2 +ms.reviewer: +manager: dansimp title: Windows Libraries ms.prod: windows-server-threshold -ms.author: jgerend +ms.author: dansimp ms.manager: dongill ms.technology: storage ms.topic: article -author: jasongerend +author: dansimp description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures. ms.date: 04/19/2017 --- diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md index ca022c045d..63dd4a3abe 100644 --- a/windows/client-management/windows-version-search.md +++ b/windows/client-management/windows-version-search.md @@ -5,9 +5,11 @@ keywords: Long-Term Servicing Channel, LTSC, LTSB, Semi-Annual Channel, SAC, Win ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: kaushika-msft -ms.author: MikeBlodge +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp ms.topic: troubleshooting --- diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 6be8931eeb..c0ad05a8bd 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -79,6 +79,7 @@ #### [DeviceFormFactor](wcd/wcd-deviceformfactor.md) #### [DeviceInfo](wcd/wcd-deviceinfo.md) #### [DeviceManagement](wcd/wcd-devicemanagement.md) +#### [DeviceUpdateCenter](wcd/wcd-deviceupdatecenter.md) #### [DMClient](wcd/wcd-dmclient.md) #### [EditionUpgrade](wcd/wcd-editionupgrade.md) #### [EmbeddedLockdownProfiles](wcd/wcd-embeddedlockdownprofiles.md) @@ -102,6 +103,7 @@ #### [OtherAssets](wcd/wcd-otherassets.md) #### [Personalization](wcd/wcd-personalization.md) #### [Policies](wcd/wcd-policies.md) +#### [Privacy](wcd/wcd-privacy.md) #### [ProvisioningCommands](wcd/wcd-provisioningcommands.md) #### [RcsPresence](wcd/wcd-rcspresence.md) #### [SharedPC](wcd/wcd-sharedpc.md) @@ -110,11 +112,13 @@ #### [Start](wcd/wcd-start.md) #### [StartupApp](wcd/wcd-startupapp.md) #### [StartupBackgroundTasks](wcd/wcd-startupbackgroundtasks.md) +#### [StorageD3InModernStandby](wcd/wcd-storaged3inmodernstandby.md) #### [SurfaceHubManagement](wcd/wcd-surfacehubmanagement.md) #### [TabletMode](wcd/wcd-tabletmode.md) #### [TakeATest](wcd/wcd-takeatest.md) #### [TextInput](wcd/wcd-textinput.md) -#### [Theme](wcd/wcd-theme.md) +#### [Theme](wcd/wcd-theme.md) +#### [Time](wcd/wcd-time.md) #### [UnifiedWriteFilter](wcd/wcd-unifiedwritefilter.md) #### [UniversalAppInstall](wcd/wcd-universalappinstall.md) #### [UniversalAppUninstall](wcd/wcd-universalappuninstall.md) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 1bee65476e..6e4fc5d47e 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -1,5 +1,7 @@ --- title: Change history for Configure Windows 10 (Windows 10) +ms.reviewer: +manager: dansimp description: This topic lists changes to documentation for configuring Windows 10. keywords: ms.prod: w10 @@ -7,8 +9,8 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article --- @@ -158,10 +160,9 @@ New or changed topic | Description ## October 2017 -New or changed topic | Description ---- | --- -[Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access | Removed **Guidelines for using Remote Desktop app**; the behavior for Remote Desktop has changed so that it's no longer necessary to turn off **Start connections in full screen** for assigned access. - +| New or changed topic | Description | +|---------------------------------------------------------------------------------------------|----------------------------------------------------------------| +| [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access | ## RELEASE: Windows 10, version 1709 @@ -174,6 +175,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also ## September 2017 + |New or changed topic | Description| |--- | ---| |[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.| @@ -189,6 +191,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also ## July 2017 + | New or changed topic | Description | | --- | --- | |[Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md)|Updated categories and included diagnostic data.| @@ -230,4 +233,4 @@ The topics in this library have been updated for Windows 10, version 1703 (also - [Add image for secondary tiles](start-secondary-tiles.md) - [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md) - [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -- [Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md) \ No newline at end of file +- [Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md) diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index 603ee4e60e..0a333370c9 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -2,12 +2,14 @@ title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10) description: Windows 10 has a brand new Start experience. ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F +ms.reviewer: +manager: dansimp keywords: ["group policy", "start menu", "start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: coreyp-at-msft -ms.author: coreyp +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 11/28/2017 @@ -58,7 +60,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an Prevent users from customizing their Start Screen -

                                    Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it

                                    +

                                    Use this policy in conjunction with a customized Start layout to prevent users from changing it

                                    Prevent users from uninstalling applications from Start @@ -96,7 +98,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an Start Layout

                                    This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in User Configuration or Computer Configuration.

                                    -  +
                                    @@ -106,7 +108,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an -  + ## Deprecated Group Policy settings for Start @@ -142,7 +144,7 @@ The Start policy settings listed below do not work on Windows 10. Most of them | Remove user folder link from Start Menu | Windows 8 | | Remove Videos link from Start Menu | Windows 8 | -  + ## Related topics diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md index 6d89596e32..4389cbd5e6 100644 --- a/windows/configuration/configure-windows-10-taskbar.md +++ b/windows/configuration/configure-windows-10-taskbar.md @@ -5,11 +5,13 @@ keywords: ["taskbar layout","pin apps"] ms.prod: W10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 01/18/2018 +ms.reviewer: +manager: dansimp --- # Configure Windows 10 taskbar @@ -25,7 +27,7 @@ If you specify an app to be pinned that is not provisioned for the user on the c The order of apps in the XML file dictates the order of pinned apps on the taskbar from left to right, to the right of any existing apps pinned by the user. > [!NOTE] -> In operating systems configured to use a right-to-left language, the taskbar order will be reversed. +> In operating systems configured to use a right-to-left language, the taskbar order will be reversed. The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using the XML file to the right (green square). @@ -55,11 +57,11 @@ The following example shows how apps will be pinned: Windows default apps to the In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. The easiest way to find this data for an application is to: -1. Pin the application to the Start menu on a reference or testing PC. -2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet. -3. Open the generated XML file. -4. Look for an entry corresponding to the app you pinned. -5. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`. +1. Pin the application to the Start menu on a reference or testing PC. +2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet. +3. Open the generated XML file. +4. Look for an entry corresponding to the app you pinned. +5. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`. ### Sample taskbar configuration XML file @@ -115,7 +117,7 @@ The easiest way to find this data for an application is to: ``` -##Keep default apps and add your own +## Keep default apps and add your own The `` section will append listed apps to the taskbar by default. The following sample keeps the default apps pinned and adds pins for Paint, Microsoft Reader, and a command prompt. @@ -143,7 +145,7 @@ The `` section will append listed apps to the tas ![default apps pinned to taskbar](images/taskbar-default.png) **After:** - + ![additional apps pinned to taskbar](images/taskbar-default-plus.png) ## Remove default apps and add your own @@ -170,7 +172,6 @@ If you only want to remove some of the default pinned apps, you would use this m - ``` **Before:** @@ -201,7 +202,6 @@ By adding `PinListPlacement="Replace"` to ``, you - ``` ## Configure taskbar by country or region @@ -246,7 +246,6 @@ The following example shows you how to configure taskbars by country or region. - ``` When the preceding example XML file is applied, the resulting taskbar for computers in the US or UK: diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md index 87b669a2b7..73ee1abcef 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md @@ -4,10 +4,12 @@ description: How to set up Cortana to help your salespeople get proactive insigh ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization @@ -59,4 +61,4 @@ Cortana can only access data in Dynamics CRM when it’s turned on. If you don 3. Click **No** for **Cortana**. - All Dynamics CRM functionality related to Cortana is turned off in your organization. \ No newline at end of file + All Dynamics CRM functionality related to Cortana is turned off in your organization. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md index 69ffb98a5a..8def5a04c7 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md @@ -4,10 +4,12 @@ description: How to send feedback to Microsoft about Cortana at work. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Send feedback about Cortana at work back to Microsoft diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index 87687737c8..30bfd1ac31 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -4,10 +4,12 @@ description: How to connect Cortana to Office 365 so your employees are notified ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Set up and test Cortana with Office 365 in your organization diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md index 48db68727b..b3077aeaf7 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md @@ -1,12 +1,14 @@ --- title: Cortana integration in your business or enterprise (Windows 10) +ms.reviewer: +manager: dansimp description: The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: dansimp ms.localizationpriority: medium -ms.author: elizapo +ms.author: dansimp --- # Cortana integration in your business or enterprise diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md index d23b889cf3..8c6f2186a3 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md @@ -4,10 +4,12 @@ description: The list of Group Policy and mobile device management (MDM) policy ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md index 708c34ef54..b0dd7c40b5 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md @@ -4,10 +4,12 @@ description: How to integrate Cortana with Power BI to help your employees get a ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Set up and test Cortana for Power BI in your organization diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md index 39c1c8f716..8842961ced 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md @@ -4,10 +4,12 @@ description: A test scenario walking you through signing in and managing the not ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook @@ -23,24 +25,24 @@ This scenario turns on Azure AD and let's your employee use Cortana to manage an ## Turn on Azure AD This process helps you to sign out of a Microsoft Account and to sign into an Azure AD account. -1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, and then click **About Me**. +1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, and then click **About Me**. -2. Click your email address. +2. Click your email address. - A dialog box appears, showing the associated account info. + A dialog box appears, showing the associated account info. -3. Click your email address again, and then click **Sign out**. +3. Click your email address again, and then click **Sign out**. - This signs out the Microsoft account, letting you continue to add and use the Azure AD account. + This signs out the Microsoft account, letting you continue to add and use the Azure AD account. -4. Click the **Search** box and then the **Notebook** icon in the left rail. This will start the sign-in request. +4. Click the **Search** box and then the **Notebook** icon in the left rail. This will start the sign-in request. -5. Click **Sign-In** and follow the instructions. +5. Click **Sign-In** and follow the instructions. -6. When you’re asked to sign in, you’ll need to choose an Azure AD account, which will look like kelliecarlson@contoso.com. +6. When you’re asked to sign in, you’ll need to choose an Azure AD account, which will look like kelliecarlson@contoso.com. - >[!IMPORTANT] - >If there’s no Azure AD account listed, you’ll need to go to **Windows Settings > Accounts > Email & app accounts**, and then click **Add a work or school account** to add it. + >[!IMPORTANT] + >If there’s no Azure AD account listed, you’ll need to go to **Windows Settings > Accounts > Email & app accounts**, and then click **Add a work or school account** to add it. ## Use Cortana to manage the notebook content This process helps you to manage the content Cortana shows in your Notebook. @@ -55,4 +57,4 @@ This process helps you to manage the content Cortana shows in your Notebook. 4. Click on the **Home** icon and scroll to the weather forecast for Redmond, Washington. - ![Cortana at work, showing Redmond, WA weather](../images/cortana-redmond-weather.png) \ No newline at end of file + ![Cortana at work, showing Redmond, WA weather](../images/cortana-redmond-weather.png) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md index 74d00b3cd5..27a951f3bc 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md @@ -4,10 +4,12 @@ description: A test scenario about how to perform a quick search with Cortana at ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 2 - Perform a quick search with Cortana at work @@ -38,4 +40,4 @@ This process helps you to use Cortana at work and voice commands to perform a qu 2. Say *What's the weather in Chicago?* Cortana tells you and shows you the current weather in Chicago. - ![Cortana at work, showing the current weather in Chicago, IL](../images/cortana-chicago-weather.png) \ No newline at end of file + ![Cortana at work, showing the current weather in Chicago, IL](../images/cortana-chicago-weather.png) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md index 88f31d07d2..f01109a686 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md @@ -4,10 +4,12 @@ description: A test scenario about how to set a location-based reminder using Co ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 3 - Set a reminder for a specific location using Cortana at work @@ -83,4 +85,4 @@ This process helps you to edit or archive and existing or completed reminder. ![Cortana at work, showing the reminder editing screen](../images/cortana-reminder-edit.png) -3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click **Save** to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**. \ No newline at end of file +3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click **Save** to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md index 184c16fa77..4a461ce194 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md @@ -4,10 +4,12 @@ description: A test scenario about how to use Cortana at work to find your upcom ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 4 - Use Cortana at work to find your upcoming meetings diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md index 69e38ea1d0..fa8db5b62f 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md @@ -4,10 +4,12 @@ description: A test scenario about how to use Cortana at work to send email to a ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 5 - Use Cortana to send email to a co-worker @@ -54,4 +56,4 @@ This process helps you to use Cortana at work and voice commands to send a quick The email is sent. - ![Cortana at work, showing the sent email text](../images/cortana-complete-send-email-coworker-mic.png) \ No newline at end of file + ![Cortana at work, showing the sent email text](../images/cortana-complete-send-email-coworker-mic.png) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md index 3d69e943de..65a1d5f319 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md @@ -4,10 +4,12 @@ description: A test scenario about how to use Cortana with the Suggested reminde ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md index 9806b45881..2a804ea6f2 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md @@ -4,10 +4,12 @@ description: An optional test scenario about how to use Cortana at work with Win ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md index ad3c006e0f..936f8b5788 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md @@ -4,10 +4,12 @@ description: A list of suggested testing scenarios that you can use to test Cort ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Testing scenarios using Cortana in your business or organization @@ -33,4 +35,4 @@ We've come up with a list of suggested testing scenarios that you can use to tes - [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md) >[!IMPORTANT] ->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. \ No newline at end of file +>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md index 45b4cb5e6f..af76d42aea 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md @@ -4,10 +4,12 @@ description: How to create voice commands that use Cortana to perform voice-enab ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: dougkim +ms.author: dansimp ms.date: 10/05/2017 +ms.reviewer: +manager: dansimp --- # Set up and test custom voice commands in Cortana for your organization diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index 1232a8f3f0..53cd1f9039 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -2,12 +2,14 @@ title: Customize and export Start layout (Windows 10) description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout. ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236 +ms.reviewer: +manager: dansimp keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 09/18/2018 @@ -33,7 +35,7 @@ When [a partial Start layout](#configure-a-partial-start-layout) is applied, the >[!NOTE] >Partial Start layout is only supported on Windows 10, version 1511 and later. -  + You can deploy the resulting .xml file to devices using one of the following methods: @@ -83,7 +85,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a ## Export the Start layout -When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. +When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\ >[!IMPORTANT] >If you include secondary Microsoft Edge tiles (tiles that link to specific websites in Microsoft Edge), see [Add custom images to Microsoft Edge secondary tiles](start-secondary-tiles.md) for instructions. @@ -155,6 +157,8 @@ When you have the Start layout that you want your users to see, use the [Export- >* If you place executable files or scripts in the \ProgramData\Microsoft\Windows\Start Menu\Programs folder, they will not pin to Start. > >* Start on Windows 10 does not support subfolders. We only support one folder. For example, \ProgramData\Microsoft\Windows\Start Menu\Programs\Folder. If you go any deeper than one folder, Start will compress the contents of all the subfolder to the top level. +> +>* Three additional shortcuts are pinned to the start menu after the export. These are shortcuts to %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs, %APPDATA%\Microsoft\Windows\Start Menu\Programs, and %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\. ## Configure a partial Start layout diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 23079316c5..5caeb82469 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -2,13 +2,15 @@ title: Customize Windows 10 Start and tasbkar with Group Policy (Windows 10) description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain. ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545 +ms.reviewer: +manager: dansimp keywords: ["Start layout", "start menu", "layout", "group policy"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 11/15/2017 --- @@ -26,10 +28,10 @@ In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object This topic describes how to update Group Policy settings to display a customized Start and taskbar layout when the users sign in. By creating a domain-based GPO with these settings, you can deploy a customized Start and taskbar layout to users in a domain. ->[!WARNING]   +>[!WARNING] >When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. When you apply a taskbar layout, users will still be able to pin and unpin apps, and change the order of pinned apps. -  + **Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) @@ -47,17 +49,17 @@ Three features enable Start and taskbar layout control: - The [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - >[!NOTE]   + >[!NOTE] >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. - [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. - In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case. ->[!NOTE]   +>[!NOTE] >To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863). -  + ## Use Group Policy to apply a customized Start layout in a domain @@ -77,7 +79,7 @@ For information about deploying GPOs in a domain, see [Working with Group Policy You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**. ->[!NOTE]   +>[!NOTE] >This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment). > >This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10. @@ -87,32 +89,32 @@ This procedure adds the customized Start and taskbar layout to the user configur **To configure Start Layout policy settings in Local Group Policy Editor** -1. On the test computer, press the Windows key, type **gpedit**, and then select **Edit group policy (Control panel)**. +1. On the test computer, press the Windows key, type **gpedit**, and then select **Edit group policy (Control panel)**. -2. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**. +2. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**. - ![start screen layout policy settings](images/starttemplate.jpg) + ![start screen layout policy settings](images/starttemplate.jpg) -3. Right-click **Start Layout** in the right pane, and click **Edit**. +3. Right-click **Start Layout** in the right pane, and click **Edit**. - This opens the **Start Layout** policy settings. + This opens the **Start Layout** policy settings. - ![policy settings for start screen layout](images/startlayoutpolicy.jpg) + ![policy settings for start screen layout](images/startlayoutpolicy.jpg) -4. Enter the following settings, and then click **OK**: +4. Enter the following settings, and then click **OK**: - 1. Select **Enabled**. + 1. Select **Enabled**. - 2. Under **Options**, specify the path to the .xml file that contains the Start and taskbar layout. For example, type **C:\\Users\\Test01\\StartScreenMarketing.xml**. + 2. Under **Options**, specify the path to the .xml file that contains the Start and taskbar layout. For example, type **C:\\Users\\Test01\\StartScreenMarketing.xml**. - 3. Optionally, enter a comment to identify the Start and taskbar layout. + 3. Optionally, enter a comment to identify the Start and taskbar layout. - >[!IMPORTANT]   - >If you disable Start Layout policy settings that have been in effect and then re-enable the policy, users will not be able to make changes to Start, however the layout in the .xml file will not be reapplied unless the file has been updated. In Windows PowerShell, you can update the timestamp on a file by running the following command: + > [!IMPORTANT] + > If you disable Start Layout policy settings that have been in effect and then re-enable the policy, users will not be able to make changes to Start, however the layout in the .xml file will not be reapplied unless the file has been updated. In Windows PowerShell, you can update the timestamp on a file by running the following command: + > + > `(ls ).LastWriteTime = Get-Date` - >`(ls ).LastWriteTime = Get-Date` - -   + ## Update a customized Start layout @@ -130,8 +132,8 @@ After you use Group Policy to apply a customized Start and taskbar layout on a c - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -  -  + + diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md index 2edbb87a07..f01c3b9f44 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md @@ -2,13 +2,15 @@ title: Customize Windows 10 Start and taskbar with mobile device management (MDM) (Windows 10) description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and tasbkar layout to users. ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4 +ms.reviewer: +manager: dansimp keywords: ["start screen", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.topic: article -ms.author: jdecker +ms.author: dansimp ms.localizationpriority: medium ms.date: 02/08/2018 --- @@ -30,10 +32,10 @@ In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can us **Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions. ->[!WARNING]  +>[!WARNING] >When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. -  + ## How Start layout control works @@ -42,10 +44,10 @@ Two features enable Start layout control: - The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - >[!NOTE]   + >[!NOTE] >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. -   + - In Microsoft Intune, you select the Start layout XML file and add it to a device configuration profile. @@ -90,9 +92,9 @@ For other MDM solutions, you may need to use an OMA-URI setting for Start layout - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -  + -  + diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md index 9fcf13b975..56de2504c6 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md @@ -2,12 +2,14 @@ title: Customize Windows 10 Start and tasbkar with provisioning packages (Windows 10) description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users. ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC +ms.reviewer: +manager: dansimp keywords: ["Start layout", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 11/15/2017 @@ -37,7 +39,7 @@ Three features enable Start and taskbar layout control: - The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - >[!NOTE]   + >[!NOTE] >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. - [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. @@ -138,9 +140,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -  + -  + diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index bd41749bd6..e2e249e9d1 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -20,7 +20,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -31,24 +31,24 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.author": "jdecker", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-configuration", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "ms.author": "jdecker", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-configuration", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], "dest": "win-configuration", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md index d765f93e06..2e441e90d2 100644 --- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md +++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md @@ -1,8 +1,10 @@ --- title: Find the Application User Model ID of an installed app +ms.reviewer: +manager: dansimp description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.prod: w10 diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index fdbc8f522a..fa57936276 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -5,11 +5,13 @@ keywords: ["kiosk", "lockdown", "assigned access"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Guidelines for choosing an app for assigned access (kiosk mode) @@ -17,7 +19,7 @@ ms.date: 10/02/2018 **Applies to** -- Windows 10 +- Windows 10 You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience. @@ -74,22 +76,22 @@ Enable Home Button | Show a Home button in Kiosk Browser. Home will return the b Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. ->[!IMPORTANT] ->To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: -> +> [!IMPORTANT] +> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: +> > 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer. ->2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). ->3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). ->4. Save the XML file. ->5. Open the project again in Windows Configuration Designer. ->6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. - - ->[!TIP] ->To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](https://docs.microsoft.com/intune/custom-settings-windows-10) with the following information: ->- OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton ->- Data type: Integer ->- Value: 1 +> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). +> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). +> 4. Save the XML file. +> 5. Open the project again in Windows Configuration Designer. +> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. +> +> +> [!TIP] +> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](https://docs.microsoft.com/intune/custom-settings-windows-10) with the following information: +> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton +> - Data type: Integer +> - Value: 1 #### Rules for URLs in Kiosk Browser settings @@ -115,7 +117,7 @@ Additional guidelines for URLs: The following table describes the results for different combinations of blocked URLs and blocked URL exceptions. -Blocked URL rule | Block URL exception rule | Result +Blocked URL rule | Block URL exception rule | Result --- | --- | --- `*` | `contoso.com`
                                    `fabrikam.com` | All requests are blocked unless it is to contoso.com, fabrikam.com, or any of their subdomains. `contoso.com` | `mail.contoso.com`
                                    `.contoso.com`
                                    `.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. @@ -123,18 +125,19 @@ Blocked URL rule | Block URL exception rule | Result The following table gives examples for blocked URLs. -Entry | Result ---- | --- -`contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com -`https://*` | Blocks all HTTPS requests to any domain. -`mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com -`.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. -`.www.contoso.com` | Blocks www.contoso.com but not its subdomains. -`*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. -`*:8080` | Blocks all requests to port 8080. -`contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. -`192.168.1.2` | Blocks requests to 192.168.1.2. -`youtube.com/watch?v=V1` | Blocks youtube video with id V1. + +| Entry | Result | +|--------------------------|-------------------------------------------------------------------------------| +| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com | +| `https://*` | Blocks all HTTPS requests to any domain. | +| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com | +| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. | +| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. | +| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. | +| `*:8080` | Blocks all requests to port 8080. | +| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. | +| `192.168.1.2` | Blocks requests to 192.168.1.2. | +| `youtube.com/watch?v=V1` | Blocks youtube video with id V1. | ### Other browsers @@ -144,7 +147,7 @@ You can create your own web browser Windows app by using the WebView class. Lear - [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/) - [WebView class](https://msdn.microsoft.com/library/windows/apps/windows.ui.xaml.controls.webview.aspx) - [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0) - + ## Secure your information @@ -170,7 +173,7 @@ The above guidelines may help you select or develop an appropriate Windows app f -  + diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index 81a9ba0ecf..aa203bd090 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -2,11 +2,14 @@ title: More kiosk methods and reference information (Windows 10) description: Find more information for configuring, validating, and troubleshooting kiosk configuration. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.topic: reference --- diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md index f769ca9fe4..33cf15dabb 100644 --- a/windows/configuration/kiosk-mdm-bridge.md +++ b/windows/configuration/kiosk-mdm-bridge.md @@ -2,11 +2,14 @@ title: Use MDM Bridge WMI Provider to create a Windows 10 kiosk (Windows 10) description: Environments that use Windows Management Instrumentation (WMI)can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 11/07/2018 ms.topic: article diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 82aa4dc94f..c319385e70 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -1,12 +1,15 @@ --- title: Configure kiosks and digital signs on Windows desktop editions (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Learn about the methods for configuring kiosks. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms +author: dansimp ms.topic: article --- diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md index ace4d35ec9..a523b64e83 100644 --- a/windows/configuration/kiosk-policies.md +++ b/windows/configuration/kiosk-policies.md @@ -2,15 +2,17 @@ title: Policies enforced on kiosk devices (Windows 10) description: Learn about the policies enforced on a device when you configure it as a kiosk. ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 +ms.reviewer: +manager: dansimp keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 07/30/2018 -ms.author: jdecker +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 436a96f0a8..7475992145 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -2,11 +2,14 @@ title: Prepare a device for kiosk configuration (Windows 10) description: Some tips for device settings on kiosks. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.topic: article --- @@ -57,36 +60,39 @@ Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk i In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in. +>[!NOTE] +>If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile. + >[!TIP] >If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. **How to edit the registry to have an account sign in automatically** -1. Open Registry Editor (regedit.exe). +1. Open Registry Editor (regedit.exe). - >[!NOTE]   - >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002). -   + >[!NOTE] + >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002). + -2. Go to +2. Go to - **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon** + **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon** -3. Set the values for the following keys. +3. Set the values for the following keys. - - *AutoAdminLogon*: set value as **1**. + - *AutoAdminLogon*: set value as **1**. - - *DefaultUserName*: set value as the account that you want signed in. + - *DefaultUserName*: set value as the account that you want signed in. - - *DefaultPassword*: set value as the password for the account. + - *DefaultPassword*: set value as the password for the account. - > [!NOTE] - > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**. + > [!NOTE] + > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**. - - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key. + - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key. -4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically. +4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically. >[!TIP] >You can also configure automatic sign-in [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon). @@ -114,7 +120,7 @@ The following table describes some features that have interoperability issues we

                                    Accessibility

                                    Assigned access does not change Ease of Access settings.

                                    -

                                    We recommend that you use [Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:

                                    +

                                    We recommend that you use Keyboard Filter to block the following key combinations that bring up accessibility features:

                                    @@ -145,13 +151,13 @@ The following table describes some features that have interoperability issues we - + - - + + - - + + - - + + - - + + +

                                    Learn how to use Shell Launcher to create a kiosk device that runs a Windows desktop application.

                                    - - + + - - + + - + +

                                    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a custom OMA-URI setting for AboveLock/AllowActionCenterNotifications.

                                    - - + + - + - - + + +

                                    Learn how to use Assigned Access to create a kiosk device that runs a Universal Windows app.

                                    - + - + - - + + - - + +

                                    Assigned access Windows PowerShell cmdlets

                                    In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see [Assigned access Windows PowerShell reference](https://docs.microsoft.com/powershell/module/assignedaccess/?view=win10-ps).

                                    In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see Assigned access Windows PowerShell reference.

                                    Key sequences blocked by assigned access

                                    When in assigned access, some key combinations are blocked for assigned access users.

                                    -

                                    Alt+F4, Alt+Shift+TaB, Alt+Tab are not blocked by Assigned Access, it is recommended you use [Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.

                                    -

                                    Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](https://docs.microsoft.com/windows-hardware/customize/enterprise/wekf-settings).

                                    +

                                    Alt+F4, Alt+Shift+TaB, Alt+Tab are not blocked by Assigned Access, it is recommended you use Keyboard Filter to block these key combinations.

                                    +

                                    Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in WEKF_Settings.

                                    @@ -210,30 +216,30 @@ The following table describes some features that have interoperability issues we

                                    Keyboard Filter settings apply to other standard accounts.

                                    - - + +

                                    For more information on removing the power button or disabling the physical power button, see Custom Logon.

                                    +

                                    For more information, see Unified Write Filter.

                                    +

                                    If you need to use assigned access API, see WEDL_AssignedAccess.

                                    +

                                    For more information, see Custom Logon.

                                    Key sequences blocked by [Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter)

                                    If Keyboard Filter is turned ON then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter) reference topic.

                                    -

                                    [Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows 10 Enterprise or Windows 10 Education.

                                    +

                                    Key sequences blocked by Keyboard Filter

                                    If Keyboard Filter is turned ON then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the Keyboard Filter reference topic.

                                    +

                                    Keyboard Filter is only available on Windows 10 Enterprise or Windows 10 Education.

                                    Power button

                                    Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it is in assigned access.

                                    -

                                    For more information on removing the power button or disabling the physical power button, see [Custom Logon](https://docs.microsoft.com/windows-hardware/customize/enterprise/custom-logon).

                                    Unified Write Filter (UWF)

                                    UWFsettings apply to all users, including those with assigned access.

                                    -

                                    For more information, see [Unified Write Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/unified-write-filter).

                                    WEDL_AssignedAccess class

                                    Although you can use this class to configure and manage basic lockdown features for assigned access, we recommend that you use the Windows PowerShell cmdlets instead.

                                    -

                                    If you need to use assigned access API, see [WEDL_AssignedAccess](whttps://docs.microsoft.com/windows-hardware/customize/enterprise/wedl-assignedaccess).

                                    Welcome Screen

                                    Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.

                                    -

                                    For more information, see [Custom Logon](https://docs.microsoft.com/windows-hardware/customize/enterprise/custom-logon).
                                    diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 308da89102..1e484e0795 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -2,11 +2,14 @@ title: Use Shell Launcher to create a Windows 10 kiosk (Windows 10) description: Shell Launcher lets you change the default shell that launches when a user signs in to a device. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 18eee13ef9..89c720dbc9 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -2,11 +2,14 @@ title: Set up a single-app kiosk (Windows 10) description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 01/09/2019 ms.topic: article @@ -201,14 +204,14 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des - - - - - - - - + + + + + + + +
                                    ![step one](images/one.png)![set up device](images/set-up-device.png)

                                    Enable device setup if you want to configure settings on this page.

                                    **If enabled:**

                                    Enter a name for the device.

                                    (Optional) Select a license file to upgrade Windows 10 to a different edition. [See the permitted upgrades.](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades)

                                    Toggle **Configure devices for shared use** off. This setting optimizes Windows 10 for shared use scenarios and isn't necessary for a kiosk scenario.

                                    You can also select to remove pre-installed software from the device.                                     		![device name, upgrade to enterprise, shared use, remove pre-installed software](images/set-up-device-details.png)
                                    ![step two](images/two.png) ![set up network](images/set-up-network.png)

                                    Enable network setup if you want to configure settings on this page.

                                    **If enabled:**

                                    Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.                                    		![Enter network SSID and type](images/set-up-network-details.png)
                                    ![step three](images/three.png) ![account management](images/account-management.png)

                                    Enable account management if you want to configure settings on this page.

                                    **If enabled:**

                                    You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                                    To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

                                    **Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.

                                    To create a local administrator account, select that option and enter a user name and password.

                                    **Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                                     		![join Active Directory, Azure AD, or create a local admin account](images/account-management-details.png)
                                    ![step four](images/four.png) ![add applications](images/add-applications.png)

                                    You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)

                                    **Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application.                                     		![add an application](images/add-applications-details.png)
                                    ![step five](images/five.png) ![add certificates](images/add-certificates.png)

                                    To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.                                    		![add a certificate](images/add-certificates-details.png)
                                    ![step six](images/six.png) ![Configure kiosk account and app](images/kiosk-account.png)

                                    You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.

                                    If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.)

                                    In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.                                    		![Configure kiosk account and app](images/kiosk-account-details.png)
                                    ![step seven](images/seven.png) ![configure kiosk common settings](images/kiosk-common.png)

                                    On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.                                    		![set tablet mode and configure welcome and shutdown and turn off timeout settings](images/kiosk-common-details.png)
                                    ![finish](images/finish.png)

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		![Protect your package](images/finish-details.png)
                                    step oneset up device

                                    Enable device setup if you want to configure settings on this page.

                                    If enabled:

                                    Enter a name for the device.

                                    (Optional) Select a license file to upgrade Windows 10 to a different edition. See the permitted upgrades.

                                    Toggle Configure devices for shared use off. This setting optimizes Windows 10 for shared use scenarios and isn't necessary for a kiosk scenario.

                                    You can also select to remove pre-installed software from the device.                                     		device name, upgrade to enterprise, shared use, remove pre-installed software
                                    step two set up network

                                    Enable network setup if you want to configure settings on this page.

                                    If enabled:

                                    Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                                    		Enter network SSID and type
                                    step three account management

                                    Enable account management if you want to configure settings on this page.

                                    If enabled:

                                    You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                                    To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

                                    Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.

                                    To create a local administrator account, select that option and enter a user name and password.

                                    Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                                     		join Active Directory, Azure AD, or create a local admin account
                                    step four add applications

                                    You can provision the kiosk app in the Add applications step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see Provision PCs with apps

                                    Warning: If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in Installer Path, and then a Cancel button becomes available, allowing you to complete the provisioning package without an application.                                     		add an application
                                    step five add certificates

                                    To provision the device with a certificate for the kiosk app, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.                                    		add a certificate
                                    step six Configure kiosk account and app

                                    You can create a local standard user account that will be used to run the kiosk app. If you toggle No, make sure that you have an existing user account to run the kiosk app.

                                    If you want to create an account, enter the user name and password, and then toggle Yes or No to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational.)

                                    In Configure the kiosk mode app, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.                                    		Configure kiosk account and app
                                    step seven configure kiosk common settings

                                    On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.                                    		set tablet mode and configure welcome and shutdown and turn off timeout settings
                                    finish

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		Protect your package
                                    @@ -227,7 +230,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des -  + @@ -260,7 +263,7 @@ If you press **Ctrl + Alt + Del** and do not sign in to another account, after a To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal. -  + diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md index 321d899394..6a42e81700 100644 --- a/windows/configuration/kiosk-troubleshoot.md +++ b/windows/configuration/kiosk-troubleshoot.md @@ -2,14 +2,16 @@ title: Troubleshoot kiosk mode issues (Windows 10) description: Tips for troubleshooting multi-app kiosk configuration. ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 +ms.reviewer: +manager: dansimp keywords: ["lockdown", "app restrictions"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md index 4e2e579d33..ea34adf834 100644 --- a/windows/configuration/kiosk-validate.md +++ b/windows/configuration/kiosk-validate.md @@ -2,11 +2,14 @@ title: Validate kiosk configuration (Windows 10) description: This topic explains what to expect on a multi-app kiosk. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 07/30/2018 ms.topic: article @@ -25,7 +28,7 @@ Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applic To test the kiosk, sign in with the assigned access user account you specified in the configuration to check out the multi-app experience. ->[!NOTE] +>[!NOTE] >The kiosk configuration setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience. The following sections explain what to expect on a multi-app kiosk. diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index 93ac3c9bf4..f2ab6d4bd9 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -2,15 +2,17 @@ title: Assigned Access configuration kiosk XML reference (Windows 10) description: XML and XSD for kiosk device configuration. ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 +ms.reviewer: +manager: dansimp keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 10/02/2018 -ms.author: jdecker +ms.author: dansimp ms.topic: article --- @@ -378,4 +380,4 @@ ms.topic: article -``` \ No newline at end of file +``` diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md index 876d2a663d..ba2f56b8f5 100644 --- a/windows/configuration/lock-down-windows-10-applocker.md +++ b/windows/configuration/lock-down-windows-10-applocker.md @@ -2,15 +2,17 @@ title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10) description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 +ms.reviewer: +manager: dansimp keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 07/30/2018 -ms.author: jdecker +ms.author: dansimp ms.topic: article --- @@ -112,11 +114,11 @@ In addition to specifying the apps that users can run, you should also restrict **Note**   To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**. -   + To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442). ## Customize Start screen layout for the device (recommended) -Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md). \ No newline at end of file +Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md). diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 74acffcf3a..bc31032e3e 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -1,16 +1,18 @@ --- title: Set up a multi-app kiosk (Windows 10) -description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps. +description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps. ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8 +ms.reviewer: +manager: dansimp keywords: ["lockdown", "app restrictions", "applocker"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 01/09/2019 -ms.author: jdecker +ms.author: dansimp ms.topic: article --- @@ -19,20 +21,18 @@ ms.topic: article **Applies to** -- Windows 10 Pro, Enterprise, and Education +- Windows 10 Pro, Enterprise, and Education A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. The following table lists changes to multi-app kiosk in recent updates. -New features and improvements | In update ---- | --- -- Configure [a single-app kiosk profile](#profile) in your XML file

                                    - Assign [group accounts to a config profile](#config-for-group-accounts)

                                    - Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 -- Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)

                                    - [Automatically launch an app](#allowedapps) when the user signs in

                                    - Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809

                                    **Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. - - +| New features and improvements | In update | +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| - Configure [a single-app kiosk profile](#profile) in your XML file

                                    - Assign [group accounts to a config profile](#config-for-group-accounts)

                                    - Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 | +| - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)

                                    - [Automatically launch an app](#allowedapps) when the user signs in

                                    - Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809

                                    **Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. | >[!WARNING] >The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access. @@ -85,7 +85,7 @@ Let's start by looking at the basic structure of the XML file. - A profile has no effect if it’s not associated to a config section. ![profile = app and config = account](images/profile-config.png) - + You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. You can see a full sample version in the [Assigned access XML reference.](kiosk-xml.md) ```xml @@ -162,8 +162,8 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**: -1. Default rule is to allow all users to launch the signed package apps. -2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. +1. Default rule is to allow all users to launch the signed package apps. +2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. >[!NOTE] >You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration. @@ -172,26 +172,25 @@ When the mult-app kiosk configuration is applied to a device, AppLocker rules wi Here are the predefined assigned access AppLocker rules for **desktop apps**: -1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. -2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. -3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list. +1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. +2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. +3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list. The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in. -```xml - - - - - - - - - - - -``` +xml +<AllAppsList> + <AllowedApps> + <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> + <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> + <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> + <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> + <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> + <App DesktopAppPath="%windir%\system32\mspaint.exe" /> + <App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="123.txt"/> + </AllowedApps> +</AllAppsList> ##### FileExplorerNamespaceRestrictions @@ -279,13 +278,13 @@ The following example exposes the taskbar to the end user: ```xml ``` - + The following example hides the taskbar: ```xml ``` - + >[!NOTE] >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. @@ -355,14 +354,14 @@ Individual accounts are specified using ``. - Local account can be entered as `machinename\account` or `.\account` or just `account`. - Domain account should be entered as `domain\account`. -- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**. +- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. AzureAD\someone@contoso.onmicrosoft.com. >[!WARNING] >Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail. - + >[!NOTE] >For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access. @@ -388,15 +387,15 @@ Group accounts are specified using ``. Nested groups are not supporte - + ``` -- Domain group: Both security and distribution groups are supported. Specify the group type as **ActiveDirectoryGroup**. Use the domain name as the prefix in the name attribute. +- Domain group: Both security and distribution groups are supported. Specify the group type as ActiveDirectoryGroup. Use the domain name as the prefix in the name attribute. ```xml - + ``` - Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in. @@ -405,7 +404,7 @@ Group accounts are specified using ``. Nested groups are not supporte - + ``` >[!NOTE] @@ -421,7 +420,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L >[!IMPORTANT] >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. -1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). 2. Choose **Advanced provisioning**. @@ -435,42 +434,42 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 7. In the center pane, click **Browse** to locate and select the assigned access configuration XML file that you created. - ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png) + ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png) 8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed. -8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**. +9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**. -8. On the **File** menu, select **Save.** +10. On the **File** menu, select **Save.** -9. On the **Export** menu, select **Provisioning package**. +11. On the **Export** menu, select **Provisioning package**. -10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** +12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. +13. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package. -12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. +14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. +15. Click **Next**. -14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. +16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. +17. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -15. Copy the provisioning package to the root directory of a USB drive. + +18. Copy the provisioning package to the root directory of a USB drive. ### Apply provisioning package to device @@ -493,7 +492,7 @@ Provisioning packages can be applied to a device during the first-run experience 3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. ![Provision this device](images/prov.jpg) - + 4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. ![Choose a package](images/choose-package.png) @@ -501,9 +500,9 @@ Provisioning packages can be applied to a device during the first-run experience 5. Select **Yes, add it**. ![Do you trust this package?](images/trust-package.png) - - + + #### After setup, from a USB drive, network folder, or SharePoint site 1. Sign in with an admin account. @@ -571,34 +570,34 @@ When the multi-app assigned access configuration is applied on the device, certa The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users. -| Setting | Value | +| Setting | Value | | --- | --- | -Remove access to the context menus for the task bar | Enabled -Clear history of recently opened documents on exit | Enabled -Prevent users from customizing their Start Screen | Enabled -Prevent users from uninstalling applications from Start | Enabled -Remove All Programs list from the Start menu | Enabled -Remove Run menu from Start Menu | Enabled -Disable showing balloon notifications as toast | Enabled -Do not allow pinning items in Jump Lists | Enabled -Do not allow pinning programs to the Taskbar | Enabled -Do not display or track items in Jump Lists from remote locations | Enabled -Remove Notifications and Action Center | Enabled -Lock all taskbar settings | Enabled -Lock the Taskbar | Enabled -Prevent users from adding or removing toolbars | Enabled -Prevent users from resizing the taskbar | Enabled -Remove frequent programs list from the Start Menu | Enabled +Remove access to the context menus for the task bar | Enabled +Clear history of recently opened documents on exit | Enabled +Prevent users from customizing their Start Screen | Enabled +Prevent users from uninstalling applications from Start | Enabled +Remove All Programs list from the Start menu | Enabled +Remove Run menu from Start Menu | Enabled +Disable showing balloon notifications as toast | Enabled +Do not allow pinning items in Jump Lists | Enabled +Do not allow pinning programs to the Taskbar | Enabled +Do not display or track items in Jump Lists from remote locations | Enabled +Remove Notifications and Action Center | Enabled +Lock all taskbar settings | Enabled +Lock the Taskbar | Enabled +Prevent users from adding or removing toolbars | Enabled +Prevent users from resizing the taskbar | Enabled +Remove frequent programs list from the Start Menu | Enabled Remove ‘Map Network Drive’ and ‘Disconnect Network Drive’ | Enabled -Remove the Security and Maintenance icon | Enabled -Turn off all balloon notifications | Enabled -Turn off feature advertisement balloon notifications | Enabled -Turn off toast notifications | Enabled -Remove Task Manager | Enabled -Remove Change Password option in Security Options UI | Enabled -Remove Sign Out option in Security Options UI | Enabled -Remove All Programs list from the Start Menu | Enabled – Remove and disable setting -Prevent access to drives from My Computer | Enabled - Restrict all drivers +Remove the Security and Maintenance icon | Enabled +Turn off all balloon notifications | Enabled +Turn off feature advertisement balloon notifications | Enabled +Turn off toast notifications | Enabled +Remove Task Manager | Enabled +Remove Change Password option in Security Options UI | Enabled +Remove Sign Out option in Security Options UI | Enabled +Remove All Programs list from the Start Menu | Enabled – Remove and disable setting +Prevent access to drives from My Computer | Enabled - Restrict all drivers >[!NOTE] >When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics. @@ -610,25 +609,25 @@ Prevent access to drives from My Computer | Enabled - Restrict all drivers Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide). -Setting | Value | System-wide +Setting | Value | System-wide --- | --- | --- -[Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes -[Start/AllowPinnedFolderDocuments](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderDownloads](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderFileExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderHomeGroup](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderMusic](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderPersonalFolder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderPictures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes -[Start/AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes +[Start/AllowPinnedFolderDocuments](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderDownloads](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderFileExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderHomeGroup](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderMusic](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderPersonalFolder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderPictures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes +[Start/AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes Start/DisableContextMenus | 1 - Context menus are hidden for Start apps | No -[Start/HidePeopleBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar) | 1 - True (hide) | No -[Start/HideChangeAccountSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes -[WindowsInkWorkspace/AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes -[Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No -[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes +[Start/HidePeopleBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar) | 1 - True (hide) | No +[Start/HideChangeAccountSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes +[WindowsInkWorkspace/AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes +[Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No +[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes ## Provision .lnk files using Windows Configuration Designer diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index 93605b8aea..d6ece913c6 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -2,13 +2,15 @@ title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10) description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14 +ms.reviewer: +manager: dansimp keywords: lockdown, embedded ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -37,34 +39,34 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be

                                    [Hibernate Once/Resume Many (HORM)](https://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device

                                    		[HORM](https://docs.microsoft.com/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)

                                    Hibernate Once/Resume Many (HORM): Quick boot to device

                                    		HORM

                                    HORM is supported in Windows 10, version 1607 and later.

                                    [Unified Write Filter](https://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media

                                    		[Unified Write Filter](https://msdn.microsoft.com/library/windows/hardware/mt572001.aspx)

                                    Unified Write Filter: protect a device's physical storage media

                                    		Unified Write Filter

                                    The Unified Write Filter is continued in Windows 10.

                                    [Keyboard Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations

                                    		[Keyboard Filter](https://go.microsoft.com/fwlink/p/?LinkId=708391)

                                    Keyboard Filter: block hotkeys and other key combinations

                                    		Keyboard Filter

                                    Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via Turn Windows Features On/Off. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.

                                    [Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Windows desktop application on sign-on

                                    		[Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=618603)

                                    Shell Launcher: launch a Windows desktop application on sign-on

                                    		Shell Launcher

                                    Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the SMISettings category.

                                    -

                                    Learn [how to use Shell Launcher to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Windows desktop application.

                                    [Application Launcher]( https://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on

                                    		[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)

                                    Application Launcher: launch a Universal Windows Platform (UWP) app on sign-on

                                    		Assigned Access

                                    The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.

                                    [Dialog Filter](https://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run

                                    		[AppLocker](/windows/device-security/applocker/applocker-overview)

                                    Dialog Filter: suppress system dialogs and control which processes can run

                                    		AppLocker

                                    Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.

                                    • Control over which processes are able to run will now be provided by AppLocker.

                                      • @@ -72,48 +74,48 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be

                                    [Toast Notification Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications

                                    Toast Notification Filter: suppress toast notifications

                                    		 Mobile device management (MDM) and Group Policy

                                    Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.

                                    Group Policy: User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications

                                    -

                                    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for AboveLock/AllowActionCenterNotifications.

                                    [Embedded Lockdown Manager](https://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features

                                    		[Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkID=525483)

                                    Embedded Lockdown Manager: configure lockdown features

                                    		Windows Imaging and Configuration Designer (ICD)

                                    The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.

                                    [USB Filter](https://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system

                                    USB Filter: restrict USB devices and peripherals on system

                                    		 MDM and Group Policy

                                    The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.

                                    Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

                                    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow removable storage or Allow USB connection (Windows 10 Mobile only).

                                    [Assigned Access](https://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system

                                    		[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)

                                    Assigned Access: launch a UWP app on sign-in and lock access to system

                                    		Assigned Access

                                    Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.

                                    In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

                                    -

                                    Learn [how to use Assigned Access to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.

                                    [Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen

                                    Gesture Filter: block swipes from top, left, and right edges of screen

                                    		 MDM and Group Policy

                                    In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy.

                                    In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the Allow edge swipe policy.

                                    [Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

                                    		[Embedded Logon](https://go.microsoft.com/fwlink/p/?LinkId=626760)

                                    Custom Logon: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

                                    		Embedded Logon

                                    No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.

                                    [Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements

                                    		[Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626873)

                                    Unbranded Boot: custom brand a device by removing or replacing Windows boot UI elements

                                    		Unbranded Boot

                                    No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.
                                    -  -  -  + + + diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md index 77c814e0b7..911ad4decc 100644 --- a/windows/configuration/manage-tips-and-suggestions.md +++ b/windows/configuration/manage-tips-and-suggestions.md @@ -6,11 +6,13 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 09/20/2017 +ms.reviewer: +manager: dansimp --- # Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md index 155c8385f0..a6c43780bc 100644 --- a/windows/configuration/manage-wifi-sense-in-enterprise.md +++ b/windows/configuration/manage-wifi-sense-in-enterprise.md @@ -2,12 +2,15 @@ title: Manage Wi-Fi Sense in your company (Windows 10) description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271 +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 05/02/2018 ms.topic: article @@ -19,7 +22,7 @@ ms.topic: article - Windows 10 - Windows 10 Mobile ->[!IMPORTANT] +>[!IMPORTANT] >Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details. Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it. @@ -52,28 +55,28 @@ You can manage your Wi-Fi Sense settings by using registry keys and the Registry **To set up Wi-Fi Sense using the Registry Editor** -1. Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\` +1. Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\` -2. Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**. -

                                    Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959). +2. Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**. +

                                    Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see How to configure Wi-Fi Sense on Windows 10 in an enterprise. - ![Registry Editor, showing the creation of a new DWORD value](images/wifisense-registry.png) + ![Registry Editor, showing the creation of a new DWORD value](images/wifisense-registry.png) ### Using the Windows Provisioning settings You can manage your Wi-Fi Sense settings by changing the Windows provisioning setting, **WiFISenseAllowed**. **To set up Wi-Fi Sense using WiFISenseAllowed** -- Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**. -

                                    Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909). +- Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**. +

                                    Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, WiFiSenseAllowed. ### Using Unattended Windows Setup settings If your company still uses Unattend, you can manage your Wi-Fi Sense settings by changing the Unattended Windows Setup setting, **WiFiSenseAllowed**. **To set up Wi-Fi Sense using WiFISenseAllowed** -- Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**. -

                                    Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910). +- Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**. +

                                    Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, WiFiSenseAllowed. ### How employees can change their own Wi-Fi Sense settings If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**. @@ -92,9 +95,9 @@ If you select the **Share network with my contacts** check box the first time yo - [Wi-Fi Sense and Privacy](https://go.microsoft.com/fwlink/p/?LinkId=620911) - [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959) -  + -  + diff --git a/windows/configuration/mobile-devices/configure-mobile.md b/windows/configuration/mobile-devices/configure-mobile.md index 50f896bffe..fc6e9e8001 100644 --- a/windows/configuration/mobile-devices/configure-mobile.md +++ b/windows/configuration/mobile-devices/configure-mobile.md @@ -7,10 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Configure Windows 10 Mobile devices diff --git a/windows/configuration/mobile-devices/lockdown-xml.md b/windows/configuration/mobile-devices/lockdown-xml.md index d5e9143721..28bf0b87e3 100644 --- a/windows/configuration/mobile-devices/lockdown-xml.md +++ b/windows/configuration/mobile-devices/lockdown-xml.md @@ -1,13 +1,15 @@ --- title: Configure Windows 10 Mobile using Lockdown XML (Windows 10) -description: Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. +description: Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. ms.assetid: 22C8F654-2EC3-4E6D-8666-1EA9FCF90F5F +ms.reviewer: +manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security, mobile -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -18,9 +20,9 @@ ms.date: 07/27/2017 **Applies to** -- Windows 10 Mobile +- Windows 10 Mobile -Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. +Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. @@ -38,16 +40,16 @@ Let's start by looking at the basic structure of the lockdown XML file. You can ```xml - - - - - - - - - - + + + + + + + + + + ``` @@ -82,7 +84,7 @@ The following example is a complete lockdown XML file that disables Action Cente - + @@ -143,8 +145,8 @@ In the following example, Outlook Calendar and Outlook Mail are pinned to the St - - + + ``` @@ -158,7 +160,7 @@ You can create and pin folders to Start by using the Apps setting. Each folder r - + Medium 4 @@ -181,7 +183,7 @@ To add apps to the folder, include **ParentFolderId** in the application XML, as 0 0 - 1 + 1 @@ -192,7 +194,7 @@ To add apps to the folder, include **ParentFolderId** in the application XML, as 4 0 - 1 + 1 @@ -224,11 +226,11 @@ In the following example, press-and-hold is disabled for the Back button. ```xml - - - + + + ``` @@ -236,10 +238,10 @@ If you don't specify a button event, all actions for the button are disabled. In ```xml - - - + + + ``` @@ -249,20 +251,20 @@ ButtonRemapList lets you change the app that a button will run. You can remap th > [!WARNING] > Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role. - + To remap a button, you specify the button, the event, and the product ID for the app that you want the event to open. In the following example, when a user presses the Search button, the phone dialer will open instead of the Search app. ```xml - - - + + + ``` @@ -271,7 +273,7 @@ In the following example, when a user presses the Search button, the phone diale ![XML for CSP Runner](../images/CSPRunnerXML.jpg) You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962%28v=vs.85%29.aspx). - + CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role. In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section. @@ -283,21 +285,21 @@ Let's start with the structure of SyncML in the following example: ```xml SyncML> - - | - # - - - CSP Path - - - Data Type - - Value - - | - - + + | + # + + + CSP Path + + + Data Type + + Value + + | + + ``` @@ -358,85 +360,85 @@ If you list a setting or quick action in **Settings**, all settings and quick ac For a list of the settings and quick actions that you can allow or block, see [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md). - + ## Tiles - + ![XML for tiles](../images/TilesXML.png) - + By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. - + > [!IMPORTANT] > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. - + ```xml ``` - + ## Start screen size - + Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: - - - Small sets the width to 4 columns on devices with short axis (less than 400epx) or 6 columns on devices with short axis (greater than or equal to 400epx). - - Large sets the width to 6 columns on devices with short axis (less than 400epx) or 8 columns on devices with short axis (greater than or equal to 400epx). - - If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. - - [Learn about effective pixel width (epx) for different device size classes.](https://go.microsoft.com/fwlink/p/?LinkId=733340) - - + +- Small sets the width to 4 columns on devices with short axis (less than 400epx) or 6 columns on devices with short axis (greater than or equal to 400epx). +- Large sets the width to 6 columns on devices with short axis (less than 400epx) or 8 columns on devices with short axis (greater than or equal to 400epx). + + If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. + + [Learn about effective pixel width (epx) for different device size classes.](https://go.microsoft.com/fwlink/p/?LinkId=733340) + + ## Configure additional roles - + You can add custom configurations by role. In addition to the role configuration, you must also install a login application on the device. The app displays a list of available roles on the device; the user taps a role, such as "Manager"; the configuration defined for the "Manager" role is applied. - + [Learn how to create a login application that will work with your Lockdown XML file.](https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/DeviceLockdownAzureLogin) For reference, see the [Windows.Embedded.DeviceLockdown API](https://msdn.microsoft.com/library/windows/apps/windows.embedded.devicelockdown). - + In the XML file, you define each role with a GUID and name, as shown in the following example: - + ```xml ``` You can create a GUID using a GUID generator -- free tools are available online. The GUID needs to be unique within this XML file. - + You can configure the same settings for each role as you did for the default role, except Start screen size which can only be configured for the default role. If you use CSPRunner with roles, be aware that the last CSP setting applied will be retained across roles unless explicitly changed in each role configuration. CSP settings applied by CSPRunner may conflict with settings applied by MDM. - + ```xml - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + ``` ## Validate your XML You can validate your lockdown XML file against the [EnterpriseAssignedAccess XSD](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseassignedaccess-xsd). - + ## Add lockdown XML to a provisioning package -Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740) +Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740) 1. Follow the instructions at [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651) to create a project, selecting **Common to all Windows mobile editions** for your project. @@ -852,7 +854,6 @@ To push lockdown settings to enrolled devices, use the AssignedAccessXML setting - ``` ## Learn more @@ -864,4 +865,4 @@ To push lockdown settings to enrolled devices, use the AssignedAccessXML setting [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md) -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) \ No newline at end of file +[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) diff --git a/windows/configuration/mobile-devices/mobile-lockdown-designer.md b/windows/configuration/mobile-devices/mobile-lockdown-designer.md index 229a7ea1c4..bb398d4a09 100644 --- a/windows/configuration/mobile-devices/mobile-lockdown-designer.md +++ b/windows/configuration/mobile-devices/mobile-lockdown-designer.md @@ -6,10 +6,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Use the Lockdown Designer app to create a Lockdown XML file diff --git a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md index 5ad6371d4f..1aa6d6f3b8 100644 --- a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md +++ b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md @@ -2,13 +2,15 @@ title: Product IDs in Windows 10 Mobile (Windows 10) description: You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user. ms.assetid: 31116BED-C16A-495A-BD44-93218A087A1C +ms.reviewer: +manager: dansimp keywords: ["lockdown"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md index 141db07726..dabf9951dc 100644 --- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md +++ b/windows/configuration/mobile-devices/provisioning-configure-mobile.md @@ -7,10 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Use Windows Configuration Designer to configure Windows 10 Mobile devices @@ -28,11 +30,11 @@ The **Provision Windows mobile devices** wizard lets you configure common settin ### Start a new project 1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click the Windows Configuration Designer shortcut, + - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click the Windows Configuration Designer shortcut, - or + or - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. + - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. 2. On the **Start** page, choose **Provision Windows mobile devices**. @@ -42,10 +44,10 @@ The **Provision Windows mobile devices** wizard lets you configure common settin ### Configure settings in the wizard - - - - + + + +
                                    ![step one](../images/one.png)![set up device](../images/set-up-device-mobile.png)

                                    Enter a device name.

                                    Optionally, you can enter a product key to upgrade the device from Windows 10 Mobile to Windows 10 Mobile Enterprise.                                     		![device name, upgrade license](../images/set-up-device-details-mobile.png)
                                    ![step two](../images/two.png) ![set up network](../images/set-up-network-mobile.png)

                                    Toggle **On** or **Off** for wireless network connectivity.

                                    If you select **On**, enter the SSID, network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.                                    		![Enter network SSID and type](../images/set-up-network-details-mobile.png)
                                    ![step three](../images/three.png) ![bulk enrollment in Azure Active Directory](../images/bulk-enroll-mobile.png)

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used.

                                    Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

                                    **Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.                                     		![Enter expiration and get bulk token](../images/bulk-enroll-mobile-details.png)
                                    ![step four](../images/four.png) ![finish](../images/finish-mobile.png)

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		![Protect your package](../images/finish-details-mobile.png)
                                    step oneset up device

                                    Enter a device name.

                                    Optionally, you can enter a product key to upgrade the device from Windows 10 Mobile to Windows 10 Mobile Enterprise.                                     		device name, upgrade license
                                    step two set up network

                                    Toggle On or Off for wireless network connectivity.

                                    If you select On, enter the SSID, network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                                    		Enter network SSID and type
                                    step three bulk enrollment in Azure Active Directory

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used.

                                    Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

                                    Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.                                     		Enter expiration and get bulk token
                                    step four finish

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		Protect your package
                                    After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. @@ -86,4 +88,4 @@ You can apply a provisioning package to a device running Windows 10 Mobile by us ## Related topics - [NFC-based device provisioning](provisioning-nfc.md) -- [Use the package splitter tool](provisioning-package-splitter.md) \ No newline at end of file +- [Use the package splitter tool](provisioning-package-splitter.md) diff --git a/windows/configuration/mobile-devices/provisioning-nfc.md b/windows/configuration/mobile-devices/provisioning-nfc.md index 0c9dc82c2d..68b962d26f 100644 --- a/windows/configuration/mobile-devices/provisioning-nfc.md +++ b/windows/configuration/mobile-devices/provisioning-nfc.md @@ -4,11 +4,13 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # NFC-based device provisioning @@ -70,14 +72,14 @@ The following table describes the information that is required when writing to a The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format: -
                                    **Version**
                                    (1 byte)                                    		**Leading**
                                    (1 byte)                                    		**Order**
                                    (1 byte)                                    		**Total**
                                    (1 byte)                                    		**Chunk payload**
                                    (N bytes)
                                    +
                                    Version
                                    (1 byte)                                    		Leading
                                    (1 byte)                                    		Order
                                    (1 byte)                                    		Total
                                    (1 byte)                                    		Chunk payload
                                    (N bytes)
                                    For each part: -- **Version** should always be 0x00. -- **Leading byte** should always be 0xFF. -- **Order** represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0). -- **Total** represents the total number of chunks to be transferred for the whole message. -- **Chunk payload** represents each of the split parts. +- Version should always be 0x00. +- Leading byte should always be 0xFF. +- Order represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0). +- Total represents the total number of chunks to be transferred for the whole message. +- Chunk payload represents each of the split parts. The NFC provisioning helper device must publish the record in a type of Windows.ProvPlugins.Chunk. @@ -138,9 +140,9 @@ For detailed information and code samples on how to implement an NFC-enabled dev - [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md) - [Barcode provisioning and the package splitter tool](provisioning-package-splitter.md) -  + -  + diff --git a/windows/configuration/mobile-devices/provisioning-package-splitter.md b/windows/configuration/mobile-devices/provisioning-package-splitter.md index 1ba20bd10c..736a35c4ed 100644 --- a/windows/configuration/mobile-devices/provisioning-package-splitter.md +++ b/windows/configuration/mobile-devices/provisioning-package-splitter.md @@ -4,11 +4,13 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Barcode provisioning and the package splitter tool @@ -47,13 +49,13 @@ Before you can use the tool, you must have a built provisioning package. The pac cd C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 ``` - - or - + - or - - On an x86 computer, type: + On an x86 computer, type: - ``` - cd C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 - ``` + ``` + cd C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 + ``` 3. Run `ppkgtobase64.exe`. The [syntax](#syntax) and [switches and arguments](#switches-and-arguments) sections provide details for the command. @@ -81,9 +83,9 @@ ppkgtobase64.exe -i -o -s [-c] [/?] ## Related topics -  + -  + diff --git a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md index cf13bbf926..15522142ec 100644 --- a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md @@ -2,13 +2,15 @@ title: Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise (Windows 10) description: A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. ms.assetid: 35EC82D8-D9E8-45C3-84E9-B0C8C167BFF7 +ms.reviewer: +manager: dansimp keywords: kiosk, lockdown, assigned access ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -34,7 +36,7 @@ Enterprise Assigned Access allows you to put your Windows 10 Mobile or Windows >[!NOTE] >The app can be a Universal Windows app, Universal Windows Phone 8 app, or a legacy Silverlight app. -  + ### Set up Enterprise Assigned Access in MDM @@ -44,7 +46,7 @@ In AssignedAccessXml, for Application, you enter the product ID for the app to r ### Set up assigned access using Windows Configuration Designer ->[!IMPORTANT] +>[!IMPORTANT] >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. #### Create the *AssignedAccess*.xml file @@ -182,9 +184,9 @@ Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or 1. On Start ![start](../images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](../images/settingsicon.png) > **Accounts** > **Apps Corner** > launch ![launch](../images/launchicon.png). - >[!TIP]   + >[!TIP] >Want to get to Apps Corner with one tap? In **Settings**, tap **Apps Corner** > **pin** to pin the Apps Corner tile to your Start screen. -   + 2. Give the device to someone else, so they can use the device and only the one app you chose. 3. When they're done and you get the device back, press and hold Power ![power](../images/powericon.png), and then swipe right to exit Apps Corner. @@ -198,7 +200,7 @@ Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) -  + diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md index ca84677bf1..5603c46bfa 100644 --- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md +++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md @@ -2,13 +2,15 @@ title: Settings and quick actions that can be locked down in Windows 10 Mobile (Windows 10) description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185 +ms.reviewer: +manager: dansimp keywords: ["lockdown"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/configuration/mobile-devices/start-layout-xml-mobile.md b/windows/configuration/mobile-devices/start-layout-xml-mobile.md index c8d736b63d..0682606ac4 100644 --- a/windows/configuration/mobile-devices/start-layout-xml-mobile.md +++ b/windows/configuration/mobile-devices/start-layout-xml-mobile.md @@ -5,11 +5,13 @@ keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Start layout XML for mobile editions of Windows 10 (reference) @@ -34,7 +36,7 @@ On Windows 10 Mobile, the customized Start works by: The following diagrams show the default Windows 10, version 1607 Start layouts for single SIM and dual SIM devices with Cortana support, and single SIM and dual SIM devices with no Cortana support. -![Start layout for Windows 10 Mobile](..\images\mobile-start-layout.png) +![Start layout for Windows 10 Mobile](../images/mobile-start-layout.png) The diagrams show: @@ -48,7 +50,7 @@ The diagrams show: IT admins can provision the Start layout by creating a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles. ->[!NOTE] +>[!NOTE] >To make sure the Start layout XML parser processes your file correctly, follow these guidelines when writing your LayoutModification.xml file: >- Do not leave spaces or white lines in between each element. >- Do not add comments inside the StartLayout node or any of its children elements. diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md index b58d853122..3da0ec1215 100644 --- a/windows/configuration/provisioning-apn.md +++ b/windows/configuration/provisioning-apn.md @@ -2,11 +2,13 @@ title: Configure cellular settings for tablets and PCs (Windows 10) description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC +ms.reviewer: +manager: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 04/13/2018 diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index b70f4fd66c..44291012be 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -2,11 +2,13 @@ title: Introduction to configuration service providers (CSPs) for IT pros (Windows 10) description: Configuration service providers (CSPs) expose device configuration settings in Windows 10. ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6 +ms.reviewer: +manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -24,10 +26,10 @@ Configuration service providers (CSPs) expose device configuration settings in W The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations. ->[!NOTE]   +>[!NOTE] >The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile. - [See what's new for CSPs in Windows 10, version 1809.](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809) + [See what's new for CSPs in Windows 10, version 1809.](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809) ## What is a CSP? @@ -218,9 +220,9 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile E - [WindowsSecurityAuditing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723415) -  + -  + diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index 9979020ba7..bd8806ab06 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -2,12 +2,14 @@ title: Provision PCs with common settings (Windows 10) description: Create a provisioning package to apply common settings to a PC running Windows 10. ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E +ms.reviewer: +manager: dansimp keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -66,11 +68,11 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 2. Click **Provision desktop devices**. - ![ICD start options](../images/icd-create-options-1703.png) + ![ICD start options](../images/icd-create-options-1703.png) 3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps. - ![ICD desktop provisioning](../images/icd-desktop-1703.png) + ![ICD desktop provisioning](../images/icd-desktop-1703.png) > [!IMPORTANT] > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. @@ -79,12 +81,12 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L - - - - - - + + + + + +
                                    ![step one](../images/one.png)![set up device](../images/set-up-device.png)

                                    Enter a name for the device.

                                    (Optional) Select a license file to upgrade Windows 10 to a different edition. [See the permitted upgrades.](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades)

                                    Toggle **Yes** or **No** to **Configure devices for shared use**. This setting optimizes Windows 10 for shared use scenarios. [Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)

                                    You can also select to remove pre-installed software from the device.                                     		![device name, upgrade to enterprise, shared use, remove pre-installed software](../images/set-up-device-details-desktop.png)
                                    ![step two](../images/two.png) ![set up network](../images/set-up-network.png)

                                    Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.                                    		![Enter network SSID and type](../images/set-up-network-details-desktop.png)
                                    ![step three](../images/three.png) ![account management](../images/account-management.png)

                                    Enable account management if you want to configure settings on this page.

                                    You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                                    To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

                                    To create a local administrator account, select that option and enter a user name and password.

                                    **Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                                     		![join Active Directory, Azure AD, or create a local admin account](../images/account-management-details.png)
                                    ![step four](../images/four.png) ![add applications](../images/add-applications.png)

                                    You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provision-pcs-with-apps.md).                                     		![add an application](../images/add-applications-details.png)
                                    ![step five](../images/five.png) ![add certificates](../images/add-certificates.png)

                                    To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.                                    		![add a certificate](../images/add-certificates-details.png)
                                    ![finish](../images/finish.png)

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		![Protect your package](../images/finish-details.png)
                                    step oneset up device

                                    Enter a name for the device.

                                    (Optional) Select a license file to upgrade Windows 10 to a different edition. See the permitted upgrades.

                                    Toggle Yes or No to Configure devices for shared use. This setting optimizes Windows 10 for shared use scenarios. Learn more about shared PC configuration.

                                    You can also select to remove pre-installed software from the device.                                     		device name, upgrade to enterprise, shared use, remove pre-installed software
                                    step two set up network

                                    Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                                    		Enter network SSID and type
                                    step three account management

                                    Enable account management if you want to configure settings on this page.

                                    You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                                    To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

                                    To create a local administrator account, select that option and enter a user name and password.

                                    Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                                     		join Active Directory, Azure AD, or create a local admin account
                                    step four add applications

                                    You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see Provision PCs with apps.                                     		add an application
                                    step five add certificates

                                    To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.                                    		add a certificate
                                    finish

                                    You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                                    		Protect your package
                                    After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. @@ -98,7 +100,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa - Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) -  + ## Related topics - [Provisioning packages for Windows 10](provisioning-packages.md) diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index 321a76c0cd..cbfd69c344 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -5,11 +5,13 @@ keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Provision PCs with apps and certificates for initial deployment (advanced provisioning) @@ -44,11 +46,11 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi 2. Click **Advanced provisioning**. - ![ICD start options](../images/icdstart-option.png) + ![ICD start options](../images/icdstart-option.png) 3. Name your project and click **Next**. -3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**. +4. Select **All Windows desktop editions**, click **Next**, and then click **Finish**. ### Add a desktop app to your package @@ -122,42 +124,42 @@ For details about the settings you can customize in provisioning packages, see [ 1. When you are done configuring the provisioning package, on the **File** menu, click **Save**. 2. Read the warning that project files may contain sensitive information, and click **OK**. -> **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. + > **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. 3. On the **Export** menu, click **Provisioning package**. -1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** +4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -10. Set a value for **Package Version**. +5. Set a value for **Package Version**. - > [!TIP]   - > You can make changes to existing packages and change the version number to update previously applied packages. + > [!TIP] + > You can make changes to existing packages and change the version number to update previously applied packages. -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. +6. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. + - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. + - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - **Important**   - We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.  + **Important** + We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. -12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

                                    -Optionally, you can click **Browse** to change the default output location. +7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

                                    + Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. +8. Click **Next**. -14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

                                    -If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. +9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

                                    + If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

                                    -If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. +10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

                                    + If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: +11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - Shared network folder @@ -180,7 +182,7 @@ If your build is successful, the name of the provisioning package, output direct - Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) -  + ## Related topics diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 9f7712c5d3..0529a3a1fb 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -5,11 +5,13 @@ keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Provision PCs with apps @@ -25,7 +27,7 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv). >[!IMPORTANT] ->If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Online Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365) +>If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365) ## Settings for UWP apps @@ -61,6 +63,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate + ## Add a Windows desktop application using advanced editor in Windows Configuration Designer @@ -70,7 +73,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate ![enter name for first app](../images/wcd-app-name.png) -3. [Configure the settings for the appropriate installer type.](#settings-for-classic-windows-apps) +3. Configure the settings for the appropriate installer type. ![enter settings for first app](../images/wcd-app-commands.png) @@ -133,42 +136,42 @@ For details about the settings you can customize in provisioning packages, see [ 1. When you are done configuring the provisioning package, on the **File** menu, click **Save**. 2. Read the warning that project files may contain sensitive information, and click **OK**. -> **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. + > **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. 3. On the **Export** menu, click **Provisioning package**. -1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** +4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -10. Set a value for **Package Version**. +5. Set a value for **Package Version**. - > [!TIP]   - > You can make changes to existing packages and change the version number to update previously applied packages. + > [!TIP] + > You can make changes to existing packages and change the version number to update previously applied packages. -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. +6. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. + - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. + - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - **Important**   - We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.  + **Important** + We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. -12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

                                    -Optionally, you can click **Browse** to change the default output location. +7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

                                    + Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. +8. Click **Next**. -14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

                                    -If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. +9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

                                    + If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

                                    -If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. +10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

                                    + If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: +11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - Shared network folder @@ -191,7 +194,7 @@ If your build is successful, the name of the provisioning package, output direct - Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) -  + ## Related topics diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md index 7b9f542042..2760481053 100644 --- a/windows/configuration/provisioning-packages/provisioning-apply-package.md +++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md @@ -4,11 +4,13 @@ description: Provisioning packages can be applied to a device during the first-r ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 08/22/2017 +ms.reviewer: +manager: dansimp --- # Apply a provisioning package @@ -101,4 +103,4 @@ Insert the USB drive to a desktop computer, navigate to **Settings** > **Account - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) - [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) \ No newline at end of file +- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md index f815fe5059..782997dd02 100644 --- a/windows/configuration/provisioning-packages/provisioning-command-line.md +++ b/windows/configuration/provisioning-packages/provisioning-command-line.md @@ -4,11 +4,13 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Windows Configuration Designer command-line interface (reference) diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index c0cbd3ed3f..876859b5a0 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -1,14 +1,16 @@ --- title: Create a provisioning package (Windows 10) -description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. +description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Create a provisioning package for Windows 10 @@ -16,8 +18,8 @@ ms.date: 07/27/2017 **Applies to** -- Windows 10 -- Windows 10 Mobile +- Windows 10 +- Windows 10 Mobile You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. @@ -29,44 +31,46 @@ You use Windows Configuration Designer to create a provisioning package (.ppkg) ## Start a new project 1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, - - or - - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. + - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, + + or + + - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. 2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image: ![Configuration Designer wizards](../images/icd-create-options-1703.png) - + - The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards). - + - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md) - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md) - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard) - [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) - [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) - + - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. *The rest of this procedure uses advanced provisioning.* - + >[!TIP] > You can start a project in the simple wizard editor and then switch the project to the advanced editor. > > ![Switch to advanced editor](../images/icd-switch.png) - + 3. Enter a name for your project, and then click **Next**. 4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options. - | Windows edition | Settings available for customization | Provisioning package can apply to | - | --- | --- | --- | - | All Windows editions | Common settings | All Windows 10 devices | - | All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) | - | All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices | - | Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices | - | Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) | - | Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) | - + + | Windows edition | Settings available for customization | Provisioning package can apply to | + |-----------------------------------|-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------| + | All Windows editions | Common settings | All Windows 10 devices | + | All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) | + | All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices | + | Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices | + | Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) | + | Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) | + + 5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning packge to import to your project, and then click **Finish**. >[!TIP] @@ -88,11 +92,11 @@ The settings in Windows Configuration Designer are based on Windows 10 configura The process for configuring settings is similar for all settings. The following table shows an example. - - - - - + + + + +
                                    ![step one](../images/one.png)
                                    Expand a category.                                    		![Expand Certificates category](../images/icd-step1.png)
                                    ![step two](../images/two.png)
                                    Select a setting.                                    		![Select ClientCertificates](../images/icd-step2.png)
                                    ![step three](../images/three.png)
                                    Enter a value for the setting. Click **Add** if the button is displayed.                                    		![Enter a name for the certificate](../images/icd-step3.png)
                                    ![step four](../images/four.png)
                                    Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and additional settings are displayed.                                    		![Additional settings for client certificate](../images/icd-step4.png)
                                    ![step five](../images/five.png)
                                    When the setting is configured, it is displayed in the **Selected customizations** pane.                                    		![Selected customizations pane](../images/icd-step5.png)
                                    step one
                                    Expand a category.                                    		Expand Certificates category
                                    step two
                                    Select a setting.                                    		Select ClientCertificates
                                    step three
                                    Enter a value for the setting. Click Add if the button is displayed.                                    		Enter a name for the certificate
                                    step four
                                    Some settings, such as this example, require additional information. In Available customizations, select the value you just created, and additional settings are displayed.                                    		Additional settings for client certificate
                                    step five
                                    When the setting is configured, it is displayed in the Selected customizations pane.                                    		Selected customizations pane
                                    For details on each specific setting, see [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx). The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image. @@ -105,22 +109,22 @@ For details on each specific setting, see [Windows Provisioning settings referen 1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**. ![Export on top bar](../images/icd-export-menu.png) - + 2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**: - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field. - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field. - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages). - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0. - + 3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections. - - **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen. - - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. + - **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen. + - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. - >[!NOTE] - >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. - > - >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner. + >[!NOTE] + >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. + > + >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner. 4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location. @@ -157,4 +161,4 @@ For details on each specific setting, see [Windows Provisioning settings referen - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) - [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) \ No newline at end of file +- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index a94b851110..8153ebaf57 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -4,11 +4,13 @@ description: A provisioning package (.ppkg) is a container for a collection of c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # How provisioning works in Windows 10 diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index 7729761c95..f1bf1aa323 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -4,11 +4,13 @@ description: Learn how to install and run Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 10/16/2017 +ms.reviewer: +manager: dansimp --- # Install Windows Configuration Designer diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index 216d35803f..bf0de14b73 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -4,11 +4,13 @@ description: Create a provisioning package with multivariant settings to customi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms +author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 11/08/2017 -ms.author: jdecker +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Create a provisioning package with multivariant settings @@ -37,8 +39,8 @@ A **Target** can have more than one **TargetState**, and a **TargetState** can h The following table describes the logic for the target definition. - -
                                    When all **Condition** elements are TRUE, **TargetState** is TRUE.![Target state is true when all conditions are true](../images/icd-multi-targetstate-true.png)
                                    If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **Id** can be used for setting customizations.![Target is true if any target state is true](../images/icd-multi-target-true.png)
                                    + +
                                    When all Condition elements are TRUE, TargetState is TRUE.Target state is true when all conditions are true
                                    If any of the TargetState elements is TRUE, Target is TRUE, and the Id can be used for setting customizations.Target is true if any target state is true
                                    ### Conditions @@ -115,16 +117,16 @@ Follow these steps to create a provisioning package with multivariant capabiliti The following example shows the contents of a sample customizations.xml file. ```XML - - - + <?xml version="1.0" encoding="utf-8"?> + + {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} My Provisioning Package 1.0 OEM 50 - - + + @@ -137,25 +139,25 @@ Follow these steps to create a provisioning package with multivariant capabiliti - - + + ``` -4. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. +5. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**. ```XML - - + + {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} My Provisioning Package 1.0 OEM 50 - - + + @@ -186,11 +188,11 @@ Follow these steps to create a provisioning package with multivariant capabiliti - - + + ``` -5. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this: +6. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this: a. Define a child **TargetRefs** element. @@ -206,16 +208,16 @@ Follow these steps to create a provisioning package with multivariant capabiliti The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met. ```XML - - - + <?xml version="1.0" encoding="utf-8"?> + + {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} My Provisioning Package 1.0 OEM 50 - - + + @@ -254,14 +256,14 @@ Follow these steps to create a provisioning package with multivariant capabiliti - - + + ``` -6. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step. +7. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step. -7. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml. +8. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml. For example: @@ -314,7 +316,7 @@ The following events trigger provisioning on Windows 10 devices: - [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md) - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -  + diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index 2a331f5839..b67d2c9fa7 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -1,12 +1,14 @@ --- title: Provisioning packages (Windows 10) -description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. +description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC +ms.reviewer: +manager: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 @@ -17,16 +19,16 @@ ms.date: 07/27/2017 **Applies to** -- Windows 10 -- Windows 10 Mobile +- Windows 10 +- Windows 10 Mobile Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. -A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. +A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization. -The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). +The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). @@ -73,16 +75,16 @@ Provisioning packages can be: The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages. - - - - - - - - - -
                                    **Step****Description****Desktop wizard****Mobile wizard****Kiosk wizard****HoloLens wizard**
                                    Set up deviceAssign device name,
                                    enter product key to upgrade Windows,
                                    configure shared used,
                                    remove pre-installed software                                    		![yes](../images/checkmark.png)![yes](../images/checkmark.png)
                                    (Only device name and upgrade key)                                    		![yes](../images/checkmark.png)![yes](../images/checkmark.png)
                                    Set up networkConnect to a Wi-Fi network![yes](../images/checkmark.png)![yes](../images/checkmark.png)![yes](../images/checkmark.png)![yes](../images/checkmark.png)
                                    Account managementEnroll device in Active Directory,
                                    enroll device in Azure Active Directory,
                                    or create a local administrator account                                    		![yes](../images/checkmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)![yes](../images/checkmark.png)
                                    Bulk Enrollment in Azure ADEnroll device in Azure Active Directory

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup).                                    		![no](../images/crossmark.png)![yes](../images/checkmark.png)![no](../images/crossmark.png)![no](../images/crossmark.png)
                                    Add applicationsInstall applications using the provisioning package.![yes](../images/checkmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)![no](../images/crossmark.png)
                                    Add certificatesInclude a certificate file in the provisioning package.![yes](../images/checkmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)![yes](../images/checkmark.png)
                                    Configure kiosk account and appCreate local account to run the kiosk mode app,
                                    specify the app to run in kiosk mode                                    		![no](../images/crossmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)![no](../images/crossmark.png)
                                    Configure kiosk common settingsSet tablet mode,
                                    configure welcome and shutdown screens,
                                    turn off timeout settings                                    		![no](../images/crossmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)![no](../images/crossmark.png)
                                    Developer SetupEnable Developer Mode.![no](../images/crossmark.png)![no](../images/crossmark.png)![no](../images/crossmark.png)![yes](../images/checkmark.png)
                                    + + + + + + + + + +
                                    StepDescriptionDesktop wizardMobile wizardKiosk wizardHoloLens wizard
                                    Set up deviceAssign device name,
                                    enter product key to upgrade Windows,
                                    configure shared used,
                                    remove pre-installed software                                    		yesyes
                                    (Only device name and upgrade key)                                    		yesyes
                                    Set up networkConnect to a Wi-Fi networkyesyesyesyes
                                    Account managementEnroll device in Active Directory,
                                    enroll device in Azure Active Directory,
                                    or create a local administrator account                                    		yesnoyesyes
                                    Bulk Enrollment in Azure ADEnroll device in Azure Active Directory

                                    Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization.                                    		noyesnono
                                    Add applicationsInstall applications using the provisioning package.yesnoyesno
                                    Add certificatesInclude a certificate file in the provisioning package.yesnoyesyes
                                    Configure kiosk account and appCreate local account to run the kiosk mode app,
                                    specify the app to run in kiosk mode                                    		nonoyesno
                                    Configure kiosk common settingsSet tablet mode,
                                    configure welcome and shutdown screens,
                                    turn off timeout settings                                    		nonoyesno
                                    Developer SetupEnable Developer Mode.nononoyes
                                    - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md) - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md) @@ -97,19 +99,21 @@ The following table describes settings that you can configure using the wizards The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages. -| Customization options | Examples | -|--------------------------|-----------------------------------------------------------------------------------------------| + +| Customization options | Examples | +|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------| | Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters | -| Applications | Windows apps, line-of-business applications | -| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service\* | -| Certificates | Root certification authority (CA), client certificates | -| Connectivity profiles | Wi-Fi, proxy settings, Email | -| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings | -| Data assets | Documents, music, videos, pictures | -| Start menu customization | Start menu layout, application pinning | -| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on | +| Applications | Windows apps, line-of-business applications | +| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service\* | +| Certificates | Root certification authority (CA), client certificates | +| Connectivity profiles | Wi-Fi, proxy settings, Email | +| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings | +| Data assets | Documents, music, videos, pictures | +| Start menu customization | Start menu layout, application pinning | +| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on | + \* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices. -  + For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012). @@ -129,7 +133,7 @@ Windows ICD in Windows 10, version 1607, supported the following scenarios for I > [Learn how to use simple provisioning to configure Windows 10 computers.](provision-pcs-for-initial-deployment.md) * **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. - + * **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: * System Center Configuration Manager and Microsoft Intune hybrid (certificate-based enrollment) @@ -164,9 +168,9 @@ Windows ICD in Windows 10, version 1607, supported the following scenarios for I -  - -  + + + diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md index 0398edbb15..ad7c341563 100644 --- a/windows/configuration/provisioning-packages/provisioning-powershell.md +++ b/windows/configuration/provisioning-packages/provisioning-powershell.md @@ -4,11 +4,13 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # PowerShell cmdlets for provisioning Windows 10 (reference) @@ -24,13 +26,13 @@ Windows 10, version 1703, ships with Windows Provisioning PowerShell cmdlets. Th - - - - - - - + + + + + + +
                                    CmdletUse this cmdlet toSyntax
                                    Add-ProvisioningPackage Apply a provisioning package```Add-ProvisioningPackage [-Path] [-ForceInstall] [-LogsFolder ] [-WprpFile ] []```
                                    Remove-ProvisioningPackageRemove a provisioning package ```Remove-ProvisioningPackage -PackageId [-LogsFolder ] [-WprpFile ] []```
                                    ```Remove-ProvisioningPackage -Path [-LogsFolder ] [-WprpFile ] []```
                                    ```Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []```
                                    Get-ProvisioningPackage Get information about an installed provisioning package ```Get-ProvisioningPackage -PackageId [-LogsFolder ] [-WprpFile ] []```
                                    ```Get-ProvisioningPackage -Path [-LogsFolder ] [-WprpFile ] []```
                                    ```Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []```
                                    Export-ProvisioningPackage Extract the contents of a provisioning package ```Export-ProvisioningPackage -PackageId -OutputFolder [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []```
                                    ```Export-ProvisioningPackage -Path -OutputFolder [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []```
                                    Install-TrustedProvisioningCertificate Adds a certificate to the Trusted Certificate store ```Install-TrustedProvisioningCertificate ```
                                    Get-TrustedProvisioningCertificate List all installed trusted provisioning certificates; use this cmdlet to get the certificate thumbprint to use with the **Uninstall-TrustedProvisioningCertificate** cmdlet```Get-TrustedProvisioningCertificate```
                                    Uninstall-TrustedProvisioningCertificate Remove a previously installed provisioning certificate```Uninstall-TrustedProvisioningCertificate ```
                                    Add-ProvisioningPackage Apply a provisioning packageAdd-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Remove-ProvisioningPackageRemove a provisioning package Remove-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Remove-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Get-ProvisioningPackage Get information about an installed provisioning package Get-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Get-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Export-ProvisioningPackage Extract the contents of a provisioning package Export-ProvisioningPackage -PackageId <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Export-ProvisioningPackage -Path <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]
                                    Install-TrustedProvisioningCertificate Adds a certificate to the Trusted Certificate store Install-TrustedProvisioningCertificate <path to local certificate file on disk>
                                    Get-TrustedProvisioningCertificate List all installed trusted provisioning certificates; use this cmdlet to get the certificate thumbprint to use with the Uninstall-TrustedProvisioningCertificate cmdletGet-TrustedProvisioningCertificate
                                    Uninstall-TrustedProvisioningCertificate Remove a previously installed provisioning certificateUninstall-TrustedProvisioningCertificate <thumbprint>
                                    >[!NOTE] @@ -65,9 +67,9 @@ Trace logs are captured when using cmdlets. The following logs are available in -  + -  + diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md index 6b2041b522..6a96d2a9a1 100644 --- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md +++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md @@ -4,11 +4,13 @@ description: With Windows 10, you can create provisioning packages that let you ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Use a script to install a desktop app in provisioning packages diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md index aa1bf1b80d..e8ebc96787 100644 --- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md +++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md @@ -4,11 +4,13 @@ description: This topic lists the settings that are reverted when you uninstall ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp --- # Settings changed when you uninstall a provisioning package diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 35a669417d..2d3e412440 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -5,11 +5,13 @@ keywords: ["shared pc mode"] ms.prod: W10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Set up a shared or guest PC with Windows 10 @@ -24,16 +26,16 @@ Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 1 > [!NOTE] > If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education. -##Shared PC mode concepts +## Shared PC mode concepts A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. -###Account models +### Account models It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows 10, version 1703, introduces a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode. -###Account management +### Account management When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days. -###Maintenance and sleep +### Maintenance and sleep Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not is use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates. @@ -46,7 +48,7 @@ Use one of the following methods to configure Windows Update: [Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_AllowAutoUpdate) -###App behavior +### App behavior Apps can take advantage of shared PC mode with the following three APIs: @@ -55,7 +57,7 @@ Apps can take advantage of shared PC mode with the following three APIs: - [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality. -###Customization +### Customization Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring shared PC mode on Windows](#configuring-shared-pc-mode-on-windows). The options are listed in the following table. | Setting | Value | @@ -79,7 +81,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re [Policies: Authentication](wcd/wcd-policies.md#authentication) (optional related setting) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. -##Configuring shared PC mode on Windows +## Configuring shared PC mode on Windows You can configure Windows to be in shared PC mode in a couple different ways: - Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune) @@ -116,36 +118,36 @@ Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC 1. [Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md) -1. Open Windows Configuration Designer. -2. On the **Start page**, select **Advanced provisioning**. -3. Enter a name and (optionally) a description for the project, and click **Next**. -4. Select **All Windows desktop editions**, and click **Next**. -5. Click **Finish**. Your project opens in Windows Configuration Designer. -6. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization) -7. On the **File** menu, select **Save.** -8. On the **Export** menu, select **Provisioning package**. -9. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -10. Set a value for **Package Version**. +2. Open Windows Configuration Designer. +3. On the **Start page**, select **Advanced provisioning**. +4. Enter a name and (optionally) a description for the project, and click **Next**. +5. Select **All Windows desktop editions**, and click **Next**. +6. Click **Finish**. Your project opens in Windows Configuration Designer. +7. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization) +8. On the **File** menu, select **Save.** +9. On the **Export** menu, select **Provisioning package**. +10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** +11. Set a value for **Package Version**. > [!TIP] > You can make changes to existing packages and change the version number to update previously applied packages. -   -11. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. + +12. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. + - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. + - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - > [!IMPORTANT]   - > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. -   -12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location. + > [!IMPORTANT] + > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. + +13. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. -14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. +14. Click **Next**. +15. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. +16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: +17. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - Shared network folder @@ -166,11 +168,11 @@ You can apply the provisioning package to a PC during initial setup or to a PC t 2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times. - - If there is only one provisioning package on the USB drive, the provisioning package is applied. + - If there is only one provisioning package on the USB drive, the provisioning package is applied. - - If there is more than one provisioning package on the USB drive, the **Set up device?** message displays. Click **Set up**, and select the provisioning package that you want to install. + - If there is more than one provisioning package on the USB drive, the **Set up device?** message displays. Click **Set up**, and select the provisioning package that you want to install. - ![Set up device?](images/setupmsg.jpg) + ![Set up device?](images/setupmsg.jpg) 3. Complete the setup process. @@ -222,34 +224,34 @@ Shared PC mode sets local group policies to configure the device. Some of these

                                    Policy name

                                    Value

                                    When set?

                                    -

                                    Admin Templates > Control Panel > Personalization

                                    +

                                    Admin Templates > Control Panel > Personalization

                                    Prevent enabling lock screen slide show

                                    Enabled

                                    Always

                                    Prevent changing lock screen and logon image

                                    Enabled

                                    Always

                                    -

                                    Admin Templates > System > Power Management > Button Settings

                                    +

                                    Admin Templates > System > Power Management > Button Settings

                                    Select the Power button action (plugged in)

                                    Sleep

                                    SetPowerPolicies=True

                                    Select the Power button action (on battery)

                                    Sleep

                                    SetPowerPolicies=True

                                    Select the Sleep button action (plugged in)

                                    Sleep

                                    SetPowerPolicies=True

                                    Select the lid switch action (plugged in)

                                    Sleep

                                    SetPowerPolicies=True

                                    Select the lid switch action (on battery)

                                    Sleep

                                    SetPowerPolicies=True

                                    -

                                    Admin Templates > System > Power Management > Sleep Settings

                                    +

                                    Admin Templates > System > Power Management > Sleep Settings

                                    Require a password when a computer wakes (plugged in)

                                    Enabled

                                    SignInOnResume=True

                                    Require a password when a computer wakes (on battery)

                                    Enabled

                                    SignInOnResume=True

                                    -

                                    Specify the system sleep timeout (plugged in)

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    -

                                    Specify the system sleep timeout (on battery)

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    +

                                    Specify the system sleep timeout (plugged in)

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    +

                                    Specify the system sleep timeout (on battery)

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    Turn off hybrid sleep (plugged in)

                                    Enabled

                                    SetPowerPolicies=True

                                    Turn off hybrid sleep (on battery)

                                    Enabled

                                    SetPowerPolicies=True

                                    -

                                    Specify the unattended sleep timeout (plugged in)

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    -

                                    Specify the unattended sleep timeout (on battery)

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    +

                                    Specify the unattended sleep timeout (plugged in)

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    +

                                    Specify the unattended sleep timeout (on battery)

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    Allow standby states (S1-S3) when sleeping (plugged in)

                                    Enabled

                                    SetPowerPolicies=True

                                    Allow standby states (S1-S3) when sleeping (on battery)

                                    Enabled

                                    SetPowerPolicies=True

                                    Specify the system hibernate timeout (plugged in)

                                    Enabled, 0

                                    SetPowerPolicies=True

                                    Specify the system hibernate timeout (on battery)

                                    Enabled, 0

                                    SetPowerPolicies=True

                                    -

                                    Admin Templates>System>Power Management>Video and Display Settings

                                    -

                                    Turn off the display (plugged in)

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    -

                                    Turn off the display (on battery

                                    *SleepTimeout*

                                    SetPowerPolicies=True

                                    -

                                    Admin Templates>System>Power Management>Energy Saver Settings

                                    +

                                    Admin Templates>System>Power Management>Video and Display Settings

                                    +

                                    Turn off the display (plugged in)

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    +

                                    Turn off the display (on battery

                                    SleepTimeout

                                    SetPowerPolicies=True

                                    +

                                    Admin Templates>System>Power Management>Energy Saver Settings

                                    Energy Saver Battery Threshold (on battery)70SetPowerPolicies=True -

                                    Admin Templates>System>Logon

                                    +

                                    Admin Templates>System>Logon

                                    Show first sign-in animation

                                    Disabled

                                    Always

                                    Hide entry points for Fast User Switching

                                    Enabled

                                    Always

                                    Turn on convenience PIN sign-in

                                    Disabled

                                    Always

                                    @@ -258,35 +260,35 @@ Shared PC mode sets local group policies to configure the device. Some of these

                                    Allow users to select when a password is required when resuming from connected standby

                                    Disabled

                                    SignInOnResume=True

                                    Block user from showing account details on sign-in

                                    Enabled

                                    Always

                                    -

                                    Admin Templates>System>User Profiles

                                    +

                                    Admin Templates>System>User Profiles

                                    Turn off the advertising ID

                                    Enabled

                                    SetEduPolicies=True

                                    -

                                    Admin Templates>Windows Components

                                    +

                                    Admin Templates>Windows Components

                                    Do not show Windows Tips

                                    Enabled

                                    SetEduPolicies=True

                                    Turn off Microsoft consumer experiences

                                    Enabled

                                    SetEduPolicies=True

                                    Microsoft Passport for Work

                                    Disabled

                                    Always

                                    Prevent the usage of OneDrive for file storage

                                    Enabled

                                    Always

                                    -

                                    Admin Templates>Windows Components>Biometrics

                                    +

                                    Admin Templates>Windows Components>Biometrics

                                    Allow the use of biometrics

                                    Disabled

                                    Always

                                    Allow users to log on using biometrics

                                    Disabled

                                    Always

                                    Allow domain users to log on using biometrics

                                    Disabled

                                    Always

                                    -

                                    Admin Templates>Windows Components>Data Collection and Preview Builds

                                    +

                                    Admin Templates>Windows Components>Data Collection and Preview Builds

                                    Toggle user control over Insider builds

                                    Disabled

                                    Always

                                    Disable pre-release features or settings

                                    Disabled

                                    Always

                                    Do not show feedback notifications

                                    Enabled

                                    Always

                                    Allow TelemetryBasic, 0SetEduPolicies=True -

                                    Admin Templates>Windows Components>File Explorer

                                    +

                                    Admin Templates>Windows Components>File Explorer

                                    Show lock in the user tile menu

                                    Disabled

                                    Always

                                    -

                                    Admin Templates>Windows Components>Maintenance Scheduler

                                    -

                                    Automatic Maintenance Activation Boundary

                                    *MaintenanceStartTime*

                                    Always

                                    +

                                    Admin Templates>Windows Components>Maintenance Scheduler

                                    +

                                    Automatic Maintenance Activation Boundary

                                    MaintenanceStartTime

                                    Always

                                    Automatic Maintenance Random Delay

                                    Enabled, 2 hours

                                    Always

                                    Automatic Maintenance WakeUp Policy

                                    Enabled

                                    Always

                                    -

                                    Admin Templates>Windows Components>Windows Hello for Business

                                    +

                                    Admin Templates>Windows Components>Windows Hello for Business

                                    Use phone sign-in

                                    Disabled

                                    Always

                                    Use Windows Hello for Business

                                    Disabled

                                    Always

                                    Use biometrics

                                    Disabled

                                    Always

                                    -

                                    Admin Templates>Windows Components>OneDrive

                                    +

                                    Admin Templates>Windows Components>OneDrive

                                    Prevent the usage of OneDrive for file storage

                                    Enabled

                                    Always

                                    -

                                    Windows Settings>Security Settings>Local Policies>Security Options

                                    +

                                    Windows Settings>Security Settings>Local Policies>Security Options

                                    Interactive logon: Do not display last user name

                                    Enabled, Disabled when account model is only guest

                                    Always

                                    Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

                                    Disabled

                                    Always

                                    @@ -300,7 +302,7 @@ Shared PC mode sets local group policies to configure the device. Some of these -  + diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md index 3e25afe52b..e902d0cfe2 100644 --- a/windows/configuration/setup-digital-signage.md +++ b/windows/configuration/setup-digital-signage.md @@ -2,11 +2,14 @@ title: Set up digital signs on Windows 10 (Windows 10) description: A single-use device such as a digital sign is easy to set up in Windows 10 (Pro, Enterprise, and Education). ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms +author: dansimp ms.localizationpriority: medium ms.date: 10/02/2018 ms.topic: article @@ -89,4 +92,4 @@ This procedure explains how to configure digital signage using Kiosk Browser on - \ No newline at end of file + diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index c29f399bba..399946fcc1 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -4,10 +4,12 @@ description: Troubleshoot common errors related to Start menu in Windows 10. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.author: kaushika -author: kaushika-msft +ms.author: dansimp +author: dansimp ms.localizationpriority: medium ms.date: 12/03/18 +ms.reviewer: +manager: dansimp ms.topic: troubleshooting --- @@ -183,7 +185,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded **Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates. ->[!Note] +>[!NOTE] >When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**. @@ -280,14 +282,14 @@ Additionally, users may see blank tiles if logon was attempted without network c ### Symptom: Start Menu issues with Tile Data Layer corruption -**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. +**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)). **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed. 1. The App or Apps work fine when you click on the tiles. 2. The tiles are blank, have a generic placeholder icon, have the wrong or strange title information. 3. The app is missing, but listed as installed via Powershell and works if you launch via URI. - - Example: `windows-feedback://` + - Example: `windows-feedback://` 4. In some cases, Start can be blank, and Action Center and Cortana do not launch. >[!Note] diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index cac14132af..529e59e779 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -5,10 +5,12 @@ keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp ms.localizationpriority: medium --- @@ -57,7 +59,7 @@ Comments are not supported in the `LayoutModification.xml` file. ### Supported elements and attributes ->[!NOTE] +>[!NOTE] >To make sure the Start layout XML parser processes your file correctly, follow these guidelines when working with your LayoutModification.xml file: >- Do not leave spaces or white lines in between each element. >- Do not add comments inside the StartLayout node or any of its children elements. @@ -541,9 +543,9 @@ Once you have created the LayoutModification.xml file and it is present in the d - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) - [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md) -  + -  + diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md index 0dddb20773..5c93aacf5e 100644 --- a/windows/configuration/start-secondary-tiles.md +++ b/windows/configuration/start-secondary-tiles.md @@ -6,10 +6,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.date: 06/27/2018 +ms.reviewer: +manager: dansimp --- # Add image for secondary Microsoft Edge tiles @@ -73,11 +75,11 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet does not append the file name extension, and the policy settings require the extension. 3. If you’d like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references. - - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"` - - Open `C:\Users\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images. + - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"` + - Open `C:\Users\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images. - >[!TIP] - >A quick method for getting appropriately sized images for each tile size is to upload your image at [BuildMyPinnedSite](http://www.buildmypinnedsite.com/) and then download the resized tile images. + >[!TIP] + >A quick method for getting appropriately sized images for each tile size is to upload your image at [BuildMyPinnedSite](http://www.buildmypinnedsite.com/) and then download the resized tile images. 4. In Windows PowerShell, enter the following command: @@ -134,7 +136,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L >[!IMPORTANT] >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. -1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). 2. Choose **Advanced provisioning**. @@ -155,56 +157,56 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 9. Enter **assets.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the assets.xml file in a later step. -7. Save your project and close Windows Configuration Designer. +10. Save your project and close Windows Configuration Designer. -7. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*) +11. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*) -7. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this: +12. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this: - ![Customizations file with the placeholder text to replace highlighted](images/customization-start-edge.png) + ![Customizations file with the placeholder text to replace highlighted](images/customization-start-edge.png) -7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape). +13. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape). -8. Replace **assets.xml** with the text from the assets.xml file, [with markup characters replaced with escape characters](#escape). +14. Replace **assets.xml** with the text from the assets.xml file, [with markup characters replaced with escape characters](#escape). -8. Save and close the customizations.xml file. +15. Save and close the customizations.xml file. -8. Open Windows Configuration Designer and open your project. +16. Open Windows Configuration Designer and open your project. -8. On the **File** menu, select **Save.** +17. On the **File** menu, select **Save.** -9. On the **Export** menu, select **Provisioning package**. +18. On the **Export** menu, select **Provisioning package**. -10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** +19. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. +20. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. -12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. +21. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. +22. Click **Next**. -14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. +23. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. +24. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Copy the provisioning package to the target device. +25. Copy the provisioning package to the target device. -17. Double-click the ppkg file and allow it to install. +26. Double-click the ppkg file and allow it to install. - ## Related topics + ## Related topics - [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md index eb3d236c32..643ebbc93e 100644 --- a/windows/configuration/stop-employees-from-using-microsoft-store.md +++ b/windows/configuration/stop-employees-from-using-microsoft-store.md @@ -2,12 +2,14 @@ title: Configure access to Microsoft Store (Windows 10) description: IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97 +ms.reviewer: +manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store, mobile -author: TrudyHa -ms.author: Trudyha +author: dansimp +ms.author: dansimp ms.topic: conceptual ms.localizationpriority: medium ms.date: 4/16/2018 diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md index dc54b8c470..4f1ec82a51 100644 --- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md @@ -1,12 +1,15 @@ --- title: Administering UE-V with Windows PowerShell and WMI description: Administering UE-V with Windows PowerShell and WMI -author: MaggiePucciEvans +author: trudyha ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: trudyha ms.topic: article --- @@ -41,4 +44,4 @@ After you create and deploy UE-V settings location templates, you can manage tho - [Administering UE-V](uev-administering-uev.md) -- [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx) \ No newline at end of file +- [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx) diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md index 231e26adb5..c06c6a0d85 100644 --- a/windows/configuration/ue-v/uev-administering-uev.md +++ b/windows/configuration/ue-v/uev-administering-uev.md @@ -1,12 +1,15 @@ --- title: Administering UE-V description: Administering UE-V -author: MaggiePucciEvans +author: trudyha ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: trudyha ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index d68b5836f0..68f04ffda2 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -1,12 +1,15 @@ --- title: Application Template Schema Reference for UE-V description: Application Template Schema Reference for UE-V -author: MaggiePucciEvans +author: trudyha ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: trudyha ms.topic: article --- @@ -150,7 +153,7 @@ The Process data type is a container used to describe processes to be monitored -  + **Processes** The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. @@ -199,7 +202,7 @@ Settings is a container for all the settings that apply to a particular template -  + ### Name Element @@ -214,7 +217,7 @@ UE-V does not reference external DTDs, so it is not possible to use named entiti See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically. -  + ### ID Element @@ -259,7 +262,7 @@ This value is queried to determine if a new version of a template should be appl - When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI -  + ### Author Element @@ -325,7 +328,7 @@ A value of **True** indicates that the string contains illegal characters. Here **Note**   The UE-V template generator encodes the greater than and less than characters as > and < respectively. -  + In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”. @@ -342,7 +345,7 @@ If this element is absent, the settings location template ignores the process’ **Note**   UE-V does not support ARM processors in this version. -  + ### ProductName @@ -491,11 +494,11 @@ Application is a container for settings that apply to a particular application.

                                    Name

                                    -

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

                                    +

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

                                    ID

                                    -

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

                                    +

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

                                    Description

                                    @@ -511,7 +514,7 @@ Application is a container for settings that apply to a particular application.

                                    Version

                                    -

                                    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).

                                    +

                                    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

                                    DeferToMSAccount

                                    @@ -527,16 +530,16 @@ Application is a container for settings that apply to a particular application.

                                    Processes

                                    -

                                    A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).

                                    +

                                    A container for a collection of one or more Process elements. For more information, see Processes.

                                    Settings

                                    -

                                    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).

                                    +

                                    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

                                    -  + ### Common Element @@ -554,11 +557,11 @@ Common is similar to an Application element, but it is always associated with tw

                                    Name

                                    -

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

                                    +

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

                                    ID

                                    -

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

                                    +

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

                                    Description

                                    @@ -574,7 +577,7 @@ Common is similar to an Application element, but it is always associated with tw

                                    Version

                                    -

                                    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).

                                    +

                                    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

                                    DeferToMSAccount

                                    @@ -590,12 +593,12 @@ Common is similar to an Application element, but it is always associated with tw

                                    Settings

                                    -

                                    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).

                                    +

                                    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

                                    -  + ### SettingsLocationTemplate Element @@ -613,11 +616,11 @@ This element defines the settings for a single application or a suite of applica

                                    Name

                                    -

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

                                    +

                                    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

                                    ID

                                    -

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

                                    +

                                    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

                                    Description

                                    @@ -634,7 +637,7 @@ This element defines the settings for a single application or a suite of applica -  + ### Appendix: SettingsLocationTemplate.xsd diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index 832f2de235..05d2abc519 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -1,12 +1,15 @@ --- title: Changing the Frequency of UE-V Scheduled Tasks description: Changing the Frequency of UE-V Scheduled Tasks -author: MaggiePucciEvans +author: trudyha ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: trudyha ms.topic: article --- @@ -248,4 +251,4 @@ The following additional information applies to UE-V scheduled tasks: [Administering UE-V](uev-administering-uev.md) -[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md) \ No newline at end of file +[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md) diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index 97c9310dd8..913d80ac7c 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -1,12 +1,15 @@ --- title: Configuring UE-V with Group Policy Objects description: Configuring UE-V with Group Policy Objects -author: MaggiePucciEvans +author: trudyha ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: trudyha ms.topic: article --- @@ -69,13 +72,13 @@ The following policy settings can be configured for UE-V.

                                    Settings storage path

                                    Computers and Users

                                    This Group Policy setting configures where the user settings are to be stored.

                                    -

                                    Enter a Universal Naming Convention (UNC) path and variables such as \\Server\SettingsShare\%username%.

                                    +

                                    Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.

                                    Settings template catalog path

                                    Computers Only

                                    This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.

                                    -

                                    Enter a Universal Naming Convention (UNC) path such as \\Server\TemplateShare or a folder location on the computer.

                                    +

                                    Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.

                                    Select the check box to replace the default Microsoft templates.

                                    @@ -106,23 +109,23 @@ The following policy settings can be configured for UE-V.

                                    Use User Experience Virtualization (UE-V)

                                    Computers and Users

                                    This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).

                                    -

                                    This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.

                                    +

                                    This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the Enable UE-V setting.

                                    Enable UE-V

                                    Computers and Users

                                    This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.

                                    -

                                    This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.

                                    +

                                    This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the Use User Experience Virtualization (UE-V) setting.

                                    -  + **Note**   In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. -  + **Windows App Group Policy settings** @@ -163,7 +166,7 @@ In addition, Group Policy settings are available for many desktop applications a -  + For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist). diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index d92182f4b2..049e9cff9f 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -1,12 +1,15 @@ --- title: Configuring UE-V with System Center Configuration Manager description: Configuring UE-V with System Center Configuration Manager -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -77,7 +80,7 @@ The UE-V Configuration Pack includes tools to: -   + - Verify compliance by confirming that UE-V is running. @@ -104,7 +107,7 @@ It might be necessary to change the PowerShell execution policy to allow these s 1. Select **Administration > Client Settings > Properties** 2. In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass** -  + **Create the first UE-V policy configuration item** @@ -237,9 +240,9 @@ You can download the [System Center 2012 Configuration Pack for Microsoft User E [Manage Configurations for UE-V](uev-manage-configurations.md) -  + -  + diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md index 2af139a5f0..926765cff2 100644 --- a/windows/configuration/ue-v/uev-deploy-required-features.md +++ b/windows/configuration/ue-v/uev-deploy-required-features.md @@ -1,12 +1,15 @@ --- title: Deploy required UE-V features description: Deploy required UE-V features -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md index a30b419314..edb70df39e 100644 --- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md +++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md @@ -1,12 +1,15 @@ --- title: Use UE-V with custom applications description: Use UE-V with custom applications -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -120,7 +123,7 @@ UE-V for Windows 10, version 1607 includes a new template generator. If you are ![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png) -3. To open the generator, select **Microsoft Application Virtualization Generator** from the **Start** menu. +3. To open the generator, select **Microsoft Application Virtualization Generator** from the **Start** menu. 4. See [Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) for information about how to use the template generator. diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md index 0c937406d8..23ae2d9c91 100644 --- a/windows/configuration/ue-v/uev-for-windows.md +++ b/windows/configuration/ue-v/uev-for-windows.md @@ -1,12 +1,15 @@ --- title: User Experience Virtualization for Windows 10, version 1607 description: Overview of User Experience Virtualization for Windows 10, version 1607 -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 05/02/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md index 8dedea5f41..6324c8cddc 100644 --- a/windows/configuration/ue-v/uev-getting-started.md +++ b/windows/configuration/ue-v/uev-getting-started.md @@ -1,12 +1,15 @@ --- title: Get Started with UE-V description: Get Started with UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 03/08/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Get Started with UE-V diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index 7f4c44d9ae..0884ef68c4 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -1,12 +1,15 @@ --- title: Manage Administrative Backup and Restore in UE-V description: Manage Administrative Backup and Restore in UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -89,10 +92,10 @@ Restoring a user’s device restores the currently registered Template’s setti If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device. - **Note**   + **Note** Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied. -   + - **Manual Restore** @@ -128,7 +131,7 @@ WMI and Windows PowerShell commands let you restore application and Windows sett -   + **To restore application settings and Windows settings with WMI** @@ -155,12 +158,14 @@ WMI and Windows PowerShell commands let you restore application and Windows sett -   - **Note**   - UE-V does not provide a settings rollback for Windows apps. -   +~~~ +**Note** +UE-V does not provide a settings rollback for Windows apps. +~~~ + + diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md index 848ae4a259..dddea0457c 100644 --- a/windows/configuration/ue-v/uev-manage-configurations.md +++ b/windows/configuration/ue-v/uev-manage-configurations.md @@ -1,12 +1,15 @@ --- title: Manage Configurations for UE-V description: Manage Configurations for UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index 2f57d80c99..332f881bf8 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -1,12 +1,15 @@ --- title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -26,7 +29,7 @@ The WMI and Windows PowerShell features of UE-V include the ability to enable, d You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates. -****To manage settings location templates by using Windows PowerShell**** +***To manage settings location templates by using Windows PowerShell*** 1. Use an account with administrator rights to open a Windows PowerShell command prompt. @@ -155,7 +158,7 @@ You must have administrator permissions to update, register, or unregister a set -   + The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell. diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md index 54743a7bd4..191b74f140 100644 --- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md @@ -1,12 +1,15 @@ --- title: Managing the UE-V Service and Packages with Windows PowerShell and WMI description: Managing the UE-V service and packages with Windows PowerShell and WMI -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -23,169 +26,169 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m ## To configure the UE-V service with Windows PowerShell -1. Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights. +1. Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights. -2. Use the following Windows PowerShell commands to configure the service. +2. Use the following Windows PowerShell commands to configure the service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                    Windows PowerShell commandDescription

                                    Enable-UEV

                                    -

                                    Turns on the UE-V service. Requires reboot.

                                    Disable-UEV

                                    Turns off the UE-V service. Requires reboot.

                                    Get-UevStatus

                                    Displays whether UE-V service is enabled or disabled, using a Boolean value.

                                    Get-UevConfiguration

                                    -

                                    Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.

                                    Get-UevConfiguration -CurrentComputerUser

                                    -

                                    Gets the UE-V service settings values for the current user only.

                                    Get-UevConfiguration -Computer

                                    Gets the UE-V service configuration settings values for all users on the computer.

                                    Get-UevConfiguration -Details

                                    Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.

                                    Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings

                                    Configures the UE-V service to not synchronize any Windows apps for all users on the computer.

                                    Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings

                                    Configures the UE-V service to not synchronize any Windows apps for the current computer user.

                                    Set-UevConfiguration -Computer -EnableFirstUseNotification

                                    Configures the UE-V service to display notification the first time the service runs for all users on the computer.

                                    Set-UevConfiguration -Computer -DisableFirstUseNotification

                                    Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.

                                    Set-UevConfiguration -Computer -EnableSettingsImportNotify

                                    Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.

                                    -

                                    Use the DisableSettingsImportNotify parameter to disable notification.

                                    Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify

                                    Configures the UE-V service to notify the current user when settings synchronization is delayed.

                                    -

                                    Use the DisableSettingsImportNotify parameter to disable notification.

                                    Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps

                                    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).

                                    -

                                    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

                                    Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps

                                    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).

                                    -

                                    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

                                    Set-UevConfiguration -Computer -DisableSync

                                    Disables UE-V for all the users on the computer.

                                    -

                                    Use the EnableSync parameter to enable or re-enable.

                                    Set-UevConfiguration -CurrentComputerUser -DisableSync

                                    Disables UE-V for the current user on the computer.

                                    -

                                    Use the EnableSync parameter to enable or re-enable.

                                    Set-UevConfiguration -Computer -EnableTrayIcon

                                    Enables the UE-V icon in the notification area for all users of the computer.

                                    -

                                    Use the DisableTrayIcon parameter to disable the icon.

                                    Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>

                                    Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.

                                    Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>

                                    Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.

                                    Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds

                                    Specifies the time in seconds before the user is notified for all users of the computer

                                    Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds

                                    Specifies the time in seconds before notification for the current user is sent.

                                    Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>

                                    Defines a per-computer settings storage location for all users of the computer.

                                    Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>

                                    Defines a per-user settings storage location.

                                    Set-UevConfiguration -Computer -SettingsTemplateCatalogPath <path to catalog>

                                    Sets the settings template catalog path for all users of the computer.

                                    Set-UevConfiguration -Computer -SyncMethod <sync method>

                                    Sets the synchronization method for all users of the computer: SyncProvider or None.

                                    Set-UevConfiguration -CurrentComputerUser -SyncMethod <sync method>

                                    Sets the synchronization method for the current user: SyncProvider or None.

                                    Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>

                                    Sets the synchronization time-out in milliseconds for all users of the computer

                                    Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>

                                    Set the synchronization time-out for the current user.

                                    Clear-UevConfiguration -Computer -<setting name>

                                    Clears the specified setting for all users on the computer.

                                    Clear-UevConfiguration -CurrentComputerUser -<setting name>

                                    Clears the specified setting for the current user only.

                                    Export-UevConfiguration <settings migration file>

                                    Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.

                                    -

                                    The Export cmdlet exports all UE-V service settings that are configurable with the Computer parameter.

                                    Import-UevConfiguration <settings migration file>

                                    Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.

                                    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                    Windows PowerShell commandDescription

                                    Enable-UEV

                                    +

                                    Turns on the UE-V service. Requires reboot.

                                    Disable-UEV

                                    Turns off the UE-V service. Requires reboot.

                                    Get-UevStatus

                                    Displays whether UE-V service is enabled or disabled, using a Boolean value.

                                    Get-UevConfiguration

                                    +

                                    Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.

                                    Get-UevConfiguration -CurrentComputerUser

                                    +

                                    Gets the UE-V service settings values for the current user only.

                                    Get-UevConfiguration -Computer

                                    Gets the UE-V service configuration settings values for all users on the computer.

                                    Get-UevConfiguration -Details

                                    Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.

                                    Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings

                                    Configures the UE-V service to not synchronize any Windows apps for all users on the computer.

                                    Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings

                                    Configures the UE-V service to not synchronize any Windows apps for the current computer user.

                                    Set-UevConfiguration -Computer -EnableFirstUseNotification

                                    Configures the UE-V service to display notification the first time the service runs for all users on the computer.

                                    Set-UevConfiguration -Computer -DisableFirstUseNotification

                                    Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.

                                    Set-UevConfiguration -Computer -EnableSettingsImportNotify

                                    Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.

                                    +

                                    Use the DisableSettingsImportNotify parameter to disable notification.

                                    Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify

                                    Configures the UE-V service to notify the current user when settings synchronization is delayed.

                                    +

                                    Use the DisableSettingsImportNotify parameter to disable notification.

                                    Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps

                                    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V Settings Location Templates Using Windows PowerShell and WMI.

                                    +

                                    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

                                    Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps

                                    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V Settings Location Templates Using Windows PowerShell and WMI.

                                    +

                                    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

                                    Set-UevConfiguration -Computer -DisableSync

                                    Disables UE-V for all the users on the computer.

                                    +

                                    Use the EnableSync parameter to enable or re-enable.

                                    Set-UevConfiguration -CurrentComputerUser -DisableSync

                                    Disables UE-V for the current user on the computer.

                                    +

                                    Use the EnableSync parameter to enable or re-enable.

                                    Set-UevConfiguration -Computer -EnableTrayIcon

                                    Enables the UE-V icon in the notification area for all users of the computer.

                                    +

                                    Use the DisableTrayIcon parameter to disable the icon.

                                    Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>

                                    Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.

                                    Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>

                                    Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.

                                    Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds

                                    Specifies the time in seconds before the user is notified for all users of the computer

                                    Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds

                                    Specifies the time in seconds before notification for the current user is sent.

                                    Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>

                                    Defines a per-computer settings storage location for all users of the computer.

                                    Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>

                                    Defines a per-user settings storage location.

                                    Set-UevConfiguration -Computer -SettingsTemplateCatalogPath <path to catalog>

                                    Sets the settings template catalog path for all users of the computer.

                                    Set-UevConfiguration -Computer -SyncMethod <sync method>

                                    Sets the synchronization method for all users of the computer: SyncProvider or None.

                                    Set-UevConfiguration -CurrentComputerUser -SyncMethod <sync method>

                                    Sets the synchronization method for the current user: SyncProvider or None.

                                    Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>

                                    Sets the synchronization time-out in milliseconds for all users of the computer

                                    Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>

                                    Set the synchronization time-out for the current user.

                                    Clear-UevConfiguration -Computer -<setting name>

                                    Clears the specified setting for all users on the computer.

                                    Clear-UevConfiguration -CurrentComputerUser -<setting name>

                                    Clears the specified setting for the current user only.

                                    Export-UevConfiguration <settings migration file>

                                    Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.

                                    +

                                    The Export cmdlet exports all UE-V service settings that are configurable with the Computer parameter.

                                    Import-UevConfiguration <settings migration file>

                                    Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.

                                    -   + ## To export UE-V package settings and repair UE-V templates with Windows PowerShell @@ -343,7 +346,7 @@ When you are finished configuring the UE-V service with WMI and Windows PowerShe -   + diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md index a3538ae874..4ed5adc8a9 100644 --- a/windows/configuration/ue-v/uev-migrating-settings-packages.md +++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md @@ -1,12 +1,15 @@ --- title: Migrating UE-V settings packages description: Migrating UE-V settings packages -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -39,7 +42,7 @@ Simply copying the files and folders does not preserve the security settings and **Note**   To monitor the copy progress, open MySettings.txt with a log viewer such as Trace32. -   + 4. Grant share-level permissions to the new share. Leave the NTFS file system permissions as they were set by Robocopy. diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 49d9a1a011..794ec9df43 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -1,12 +1,15 @@ --- title: Prepare a UE-V Deployment description: Prepare a UE-V Deployment -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -366,7 +369,7 @@ Enable this configuration using one of these methods: Restart the device to allow the settings to synchronize. - >**Note** -These methods do not work for pooled virtual desktop infrastructure (VDI) environments. + These methods do not work for pooled virtual desktop infrastructure (VDI) environments. >**Note** diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index d3ea98b032..84502cd211 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -1,12 +1,15 @@ --- title: User Experience Virtualization (UE-V) Release Notes description: User Experience Virtualization (UE-V) Release Notes -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md index 3875310be0..a036b1fb3a 100644 --- a/windows/configuration/ue-v/uev-security-considerations.md +++ b/windows/configuration/ue-v/uev-security-considerations.md @@ -1,12 +1,15 @@ --- title: Security Considerations for UE-V description: Security Considerations for UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md index 25d02edabb..ebe670eed2 100644 --- a/windows/configuration/ue-v/uev-sync-methods.md +++ b/windows/configuration/ue-v/uev-sync-methods.md @@ -1,12 +1,15 @@ --- title: Sync Methods for UE-V description: Sync Methods for UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md index d2304e40f7..3dc4b9727d 100644 --- a/windows/configuration/ue-v/uev-sync-trigger-events.md +++ b/windows/configuration/ue-v/uev-sync-trigger-events.md @@ -1,12 +1,15 @@ --- title: Sync Trigger Events for UE-V description: Sync Trigger Events for UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -38,7 +41,7 @@ The following table explains the trigger events for classic applications and Win

                                    Windows Logon

                                    • Application and Windows settings are imported to the local cache from the settings storage location.

                                      • -

                                    • [Asynchronous Windows settings](uev-prepare-for-deployment.md#windows-settings-synchronized-by-default) are applied.

                                      • +

                                    • Asynchronous Windows settings are applied.

                                    • Synchronous Windows settings will be applied during the next Windows logon.

                                    • Application settings will be applied when the application starts.

                                    @@ -80,19 +83,18 @@ The following table explains the trigger events for classic applications and Win

                                    Application and Windows settings are synchronized between the settings storage location and the local cache.

                                    -Note   -

                                    Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.

                                    +Note

                                    Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.

                                    For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).

                                    -  +

                                    Settings are applied in these cases:

                                    • Asynchronous Windows settings are applied directly.

                                    • Application settings are applied when the application starts.

                                    • Both asynchronous and synchronous Windows settings are applied during the next Windows logon.

                                      • -

                                    • Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings) for more information.

                                      • +

                                    • Windows app (AppX) settings are applied during the next refresh. See Monitor Application Settings for more information.

                                    NA

                                    @@ -104,7 +106,7 @@ The following table explains the trigger events for classic applications and Win -  + @@ -120,9 +122,9 @@ The following table explains the trigger events for classic applications and Win [Choose the Configuration Method for UE-V](uev-deploy-required-features.md) -  - -  + + + diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md index 3c81c45f29..02d2b22ad2 100644 --- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md +++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md @@ -1,12 +1,15 @@ --- title: Synchronizing Microsoft Office with UE-V description: Synchronizing Office with UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md index bad81a6dc7..5edddf9109 100644 --- a/windows/configuration/ue-v/uev-technical-reference.md +++ b/windows/configuration/ue-v/uev-technical-reference.md @@ -1,12 +1,15 @@ --- title: Technical Reference for UE-V description: Technical Reference for UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md index 15c38e1991..1ffb99a964 100644 --- a/windows/configuration/ue-v/uev-troubleshooting.md +++ b/windows/configuration/ue-v/uev-troubleshooting.md @@ -1,12 +1,15 @@ --- title: Troubleshooting UE-V description: Troubleshooting UE-V -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md index c551db77fc..b8ef5003a2 100644 --- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md +++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md @@ -1,12 +1,15 @@ --- title: Upgrade to UE-V for Windows 10 description: Explains how to upgrade to the latest version of UE-V. -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md index c3ee8ceeae..d2e019723d 100644 --- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md +++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md @@ -1,12 +1,15 @@ --- title: Using UE-V with Application Virtualization applications description: Using UE-V with Application Virtualization applications -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -34,7 +37,7 @@ UE-V monitors when an application opens by the program name and, optionally, by **Note**   If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**. -   + 4. Start the App-V package. @@ -48,9 +51,9 @@ UE-V monitors when an application opens by the program name and, optionally, by [Administering UE-V](uev-administering-uev.md) -  + -  + diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md index 968d4d1dc4..e44d1c33a7 100644 --- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md +++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md @@ -1,12 +1,15 @@ --- title: What's New in UE-V for Windows 10, version 1607 description: What's New in UE-V for Windows 10, version 1607 -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md index 49cd6e736a..a2663f503d 100644 --- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md +++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md @@ -1,12 +1,15 @@ --- title: Working with Custom UE-V Templates and the UE-V Template Generator description: Working with Custom UE-V Templates and the UE-V Template Generator -author: MaggiePucciEvans +author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -98,7 +101,7 @@ Use the UE-V template generator to edit settings location templates. When the re >**Note**   A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template. -   + 2. Open the settings location template file with an XML editor. 3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](uev-application-template-schema-reference.md). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates. @@ -154,9 +157,9 @@ Before you deploy any settings location template that you have downloaded from t [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md) -  + -  + diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md index 70b495e029..ffefe134f1 100644 --- a/windows/configuration/wcd/wcd-accountmanagement.md +++ b/windows/configuration/wcd/wcd-accountmanagement.md @@ -4,11 +4,13 @@ description: This section describes the account management settings that you can ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # AccountManagement (Windows Configuration Designer reference) @@ -52,4 +54,4 @@ Enter the percent of total storage available for user profiles. If **DeletionPol ## StorageCapacityStopDeletion -Enter the percent of total storage at which to stop deleting profiles. If **DeletionPolicy** is set to **Delete at storage capacity threshold** or **Delete at storage capacity threshold and profile inactivity threshold**, profiles will be deleted when available storage capacity falls below the threshold set for **StorageCapacityStartDeletion**, until the value that you set for **StorageCapacityStopDeletion** is reached. Profiles that have been inactive the longest will be deleted first. \ No newline at end of file +Enter the percent of total storage at which to stop deleting profiles. If **DeletionPolicy** is set to **Delete at storage capacity threshold** or **Delete at storage capacity threshold and profile inactivity threshold**, profiles will be deleted when available storage capacity falls below the threshold set for **StorageCapacityStartDeletion**, until the value that you set for **StorageCapacityStopDeletion** is reached. Profiles that have been inactive the longest will be deleted first. diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index a9f4434dfb..6a6265ee5a 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -4,11 +4,13 @@ description: This section describes the account settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Accounts (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index b6410ee421..830319f0f7 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -4,11 +4,13 @@ description: This section describes the ADMXIngestion settings that you can conf ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # ADMXIngestion (Windows Configuration Designer reference) @@ -95,4 +97,4 @@ The next image highlights the specific policy. ## Related topics - [Policy configuration service provider (CSP): ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed) -- [Understanding ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/understanding-admx-backed-policies) \ No newline at end of file +- [Understanding ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/understanding-admx-backed-policies) diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index ff12b64898..0dd2768060 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -4,11 +4,13 @@ description: This section describes the AssignedAccess setting that you can conf ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # AssignedAccess (Windows Configuration Designer reference) @@ -46,4 +48,4 @@ Use this setting to configure a kiosk device that runs more than one app. ## Related topics -- [AssignedAccess configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/assignedaccess-csp) \ No newline at end of file +- [AssignedAccess configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/assignedaccess-csp) diff --git a/windows/configuration/wcd/wcd-automatictime.md b/windows/configuration/wcd/wcd-automatictime.md index 272d9117a7..e8308679e0 100644 --- a/windows/configuration/wcd/wcd-automatictime.md +++ b/windows/configuration/wcd/wcd-automatictime.md @@ -4,11 +4,13 @@ description: This section describes the AutomaticTime settings that you can conf ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # AutomaticTime (Windows Configuration Designer reference) @@ -71,4 +73,4 @@ The list should contain one or more server names. The default NTP source server Specify which UICC slot will be preferred for NITZ handling on a C+G dual SIM phone. - Set to `0` to use the UICC in Slot 0 for NITZ handling. -- Set to '1' to use the UICC in Slot 1 for NITZ handling. \ No newline at end of file +- Set to '1' to use the UICC in Slot 1 for NITZ handling. diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index c7cd5a030f..b91890550a 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -4,11 +4,13 @@ description: This section describes the Browser settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Browser (Windows Configuration Designer reference) @@ -55,7 +57,7 @@ To add a new item under the browser's **Favorites** list: 2. In the **Available customizations** pane, select the friendly name that you just created, and in the text field, enter the URL for the item. -For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and "http://www.contoso.com" for the URL. +For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and "" for the URL. ## PartnerSearchCode diff --git a/windows/configuration/wcd/wcd-callandmessagingenhancement.md b/windows/configuration/wcd/wcd-callandmessagingenhancement.md index 2c27545f28..73b872d360 100644 --- a/windows/configuration/wcd/wcd-callandmessagingenhancement.md +++ b/windows/configuration/wcd/wcd-callandmessagingenhancement.md @@ -4,11 +4,13 @@ description: This section describes the CallAndMessagingEnhancement settings tha ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/21/2017 +ms.reviewer: +manager: dansimp --- # CallAndMessagingEnhancement (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md index cde8d098c0..186d34e8ec 100644 --- a/windows/configuration/wcd/wcd-calling.md +++ b/windows/configuration/wcd/wcd-calling.md @@ -4,11 +4,13 @@ description: This section describes the Calling settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Calling (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index b7b52b37af..b9b724b0b7 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -4,11 +4,13 @@ description: This section describes the CellCore settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # CellCore (Windows Configuration Designer reference) @@ -209,29 +211,29 @@ UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the d ### SMS -Setting | Description ---- | --- -AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. -DefaultMCC | Set the default mobile country code (MCC). -Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

                                    - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
                                    - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) -Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS]https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms). -Encodings > OctetEncodingPage | Set the octet (binary) encoding. -Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. -Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. -Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). -IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. -MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. -SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. -SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. -SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem. -SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. -Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. -Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. -Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS. -Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS. -Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. -Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. -Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. +| Setting | Description | +|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | +| DefaultMCC | Set the default mobile country code (MCC). | +| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

                                    - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
                                    - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) | +| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS]). | +| Encodings > OctetEncodingPage | Set the octet (binary) encoding. | +| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. | +| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. | +| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). | +| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. | +| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | +| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. | +| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. | +| SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem. | +| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. | +| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. | +| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. | +| Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS. | +| Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS. | +| Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. | +| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. | +| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. | ### UIX @@ -336,31 +338,26 @@ SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10 ### General -Setting | Description ---- | --- -atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:

                                    - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
                                    - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
                                    - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. -atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:

                                    - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
                                    - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. -AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. -CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. -CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`. -CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. -Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn). -Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. -DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. -EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. -ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). -LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. -LTEForced | Select **Yes** to force LTE. -NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

                                    - system type 4: 2G (GSM)
                                    - system type 8: 3G (UMTS)
                                    - system type 16: LTE
                                    - system type 32: 3G (TS-SCDMA)

                                    Select the system type that you added, and enter the network name and suffix that you want displayed. -NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. -OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) -OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) -SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. - - - - - +| Setting | Description | +|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:

                                    - **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
                                    - **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
                                    - **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC. | +| atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:

                                    - **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator.
                                    - **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator. | +| AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network. | +| CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. | +| CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to \`310:410,311:*,404:012,310:70\`. | +| CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone. | +| Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn). | +| Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits. | +| DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming. | +| EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming. | +| ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`). | +| LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE. | +| LTEForced | Select **Yes** to force LTE. | +| NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:

                                    - system type 4: 2G (GSM)
                                    - system type 8: 3G (UMTS)
                                    - system type 16: LTE
                                    - system type 32: 3G (TS-SCDMA)

                                    Select the system type that you added, and enter the network name and suffix that you want displayed. | +| NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`. | +| OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.) | +| OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.) | +| SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming. | ### RCS @@ -372,27 +369,26 @@ See descriptions in Windows Configuration Designer. ### SMS -Setting | Description ---- | --- -AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. -DefaultMCC | Set the default mobile country code (MCC). -Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

                                    - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
                                    - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) -Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS]https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms). -Encodings > OctetEncodingPage | Set the octet (binary) encoding. -Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. -Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. -Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). -IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. -MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. -SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. -SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. -SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. -Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. -Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. -Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. -Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. -Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. - +| Setting | Description | +|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. | +| DefaultMCC | Set the default mobile country code (MCC). | +| Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:

                                    - Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)
                                    - Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction) | +| Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. For more information, see [Add encoding extension tables for SMS]). | +| Encodings > OctetEncodingPage | Set the octet (binary) encoding. | +| Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding. | +| Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding. | +| Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language). | +| IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation. | +| MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds. | +| SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. | +| SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message. | +| SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message. | +| Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**. | +| Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. | +| Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH. | +| Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**. | +| Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type. | ### UTK @@ -446,4 +442,4 @@ No|Yes|Yes|If SPN string >= 12: *SPN*1234

                                    If SPN string < 12: *SPN*" "1 No|No|No|*SIM 1* or *SIM 2* No|Yes|No|SPN (up to 16 characters) No|No|Yes|*SIM 1* or *SIM 2* - + diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index f6c9545c4a..fbff60c5e4 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -1,14 +1,15 @@ --- title: Cellular (Windows 10) +ms.reviewer: +manager: dansimp description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article -ms.date: 10/02/2018 --- # Cellular (Windows Configuration Designer reference) @@ -52,6 +53,10 @@ Enter the destination path for the BrandingIcon .ico file. Enter the service provider name for the mobile operator. +### DataClassMappingTable + +Enter a customized string for the appropriate [data class](https://docs.microsoft.com/windows/desktop/api/mbnapi/ne-mbnapi-mbn_data_class). + ### NetworkBlockList Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC). @@ -74,4 +79,4 @@ Enter a comma-separated list of mobile country code (MCC) and mobile network cod ### UseBrandingNameOnRoaming -Select an option for displaying the BrandingName when the device is roaming. \ No newline at end of file +Select an option for displaying the BrandingName when the device is roaming. diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 56aa4f2379..1ca02c30f0 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -4,11 +4,13 @@ description: This section describes the Certificates settings that you can confi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Certificates (Windows Configuration Designer reference) @@ -69,4 +71,4 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo ## Related topics -- [RootCATrustedCertficates configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/rootcacertificates-csp) \ No newline at end of file +- [RootCATrustedCertficates configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/rootcacertificates-csp) diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md index b51c2ab60e..999eda43b0 100644 --- a/windows/configuration/wcd/wcd-changes.md +++ b/windows/configuration/wcd/wcd-changes.md @@ -1,19 +1,35 @@ --- title: Changes to settings in Windows Configuration Designer (Windows 10) +ms.reviewer: +manager: dansimp description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article -ms.date: 10/02/2018 --- # Changes to settings in Windows Configuration Designer -Settings added in Windows 10, version 1809 +## Settings added in Windows 10, version 1903 + +- [DeviceUpdateCenter](wcd-deviceupdatecenter.md) +- [Privacy](wcd-privacy.md) +- [Time](wcd-time.md) +- [Cellular > DataClassMappingTable](wcd-cellular.md#dataclassmappingtable) +- [OOBE > EnableCortanaVoice](wcd-oobe.md#enablecortanavoice) +- [Policies > LocalPoliciesSecurityOptions](wcd-policies.md#localpoliciessecurityoptions) +- [Policies > Power](wcd-policies.md#power) +- [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) + +## Settings removed in Windows 10, version 1903 + +- [WLAN](wcd-wlan.md) + +## Settings added in Windows 10, version 1809 - [Browser > AllowPrelaunch](wcd-browser.md#allowprelaunch) @@ -74,7 +90,7 @@ Settings added in Windows 10, version 1809 - [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) -Settings removed in Windows 10, version 1809 +## Settings removed in Windows 10, version 1809 - [CellCore](wcd-cellcore.md) - [Policies > Browser:](wcd-policies.md#browser) diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index fa17758467..8befd7addc 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -4,11 +4,13 @@ description: This section describes the CleanPC settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # CleanPC (Windows Configuration Designer reference) @@ -26,4 +28,4 @@ For each setting, the options are **Enable** and **Not configured**. ## Related topics -- [CleanPC configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp) \ No newline at end of file +- [CleanPC configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp) diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index cf22b5e590..110c6fa1b8 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -4,11 +4,13 @@ description: This section describes the Connections settings that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Connections (Windows Configuration Designer reference) @@ -45,4 +47,4 @@ See [CMPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/cus ## Proxies -See [CM_ProxyEntries CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cm-proxyentries-csp) for settings and values. \ No newline at end of file +See [CM_ProxyEntries CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cm-proxyentries-csp) for settings and values. diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 38bdf81ca7..b3c7b54807 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -4,11 +4,13 @@ description: This section describes the ConnectivityProfile settings that you ca ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # ConnectivityProfiles (Windows Configuration Designer reference) @@ -199,4 +201,4 @@ Enter a SSID, click **Add**, and then configure the following settings for the S | ProxyServerPort | (Optional) Specify the configuration of the network proxy as **host:port**. A proxy server host and port can be specified per connection for Windows 10 for mobile devices. The host can be server name, FQDN, or SLN or IPv4 or IPv6 address. This proxy configuration is only supported in Windows 10 for mobile devices. Using this configuration in Windows 10 for desktop editions will result in failure. | | AutoConnect | (Optional) Select **True** or **false** to specify whether to automatically connect to WLAN. | | HiddenNetwork | (Optional) Select **True** or **false** to specify whether the network is hidden. | -| SecurityType | Choose between **Open**, **WEP**, and **WPA2-Personal**.

                                    If you select **WEP** or **WPA2-Personal**, enter the **SecurityKey** required by the WLAN. | \ No newline at end of file +| SecurityType | Choose between **Open**, **WEP**, and **WPA2-Personal**.

                                    If you select **WEP** or **WPA2-Personal**, enter the **SecurityKey** required by the WLAN. | diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index 63428e442e..ff0aa5fd59 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -4,11 +4,13 @@ description: This section describes the CountryAndRegion settings that you can c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # CountryAndRegion (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index f2cf8486fa..660b9bbe1e 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -4,11 +4,13 @@ description: This section describes the DesktopBackgrounAndColors settings that ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/21/2017 +ms.reviewer: +manager: dansimp --- # DesktopBackgroundAndColors (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index a37e897815..02f177cf8f 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -4,11 +4,13 @@ description: This section describes the DeveloperSetup settings that you can con ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # DeveloperSetup (Windows Configuration Designer reference) @@ -35,4 +37,4 @@ When AuthenticationMode is set to **Basic Auth**, enter a user name and password ## Related topics -- [Device Portal for HoloLens](https://docs.microsoft.com/windows/uwp/debug-test-perf/device-portal-hololens) \ No newline at end of file +- [Device Portal for HoloLens](https://docs.microsoft.com/windows/uwp/debug-test-perf/device-portal-hololens) diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index 3a05a093c8..3437bbcacf 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -4,11 +4,13 @@ description: This section describes the DeviceFormFactor setting that you can co ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # DeviceFormFactor (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-deviceinfo.md b/windows/configuration/wcd/wcd-deviceinfo.md index 891a4c6de2..4b8f5b396e 100644 --- a/windows/configuration/wcd/wcd-deviceinfo.md +++ b/windows/configuration/wcd/wcd-deviceinfo.md @@ -4,11 +4,13 @@ description: This section describes the DeviceInfo settings that you can configu ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/21/2017 +ms.reviewer: +manager: dansimp --- # DeviceInfo (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index b245647edf..6ce7ce542c 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -4,11 +4,13 @@ description: This section describes the DeviceManagement setting that you can co ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # DeviceManagement (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md new file mode 100644 index 0000000000..e8431b2555 --- /dev/null +++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md @@ -0,0 +1,22 @@ +--- +title: DeviceUpdateCenter (Windows 10) +description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: jdeckerMS +ms.localizationpriority: medium +ms.author: jdecker +ms.topic: article +--- + +# DeviceUpdateCenter (Windows Configuration Designer reference) + +Do not use **DeviceUpdateCenter** settings at this time. + +## Applies to + +| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | :---: | +| All settings | X | | | | | + diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 274f251c85..7946a9d44e 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -4,11 +4,13 @@ description: This section describes the DMClient setting that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # DMClient (Windows Configuration Designer reference) @@ -25,4 +27,4 @@ For the **UpdateManagementServiceAddress** setting, enter a list of servers. The ## Related topics -- [DMClient configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp) \ No newline at end of file +- [DMClient configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp) diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index 8b9e9e37e7..0f21e3eb3c 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -4,11 +4,13 @@ description: This section describes the EditionUpgrade settings that you can con ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # EditionUpgrade (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md index 9ad65e569c..54b378fd72 100644 --- a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md +++ b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md @@ -4,11 +4,13 @@ description: This section describes the EmbeddedLockdownProfiles setting that yo ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # EmbeddedLockdownProfiles (Windows Configuration Designer reference) @@ -27,4 +29,4 @@ Use to apply an XML configuration to a mobile device that locks down the device, ## Related topics -- [EnterpriseAssignedAccess configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseassignedaccess-csp) \ No newline at end of file +- [EnterpriseAssignedAccess configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseassignedaccess-csp) diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index a0a581baec..00dc29db3c 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -4,11 +4,13 @@ description: This section describes the FirewallConfiguration setting that you c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # FirewallConfiguration (Windows Configuration Designer reference) @@ -25,4 +27,4 @@ Set to **True** or **False**. ## Related topics -- [AllJoyn](https://developer.microsoft.com/windows/iot/docs/alljoyn) \ No newline at end of file +- [AllJoyn](https://developer.microsoft.com/windows/iot/docs/alljoyn) diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index cb1554991e..c6e1b45f25 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -4,11 +4,13 @@ description: This section describes the FirstExperience settings that you can co ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # FirstExperience (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index 69797f84fa..4977b81a41 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -4,11 +4,13 @@ description: This section describes the Folders settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Folders (Windows Configuration Designer reference) @@ -21,4 +23,4 @@ Use to add files to the device. | --- | :---: | :---: | :---: | :---: | :---: | | PublicDocuments | X | X | X | | | -Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder. \ No newline at end of file +Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder. diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md index e2bdada785..6d8716bc7c 100644 --- a/windows/configuration/wcd/wcd-hotspot.md +++ b/windows/configuration/wcd/wcd-hotspot.md @@ -4,11 +4,13 @@ description: This section describes the HotSpot settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 12/18/2018 +ms.reviewer: +manager: dansimp --- # HotSpot (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-initialsetup.md b/windows/configuration/wcd/wcd-initialsetup.md index f75a6811ab..9694bd6859 100644 --- a/windows/configuration/wcd/wcd-initialsetup.md +++ b/windows/configuration/wcd/wcd-initialsetup.md @@ -4,11 +4,13 @@ description: This section describes the InitialSetup setting that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # InitialSetup (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-internetexplorer.md b/windows/configuration/wcd/wcd-internetexplorer.md index e9fe891193..c8ae64c3ad 100644 --- a/windows/configuration/wcd/wcd-internetexplorer.md +++ b/windows/configuration/wcd/wcd-internetexplorer.md @@ -4,11 +4,13 @@ description: This section describes the InternetExplorer settings that you can c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # InternetExplorer (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index 29f19e45e4..2e62c61759 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -4,11 +4,13 @@ description: This section describes the KioskBrowser settings that you can confi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # KioskBrowser (Windows Configuration Designer reference) @@ -33,12 +35,12 @@ Enable Home Button | Show a Home button in Kiosk Browser. Home will return the b Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. ->[!IMPORTANT] ->To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: -> +> [!IMPORTANT] +> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: +> > 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer. ->2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). ->3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). ->4. Save the XML file. ->5. Open the project again in Windows Configuration Designer. ->6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. \ No newline at end of file +> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). +> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). +> 4. Save the XML file. +> 5. Open the project again in Windows Configuration Designer. +> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index c905f3ec39..d7a823d193 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -4,11 +4,13 @@ description: This section describes the Licensing settings that you can configur ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Licensing (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md index f54b9343b1..51c9676fc7 100644 --- a/windows/configuration/wcd/wcd-location.md +++ b/windows/configuration/wcd/wcd-location.md @@ -4,11 +4,13 @@ description: This section describes the Location settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Location (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index 8bff1e1a34..413d267bd9 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -4,11 +4,13 @@ description: This section describes the Maps settings that you can configure in ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Maps (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md index b48bfa9e23..df739bb51d 100644 --- a/windows/configuration/wcd/wcd-messaging.md +++ b/windows/configuration/wcd/wcd-messaging.md @@ -4,11 +4,13 @@ description: This section describes the Messaging settings that you can configur ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Messaging (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-modemconfigurations.md b/windows/configuration/wcd/wcd-modemconfigurations.md index 7282a3f54d..7e4b830d53 100644 --- a/windows/configuration/wcd/wcd-modemconfigurations.md +++ b/windows/configuration/wcd/wcd-modemconfigurations.md @@ -4,11 +4,13 @@ description: This section describes the ModemConfiguration settings that you can ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/12/2017 +ms.reviewer: +manager: dansimp --- # ModemConfiguration (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-multivariant.md b/windows/configuration/wcd/wcd-multivariant.md index f5604d8c64..1a6771f972 100644 --- a/windows/configuration/wcd/wcd-multivariant.md +++ b/windows/configuration/wcd/wcd-multivariant.md @@ -4,11 +4,13 @@ description: This section describes the Multivariant settings that you can confi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Multivariant (Windows Configuration Designer reference) @@ -21,4 +23,4 @@ Use to select a default profile for mobile devices that have multivariant config | --- | :---: | :---: | :---: | :---: | :---: | | DefaultProfile | | X | | | | -If you will be adding [multivariant settings](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-multivariant) to your provisioning package, you can use the **DefaultProfile** setting to specify which variant should be applied by default if OOBE is skipped. In the **DefaultProfile** field, enter the UINAME from your customizations.xml that you want to use as default. \ No newline at end of file +If you will be adding [multivariant settings](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-multivariant) to your provisioning package, you can use the **DefaultProfile** setting to specify which variant should be applied by default if OOBE is skipped. In the **DefaultProfile** field, enter the UINAME from your customizations.xml that you want to use as default. diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index f48d289c4d..6fc060772a 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -4,11 +4,13 @@ description: This section describes the NetworkProxy settings that you can confi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # NetworkProxy (Windows Configuration Designer reference) @@ -49,4 +51,4 @@ Address to the PAC script you want to use. ## Related topics -- [NetworkProxy configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) \ No newline at end of file +- [NetworkProxy configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 3f8d2822e2..33a0bfac6b 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -4,11 +4,13 @@ description: This section describes the NetworkQoSPolicy settings that you can c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # NetworkQoSPolicy (Windows Configuration Designer reference) @@ -35,4 +37,4 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a ## Related topics -- [NetworkQoSPolicy configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) \ No newline at end of file +- [NetworkQoSPolicy configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) diff --git a/windows/configuration/wcd/wcd-nfc.md b/windows/configuration/wcd/wcd-nfc.md index 3aebb6e738..cede584f46 100644 --- a/windows/configuration/wcd/wcd-nfc.md +++ b/windows/configuration/wcd/wcd-nfc.md @@ -4,11 +4,13 @@ description: This section describes the NFC settings that you can configure in p ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # NFC (Windows Configuration Designer reference) @@ -27,4 +29,4 @@ Expand **NFC** > **SEMgr** > **UI**. The following table describes the settings | --- | --- | | CardEmulationState | Configure the default state of **Tap to pay**. Select between **OFF**, **When Phone Unlocked**, **When Screen On**, and **Anytime**. | | DefaultFastCardSetting | Configure the default fast card usage for NFC payments. Select between **When Phone Unlocked**, **When Screen On**, and **Anytime**. | -| HideFastCardsOption | Show or hide the fast cards options drop-down menu in the **NFC** > **Tap to pay** control panel. | \ No newline at end of file +| HideFastCardsOption | Show or hide the fast cards options drop-down menu in the **NFC** > **Tap to pay** control panel. | diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 35acf44bc2..9ed1686afe 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -1,27 +1,46 @@ --- title: OOBE (Windows 10) +ms.reviewer: +manager: dansimp description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article -ms.date: 09/06/2017 --- # OOBE (Windows Configuration Designer reference) -Use to configure settings for the Out Of Box Experience (OOBE). +Use to configure settings for the [Out Of Box Experience (OOBE)](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-oobe). ## Applies to | Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | :---: | +| [Desktop > EnableCortanaVoice](#enablecortanavoice) | X | | | | | +| [Desktop > HideOobe](#hided) | X | | | | | | [Mobile > EnforceEnterpriseProvisioning](#nforce) | | X | | | | | [Mobile > HideOobe](#hidem) | | X | | | | -| [Desktop > HideOobe](#hided) | X | | | | | + + + + +## EnableCortanaVoice + +Use this setting to control whether Cortana voice-over is enabled during OOBE. The voice-over is disabled by default on Windows 10 Pro, Education, and Enterprise. The voice-over is enabled by default on Windows 10 Home. Select **True** to enable voice-over during OOBE, or **False** to disable voice-over during OOBE. + + +## HideOobe for desktop + +When set to **True**, it hides the interactive OOBE flow for Windows 10. + +>[!NOTE] +>You must create a user account if you set the value to true or the device will not be usable. + +When set to **False**, the OOBE screens are displayed. ## EnforceEnterpriseProvisioning @@ -36,13 +55,3 @@ When set to **False**, it does not force the OOBE flow to the enterprise provisi When set to **True**, it hides the interactive OOBE flow for Windows 10 Mobile. When set to **False**, the OOBE screens are displayed. - - -## HideOobe for desktop - -When set to **True**, it hides the interactive OOBE flow for Windows 10. - ->[!NOTE] ->You must create a user account if you set the value to true or the device will not be usable. - -When set to **False**, the OOBE screens are displayed. \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-otherassets.md b/windows/configuration/wcd/wcd-otherassets.md index d26f543e2b..e9f913ccef 100644 --- a/windows/configuration/wcd/wcd-otherassets.md +++ b/windows/configuration/wcd/wcd-otherassets.md @@ -4,11 +4,13 @@ description: This section describes the OtherAssets settings that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # OtherAssets (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 14a361651f..5368e5b446 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -4,11 +4,13 @@ description: This section describes the Personalization settings that you can co ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Personalization (Windows Configuration Designer reference) @@ -42,4 +44,4 @@ Specify a jpg, jpeg or png image to be used as desktop image. This setting can t ## LockScreenImageUrl -Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage). \ No newline at end of file +Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage). diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index d2d9d74f45..c8086eebd5 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -1,14 +1,15 @@ --- title: Policies (Windows 10) +ms.reviewer: +manager: dansimp description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article -ms.date: 10/02/2018 --- # Policies (Windows Configuration Designer reference) @@ -39,7 +40,7 @@ This section describes the **Policies** settings that you can configure in [prov | [DefaultAssociationsConfiguration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | X | | | | | -##ApplicationManagement +## ApplicationManagement | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | @@ -154,7 +155,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | X | | +| [AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | | | ## Connectivity @@ -337,12 +338,46 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in 5. Open the project again in Windows Configuration Designer. 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. +## LocalPoliciesSecurityOptions + +| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | :---: | +| [InteractiveLogon_DoNotDisplayLastSignedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | X | | | | | +| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | X | | | | | +| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | X | | | | | + ## Location | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | | [EnableLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | | +## Power + +| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | :---: | +| [AllowStandbyStatesWhenSleepingOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | X | | | | | +| [AllowStandbyWhenSleepingPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | X | | | | | +| [DisplayOffTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | X | | | | | +| [DisplayOffTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | X | | | | | +| [EnergySaverBatteryThresholdOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | X | | | | | +| [EnergySaverBatteryThresholdPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | X | | | | | +| [HibernateTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | X | | | | | +| [HibernateTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | X | | | | | +| [RequirePasswordWhenComputerWakesOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | X | | | | | +| [RequirePasswordWhenComputerWakesPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | X | | | | | +| [SelectLidCloseActionBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | X | | | | | +| [SelectLidCloseActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | X | | | | | +| [SelectPowerButtonActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | X | | | | | +| [SelectPowerButtonActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | X | | | | | +| [SelectSleepButtonActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | X | | | | | +| [SelectSleepButtonActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | X | | | | | +| [StandbyTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | X | | | | | +| [StandbyTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | X | | | | | +| [TurnOffHybridSleepOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | X | | | | | +| [TurnOffHybridSleepPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | X | | | | | +| [UnattendedSleepTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | X | | | | | +| [UnattendedSleepTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | X | | | | | ## Privacy @@ -476,55 +511,54 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl ## Update -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [ActiveHoursEnd](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | | X | -| [ActiveHoursMaxRange](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | | X | -| [ActiveHoursStart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | | X | -| [AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X | -| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)| Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | | X | -| [AllowMUUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X | -| [AllowNonMicrosoftSignedUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | | X | -| [AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X | -| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X | -| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X | -| [AutoRestartNotificationSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | | X | -| [AutoRestartRequiredNotificationDismissal](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | | X | -| [BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X | -| [DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | | X | -| [DeferQualityUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | | X | -| [DeferUpdatePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | X | X | X | X | X | -| [DeferUpgradePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) |Specify upgrade delays for up to 8 months. | X | X | X | X | X | -| [DetectionFrequency](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X | -| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | | X | -| [EngagedRestartDeadline](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X | -| [EngagedRestartDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X | -| [EngagedRestartSnoozeSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X | -| [EngagedRestartSnoozeScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X | -| [EngagedRestartTransitionSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X | -| [EngagedRestartTransitionScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X | -| [ExcludeWUDriversInQualityUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | X | | X | | X | -| [FillEmptyContentUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | | X | -| ManagePreviewBuilds | Use to enable or disable preview builds. | X | X | X | X | X | -| PhoneUpdateRestrictions | Deprecated | | X | | | | -| [RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X | -| [ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | X | X | X | X | X | -| [ScheduledInstallEveryWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | X | X | X | X | X | -| [ScheduledInstallFirstWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | X | X | X | X | X | -| [ScheduledInstallFourthWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | X | X | X | X | X | -| [ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | X | X | X | X | X | -| [ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | X | X | X | X | X | -| [ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X | -| [ScheduleImminentRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | | X || -| [ScheduleRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | | X | -| [SetAutoRestartNotificationDisable](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | | X | -| [SetDisablePauseUXAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | X | X | X | | X | -| [SetDisableUXWUAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | X | X | X | | X | -| [SetEDURestart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | | X | -| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | X | X | X | | X | -| [UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | X | X | X | X | X | -| [UpdateServiceUrlAlternate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | X | X | X | X | X | - +| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:|:--------:| +| [ActiveHoursEnd](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | | X | +| [ActiveHoursMaxRange](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | | X | +| [ActiveHoursStart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | | X | +| [AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X | +| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | | X | +| [AllowMUUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X | +| [AllowNonMicrosoftSignedUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | | X | +| [AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X | +| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X | +| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X | +| [AutoRestartNotificationSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | | X | +| [AutoRestartRequiredNotificationDismissal](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | | X | +| [BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X | +| [DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | | X | +| [DeferQualityUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | | X | +| [DeferUpdatePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | X | X | X | X | X | +| [DeferUpgradePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | X | X | X | X | X | +| [DetectionFrequency](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X | +| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | | X | +| [EngagedRestartDeadline](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X | +| [EngagedRestartDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X | +| [EngagedRestartSnoozeSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X | +| [EngagedRestartSnoozeScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X | +| [EngagedRestartTransitionSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X | +| [EngagedRestartTransitionScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X | +| [ExcludeWUDriversInQualityUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | X | | X | | X | +| [FillEmptyContentUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | | X | +| ManagePreviewBuilds | Use to enable or disable preview builds. | X | X | X | X | X | +| PhoneUpdateRestrictions | Deprecated | | X | | | | +| [RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X | +| [ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | X | X | X | X | X | +| [ScheduledInstallEveryWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | X | X | X | X | X | +| [ScheduledInstallFirstWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | X | X | X | X | X | +| [ScheduledInstallFourthWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | X | X | X | X | X | +| [ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | X | X | X | X | X | +| [ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | X | X | X | X | X | +| [ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X | +| [ScheduleImminentRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | | X | +| [ScheduleRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | | X | +| [SetAutoRestartNotificationDisable](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | | X | +| [SetDisablePauseUXAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | X | X | X | | X | +| [SetDisableUXWUAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | X | X | X | | X | +| [SetEDURestart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | | X | +| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | X | X | X | | X | +| [UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | X | X | X | X | X | +| [UpdateServiceUrlAlternate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | X | X | X | X | X | ## WiFi @@ -534,7 +568,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl | [AllowInternetSharing](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | X | X | | | | | [AllowManualWiFiConfiguration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | X | | | | | [AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | X | | | | -| [WLANScanMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | X | X | +| [WLANScanMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | | X | ## WindowsInkWorkspace diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md new file mode 100644 index 0000000000..1e754ef32f --- /dev/null +++ b/windows/configuration/wcd/wcd-privacy.md @@ -0,0 +1,29 @@ +--- +title: Privacy (Windows 10) +description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: jdeckerMS +ms.localizationpriority: medium +ms.author: jdecker +ms.topic: article +--- + +# Privacy (Windows Configuration Designer reference) + +Use **Privacy** to configure settings for app activation with voice. + +## Applies to + +| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | :---: | +| All settings | X | X | X | | X | + +## LetAppsActivateWithVoice + +Select between **User is in control**, **Force allow**, or **Force deny**. + +## LetAppsActivateWithVoiceAboveLock + +Select between **User is in control**, **Force allow**, or **Force deny**. \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 0f63fc68e7..a10646cadc 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -4,11 +4,13 @@ description: This section describes the ProvisioningCommands settings that you c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # ProvisioningCommands (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-rcspresence.md b/windows/configuration/wcd/wcd-rcspresence.md index ece81a2a9a..d76762fcbc 100644 --- a/windows/configuration/wcd/wcd-rcspresence.md +++ b/windows/configuration/wcd/wcd-rcspresence.md @@ -4,11 +4,13 @@ description: This section describes the RcsPresence settings that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # RcsPresence (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index 73739a9e70..470f13c251 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -4,11 +4,13 @@ description: This section describes the SharedPC settings that you can configure ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/16/2017 +ms.reviewer: +manager: dansimp --- # SharedPC (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-shell.md b/windows/configuration/wcd/wcd-shell.md index e1ba0a5685..2be71e7ded 100644 --- a/windows/configuration/wcd/wcd-shell.md +++ b/windows/configuration/wcd/wcd-shell.md @@ -4,11 +4,13 @@ description: This section describes the Shell settings that you can configure in ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Shell (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index a9e588a6f8..b3f2dcc26c 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -4,11 +4,13 @@ description: This section describes the SMISettings settings that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 03/30/2018 +ms.reviewer: +manager: dansimp --- # SMISettings (Windows Configuration Designer reference) @@ -100,7 +102,7 @@ Use ShellLauncher to specify the application or executable to use as the default You can also configure ShellLauncher to launch different shell applications for different users or user groups. ->[!IMPORTANT] +>[!IMPORTANT] >You may specify any executable file to be the default shell except C:\Windows\System32\Eshell.exe. Using Eshell.exe as the default shell will result in a blank screen after a user signs in. > >You cannot use ShellLauncher to launch a Windows app as a custom shell. However, you can use Windows 10 application launcher to launch a Windows app at startup. @@ -108,4 +110,4 @@ You can also configure ShellLauncher to launch different shell applications for ShellLauncher processes the Run and RunOnce registry keys before starting the custom shell, so your custom shell doesn't need to handle the automatic startup of other applications or services. ShellLauncher also handles the behavior of the system when your custom shell exits. You can configure the shell exit behavior if the default behavior does not meet your needs. >[!IMPORTANT] ->A custom shell is launched with the same level of user rights as the account that is signed in. This means that a user with administrator rights can perform any system action that requires administrator rights, including launching other applications with administrator rights, while a user without administrator rights cannot. If your shell application requires administrator rights and needs to be elevated, and User Account Control (UAC) is present on your device, you must disable UAC in order for ShellLauncher to launch the shell application. \ No newline at end of file +>A custom shell is launched with the same level of user rights as the account that is signed in. This means that a user with administrator rights can perform any system action that requires administrator rights, including launching other applications with administrator rights, while a user without administrator rights cannot. If your shell application requires administrator rights and needs to be elevated, and User Account Control (UAC) is present on your device, you must disable UAC in order for ShellLauncher to launch the shell application. diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 904711ae31..bfdff060a4 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -4,11 +4,13 @@ description: This section describes the Start settings that you can configure in ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Start (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 79d6d0234d..b1a5a64f8d 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -4,11 +4,13 @@ description: This section describes the StartupApp settings that you can configu ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # StartupApp (Windows Configuration Designer reference) @@ -21,4 +23,4 @@ Use StartupApp settings to configure the default app that will run on start for | --- | :---: | :---: | :---: | :---: | :---: | | Default | | | | | X | -Enter the [Application User Model ID (AUMID)](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app. \ No newline at end of file +Enter the [Application User Model ID (AUMID)](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app. diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 7288d82979..010fdb922e 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -4,11 +4,13 @@ description: This section describes the StartupBackgroundTasks settings that you ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # StartupBackgroundTasks (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md new file mode 100644 index 0000000000..64f3ae3dc7 --- /dev/null +++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md @@ -0,0 +1,24 @@ +--- +title: StorageD3InModernStandby (Windows 10) +description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: jdeckerMS +ms.localizationpriority: medium +ms.author: jdecker +ms.topic: article +--- + +# StorageD3InModernStandby (Windows Configuration Designer reference) + +Use **StorageD3InModernStandby** to enable or disable low power state (D3) during standby. When this setting is configured to **Enable Storage Device D3**, SATA and NVMe devices will be able to enter the D3 state when the system transits to modern standby state, if they are using a Microsoft inbox driver such as StorAHCI, StorNVMe. + +[Learn more about device power states.](https://docs.microsoft.com/windows-hardware/drivers/kernel/device-power-states) + +## Applies to + +| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | :---: | +| All settings | X | X | X | | X | + diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index 0b2df57999..c7d1a3e433 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -4,11 +4,13 @@ description: This section describes the SurfaceHubManagement settings that you c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # SurfaceHubManagement (Windows Configuration Designer reference) @@ -33,4 +35,4 @@ Enter the group name for the administrators group in Active Directory. ## GroupSid -Enter the SID or the administrators group in Active Directory. \ No newline at end of file +Enter the SID or the administrators group in Active Directory. diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index 436c29160d..f943884cdb 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -4,11 +4,13 @@ description: This section describes the TabletMode settings that you can configu ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # TabletMode (Windows Configuration Designer reference) @@ -27,4 +29,4 @@ Set the default for hardware-based prompts. ## SignInMode -Specify whether users switch to table mode by default after signing in. \ No newline at end of file +Specify whether users switch to table mode by default after signing in. diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index e03db6ddda..4d4cb11374 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -4,11 +4,13 @@ description: This section describes the TakeATest settings that you can configur ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # TakeATest (Windows Configuration Designer reference) @@ -41,9 +43,9 @@ When set to True, students can print in the Take A Test app. Enter the account to use when taking a test. -To specify a domain account, enter **domain\user**. To specify an AAD account, enter **username@tenant.com**. To specify a local account, enter the username. +To specify a domain account, enter **domain\user**. To specify an AAD account, enter username@tenant.com. To specify a local account, enter the username. ## Related topics -- [SecureAssessment configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/secureassessment-csp) \ No newline at end of file +- [SecureAssessment configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/secureassessment-csp) diff --git a/windows/configuration/wcd/wcd-textinput.md b/windows/configuration/wcd/wcd-textinput.md index 505962070a..5054ab08db 100644 --- a/windows/configuration/wcd/wcd-textinput.md +++ b/windows/configuration/wcd/wcd-textinput.md @@ -4,11 +4,13 @@ description: This section describes the TextInput settings that you can configur ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/15/2017 +ms.reviewer: +manager: dansimp --- # TextInput (Windows Configuration Designer reference) @@ -39,7 +41,7 @@ PreEnabledKeyboard must be entered once for each keyboard you want to pre-enable The following table shows the values that you can use for the Locale code.Locale value part of the setting name. ->[!NOTE] +>[!NOTE] >The keyboards for some locales require additional language model files: am-ET, bn-IN, gu-IN, hi-IN, ja-JP, kn-IN, ko-KR, ml-IN, mr-IN, my-MM, or-IN, pa-IN, si-LK, ta-IN, te-IN, zh-TW, zh-CN, and zh-HK. diff --git a/windows/configuration/wcd/wcd-theme.md b/windows/configuration/wcd/wcd-theme.md index 8c35de922d..658b518cfb 100644 --- a/windows/configuration/wcd/wcd-theme.md +++ b/windows/configuration/wcd/wcd-theme.md @@ -4,11 +4,13 @@ description: This section describes the Theme settings that you can configure in ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/06/2017 +ms.reviewer: +manager: dansimp --- # Theme (reference) diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md new file mode 100644 index 0000000000..c0ff2212ce --- /dev/null +++ b/windows/configuration/wcd/wcd-time.md @@ -0,0 +1,36 @@ +--- +title: Time (Windows 10) +description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: jdeckerMS +ms.localizationpriority: medium +ms.author: jdecker +ms.topic: article +--- + +# Time + +Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later. + +## Applies to + +| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | :---: | +| [ProvisionSetTimeZone](#provisionsettimezone) | X | | | | | + +## ProvisionSetTimeZone + +Set to **True** to skip time zone assignment when the first user signs in, in which case the device will remain in its default time zone. For the proper configuration, you should also use **Policies > TimeLanguageSettings > ConfigureTimeZone** to set the default time zone. + +>[!TIP] +>Configuring a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone** accomplishes the same purpose as setting **ProvisionSetTimeZone** to **True**, so you don't need to configure both settings. + +Set to **False** for time zone assignment to occur when the first user signs in. The user will be prompted to select a time zone during first sign-in. + +>[!NOTE] +>Do not set **Time > ProvisionSetTimeZone** to **False** and also set a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone**. + + + diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index 7ca1ec138a..104503cd09 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -4,11 +4,13 @@ description: This section describes the UnifiedWriteFilter settings that you can ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # UnifiedWriteFilter (reference) @@ -23,7 +25,7 @@ UWF intercepts all write attempts to a protected volume and redirects those writ The overlay does not mirror the entire volume, but dynamically grows to keep track of redirected writes. Generally the overlay is stored in system memory, although you can cache a portion of the overlay on a physical volume. ->[!NOTE] +>[!NOTE] >UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume. [Learn more about the Unified Write Filter feature.](https://docs.microsoft.com/windows-hardware/customize/enterprise/unified-write-filter) @@ -74,4 +76,4 @@ Set to **True** to reset UWF settings to the original state that was captured at Enter a drive letter for a volume to be protected by UWF. >[!NOTE] ->In the current OS release, Windows Configuration Designer contains a validation bug. To work around this issue, you must include a ":" after the drive letter when specifying the value for the setting. For example, if you are specifying the C drive, you must set DriveLetter to "C:" instead of just "C". \ No newline at end of file +>In the current OS release, Windows Configuration Designer contains a validation bug. To work around this issue, you must include a ":" after the drive letter when specifying the value for the setting. For example, if you are specifying the C drive, you must set DriveLetter to "C:" instead of just "C". diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 96e4967e7a..be0152d06b 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -4,11 +4,13 @@ description: This section describes the UniversalAppInstall settings that you ca ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # UniversalAppInstall (reference) @@ -91,4 +93,4 @@ Use to specify the license file for the user context app. 1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. Here is an example, `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and click **Add**. -2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file. \ No newline at end of file +2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file. diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 0d99231dba..d31c0c0dec 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -4,11 +4,13 @@ description: This section describes the UniversalAppUninstall settings that you ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/14/2017 +ms.reviewer: +manager: dansimp --- # UniversalAppUninstall (reference) @@ -38,4 +40,4 @@ Use **RemoveProvisionedApp** to remove app packages that are available on the de Use **Uninstall** to remove provisioned apps that have been installed by a user. 1. Enter the PackageFamilyName for the app package, and then click **Add**. -2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**. \ No newline at end of file +2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**. diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index d59c223809..c2ba08ffff 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -4,11 +4,13 @@ description: This section describes the UsbErrorsOEMOverride settings that you c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 09/14/2017 +ms.reviewer: +manager: dansimp --- # UsbErrorsOEMOverride (reference) diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index 19ec5a2ffd..a20822fe41 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -4,11 +4,13 @@ description: This section describes the WeakCharger settings that you can config ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # WeakCharger (reference) diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md index d5455b7f01..e955414622 100644 --- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md +++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md @@ -4,11 +4,13 @@ description: This section describes the Windows Hello for Business settings that ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # WindowsHelloForBusiness (Windows Configuration Designer reference) diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index 038fb15ffa..1f05397e01 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -4,11 +4,13 @@ description: This section describes the WindowsTeamSettings settings that you ca ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # WindowsTeamSettings (reference) @@ -106,4 +108,4 @@ Configures the Operations Management Suite workspace. ## Related topics -- [SurfaceHub configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp) \ No newline at end of file +- [SurfaceHub configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp) diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 1064831115..08f92686be 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -1,14 +1,15 @@ --- title: WLAN (Windows 10) +ms.reviewer: +manager: dansimp description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article -ms.date: 10/02/2018 --- # WLAN (reference) diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index c61d5cc3d3..668f0acaef 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -4,11 +4,13 @@ description: This section describes the Workplace settings that you can configur ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Workplace (reference) diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index c3a9c02907..8719cd6f74 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -4,11 +4,13 @@ description: This section describes the settings that you can configure in provi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: dansimp ms.localizationpriority: medium -ms.author: jdecker +ms.author: dansimp ms.topic: article ms.date: 07/19/2018 +ms.reviewer: +manager: dansimp --- # Windows Configuration Designer provisioning settings (reference) @@ -24,34 +26,34 @@ This section describes the settings that you can configure in [provisioning pack | [ADMXIngestion](wcd-admxingestion.md) | X | | | | | | [AssignedAccess](wcd-assignedaccess.md) | X | | | X | | | [AutomaticTime](wcd-automatictime.md) | | X | | | | -| [Browser](wcd-browser.md) | X | X | X | X | | +| [Browser](wcd-browser.md) | X | X | X | | | | [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | X | | | | | [Calling](wcd-calling.md) | | X | | | | | [CellCore](wcd-cellcore.md) | X | X | | | | | [Cellular](wcd-cellular.md) | X | | | | | | [Certificates](wcd-certificates.md) | X | X | X | X | X | | [CleanPC](wcd-cleanpc.md) | X | | | | | -| [Connections](wcd-connections.md) | X | X | X | X | | +| [Connections](wcd-connections.md) | X | X | X | | | | [ConnectivityProfiles](wcd-connectivityprofiles.md) | X | X | X | X | | -| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | X | | +| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | | | | [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | X | | | | | | [DeveloperSetup](wcd-developersetup.md) | | | | X | | -| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | X | | +| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | | | | [DeviceInfo](wcd-deviceinfo.md) | | X | | | | | [DeviceManagement](wcd-devicemanagement.md) | X | X | X | X | | -| [DMClient](wcd-dmclient.md) | X | X | X | X | X | -| [EditionUpgrade](wcd-editionupgrade.md) | X | X | X | X | | +| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | X | | | | | +| [DMClient](wcd-dmclient.md) | X | X | X | | X | +| [EditionUpgrade](wcd-editionupgrade.md) | X | X | | X | | | [EmbeddedLockdownProfiles](wcd-embeddedlockdownprofiles.md) | | X | | | | | [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | | X | | [FirstExperience](wcd-firstexperience.md) | | | | X | | -| [Folders](wcd-folders.md) |X | X | X | X | | -| [HotSpot](wcd-hotspot.md) | | | | | | +| [Folders](wcd-folders.md) |X | X | X | | | | [InitialSetup](wcd-initialsetup.md) | | X | | | | | [InternetExplorer](wcd-internetexplorer.md) | | X | | | | | [KioskBrowser](wcd-kioskbrowser.md) | | | | | X | | [Licensing](wcd-licensing.md) | X | | | | | | [Location](wcd-location.md) | | | | | X | -| [Maps](wcd-maps.md) |X | X | X | X | | +| [Maps](wcd-maps.md) |X | X | X | | | | [Messaging](wcd-messaging.md) | | X | | | | | [ModemConfigurations](wcd-modemconfigurations.md) | | X | | | | | [Multivariant](wcd-multivariant.md) | | X | | | | @@ -62,26 +64,29 @@ This section describes the settings that you can configure in [provisioning pack | [OtherAssets](wcd-otherassets.md) | | X | | | | | [Personalization](wcd-personalization.md) | X | | | | | | [Policies](wcd-policies.md) | X | X | X | X | X | +| [Privacy](wcd-folders.md) |X | X | X | | X | | [ProvisioningCommands](wcd-provisioningcommands.md) | X | | | | | -[RcsPresence](wcd-rcspresence.md) | | X | | | | +| [RcsPresence](wcd-rcspresence.md) | | X | | | | | [SharedPC](wcd-sharedpc.md) | X | | | | | | [Shell](wcd-shell.md) | | X | | | | | [SMISettings](wcd-smisettings.md) | X | | | | | | [Start](wcd-start.md) | X | X | | | | | [StartupApp](wcd-startupapp.md) | | | | | X | | [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | | X | +| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |X | X | X | | X | | [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | | X | | | -| [TabletMode](wcd-tabletmode.md) |X | X | X | X | | +| [TabletMode](wcd-tabletmode.md) |X | X | X | | | | [TakeATest](wcd-takeatest.md) | X | | | | | | [TextInput](wcd-textinput.md) | | X | | | | | [Theme](wcd-theme.md) | | X | | | | +| [Time](wcd-time.md) | X | | | | | | [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | X | -| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X | -| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | X | X | -| [WeakCharger](wcd-weakcharger.md) |X | X | X | X | | +| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | | X | +| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | | X | +| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | X | X | X | | | +| [WeakCharger](wcd-weakcharger.md) |X | X | X | | | | [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | X | | | | | | [WindowsTeamSettings](wcd-windowsteamsettings.md) | | | X | | | -| [WLAN](wcd-wlan.md) | | | | X | | -| [Workplace](wcd-workplace.md) |X | X | X | X | X | +| [Workplace](wcd-workplace.md) |X | X | X | | X | diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md index 237867c029..8516293eec 100644 --- a/windows/configuration/windows-10-accessibility-for-ITPros.md +++ b/windows/configuration/windows-10-accessibility-for-ITPros.md @@ -5,10 +5,12 @@ keywords: accessibility, settings, vision, hearing, physical, cognition, assisti ms.prod: W10 ms.mktglfcycl: manage ms.sitesec: library -ms.author: jaimeo -author: jaimeo +ms.author: dansimp +author: dansimp ms.localizationpriority: medium ms.date: 01/12/2018 +ms.reviewer: +manager: dansimp ms.topic: reference --- diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 971bd9d558..55ae0af5f2 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -2,12 +2,14 @@ title: Manage Windows 10 Start and taskbar layout (Windows 10) description: Organizations might want to deploy a customized Start and taskbar layout to devices. ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A +ms.reviewer: +manager: dansimp keywords: ["start screen", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 06/19/2018 @@ -66,7 +68,7 @@ The following table lists the different parts of Start and any applicable policy [Learn how to customize and export Start layout](customize-and-export-start-layout.md) - ## Taskbar options + ## Taskbar options Starting in Windows 10, version 1607, you can pin additional apps to the taskbar and remove default pinned apps from the taskbar. You can specify different taskbar configurations based on device locale or region. @@ -75,8 +77,8 @@ There are three categories of apps that might be pinned to a taskbar: * Default Windows apps, pinned during operating system installation (Microsoft Edge, File Explorer, Store) * Apps pinned by the enterprise, such as in an unattended Windows setup - >[!NOTE] - >We recommend using [the layoutmodification.xml method](configure-windows-10-taskbar.md) to configure taskbar options, rather than the earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file. + >[!NOTE] + >We recommend using [the layoutmodification.xml method](configure-windows-10-taskbar.md) to configure taskbar options, rather than the earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file. The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square). diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index b4166fbbf4..fa8b0e3378 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -2,12 +2,14 @@ title: Configure Windows Spotlight on the lock screen (Windows 10) description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen. ms.assetid: 1AEA51FA-A647-4665-AD78-2F3FB27AD46A +ms.reviewer: +manager: dansimp keywords: ["lockscreen"] ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: dansimp +ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.date: 04/30/2018 diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json index 4fb4193ddc..564f47ae8b 100644 --- a/windows/configure/docfx.json +++ b/windows/configure/docfx.json @@ -30,14 +30,15 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-configure" - } - } - }, + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.windows-configure" + } + } + }, "fileMetadata": {}, "template": [], - "dest": "windows-configure" + "dest": "windows-configure", + "markdownEngineName": "markdig" } -} \ No newline at end of file +} diff --git a/windows/deploy/docfx.json b/windows/deploy/docfx.json index 9f1758ca22..e287ca8721 100644 --- a/windows/deploy/docfx.json +++ b/windows/deploy/docfx.json @@ -30,15 +30,16 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-deploy", - "folder_relative_path_in_docset": "./" - } - } - }, + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.windows-deploy", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], - "dest": "windows-deploy" + "dest": "windows-deploy", + "markdownEngineName": "markdig" } } diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index dea2ca7516..2f72d1d3b6 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -4,7 +4,7 @@ ## [What's new in Windows 10 deployment](deploy-whats-new.md) ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) ## [Windows Autopilot](windows-autopilot/windows-autopilot.md) -## [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) +## [Windows 10 Subscription Activation](windows-10-subscription-activation.md) ### [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) ### [Configure VDA for Subscription Activation](vda-subscription-activation.md) ### [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md index eb2c0110b3..243bd3529c 100644 --- a/windows/deployment/Windows-AutoPilot-EULA-note.md +++ b/windows/deployment/Windows-AutoPilot-EULA-note.md @@ -6,8 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy ms.localizationpriority: medium -ms.author: mayam +ms.author: dansimp ms.date: 08/22/2017 +ms.reviewer: +manager: dansimp +author: dansimp ROBOTS: noindex,nofollow ms.topic: article --- @@ -18,4 +21,4 @@ ms.topic: article Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen. -By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors. \ No newline at end of file +By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors. diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md index 0432620ae9..1ff4f931f1 100644 --- a/windows/deployment/add-store-apps-to-image.md +++ b/windows/deployment/add-store-apps-to-image.md @@ -7,9 +7,11 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.author: greglin +author: dansimp +ms.author: dansimp ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md index 0ca5993529..c98396676a 100644 --- a/windows/deployment/change-history-for-deploy-windows-10.md +++ b/windows/deployment/change-history-for-deploy-windows-10.md @@ -2,10 +2,13 @@ title: Change history for Deploy Windows 10 (Windows 10) description: This topic lists new and updated topics in the Deploy Windows 10 documentation for Windows 10 and Windows 10 Mobile. ms.assetid: 19C50373-6B25-4F5C-A6EF-643D36904349 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 11/08/2017 ms.topic: article --- diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index 22b3108f6d..fa15033ea9 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -7,8 +7,11 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: dansimp ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- @@ -187,4 +190,4 @@ See Also #### Concepts -[Windows PE Walkthroughs](https://technet.microsoft.com/library/cc748899.aspx) \ No newline at end of file +[Windows PE Walkthroughs](https://technet.microsoft.com/library/cc748899.aspx) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index afc9f144c2..2a1a8980a6 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -1,5 +1,8 @@ --- title: Deploy Windows 10 Enterprise licenses +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP keywords: upgrade, update, task sequence, deploy ms.prod: w10 @@ -7,19 +10,18 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt -ms.date: 05/25/2018 -author: greg-lindsay +author: dansimp ms.topic: article --- # Deploy Windows 10 Enterprise licenses -This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). +This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). >[!NOTE] ->Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
                                    ->Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
                                    ->Automatic, non-KMS activation requires Windows 10, version 1803 or later on a device with a firmware-embedded activation key.
                                    +>* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. +>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. +>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key. ## Firmware-embedded activation key @@ -35,11 +37,11 @@ If the device has a firmware-embedded activation key, it will be displayed in th If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant: -1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
                                    - a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
                                    - b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
                                    -2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. -3. The admin can now assign subscription licenses to users. +1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license: +2. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 +3. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 +4. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. +5. The admin can now assign subscription licenses to users. >Use the following process if you need to update contact information and retrigger activation in order to resend the activation email: @@ -59,7 +61,7 @@ Also in this article: You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD. -You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. +You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. **Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. @@ -72,6 +74,9 @@ For more information about integrating on-premises AD DS domains with Azure AD, - [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/) - [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) +>[!NOTE] +>If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers. + ## Preparing for deployment: reviewing requirements Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. @@ -151,12 +156,12 @@ Now the device is Azure AD joined to the company’s subscription. ### Step 2: Pro edition activation >[!IMPORTANT] ->If the device is running Windows 10, version 1803 or later, this step is no longer necessary when there is a firmware-embedded activation key on the device. Starting with Windows 10, version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
                                    +>If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. >If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**. Windows 10 Pro activated -
                                    **Figure 7a - Windows 10 Pro activation in Settings**
                                    +Figure 7a - Windows 10 Pro activation in Settings Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only). @@ -176,16 +181,16 @@ You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings &g Windows 10 activated and subscription active -
                                    **Figure 9 - Windows 10 Enterprise subscription in Settings**
                                    +**Figure 9 - Windows 10 Enterprise subscription in Settings** If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. ->[!NOTE] ->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
                                    ->Name: Windows(R), Professional edition
                                    ->Description: Windows(R) Operating System, RETAIL channel
                                    ->Partial Product Key: 3V66T
                                    +>[!NOTE] +>If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following: +>Name: Windows(R), Professional edition +>Description: Windows(R) Operating System, RETAIL channel +>Partial Product Key: 3V66T ## Virtual Desktop Access (VDA) @@ -211,23 +216,20 @@ Use the following figures to help you troubleshoot when users experience these c - [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed. -
                                    Windows 10 not activated and subscription active -
                                    **Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings**
                                    +Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings -
                                    Windows 10 activated and subscription not active -
                                    **Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings**
                                    +Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings -
                                    Windows 10 not activated and subscription not active -
                                    **Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings**
                                    +Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings ### Review requirements on devices diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index b5d8733948..d637b162fe 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -1,5 +1,8 @@ --- title: Deploy Windows 10 with Microsoft 365 +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Concepts about deploying Windows 10 for M365 ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +10,7 @@ ms.sitesec: library ms.pagetype: deploy keywords: deployment, automate, tools, configure, mdt, sccm, M365 ms.localizationpriority: medium -author: greg-lindsay +author: dansimp ms.topic: article ms.collection: M365-modern-desktop --- diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index cf6c780326..53c27e86c3 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -1,5 +1,8 @@ --- title: What's new in Windows 10 deployment +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Changes and new features related to Windows 10 deployment keywords: deployment, automate, tools, configure, news ms.mktglfcycl: deploy @@ -7,7 +10,7 @@ ms.localizationpriority: medium ms.prod: w10 ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: dansimp ms.topic: article --- @@ -25,10 +28,10 @@ This topic provides an overview of new solutions and online content related to d ## Recent additions to this page -[SetupDiag](#setupdiag) 1.4 is released.
                                    -[MDT](#microsoft-deployment-toolkit-mdt) 8456 is released.
                                    +[SetupDiag](#setupdiag) 1.4.1 is released.
                                    +The [Windows ADK for Windows 10, version 1903](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install) is available.
                                    New [Windows Autopilot](#windows-autopilot) content is available.
                                    -The [Microsoft 365](#microsoft-365) section was added. +[Windows 10 Subscription Activation](#windows-10-subscription-activation) now supports Windows 10 Education. ## The Modern Desktop Deployment Center @@ -45,13 +48,22 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic ## Windows 10 servicing and support -Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below. +- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon! +- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. +- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. +- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. +- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. +- **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar. +- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns. +- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions. + +Microsoft previously announced that we are [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below. ![Support lifecycle](images/support-cycle.png) ## Windows 10 Enterprise upgrade -Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md). +Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md). Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features. @@ -62,17 +74,27 @@ For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterpris ### Windows Autopilot -Windows Autopilot streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices. +[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices. -Windows Autopilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user. For more information, see [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md). +The following Windows Autopilot features are available in Windows 10, version 1903 and later: -Recent Autopilot content includes new instructions for CSPs and OEMs on how to [obtain and use customer authorization](windows-autopilot/registration-auth.md) to register Windows Autopilot devices on the customer’s behalf. +- [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users. +- The Intune [enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions​. +- [Cortana voiceover](https://docs.microsoft.com/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs. +- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE. +- Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE. + +### Windows 10 Subscription Activation + +Windows 10 Education support has been added to Windows 10 Subscription Activation. + +With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions – Windows 10 Education. For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation). ### SetupDiag [SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. -SetupDiag version 1.4 was released on 12/18/2018. +SetupDiag version 1.4.1 was released on 5/17/2019. ### Upgrade Readiness diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013.md index 06cc51df9b..e61d686275 100644 --- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013.md @@ -1,5 +1,9 @@ --- title: Assign applications using roles in MDT (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: assign-applications-using-roles-in-mdt --- diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md index c4a97a2f45..8d16fd4b7a 100644 --- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md @@ -2,6 +2,9 @@ title: Assign applications using roles in MDT (Windows 10) description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: settings, database, deploy ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index fd6e5b6207..0903aea0ea 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -2,6 +2,9 @@ title: Build a distributed environment for Windows 10 deployment (Windows 10) description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations. ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: replication, replicate, deploy, configure, remote ms.prod: w10 ms.mktglfcycl: deploy @@ -32,7 +35,7 @@ Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be do **Note**   Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target. -  + ### Linked deployment shares in MDT LDS is a built-in feature in MDT for replicating content. However, LDS works best with strong connections such as LAN connections with low latency. For most WAN links, DFS-R is the better option. @@ -83,70 +86,70 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre ### Configure the deployment share When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property. -1. On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this: +1. On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this: - ``` syntax - [Settings] - Priority=DefaultGateway, Default - [DefaultGateway] - 192.168.1.1=NewYork - 192.168.2.1=Stockholm - [NewYork] - DeployRoot=\\MDT01\MDTProduction$ - [Stockholm] - DeployRoot=\\MDT02\MDTProduction$ - [Default] - UserDomain=CONTOSO - UserID=MDT_BA - SkipBDDWelcome=YES - ``` - **Note**   - The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). -   -2. Save the Bootstrap.ini file. -3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. + ``` syntax + [Settings] + Priority=DefaultGateway, Default + [DefaultGateway] + 192.168.1.1=NewYork + 192.168.2.1=Stockholm + [NewYork] + DeployRoot=\\MDT01\MDTProduction$ + [Stockholm] + DeployRoot=\\MDT02\MDTProduction$ + [Default] + UserDomain=CONTOSO + UserID=MDT_BA + SkipBDDWelcome=YES + ``` + **Note** + The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). + +2. Save the Bootstrap.ini file. +3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. - ![figure 4](../images/mdt-10-fig04.png) + ![figure 4](../images/mdt-10-fig04.png) - Figure 4. Updating the MDT Production deployment share. + Figure 4. Updating the MDT Production deployment share. -4. Use the default settings for the Update Deployment Share Wizard. -5. After the update is complete, use the Windows Deployment Services console. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**. +4. Use the default settings for the Update Deployment Share Wizard. +5. After the update is complete, use the Windows Deployment Services console. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**. - ![figure 5](../images/mdt-10-fig05.png) + ![figure 5](../images/mdt-10-fig05.png) - Figure 5. Replacing the updated boot image in WDS. + Figure 5. Replacing the updated boot image in WDS. -6. Browse and select the **E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings. -## Replicate the content -Once the MDT01 and MDT02 servers are prepared, you are ready to configure the actual replication. -### Create the replication group -1. On MDT01, using DFS Management, right-click **Replication**, and select **New Replication Group**. -2. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**. -3. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**. -4. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**. +6. Browse and select the **E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings. + ## Replicate the content + Once the MDT01 and MDT02 servers are prepared, you are ready to configure the actual replication. + ### Create the replication group +7. On MDT01, using DFS Management, right-click **Replication**, and select **New Replication Group**. +8. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**. +9. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**. +10. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**. ![figure 6](../images/mdt-10-fig06.png) Figure 6. Adding the Replication Group Members. -5. On the **Topology Selection** page, select the **Full mesh** option and click **Next**. -6. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**. -7. On the **Primary Member** page, select **MDT01** and click **Next**. -8. On the **Folders to Replicate** page, click **Add**, type in **E:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**. -9. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**. -10. On the **Edit** page, select the **Enabled** option, type in **E:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**. +11. On the **Topology Selection** page, select the **Full mesh** option and click **Next**. +12. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**. +13. On the **Primary Member** page, select **MDT01** and click **Next**. +14. On the **Folders to Replicate** page, click **Add**, type in **E:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**. +15. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**. +16. On the **Edit** page, select the **Enabled** option, type in **E:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**. ![figure 7](../images/mdt-10-fig07.png) Figure 7. Configure the MDT02 member. -11. On the **Review Settings and Create Replication Group** page, click **Create**. -12. On the **Confirmation** page, click **Close**. -### Configure replicated folders -1. On MDT01, using DFS Management, expand **Replication** and then select **MDTProduction**. -2. In the middle pane, right-click the **MDT01** member and select **Properties**. -3. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**: +17. On the **Review Settings and Create Replication Group** page, click **Create**. +18. On the **Confirmation** page, click **Close**. + ### Configure replicated folders +19. On MDT01, using DFS Management, expand **Replication** and then select **MDTProduction**. +20. In the middle pane, right-click the **MDT01** member and select **Properties**. +21. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**: 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share: @@ -159,14 +162,14 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac Figure 8. Configure the Staging settings. -4. In the middle pane, right-click the **MDT02** member and select **Properties**. -5. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**: +22. In the middle pane, right-click the **MDT02** member and select **Properties**. +23. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**: 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. **Note**   It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. -  + ### Verify replication 1. On MDT02, wait until you start to see content appear in the **E:\\MDTProduction** folder. 2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**. @@ -222,5 +225,5 @@ Now you should have a solution ready for deploying the Windows 10 client to the [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md) [Configure MDT settings](configure-mdt-settings.md) -  -  + + diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts.md index f50d92c65e..ef21fa7bd0 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts.md @@ -1,4 +1,8 @@ --- title: Configure MDT for UserExit scripts (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: configure-mdt-for-userexit-scripts --- diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings.md index 9549517323..c3cabdda10 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings.md @@ -1,5 +1,9 @@ --- title: Configure MDT settings (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: configure-mdt-settings --- diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md index 919c5e4fd8..f778e8cc14 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md @@ -2,6 +2,9 @@ title: Configure MDT deployment share rules (Windows 10) description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: rules, configuration, automate, deploy ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md index d9f5b096b9..7b2a140db5 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md @@ -2,6 +2,9 @@ title: Configure MDT for UserExit scripts (Windows 10) description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: rules, script ms.prod: w10 ms.mktglfcycl: deploy @@ -53,7 +56,7 @@ The first three lines of the script make up a header that all UserExit scripts h **Note**   The purpose of this sample is not to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process. -  + ## Related topics [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md index 95f70b8634..38f3bf9697 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md @@ -2,6 +2,9 @@ title: Configure MDT settings (Windows 10) description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: customize, customization, deploy, features, tools ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md index 5f1c91dbea..9d22117344 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -2,6 +2,9 @@ title: Create a task sequence with Configuration Manager and MDT (Windows 10) description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, upgrade, task sequence, install ms.prod: w10 ms.mktglfcycl: deploy @@ -92,7 +95,7 @@ After you create the task sequence, we recommend that you configure the task seq * OSDPreserveDriveLetter: True - >[!NOTE]   + >[!NOTE] >If you don't change this value, your Windows installation will end up in E:\\Windows. 3. In the **Post Install** group, select **Apply Network Settings**, and configure the Domain OU value to use the **Contoso / Workstations** OU (browse for values). @@ -109,7 +112,7 @@ After you create the task sequence, we recommend that you configure the task seq * Options: Task Sequence Variable: Model equals HP EliteBook 8560w - >[!NOTE]   + >[!NOTE] >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%' ![Driver package options](../images/fig27-driverpackage.png "Driver package options") @@ -150,10 +153,10 @@ After you create the task sequence, we recommend that you configure the task seq 11. Click **OK**. ->[!NOTE]   +>[!NOTE] >The Request State Store and Release State Store actions need to be added for common computer replace scenarios. -  + ## Move the packages diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index f3dd992ad6..3be36db1d6 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -2,6 +2,9 @@ title: Create a Windows 10 reference image (Windows 10) description: Creating a reference image is important because that image serves as the foundation for the devices in your organization. ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, deployment, configure, customize, install, installation ms.prod: w10 ms.mktglfcycl: deploy @@ -23,7 +26,7 @@ For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, an >[!NOTE] >For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof). -  + ![figure 1](../images/mdt-08-fig01.png) Figure 1. The machines used in this topic. @@ -42,14 +45,14 @@ With Windows 10, there is no hard requirement to create reference images; howev ### Create the MDT build lab deployment share -- On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**. -- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. -- Use the following settings for the New Deployment Share Wizard: -- Deployment share path: E:\\MDTBuildLab -- Share name: MDTBuildLab$ -- Deployment share description: MDT Build Lab -- <default> -- Verify that you can access the \\\\MDT01\\MDTBuildLab$ share. +- On MDT01, log on as Administrator in the CONTOSO domain using a password of P@ssw0rd. +- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. +- Use the following settings for the New Deployment Share Wizard: +- Deployment share path: E:\\MDTBuildLab +- Share name: MDTBuildLab$ +- Deployment share description: MDT Build Lab +- <default> +- Verify that you can access the \\\\MDT01\\MDTBuildLab$ share. ![figure 2](../images/mdt-08-fig02.png) @@ -77,9 +80,9 @@ This section will show you how to populate the MDT deployment share with the Win MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft. ->[!NOTE]   +>[!NOTE] >Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM. -  + ### Add Windows 10 Enterprise x64 (full source) In these steps we assume that you have copied the content of a Windows 10 Enterprise x64 ISO to the **E:\\Downloads\\Windows 10 Enterprise x64** folder. @@ -117,9 +120,9 @@ By storing configuration items as MDT applications, it is easy to move these obj In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell. ->[!NOTE]   +>[!NOTE] >All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). -  + ### Create the install: Microsoft Office Professional Plus 2013 x86 You can customize Office 2013. In the volume license versions of Office 2013, there is an Office Customization Tool you can use to customize the Office installation. In these steps we assume you have copied the Office 2013 installation files to the E:\\Downloads\\Office2013 folder. @@ -135,9 +138,9 @@ You also can customize the Office installation using a Config.xml file. But we r Figure 5. The Install - Microsoft Office 2013 Pro Plus - x86 application properties. - >[!NOTE]  + >[!NOTE] >If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft. -   + 3. In the Office Customization Tool dialog box, select the Create a new Setup customization file for the following product option, select the Microsoft Office Professional Plus 2013 (32-bit) product, and click OK. 4. Use the following settings to configure the Office 2013 setup to be fully unattended: 1. Install location and organization name @@ -157,9 +160,9 @@ You also can customize the Office installation using a Config.xml file. But we r - In the **Microsoft Office 2013** node, expand **Privacy**, select **Trust Center**, and enable the Disable Opt-in Wizard on first run setting. 5. From the **File** menu, select **Save**, and save the configuration as 0\_Office2013ProPlusx86.msp in the **E:\\MDTBuildLab\\Applications\\Install - Microsoft Office 2013 Pro Plus - x86\\Updates** folder. - >[!NOTE]  + >[!NOTE] >The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates, and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates. -   + 6. Close the Office Customization Tool, click Yes in the dialog box, and in the **Install - Microsoft Office 2013 Pro Plus - x86 Properties** window, click **OK**. ### Connect to the deployment share using Windows PowerShell @@ -321,14 +324,14 @@ The steps below walk you through the process of editing the Windows 10 referenc 1. State Restore. Enable the Windows Update (Pre-Application Installation) action. **Note**   Enable an action by going to the Options tab and clearing the Disable this step check box. -   + 2. State Restore. Enable the Windows Update (Post-Application Installation) action. 3. State Restore. Enable the Windows Update (Post-Application Installation) action. State Restore. After the **Tattoo** action, add a new **Group** action with the following setting: - Name: Custom Tasks (Pre-Windows Update) 4. State Restore. After Windows Update (Post-Application Installation) action, rename Custom Tasks to Custom Tasks (Post-Windows Update). **Note**   The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating. -   + 5. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings: 1. Name: Install - Microsoft NET Framework 3.5.1 2. Select the operating system for which roles are to be installed: Windows 10 @@ -336,7 +339,7 @@ The steps below walk you through the process of editing the Windows 10 referenc >[!IMPORTANT] >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed. -   + ![figure 7](../images/fig8-cust-tasks.png) Figure 7. The task sequence after creating the Custom Tasks (Pre-Windows Update) group and adding the Install - Microsoft NET Framework 3.5.1 action. @@ -376,9 +379,9 @@ When using MDT, you don't need to edit the Unattend.xml file very often because >[!WARNING] >Do not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used. ->[!NOTE]   +>[!NOTE] >You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you are adding packages via Unattend.xml, it is version specific, so Unattend.xml must match the exact version of the operating system you are servicing. -  + Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence: 1. Using the Deployment Workbench, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**. @@ -457,9 +460,9 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which Figure 12. The boot image rules for the MDT Build Lab deployment share. - >[!NOTE]   + >[!NOTE] >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation. -   + 4. In the **Windows PE** tab, in the **Platform** drop-down list, select **x86**. 5. In the **Lite Touch Boot Image Settings** area, configure the following settings: 1. Image description: MDT Build Lab x86 @@ -470,9 +473,9 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which 2. ISO file name: MDT Build Lab x64.iso 8. Click **OK**. ->[!NOTE]   +>[!NOTE] >In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface). -  + ### Update the deployment share @@ -481,9 +484,9 @@ After the deployment share has been configured, it needs to be updated. This is 1. Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Update Deployment Share**. 2. Use the default options for the Update Deployment Share Wizard. ->[!NOTE]   +>[!NOTE] >The update process will take 5 to 10 minutes. -  + ### The rules explained Now that the MDT Build Lab deployment share (the share used to create the reference images) has been configured, it is time to explain the various settings used in the Bootstrap.ini and CustomSettings.ini files. @@ -492,9 +495,9 @@ The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini The CustomSettings.ini file is normally stored on the server, in the Deployment share\\Control folder, but also can be stored on the media (when using offline media). ->[!NOTE]   +>[!NOTE] >The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section. -  + ### The Bootstrap.ini file The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the E:\\MDTBuildLab\\Control folder on MDT01. @@ -515,14 +518,14 @@ So, what are these settings? - **DeployRoot.** This is the location of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location. - **UserDomain, UserID, and UserPassword.** These values are used for automatic log on to the deployment share. Again, if they are not specified, the wizard prompts you. - >[!WARNING]   + >[!WARNING] >Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic. -   + - **SkipBDDWelcome.** Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard. ->[!NOTE]   +>[!NOTE] >All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values. -  + ### The CustomSettings.ini file The CustomSettings.ini file, whose content you see on the Rules tab of the deployment share Properties dialog box, contains most of the properties used in the configuration. @@ -569,7 +572,7 @@ SkipFinalSummary=YES **Note**   The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names. -   + - **JoinWorkgroup.** Configures Windows to join a workgroup. - **HideShell.** Hides the Windows Shell during deployment. This is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles. - **FinishAction.** Instructs MDT what to do when the task sequence is complete. @@ -600,7 +603,7 @@ This steps below outline the process used to boot a virtual machine using an ISO **Note**   Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image. -   + 2. Create a virtual machine with the following settings: 1. Name: REFW10X64-001 2. Location: C:\\VMs @@ -612,7 +615,7 @@ This steps below outline the process used to boot a virtual machine using an ISO **Note**   Taking a snapshot is useful if you need to restart the process and want to make sure you can start clean. -   + 4. Start the REFW10X64-001 virtual machine. After booting into Windows PE, complete the Windows Deployment Wizard using the following settings: 1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image 2. Specify whether to capture an image: Capture an image of this reference computer diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index da352844e5..723fe97573 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -2,6 +2,9 @@ title: Deploy a Windows 10 image using MDT (Windows 10) description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deployment, automate, tools, configure ms.prod: w10 ms.mktglfcycl: deploy @@ -28,38 +31,38 @@ Figure 1. The machines used in this topic. >[!NOTE] >For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md). -  + ## Step 1: Configure Active Directory permissions These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory. -1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**. -2. Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings: - 1. Name: MDT\_JD - 2. User logon name: MDT\_JD - 3. Password: P@ssw0rd - 4. User must change password at next logon: Clear - 5. User cannot change password: Select - 6. Password never expires: Select -3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press **Enter** after each command: - ```powershell - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force - Set-Location C:\Setup\Scripts - .\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" - ``` -4. The Set-OUPermissions.ps1 script allows the MDT\_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted: - 1. Scope: This object and all descendant objects - 1. Create Computer objects - 2. Delete Computer objects - 2. Scope: Descendant Computer objects - 1. Read All Properties - 2. Write All Properties - 3. Read Permissions - 4. Modify Permissions - 5. Change Password - 6. Reset Password - 7. Validated write to DNS host name - 8. Validated write to service principal name +1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**. +2. Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings: + 1. Name: MDT\_JD + 2. User logon name: MDT\_JD + 3. Password: P@ssw0rd + 4. User must change password at next logon: Clear + 5. User cannot change password: Select + 6. Password never expires: Select +3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press **Enter** after each command: + ```powershell + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force + Set-Location C:\Setup\Scripts + .\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" + ``` +4. The Set-OUPermissions.ps1 script allows the MDT\_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted: + 1. Scope: This object and all descendant objects + 1. Create Computer objects + 2. Delete Computer objects + 2. Scope: Descendant Computer objects + 1. Read All Properties + 2. Write All Properties + 3. Read Permissions + 4. Modify Permissions + 5. Change Password + 6. Reset Password + 7. Validated write to DNS host name + 8. Validated write to service principal name ## Step 2: Set up the MDT production deployment share @@ -69,13 +72,13 @@ When you are ready to deploy Windows 10 in a production environment, you will f ### Create the MDT production deployment share The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image: -1. On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd.** -2. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. -3. On the **Path** page, in the **Deployment share path** text box, type **E:\\MDTProduction** and click **Next**. -4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**. -5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**. -6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**. -7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share. +1. On MDT01, log on as Administrator in the CONTOSO domain using a password of P@ssw0rd. +2. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. +3. On the **Path** page, in the **Deployment share path** text box, type **E:\\MDTProduction** and click **Next**. +4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**. +5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**. +6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**. +7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share. ## Step 3: Add a custom image @@ -92,9 +95,9 @@ In these steps, we assume that you have completed the steps in the [Create a Win 6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**. 7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to match the following: **Windows 10 Enterprise x64 RTM Custom Image**. ->[!NOTE]   +>[!NOTE] >The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image. -  + ![figure 2](../images/fig2-importedos.png) @@ -131,7 +134,7 @@ For boot images, you need to have storage and network drivers; for the operating >[!NOTE] >You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time. -  + ### Create the driver source structure in the file system The key to successful management of drivers for MDT, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use. @@ -153,7 +156,7 @@ The key to successful management of drivers for MDT, as well as for any other de >[!NOTE] >Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use. -  + ### Create the logical driver structure in MDT When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This is done by creating logical folders in the Deployment Workbench. @@ -263,36 +266,36 @@ This section will show you how to create the task sequence used to deploy your p ### Create a task sequence for Windows 10 Enterprise -1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**. -2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - 1. Task sequence ID: W10-X64-001 - 2. Task sequence name: Windows 10 Enterprise x64 RTM Custom Image - 3. Task sequence comments: Production Image - 4. Template: Standard Client Task Sequence - 5. Select OS: Windows 10 Enterprise x64 RTM Custom Image - 6. Specify Product Key: Do not specify a product key at this time - 7. Full Name: Contoso - 8. Organization: Contoso - 9. Internet Explorer home page: about:blank - 10. Admin Password: Do not specify an Administrator Password at this time -### Edit the Windows 10 task sequence +1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**. +2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: + 1. Task sequence ID: W10-X64-001 + 2. Task sequence name: Windows 10 Enterprise x64 RTM Custom Image + 3. Task sequence comments: Production Image + 4. Template: Standard Client Task Sequence + 5. Select OS: Windows 10 Enterprise x64 RTM Custom Image + 6. Specify Product Key: Do not specify a product key at this time + 7. Full Name: Contoso + 8. Organization: Contoso + 9. Internet Explorer home page: about:blank + 10. Admin Password: Do not specify an Administrator Password at this time + ### Edit the Windows 10 task sequence -1. Right-click the **Windows 10 Enterprise x64 RTM Custom Image** task sequence, and select **Properties**. -2. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings: - 1. Preinstall. After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings: - 1. Name: Set DriverGroup001 - 2. Task Sequence Variable: DriverGroup001 - 3. Value: Windows 10 x64\\%Make%\\%Model% - 2. Configure the **Inject Drivers** action with the following settings: - 1. Choose a selection profile: Nothing - 2. Install all drivers from the selection profile +3. Right-click the **Windows 10 Enterprise x64 RTM Custom Image** task sequence, and select **Properties**. +4. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings: + 1. Preinstall. After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings: + 1. Name: Set DriverGroup001 + 2. Task Sequence Variable: DriverGroup001 + 3. Value: Windows 10 x64\\%Make%\\%Model% + 2. Configure the **Inject Drivers** action with the following settings: + 1. Choose a selection profile: Nothing + 2. Install all drivers from the selection profile - >[!NOTE]   - >The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting. -   - 3. State Restore. Enable the **Windows Update (Pre-Application Installation)** action. - 4. State Restore. Enable the **Windows Update (Post-Application Installation)** action. -3. Click **OK**. + >[!NOTE] + >The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting. + + 3. State Restore. Enable the **Windows Update (Pre-Application Installation)** action. + 4. State Restore. Enable the **Windows Update (Post-Application Installation)** action. +5. Click **OK**. ![figure 6](../images/fig6-taskseq.png) @@ -304,81 +307,81 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh ### Configure the rules -1. On MDT01, using File Explorer, copy the following files from the **D:\\Setup\\Sample Files\\MDT Production\\Control** folder to **E:\\MDTProduction\\Control**. Overwrite the existing files. - 1. Bootstrap.ini - 2. CustomSettings.ini -2. Right-click the **MDT Production** deployment share and select **Properties**. -3. Select the **Rules** tab and modify using the following information: +1. On MDT01, using File Explorer, copy the following files from the **D:\\Setup\\Sample Files\\MDT Production\\Control** folder to **E:\\MDTProduction\\Control**. Overwrite the existing files. + 1. Bootstrap.ini + 2. CustomSettings.ini +2. Right-click the **MDT Production** deployment share and select **Properties**. +3. Select the **Rules** tab and modify using the following information: - ``` syntax - [Settings] - Priority=Default - [Default] - _SMSTSORGNAME=Contoso - OSInstall=YES - UserDataLocation=AUTO - TimeZoneName=Pacific Standard Time - AdminPassword=P@ssw0rd - JoinDomain=contoso.com - DomainAdmin=CONTOSO\MDT_JD - DomainAdminPassword=P@ssw0rd - MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com - SLShare=\\MDT01\Logs$ - ScanStateArgs=/ue:*\* /ui:CONTOSO\* - USMTMigFiles001=MigApp.xml - USMTMigFiles002=MigUser.xml - HideShell=YES - ApplyGPOPack=NO - WSUSServer=mdt01.contoso.com:8530 - SkipAppsOnUpgrade=NO - SkipAdminPassword=YES - SkipProductKey=YES - SkipComputerName=NO - SkipDomainMembership=YES - SkipUserData=YES - SkipLocaleSelection=YES - SkipTaskSequence=NO - SkipTimeZone=YES - SkipApplications=NO - SkipBitLocker=YES - SkipSummary=YES - SkipCapture=YES - SkipFinalSummary=NO - ``` -4. Click **Edit Bootstrap.ini** and modify using the following information: + ``` syntax + [Settings] + Priority=Default + [Default] + _SMSTSORGNAME=Contoso + OSInstall=YES + UserDataLocation=AUTO + TimeZoneName=Pacific Standard Time + AdminPassword=P@ssw0rd + JoinDomain=contoso.com + DomainAdmin=CONTOSO\MDT_JD + DomainAdminPassword=P@ssw0rd + MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com + SLShare=\\MDT01\Logs$ + ScanStateArgs=/ue:*\* /ui:CONTOSO\* + USMTMigFiles001=MigApp.xml + USMTMigFiles002=MigUser.xml + HideShell=YES + ApplyGPOPack=NO + WSUSServer=mdt01.contoso.com:8530 + SkipAppsOnUpgrade=NO + SkipAdminPassword=YES + SkipProductKey=YES + SkipComputerName=NO + SkipDomainMembership=YES + SkipUserData=YES + SkipLocaleSelection=YES + SkipTaskSequence=NO + SkipTimeZone=YES + SkipApplications=NO + SkipBitLocker=YES + SkipSummary=YES + SkipCapture=YES + SkipFinalSummary=NO + ``` +4. Click **Edit Bootstrap.ini** and modify using the following information: - ``` syntax - [Settings] - Priority=Default - [Default] - DeployRoot=\\MDT01\MDTProduction$ - UserDomain=CONTOSO - UserID=MDT_BA - SkipBDDWelcome=YES - ``` -5. In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected. -6. In the **General** sub tab, configure the following settings: - - In the **Lite Touch Boot Image Settings** area: - 1. Image description: MDT Production x86 - 2. ISO file name: MDT Production x86.iso + ``` syntax + [Settings] + Priority=Default + [Default] + DeployRoot=\\MDT01\MDTProduction$ + UserDomain=CONTOSO + UserID=MDT_BA + SkipBDDWelcome=YES + ``` +5. In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected. +6. In the **General** sub tab, configure the following settings: + - In the **Lite Touch Boot Image Settings** area: + 1. Image description: MDT Production x86 + 2. ISO file name: MDT Production x86.iso - >[!NOTE] - - >Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests. -   -7. In the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option. -8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**. -9. In the **General** sub tab, configure the following settings: - - In the **Lite Touch Boot Image Settings** area: - 1. Image description: MDT Production x64 - 2. ISO file name: MDT Production x64.iso + > [!NOTE] + > + > Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests. + +7. In the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option. +8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**. +9. In the **General** sub tab, configure the following settings: + - In the **Lite Touch Boot Image Settings** area: + 1. Image description: MDT Production x64 + 2. ISO file name: MDT Production x64.iso 10. In the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option. 11. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box. 12. Click **OK**. >[!NOTE] >It will take a while for the Deployment Workbench to create the monitoring database and web service. -  + ![figure 8](../images/mdt-07-fig08.png) @@ -457,24 +460,24 @@ troubleshoot MDT deployments, as well as troubleshoot Windows itself. ### Add DaRT 10 to the boot images If you have licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you do not have DaRT licensing, or don't want to use it, simply skip to the next section, [Update the Deployment Share](#bkmk-update-deployment). To enable the remote connection feature in MDT, you need to do the following: -- Install DaRT 10 (part of MDOP 2015 R1). -- Copy the two tools CAB files (Toolsx86.cab and Toolsx64.cab) to the deployment share. -- Configure the deployment share to add DaRT. -In these steps, we assume that you downloaded MDOP 2015 R1 and copied DaRT 10 to the E:\\Setup\\DaRT 10 folder on MDT01. -1. On MDT01, install DaRT 10 (MSDaRT10.msi) using the default settings. -2. Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder. -3. Copy the Toolsx64.cab file to **E:\\MDTProduction\\Tools\\x64**. -4. Copy the Toolsx86.cab file to **E:\\MDTProduction\\Tools\\x86**. -5. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**. -6. In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected. -7. In the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. +- Install DaRT 10 (part of MDOP 2015 R1). +- Copy the two tools CAB files (Toolsx86.cab and Toolsx64.cab) to the deployment share. +- Configure the deployment share to add DaRT. + In these steps, we assume that you downloaded MDOP 2015 R1 and copied DaRT 10 to the E:\\Setup\\DaRT 10 folder on MDT01. +- On MDT01, install DaRT 10 (MSDaRT10.msi) using the default settings. +- Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder. +- Copy the Toolsx64.cab file to **E:\\MDTProduction\\Tools\\x64**. +- Copy the Toolsx86.cab file to **E:\\MDTProduction\\Tools\\x86**. +- Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**. +- In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected. +- In the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. - ![figure 8](../images/mdt-07-fig09.png) + ![figure 8](../images/mdt-07-fig09.png) - Figure 8. Selecting the DaRT 10 feature in the deployment share. + Figure 8. Selecting the DaRT 10 feature in the deployment share. -8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**. -9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. +8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**. +9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. 10. Click **OK**. ### Update the deployment share @@ -485,7 +488,7 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee >[!NOTE] >The update process will take 5 to 10 minutes. -  + ## Step 8: Deploy the Windows 10 client image These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process. @@ -595,7 +598,7 @@ In these steps, you generate offline media from the MDT Production deployment sh >[!NOTE] >When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media. -   + 2. Using Deployment Workbench, in the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**. 3. Use the following settings for the New Media Wizard: - General Settings diff --git a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md index 75625ec3e8..71bb24a17b 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md @@ -2,6 +2,9 @@ title: Deploy Windows 10 with the Microsoft Deployment Toolkit (Windows 10) description: This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, tools, configure, script ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md index 8e259f076a..66bc91fb19 100644 --- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md @@ -2,6 +2,9 @@ title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10) description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment. ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, image, feature, install, tools ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013.md b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013.md index 8ca7faeb78..60f05428e8 100644 --- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013.md @@ -1,4 +1,8 @@ --- title: Integrate Configuration Manager with MDT 2013 Update 2 (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: integrate-configuration-manager-with-mdt --- diff --git a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md index 3e90951027..8c27e07eb1 100644 --- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md @@ -2,6 +2,9 @@ title: Integrate Configuration Manager with MDT (Windows 10) description: This topic will help you understand the benefits of integrating the Microsoft Deployment Toolkit with Microsoft System Center 2012 R2 Configuration Manager SP1 when you deploy a new or updated version of the Windows operating system. ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.pagetype: mdt keywords: deploy, image, customize, task sequence ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013.md b/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013.md index d62060296d..691db21017 100644 --- a/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013.md @@ -1,4 +1,8 @@ --- title: Key features in MDT 2013 Update 2 (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: key-features-in-mdt ---- \ No newline at end of file +--- diff --git a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md index 0adb1acff2..0874e8bd17 100644 --- a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md @@ -2,6 +2,9 @@ title: Key features in MDT (Windows 10) description: The Microsoft Deployment Toolkit (MDT) has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, feature, tools, upgrade, migrate, provisioning ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components.md b/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components.md index 5afed1bb8b..760abd5455 100644 --- a/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components.md +++ b/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components.md @@ -1,4 +1,8 @@ --- title: MDT 2013 Update 2 Lite Touch components (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: mdt-lite-touch-components ---- \ No newline at end of file +--- diff --git a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md index 7ca3716ae3..88d3f8935b 100644 --- a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md +++ b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md @@ -2,6 +2,9 @@ title: MDT Lite Touch components (Windows 10) description: This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) that support Lite Touch Installation (LTI) for Windows 10. ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, install, deployment, boot, log, monitor ms.prod: w10 ms.mktglfcycl: deploy @@ -81,7 +84,7 @@ MDT comes with nine default task sequence templates. You can also create your ow **Note**   It is preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture cannot. -   + - **Standard Client task sequence.** The most frequently used task sequence. Used for creating reference images and for deploying clients in production. - **Standard Client Replace task sequence.** Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned. - **Custom task sequence.** As the name implies, a custom task sequence with only one default action (one Install Application action). @@ -107,7 +110,7 @@ MDT uses many log files during operating system deployments. By default the logs **Note**   The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). -  + ## Monitoring On the deployment share, you also can enable monitoring. After you enable monitoring, you will see all running deployments in the Monitor node in the Deployment Workbench. diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013.md index 600b8e9783..e4648b07a1 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013.md @@ -1,4 +1,8 @@ --- title: Prepare for deployment with MDT 2013 Update 2 (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: prepare-for-windows-deployment-with-mdt --- diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index de0cd33bf5..477b2b3911 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -2,6 +2,9 @@ title: Prepare for deployment with MDT (Windows 10) description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT). ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, system requirements ms.prod: w10 ms.mktglfcycl: deploy @@ -40,22 +43,22 @@ MDT requires the following components: ## Install Windows ADK for Windows 10 These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder. -1. On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**. -2. Start the **ADK Setup** (E:\\Downloads\\ADK\\adksetup.exe), and on the first wizard page, click **Continue**. -3. On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings: - 1. Deployment Tools - 2. Windows Preinstallation Environment (Windows PE) - 3. User State Migration Tool (USMT) +1. On MDT01, log on as Administrator in the CONTOSO domain using a password of P@ssw0rd. +2. Start the **ADK Setup** (E:\\Downloads\\ADK\\adksetup.exe), and on the first wizard page, click **Continue**. +3. On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings: + 1. Deployment Tools + 2. Windows Preinstallation Environment (Windows PE) + 3. User State Migration Tool (USMT) - >[!IMPORTANT] - >Starting with Windows 10, version 1809, Windows PE is released separately from the ADK. See [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) for more information. + >[!IMPORTANT] + >Starting with Windows 10, version 1809, Windows PE is released separately from the ADK. See [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) for more information. ## Install MDT These steps assume that you have downloaded [MDT](https://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT folder on MDT01. -1. On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**. -2. Install **MDT** (E:\\Downloads\\MDT\\MicrosoftDeploymentToolkit\_x64.msi) with the default settings. +1. On MDT01, log on as Administrator in the CONTOSO domain using a password of P@ssw0rd. +2. Install **MDT** (E:\\Downloads\\MDT\\MicrosoftDeploymentToolkit\_x64.msi) with the default settings. ## Create the OU structure diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md index 30700e0e1d..e6185525fe 100644 --- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md @@ -2,6 +2,9 @@ title: Refresh a Windows 7 computer with Windows 10 (Windows 10) description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process. ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: reinstallation, customize, template, script, restore ms.prod: w10 ms.mktglfcycl: deploy @@ -43,9 +46,9 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data. ->[!NOTE]  +>[!NOTE] >In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file will contain the entire volume from the computer, and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire machine is not a supported scenario. -  + ### Multi-user migration By default, ScanState in USMT backs up all profiles on the machine, including local computer profiles. If you have a machine that has been in your environment for a while, it likely has several domain-based profiles on it, including those of former users. You can limit which profiles are backed up @@ -53,9 +56,9 @@ by configuring command-line switches to ScanState (added as rules in MDT). As an example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: ScanStateArgs=/ue:\*\\\* /ui:CONTOSO\\\* ->[!NOTE]  +>[!NOTE] >You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days. -  + ### Support for additional settings In addition to the command-line switches that control which profiles to migrate, the XML templates control exactly what data is being migrated. You can control data within and outside the user profiles @@ -88,28 +91,28 @@ In order to use the custom MigContosoData.xml USMT template, you need to copy it After adding the additional USMT template and configuring the CustomSettings.ini file to use it, you are now ready to refresh a Windows 7 SP1 client to Windows 10. In these steps, we assume you have a Windows 7 SP1 client named PC0001 in your environment that is ready for a refresh to Windows 10. ->[!NOTE]    +>[!NOTE] >MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117). -  + ### Upgrade (refresh) a Windows 7 SP1 client -1. On PC0001, log on as **CONTOSO\\Administrator**. Start the Lite Touch Deploy Wizard by executing **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**. Complete the deployment guide using the following settings: +1. On PC0001, log on as **CONTOSO\\Administrator**. Start the Lite Touch Deploy Wizard by executing **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**. Complete the deployment guide using the following settings: - * Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM - * Computer name: <default> - * Specify where to save a complete computer backup: Do not back up the existing computer - >[!NOTE] - >Skip this optional full WIM backup. The USMT backup will still run. -   -2. Select one or more applications to install: Install - Adobe Reader XI - x86 + * Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM + * Computer name: <default> + * Specify where to save a complete computer backup: Do not back up the existing computer + >[!NOTE] + >Skip this optional full WIM backup. The USMT backup will still run. + +2. Select one or more applications to install: Install - Adobe Reader XI - x86 -3. The setup now starts and does the following: +3. The setup now starts and does the following: - * Backs up user settings and data using USMT. - * Installs the Windows 10 Enterprise x64 operating system. - * Installs the added application(s). - * Updates the operating system via your local Windows Server Update Services (WSUS) server. - * Restores user settings and data using USMT. + * Backs up user settings and data using USMT. + * Installs the Windows 10 Enterprise x64 operating system. + * Installs the added application(s). + * Updates the operating system via your local Windows Server Update Services (WSUS) server. + * Restores user settings and data using USMT. ![Start the computer refresh from the running Windows 7 client](../images/fig2-taskseq.png "Start the computer refresh from the running Windows 7 client") diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md index a43389b68b..c25fd36599 100644 --- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -2,6 +2,9 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10) description: A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer. ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, deployment, replace ms.prod: w10 ms.mktglfcycl: deploy @@ -37,31 +40,31 @@ When preparing for the computer replace, you need to create a folder in which to ### Create and share the MigData folder -1. On MDT01, log on as **CONTOSO\\Administrator**. +1. On MDT01, log on as **CONTOSO\\Administrator**. -2. Create and share the **E:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt: - ``` syntax - New-Item -Path E:\MigData -ItemType directory - New-SmbShare ?Name MigData$ ?Path E:\MigData - -ChangeAccess EVERYONE - icacls E:\MigData /grant '"MDT_BA":(OI)(CI)(M)' - ``` -### Create a backup only (replace) task sequence +2. Create and share the **E:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt: + ``` syntax + New-Item -Path E:\MigData -ItemType directory + New-SmbShare ?Name MigData$ ?Path E:\MigData + -ChangeAccess EVERYONE + icacls E:\MigData /grant '"MDT_BA":(OI)(CI)(M)' + ``` + ### Create a backup only (replace) task sequence -1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node and create a new folder named **Other**. +3. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node and create a new folder named **Other**. -2. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: +4. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - * Task sequence ID: REPLACE-001 - * Task sequence name: Backup Only Task Sequence - * Task sequence comments: Run USMT to backup user data and settings - * Template: Standard Client Replace Task Sequence + * Task sequence ID: REPLACE-001 + * Task sequence name: Backup Only Task Sequence + * Task sequence comments: Run USMT to backup user data and settings + * Template: Standard Client Replace Task Sequence -3. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions. +5. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions. - ![The Backup Only Task Sequence action list](../images/mdt-03-fig02.png "The Backup Only Task Sequence action list") + ![The Backup Only Task Sequence action list](../images/mdt-03-fig02.png "The Backup Only Task Sequence action list") - Figure 2. The Backup Only Task Sequence action list. + Figure 2. The Backup Only Task Sequence action list. ## Perform the computer replace @@ -85,9 +88,9 @@ During a computer replace, these are the high-level steps that occur: * Specify where to save your data and settings: Specify a location * Location: \\\\MDT01\\MigData$\\PC0002 - >[!NOTE]   + >[!NOTE] >If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead. -   + 2. Specify where to save a complete computer backup: Do not back up the existing computer 3. Password: P@ssw0rd diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker.md index 1e417fd432..acff894776 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker.md @@ -1,5 +1,9 @@ --- title: Set up MDT for BitLocker (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: set-up-mdt-for-bitlocker --- diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index 933f240e24..cca2fc6ff4 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -1,6 +1,9 @@ --- title: Set up MDT for BitLocker (Windows 10) ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 +ms.reviewer: +manager: laurawi +ms.author: greglin description: keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 @@ -28,7 +31,7 @@ To configure your environment for BitLocker, you will need to do the following: >[!NOTE] >Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker. -  + For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof). ## Configure Active Directory for BitLocker @@ -37,7 +40,7 @@ To enable BitLocker to store the recovery key and TPM information in Active Dire >[!NOTE] >Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory. -  + In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information. ![figure 2](../images/mdt-09-fig02.png) @@ -81,7 +84,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor >[!NOTE] >If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using. -  + ### Set permissions in Active Directory for BitLocker In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01. @@ -139,7 +142,7 @@ When configuring a task sequence to run any BitLocker tool, either directly or u - **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf. **Note**   It is common for organizations wrapping these tools in scripts to get additional logging and error handling. -   + - **Restart computer.** Self-explanatory, reboots the computer. - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time. - **Enable BitLocker.** Runs the built-in action to activate BitLocker. diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md index 2d75e10a78..81847807c4 100644 --- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -2,6 +2,9 @@ title: Simulate a Windows 10 deployment in a test environment (Windows 10) description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, script ms.prod: w10 ms.mktglfcycl: deploy @@ -18,23 +21,23 @@ ms.topic: article This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined machine (client or server). In the following example, you use the PC0001 Windows 10 client. For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery. -1. On PC0001, log on as **CONTOSO\\Administrator** using the password **P@ssw0rd**. -2. Using Computer Management, add the **CONTOSO\\MDT\_BA** user account to the local **Administrators** group. -3. Log off, and then log on to PC0001 as **CONTOSO\\MDT\_BA**. -4. Using File Explorer, create a folder named **C:\\MDT**. -5. Copy the downloaded Gather.ps1 script to the **C:\\MDT** folder. -6. From the **\\\\MDT01\\MDTProduction$\\Scripts** folder, copy the following files to **C:\\MDT**: - 1. ZTIDataAccess.vbs - 2. ZTIGather.wsf - 3. ZTIGather.xml - 4. ZTIUtility.vbs -7. From the **\\\\MDT01\\MDTProduction$\\Control** folder, copy the CustomSettings.ini file to **C:\\MDT**. -8. In the **C:\\MDT** folder, create a subfolder named **X64**. -9. From the **\\\\MDT01\\MDTProduction$\\Tools\\X64** folder, copy the Microsoft.BDD.Utility.dll file to **C:\\MDT\\X64**. +1. On PC0001, log on as **CONTOSO\\Administrator** using the password P@ssw0rd. +2. Using Computer Management, add the **CONTOSO\\MDT\_BA** user account to the local **Administrators** group. +3. Log off, and then log on to PC0001 as **CONTOSO\\MDT\_BA**. +4. Using File Explorer, create a folder named **C:\\MDT**. +5. Copy the downloaded Gather.ps1 script to the **C:\\MDT** folder. +6. From the **\\\\MDT01\\MDTProduction$\\Scripts** folder, copy the following files to **C:\\MDT**: + 1. ZTIDataAccess.vbs + 2. ZTIGather.wsf + 3. ZTIGather.xml + 4. ZTIUtility.vbs +7. From the **\\\\MDT01\\MDTProduction$\\Control** folder, copy the CustomSettings.ini file to **C:\\MDT**. +8. In the **C:\\MDT** folder, create a subfolder named **X64**. +9. From the **\\\\MDT01\\MDTProduction$\\Tools\\X64** folder, copy the Microsoft.BDD.Utility.dll file to **C:\\MDT\\X64**. - ![figure 6](../images/mdt-09-fig06.png) + ![figure 6](../images/mdt-09-fig06.png) - Figure 6. The C:\\MDT folder with the files added for the simulation environment. + Figure 6. The C:\\MDT folder with the files added for the simulation environment. 10. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press Enter after each command: ``` syntax @@ -42,9 +45,9 @@ For the purposes of this topic, you already will have either downloaded and inst .\Gather.ps1 ``` 11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder. -**Note**   -Warnings or errors with regard to the Wizard.hta are expected. If the log file looks okay, you are ready to try a real deployment. -  + **Note** + Warnings or errors with regard to the Wizard.hta are expected. If the log file looks okay, you are ready to try a real deployment. + ![figure 7](../images/mdt-09-fig07.png) @@ -64,4 +67,4 @@ Figure 7. The ZTIGather.log file from PC0001, displaying some of its hardware ca [Use web services in MDT](use-web-services-in-mdt.md) -[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) \ No newline at end of file +[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013.md index e7e0a319ae..8d41fdebf7 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013.md @@ -1,4 +1,8 @@ --- title: Use Orchestrator runbooks with MDT (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: use-orchestrator-runbooks-with-mdt --- diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index a6563c1a8e..6a0ecfb6b6 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -2,6 +2,9 @@ title: Use Orchestrator runbooks with MDT (Windows 10) description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: web services, database ms.prod: w10 ms.mktglfcycl: deploy @@ -20,7 +23,7 @@ MDT can integrate with System Center 2012 R2 Orchestrator, which is a component **Note**   If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. -  + ## Orchestrator terminology Before diving into the core details, here is a quick course in Orchestrator terminology: @@ -34,39 +37,39 @@ Before diving into the core details, here is a quick course in Orchestrator term **Note**   To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). -  + ## Create a sample runbook This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. -1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). -2. In the **E:\\Logfile** folder, create the DeployLog.txt file. - **Note**   - Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. -   - ![figure 23](../images/mdt-09-fig23.png) +1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). +2. In the **E:\\Logfile** folder, create the DeployLog.txt file. + **Note** + Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. + + ![figure 23](../images/mdt-09-fig23.png) - Figure 23. The DeployLog.txt file. + Figure 23. The DeployLog.txt file. -3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. +3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. - ![figure 24](../images/mdt-09-fig24.png) + ![figure 24](../images/mdt-09-fig24.png) - Figure 24. Folder created in the Runbooks node. + Figure 24. Folder created in the Runbooks node. -4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. -5. On the ribbon bar, click **Check Out**. -6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. -7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: - 1. Runbook Control / Initialize Data - 2. Text File Management / Append Line -8. Connect **Initialize Data** to **Append Line**. +4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. +5. On the ribbon bar, click **Check Out**. +6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. +7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: + 1. Runbook Control / Initialize Data + 2. Text File Management / Append Line +8. Connect **Initialize Data** to **Append Line**. - ![figure 25](../images/mdt-09-fig25.png) + ![figure 25](../images/mdt-09-fig25.png) - Figure 25. Activities added and connected. + Figure 25. Activities added and connected. -9. Right-click the **Initialize Data** activity, and select **Properties** +9. Right-click the **Initialize Data** activity, and select **Properties** 10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. ![figure 26](../images/mdt-09-fig26.png) @@ -97,14 +100,14 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O Figure 29. The expanded text box after all subscriptions have been added. 19. On the **Append Line Properties** page, click **Finish**. -## Test the demo MDT runbook -After the runbook is created, you are ready to test it. -1. On the ribbon bar, click **Runbook Tester**. -2. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: + ## Test the demo MDT runbook + After the runbook is created, you are ready to test it. +20. On the ribbon bar, click **Runbook Tester**. +21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: - OSDComputerName: PC0010 -3. Verify that all activities are green (for additional information, see each target). -4. Close the **Runbook Tester**. -5. On the ribbon bar, click **Check In**. +22. Verify that all activities are green (for additional information, see each target). +23. Close the **Runbook Tester**. +24. On the ribbon bar, click **Check In**. ![figure 30](../images/mdt-09-fig30.png) @@ -139,7 +142,7 @@ Figure 31. The ready-made task sequence. Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. **Note**   Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). -  + 1. On PC0001, log on as **CONTOSO\\MDT\_BA**. 2. Using an elevated command prompt (run as Administrator), type the following command: diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index a2f2212ae8..0b373621dc 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -2,6 +2,9 @@ title: Use the MDT database to stage Windows 10 deployment information (Windows 10) description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.pagetype: mdt keywords: database, permissions, settings, configure, deploy ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013.md index 6d885294e6..9dd0e6b171 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013.md @@ -1,6 +1,10 @@ --- title: Use web services in MDT (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay redirect_url: use-web-services-in-mdt --- -  \ No newline at end of file +  diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md index b4302392b5..7b720cee45 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md @@ -2,6 +2,9 @@ title: Use web services in MDT (Windows 10) description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, web apps ms.prod: w10 ms.mktglfcycl: deploy @@ -89,28 +92,28 @@ Figure 20. The result from the MDT Sample web service. After verifying the web service using Internet Explorer, you are ready to do the same test in the MDT simulation environment. -1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following: - ``` syntax - [Settings] - Priority=Default, GetComputerName - [Default] - OSInstall=YES - [GetComputerName] - WebService=http://mdt01/MDTSample/mdtsample.asmx/GetComputerName - Parameters=Model,SerialNumber - OSDComputerName=string - ``` - ![figure 21](../images/mdt-09-fig21.png) +1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following: + ``` syntax + [Settings] + Priority=Default, GetComputerName + [Default] + OSInstall=YES + [GetComputerName] + WebService=http://mdt01/MDTSample/mdtsample.asmx/GetComputerName + Parameters=Model,SerialNumber + OSDComputerName=string + ``` + ![figure 21](../images/mdt-09-fig21.png) - Figure 21. The updated CustomSettings.ini file. + Figure 21. The updated CustomSettings.ini file. -2. Save the CustomSettings.ini file. -3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command: - ``` syntax - Set-Location C:\MDT - .\Gather.ps1 - ``` -4. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder. +2. Save the CustomSettings.ini file. +3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command: + ``` syntax + Set-Location C:\MDT + .\Gather.ps1 + ``` +4. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder. ![figure 22](../images/mdt-09-fig22.png) @@ -131,4 +134,4 @@ Figure 22. The OSDCOMPUTERNAME value obtained from the web service. [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) -  \ No newline at end of file + diff --git a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md index 9935a8a53c..aa97df75c5 100644 --- a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md @@ -2,13 +2,15 @@ title: Add a Windows 10 operating system image using Configuration Manager (Windows 10) description: Operating system images are typically the production image used for deployment throughout the organization. ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: image, deploy, distribute ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -70,4 +72,4 @@ For the purposes of this topic, we will use CM01, a machine running Windows Serv [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) \ No newline at end of file +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index 8fc86605a3..ef1532183f 100644 --- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -2,12 +2,15 @@ title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10) description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, task sequence ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy ms.sitesec: library -author: mtniehaus +author: greg-lindsay ms.date: 07/27/2017 ms.topic: article --- @@ -46,9 +49,9 @@ This section will show you how to import some network and storage drivers for Wi *Figure 21. Add drivers to Windows PE* ->[!NOTE]   +>[!NOTE] >The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. -  + ## Add drivers for Windows 10 @@ -71,13 +74,13 @@ This section illustrates how to add drivers for Windows 10 through an example in * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w - >[!NOTE]   + >[!NOTE] >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. -   + 5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. - >[!NOTE]   + >[!NOTE] >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created") @@ -104,4 +107,4 @@ This section illustrates how to add drivers for Windows 10 through an example in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) \ No newline at end of file +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index e5da6f79dd..3da7e0fa95 100644 --- a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -2,13 +2,15 @@ title: Create a custom Windows PE boot image with Configuration Manager (Windows 10) description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: tool, customize, deploy, boot image ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -112,4 +114,4 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g   -  \ No newline at end of file +  diff --git a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 96d8d3f119..5b71404c87 100644 --- a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -2,13 +2,15 @@ title: Create an application to deploy with Windows 10 using Configuration Manager (Windows 10) description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process. ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deployment, task sequence, custom, customize ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -27,7 +29,7 @@ Microsoft System Center 2012 R2 Configuration Manager supports deploying applica For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). ->[!NOTE]   +>[!NOTE] >Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications. ## Example: Create the Adobe Reader XI application @@ -95,9 +97,9 @@ The following steps show you how to create the Adobe Reader XI application. This [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -  + -  + diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md index d06a6f7dc7..0f7e602594 100644 --- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -2,13 +2,15 @@ title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10) description: In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences. ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deployment, image, UEFI, task sequence ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md index 936611965a..697bd065c4 100644 --- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md @@ -2,13 +2,15 @@ title: Deploy Windows 10 with System Center 2012 R2 Configuration Manager (Windows 10) description: If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deployment, custom, boot ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index 5765cc0355..8c02f0d5df 100644 --- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -2,13 +2,15 @@ title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10) description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence. ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: configure, deploy, upgrade ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -68,36 +70,36 @@ To support additional server-side logging in Configuration Manager, you create a This section will show you how to configure the rules (the Windows 10 x64 Settings package) to support the Contoso environment. -1. On CM01, using File Explorer, navigate to the **E:\\Sources\\OSD\\Settings\\Windows 10 x64 Settings** folder. +1. On CM01, using File Explorer, navigate to the **E:\\Sources\\OSD\\Settings\\Windows 10 x64 Settings** folder. -2. Using Notepad, edit the CustomSetting.ini file with the following settings: +2. Using Notepad, edit the CustomSetting.ini file with the following settings: - ``` syntax - [Settings] - Priority=Default - Properties=OSDMigrateConfigFiles,OSDMigrateMode - [Default] - DoCapture=NO - ComputerBackupLocation=NONE - MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com - OSDMigrateMode=Advanced - OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\* - OSDMigrateConfigFiles=Miguser.xml,Migapp.xml - SLSHARE=\\CM01\Logs$ - EventService=http://CM01:9800 - ApplyGPOPack=NO - ``` + ``` syntax + [Settings] + Priority=Default + Properties=OSDMigrateConfigFiles,OSDMigrateMode + [Default] + DoCapture=NO + ComputerBackupLocation=NONE + MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com + OSDMigrateMode=Advanced + OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\* + OSDMigrateConfigFiles=Miguser.xml,Migapp.xml + SLSHARE=\\CM01\Logs$ + EventService=http://CM01:9800 + ApplyGPOPack=NO + ``` - ![Settings package during deployment](../images/fig30-settingspack.png) + ![Settings package during deployment](../images/fig30-settingspack.png) - *Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment* + *Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment* -3. Update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. +3. Update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. - >[!NOTE]   - >Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes. + >[!NOTE] + >Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes. -  + ## Distribute content to the CM01 distribution portal @@ -115,27 +117,27 @@ In Configuration Manager, you can distribute all packages needed by a task seque This sections provides steps to help you create a deployment for the task sequence. -1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. +1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. -2. On the **General** page, select the **All Unknown Computers** collection and click **Next**. +2. On the **General** page, select the **All Unknown Computers** collection and click **Next**. -3. On the **Deployment Settings** page, use the following settings and then click **Next**: +3. On the **Deployment Settings** page, use the following settings and then click **Next**: - * Purpose: Available + * Purpose: Available - * Make available to the following: Only media and PXE + * Make available to the following: Only media and PXE - ![Configure the deployment settings](../images/mdt-06-fig33.png) + ![Configure the deployment settings](../images/mdt-06-fig33.png) - *Figure 28. Configure the deployment settings* + *Figure 28. Configure the deployment settings* -4. On the **Scheduling** page, accept the default settings and click **Next**. +4. On the **Scheduling** page, accept the default settings and click **Next**. -5. On the **User Experience** page, accept the default settings and click **Next**. +5. On the **User Experience** page, accept the default settings and click **Next**. -6. On the **Alerts** page, accept the default settings and click **Next**. +6. On the **Alerts** page, accept the default settings and click **Next**. -7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**. +7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**. ![Task sequence deployed](../images/fig32-deploywiz.png) @@ -148,17 +150,17 @@ You can have Configuration Manager prompt you for a computer name or you can use This section provides steps to help you configure the All Unknown Computers collection to have Configuration Manager prompt for computer names. -1. Using the Configuration Manager Console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**. +1. Using the Configuration Manager Console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**. -2. In the **Collection Variables** tab, create a new variable with the following settings: +2. In the **Collection Variables** tab, create a new variable with the following settings: - * Name: OSDComputerName + * Name: OSDComputerName - * Clear the **Do not display this value in the Configuration Manager console** check box. + * Clear the **Do not display this value in the Configuration Manager console** check box. -3. Click **OK**. +3. Click **OK**. - >[!NOTE]   + >[!NOTE] >Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard. ![Configure a collection variable](../images/mdt-06-fig35.png) @@ -188,4 +190,4 @@ This section provides steps to help you configure the All Unknown Computers coll [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -  \ No newline at end of file + diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md index b0878d4298..5b6ebe684b 100644 --- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md @@ -2,13 +2,15 @@ title: Monitor the Windows 10 deployment with Configuration Manager (Windows 10) description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, upgrade ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index 05a4969529..0fe4963038 100644 --- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -2,13 +2,15 @@ title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10) description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE). ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: install, configure, deploy, deployment ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -84,51 +86,51 @@ Figure 6. The Configuration Manager service accounts used for operating system d In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. -1. On DC01, log on as Administrator in the CONTOSO domain using the password **P@ssw0rd**. +1. On DC01, log on as Administrator in the CONTOSO domain using the password P@ssw0rd. -2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command: +2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command: - ``` syntax - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force + ``` syntax + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force - Set-Location C:\Setup\Scripts + Set-Location C:\Setup\Scripts - .\Set-OUPermissions.ps1 -Account CM_JD - -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" - ``` + .\Set-OUPermissions.ps1 -Account CM_JD + -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" + ``` -3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted: +3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted: - * Scope: This object and all descendant objects + * Scope: This object and all descendant objects - * Create Computer objects + * Create Computer objects - * Delete Computer objects + * Delete Computer objects - * Scope: Descendant Computer objects + * Scope: Descendant Computer objects - * Read All Properties + * Read All Properties - * Write All Properties + * Write All Properties - * Read Permissions + * Read Permissions - * Modify Permissions + * Modify Permissions - * Change Password + * Change Password - * Reset Password + * Reset Password - * Validated write to DNS host name + * Validated write to DNS host name - * Validated write to service principal name + * Validated write to service principal name ## Review the Sources folder structure To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01): ->[!NOTE]   +>[!NOTE] >In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server. - E:\\Sources @@ -162,19 +164,19 @@ Figure 7. The E:\\Sources\\OSD folder structure. To extend the Configuration Manager console with MDT wizards and templates, you install MDT in the default location and run the integration setup. In these steps, we assume you have downloaded MDT to the C:\\Setup\\MDT2013 folder on CM01. -1. On CM01, log on as Administrator in the CONTOSO domain using the password **P@ssw0rd**. +1. On CM01, log on as Administrator in the CONTOSO domain using the password P@ssw0rd. -2. Make sure the Configuration Manager Console is closed before continuing. +2. Make sure the Configuration Manager Console is closed before continuing. -3. Using File Explorer, navigate to the **C:\\Setup\\MDT** folder. +3. Using File Explorer, navigate to the **C:\\Setup\\MDT** folder. -4. Run the MDT setup (MicrosoftDeploymentToolkit2013\_x64.msi), and use the default options in the setup wizard. +4. Run the MDT setup (MicrosoftDeploymentToolkit2013\_x64.msi), and use the default options in the setup wizard. -5. From the Start screen, run Configure ConfigManager Integration with the following settings: +5. From the Start screen, run Configure ConfigManager Integration with the following settings: - * Site Server Name: CM01.contoso.com + * Site Server Name: CM01.contoso.com - * Site code: PS1 + * Site code: PS1 ![figure 8](../images/mdt-06-fig08.png) @@ -272,9 +274,9 @@ Configuration Manager has many options for starting a deployment, but starting v [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -  + -  + diff --git a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 1585e2bf48..7ad506f3c0 100644 --- a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -2,13 +2,15 @@ title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10) description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: upgrade, install, installation, computer refresh ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -68,10 +70,10 @@ In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with 2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection. - >[!NOTE]  + >[!NOTE] >It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership. -  + ## Create a new deployment @@ -88,10 +90,10 @@ Using the Configuration Manager console, in the Software Library workspace, sele - Make available to the following: Configuration Manager clients, media and PXE - >[!NOTE]   + >[!NOTE] >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point. -   + - Scheduling @@ -116,7 +118,7 @@ Now you can start the computer refresh on PC0003. 1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**. - >[!NOTE]   + >[!NOTE] >The Client Notification feature is new in Configuration Manager. 2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**. @@ -142,4 +144,4 @@ Now you can start the computer refresh on PC0003. [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) \ No newline at end of file +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index 93e54633fa..49c73693ae 100644 --- a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -2,13 +2,15 @@ title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10) description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager. ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: upgrade, install, installation, replace computer, setup ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -32,31 +34,31 @@ In this topic, you will create a backup-only task sequence that you run on PC000 ## Create a replace task sequence -1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**. +1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**. -2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and click **Next**. +2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and click **Next**. -3. On the **General** page, assign the following settings and click **Next**: +3. On the **General** page, assign the following settings and click **Next**: - * Task sequence name: Replace Task Sequence + * Task sequence name: Replace Task Sequence - * Task sequence comments: USMT backup only + * Task sequence comments: USMT backup only -4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**. +4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**. -5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then click **Next**. +5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then click **Next**. -6. On the **USMT Package** page, browse and select the O**SD / Microsoft Corporation User State Migration Tool for Windows 8 10.0.10240.16384** package. Then click **Next**. +6. On the **USMT Package** page, browse and select the O**SD / Microsoft Corporation User State Migration Tool for Windows 8 10.0.10240.16384** package. Then click **Next**. -7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then click **Next**. +7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then click **Next**. -8. On the **Summary** page, review the details and then click **Next**. +8. On the **Summary** page, review the details and then click **Next**. -9. On the **Confirmation** page, click **Finish**. +9. On the **Confirmation** page, click **Finish**. 10. Review the Replace Task Sequence. ->[!NOTE] ->This task sequence has many fewer actions than the normal client task sequence. If it doesn't seem different, make sure you selected the Client Replace Task Sequence template when creating the task sequence. + >[!NOTE] + >This task sequence has many fewer actions than the normal client task sequence. If it doesn't seem different, make sure you selected the Client Replace Task Sequence template when creating the task sequence. ![The back-up only task sequence](../images/mdt-06-fig42.png "The back-up only task sequence") @@ -166,7 +168,7 @@ This section assumes that you have a machine named PC0004 with the Configuration 2. In the **Actions** tab, select the **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and click **OK**. - >[!NOTE]   + >[!NOTE] >You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md). 3. Using the Software Center, select the **Replace Task Sequence** deployment and click **INSTALL**. @@ -179,10 +181,10 @@ This section assumes that you have a machine named PC0004 with the Configuration 7. Using the Configuration Manager console, in the Asset and Compliance workspace, select the **User State Migration** node, right-click the **PC0004/PC0006** association, and select **View Recovery Information**. Note that the object now also has a user state store location. - >[!NOTE]   + >[!NOTE] >It may take a few minutes for the user state store location to be populated. -  + ## Deploy the new computer @@ -228,9 +230,9 @@ When the process is complete, you will have a new Windows 10 machine in your dom [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) -  + -  + diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 2942c63221..9709d05788 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -2,13 +2,15 @@ title: Deploy Windows To Go in your organization (Windows 10) description: This topic helps you to deploy Windows To Go in your organization. ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: deployment, USB, device, BitLocker, workspace, security, data ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobility -author: mtniehaus -ms.date: 04/19/2017 +author: dansimp ms.topic: article --- @@ -17,12 +19,12 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. ->[!NOTE] ->This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](https://go.microsoft.com/fwlink/p/?linkid=230693). +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. ## Deployment tips @@ -34,7 +36,7 @@ The following is a list of items that you should be aware of before you start th * When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive. -- System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=619148). +* System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=619148). * If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive. @@ -51,8 +53,8 @@ Completing these steps will give you a generic Windows To Go drive that can be d In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](https://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools. ->[!WARNING]   ->The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education. +>[!WARNING] +>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education. #### To create a Windows To Go workspace with the Windows To Go Creator Wizard @@ -60,21 +62,21 @@ In this step we are creating the operating system image that will be used on the 2. Insert the USB drive that you want to use as your Windows To Go drive into your PC. -3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments. +3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments. - >[!NOTE]   + >[!NOTE] >For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](https://go.microsoft.com/fwlink/p/?LinkId=619151). 4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens. 5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.** -6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**. +6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**. 7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions. r - >[!WARNING]   + >[!WARNING] >If you plan to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated. If you choose to encrypt the Windows To Go drive now: @@ -82,13 +84,15 @@ r - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters. - >[!IMPORTANT]   - >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](https://go.microsoft.com/fwlink/p/?LinkId=619157).   +~~~ + >[!IMPORTANT] + >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](https://go.microsoft.com/fwlink/p/?LinkId=619157). +~~~ 8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process. - >[!WARNING]   - >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.   + >[!WARNING] + >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased. 9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer. @@ -96,7 +100,7 @@ Your Windows To Go workspace is now ready to be started. You can now [prepare a #### Windows PowerShell equivalent commands -The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. This procedure can only be used on PCs that are running Windows 10. Before starting, ensure that only the USB drive that you want to provision as a Windows To Go drive is connected to the PC. +The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. This procedure can only be used on PCs that are running Windows 10. Before starting, ensure that only the USB drive that you want to provision as a Windows To Go drive is connected to the PC. 1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**. @@ -138,7 +142,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as 3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM): - >[!TIP]   + >[!TIP] >The index number must be set correctly to a valid Enterprise image in the .WIM file. ``` syntax @@ -149,9 +153,11 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as 4. Now use the [bcdboot](https://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step: - ``` syntax - W:\Windows\System32\bcdboot W:\Windows /f ALL /s S: - ``` +~~~ +``` syntax +W:\Windows\System32\bcdboot W:\Windows /f ALL /s S: +``` +~~~ 5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step: @@ -219,7 +225,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as After the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\) - >[!IMPORTANT]   + >[!IMPORTANT] >Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used. If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC. @@ -230,21 +236,21 @@ Your Windows To Go workspace is now ready to be started. You can now [prepare a ### To prepare a host computer -Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace. +Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace. ->[!TIP]   ->If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer. +>[!TIP] +>If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer. If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer. -To set the Windows To Go Startup options for host computers running Windows 10: +To set the Windows To Go Startup options for host computers running Windows 10: 1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**. 2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB -For host computers running Windows 8 or Windows 8.1: +For host computers running Windows 8 or Windows 8.1: 1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**. @@ -281,7 +287,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i **Prerequisites for remote access scenario** -- A domain-joined computer running Windows 8 or later and is configured as a Windows To Go host computer +- A domain-joined computer running Windows 8 or later and is configured as a Windows To Go host computer - A Windows To Go drive that hasn’t been booted or joined to the domain using unattend settings. @@ -297,7 +303,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i djoin /provision /domain /machine /certtemplate /policynames /savefile /reuse ``` - >[!NOTE]   + >[!NOTE] >The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](https://go.microsoft.com/fwlink/p/?LinkId=619171). 2. Insert the Windows To Go drive. @@ -343,66 +349,68 @@ Making sure that Windows To Go workspaces are effective when used off premises i 5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM): - >[!TIP]   - >The index number must be set correctly to a valid Enterprise image in the .WIM file. +~~~ +>[!TIP] +>The index number must be set correctly to a valid Enterprise image in the .WIM file. - ``` syntax - #The WIM file must contain a sysprep generalized image. - dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ - ``` +``` syntax +#The WIM file must contain a sysprep generalized image. +dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ +``` +~~~ -6. After those commands have completed, run the following command: +6. After those commands have completed, run the following command: - ``` syntax - djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows - ``` + ``` syntax + djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows + ``` -7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172): +7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172): - ``` syntax - - - - - true - - true - 1 - Work - - + ``` syntax + + + - true - - true - 1 - Work + processorArchitecture="x86" + publicKeyToken="31bf3856ad364e35" language="neutral" + versionScope="nonSxS" + xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + true + + true + 1 + Work - - - - ``` + + + true + + true + 1 + Work + + + + + ``` -8. Safely remove the Windows To Go drive. +8. Safely remove the Windows To Go drive. -9. From a host computer, either on or off premises, start the computer and boot the Windows To Go workspace. +9. From a host computer, either on or off premises, start the computer and boot the Windows To Go workspace. - * If on premises using a host computer with a direct network connection, sign on using your domain credentials. + * If on premises using a host computer with a direct network connection, sign on using your domain credentials. - * If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials. + * If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials. - >[!NOTE]   - >Depending on your DirectAccess configuration you might be asked to insert your smart card to log on to the domain. + >[!NOTE] + >Depending on your DirectAccess configuration you might be asked to insert your smart card to log on to the domain. You should now be able to access your organization’s network resources and work from your Windows To Go workspace as you would normally work from your standard desktop computer on premises. @@ -414,7 +422,7 @@ Enabling BitLocker on your Windows To Go drive will help ensure that your data i * A Windows To Go drive that can be successfully provisioned. -* A computer running Windows 8 configured as a Windows To Go host computer +* A computer running Windows 8 configured as a Windows To Go host computer * Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary: @@ -436,12 +444,12 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot - If BitLocker protection is enabled during provisioning, the BitLocker recovery keys will be stored under the computer account of the computer used for provisioning the drives. If backing up recovery keys to AD DS is not used, the recovery keys will need to be printed or saved to a file for each drive. The IT administrator must track which keys were assigned to which Windows To Go drive. -- **Warning**   +- **Warning** If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS is not used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place. #### To enable BitLocker during provisioning -1. Start the host computer that is running Windows 8. +1. Start the host computer that is running Windows 8. 2. Insert your Windows To Go drive. @@ -449,7 +457,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot 4. Provision the Windows To Go drive using the following cmdlets: - >[!NOTE]   + >[!NOTE] >If you used the [manual method for creating a workspace](https://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step. ``` syntax @@ -488,7 +496,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM): - >[!TIP]   + >[!TIP] >The index number must be set correctly to a valid Enterprise image in the .WIM file. ``` syntax @@ -520,15 +528,15 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot Enable-BitLocker W: -PasswordProtector $spwd ``` - >[!WARNING]   + >[!WARNING] >To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background. 8. Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten. - >[!WARNING]   + >[!WARNING] >If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key. - If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker).  + If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker). 9. Safely remove the Windows To Go drive. @@ -553,7 +561,7 @@ The Windows To Go drives are now ready to be distributed to users and are protec 4. Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option. ->[!NOTE]   +>[!NOTE] >If you have not configured the Group Policy setting **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup** to specify **Allow BitLocker without a compatible TPM** you will not be able to enable BitLocker from within the Windows To Go workspace. ### Advanced deployment sample script @@ -584,12 +592,12 @@ The sample script creates an unattend file that streamlines the deployment proce The RemoteSigned execution policy will prevent unsigned scripts from the internet from running on the computer, but will allow locally created scripts to run. For more information on execution policies, see [Set-ExecutionPolicy](https://go.microsoft.com/fwlink/p/?LinkId=619175). - >[!TIP]   - >To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing <cmdlet-name> with the name of the cmdlet you want to see the help for: - - >`Get-Help -Online` - - >This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser. + > [!TIP] + > To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing <cmdlet-name> with the name of the cmdlet you want to see the help for: + > + > `Get-Help -Online` + > + > This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser. #### Windows To Go multiple drive provisioning sample script @@ -992,9 +1000,9 @@ In the PowerShell provisioning script, after the image has been applied, you can [BitLocker overview](https://go.microsoft.com/fwlink/p/?LinkId=619173) -  - -  + + + diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 64125f287f..636f9020ad 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -2,12 +2,15 @@ title: Deploy Windows 10 (Windows 10) description: Deploying Windows 10 for IT professionals. ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.date: 11/06/2018 -author: greg-lindsay +author: dansimp ms.topic: article --- diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json index c44cab89c5..af5362ff55 100644 --- a/windows/deployment/docfx.json +++ b/windows/deployment/docfx.json @@ -21,7 +21,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -32,24 +32,24 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.author": "greglin", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-development", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "ms.author": "greglin", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-development", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], "dest": "win-development", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/windows/deployment/images/UR-Azureportal3.PNG b/windows/deployment/images/UR-Azureportal3.PNG index 6fae2e1738..6645ba95ce 100644 Binary files a/windows/deployment/images/UR-Azureportal3.PNG and b/windows/deployment/images/UR-Azureportal3.PNG differ diff --git a/windows/deployment/images/after.png b/windows/deployment/images/after.png new file mode 100644 index 0000000000..1e446f7cf5 Binary files /dev/null and b/windows/deployment/images/after.png differ diff --git a/windows/deployment/images/before.png b/windows/deployment/images/before.png new file mode 100644 index 0000000000..1a50878670 Binary files /dev/null and b/windows/deployment/images/before.png differ diff --git a/windows/deployment/images/ent.png b/windows/deployment/images/ent.png new file mode 100644 index 0000000000..e9d571ed15 Binary files /dev/null and b/windows/deployment/images/ent.png differ diff --git a/windows/deployment/images/wada.png b/windows/deployment/images/wada.png deleted file mode 100644 index 1c715e8f0e..0000000000 Binary files a/windows/deployment/images/wada.png and /dev/null differ diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 70c6a4d641..f0a3add5e9 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: dansimp ms.date: 02/13/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.localizationpriority: medium ms.topic: article --- @@ -15,7 +18,7 @@ ms.topic: article # MBR2GPT.EXE **Applies to** -- Windows 10 +- Windows 10 ## Summary @@ -59,7 +62,7 @@ If any of these checks fails, the conversion will not proceed and an error will ## Syntax -
                                    MBR2GPT /validate|convert [/disk:\] [/logs:\] [/map:\=\] [/allowFullOS] +
                                    MBR2GPT /validate|convert [/disk:<diskNumber>] [/logs:<logDirectory>] [/map:<source>=<destination>] [/allowFullOS]
                                    ### Options @@ -217,7 +220,6 @@ Offset in Bytes: 524288000 Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D Windows NTFS Partition 58 GB Healthy - ``` ## Specifications @@ -267,7 +269,7 @@ For more information about partition types, see: - [MBR partition types](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) -### Persisting drive letter assignments +### Persisting drive letter assignments The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. @@ -335,7 +337,6 @@ Where: - Allows the tool to be used from the full Windows environment. By default, this tool can only be used from the Windows Preinstallation Environment. - ``` ### Return codes diff --git a/windows/deployment/planning/TOC.md b/windows/deployment/planning/TOC.md index 0e2810b1b7..0496ee97d5 100644 --- a/windows/deployment/planning/TOC.md +++ b/windows/deployment/planning/TOC.md @@ -5,10 +5,11 @@ ## [Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) ## Features removed or planned for replacement +### [Windows 10, version 1903](windows-10-1903-removed-features.md) ### [Windows 10, version 1809](windows-10-1809-removed-features.md) ### [Windows 10, version 1803](windows-10-1803-removed-features.md) -### [Windows 10, version 1709](windows-10-fall-creators-deprecation.md) -### [Windows 10, version 1703](windows-10-creators-update-deprecation.md) +### [Windows 10, version 1709](windows-10-1709-removed-features.md) +### [Windows 10, version 1703](windows-10-1703-removed-features.md) ## [Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) ### [SUA User's Guide](sua-users-guide.md) diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md index d73dc16060..b7cf573864 100644 --- a/windows/deployment/planning/act-technical-reference.md +++ b/windows/deployment/planning/act-technical-reference.md @@ -2,11 +2,14 @@ title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10) description: The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. ms.assetid: d90d38b2-2718-4481-90eb-4480719627ba +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: jdeckerms +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md index 065c803658..0c31595cdb 100644 --- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md +++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md @@ -2,11 +2,14 @@ title: Applying Filters to Data in the SUA Tool (Windows 10) description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md index c83ee71cbf..95a3a6925a 100644 --- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md +++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Available Data Types and Operators in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases. ms.assetid: 67d9c03e-ab9d-4fda-8a55-8c5b90266d3b +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -16,12 +19,12 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 The Compatibility Administrator tool provides a way to query your custom-compatibility databases. @@ -133,7 +136,7 @@ The following table shows the attributes you can use for querying your customize -  + ## Available Operators @@ -197,11 +200,10 @@ The following table shows the operators that you can use for querying your custo

                                    A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.

                                    Left-hand operand. MATCHFILE_NAME, MODE_NAME, FIX_NAME

                                    -Note   -

                                    Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.

                                    +Note

                                    Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.

                                    -  +

                                    Right-hand operand. String

                                    1

                                    @@ -221,14 +223,14 @@ The following table shows the operators that you can use for querying your custo -  + ## Related topics [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) -  - -  + + + diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md index aece2d16f5..1e5afb9a80 100644 --- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md +++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md @@ -2,13 +2,15 @@ title: Best practice recommendations for Windows To Go (Windows 10) description: Best practice recommendations for Windows To Go ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: best practices, USB, device, boot ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: mobility ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,18 +21,16 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + The following are the best practice recommendations for using Windows To Go: - Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive. - - Do not insert the Windows To Go drive into a running computer. - - Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer. - - If available, use a USB 3.0 port with Windows To Go. - - Do not install non-Microsoft core USB drivers on Windows To Go. - - Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection. Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain. @@ -38,15 +38,11 @@ Additionally, we recommend that when you plan your deployment you should also pl ## More information -[Windows To Go: feature overview](windows-to-go-overview.md) - -[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) - -[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) - -[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) - -[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) +[Windows To Go: feature overview](windows-to-go-overview.md)
                                    +[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
                                    +[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
                                    +[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
                                    +[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
                                      diff --git a/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md b/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md index b603620138..12e3ff8140 100644 --- a/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md +++ b/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md @@ -2,10 +2,13 @@ title: Change history for Plan for Windows 10 deployment (Windows 10) description: This topic lists new and updated topics in the Plan for Windows 10 deployment documentation for Windows 10 and Windows 10 Mobile. ms.assetid: 70D9F4F8-F2A4-4FB4-9459-5B2BE7BCAC66 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 07/19/2017 ms.topic: article --- @@ -22,6 +25,7 @@ The topics in this library have been updated for Windows 10, version 1703 (also - [Windows 10 Enterprise - FAQ for IT Professionals](windows-10-enterprise-faq-itpro.md) ## January 2017 + | New or changed topic | Description | |----------------------|-------------| | [Windows 10 Infrastructure Requirements](windows-10-infrastructure-requirements.md) | Added link for Windows Server 2008 R2 and Windows 7 activation and a link to Windows Server 2016 Volume Activation Tips | @@ -61,7 +65,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | New or changed topic | Description | |--------------------------------------------------------------------------------------------------------------------------------------------------|-------------| | [Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) (multiple topics) | New | -  + ## November 2015 @@ -72,7 +76,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | [Windows Update for Business](../update/waas-manage-updates-wufb.md) (multiple topics) | New | | [Windows To Go: feature overview](windows-to-go-overview.md) (multiple topics) | Updated | -  + ## Related topics @@ -82,9 +86,9 @@ The topics in this library have been updated for Windows 10, version 1607 (also [Change history for Deploy Windows 10](../change-history-for-deploy-windows-10.md) -  - -  + + + diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index 6d01bfbe37..36cdd9af10 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -1,12 +1,15 @@ --- title: Compatibility Administrator User's Guide (Windows 10) ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 +ms.reviewer: +manager: laurawi +ms.author: greglin description: ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -38,7 +41,7 @@ The following flowchart shows the steps for using the Compatibility Administrato **Important**   Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create and work with custom databases for 32-bit applications, and the 64-bit version to create and work with custom databases for 64-bit applications. -  + ## In this section @@ -56,25 +59,25 @@ Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version o -

                                    [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)

                                    +

                                    Using the Compatibility Administrator Tool

                                    This section provides information about using the Compatibility Administrator tool.

                                    -

                                    [Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)

                                    +

                                    Managing Application-Compatibility Fixes and Custom Fix Databases

                                    This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.

                                    -

                                    [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)

                                    +

                                    Using the Sdbinst.exe Command-Line Tool

                                    You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.

                                    -  + -  + -  + diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 3b562f4169..82a99d5611 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -1,12 +1,15 @@ --- title: Compatibility Fix Database Management Strategies and Deployment (Windows 10) ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c +ms.reviewer: +manager: laurawi +ms.author: greglin description: ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -16,12 +19,12 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches: @@ -98,10 +101,10 @@ If you decide to use the centralized compatibility-fix database deployment strat 5. The team that manages the centralized database opens Custom DB1 and uses the Compatibility Administrator to include the new compatibility fixes that were included in Custom DB2. - **Note**   + **Note** Custom DB1 contains a unique GUID that makes updating the database easier. For example, if you install a new version of the custom compatibility-fix database that uses the same GUID as the previous version, the computer will automatically uninstall the old version. -   + 6. The centralized management team then redeploys the new version of Custom DB1 to all of the end users in your organization. @@ -119,23 +122,25 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. - **Important**   + **Important** You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: -   - ``` syntax - msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal) - ``` + +~~~ +``` syntax +msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal) +``` +~~~ - **Using a network share and a custom script** You can store your .sdb file on your network share and then call to a script that resides on your specified computers. -**Important**   +**Important** You must ensure that you call the script at a time when it will receive elevated rights. For example, you should call the script by using computer startup scripts instead of a user logon script. You must also ensure that the installation of the custom compatibility-fix database occurs with Administrator rights. -  + ### Example Script for an Installation of the .sdb File based on an .msi File @@ -163,4 +168,4 @@ End Function Most of your testing of application-compatibility issues will happen prior to the deployment of a new Windows operating system into your environment. As such, a common approach is to include the custom compatibility-fix database, which includes all of your known issues, in your corporate image. Then, as you update your compatibility-fix database, you can provide the updates by using one of the two mechanisms described in the "Deploying Your Custom Compatibility Fix Databases" section earlier in this topic. ## Related topics -[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) \ No newline at end of file +[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md index 67fc4948c5..368687b611 100644 --- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md +++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md @@ -2,11 +2,14 @@ title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista (Windows 10) description: You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. ms.assetid: cd51c824-557f-462a-83bb-54b0771b7dff +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -16,26 +19,26 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. -**Important**   +**Important** The Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator. You must use the 32-bit version for 32-bit applications and the 64-bit version to work for 64-bit applications. You will receive an error message if you try to use the wrong version. If you start the Compatibility Administrator as an Administrator (with elevated privileges), all repaired applications can run successfully; however, virtualization and redirection might not occur as expected. To verify that a compatibility fix addresses an issue, you must test the repaired application by running it under the destination user account. -  + ## Compatibility Fixes -The following table lists the known compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. The fixes are listed in alphabetical order. +The following table lists the known compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. The fixes are listed in alphabetical order. @@ -71,25 +74,24 @@ The following table lists the known compatibility fixes for all Windows operatin - + +

                                    The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.

                                    @@ -98,15 +100,14 @@ The following table lists the known compatibility fixes for all Windows operatin - @@ -119,11 +120,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -131,11 +131,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -143,11 +142,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -161,11 +159,10 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    DLL_Name;Flag_Type;Hexidecimal_Value

                                    Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long.

                                    -Note   -

                                    The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash ().

                                    +Note

                                    The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash ().

                                    -  +
                                    @@ -176,18 +173,16 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2

                                    Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI.

                                    -Note   -

                                    If you do not provide an App_Service name, the deprecated service will be removed from all newly created services.

                                    +Note

                                    If you do not provide an App_Service name, the deprecated service will be removed from all newly created services.

                                    -  +
                                    -Note   -

                                    You can separate multiple entries with a forward slash (/).

                                    +Note

                                    You can separate multiple entries with a forward slash (/).

                                    -  +
                                    @@ -200,7 +195,7 @@ The following table lists the known compatibility fixes for all Windows operatin - + @@ -215,11 +210,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -238,7 +232,7 @@ The following table lists the known compatibility fixes for all Windows operatin - + @@ -253,28 +247,26 @@ The following table lists the known compatibility fixes for all Windows operatin +

                                    The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows.

                                    @@ -282,62 +274,58 @@ The following table lists the known compatibility fixes for all Windows operatin - + +

                                    The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.

                                    @@ -354,11 +342,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -367,7 +354,7 @@ The following table lists the known compatibility fixes for all Windows operatin - + @@ -391,7 +378,7 @@ The following table lists the known compatibility fixes for all Windows operatin +

                                    The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.

                                    @@ -403,11 +390,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -419,11 +405,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -434,18 +419,16 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    Exception1;Exception2

                                    Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.

                                    -Important   -

                                    You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception.

                                    +Important

                                    You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception.

                                    -  +
                                    -Note   -

                                    For more detailed information about this application fix, see [Using the IgnoreException Fix](https://go.microsoft.com/fwlink/p/?LinkId=690344).

                                    +Note

                                    For more detailed information about this application fix, see Using the IgnoreException Fix.

                                    -  +
                                    @@ -463,11 +446,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -481,7 +463,7 @@ The following table lists the known compatibility fixes for all Windows operatin - + @@ -492,11 +474,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -504,11 +485,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -529,11 +509,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -553,11 +532,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -576,12 +554,12 @@ The following table lists the known compatibility fixes for all Windows operatin - + +

                                    The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.

                                    @@ -593,10 +571,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -604,11 +582,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -621,11 +598,10 @@ The following table lists the known compatibility fixes for all Windows operatin

                                  • SC_MANAGER_QUERY_LOCK_STATUS

                                  • STANDARD_READ_RIGHTS

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690350).

                                    +Note

                                    For more detailed information about this application fix, see Using the RetryOpenSCManagerwithReadAccess Fix.

                                    -  +
                                    • @@ -634,11 +610,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -646,11 +621,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -658,11 +632,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -670,11 +643,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -684,20 +656,18 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -707,11 +677,10 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    Client;Protocol;App

                                    Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application.

                                    -Note   -

                                    Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash ().

                                    +Note

                                    Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash ().

                                    -  +
                                    @@ -728,11 +697,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -753,11 +721,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -765,11 +732,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -796,11 +762,10 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    MessageString1 MessageString2

                                    Where MessageString1 and MessageString2 reflect the message strings that can pass.

                                    -Note   -

                                    Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](https://go.microsoft.com/fwlink/p/?LinkId=690365).

                                    +Note

                                    Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix.

                                    -  +
                                    @@ -811,11 +776,10 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    1055 1056 1069

                                    Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.

                                    -Note   -

                                    Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](https://go.microsoft.com/fwlink/p/?LinkId=690367).

                                    +Note

                                    Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act].

                                    -  +
                                    @@ -830,18 +794,17 @@ The following table lists the known compatibility fixes for all Windows operatin +

                                    For more detailed information about this application fix, see Using the VirtualRegistry Fix.

                                    @@ -850,17 +813,16 @@ The following table lists the known compatibility fixes for all Windows operatin

                                    The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.

                                    HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated.

                                    You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix.

                                    -

                                    For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](https://go.microsoft.com/fwlink/p/?LinkId=690370).

                                    +

                                    For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix.

                                    @@ -884,13 +846,12 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -908,27 +869,25 @@ The following table lists the known compatibility fixes for all Windows operatin

                                  • Type vbrun60.dll into the Module Name box, click Include, and then click Add.

                                  • Save the custom database.

                                    -Note   -

                                    For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](https://go.microsoft.com/fwlink/p/?LinkId=690374).

                                    +Note

                                    For more information about the WinXPSP2VersionLie application fix, see Using the WinXPSP2VersionLie Fix.

                                    -  +
                                    • - @@ -936,11 +895,10 @@ The following table lists the known compatibility fixes for all Windows operatin @@ -950,12 +908,12 @@ The following table lists the known compatibility fixes for all Windows operatin - +

                                    BIOSRead

                                    This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.

                                    -

                                    The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \\Device\Physical memory information..

                                    This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.

                                    +

                                    The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information..

                                    BlockRunasInteractiveUser

                                    This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings.

                                    The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](https://go.microsoft.com/fwlink/p/?LinkId=690328).

                                    +Note

                                    For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix.

                                    -  +

                                    ChangeFolderPathToXPStyle

                                    This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API.

                                    -

                                    The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.

                                    ClearLastErrorStatusonIntializeCriticalSection

                                    CopyHKCUSettingsFromOtherUsers

                                    This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users.

                                    +

                                    This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users.

                                    The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area.

                                    You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: Software\MyCompany\Key1^Software\MyCompany\Key2.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](https://go.microsoft.com/fwlink/p/?LinkId=690329).

                                    +Note

                                    For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix.

                                    -  +

                                    The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message.

                                    The fix modifies the file path names to point to a new location on the hard disk.

                                    -Note   -

                                    For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](https://go.microsoft.com/fwlink/p/?LinkId=690330). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.

                                    +Note

                                    For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.

                                    -  +

                                    This problem occurs when an uninstalled application leaves behind files, directories, and links.

                                    The fix corrects the file paths that are used by the uninstallation process of an application.

                                    -Note   -

                                    For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](https://go.microsoft.com/fwlink/p/?LinkId=690331). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.

                                    +Note

                                    For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.

                                    -  +

                                    This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function.

                                    The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.

                                    -Note   -

                                    For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](https://go.microsoft.com/fwlink/p/?LinkId=690332).

                                    +Note

                                    For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix.

                                    -  +

                                    DetectorDWM8And16Bit

                                    This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 .

                                    This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 .

                                    Disable8And16BitD3D

                                    The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application.

                                    The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the DisableDWM Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690334).

                                    +Note

                                    For more detailed information about this application fix, see Using the DisableDWM Fix.

                                    -  +

                                    DWM8And16BitMitigation

                                    The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8.

                                    The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8.

                                    DXGICompat

                                    The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.

                                    The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690335).

                                    +Note

                                    For more detailed information about this application fix, see Using the ElevateCreateProcess Fix.

                                    -  +

                                    EmulateOldPathIsUNC

                                    The problem occurs when an application fails because of an incorrect UNC path.

                                    -

                                    The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. 

                                    EmulateGetDiskFreeSpace

                                    The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements.

                                    -

                                    The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount.

                                    +

                                    The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](https://go.microsoft.com/fwlink/p/?LinkId=690336).

                                    +Note

                                    For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix.

                                    -  +

                                    The problem occurs when an application experiences search functionality issues.

                                    The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table.

                                    -Note   -

                                    For more detailed information about this e application fix, see [Using the EmulateSorting Fix](https://go.microsoft.com/fwlink/p/?LinkId=690337).

                                    +Note

                                    For more detailed information about this e application fix, see Using the EmulateSorting Fix.

                                    -  +

                                    EmulateSortingWindows61

                                    The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs.

                                    The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs.

                                    EnableRestarts

                                    The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes.

                                    The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the EnableRestarts Fix](https://go.microsoft.com/fwlink/p/?LinkId=690338).

                                    +Note

                                    For more detailed information about this application fix, see Using the EnableRestarts Fix.

                                    -  +

                                    ExtraAddRefDesktopFolder

                                    The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed.

                                    -

                                    The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.

                                    FailObsoleteShellAPIs

                                    The problem occurs when an application fails because it generated deprecated API calls.

                                    The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail.

                                    -Note   -

                                    You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail.

                                    +Note

                                    You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail.

                                    -  +

                                    FailRemoveDirectory

                                    The problem occurs when an application uninstallation process does not remove all of the application files and folders.

                                    -

                                    This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line.  Only a single path is supported.  The path can contain environment variables, but must be an exact path – no partial paths are supported.

                                    +

                                    This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported.

                                    The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.

                                    FakeLunaTheme

                                    The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed.

                                    -

                                    The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna).

                                    +

                                    The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna).

                                    -Note   -

                                    For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](https://go.microsoft.com/fwlink/p/?LinkId=690339).

                                    +Note

                                    For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix.

                                    -  +

                                    The problem occurs when an application fails to function during an explicit administrator check.

                                    The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690342).

                                    +Note

                                    For more detailed information about this application fix, see Using the ForceAdminAccess Fix.

                                    -  +

                                    ForceLoadMirrorDrvMitigation

                                    The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied.

                                    The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied.

                                    FreestyleBMX

                                    HandleMarkedContentNotIndexed

                                    The problem is indicated by an application that fails when it changes an attribute on a file or directory.

                                    -

                                    The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.

                                    HeapClearAllocation

                                    The problem occurs when an application fails to function when special key combinations are used.

                                    The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](https://go.microsoft.com/fwlink/p/?LinkId=690343).

                                    +Note

                                    For more detailed information about this application fix, see Using the IgnoreAltTab Fix.

                                    -  +

                                    The problem is indicated by a read or access violation error message that displays when an application tries to find or open files.

                                    The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions.

                                    -Note   -

                                    Symbolic links appear starting in Windows Vista.

                                    +Note

                                    Symbolic links appear starting in Windows Vista.

                                    -  +

                                    The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system.

                                    The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](https://go.microsoft.com/fwlink/p/?LinkId=690345).

                                    +Note

                                    For more detailed information about this application fix, see Using the IgnoreMessageBox Fix.

                                    -  +

                                    InstallComponent

                                    The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8.

                                    The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8.

                                    LoadLibraryRedirect

                                    The problem occurs when an application unsuccessfully tries to create an object in the Global namespace.

                                    The fix intercepts the function call to create the object and replaces the word Global with Local.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the LocalMappedObject Fix](https://go.microsoft.com/fwlink/p/?LinkId=690346).

                                    +Note

                                    For more detailed information about this application fix, see Using the LocalMappedObject Fix.

                                    -  +

                                    The problem is indicated when an application fails to uninstall because of access-related errors.

                                    The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690347)

                                    +Note

                                    For more detailed information about this application fix, see Using the MakeShortcutRunas Fix

                                    -  +

                                    The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application.

                                    The fix reduces the security privilege levels on a specified set of files and folders.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](https://go.microsoft.com/fwlink/p/?LinkId=690348).

                                    +Note

                                    For more detailed information about this application fix, see Using the OpenDirectoryACL Fix.

                                    -  +

                                    The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running.

                                    The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running.

                                    -Note   -

                                    This issue seems to occur most frequently with .NET applications.

                                    +Note

                                    This issue seems to occur most frequently with .NET applications.

                                    -  +

                                    RedirectCRTTempFile

                                    The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory.

                                    The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory.

                                    RedirectHKCUKeys

                                    The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions.

                                    -

                                    The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.

                                    RedirectMP3Codec

                                    The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process.

                                    The fix redirects all of the shortcuts created during the application setup to appear according to a specified path.

                                      -

                                    • Start Menu shortcuts: Appear in the \\ProgramData\Microsoft\Windows\Start Menu directory for all users.

                                      • -

                                    • Desktop or Quick Launch shortcuts:You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.

                                      • +

                                    • Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users.

                                      • +

                                    • Desktop or Quick Launch shortcuts:You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.

                                    -

                                    This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts.

                                    +

                                    This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts.

                                    You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel.

                                    The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application.

                                    The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RelaunchElevated Fix](https://go.microsoft.com/fwlink/p/?LinkId=690349).

                                    +Note

                                    For more detailed information about this application fix, see Using the RelaunchElevated Fix.

                                    -  +

                                    The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays.

                                    The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690351).

                                    +Note

                                    For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix.

                                    -  +

                                    The problem occurs when an application fails to function by using the Standard User or Protected Administrator account.

                                    The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RunAsAdmin Fix](https://go.microsoft.com/fwlink/p/?LinkId=690353).

                                    +Note

                                    For more detailed information about this application fix, see Using the RunAsAdmin Fix.

                                    -  +

                                    The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users.

                                    The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RunAsHighest Fix](https://go.microsoft.com/fwlink/p/?LinkId=690355).

                                    +Note

                                    For more detailed information about this application fix, see Using the RunAsHighest Fix.

                                    -  +

                                    The problem occurs when an application is not detected as requiring elevation.

                                    The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the RunAsInvoker Fix](https://go.microsoft.com/fwlink/p/?LinkId=690356).

                                    +Note

                                    For more detailed information about this application fix, see Using the RunAsInvoker Fix.

                                    -  +

                                    SessionShim

                                    The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter.

                                    -

                                    At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (\). Or, you can choose not to include any parameters, so that all of the objects are modified.

                                    +

                                    At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified.

                                    -Important   -

                                    Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail.

                                    +Important

                                    Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail.

                                    -  +
                                    -Note   -

                                    For more detailed information about this application fix, see [Using the SessionShim Fix](https://go.microsoft.com/fwlink/p/?LinkId=690358).

                                    +Note

                                    For more detailed information about this application fix, see Using the SessionShim Fix.

                                    -  +

                                    The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue.

                                    The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.

                                    -Note   -

                                    For more information about this application fix, see [Using the ShimViaEAT Fix](https://go.microsoft.com/fwlink/p/?LinkId=690359).

                                    +Note

                                    For more information about this application fix, see Using the ShimViaEAT Fix.

                                    -  +

                                    The problem occurs when an application installation file fails to be picked up by the GenericInstaller function.

                                    The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the SpecificInstaller Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690361).

                                    +Note

                                    For more detailed information about this application fix, see Using the SpecificInstaller Fix.

                                    -  +

                                    The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function.

                                    The fix flags the application to exclude it from detection by the GenericInstaller function.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](https://go.microsoft.com/fwlink/p/?LinkId=690363).

                                    +Note

                                    For more detailed information about this application fix, see Using the SpecificNonInstaller Fix.

                                    -  +

                                    VirtualRegistry

                                    The problem is indicated when a Component failed to be located error message displays when an application is started.

                                    The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.

                                    -

                                    For more detailed information about this application fix, see [Using the VirtualRegistry Fix](https://go.microsoft.com/fwlink/p/?LinkId=690368).

                                    VirtualizeDeleteFile

                                    The problem occurs when several error messages display and the application cannot delete files.

                                    -

                                    The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.

                                    +

                                    The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](https://go.microsoft.com/fwlink/p/?LinkId=690369).

                                    +Note

                                    For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix.

                                    -  +

                                    VirtualizeRegisterTypeLib

                                    The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](https://go.microsoft.com/fwlink/p/?LinkId=690371).

                                    +Note

                                    For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix.

                                    -  +

                                    Wing32SystoSys32

                                    The problem is indicated by an error message that states that the WinG library was not properly installed.

                                    -

                                    The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory.

                                    +

                                    The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory.

                                    -Important   -

                                    The application must have Administrator privileges for this fix to work.

                                    +Important

                                    The application must have Administrator privileges for this fix to work.

                                    -  +

                                    WRPDllRegister

                                    The application fails when it tries to register a COM component that is released together with Windows Vista and later.

                                    +

                                    The application fails when it tries to register a COM component that is released together with Windows Vista and later.

                                    The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions.

                                    You can control this fix further by typing the following command at the command prompt:

                                    Component1.dll;Component2.dll

                                    Where Component1.dll and Component2.dll reflect the components to be skipped.

                                    -Note   -

                                    For more detailed information about this application fix, see [Using the WRPDllRegister Fix](https://go.microsoft.com/fwlink/p/?LinkId=690375).

                                    +Note

                                    For more detailed information about this application fix, see Using the WRPDllRegister Fix.

                                    -  +

                                    The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access.

                                    The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue.

                                    -Note   -

                                    For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](https://go.microsoft.com/fwlink/p/?LinkId=690376).

                                    +Note

                                    For more detailed information about WRPMitigation, see Using the WRPMitigation Fix.

                                    -  +

                                    XPAfxIsValidAddress

                                    The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.

                                    The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.
                                    -  + ## Compatibility Modes @@ -978,7 +936,7 @@ The following table lists the known compatibility modes.

                                    WinSrv03

                                    -

                                    Emulates the Windows Server 2003 operating system.

                                    +

                                    Emulates the Windows Server 2003 operating system.

                                    • Win2k3RTMVersionLie

                                    • VirtualRegistry

                                      • @@ -996,7 +954,7 @@ The following table lists the known compatibility modes.

                                      WinSrv03Sp1

                                      -

                                      Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system.

                                      +

                                      Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system.

                                      • Win2K3SP1VersionLie

                                      • VirtualRegistry

                                        • @@ -1011,4 +969,4 @@ The following table lists the known compatibility modes.
                                      - \ No newline at end of file + diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md index fe4c17069c..e3aeb700b4 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. ms.assetid: e4f2853a-0e46-49c5-afd7-0ed12f1fe0c2 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -28,7 +31,7 @@ The Compatibility Administrator tool uses the term *fix* to describe the combina **Important**   Fixes apply to a single application only; therefore, you must create multiple fixes if you need to fix the same issue in multiple applications. -  + ## What is a Compatibility Fix? @@ -43,7 +46,7 @@ The Compatibility Administrator tool has preloaded fixes for many common applica **Important**   Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications. -  + **To search for an existing application** @@ -73,9 +76,9 @@ If you are unable to find a preloaded compatibility fix for your application, yo ## Related topics [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -  + -  + diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md index 42398cd04a..ad677faf01 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Creating a Custom Compatibility Mode in Compatibility Administrator (Windows 10) description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. ms.assetid: 661a1c0d-267f-4a79-8445-62a9a98d09b0 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -16,12 +19,12 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 Windows® provides several *compatibility modes*, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases. @@ -35,10 +38,10 @@ A compatibility mode is a group of compatibility fixes. A compatibility fix, pre The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database. -**Important**   +**Important** Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications. -  + **To search for an existing application** @@ -51,10 +54,10 @@ Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version o If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database. -**Important**   +**Important** A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database. -  + **To create a new compatibility mode** @@ -64,23 +67,25 @@ A compatibility mode includes a set of compatibility fixes and must be deployed 3. Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **>**. - **Important**   + **Important** If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode. -   - If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. -4. After you are done selecting the compatibility fixes to include, click **OK**. +~~~ +If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. +~~~ - The compatibility mode is added to your custom database. +4. After you are done selecting the compatibility fixes to include, click **OK**. + + The compatibility mode is added to your custom database. ## Related topics [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -  - -  + + + diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 078f35d184..978794b523 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Creating an AppHelp Message in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system. ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -40,7 +43,7 @@ The Compatibility Administrator tool has preloaded fixes for many common applica **Important**   Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications. -  + **To search for an existing application** @@ -91,4 +94,4 @@ The following issues might occur with computers running Windows 2000: - Copying an AppHelp entry for a system database or a custom-compatibility fix from a system database might cause Compatibility Administrator to hide the descriptive text. ## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 9730a3defb..ecd53deb4e 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -2,13 +2,15 @@ title: Deployment considerations for Windows To Go (Windows 10) description: Deployment considerations for Windows To Go ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, mobile, device, USB, boot, image, workspace, driver ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: mobility ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,12 +21,15 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs. **Note**   Windows To Go does not support operating system upgrades. Windows To Go is designed as a feature that is managed centrally. IT departments that plan to transition from one operating system version to a later version will need to incorporate re-imaging their existing Windows To Go drives as part of their upgrade deployment process. -  + The following sections discuss the boot experience, deployment methods, and tools that you can use with Windows To Go. @@ -60,7 +65,7 @@ When the Windows To Go workspace is going to be used first on an off-premises co **Tip**   Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](https://go.microsoft.com/fwlink/p/?LinkId=619076). -  + DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](https://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network. @@ -75,7 +80,7 @@ The simplest way to provision a Windows To Go drive is to use the Windows To Go **Tip**   When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments. -  + **Driver considerations** @@ -157,28 +162,28 @@ The following list of commonly used Wi-Fi network adapters that are not supporte

                                      Marvell

                                      Yukon 88E8001/8003/8010 PCI Gigabit Ethernet

                                      pci\ven_11ab&dev_4320&subsys_811a1043

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Marvell

                                      Libertas 802.11b/g Wireless

                                      pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Qualcomm

                                      Atheros AR6004 Wireless LAN Adapter

                                      sd\vid_0271&pid_0401

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)

                                      +

                                      32-bit driver

                                      64-bit driver not available

                                      Qualcomm

                                      Atheros AR5BWB222 Wireless Network Adapter

                                      pci\ven_168c&dev_0034&subsys_20031a56

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)

                                      +

                                      32-bit driver

                                      64-bit driver not available

                                      @@ -191,41 +196,41 @@ The following list of commonly used Wi-Fi network adapters that are not supporte

                                      Qualcomm

                                      Atheros AR5005G Wireless Network Adapter

                                      pci\ven_168c&dev_001a&subsys_04181468&rev_01

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Ralink

                                      Wireless-G PCI Adapter

                                      pci\ven_1814&dev_0301&subsys_00551737&rev_00

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Ralink

                                      Turbo Wireless LAN Card

                                      pci\ven_1814&dev_0301&subsys_25611814&rev_00

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Ralink

                                      Wireless LAN Card V1

                                      pci\ven_1814&dev_0302&subsys_3a711186&rev_00

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      Ralink

                                      D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)

                                      pci\ven_1814&dev_0302&subsys_3c091186&rev_00

                                      -

                                      [32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)

                                      -

                                      [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)

                                      +

                                      32-bit driver

                                      +

                                      64-bit driver

                                      -  + IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=619079). @@ -248,7 +253,7 @@ The use of the Store on Windows To Go workspaces that are running Windows 8 can **Important**   For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port. -   + - **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace** @@ -263,7 +268,7 @@ The use of the Store on Windows To Go workspaces that are running Windows 8 can **Important**   Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started. -   + ## Supporting booting from USB @@ -273,7 +278,7 @@ The biggest hurdle for a user wanting to use Windows To Go is configuring their **Note**   Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options. -  + If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). @@ -306,7 +311,7 @@ Windows To Go Startup Options is a setting available on Windows 10-based PCs th **Tip**   If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog. -   + 3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**. @@ -325,9 +330,9 @@ If you choose to not use the Windows To Go startup options or are using a PC run [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) -  + -  + diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md index 0838cb2613..97329b8201 100644 --- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md +++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator (Windows 10) description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes. ms.assetid: 6bd4a7c5-0ed9-4a35-948c-c438aa4d6cb6 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -33,7 +36,7 @@ Customized compatibility databases can become quite complex as you add your fixe **Important**   Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications. -  + **To disable a compatibility fix within a database** @@ -46,7 +49,7 @@ Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version o **Important**   When you disable an entry, it will remain disabled even if you do not save the database file. -   + ## Enabling Compatibility Fixes @@ -62,4 +65,4 @@ You can enable your disabled compatibility fixes at any time. 2. On the **Database** menu, click **Enable Entry**. ## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md index 8a5d6781f2..96bc5e3a59 100644 --- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md +++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md @@ -2,11 +2,14 @@ title: Fixing Applications by Using the SUA Tool (Windows 10) description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application. ms.assetid: 7f5947b1-977b-4d7e-bb52-fbe8e76f6b8b +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md index 37b7cdccf8..cc28f2ebb0 100644 --- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md +++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator (Windows 10) description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. ms.assetid: 659c9d62-5f32-433d-94aa-12141c01368f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -32,7 +35,7 @@ Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version o In addition, you must deploy your databases to your organization’s computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md). -  + ## Installing a Custom Database @@ -61,4 +64,4 @@ When a custom database is no longer necessary, either because the applications a 2. On the **File** menu, click **Uninstall**. ## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md index ec256fd6be..086ada5b3c 100644 --- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md +++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md @@ -2,11 +2,14 @@ title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10) description: This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -41,23 +44,23 @@ This section provides information about managing your application-compatibility -

                                      [Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)

                                      +

                                      Understanding and Using Compatibility Fixes

                                      As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.

                                      -

                                      [Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)

                                      +

                                      Compatibility Fix Database Management Strategies and Deployment

                                      After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:

                                      -

                                      [Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)

                                      +

                                      Testing Your Application Mitigation Packages

                                      This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.

                                      -  + ## Related topics [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) \ No newline at end of file +[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md index d93629a7ea..c0111f5cee 100644 --- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md +++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md @@ -2,13 +2,15 @@ title: Prepare your organization for Windows To Go (Windows 10) description: Prepare your organization for Windows To Go ms.assetid: f3f3c160-90ad-40a8-aeba-2aedee18f7ff +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: ["mobile, device, USB, deploy"] ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: mobility ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,6 +21,9 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the “what”, “why”, and “when” questions an IT professional might have when planning to deploy Windows To Go. ## What is Windows To Go? @@ -29,13 +34,9 @@ Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education t Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are: - USB boot capable - - Have USB boot enabled in the firmware - - Meet Windows 7 minimum system requirements - - Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM is not a supported processor for Windows To Go. - - Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go. @@ -60,7 +61,7 @@ The following scenarios are examples of situations in which Windows To Go worksp **Note**   If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace’s computer object is not potentially deleted from Active Directory Domain Services (AD DS). -  + ## Infrastructure considerations @@ -79,7 +80,7 @@ You should investigate other software manufacturer’s licensing requirements to **Note**   Using Multiple Activation Key (MAK) activation is not a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive. -  + See [Plan for Volume Activation](https://go.microsoft.com/fwlink/p/?LinkId=618923) for more information about these activation methods and how they can be used in your organization. @@ -120,9 +121,9 @@ If you want Windows To Go to be able to connect back to organizational resources [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) -  + -  + diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md index 738bc1b205..d9d1e66b3a 100644 --- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Searching for Fixed Applications in Compatibility Administrator (Windows 10) description: With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. ms.assetid: 1051a2dc-0362-43a4-8ae8-07dae39b1cb8 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -33,7 +36,7 @@ The **Query Compatibility Databases** tool provides additional search options. F **Important**   You must perform your search with the correct version of the Compatibility Administrator tool. If you are searching for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. If you are searching for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator. -  + **To search for previous fixes** @@ -66,9 +69,9 @@ You can export your search results to a text (.txt) file for later review or arc ## Related topics [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -  + -  + diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md index 4136dbdbc8..6b62b5378a 100644 --- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator (Windows 10) description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature. ms.assetid: dd213b55-c71c-407a-ad49-33db54f82f22 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -30,7 +33,7 @@ For information about the Search feature, see [Searching for Fixed Applications **Important**   You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator. -  + ## Querying by Using the Program Properties Tab @@ -62,7 +65,7 @@ You can use the **Program Properties** tab of the Query tool to search for any c **Important**   If you do not select any of the check boxes, the search will look for all types of compatibility fixes. Do not select multiple check boxes because only applications that match all of the requirements will appear. -   + 6. Click **Find Now**. @@ -86,14 +89,14 @@ You can use the **Fix Properties** tab of the Query tool to search for any appli **Note**   You can use the percent (%) symbol as a wildcard in your fix-properties query, as a substitute for any string of zero or more characters. -   + 5. Select the check box for either **Search in Compatibility Fixes** or **Search in Compatibility Modes**. **Important**   Your text must match the type of compatibility fix or mode for which you are performing the query. For example, entering the name of a compatibility fix and selecting the compatibility mode check box will not return any results. Additionally, if you select both check boxes, the query will search for the fix by compatibility mode and compatibility fix. Only applications that match both requirements appear. -   + 6. Click **Find Now**. @@ -117,7 +120,7 @@ You can use the **Fix Description** tab of the Query tool to add parameters that **Important**   You cannot use wildcards as part of the Fix Description search query because the default behavior is to search for any entry that meets your search criteria. -   + 5. Refine your search by selecting **Match any word** or **Match all words** from the drop-down list. @@ -170,9 +173,9 @@ You can export any of your search results into a tab-delimited text (.txt) file ## Related topics [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -  + -  + diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index 683018e1d1..669dea7590 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -2,13 +2,15 @@ title: Security and data protection considerations for Windows To Go (Windows 10) description: One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: mobile, device, USB, secure, BitLocker ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: mobility, security ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,6 +21,9 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. ## Backup and restore @@ -38,7 +43,7 @@ You can enable BitLocker while using the Windows To Go Creator wizard as part of **Tip**   If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail) -  + If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode. @@ -71,9 +76,9 @@ Windows to Go is a core capability of Windows when it is deployed on the drive a [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) -  + -  + diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md index 5c5c7979ff..c0541bd6d3 100644 --- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md +++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md @@ -2,11 +2,14 @@ title: Showing Messages Generated by the SUA Tool (Windows 10) description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated. ms.assetid: 767eb7f2-d6c4-414c-a7b3-a997337d904a +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index 60f54bb4b5..7a6dceac00 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -2,11 +2,14 @@ title: SUA User's Guide (Windows 10) description: You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -47,18 +50,18 @@ You can use SUA in either of the following ways: -

                                      [Using the SUA Wizard](using-the-sua-wizard.md)

                                      +

                                      Using the SUA Wizard

                                      The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.

                                      -

                                      [Using the SUA Tool](using-the-sua-tool.md)

                                      +

                                      Using the SUA Tool

                                      By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.

                                      -  + -  + diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md index 6a6e69b626..3b99031120 100644 --- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md +++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md @@ -2,11 +2,14 @@ title: Tabs on the SUA Tool Interface (Windows 10) description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze. ms.assetid: 0d705321-1d85-4217-bf2c-0ca231ca303b +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md index 6b09e93b26..3c9115ff8a 100644 --- a/windows/deployment/planning/testing-your-application-mitigation-packages.md +++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md @@ -2,11 +2,14 @@ title: Testing Your Application Mitigation Packages (Windows 10) description: This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues. ms.assetid: ae946f27-d377-4db9-b179-e8875d454ccf +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -71,7 +74,7 @@ At this point, you probably cannot resolve any unresolved application compatibil **Note**   For more information about using Compatibility Administrator to apply compatibility fixes and compatibility modes, see [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md). -   + - Run the application in a virtual environment. @@ -86,4 +89,4 @@ At this point, you probably cannot resolve any unresolved application compatibil If your developers have insufficient resources to resolve the application compatibility issues, outsource the mitigation effort to another organization within your company. ## Related topics -[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) \ No newline at end of file +[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md index af5a8f1b79..4444a1eef2 100644 --- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md +++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md @@ -2,11 +2,14 @@ title: Understanding and Using Compatibility Fixes (Windows 10) description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. ms.assetid: 84bf663d-3e0b-4168-99d6-a26e054821b7 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -41,7 +44,7 @@ Specifically, the process modifies the address of the affected Windows function **Note**   For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API. -  + ## Design Implications of the Compatibility Fix Infrastructure @@ -57,7 +60,7 @@ There are important considerations to keep in mind when determining your applica **Note**   Some antivirus, firewall, and anti-spyware code runs in kernel mode. -   + ## Determining When to Use a Compatibility Fix @@ -95,4 +98,4 @@ Compatibility fixes are shipped as part of the Windows operating system and are You can apply the compatibility fixes to any of your applications. However, Microsoft does not provide the tools to use the Compatibility Fix infrastructure to create your own custom fixes. ## Related topics -[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) \ No newline at end of file +[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md index 6595bdd558..8268db9a1c 100644 --- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md +++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md @@ -2,11 +2,14 @@ title: Using the Compatibility Administrator Tool (Windows 10) description: This section provides information about using the Compatibility Administrator tool. ms.assetid: 57271e47-b9b9-4018-a0b5-7115a533166d +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -41,49 +44,49 @@ This section provides information about using the Compatibility Administrator to -

                                      [Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)

                                      +

                                      Available Data Types and Operators in Compatibility Administrator

                                      The Compatibility Administrator tool provides a way to query your custom-compatibility databases.

                                      -

                                      [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)

                                      +

                                      Searching for Fixed Applications in Compatibility Administrator

                                      With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.

                                      -

                                      [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)

                                      +

                                      Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator

                                      You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.

                                      -

                                      [Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)

                                      +

                                      Creating a Custom Compatibility Fix in Compatibility Administrator

                                      The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.

                                      -

                                      [Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)

                                      +

                                      Creating a Custom Compatibility Mode in Compatibility Administrator

                                      Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.

                                      -

                                      [Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)

                                      +

                                      Creating an AppHelp Message in Compatibility Administrator

                                      The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.

                                      -

                                      [Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)

                                      +

                                      Viewing the Events Screen in Compatibility Administrator

                                      The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.

                                      -

                                      [Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)

                                      +

                                      Enabling and Disabling Compatibility Fixes in Compatibility Administrator

                                      You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.

                                      -

                                      [Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)

                                      +

                                      Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator

                                      The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.

                                      -  + -  + -  + diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index e1c1d22bc7..e8da9eedfc 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -2,11 +2,14 @@ title: Using the Sdbinst.exe Command-Line Tool (Windows 10) description: You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md index 6ef273260e..98e7f50884 100644 --- a/windows/deployment/planning/using-the-sua-tool.md +++ b/windows/deployment/planning/using-the-sua-tool.md @@ -2,11 +2,14 @@ title: Using the SUA Tool (Windows 10) description: By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index db5b6a09f3..f3ecffae97 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -2,11 +2,14 @@ title: Using the SUA Wizard (Windows 10) description: The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions. ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md index afc0cf0afa..b0cc6e3517 100644 --- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md +++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md @@ -2,11 +2,14 @@ title: Viewing the Events Screen in Compatibility Administrator (Windows 10) description: The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities. ms.assetid: f2b2ada4-1b7b-4558-989d-5b52b40454b3 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.sitesec: library -author: TrudyHa +author: greg-lindsay ms.date: 04/19/2017 ms.topic: article --- @@ -28,7 +31,7 @@ The **Events** screen enables you to record and to view your activities in the C **Important**   The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list. -  + **To open the Events screen** @@ -46,9 +49,9 @@ If you open the **Events** screen and then perform the copy operation, you can s [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -  + -  + diff --git a/windows/deployment/planning/windows-10-creators-update-deprecation.md b/windows/deployment/planning/windows-10-1703-removed-features.md similarity index 86% rename from windows/deployment/planning/windows-10-creators-update-deprecation.md rename to windows/deployment/planning/windows-10-1703-removed-features.md index 9a87eca2b0..45bac44358 100644 --- a/windows/deployment/planning/windows-10-creators-update-deprecation.md +++ b/windows/deployment/planning/windows-10-1703-removed-features.md @@ -1,6 +1,6 @@ --- -title: Windows 10 Creators Update Deprecated Features -description: Learn about features that were removed in Windows 10 Creators Update (version 1703) +title: Windows 10, version 1703 removed features +description: Learn about features that were removed in Windows 10, version 1703 ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium @@ -9,15 +9,15 @@ author: lizap ms.date: 10/09/2017 ms.topic: article --- -# Features that are removed or deprecated in Windows 10 Creators Update +# Features that are removed or deprecated in Windows 10, version 1703 -> Applies to: Windows 10 +> Applies to: Windows 10, version 1703 -The following features and functionalities in the Windows 10 Creators Update edition (Windows 10, version 1703) have either been removed from the product in the current release (*Removed*) or are not in active development and are planned for potential removal in subsequent releases (*Deprecated*). +The following features and functionalities in the Windows 10 Creators Update edition (Windows 10, version 1703) have either been removed from the product in the current release (*Removed*) or are not in active development and are planned for potential removal in subsequent releases. This list is intended for IT professionals who are updating operating systems in a commercial environment. The plan and list are subject to change and may not include every deprecated feature or functionality. For more details about a listed feature or functionality and its replacement, see the documentation for that feature. -| Feature | Removed | Deprecated | +| Feature | Removed | Not actively developed | |------------|---------|------------| |Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | | X | |Apps Corner| | X | diff --git a/windows/deployment/planning/windows-10-fall-creators-deprecation.md b/windows/deployment/planning/windows-10-1709-removed-features.md similarity index 89% rename from windows/deployment/planning/windows-10-fall-creators-deprecation.md rename to windows/deployment/planning/windows-10-1709-removed-features.md index cdb6eeb98d..d4796ebda4 100644 --- a/windows/deployment/planning/windows-10-fall-creators-deprecation.md +++ b/windows/deployment/planning/windows-10-1709-removed-features.md @@ -1,25 +1,24 @@ --- -title: Windows 10 Fall Creators Update Deprecated Features -description: Learn about features that will be removed in Windows 10 Fall Creators Update (version 1709) +title: Windows 10, version 1709 removed features +description: Learn about features that will be removed in Windows 10, version 1709 ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -author: lizap -ms.date: 10/30/2018 +author: greg-lindsay ms.topic: article --- -# Features that are removed or deprecated in Windows 10 Fall Creators Update +# Features that are removed or deprecated in Windows 10, version 1709 -> Applies to: Windows 10 +> Applies to: Windows 10, version 1709 -The following features and functionalities in the Windows 10 Fall Creators Update (Windows 10, version 1709) are either removed from the product in the current release (*Removed*) or are not in active development and might be removed in future releases (*Deprecated*). +The following features and functionalities in the Windows 10, version 1709 are either removed from the product in the current release (*Removed*) or are not in active development and might be removed in future releases. This list is intended to help customers consider these removals and deprecations for their own planning. The list is subject to change and may not include every deprecated feature or functionality. For more information about a listed feature or functionality and its replacement, see the documentation for that feature. You can also follow the provided links in this table to see additional resources.  -| Feature | Removed | Deprecated | +| Feature | Removed | Not actively developed | |----------|---------|------------| |**3D Builder app**
                                      No longer installed by default. Consider using Print 3D and Paint 3D in its place. However, 3D Builder is still available for download from the Windows Store. | X | | |**Apndatabase.xml**
                                      For more information about the replacement database, see the following Hardware Dev Center articles:
                                      [MO Process to update COSA](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission)
                                      [COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq) | X | | diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md index 9a42ba6489..4896f94c29 100644 --- a/windows/deployment/planning/windows-10-1803-removed-features.md +++ b/windows/deployment/planning/windows-10-1803-removed-features.md @@ -5,9 +5,11 @@ ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -author: lizap -ms.author: elizapo +author: greg-lindsay +ms.author: greglin ms.date: 08/16/2018 +ms.reviewer: +manager: laurawi ms.topic: article --- # Features removed or planned for replacement starting with Windows 10, version 1803 @@ -33,7 +35,7 @@ We've removed the following features and functionalities from the installed prod |Language control in the Control Panel| Use the Settings app to change your language settings.| |HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.

                                      When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.

                                      Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10:
                                      - [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10)
                                      - [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | |**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).| -|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image.

                                      However, if you install Windows 10, version 1803, you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| +|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.

                                      However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| ## Features we’re no longer developing diff --git a/windows/deployment/planning/windows-10-1809-removed-features.md b/windows/deployment/planning/windows-10-1809-removed-features.md index 1204493c7c..e42f426c19 100644 --- a/windows/deployment/planning/windows-10-1809-removed-features.md +++ b/windows/deployment/planning/windows-10-1809-removed-features.md @@ -5,9 +5,11 @@ ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -author: lizap -ms.author: elizapo +author: greg-lindsay +ms.author: greglin ms.date: 11/16/2018 +ms.reviewer: +manager: laurawi ms.topic: article --- # Features removed or planned for replacement starting with Windows 10, version 1809 diff --git a/windows/deployment/planning/windows-10-1903-removed-features.md b/windows/deployment/planning/windows-10-1903-removed-features.md new file mode 100644 index 0000000000..7bd3264aa0 --- /dev/null +++ b/windows/deployment/planning/windows-10-1903-removed-features.md @@ -0,0 +1,42 @@ +--- +title: Windows 10, version 1903 - Features that have been removed +description: Learn about features that will be removed or deprecated in Windows 10, version 1903, or a future release +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +author: greg-lindsay +ms.author: greglin +ms.topic: article +--- +# Features removed or planned for replacement starting with Windows 10, version 1903 + +> Applies to: Windows 10, version 1903 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10, version 1903. **The list below is subject to change and might not include every affected feature or functionality.** + +**Note**: Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. + +## Features we removed or will remove soon + +The following features and functionalities are removed from the installed product image for Windows 10, version 1903, or are planned for removal in an upcoming release. Applications or code that depend on these features won't function in this release unless you use another method. + + +| Feature | Details | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| XDDM-based remote display driver | Starting with this release the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote indirect display driver ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | +| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | + +## Features we’re no longer developing + +We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. + +If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). + +|Feature |Details| +|-----------|---------------------| +| Taskbar settings roaming| Roaming of taskbar settings is no longer being developed and we plan to disable this capability in a future release| +|Wi-Fi WEP and TKIP|In this release a warning message will appear when connecting to Wi-Fi networks secured with WEP or TKIP, which are not as secure as those using WPA2 or WPA3. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | +|Windows To Go|Windows To Go is no longer being developed.

                                      The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| +|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| + diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md index 1fe897263a..11a81f2181 100644 --- a/windows/deployment/planning/windows-10-compatibility.md +++ b/windows/deployment/planning/windows-10-compatibility.md @@ -2,14 +2,16 @@ title: Windows 10 compatibility (Windows 10) description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. ms.assetid: 829BE5B5-330A-4702-807A-8908B4FC94E8 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, upgrade, update, appcompat ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md index bb0ad7f659..e21d82200b 100644 --- a/windows/deployment/planning/windows-10-deployment-considerations.md +++ b/windows/deployment/planning/windows-10-deployment-considerations.md @@ -2,13 +2,15 @@ title: Windows 10 deployment considerations (Windows 10) description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, upgrade, update, in-place ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: plan ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- @@ -111,7 +113,7 @@ In either of these scenarios, you can make a variety of configuration changes to ## Stay up to date -For computers already running Windows 10 on the Current Branch or Current Branch for Business, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods: +For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods: - Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet. diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index cd611c67ef..0382d9a133 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -8,6 +8,10 @@ ms.localizationpriority: medium ms.sitesec: library author: ms.date: 08/18/2017 +ms.reviewer: +manager: laurawi +ms.author: greglin +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/planning/windows-10-fall-creators-removed-features.md b/windows/deployment/planning/windows-10-fall-creators-removed-features.md index cec3ba7407..e343e3390c 100644 --- a/windows/deployment/planning/windows-10-fall-creators-removed-features.md +++ b/windows/deployment/planning/windows-10-fall-creators-removed-features.md @@ -5,8 +5,11 @@ ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -author: lizap +author: greg-lindsay ms.date: 10/09/2017 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.topic: article --- # Features removed or planned for replacement starting with Windows 10 Fall Creators Update (version 1709) diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index f1a6b4ae5c..e3f1be89ba 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -2,13 +2,15 @@ title: Windows 10 infrastructure requirements (Windows 10) description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: deploy, upgrade, update, hardware ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -author: mtniehaus -ms.date: 07/27/2017 +author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index 235406b45a..ad2f37a743 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -2,13 +2,15 @@ title: Windows To Go frequently asked questions (Windows 10) description: Windows To Go frequently asked questions ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: FAQ, mobile, device, USB ms.prod: w10 ms.mktglfcycl: deploy ms.pagetype: mobility ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,6 +21,9 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + The following list identifies some commonly asked questions about Windows To Go. - [What is Windows To Go?](#wtg-faq-whatis) @@ -178,7 +183,7 @@ In the **Windows To Go Startup Options** dialog box select **Yes** and then clic **Note**   Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization. -  + If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. @@ -193,7 +198,7 @@ For more detailed instructions, see the wiki article, [Tips for configuring your **Warning**   Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive. -  + ## Why isn’t my computer booting from USB? @@ -216,7 +221,7 @@ If the Windows To Go drive is removed, the computer will freeze and the user wil **Warning**   You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. -  + ## Can I use BitLocker to protect my Windows To Go drive? @@ -274,7 +279,7 @@ Windows To Go Creator and the recommended deployment steps for Windows To Go set **Warning**   It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. -  + ## I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? @@ -284,7 +289,7 @@ Windows To Go Creator and the recommended deployment steps for Windows To Go set **Warning**   It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. -  + ## Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? @@ -398,7 +403,7 @@ The host computer will now be able to be booted from a USB drive without trigger **Note**   The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. -  + ## I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? @@ -410,7 +415,7 @@ Reformatting the drive erases the data on the drive, but doesn’t reconfigure t **Note**   If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. -   + 2. Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt. @@ -447,9 +452,9 @@ There is no support in Windows for upgrading a Windows To Go drive. Deployed Win - [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) -  + -  + diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index ca27c8a82f..cb03e1e4d1 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -2,13 +2,15 @@ title: Windows To Go feature overview (Windows 10) description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: workspace, mobile, installation, image, USB, device, image, edu ms.prod: w10 ms.mktglfcycl: deploy ms.pagetype: mobility, edu ms.sitesec: library -author: mtniehaus -ms.date: 04/19/2017 +author: greg-lindsay ms.topic: article --- @@ -19,22 +21,22 @@ ms.topic: article - Windows 10 +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go: - [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif) - - [Roaming with Windows To Go](#bkmk-wtgroam) - - [Prepare for Windows To Go](#wtg-prep-intro) - - [Hardware considerations for Windows To Go](#wtg-hardware) **Note**   Windows To Go is not supported on Windows RT. -  + ## Differences between Windows To Go and a typical installation of Windows @@ -70,7 +72,7 @@ These same tools can be used to provision Windows To Go drive, just as you would **Important**   Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported. -  + As you decide what to include in your Windows To Go image, be sure to consider the following questions: @@ -104,7 +106,7 @@ As of the date of publication, the following are the USB drives currently certif **Warning**   Using a USB drive that has not been certified is not supported -  + - IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) @@ -123,14 +125,14 @@ Using a USB drive that has not been certified is not supported **Important**   You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720). -   + - Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) **Tip**   This device contains an embedded smart card. -   + - Super Talent Express RC4 for Windows To Go @@ -203,7 +205,7 @@ The following table details the characteristics that the host computer must have -  + **Checking for architectural compatibility between the host PC and the Windows To Go drive** @@ -246,7 +248,7 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W -  + ## Additional resources @@ -272,9 +274,9 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W - [Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md) -  + -  + diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index e6de252a4c..f1806c4074 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -8,7 +8,10 @@ ms.prod: w10 ms.sitesec: library ms.pagetype: deploy ms.date: 12/05/2018 -author: jaimeo +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.topic: article --- diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md index 4f438b5701..a4ce531e9b 100644 --- a/windows/deployment/update/PSFxWhitepaper.md +++ b/windows/deployment/update/PSFxWhitepaper.md @@ -5,10 +5,12 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: Jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 10/18/2018 +ms.reviewer: +manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 7a21b2cf52..ea49f083a2 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -5,10 +5,12 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 03/01/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md index 85a1a19aaf..e6962491e6 100644 --- a/windows/deployment/update/change-history-for-update-windows-10.md +++ b/windows/deployment/update/change-history-for-update-windows-10.md @@ -4,9 +4,11 @@ description: This topic lists new and updated topics in the Update Windows 10 do ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin -ms.author: daniha +author: greg-lindsay +ms.author: greglin ms.date: 09/18/2018 +ms.reviewer: +manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index e520727586..a81062fdc3 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -6,9 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.date: 10/29/2018 +ms.reviewer: +manager: laurawi ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article @@ -32,7 +34,7 @@ Device Health is offered as a *solution* which you link to a new or existing [Az 1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal. - >[!NOTE] + >[!NOTE] > Device Health is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Device Health, but no Azure charges are expected to accrue to the subscription as a result of using Device Health. 2. In the Azure portal select **Create a resource**, search for "Device Health", and then select **Create** on the **Device Health** solution. diff --git a/windows/deployment/update/device-health-monitor.md b/windows/deployment/update/device-health-monitor.md index 87450cc71f..8fe9a785eb 100644 --- a/windows/deployment/update/device-health-monitor.md +++ b/windows/deployment/update/device-health-monitor.md @@ -1,5 +1,7 @@ --- title: Monitor the health of devices with Device Health +ms.reviewer: +manager: laurawi description: You can use Device Health in Azure Portal to monitor the frequency and causes of crashes and misbehaving apps on devices in your network. keywords: oms, operations management suite, wdav, health, log analytics ms.prod: w10 @@ -7,8 +9,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.collection: M365-analytics ms.topic: article --- diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md index e43a16c46f..96987d01b7 100644 --- a/windows/deployment/update/device-health-using.md +++ b/windows/deployment/update/device-health-using.md @@ -1,5 +1,7 @@ --- title: Using Device Health +ms.reviewer: +manager: laurawi description: Explains how to begin usihg Device Health. ms.prod: w10 ms.mktglfcycl: deploy @@ -35,8 +37,8 @@ In Azure Portal, the aspects of a solution's dashboard are usually divided into ## Device Reliability -- [Frequently Crashing Devices](#frequently-crashing-devices) -- [Driver-Induced OS Crashes](#driver--induced-OS-crashes) +- [Frequently crashing devices](#frequently-crashing-devices) +- [Driver-induced OS crashes](#driver-induced-crashes) @@ -79,7 +81,7 @@ This displays device records sorted by date and crash details by failure ID, als -### Driver-Induced OS Crashes +### Driver-induced crashes This blade (on the right) displays drivers that have caused the most devices to crash in the last two weeks. If your crash rate is high, you can reduce the overall operating system crashes in your deployment by upgrading those drivers with a high crash rate. @@ -275,29 +277,29 @@ You can run these queries from the Azure Portal **Log Search** interface (availa ### Device reliability query examples -|Data|Query| -|-------------------|------------------------| -|Total devices| Type = DHOSReliability \| measure countdistinct(ComputerID) by Type| -|Number of devices that have crashed in the last three weeks| Type = DHOSReliability KernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by Type| -|Compare the percentage of your devices that have not crashed with the percentage of similar devices outside your organization ("similar" here means other commercial devices with the same mix of device models, operating system versions and update levels).| Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices by Type \| Display Table| -|As above, but sorted by device manufacturer| Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by Manufacturer \| sort NumberDevices desc \| Display Table| -|As above, but sorted by model| Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by ModelFamily\| sort NumberDevices desc \| Display Table| -|As above, but sorted by operating system version| Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by OSVersion \| sort NumberDevices desc \| Display Table| -|Crash rate trending in my organization compared to the commercial average. Each interval shows percentage of devices that crashed at least once in the trailing two weeks| Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices by TimeGenerated \| Display LineChart| -|Table of devices that have crashed the most in the last two weeks| Type = DHOSReliability KernelModeCrashCount > 0 \| Dedup ComputerID \| select Computer, KernelModeCrashCount \| sort TimeGenerated desc, KernelModeCrashCount desc \| Display Table| -|Detailed crash records, most recent first| Type = DHOSCrashData \| sort TimeGenerated desc, Computer asc \| display Table| -|Number of devices that crashed due to drivers| Type = DHDriverReliability DriverKernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by Type| -|Table of drivers that have caused the most devices to crash| Type = DHDriverReliability DriverKernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by DriverName \| Display Table| -|Trend of devices crashed by driver by day| * Type=DHOSCrashData DriverName!="ntkrnlmp.exe" DriverName IN {Type=DHOSCrashData \| measure count() by DriverName | top 5} \| measure countdistinct(ComputerID) as NumberDevices by DriverName interval 1day| -|Crashes for different versions of a given driver (replace netwtw04.sys with the driver you want from the previous list). This lets you get an idea of which *versions* of a given driver work best with your devices| Type = DHDriverReliability DriverName="netwtw04.sys" \| Dedup ComputerID \| sort TimeGenerated desc \| measure countdistinct(ComputerID) as InstallCount, sum(map(DriverKernelModeCrashCount,1,10000, 1)) as DevicesCrashed by DriverVersion \| Display Table| -|Top crashes by FailureID| Type =DHOSCrashData \| measure count() by KernelModeCrashFailureId \| Display Table| +| Data | Query | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Total devices | Type = DHOSReliability \| measure countdistinct(ComputerID) by Type | +| Number of devices that have crashed in the last three weeks | Type = DHOSReliability KernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by Type | +| Compare the percentage of your devices that have not crashed with the percentage of similar devices outside your organization ("similar" here means other commercial devices with the same mix of device models, operating system versions and update levels). | Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices by Type \| Display Table | +| As above, but sorted by device manufacturer | Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by Manufacturer \| sort NumberDevices desc \| Display Table | +| As above, but sorted by model | Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by ModelFamily\| sort NumberDevices desc \| Display Table | +| As above, but sorted by operating system version | Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices, countdistinct(ComputerID) as NumberDevices by OSVersion \| sort NumberDevices desc \| Display Table | +| Crash rate trending in my organization compared to the commercial average. Each interval shows percentage of devices that crashed at least once in the trailing two weeks | Type=DHOSReliability \| measure avg(map(KernelModeCrashCount, 1, 10000, 0, 1)) as MyOrgPercentCrashFreeDevices, avg(KernelModeCrashFreePercentForIndustry) as CommercialAvgPercentCrashFreeDevices by TimeGenerated \| Display LineChart | +| Table of devices that have crashed the most in the last two weeks | Type = DHOSReliability KernelModeCrashCount > 0 \| Dedup ComputerID \| select Computer, KernelModeCrashCount \| sort TimeGenerated desc, KernelModeCrashCount desc \| Display Table | +| Detailed crash records, most recent first | Type = DHOSCrashData \| sort TimeGenerated desc, Computer asc \| display Table | +| Number of devices that crashed due to drivers | Type = DHDriverReliability DriverKernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by Type | +| Table of drivers that have caused the most devices to crash | Type = DHDriverReliability DriverKernelModeCrashCount > 0 \| measure countdistinct(ComputerID) by DriverName \| Display Table | +| Trend of devices crashed by driver by day | \* Type=DHOSCrashData DriverName!="ntkrnlmp.exe" DriverName IN {Type=DHOSCrashData \| measure count() by DriverName | +| Crashes for different versions of a given driver (replace netwtw04.sys with the driver you want from the previous list). This lets you get an idea of which *versions* of a given driver work best with your devices | Type = DHDriverReliability DriverName="netwtw04.sys" \| Dedup ComputerID \| sort TimeGenerated desc \| measure countdistinct(ComputerID) as InstallCount, sum(map(DriverKernelModeCrashCount,1,10000, 1)) as DevicesCrashed by DriverVersion \| Display Table | +| Top crashes by FailureID | Type =DHOSCrashData \| measure count() by KernelModeCrashFailureId \| Display Table | ### Windows Information Protection (WIP) App Learning query examples -|Data|Query| -|-------------------|------------------------| -|Apps encountering policy boundaries on the most computers (click on an app in the results to see details including computer names)| Type=DHWipAppLearning \| measure countdistinct(ComputerID) as ComputerCount by AppName| -|Trend of App Learning activity for a given app. Useful for tracking activity before and after a rule change| Type=DHWipAppLearning AppName="MICROSOFT.SKYPEAPP" | measure countdistinct(ComputerID) as ComputerCount interval 1day| +| Data | Query | +|------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------| +| Apps encountering policy boundaries on the most computers (click on an app in the results to see details including computer names) | Type=DHWipAppLearning \| measure countdistinct(ComputerID) as ComputerCount by AppName | +| Trend of App Learning activity for a given app. Useful for tracking activity before and after a rule change | Type=DHWipAppLearning AppName="MICROSOFT.SKYPEAPP" | ### Exporting data and configuring alerts @@ -310,4 +312,4 @@ Azure Portal enables you to export data to other tools. To do this, in any view [Get started with Device Health](device-health-get-started.md)
                                      -For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics) \ No newline at end of file +For the latest information on Windows Analytics, including new features and usage tips, see the [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics) diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md index 925faca129..7b26d6be23 100644 --- a/windows/deployment/update/feature-update-conclusion.md +++ b/windows/deployment/update/feature-update-conclusion.md @@ -4,10 +4,12 @@ description: Final thoughts about how to deploy feature updates ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: greg-lindsay ms.localizationpriority: medium -ms.author: elizapo +ms.author: greglin ms.date: 07/09/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md index 1dd6d6e674..453f81384b 100644 --- a/windows/deployment/update/feature-update-maintenance-window.md +++ b/windows/deployment/update/feature-update-maintenance-window.md @@ -4,10 +4,12 @@ description: Learn how to deploy feature updates during a maintenance window ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: mcureton +author: greg-lindsay ms.localizationpriority: medium -ms.author: mikecure +ms.author: greglin ms.date: 07/09/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- @@ -100,7 +102,7 @@ loss of business information, or other pecuniary loss) arising out of the use of or documentation, even if Microsoft has been advised of the possibility of such damages. ``` ->[!NOTE] +>[!NOTE] >If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. ## Manually deploy feature updates @@ -110,64 +112,64 @@ The following sections provide the steps to manually deploy a feature update. ### Step 1: Specify search criteria for feature updates There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy. -1. In the Configuration Manager console, click **Software Library**. -2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. -3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps: +1. In the Configuration Manager console, click **Software Library**. +2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. +3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps: - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English. -4. Save the search for future use. +4. Save the search for future use. ### Step 2: Download the content for the feature update(s) Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. -1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. -2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download. +1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. +2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download. The **Download Software Updates Wizard** opens. -3. On the **Deployment Package** page, configure the following settings: +3. On the **Deployment Package** page, configure the following settings: **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: - - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. - - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. - - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. + - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. + - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. + - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. - >[!NOTE] + >[!NOTE] >The deployment package source location that you specify cannot be used by another software deployment package. - >[!IMPORTANT] + >[!IMPORTANT] >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. - >[!IMPORTANT] + >[!IMPORTANT] >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. Click **Next**. -4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). +4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). >[!NOTE] >The Distribution Points page is available only when you create a new software update deployment package. -5. On the **Distribution Settings** page, specify the following settings: +5. On the **Distribution Settings** page, specify the following settings: - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: - - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. - - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point. - - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. + - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. + - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point. + - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. - For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). + For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). Click **Next**. -6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: +6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting. - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. - >[!NOTE] - >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard. + >[!NOTE] + >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard. Click **Next**. -7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. -8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. -9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close. +7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. +8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. +9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close. #### To monitor content status 1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. @@ -178,76 +180,76 @@ Before you deploy the feature updates, you can download the content as a separat ### Step 3: Deploy the feature update(s) After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). -1. In the Configuration Manager console, click **Software Library**. -2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. -3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**. +1. In the Configuration Manager console, click **Software Library**. +2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. +3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**. The **Deploy Software Updates Wizard** opens. -4. On the General page, configure the following settings: +4. On the General page, configure the following settings: - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \\** - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. -5. On the Deployment Settings page, configure the following settings: +5. On the Deployment Settings page, configure the following settings: - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. - >[!IMPORTANT] - > After you create the software update deployment, you cannot later change the type of deployment. + >[!IMPORTANT] + > After you create the software update deployment, you cannot later change the type of deployment. - >[!NOTE] - >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured. + >[!NOTE] + >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured. - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required. - >[!WARNING] - >Before you can use this option, computers and networks must be configured for Wake On LAN. + >[!WARNING] + >Before you can use this option, computers and networks must be configured for Wake On LAN. - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. -6. On the Scheduling page, configure the following settings: +6. On the Scheduling page, configure the following settings: - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. - >[!NOTE] - >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time. + >[!NOTE] + >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time. - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients: - - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation. + - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation. - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. - >[!NOTE] - >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. + >[!NOTE] + >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links. - >[!NOTE] + >[!NOTE] >The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#computer-agent). -7. On the User Experience page, configure the following settings: +7. On the User Experience page, configure the following settings: - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**. - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows). - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. - >[!IMPORTANT] - >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation. + >[!IMPORTANT] + >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation. - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. - >[!NOTE] - >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. + >[!NOTE] + >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. -8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. +8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. >[!NOTE] >You can review recent software updates alerts from the Software Updates node in the Software Library workspace. -9. On the Download Settings page, configure the following settings: +9. On the Download Settings page, configure the following settings: - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content. - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. - >[!NOTE] - >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). + >[!NOTE] + >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 11. Click **Next** to deploy the feature update(s). diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md index eb6c6695aa..a155145546 100644 --- a/windows/deployment/update/feature-update-mission-critical.md +++ b/windows/deployment/update/feature-update-mission-critical.md @@ -4,10 +4,12 @@ description: Learn how to deploy feature updates to your mission critical device ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: mcureton +author: greg-lindsay ms.localizationpriority: medium -ms.author: mikecure +ms.author: greglin ms.date: 07/10/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- @@ -38,4 +40,4 @@ Use the following information: - [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md) - [Deploy feature updates for user-initiated installations](feature-update-user-install.md) -- [Conclusion](feature-update-conclusion.md) \ No newline at end of file +- [Conclusion](feature-update-conclusion.md) diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md index 88f1e895d2..489c2fcbfd 100644 --- a/windows/deployment/update/feature-update-user-install.md +++ b/windows/deployment/update/feature-update-user-install.md @@ -4,10 +4,12 @@ description: Learn how to manually deploy feature updates ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: mcureton +author: greg-lindsay ms.localizationpriority: medium -ms.author: mikecure +ms.author: greglin ms.date: 07/10/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- @@ -78,7 +80,7 @@ loss of business information, or other pecuniary loss) arising out of the use of or documentation, even if Microsoft has been advised of the possibility of such damages. ``` ->[!NOTE] +>[!NOTE] >If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. ## Manually deploy feature updates in a user-initiated installation @@ -88,64 +90,64 @@ The following sections provide the steps to manually deploy a feature update. ### Step 1: Specify search criteria for feature updates There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy. -1. In the Configuration Manager console, click **Software Library**. -2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. -3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps: +1. In the Configuration Manager console, click **Software Library**. +2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. +3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps: - In the **search** text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English. -4. Save the search for future use. +4. Save the search for future use. ### Step 2: Download the content for the feature update(s) Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. -1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. -2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**. +1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. +2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**. The **Download Software Updates Wizard** opens. -3. On the **Deployment Package** page, configure the following settings: +3. On the **Deployment Package** page, configure the following settings: **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: - - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. - - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. - - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. + - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. + - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. + - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. - >[!NOTE] - >The deployment package source location that you specify cannot be used by another software deployment package. + >[!NOTE] + >The deployment package source location that you specify cannot be used by another software deployment package. - >[!IMPORTANT] - >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. + >[!IMPORTANT] + >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. - >[!IMPORTANT] - >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. + >[!IMPORTANT] + >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. Click **Next**. -4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). +4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). >[!NOTE] >The Distribution Points page is available only when you create a new software update deployment package. -5. On the **Distribution Settings** page, specify the following settings: +5. On the **Distribution Settings** page, specify the following settings: - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: - - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. - - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point. - - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. + - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. + - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point. + - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. - For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). + For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). Click **Next**. -6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: +6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting. - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. - >[!NOTE] - >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard. + >[!NOTE] + >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard. Click **Next**. -7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. -8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. -9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**. +7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. +8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. +9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**. #### To monitor content status 1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. @@ -156,76 +158,76 @@ Before you deploy the feature updates, you can download the content as a separat ### Step 3: Deploy the feature update(s) After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). -1. In the Configuration Manager console, click **Software Library**. -2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. -3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**. +1. In the Configuration Manager console, click **Software Library**. +2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. +3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**. The **Deploy Software Updates Wizard** opens. -4. On the General page, configure the following settings: +4. On the General page, configure the following settings: - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \\** - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. -5. On the Deployment Settings page, configure the following settings: +5. On the Deployment Settings page, configure the following settings: - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. - >[!IMPORTANT] - > After you create the software update deployment, you cannot later change the type of deployment. + >[!IMPORTANT] + > After you create the software update deployment, you cannot later change the type of deployment. - >[!NOTE] - >A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured. + >[!NOTE] + >A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured. - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when **Type of deployment** is set to **Required**. - >[!WARNING] - >Before you can use this option, computers and networks must be configured for Wake On LAN. + >[!WARNING] + >Before you can use this option, computers and networks must be configured for Wake On LAN. - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. -6. On the Scheduling page, configure the following settings: +6. On the Scheduling page, configure the following settings: - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. - **Software available time**: Select **Specific time** to specify when the software updates will be available to clients: - - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment is not available for installation until after the specified date and time are reached and the required content has been downloaded. + - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment is not available for installation until after the specified date and time are reached and the required content has been downloaded. - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. - >[!NOTE] - >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. + >[!NOTE] + >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. - - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window. + - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window. - Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients will start downloading the content based on a randomized time. The feature update will not be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation will start immediately when initiated. + Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients will start downloading the content based on a randomized time. The feature update will not be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation will start immediately when initiated. -7. On the User Experience page, configure the following settings: +7. On the User Experience page, configure the following settings: - **User notifications**: Specify **Display in Software Center and show all notifications**. - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. - >[!NOTE] - >Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window. + >[!NOTE] + >Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window. - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. - >[!IMPORTANT] - >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation. + >[!IMPORTANT] + >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation. - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. - >[!NOTE] - >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. + >[!NOTE] + >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. -8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. +8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. >[!NOTE] >You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace. -9. On the Download Settings page, configure the following settings: +9. On the Download Settings page, configure the following settings: - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content. - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. - >[!NOTE] - >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). + >[!NOTE] + >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 11. Click **Next** to deploy the feature update(s). @@ -234,4 +236,4 @@ After you deploy the feature update(s), you can monitor the deployment status. U 1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 2. Click the software update group or software update for which you want to monitor the deployment status. -3. On the **Home** tab, in the **Deployment** group, click **View Status**. \ No newline at end of file +3. On the **Home** tab, in the **Deployment** group, click **View Status**. diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index a87578d48a..9940f89253 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -5,10 +5,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: article -ms.author: elizapo -author: lizap +ms.author: greglin +author: greg-lindsay ms.localizationpriority: medium ms.date: 03/13/2019 +ms.reviewer: +manager: laurawi ms.topic: article --- # How to make Features on Demand and language packs available when you're using WSUS/SCCM diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 72ac510693..34a10dc134 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -4,10 +4,12 @@ description: Learn how Windows Update works, including architecture and troubles ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: greg-lindsay ms.localizationpriority: medium -ms.author: elizapo +ms.author: greglin ms.date: 09/18/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png b/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png index 7b1b17ac18..9e37eda7a6 100644 Binary files a/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png and b/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png differ diff --git a/windows/deployment/update/images/azure-portal-LAfav1.png b/windows/deployment/update/images/azure-portal-LAfav1.png index 64ae8b1d74..1c01cc7509 100644 Binary files a/windows/deployment/update/images/azure-portal-LAfav1.png and b/windows/deployment/update/images/azure-portal-LAfav1.png differ diff --git a/windows/deployment/update/images/azure-portal-LAmain-wkspc-subname-sterile.png b/windows/deployment/update/images/azure-portal-LAmain-wkspc-subname-sterile.png index b9cfa6bbc1..afdfbb2d21 100644 Binary files a/windows/deployment/update/images/azure-portal-LAmain-wkspc-subname-sterile.png and b/windows/deployment/update/images/azure-portal-LAmain-wkspc-subname-sterile.png differ diff --git a/windows/deployment/update/images/azure-portal-UR-settings.png b/windows/deployment/update/images/azure-portal-UR-settings.png index c716134e9a..d8a5a3594d 100644 Binary files a/windows/deployment/update/images/azure-portal-UR-settings.png and b/windows/deployment/update/images/azure-portal-UR-settings.png differ diff --git a/windows/deployment/update/images/temp-azure-portal-soltn-setting.png b/windows/deployment/update/images/temp-azure-portal-soltn-setting.png index e757a3d3c0..70815abf46 100644 Binary files a/windows/deployment/update/images/temp-azure-portal-soltn-setting.png and b/windows/deployment/update/images/temp-azure-portal-soltn-setting.png differ diff --git a/windows/deployment/update/images/waas-wufb-3-rings.png b/windows/deployment/update/images/waas-wufb-3-rings.png new file mode 100644 index 0000000000..5c8b7ec1ee Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-3-rings.png differ diff --git a/windows/deployment/update/images/waas-wufb-fast-ring.png b/windows/deployment/update/images/waas-wufb-fast-ring.png new file mode 100644 index 0000000000..48f91a262f Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-fast-ring.png differ diff --git a/windows/deployment/update/images/waas-wufb-pause.png b/windows/deployment/update/images/waas-wufb-pause.png new file mode 100644 index 0000000000..b8ea2c8df9 Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-pause.png differ diff --git a/windows/deployment/update/images/waas-wufb-pilot-problem.png b/windows/deployment/update/images/waas-wufb-pilot-problem.png new file mode 100644 index 0000000000..b3fbf0aaad Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-pilot-problem.png differ diff --git a/windows/deployment/update/images/waas-wufb-policy-pause.png b/windows/deployment/update/images/waas-wufb-policy-pause.png new file mode 100644 index 0000000000..b8ea2c8df9 Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-policy-pause.png differ diff --git a/windows/deployment/update/images/waas-wufb-slow-ring.png b/windows/deployment/update/images/waas-wufb-slow-ring.png new file mode 100644 index 0000000000..b14aba135f Binary files /dev/null and b/windows/deployment/update/images/waas-wufb-slow-ring.png differ diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 65cd936797..54fa43fd13 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -1,12 +1,14 @@ --- title: Olympia Corp enrollment guidelines description: Olympia Corp enrollment guidelines -ms.author: jaimeo +ms.author: dolmont ms.topic: article ms.prod: w10 ms.technology: windows -author: jaimeo +author: dulcemontemayor ms.date: 03/02/2018 +ms.reviewer: +manager: dansimp keywords: insider, trial, enterprise, lab, corporation, test --- diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 900593d031..99e3295e19 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -4,10 +4,12 @@ description: Servicing stack updates improve the code that installs the other up ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: Jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 11/29/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index 23981b631a..f89a5f7dbf 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -1,12 +1,14 @@ --- title: Delivery Optimization in Update Compliance (Windows 10) +ms.reviewer: +manager: laurawi description: new Delivery Optimization data displayed in Update Compliance ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin keywords: oms, operations management suite, optimization, downloads, updates, log analytics ms.localizationpriority: medium ms.collection: M365-analytics diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md index 4dbf3ca380..eb806c7b40 100644 --- a/windows/deployment/update/update-compliance-feature-update-status.md +++ b/windows/deployment/update/update-compliance-feature-update-status.md @@ -1,12 +1,14 @@ --- title: Update Compliance - Feature Update Status report +ms.reviewer: +manager: laurawi description: an overview of the Feature Update Status report ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: Jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.collection: M365-analytics ms.topic: article --- @@ -32,3 +34,16 @@ Refer to the following list for what each state means: * Devices that have failed the given feature update installation are counted as **Update failed**. * If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category. +## Compatibility holds + +Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device’s upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release. + +To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status). + +### Opting out of compatibility hold + +Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired. To opt out, set the registry key **HKLM\Software\Microsoft\Windows NT\CurrentVersion\502505fe-762c-4e80-911e-0c3fa4c63fb0** to a name of **DataRequireGatedScanForFeatureUpdates** and a value of **0**. + + +Setting this registry key to **0** will force the device to opt out from *all* compatibility holds. Any other value, or deleting the key, will resume compatibility protection on the device. + diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 8c901a3962..a62a880de1 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -1,13 +1,15 @@ --- title: Get started with Update Compliance (Windows 10) +ms.reviewer: +manager: laurawi description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network. keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: Jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article @@ -39,29 +41,29 @@ Update Compliance is offered as a solution which is linked to a new or existing > [!NOTE] > Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance. -2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below. +2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below. ![Update Compliance marketplace search results](images/UC_00_marketplace_search.png) -3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure. +3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure. ![Update Compliance solution creation](images/UC_01_marketplace_create.png) -4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution. - - If you already have another Windows Analytics solution, you should use the same workspace. - - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started: - - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*. - - For the resource group setting select **Create new** and use the same name you chose for your new workspace. - - For the location setting, choose the Azure region where you would prefer the data to be stored. - - For the pricing tier select **per GB**. +4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution. + - If you already have another Windows Analytics solution, you should use the same workspace. + - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started: + - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*. + - For the resource group setting select **Create new** and use the same name you chose for your new workspace. + - For the location setting, choose the Azure region where you would prefer the data to be stored. + - For the pricing tier select **per GB**. ![Update Compliance workspace creation](images/UC_02_workspace_create.png) -5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**. +5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**. ![Update Compliance workspace selection](images/UC_03_workspace_select.png) -6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**. +6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**. ![Update Compliance deployment successful](images/UC_04_resourcegrp_deployment_successful.png) diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 5ce705a7fa..44c72f9275 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -1,13 +1,15 @@ --- title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10) +ms.reviewer: +manager: laurawi description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network. keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: Jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md index 54f7f8e186..1dff2b7467 100644 --- a/windows/deployment/update/update-compliance-need-attention.md +++ b/windows/deployment/update/update-compliance-need-attention.md @@ -1,12 +1,14 @@ --- title: Update Compliance - Need Attention! report +ms.reviewer: +manager: laurawi description: an overview of the Update Compliance Need Attention! report ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: Jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.collection: M365-analytics ms.topic: article --- diff --git a/windows/deployment/update/update-compliance-perspectives.md b/windows/deployment/update/update-compliance-perspectives.md index f0403b00c8..44de7e6407 100644 --- a/windows/deployment/update/update-compliance-perspectives.md +++ b/windows/deployment/update/update-compliance-perspectives.md @@ -1,12 +1,14 @@ --- title: Update Compliance - Perspectives +ms.reviewer: +manager: laurawi description: an overview of Update Compliance Perspectives ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.collection: M365-analytics ms.topic: article --- @@ -23,6 +25,8 @@ The first blade is the **Build Summary** blade. This blade summarizes the most i The second blade is the **Deferral Configurations** blade, breaking down Windows Update for Business deferral settings (if any). +## Deployment status + The third blade is the **Deployment Status** blade. This defines how many days it has been since the queried version has been released, and breaks down the various states in the update funnel each device has reported to be in. The possible states are as follows: | State | Description | @@ -35,6 +39,9 @@ The third blade is the **Deployment Status** blade. This defines how many days i | Blocked | There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. | | Unknown | Devices that do not report detailed information on the status of their updates will report Unknown. This is most likely devices that do not use Windows Update for deployment. | | Update paused | These devices have Windows Update for Business pause enabled, preventing this update from being installed. | +| Failed | A device is unable to install an update. This failure could be linked to a serious error in the update installation process or, in some cases, a [compatibility hold](update-compliance-feature-update-status.md#compatibility-holds). | + +## Detailed deployment status The final blade is the **Detailed Deployment Status** blade. This blade breaks down the detailed stage of deployment a device is in, beyond the generalized terms defined in Deployment Status. The following are the possible stages a device can report: @@ -44,6 +51,7 @@ The final blade is the **Detailed Deployment Status** blade. This blade breaks d | Update paused | The device’s Windows Update for Business policy dictates the update is paused from being offered. | | Update offered | The device has been offered the update, but has not begun downloading it. | | Pre-Download tasks passed | The device has finished all necessary tasks prior to downloading the update. | +| Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) | | Download Started | The update has begun downloading on the device. | | Download Succeeded | The update has successfully completed downloading. | | Pre-Install Tasks Passed | Tasks that must be completed prior to installing the update have been completed. | diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md index 8b8961fa18..d299981e93 100644 --- a/windows/deployment/update/update-compliance-security-update-status.md +++ b/windows/deployment/update/update-compliance-security-update-status.md @@ -1,11 +1,13 @@ --- title: Update Compliance - Security Update Status report +ms.reviewer: +manager: laurawi description: an overview of the Security Update Status report ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: Jaimeo +author: jaimeo ms.author: jaimeo ms.collection: M365-analytics ms.topic: article @@ -22,9 +24,48 @@ The **Overall Security Update Status** blade provides a visualization of devices The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows 10, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization. The various deployment states reported by devices are as follows: -* **Installed** devices are devices that have completed installation for the given update. -* When a device is counted as **In Progress or Deferred**, it has either begun the installation process for the given update or has been intentionally deferred or paused using Windows Update for Business Settings. -* Devices that have **Update Issues** have failed to update at some point during the installation process of the given security update or have not seen progress for a period of seven days. -* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. This is most often devices that have not scanned for an update in some time, or devices not being managed through Windows Update. + +## Deployment status +Deployment status summarizes detailed status into higher-level states to get a quick sense of the status the given device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported deployment status. + +|Deployment status |Description | +|---------|---------| +|Failed | The device encountered a failure during the update process. Note that due to latency, devices reporting this status may have since retried the update. | +|Progress stalled | he device started the update process, but no progress has been reported in the last 7 days. | +|Deferred | The device is currently deferring the update process due to Windows Update for Business policies. | +|In progress | The device has begun the updating process for this update. This status appears if the device is in any stage of the update process including and after download, but before completing the update. If no progress has been reported in the last 7 days, devices will move to **Progress stalled**.** | +|Update completed | The device has completed the update process. | +|Update paused | The device is prevented from being offered the update due to updates being paused on the device. | +|Unknown | No record is available for this device relative to this update. This is a normal status if an update has recently been released or if the device does not use Windows Update. | + + +## Detailed status +Detailed status provides a detailed stage-level representation of where in the update process the device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported detailed status. + + +|Detaild status |Description | +|---------|---------| +|Scheduled in next X days | The device is currently deferring the update with Windows Update for Business policies but will be offered the update within the next X days. | +|Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) | +|Update deferred | The device is currently deferring the update with Windows Update for Business policies. | +|Update paused | The device is prevented from being offered the update due to updates being paused on the device. | +|Update offered | The device has been offered the update by Windows Update but has not yet begun to download it. | +|Download started | The device has begun downloading the update. | +|Download succeeded | The device has finished downloading the update but has not yet begun installing the update. | +|Install started | The device has begun installing the update. | +|PreInstall task passed | The device has passed checks prior to beginning the rest of the installation process after a restart. | +|Reboot required | The device requires a restart to install the update, but one has not yet been scheduled. | +|Reboot pending | The device is pending a restart to install the update. | +|Reboot initiated | The device reports "Reboot initiated" just before actually restarting specifically to apply the update. | +|Commit | The device, after a restart, is committing changes relevant to the update. | +|Finalize succeeded | The device has finished final tasks after a restart to apply the update. | +|Update successful | The device has successfully applied the update. | +|Cancelled | The update was cancelled at some point in the update process. | +|Uninstalled | The update was successfully uninstalled from the device. | +|Rollback | The update failed to apply during the update process, causing the device to roll back changes and revert to the previous update. | + + + + The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section. diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 356f7c7af8..77c1d488c8 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -1,13 +1,15 @@ --- title: Using Update Compliance (Windows 10) +ms.reviewer: +manager: laurawi description: Explains how to begin usihg Update Compliance. keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article @@ -51,7 +53,7 @@ Update Compliance’s overview blade summarizes all the data Update Compliance p * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. * AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus. -The blade also provides the time at which your Update Compliance workspace was [refreshed](#data-latency). +The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). The following is a breakdown of the different sections available in Update Compliance: * [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates. @@ -65,6 +67,7 @@ The following is a breakdown of the different sections available in Update Compl Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows: Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate that each data type is sent and how long it takes to be ready for Update Compliance varies, roughly outlined below. + | Data Type | Refresh Rate | Data Latency | |--|--|--| |WaaSUpdateStatus | Once per day |4 hours | @@ -88,4 +91,4 @@ See below for a few topics related to Log Analytics: ## Related topics -[Get started with Update Compliance](update-compliance-get-started.md) \ No newline at end of file +[Get started with Update Compliance](update-compliance-get-started.md) diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md index 7a8e65c4a5..2298c263fd 100644 --- a/windows/deployment/update/update-compliance-wd-av-status.md +++ b/windows/deployment/update/update-compliance-wd-av-status.md @@ -1,12 +1,14 @@ --- title: Update Compliance - Windows Defender AV Status report +ms.reviewer: +manager: laurawi description: an overview of the Windows Defender AV Status report ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: greg-lindsay +ms.author: greglin ms.collection: M365-analytics ms.topic: article --- @@ -33,4 +35,4 @@ Here are some important terms to consider when using the Windows Defender AV Sta * **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared. ## Windows Defender data latency -Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days. \ No newline at end of file +Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days. diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index 5181cd933e..ec58b75fbc 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -4,10 +4,12 @@ description: Use BranchCache to optimize network bandwidth during update deploym ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 07/27/2017 +ms.reviewer: +manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 83d145df77..2ca9caa0b5 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -1,12 +1,14 @@ --- title: Configure Windows Update for Business (Windows 10) +ms.reviewer: +manager: laurawi description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.topic: article --- diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 582639b74e..415928e9ba 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -1,13 +1,15 @@ --- title: Delivery Optimization reference +ms.reviewer: +manager: laurawi description: Reference of all Delivery Optimization settings and descriptions of same keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JaimeO +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -37,7 +39,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | --- | --- | --- | | [Download mode](#download-mode) | DODownloadMode | 1511 | | [Group ID](#group-id) | DOGroupID | 1511 | -| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | +| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | | [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | | [Max Cache Age](#max-cache-age) | DOMaxCacheAge | 1511 | | [Max Cache Size](#max-cache-size) | DOMaxCacheSize | 1511 | @@ -59,6 +61,8 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | | [Delay background download from http (in secs)](#delay-background-download-from-http-in-secs) | DODelayBackgroundDownloadFromHttp | 1803 | | [Delay foreground download from http (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | +| [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | +| [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | ### More detail on Delivery Optimization settings: @@ -70,7 +74,7 @@ Delivery Optimization uses locally cached updates. In cases where devices have a - The system drive is the default location for the Delivery Optimization cache. [Modify Cache Drive](#modify-cache-drive) allows administrators to change that location. >[!NOTE] ->It is possible to configure preferred cache devices. For more information, see [Set “preferred” cache devices for Delivery Optimization](#set-preferred-cache-devices). +>It is possible to configure preferred cache devices. For more information, see [Group ID](#group-id). All cached files have to be above a set minimum size. This size is automatically set by the Delivery Optimization cloud services, but when local storage is sufficient and the network isn't strained or congested, administrators might choose to change it to obtain increased performance. You can set the minimum size of files to cache by adjusting [Minimum Peer Caching Content File Size](#minimum-peer-caching-content-file-size). @@ -79,8 +83,8 @@ Additional options available that control the impact Delivery Optimization has o - [Max Upload Bandwidth](#max-upload-bandwidth) controls the Delivery Optimization upload bandwidth usage. - [Monthly Upload Data Cap](#monthly-upload-data-cap) controls the amount of data a client can upload to peers each month. - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This is achieved by adjusting the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network. -- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. -- [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. +- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the **maximum foreground download bandwidth** that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth. +- [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the **maximum background download bandwidth** that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth. - [Set Business Hours to Limit Background Download Bandwidth](#set-business-hours-to-limit-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. - [Set Business Hours to Limit Foreground Download Bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. - [Select a method to restrict Peer Selection](#select-a-method-to-restrict-peer-selection) restricts peer selection by the options you select. @@ -89,7 +93,7 @@ Additional options available that control the impact Delivery Optimization has o - [Delay foreground download from http (in secs)](#delay-foreground-download-from-http-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use P2P. Administrators can further customize scenarios where Delivery Optimization will be used with the following settings: -- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled. +- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled. - [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled. - [Enable Peer Caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) allows clients connected through VPN to use peer caching. - [Allow uploads while the device is on battery while under set Battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) controls the minimum battery level required for uploads to occur. You must enable this policy to allow upload while on battery. @@ -190,14 +194,18 @@ Starting in Windows 10, version 1803, specifies the maximum foreground download Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. Currently the only available option is **1 = Subnet mask** This option (Subnet mask) applies to both Download Modes LAN (1) and Group (2). - - ### Delay background download from http (in secs) Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. ### Delay foreground download from http (in secs) Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. +### Delay Foreground Download Cache Server Fallback (in secs) +Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If you set the policy to delay foreground download from http, it will apply first (to allow downloads from peers first). + +### Delay Background Download Cache Server Fallback (in secs) +Starting in Windows 10, version 1903, set this policy to delay the fallback from cache server to the HTTP source for a background content download by X seconds. If you set the policy to delay background download from http, it will apply first (to allow downloads from peers first). + ### Minimum Background QoS This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from Windows Update servers or WSUS. Simply put, the lower this value is, the more content will be sourced using peers on the network rather than Windows Update. The higher this value, the more content is received from Windows Update servers or WSUS, versus peers on the local network. @@ -221,3 +229,5 @@ The device can download from peers while on battery regardless of this policy. >[!IMPORTANT] > By default, devices **will not upload while on battery**. To enable uploads while on battery, you need to enable this policy and set the battery value under which uploads pause. + + diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index e846ff795e..848ed759c2 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -1,13 +1,15 @@ --- title: Set up Delivery Optimization +ms.reviewer: +manager: laurawi description: Delivery Optimization is a new peer-to-peer distribution method in Windows 10 keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JaimeO +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -48,7 +50,7 @@ Quick-reference table: For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group is the authenticated domain or Active Directory site. If your domain-based group is too wide, or your Active Directory sites aren’t aligned with your site network topology, then you should consider additional options for dynamically creating groups, for example by using the GroupIDSrc parameter. -[//]: # (is there a topic on GroupIDSrc we can link to?) + To do this in Group Policy go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**. @@ -97,8 +99,11 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** ## Monitor Delivery Optimization [//]: # (How to tell if it’s working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%) -### Windows PowerShell cmdlets for analyzing usage -**Starting in Windows 10, version 1703**, you can use two new PowerShell cmdlets to check the performance of Delivery Optimization: +### Windows PowerShell cmdlets + +**Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization. + +#### Analyze usage `Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs. @@ -113,9 +118,11 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** | BytesfromHTTP | Total number of bytes received over HTTP | | DownloadDuration | Total download time in seconds | | Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) | - - -  +| NumPeers | Indicates the total number of peers returned from the service. | +| PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. | +| ExpireOn | The target expiration date and time for the file. | +| Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | + `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: - Number of files downloaded  @@ -129,9 +136,35 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** Using the `-Verbose` option returns additional information: - Bytes from peers (per type)  -- Bytes from CDN  (the number of bytes received over HTTP) +- Bytes from CDN (the number of bytes received over HTTP) - Average number of peer connections per download  +Starting in Window 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status. + +Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month. + +#### Manage the Delivery Optimization cache + +**Starting in Windows 10, version 1903:** + +`set-DeliveryOptimizationStatus -ExpireOn [date time]` extends the expiration of all files in the cache. You can set the expiration immediately for all files that are in the "caching" state. For files in progress ("downloading"), the expiration is applied once the download is complete. You can set the expiration up to one year from the current date and time. + +`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache. + +You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3. + +`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation. + +`set-DeliveryOptimizationStatus -Pin [False] -File ID [FileID]` "unpins" a file, so that it will be deleted when the expiration date and time are rreached. The file is included in the cache quota calculation. + +`delete-DeliveryOptimizationCache` lets you clear files from the cache and remove all persisted data related to them. You can use these options with this cmdlet: + +- `-FileID` specifies a particular file to delete. +- `-IncludePinnedFiles` deletes all files that are pinned. +- `-Force` deletes the cache with no prompts. + + +#### Work with Delivery Optimization logs **Starting in Windows 10, version 1803:** @@ -143,9 +176,7 @@ Log entries are written to the PowerShell pipeline as objects. To dump logs to a [//]: # (section on what to look for in logs, list of peers, connection failures) -`Get-DeliveryOptimizationPerfSnapThisMonth` -Returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month. [//]: # (possibly move to Troubleshooting) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 1c13688e4e..a2b5054ca7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -1,13 +1,15 @@ --- title: Configure Delivery Optimization for Windows 10 updates (Windows 10) +ms.reviewer: +manager: laurawi description: Delivery Optimization is a peer-to-peer distribution method in Windows 10 keywords: oms, operations management suite, wdav, updates, downloads, log analytics ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JaimeO +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -53,7 +55,9 @@ The following table lists the minimum Windows 10 version that supports Delivery | Win32 apps for Intune | 1709 | | SCCM Express Updates | 1709 + Configuration Manager version 1711 | -[//]: # (**Network requirements**) + @@ -72,7 +76,9 @@ You can use Group Policy or an MDM solution like Intune to configure Delivery Op You will find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**. In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**. -[//]: # (Starting with Windows Intune version 1902, you can set many Delivery Optimization policies as a profile which you can then apply to groups of devices. For more information, see {LINK}.) +Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows)) + +**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. ## Reference @@ -110,8 +116,49 @@ For the payloads (optional): **Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. -[//]: # (**What data does Delivery Optimization send to the service?**) -[//]: # (??????????????? I'm not sure we can avoid sharing this, per GDPR guidelines) +**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimizatio uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819). + + +## Troubleshooting + +This section summarizes common problems and some solutions to try. + +### If you don't see any bytes from peers + +If you don’t see any bytes coming from peers the cause might be one of the following issues: + +- Clients aren’t able to reach the Delivery Optimization cloud services. +- The cloud service doesn’t see other peers on the network. +- Clients aren’t able to connect to peers that are offered back from the cloud service. + + +### Clients aren't able to reach the Delivery Optimization cloud services. + +If you suspect this is the problem, try these steps: + +1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). +2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3. +3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. + + + +### The cloud service doesn't see other peers on the network. + +If you suspect this is the problem, try these steps: + +1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. +2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices. +3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero. +4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. + + +### Clients aren't able to connect to peers offered by the cloud service + +If you suspect this is the problem, try a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps: + +1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt. +2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. + diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index badacbf568..195f3a72a4 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -4,10 +4,12 @@ description: Deployment rings in Windows 10 are similar to the deployment groups ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 07/11/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 4bbd1a7ddc..e3d00db3ff 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -4,10 +4,12 @@ description: Use Windows Update for Business deployments with management tools s ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 07/27/2017 +ms.reviewer: +manager: laurawi ms.topic: article --- @@ -42,7 +44,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f - Admin has also put 3rd party drivers on WSUS - +
                                      ContentMetadata sourcePayload sourceDeferred?
                                      Updates to WindowsWindows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config1a.png)
                                      Updates to WindowsWindows UpdateWindows UpdateYesdiagram of content flow
                                      Updates to Office and other productsWSUSWSUSNo
                                      Third-party driversWSUSWSUSNo
                                      @@ -57,7 +59,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f - + @@ -77,7 +79,7 @@ In this example, the deferral behavior for updates to Office and other non-Windo
                                      ContentMetadata sourcePayload sourceDeferred?
                                      Updates to Windows (excluding drivers)Windows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config2.png)
                                      Updates to Windows (excluding drivers)Windows UpdateWindows UpdateYesdiagram of content flow
                                      Updates to Office and other productsWSUSWSUSNo
                                      DriversWSUSWSUSNo
                                      - +
                                      ContentMetadata sourcePayload sourceDeferred?
                                      Updates to Windows (excluding drivers)Microsoft UpdateMicrosoft UpdateYes![diagram of content flow](images/wufb-config3a.png)
                                      Updates to Windows (excluding drivers)Microsoft UpdateMicrosoft UpdateYesdiagram of content flow
                                      Updates to Office and other productsMicrosoft UpdateMicrosoft UpdateNo
                                      Drivers, third-party applicationsWSUSWSUSNo
                                      diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index dab2336165..cba86c0a75 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -4,10 +4,12 @@ description: System Center Configuration Manager provides maximum control over q ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 10/16/2017 +ms.reviewer: +manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 8b2a68dd3b..4d88af99d2 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -4,10 +4,12 @@ description: WSUS allows companies to defer, selectively approve, choose when de ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 10/16/2017 +ms.reviewer: +manager: laurawi ms.topic: article --- @@ -69,41 +71,41 @@ When using WSUS to manage updates on Windows client devices, start by configurin **To configure the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment** -1. Open GPMC. +1. Open GPMC. -2. Expand Forest\Domains\\*Your_Domain*. +2. Expand Forest\Domains\\*Your_Domain*. -3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**. +3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**. - ![Example of UI](images/waas-wsus-fig3.png) + ![Example of UI](images/waas-wsus-fig3.png) - >[!NOTE] - >In this example, the **Configure Automatic Updates** and **Intranet Microsoft Update Service Location** Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU. + >[!NOTE] + >In this example, the **Configure Automatic Updates** and **Intranet Microsoft Update Service Location** Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU. -4. In the **New GPO** dialog box, name the new GPO **WSUS – Auto Updates and Intranet Update Service Location**. +4. In the **New GPO** dialog box, name the new GPO **WSUS – Auto Updates and Intranet Update Service Location**. -5. Right-click the **WSUS – Auto Updates and Intranet Update Service Location** GPO, and then click **Edit**. +5. Right-click the **WSUS – Auto Updates and Intranet Update Service Location** GPO, and then click **Edit**. -6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update. +6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update. -7. Right-click the **Configure Automatic Updates** setting, and then click **Edit**. +7. Right-click the **Configure Automatic Updates** setting, and then click **Edit**. - ![Example of UI](images/waas-wsus-fig4.png) + ![Example of UI](images/waas-wsus-fig4.png) -8. In the **Configure Automatic Updates** dialog box, select **Enable**. +8. In the **Configure Automatic Updates** dialog box, select **Enable**. -9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**. +9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**. - ![Example of UI](images/waas-wsus-fig5.png) + ![Example of UI](images/waas-wsus-fig5.png) - >[!NOTE] - ?There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). + > [!NOTE] + > ?There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). -9. Right-click the **Specify intranet Microsoft update service location** setting, and then click **Edit**. +10. Right-click the **Specify intranet Microsoft update service location** setting, and then click **Edit**. -9. In the **Specify intranet Microsoft update service location** dialog box, select **Enable**. +11. In the **Specify intranet Microsoft update service location** dialog box, select **Enable**. -12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type **http://Your_WSUS_Server_FQDN:PortNumber**, and then click **OK**. +12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type http://Your_WSUS_Server_FQDN:PortNumber, and then click **OK**. >[!NOTE] >The URL `http://CONTOSO-WSUS1.contoso.com:8530` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance. @@ -246,7 +248,7 @@ The next time the clients in the **Ring 4 Broad Business Users** security group For clients that should have their feature updates approved as soon as they’re available, you can configure Automatic Approval rules in WSUS. >[!NOTE] ->WSUS respects the client’s servicing branch. If you approve a feature update while it is still Current Branch (CB), WSUS will install the update only on PCs that are in the CB servicing branch. When Microsoft releases the build for Current Branch for Business (CBB), the PCs in the CBB servicing branch will install it. +>WSUS respects the client’s servicing branch. If you approve a feature update while it is still Current Branch (CB), WSUS will install the update only on PCs that are in the CB servicing branch. When Microsoft releases the build for Current Branch for Business (CBB), the PCs in the CBB servicing branch will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS. **To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring** diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index be96b68e59..60a512e49c 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -1,5 +1,7 @@ --- title: Deploy updates using Windows Update for Business (Windows 10) +ms.reviewer: +manager: laurawi description: Windows Update for Business lets you manage when devices received updates from Windows Update. ms.prod: w10 ms.mktglfcycl: manage @@ -16,111 +18,89 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile - Windows Server 2016 - Windows Server 2019 +Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro for Workstation, and Education editions. + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) -Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined devices. Windows Update for Business leverages diagnostic data to provide reporting and insights into an organization's Windows 10 devices. - -Specifically, Windows Update for Business allows for: - -- The creation of deployment rings, where administrators can specify which devices go first in an update wave, and which ones will come later (to allow for reliability and performance testing on a subset of systems before rolling out updates across the organization). -- Selectively including or excluding drivers as part of Microsoft-provided updates -- Integration with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune. -- Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution. -- Control over diagnostic data level to provide reporting and insights in Windows Analytics. - -Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education editions. +Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. + +Specifically, Windows Update for Business allows for control over update offering and experience to allow for reliability and performance testing on a subset of systems before rolling out updates across the organization as well as a positive update experience for those within your organization. >[!NOTE] ->See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10. +> To use Windows Update for Business, you must allow devices to access the Windows Update service. -## Update types +## Types of updates managed by Windows Update for Business -Windows Update for Business provides three types of updates to Windows 10 devices: +Windows Update for Business provides management policies for several types of updates to Windows 10 devices: -- **Feature Updates**: previously referred to as *upgrades*, Feature Updates contain not only security and quality revisions, but also significant feature additions and changes; they are released semi-annually. -- **Quality Updates**: these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as Quality Updates. These non-Windows Updates are known as *Microsoft Updates* and devices can be optionally configured to receive such updates along with their Windows Updates. -- **Non-deferrable updates**: Currently, antimalware and antispyware Definition Updates from Windows Update cannot be deferred. +- **Feature updates:** previously referred to as upgrades, feature updates contain not only security and quality revisions, but also significant feature additions and changes; they are released semi-annually in the fall and in the spring. +- **Quality updates:** these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and can configure devices to receive or not receive such updates along with their Windows updates. +- **Driver updates:** these are non-Microsoft drivers that are applicable to your devices. Driver updates can be turned off by using Windows Update for Business policies. +- **Microsoft product updates**: these are updates for other Microsoft products, such as Office. These updates can be enabled or disabled by using Windows Update for Business policy. + + + +## Offering + +You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period of time. + +### Manage which updates are offered + +Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates. + +- Drivers (on/off): When "on," this policy will not include drivers with Windows Update. +- Microsoft product updates (on/off): When "on" this policy will install udpates for other Microsoft products. + + +### Manage when updates are offered +You can defer or pause the installation of updates for a set period of time. + +#### Defer or pause an update + +A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device (if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days). To defer feature updates use the **Select when Preview Builds and Feature Updates are Received** policy. + + +|Category |Maximum deferral | +|---------|---------| +|Feature updates | 365 days | +|Quality updates | 30 days | +|Non-deferrable | none | + +#### Pause an update + +If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days to prevent other devices from installing it until the issue is mitigated. + +If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set. + +To pause feature updates use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). + +#### Select branch readiness level for feature updates + +The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates: + +- Windows Insider Program for Business pre-release updates + - Windows Insider Fast + - Windows Insider Slow + - Windows Insider Release Preview +- Semi-annual Channel for released updates -Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded range of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device (if you set a deferral period of 365 days, the update will not be offered until 365 days after that update was released). - -| Category | Maximum deferral | Deferral increments | Example | WSUS classification GUID | -| --- | --- | --- | --- | --- | -| Feature Updates | 365 days | Days | From Windows 10, version 1511 to version 1607 maximum was 180 days.
                                      From Windows 10, version 1703 to version 1809, the maximum is 365 days. | 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 | -| Quality Updates | 30 days | Days | Security updates
                                      Drivers (optional)
                                      Non-security updates
                                      Microsoft updates (Office,Visual Studio, etc.) | 0FA1201D-4330-4FA8-8AE9-B877473B6441

                                      EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0

                                      CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83

                                      varies | -| Non-deferrable | No deferral | No deferral | Definition updates | E0789628-CE08-4437-BE74-2495B842F43B | - ->[!NOTE] ->For information about classification GUIDs, see [WSUS Classification GUIDs](https://msdn.microsoft.com/library/ff357803.aspx). - -## Windows Update for Business in various Windows 10 versions - -Windows Update for Business was first available in Windows 10, version 1511. This diagram lists new or changed capabilities and updated behavior in subsequent versions. - - -| Windows 10, version 1511 | 1607 | 1703 | 1709 | 1803 | 1809 | -| --- | --- | --- | --- | --- | --- | -| Defer quality updates
                                      Defer feature updates
                                      Pause updates | All 1511 features, plus: **WSUS integration** | All 1607 features, plus **Settings controls** | All 1703 features, plus **Ability to set slow vs. fast Insider Preview branch** | All 1709 features, plus **Uninstall updates remotely** | All 1803 features, plus **Option to use default automatic updates**
                                      **Ability to set separate deadlines for feature vs. quality updates**
                                      **Admins can prevent users from pausing updates** -## Managing Windows Update for Business with Group Policy - -The group policy path for Windows Update for Business has changed to correctly reflect its association to Windows Update for Business and provide the ability to easily manage pre-release Windows Insider Preview builds in Windows 10, version 1709. - -| Action | Windows 10 versions prior to 1709 | Windows 10 versions after 1709 | -| --- | --- | --- | -| Set Windows Update for Business Policies | Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Update | Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business | -| Manage Windows Insider Preview builds | Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds | Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business - *Manage preview builds* | -| Manage when updates are received | Select when Feature Updates are received | Select when Preview Builds and Feature Updates are received
                                      (Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business - **Select when Preview Builds and Feature Updates are received**) | - -## Managing Windows Update for Business with MDM - -Starting with Windows 10, version 1709, the Windows Update for Business settings in MDM were changed to correctly reflect the associations with Windows Update for Business and provide the ability to easily manage Windows Insider Preview builds in 1709. - -| Action | Windows 10 versions prior to 1709 | Windows 10 versions after 1709 | -| --- | --- | --- | -| Manage Windows Insider Preview builds | System/AllowBuildPreview | Update/ManagePreviewBuilds | -| Manage when updates are received | Select when Feature Updates are received | Select when Preview Builds and Feature Updates are received (Update/BranchReadinessLevel) | - -## Managing Windows Update for Business with Software Center Configuration Manager - -Starting with Windows 10, version 1709, you can assign a collection of devices to have dual scan enabled and manage that collection with Windows Update for Business policies. Starting with Windows 10, version 1809, you can set a collection of devices to receive the Windows Insider Preview Feature Updates from Windows Update from within Software Center Configuration Manager. - -| Action | Windows 10 versions between 1709 and 1809 | Windows 10 versions after 1809 | -| --- | --- | --- | -| Manage Windows Update for Business in Configuration Manager | Manage Feature or Quality Updates with Windows Update for Business via Dual Scan | Manage Insider pre-release builds with Windows Update for Business within Software Center Configuration Manager | - -## Managing Windows Update for Business with Windows Settings options -Windows Settings includes options to control certain Windows Update for Business features: - -- [Configure the readiness level](waas-configure-wufb.md#configure-devices-for-the-appropriate-service-channel) for a branch by using **Settings > Update & security > Windows Update > Advanced options** -- [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) by using Settings > Update & security > Window Update > Advanced options - -## Other changes in Windows Update for Business in Windows 10, version 1703 and later releases - - -### Pause and deferral periods - -The maximum pause time period is 35 days for both quality and feature updates. The maximum deferral period for feature updates is 365 days. - -Also, the pause period is calculated from the set start date. For more details, see [Pause Feature Updates](waas-configure-wufb.md#pause-feature-updates) and [Pause Quality Updates](waas-configure-wufb.md#pause-quality-updates). As a result, certain policy keys have different names; see the "Comparing keys in Windows 10, version 1607 to Windows 10, version 1703" section in [Configure Windows Update for Business](waas-configure-wufb.md) for details. +Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days will be calculated against a release’s Semi-annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy. ## Monitor Windows Updates by using Update Compliance -Update Compliance provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. +Update Compliance provides a holistic view of operating system update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. ![Update Compliance Dashboard](images/waas-wufb-update-compliance.png) For more information about Update Compliance, see [Monitor Windows Updates using Update Compliance](update-compliance-monitor.md). -## Manage Windows Update for Business with Intune - -Microsoft Intune provides the ability to configure Windows Update for Business settings on devices. Intune doesn’t store the updates, but only the update policy assignment. For more information, see [Manage software updates](https://docs.microsoft.com/intune/windows-update-for-business-configure). ## Steps to manage updates for Windows 10 diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index e9493106b4..64cc697106 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -4,10 +4,12 @@ description: tbd ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.date: 07/27/2017 +ms.reviewer: +manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index 59ac096f8d..829b1efc16 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -3,9 +3,11 @@ title: Windows as a service ms.prod: w10 ms.topic: article ms.manager: elizapo -author: lizap -ms.author: elizapo +author: greg-lindsay +ms.author: greglin ms.date: 12/19/2018 +ms.reviewer: +manager: laurawi ms.localizationpriority: high ms.topic: article --- @@ -28,9 +30,9 @@ Here's more news about [Windows as a service](windows-as-a-service.md):
                                    • Reducing Windows 10 Package Size Downloads for x64 Systems - September 26, 2018
                                    • Windows 7 Servicing Stack Updates: Managing Change and Appreciating Cumulative Updates - September 21, 2018
                                    • Helping customers shift to a modern desktop - September 6, 2018
                                      • -
                                    • Windows Update for Business & Windows Analytics: a real-world experience - September 5, 2018
                                      • -
                                    • What's next for Windows 10 and Windows Server quality updates - August 16, 2018
                                      • -
                                    • Windows 10 monthly updates - August 1, 2018 (**video**)
                                      • +
                                    • Windows Update for Business & Windows Analytics: a real-world experience - September 5, 2018
                                      • +
                                    • What's next for Windows 10 and Windows Server quality updates - August 16, 2018
                                      • +
                                    • Windows 10 monthly updates - August 1, 2018 (video)
                                    • Windows 10 update servicing cadence - August 1, 2018
                                    • Windows 10 quality updates explained and the end of delta updates - July 11, 2018
                                    • AI Powers Windows 10 April 2018 Update Rollout - June 14, 2018
                                      • diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index d44fb4db2e..13ebd08cdd 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -4,10 +4,12 @@ description: Two methods of peer-to-peer content distribution are available in W ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 09/24/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 3d46e34a86..82d2d4b3e1 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -5,10 +5,12 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: Jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 09/24/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -124,12 +126,12 @@ When Microsoft officially releases a feature update for Windows 10, it is made a Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release. ->[!NOTE] -All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. - - ->[!NOTE] ->Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools. +> [!NOTE] +> All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. +> +> +> [!NOTE] +> Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools. ### Long-term Servicing Channel diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 9ef541fce2..8a9f05b8e6 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -5,10 +5,12 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: Jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 10/17/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -69,8 +71,8 @@ Click the following Microsoft Mechanics video for an overview of the updated rel ## Learn more -[Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) - +- [Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) +- [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) ## Related topics diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 13c1dce96d..898c957fd4 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -4,10 +4,12 @@ description: tbd ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -42,6 +44,9 @@ When **Configure Automatic Updates** is enabled in Group Policy, you can enable - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours. - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**. +> [!NOTE] +> When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted. + You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting. For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart). @@ -159,8 +164,9 @@ In the Group Policy editor, you will see a number of policy settings that pertai >[!NOTE] >You can only choose one path for restart behavior. -> >If you set conflicting restart policies, the actual restart behavior may not be what you expected. +>When using RDP, only active RDP sessions are considered as logged on users. + ## Registry keys used to manage restart The following tables list registry values that correspond to the Group Policy settings for controlling restarts after updates in Windows 10. diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 37103745b0..11d7c5d4b4 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -4,10 +4,12 @@ description: tbd ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 10/13/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -45,7 +47,7 @@ Semi-Annual Channel is the default servicing channel for all Windows 10 devices >The LTSB edition of Windows 10 is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). >[!NOTE] ->Semi-Annual Channel (Targeted) should be used only by the customers that are using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). For those, who don't use Windows Update for Business, Semi-Annual Channel (Targeted) would be the same as Semi-Annual Channel. +>Semi-Annual Channel (Targeted) should be used only by the customers that are using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). For those who don't use Windows Update for Business, Semi-Annual Channel (Targeted) would be the same as Semi-Annual Channel. ## Assign devices to Semi-Annual Channel diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md index 20a86bd384..a99bba615f 100644 --- a/windows/deployment/update/waas-servicing-differences.md +++ b/windows/deployment/update/waas-servicing-differences.md @@ -1,21 +1,23 @@ --- title: Servicing differences between Windows 10 and older operating systems +ms.reviewer: +manager: dansimp description: Learn the differences between servicing Windows 10 and servicing older operating systems. keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: KarenSimWindows +author: lomayor ms.localizationpriority: medium -ms.author: karensim +ms.author: lomayor ms.topic: article ms.collection: M365-modern-desktop --- # Understanding the differences between servicing Windows 10-era and legacy Windows operating systems ->Applies to: Windows 10 - ->**February 15, 2019: This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.** +> Applies to: Windows 10 +> +> **February 15, 2019: This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.** Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need critical to understand how best to leverage a modern workplace to support system updates. diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index ab220901a1..3a807c3ec9 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -4,10 +4,12 @@ description: A strong Windows 10 deployment strategy begins with establishing a ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: Jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 11/02/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 7749569b04..cc517dcb4d 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -4,10 +4,12 @@ description: Additional settings to control the behavior of Windows Update (WU) ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -153,7 +155,9 @@ If you disable or do not configure this policy, Windows Update will include upda Enables the IT admin to manage automatic update behavior to scan, download, and install updates. -When enabling this setting through Group Policy, under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options: +#### Configuring Automatic Updates by using Group Policy + +Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options: **2 - Notify for download and auto install** - When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates. @@ -167,7 +171,85 @@ If this setting is set to *Disabled*, any updates that are available on Windows If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**. +#### Configuring Automatic Updates by editing the registry +> ![Note] +> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk. + +In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update. + +To do this, follow these steps: + +1. Select **Start**, search for "regedit", and then open Registry Editor. + +2. Open the following registry key: + + ``` + HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU + ``` + +3. Add one of the following registry values to configure Automatic Update. + + * NoAutoUpdate (REG_DWORD): + + * **0**: Automatic Updates is enabled (default). + + * **1**: Automatic Updates is disabled. + + * AUOptions (REG_DWORD): + + * **1**: Keep my computer up to date is disabled in Automatic Updates. + + * **2**: Notify of download and installation. + + * **3**: Automatically download and notify of installation. + + * **4**: Automatically download and scheduled installation. + + * ScheduledInstallDay (REG_DWORD): + + * **0**: Every day. + + * **1** through **7**: The days of the week from Sunday (1) to Saturday (7). + + * ScheduledInstallTime (REG_DWORD): + + **n**, where **n** equals the time of day in a 24-hour format (0-23). + + * UseWUServer (REG_DWORD) + + Set this value to **1** to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update. + + * RescheduleWaitTime (REG_DWORD) + + **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes) + + > ![Note] + > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + + * NoAutoRebootWithLoggedOnUsers (REG_DWORD): + + **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on. + + > ![Note] + > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + +To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance. + +When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again. + +To determine the WSUS server that the client computers and servers connect to for updates, add the following registry values to the registry: +``` +HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ +``` + +* WUServer (REG_SZ) + + This value sets the WSUS server by HTTP name (for example, http://IntranetSUS). + +* WUStatusServer (REG_SZ) + + This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). ## Related topics @@ -177,4 +259,4 @@ If this setting is set to *Not Configured*, an administrator can still configure - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) - [Configure BranchCache for Windows 10 updates](waas-branchcache.md) - [Configure Windows Update for Business](waas-configure-wufb.md) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 706d1cc4a6..b447161237 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -1,13 +1,15 @@ --- -title: Walkthrough use Group Policy to configure Windows Update for Business (Windows 10) +title: Walkthrough use Group Policy to configure Windows Update for Business - Windows 10 description: Configure Windows Update for Business settings using Group Policy. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -20,336 +22,107 @@ ms.topic: article > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) ->[!IMPORTANT] ->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. -> ->In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. - -Using Group Policy to manage Windows Update for Business is simple and familiar: use the same Group Policy Management Console (GPMC) you use to manage other device and user policy settings in your environment. Before configuring the Windows Update for Business Group Policy settings, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment. - -In Windows 10 version 1511, only Current Branch for Business (CBB) upgrades could be delayed, restricting the Current Branch (CB) builds to a single deployment ring. Windows 10 version 1607, however, has a new Group Policy setting that allows you to delay feature updates for both CB and CBB, broadening the use of the CB servicing branch. - ->[!NOTES] ->The terms *feature updates* and *quality updates* in Windows 10, version 1607, correspond to the terms *upgrades* and *updates* in version 1511. - ->To follow the instructions in this article, you will need to download and install the relevant ADMX templates for your Windows 10 version. ->See the following articles for instructions on the ADMX templates in your environment. - -> - [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) -> - [Step-By-Step: Managing Windows 10 with Administrative templates](https://blogs.technet.microsoft.com/canitpro/2015/10/20/step-by-step-managing-windows-10-with-administrative-templates/) - - -To use Group Policy to manage quality and feature updates in your environment, you must first create Active Directory security groups that align with your constructed deployment rings. Most customers have many deployment rings already in place in their environment, and these rings likely align with existing phased rollouts of current patches and operating system upgrades. - -## Configure Windows Update for Business in Windows 10 version 1511 - -In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). - -- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices. -- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release. - ->[!NOTE] ->Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only. -> ->Windows 10 version 1511 does not support deferment of CB builds of Windows 10, so you can establish only one CB deployment ring. In version 1607 and later, CB builds can be delayed, making it possible to have multiple CB deployment rings. - Complete the following steps on a PC running the Remote Server Administration Tools or on a domain controller. - - ### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral +## Overview -1. Open GPMC (gpmc.msc). +You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See -2. Expand **Forest** > **Domains** > *your domain*. +An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**. -3. Right-click *your domain* and select **Create a GPO in this domain, and Link it here**. +To manage updates with Windows Update for Business as described in this topic, you should prepare with these steps, if you haven't already: - ![UI for Create GPO menu](images/waas-wufb-gp-create.png) - -4. In the **New GPO** dialog box, type **Windows Update for Business - CBB1** for the name of the new GPO. +- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10. +- Allow access to the Windows Update service. +- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](https://blogs.technet.microsoft.com/canitpro/2015/10/20/step-by-step-managing-windows-10-with-administrative-templates/). - >[!NOTE] - >In this example, you’re linking the GPO to the top-level domain. This is not a requirement: you can link the Windows Update for Business GPOs to any organizational unit (OU) that’s appropriate for your Active Directory Domain Services (AD DS) structure. -5. Right-click the **Windows Update for Business - CBB1** GPO, and then click **Edit**. +## Set up Windows Update for Business - ![UI for Edit GPO](images/waas-wufb-gp-edit.png) - -6. In the Group Policy Management Editor, go to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**. +In this example, one security group is used to manage updates. Typically we would recommend having at least three rings (early testers for pre-release builds, broad deployment for releases, critical devices for mature releases) to deploy. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) for more information. -7. Right-click **Defer Upgrades and Updates**, and then click **Edit**. +Follow these steps on a device running the Remote Server Administration Tools or on a domain controller: - ![UI to edit Defer Upgrades and Updates](images/waas-wufb-gp-edit-defer.png) - - In the **Defer Upgrades and Updates** Group Policy setting configuration, you see several options: - - **Enable/Disable Deferred Updates**. Enabling this policy setting sets the receiving client to the CBB servicing branch. Specifically disabling this policy forces the client into the CB servicing branch, making it impossible for users to change it. - - **Defer upgrades for the following**. This option allows you to delay feature updates up to 8 months, a number added to the default CBB delay (approximately 4 months from CB). By using Windows Update for Business, you can use this option to stagger CBB feature updates, making the total offset up to 12 months from CB. - - **Defer updates for the following**. This option allows you to delay the installation of quality updates on a Windows 10 device for up to 4 weeks, allowing for phased rollouts of updates in your enterprise, but not all quality updates are deferrable with this option. Table 1 shows the deferment capabilities by update type. - - **Pause Upgrades and Updates**. Should an issue arise with a feature update, this option allows a one-time skip of the current month’s quality and feature update. Quality updates will resume after 35 days, and feature updates will resume after 60 days. For example, deploy this setting as a stand-alone policy to the entire organization in an emergency. - - Table 1 summarizes the category of update in Windows 10 and how long Windows Update for Business can defer its installation. - - **Table 1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                      CategoryMaximum deferralDeferral incrementsClassification typeClassification GUID
                                      OS upgrades8 months1 monthUpgrade3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
                                      OS updates4 weeks1 weekSecurity updates0FA1201D-4330-4FA8-8AE9-B877473B6441
                                      DriversEBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
                                      UpdatesCD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
                                      Other/non-deferrableNo deferralNo deferralDefinition updatesE0789628-CE08-4437-BE74-2495B842F43B
                                      +### Set up a ring +1. Start Group Policy Management Console (gpmc.msc). +2. Expand **Forest > Domains > *\*. +3. Right-click *\* and select **Create a GPO in this domain and link it here**. +4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object. +5. Right-click the **Windows Update for Business - Group 1" object, and then select **Edit**. +6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices. - Simply enabling the **Defer Upgrades and Updates** policy sets the receiving client to the CBB servicing branch, which is what you want for your first deployment ring, **Ring 4 Broad business users**. - -8. Enable the **Defer Updates and Upgrades** setting, and then click **OK**. -9. Close the Group Policy Management Editor. +## Offering -Because the **Windows Update for Business - CBB1** GPO contains a computer policy and you only want to apply it to computers in the **Ring 4 Broad business users** group, use **Security Filtering** to scope the policy’s effect. +You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period of time. -### Scope the policy to the Ring 4 Broad business users group +### Manage which updates are offered -1. In the GPMC, select the **Windows Update for Business - CBB1** policy. +Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates. -2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad business users** group. +- Drivers (on/off): **Computer configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** +- Microsoft product updates (on/off): **Computer configuration > Administrative Templates > Windows Components > Windows Update > Get updates for other Microsoft Products** - ![Scope policy to group](images/waas-wufb-gp-scope.png) - +We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. We also recommend that you leave the "Microsoft product updates" setting on. -The **Ring 4 Broad business users** deployment ring has now been configured. Next, configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 2-week delay for feature updates. +### Manage when updates are offered +You can defer or pause the installation of updates for a set period of time. +#### Defer or pause an update -### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals +A Windows Update for Business administrator can defer or pause updates and preview builds. You can defer features updates for up to 365 days. You can pause feature or quality updates for up to 35 days from a given start date that you specify. -1. Open GPMC (gpmc.msc). +- Defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received** +- Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received** -2. Expand **Forest** > **Domains** > *your domain*. - -3. Right-click *your domain* and select **Create a GPO in this domain, and Link it here**. - - ![UI for Create GPO menu](images/waas-wufb-gp-create.png) - -4. In the **New GPO** dialog box, type **Windows Update for Business - CBB2** for the name of the new GPO. - -5. Right-click the **Windows Update for Business - CBB2** GPO, and then click **Edit**. - - ![UI for Edit GPO](images/waas-wufb-gp-edit.png) - -6. In the Group Policy Management Editor, go to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**. - -7. Right-click **Defer Upgrades and Updates**, and then click **Edit**. - -8. Enable the **Defer Updates and Upgrades** setting, configure the **Defer upgrades for the following** option for 1 month, and then configure the **Defer updates for the following** option for 1 week. - - ![Example of policy settings](images/waas-wufb-gp-broad.png) - -9. Click **OK** and close the Group Policy Management Editor. - - -### Scope the policy to the Ring 5 Broad business users \#2 group - -1. In the GPMC, select the **Windows Update for Business - CBB2** policy. - -2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 5 Broad business users \#2** group. +#### Example -## Configure Windows Update for Business in Windows 10 version 1607 +In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days. -To use Group Policy to manage quality and feature updates in your environment, you must first create Active Directory security groups that align with your constructed deployment rings. Most customers have many deployment rings already in place in their environment, and these rings likely align with existing phased rollouts of current patches and operating system upgrades. +![illustration of devices divided into three rings](images/waas-wufb-3-rings.png) -In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: +When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates. -- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 4 weeks after they are released. -- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch. -- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. +##### Five days later +The devices in the fast ring are offered the quality update the next time they scan for updates. -In this example, you configure and scope the update schedules for all three groups. +![illustration of devices with fast ring deployed](images/waas-wufb-fast-ring.png) -### Configure Ring 2 Pilot Business Users policy +##### Ten days later +Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates. -1. Open GPMC (gpmc.msc). +![illustration of devices with slow ring deployed](images/waas-wufb-slow-ring.png) -2. Expand **Forest** > **Domains** > *your domain*. +If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves. -3. Right-click *your domain* and select **Create a GPO in this domain, and Link it here**. +##### What if a problem occurs with the update? - ![UI for Create GPO menu](images/waas-wufb-gp-create.png) +In this example, some problem is discovered during the deployment of the update to the "pilot" ring. -4. In the **New GPO** dialog box, type **Windows Update for Business - CB2** for the name of the new GPO. +![illustration of devices divided with pilot ring experiencing a problem](images/waas-wufb-pilot-problem.png) - >[!NOTE] - >In this example, you’re linking the GPO to the top-level domain. This is not a requirement: you can link the Windows Update for Business GPOs to any organizational unit (OU) that’s appropriate for your Active Directory Domain Services (AD DS) structure. - -5. Right-click the **Windows Update for Business - CB2** GPO, and then click **Edit**. +At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box. - ![Edit menu for this GPO](images/waas-wufb-gp-cb2.png) - -6. In the Group Policy Management Editor, go to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Defer Windows Updates**. +![illustration of rings with pause quality update check box selected](images/waas-wufb-pause.png) -7. Right-click **Select when Feature Updates are received**, and then click **Edit**. +Now all devices are paused from updating for 35 days. When the the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again. -8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CB**, set the feature update delay to **28** days, and then click **OK**. - ![Settings for this GPO](images/waas-wufb-gp-cb2-settings.png) - - Table 3 summarizes the category of updates in Windows 10, version 1607, and how long Windows Update for Business can defer its installation. - **Table 3** +#### Set branch readiness level for feature updates - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                      CategoryMaximum deferralDeferral incrementsExampleClassification GUID
                                      Feature Updates180 daysDaysFrom Windows 10, version 1511 to version 16073689BDC8-B205-4AF4-8D4A-A63924C5E9D5
                                      Quality Updates30 daysDaysSecurity updates0FA1201D-4330-4FA8-8AE9-B877473B6441
                                      Drivers (optional)EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
                                      Non-security updatesCD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
                                      Microsoft updates (Office, Visual Studio, etc.)varies
                                      Non-deferrableNo deferralNo deferralDefinition updatesE0789628-CE08-4437-BE74-2495B842F43B
                                      +This policy only applies to feature updates. To enable preview builds for devices in your organization, set the "Enable preview builds" policy and then use the "Select when preview builds and feature updates are received" policy. -9. Close the Group Policy Management Editor. +We recommend that you set up a ring to receive preview builds by joining the Windows Insider Program for Business. By having a ring of devices receiving "pre-release slow" builds and learning about commercial pre-release features, you can ensure that any issues you have with the release are fixed before it is ever released and far before you broadly deploy. -Because the **Windows Update for Business – CB2** GPO contains a computer policy and you only want to apply it to computers in the **Ring 2 Pilot Business Users** group, use **Security Filtering** to scope the policy’s effect. +- Enable preview builds: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage Preview Builds** -### Scope the policy to the Ring 2 Pilot Business Users group -1. In the GPMC, select the **Windows Update for Business - CB2** policy. -2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 2 Pilot Business Users** group. +- Set branch readiness level: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received** - ![Scope policy to group](images/waas-wufb-gp-scope-cb2.png) -The **Ring 2 Pilot Business Users** deployment ring has now been configured. Next, configure **Ring 4 Broad business users** to set those clients into the CBB servicing branch so that they receive feature updates as soon as they’re made available for the CBB servicing branch. -### Configure Ring 4 Broad business users policy -1. Open GPMC (gpmc.msc). - -2. Expand **Forest** > **Domains** > *your domain*. - -3. Right-click *your domain* and select **Create a GPO in this domain, and Link it here**. - -4. In the **New GPO** dialog box, type **Windows Update for Business - CBB1** for the name of the new GPO. - -5. Right-click the **Windows Update for Business - CBB1** GPO, and then click **Edit**. - -6. In the Group Policy Management Editor, go to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Defer Windows Updates**. - -7. Right-click **Select when Feature Updates are received**, and then click **Edit**. - -8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CBB**, and then click **OK**. - - ![Settings for this GPO](images/waas-wufb-gp-cbb1-settings.png) - -9. Close the Group Policy Management Editor. - - - -### Scope the policy to the Ring 4 Broad business users group - -1. In the GPMC, select the **Windows Update for Business - CBB1** policy. - -2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad business users** group. - - -The **Ring 4 Broad business users** deployment ring has now been configured. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates - -### Configure Ring 5 Broad business users \#2 policy - -1. Open GPMC (gpmc.msc). - -2. Expand **Forest** > **Domains** > *your domain*. - -3. Right-click *your domain* and select **Create a GPO in this domain, and Link it here**. - -4. In the **New GPO** dialog box, type **Windows Update for Business - CBB2** for the name of the new GPO. - -5. Right-click the **Windows Update for Business - CBB2** GPO, and then click **Edit**. - -6. In the Group Policy Management Editor, go to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Defer Windows Updates**. - -7. Right-click **Select when Feature Updates are received**, and then click **Edit**. - -8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CBB**, set the feature update delay to **14** days, and then click **OK**. - - ![Settings for this GPO](images/waas-wufb-gp-cbb2-settings.png) - -9. Right-click **Select when Quality Updates are received**, and then click **Edit**. - -10. In the **Select when Quality Updates are received** policy, enable it, set the quality update delay to **7** days, and then click **OK**. - - ![Settings for this GPO](images/waas-wufb-gp-cbb2q-settings.png) - -11. Close the Group Policy Management Editor. - - - -### Scope the policy to the Ring 5 Broad business users \#2 group - -1. In the GPMC, select the **Windows Update for Business - CBB2** policy. - -2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 5 Broad business users #2** group. - -## Known issues -The following article describes the known challenges that can occur when you manage a Windows 10 Group policy client base: -- [Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2](https://support.microsoft.com/help/4015786/known-issues-managing-a-windows-10-group-policy-client-in-windows-serv) ## Related topics @@ -369,3 +142,8 @@ The following article describes the known challenges that can occur when you man - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) - [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) - [Manage device restarts after updates](waas-restart.md) + + + + + diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index e65e9b8d2d..81ac40df54 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -4,10 +4,12 @@ description: Configure Windows Update for Business settings using Microsoft Intu ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jaimeo +author: lomayor ms.localizationpriority: medium -ms.author: jaimeo +ms.author: lomayor ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -184,7 +186,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e 4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**. -4. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. +5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. @@ -196,7 +198,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e 8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. -8. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list. +9. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list. 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. @@ -204,14 +206,14 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e ![Settings for this policy](images/waas-wufb-intune-cbb1a.png) -9. Click **Save Policy**. +12. Click **Save Policy**. -9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. +13. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. -10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. +14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates. @@ -226,7 +228,7 @@ You have now configured the **Ring 4 Broad business users** deployment ring to r 4. Name the policy **Windows Update for Business - CBB2**. Then, in the **OMA-URI Settings** section, click **Add**. -4. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. +5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. 6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. @@ -238,30 +240,30 @@ You have now configured the **Ring 4 Broad business users** deployment ring to r 8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. -8. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list. +9. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list. 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays**. 11. In the **Value** box, type **7**, and then click **OK**. -8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. +12. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. -8. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list. +13. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list. -10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. +14. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. -11. In the **Value** box, type **14**, and then click **OK**. +15. In the **Value** box, type **14**, and then click **OK**. ![Settings for this policy](images/waas-wufb-intune-cbb2a.png) -9. Click **Save Policy**. +16. Click **Save Policy**. -9. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**. +17. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**. - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. -10. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**. +18. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**. ## Related topics diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index ea9214c57b..63afadf857 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -1,13 +1,15 @@ --- title: Frequently asked questions and troubleshooting Windows Analytics +ms.reviewer: +manager: dansimp description: Frequently asked questions about Windows Analytics and steps to take when things go wrong keywords: windows analytics, oms, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, FAQ, problems, troubleshooting, error ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article @@ -57,7 +59,7 @@ Even though devices can take 2-3 days after enrollment to show up due to latency >[!NOTE] > If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it. - + If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues: 1. Download and extract the [Upgrade Readiness Deployment Script](https://www.microsoft.com/download/details.aspx?id=53327). Ensure that the **Pilot/Diagnostics** folder is included. @@ -84,11 +86,13 @@ If you have devices that appear in other solutions, but not Device Health (the D 1. Using the Azure portal, remove the Device Health (appears as DeviceHealthProd on some pages) solution from your Log Analytics workspace. After completing this, add the Device Health solution to you workspace again. 2. Confirm that the devices are running Windows 10. 3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551). -4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set). +4. Confirm that devices are opted in to send diagnostic data by checking in the registry that **AllowTelemetry** is set to either 2 (Enhanced) or 3 (Full). + - **AllowTelemetry** under **HKLM\Software\Policies\Microsoft\Windows\DataCollection** is the IT policy path. + - **AllowTelemetry** under **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is the user preference (Settings app) path. + - IMPORTANT: By convention (and in earlier versions of Windows 10) the IT policy would take precedence over any user preference. Starting with Windows 10, version 1803, the user can lower the device's effective value even when an IT policy is set. This change assists organizations in complying with regional or organizational expectations about user control over privacy settings. For organizations where user control of privacy settings is not required, the previous behavior (IT policy path always wins) can be enabled using the new policy **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in setting user interface**. 5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information. -6. Remove the Device Health (appears as DeviceHealthProd on some pages) from your Log Analytics workspace -7. Wait 48 hours for activity to appear in the reports. -8. If you need additional troubleshooting, contact Microsoft Support. +6. Wait 48 hours for activity to appear in the reports. +7. If you need additional troubleshooting, contact Microsoft Support. ### Device crashes not appearing in Device Health Device Reliability @@ -109,7 +113,7 @@ If you know that devices are experiencing stop error crashes that do not seem to 5. Check that crash reports successfully complete the round trip with Event 1001 and that BucketID is not blank. A typical such event looks like this: [![Event viewer detail showing Event 1001 details](images/event_1001.png)](images/event_1001.png) - + You can use the following Windows PowerShell snippet to summarize recent occurrences of Event 1001. Most events should have a value for BucketID (a few intermittent blank values are OK, however). ```powershell @@ -210,9 +214,9 @@ Starting with Windows 10, version 1803, the device name is no longer collected b ### Custom log queries using the AbnormalShutdownCount field of Device Health show zero or lower than expected results This issue affects custom queries of the Device Health data by using the **Logs > Search page** or API. It does not impact any of the built-in tiles or reports of the Device Health solution. The **AbnormalShutdownCount** field of the **DHOSReliability** data table represents abnormal shutdowns other than crashes, such as sudden power loss or holding down the power button. - + We have identified an incompatibility between AbnormalShutdownCount and the Limited Enhanced diagnostic data level on Windows 10, versions 1709, 1803, and 1809. Such devices do not send the abnormal shutdown signal to Microsoft. You should not rely on AbnormalShutdownCount in your custom queries unless you use any one of the following workarounds: - + - Upgrade devices to Windows 10, version 1903 when available. Participants in the Windows Insider program can preview this change using Windows Insider builds. - Change the diagnostic data setting from devices running Windows 10, versions 1709, 1803, and 1809 normal Enhanced level instead of Limited Enhanced. @@ -226,18 +230,18 @@ We have identified an incompatibility between AbnormalShutdownCount and the Limi If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps: -1. Unsubscribe from the Upgrade Readiness solution in Azure Portal. In Azure Portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. +1. Unsubscribe from the Upgrade Readiness solution in Azure Portal. In Azure Portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. - ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png) + ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png) -2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: +2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: - **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* + **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* - **Windows 10**: Follow the instructions in [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization). + **Windows 10**: Follow the instructions in [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization). -3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. -4. **Optional step:** You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". +3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. +4. **Optional step:** You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". ### Exporting large data sets @@ -247,7 +251,7 @@ Azure Log Analytics is optimized for advanced analytics of large data sets and c let snapshot = toscalar(UAApp | summarize max(TimeGenerated)); let pageSize = 100000; let pageNumber = 0; - + UAApp | where TimeGenerated == snapshot and IsRollup==true and RollupLevel=="Granular" and Importance == "Low install count" | order by AppName, AppVendor, AppVersion desc @@ -256,11 +260,12 @@ UAApp | take pageSize ``` - + ## Other common questions ### What are the requirements and costs for Windows Analytics solutions? + | Windows Analytics solution| Windows license requirements | Windows version requirements | Minimum diagnostic data requirements | |----------------------|-----------------------------------|------------------------------|------------------------------| | Upgrade Readiness | No additional requirements | Windows 7 with Service Pack 1, Windows 8.1, Windows 10 | Basic level in most cases; Enhanced level to support Windows 10 app usage data and IE site discovery | @@ -279,7 +284,7 @@ Note that different Azure Log Analytics plans have different data retention peri ### Why do SCCM and Upgrade Readiness show different counts of devices that are ready to upgrade? System Center Configuration Manager (SCCM) considers a device ready to upgrade if *no installed app* has an upgrade decision of “not ready” (that is, they are all "ready" or "in progress"), while Upgrade Readiness considers a device ready to upgrade only if *all* installed apps are marked “ready”. -  + Currently, you can choose the criteria you wish to use: - To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector). - To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet. diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md index bbca1ea487..4734b9dcc2 100644 --- a/windows/deployment/update/windows-analytics-azure-portal.md +++ b/windows/deployment/update/windows-analytics-azure-portal.md @@ -1,13 +1,15 @@ --- title: Windows Analytics in the Azure Portal +ms.reviewer: +manager: dansimp description: Use the Azure Portal to add and configure Windows Analytics solutions keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article @@ -15,13 +17,13 @@ ms.topic: article # Windows Analytics in the Azure Portal -Windows Analytics uses Azure Log Analytics (formerly known as Operations Management Suite or OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments. +Windows Analytics uses Azure Log Analytics workspaces (formerly known as Operations Management Suite or OMS), a collection of cloud-based services for monitoring and automating your on-premises and cloud environments. **The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition). ## Navigation and permissions in the Azure portal -Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics*. Once it appears, you can select the star to add it to your favorites for easy access in the future. +Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics workspaces*. Once it appears, you can select the star to add it to your favorites for easy access in the future. [![Azure portal all services page with Log Analytics found and selected as favorite](images/azure-portal-LAfav1.png)](images/azure-portal-LAfav1.png) @@ -37,7 +39,7 @@ An **Azure subscription** is a container for billing, but also acts as a securit >[!IMPORTANT] >Unlike the OMS portal (which only requires permission to access the Azure Log Analytics workspace), the Azure portal also requires access to be configured to either the linked *Azure subscription* or Azure resource group. -To check the Log Analytics workspaces you can access, select **Log Analytics**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to: +To check the Log Analytics workspaces you can access, select **Log Analytics workspaces**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to: [![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index f0ee52dd38..aa2682cbef 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -1,5 +1,7 @@ --- title: Enrolling devices in Windows Analytics (Windows 10) +ms.reviewer: +manager: dansimp description: Enroll devices to enable use of Update Compliance, Upgrade Readiness, and Device Health in Windows Analytics. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, azure portal ms.prod: w10 @@ -64,13 +66,16 @@ To enable data sharing, configure your proxy server to whitelist the following e | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health reports. Not used by Upgrade Readiness or Update Compliance AV reports. | | `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health reports. Not used by Upgrade Readiness or Update Compliance AV reports. | | `https://login.live.com` | This endpoint is required by Device Health to ensure data integrity and provides a more reliable device identity for all of the Windows Analytics solutions on Windows 10. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. | -| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity | -| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity | + >[!NOTE] >Proxy authentication and SSL inspections are frequent challenges for enterprises. See the following sections for configuration options. +> [!IMPORTANT] +> For privacy and data integrity, Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection. + + ### Configuring endpoint access with SSL inspection To ensure privacy and data integrity Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. Accordingly SSL interception and inspection is not possible. To use Windows Analytics services you should exclude the above endpoints from SSL inspection. @@ -88,10 +93,17 @@ The compatibility update scans your devices and enables application usage tracki | **Operating System** | **Updates** | |----------------------|-----------------------------------------------------------------------------| | Windows 10 | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up to date with cumulative updates. | -| Windows 8.1 | [KB 2976978](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)
                                      Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed.
                                      For more information about this update, see | -| Windows 7 SP1 | [KB2952664](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
                                      Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed.
                                      For more information about this update, see | +| Windows 8.1 | The compatibility update is included in monthly quality updates for Windows 8.1. We recommend installing the latest [Windows Monthly Rollup](http://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%20for%20windows%208) before attempting to enroll devices into Windows Analytics. | +| Windows 7 SP1 | The compatibility update is included in monthly quality updates for Windows 7. We recommend installing the latest [Windows Monthly Rollup](http://www.catalog.update.microsoft.com/Search.aspx?q=security%20monthly%20quality%20rollup%20for%20windows%207) before attempting to enroll devices into Windows Analytics. | + +### Connected User Experiences and Telemetry service +With Windows diagnostic data enabled, the Connected User Experience and Telemetry service (DiagTrack) collects system, application, and driver data. Microsoft analyzes this data, and shares it back to you through Windows Analytics. For the best experience, install these updates depending upon the operating system version. + +- For Windows 10, install the latest Windows 10 cumulative update. +- For Windows 8.1, nstall the October 2018 monthly rollup, [KB4462926](https://support.microsoft.com/help/4462926) +- For Windows 7, install the October 2018 monthly rollup, [KB4462923](https://support.microsoft.com/help/4462923) + -We also recommend installing the latest [Windows Monthly Rollup](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup) on Windows 7 and Windows 8.1 devices. >[!IMPORTANT] >Restart devices after you install the compatibility updates for the first time. diff --git a/windows/deployment/update/windows-analytics-overview.md b/windows/deployment/update/windows-analytics-overview.md index 8ebb6a4bff..b302f6f1ff 100644 --- a/windows/deployment/update/windows-analytics-overview.md +++ b/windows/deployment/update/windows-analytics-overview.md @@ -1,13 +1,15 @@ --- title: Windows Analytics +ms.reviewer: +manager: dansimp description: Introduction and overview of Windows Analytics keywords: Device Health, Upgrade Readiness, Update Compliance, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md index 744f34d7a4..98f8b7cc8e 100644 --- a/windows/deployment/update/windows-analytics-privacy.md +++ b/windows/deployment/update/windows-analytics-privacy.md @@ -1,13 +1,15 @@ --- title: Windows Analytics and privacy +ms.reviewer: +manager: dansimp description: How Windows Analytics uses data keywords: windows analytics, oms, privacy, data, diagnostic, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, FAQ, problems, troubleshooting, error ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: high ms.collection: M365-analytics ms.topic: article diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index c020f63f0f..525b7c99b1 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -4,9 +4,11 @@ ms.prod: windows-10 layout: LandingPage ms.topic: landing-page ms.manager: elizapo -author: lizap -ms.author: elizapo +author: lomayor +ms.author: lomayor ms.date: 01/24/2019 +ms.reviewer: +manager: dansimp ms.localizationpriority: high ms.collection: M365-modern-desktop --- diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index 8552724e85..cca22ab6ad 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -4,10 +4,12 @@ description: Reference information for Windows Update error codes ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -20,63 +22,63 @@ This section lists the error codes for Microsoft Windows Update. ## Automatic Update Errors -|Error code|Message|Description| -|-|-|-| -|0x80243FFF|WU_E_AUCLIENT_UNEXPECTED|There was a user interface error not covered by another WU_E_AUCLIENT_* error code.| -|0x8024A000|WU_E_AU_NOSERVICE|Automatic Updates was unable to service incoming requests. | -|0x8024A002|WU_E_AU_NONLEGACYSERVER|The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded.|  -|0x8024A003 |WU_E_AU_LEGACYCLIENTDISABLED| The old version of the Automatic Updates client was disabled.|  -|0x8024A004|WU_E_AU_PAUSED|Automatic Updates was unable to process incoming requests because it was paused.|  -|0x8024A005|WU_E_AU_NO_REGISTERED_SERVICE| No unmanaged service is registered with AU.|  -|0x8024AFFF|WU_E_AU_UNEXPECTED| An Automatic Updates error not covered by another WU_E_AU * code.|  +| Error code | Message | Description | +|------------|-------------------------------|--------------------------------------------------------------------------------------------------------| +| 0x80243FFF | WU_E_AUCLIENT_UNEXPECTED | There was a user interface error not covered by another WU_E_AUCLIENT_\* error code. | +| 0x8024A000 | WU_E_AU_NOSERVICE | Automatic Updates was unable to service incoming requests.  | +| 0x8024A002 | WU_E_AU_NONLEGACYSERVER | The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded. | +| 0x8024A003 | WU_E_AU_LEGACYCLIENTDISABLED |  The old version of the Automatic Updates client was disabled. | +| 0x8024A004 | WU_E_AU_PAUSED | Automatic Updates was unable to process incoming requests because it was paused. | +| 0x8024A005 | WU_E_AU_NO_REGISTERED_SERVICE |  No unmanaged service is registered with AU. | +| 0x8024AFFF | WU_E_AU_UNEXPECTED |  An Automatic Updates error not covered by another WU_E_AU \* code. | ## Windows Update UI errors -|Error code|Message|Description| -|-|-|-| -|0x80243001|WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION|The results of download and installation could not be read from the registry due to an unrecognized data format version.|  -|0x80243002|WU_E_INSTALLATION_RESULTS_INVALID_DATA|The results of download and installation could not be read from the registry due to an invalid data format.|  -|0x80243003|WU_E_INSTALLATION_RESULTS_NOT_FOUND |The results of download and installation are not available; the operation may have failed to start.|  -|0x80243004| WU_E_TRAYICON_FAILURE| A failure occurred when trying to create an icon in the taskbar notification area.| -|0x80243FFD| WU_E_NON_UI_MODE| Unable to show UI when in non-UI mode; WU client UI modules may not be installed.  | -|0x80243FFE| WU_E_WUCLTUI_UNSUPPORTED_VERSION| Unsupported version of WU client UI exported functions.  | -|0x80243FFF| WU_E_AUCLIENT_UNEXPECTED| There was a user interface error not covered by another WU_E_AUCLIENT_* error code.  | +| Error code | Message | Description | +|------------|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------| +| 0x80243001 | WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION | The results of download and installation could not be read from the registry due to an unrecognized data format version. | +| 0x80243002 | WU_E_INSTALLATION_RESULTS_INVALID_DATA | The results of download and installation could not be read from the registry due to an invalid data format. | +| 0x80243003 | WU_E_INSTALLATION_RESULTS_NOT_FOUND | The results of download and installation are not available; the operation may have failed to start. | +| 0x80243004 |  WU_E_TRAYICON_FAILURE |  A failure occurred when trying to create an icon in the taskbar notification area. | +| 0x80243FFD |  WU_E_NON_UI_MODE |  Unable to show UI when in non-UI mode; WU client UI modules may not be installed.  | +| 0x80243FFE |  WU_E_WUCLTUI_UNSUPPORTED_VERSION |  Unsupported version of WU client UI exported functions.  | +| 0x80243FFF |  WU_E_AUCLIENT_UNEXPECTED |  There was a user interface error not covered by another WU_E_AUCLIENT_\* error code.  | ## Inventory errors -|Error code|Message|Description| -|-|-|-| -|0x80249001| WU_E_INVENTORY_PARSEFAILED| Parsing of the rule file failed. | -|0x80249002| WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED | Failed to get the requested inventory type from the server. | -|0x80249003| WU_E_INVENTORY_RESULT_UPLOAD_FAILED| Failed to upload inventory result to the server. | -|0x80249004| WU_E_INVENTORY_UNEXPECTED| There was an inventory error not covered by another error code.|  -|0x80249005| WU_E_INVENTORY_WMI_ERROR| A WMI error occurred when enumerating the instances for a particular class.  | +| Error code | Message | Description | +|------------|-------------------------------------------|-------------------------------------------------------------------------------| +| 0x80249001 |  WU_E_INVENTORY_PARSEFAILED |  Parsing of the rule file failed.  | +| 0x80249002 |  WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED |  Failed to get the requested inventory type from the server.  | +| 0x80249003 |  WU_E_INVENTORY_RESULT_UPLOAD_FAILED |  Failed to upload inventory result to the server.  | +| 0x80249004 |  WU_E_INVENTORY_UNEXPECTED |  There was an inventory error not covered by another error code. | +| 0x80249005 |  WU_E_INVENTORY_WMI_ERROR |  A WMI error occurred when enumerating the instances for a particular class.  | ## Expression evaluator errors -|Error code|Message|Description| -|-|-|-| -|0x8024E001 | WU_E_EE_UNKNOWN_EXPRESSION | An expression evaluator operation could not be completed because an expression was unrecognized.| -|0x8024E002| WU_E_EE_INVALID_EXPRESSION| An expression evaluator operation could not be completed because an expression was invalid.  | -|0x8024E003| WU_E_EE_MISSING_METADATA| An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. | -|0x8024E004| WU_E_EE_INVALID_VERSION| An expression evaluator operation could not be completed because the version of the serialized expression data is invalid. | -| 0x8024E005| WU_E_EE_NOT_INITIALIZED| The expression evaluator could not be initialized.|  -| 0x8024E006| WU_E_EE_INVALID_ATTRIBUTEDATA | An expression evaluator operation could not be completed because there was an invalid attribute.| -| 0x8024E007| WU_E_EE_CLUSTER_ERROR | An expression evaluator operation could not be completed because the cluster state of the computer could not be determined. | -| 0x8024EFFF| WU_E_EE_UNEXPECTED| There was an expression evaluator error not covered by another WU_E_EE_* error code.  | +| Error code | Message | Description | +|-------------|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------| +| 0x8024E001 |  WU_E_EE_UNKNOWN_EXPRESSION |  An expression evaluator operation could not be completed because an expression was unrecognized. | +| 0x8024E002 |  WU_E_EE_INVALID_EXPRESSION |  An expression evaluator operation could not be completed because an expression was invalid.  | +| 0x8024E003 |  WU_E_EE_MISSING_METADATA |  An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes.  | +| 0x8024E004 |  WU_E_EE_INVALID_VERSION |  An expression evaluator operation could not be completed because the version of the serialized expression data is invalid.  | +|  0x8024E005 |  WU_E_EE_NOT_INITIALIZED |  The expression evaluator could not be initialized. | +|  0x8024E006 |  WU_E_EE_INVALID_ATTRIBUTEDATA |  An expression evaluator operation could not be completed because there was an invalid attribute. | +|  0x8024E007 |  WU_E_EE_CLUSTER_ERROR |  An expression evaluator operation could not be completed because the cluster state of the computer could not be determined.  | +|  0x8024EFFF |  WU_E_EE_UNEXPECTED |  There was an expression evaluator error not covered by another WU_E_EE_\* error code.  | ## Reporter errors -|Error code|Message|Description| -|-|-|-| -| 0x80247001| WU_E_OL_INVALID_SCANFILE | An operation could not be completed because the scan package was invalid.|  -|0x80247002| WU_E_OL_NEWCLIENT_REQUIRED| An operation could not be completed because the scan package requires a greater version of the Windows Update Agent.|  -| 0x80247FFF| WU_E_OL_UNEXPECTED| Search using the scan package failed. | -| 0x8024F001| WU_E_REPORTER_EVENTCACHECORRUPT| The event cache file was defective. | -| 0x8024F002 | WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED | The XML in the event namespace descriptor could not be parsed.|  -| 0x8024F003| WU_E_INVALID_EVENT| The XML in the event namespace descriptor could not be parsed.|  -| 0x8024F004| WU_E_SERVER_BUSY| The server rejected an event because the server was too busy.|  -| 0x8024FFFF| WU_E_REPORTER_UNEXPECTED| There was a reporter error not covered by another error code. | +| Error code | Message | Description | +|-------------|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| +|  0x80247001 |  WU_E_OL_INVALID_SCANFILE |  An operation could not be completed because the scan package was invalid. | +| 0x80247002 |  WU_E_OL_NEWCLIENT_REQUIRED |  An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. | +|  0x80247FFF |  WU_E_OL_UNEXPECTED |  Search using the scan package failed.  | +|  0x8024F001 |  WU_E_REPORTER_EVENTCACHECORRUPT |  The event cache file was defective.  | +|  0x8024F002 |  WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED |  The XML in the event namespace descriptor could not be parsed. | +|  0x8024F003 |  WU_E_INVALID_EVENT |  The XML in the event namespace descriptor could not be parsed. | +|  0x8024F004 |  WU_E_SERVER_BUSY |  The server rejected an event because the server was too busy. | +|  0x8024FFFF |  WU_E_REPORTER_UNEXPECTED |  There was a reporter error not covered by another error code.  | ## Redirector errors The components that download the Wuredir.cab file and then parse the Wuredir.cab file generate the following errors. @@ -91,152 +93,152 @@ The components that download the Wuredir.cab file and then parse the Wuredir.cab ## Protocol Talker errors The following errors map to SOAPCLIENT_ERRORs through the Atlsoap.h file. These errors are obtained when the CClientWebService object calls the GetClientError() method. -|Error code|Message|Description| -|-|-|-| -| 0x80244000| WU_E_PT_SOAPCLIENT_BASE| WU_E_PT_SOAPCLIENT_* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library.| -|0x80244001| WU_E_PT_SOAPCLIENT_INITIALIZE| Same as SOAPCLIENT_INITIALIZE_ERROR - initialization of the SOAP client failed possibly because of an MSXML installation failure. | -| 0x80244002| WU_E_PT_SOAPCLIENT_OUTOFMEMORY| Same as SOAPCLIENT_OUTOFMEMORY - SOAP client failed because it ran out of memory. | -| 0x80244003| WU_E_PT_SOAPCLIENT_GENERATE| Same as SOAPCLIENT_GENERATE_ERROR - SOAP client failed to generate the request.|  -| 0x80244004| WU_E_PT_SOAPCLIENT_CONNECT| Same as SOAPCLIENT_CONNECT_ERROR - SOAP client failed to connect to the server. | -| 0x80244005| WU_E_PT_SOAPCLIENT_SEND| Same as SOAPCLIENT_SEND_ERROR - SOAP client failed to send a message for reasons of WU_E_WINHTTP_* error codes.| -| 0x80244006| WU_E_PT_SOAPCLIENT_SERVER| Same as SOAPCLIENT_SERVER_ERROR - SOAP client failed because there was a server error. | -| 0x80244007| WU_E_PT_SOAPCLIENT_SOAPFAULT| Same as SOAPCLIENT_SOAPFAULT - SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_* error codes.| -| 0x80244008| WU_E_PT_SOAPCLIENT_PARSEFAULT| Same as SOAPCLIENT_PARSEFAULT_ERROR - SOAP client failed to parse a SOAP fault.|  -| 0x80244009| WU_E_PT_SOAPCLIENT_READ| Same as SOAPCLIENT_READ_ERROR - SOAP client failed while reading the response from the server.| -| 0x8024400A| WU_E_PT_SOAPCLIENT_PARSE| Same as SOAPCLIENT_PARSE_ERROR - SOAP client failed to parse the response from the server. | - - + +| Error code | Message | Description | +|-------------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------| +|  0x80244000 |  WU_E_PT_SOAPCLIENT_BASE |  WU_E_PT_SOAPCLIENT_\* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library. | +| 0x80244001 |  WU_E_PT_SOAPCLIENT_INITIALIZE |  Same as SOAPCLIENT_INITIALIZE_ERROR - initialization of the SOAP client failed possibly because of an MSXML installation failure. | +|  0x80244002 |  WU_E_PT_SOAPCLIENT_OUTOFMEMORY |  Same as SOAPCLIENT_OUTOFMEMORY - SOAP client failed because it ran out of memory.  | +|  0x80244003 |  WU_E_PT_SOAPCLIENT_GENERATE |  Same as SOAPCLIENT_GENERATE_ERROR - SOAP client failed to generate the request. | +|  0x80244004 |  WU_E_PT_SOAPCLIENT_CONNECT |  Same as SOAPCLIENT_CONNECT_ERROR - SOAP client failed to connect to the server.  | +|  0x80244005 |  WU_E_PT_SOAPCLIENT_SEND |  Same as SOAPCLIENT_SEND_ERROR - SOAP client failed to send a message for reasons of WU_E_WINHTTP_\* error codes. | +|  0x80244006 |  WU_E_PT_SOAPCLIENT_SERVER |  Same as SOAPCLIENT_SERVER_ERROR - SOAP client failed because there was a server error.  | +|  0x80244007 |  WU_E_PT_SOAPCLIENT_SOAPFAULT |  Same as SOAPCLIENT_SOAPFAULT - SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | +|  0x80244008 |  WU_E_PT_SOAPCLIENT_PARSEFAULT |  Same as SOAPCLIENT_PARSEFAULT_ERROR - SOAP client failed to parse a SOAP fault. | +|  0x80244009 |  WU_E_PT_SOAPCLIENT_READ |  Same as SOAPCLIENT_READ_ERROR - SOAP client failed while reading the response from the server. | +|  0x8024400A |  WU_E_PT_SOAPCLIENT_PARSE |  Same as SOAPCLIENT_PARSE_ERROR - SOAP client failed to parse the response from the server.  | ## Other Protocol Talker errors The following errors map to SOAP_ERROR_CODEs from the Atlsoap.h file. These errors are obtained from the m_fault.m_soapErrCode member of the CClientWebService object when GetClientError() returns SOAPCLIENT_SOAPFAULT. -|Error code|Message|Description| -|-|-|-| -| 0x8024400B| WU_E_PT_SOAP_VERSION| Same as SOAP_E_VERSION_MISMATCH - SOAP client found an unrecognizable namespace for the SOAP envelope.| -| 0x8024400C| WU_E_PT_SOAP_MUST_UNDERSTAND| Same as SOAP_E_MUST_UNDERSTAND - SOAP client was unable to understand a header.  | -| 0x8024400D| WU_E_PT_SOAP_CLIENT| Same as SOAP_E_CLIENT - SOAP client found the message was malformed; fix before resending. | -| 0x8024400E| WU_E_PT_SOAP_SERVER| Same as SOAP_E_SERVER - The SOAP message could not be processed due to a server error; resend later. | -| 0x8024400F| WU_E_PT_WMI_ERROR| There was an unspecified Windows Management Instrumentation (WMI) error.|  -| 0x80244010| WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS| The number of round trips to the server exceeded the maximum limit. | -| 0x80244011| WU_E_PT_SUS_SERVER_NOT_SET| WUServer policy value is missing in the registry. | -| 0x80244012| WU_E_PT_DOUBLE_INITIALIZATION| Initialization failed because the object was already initialized. | -| 0x80244013| WU_E_PT_INVALID_COMPUTER_NAME| The computer name could not be determined. | -| 0x80244015| WU_E_PT_REFRESH_CACHE_REQUIRED| The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry.|  -| 0x80244016| WU_E_PT_HTTP_STATUS_BAD_REQUEST| Same as HTTP status 400 - the server could not process the request due to invalid syntax. | -| 0x80244017| WU_E_PT_HTTP_STATUS_DENIED| Same as HTTP status 401 - the requested resource requires user authentication. | -| 0x80244018| WU_E_PT_HTTP_STATUS_FORBIDDEN| Same as HTTP status 403 - server understood the request but declined to fulfill it.| -| 0x80244019| WU_E_PT_HTTP_STATUS_NOT_FOUND| Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier). | -| 0x8024401A| WU_E_PT_HTTP_STATUS_BAD_METHOD| Same as HTTP status 405 - the HTTP method is not allowed.  | -| 0x8024401B| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ| Same as HTTP status 407 - proxy authentication is required. | -| 0x8024401C| WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT| Same as HTTP status 408 - the server timed out waiting for the request. | -| 0x8024401D| WU_E_PT_HTTP_STATUS_CONFLICT| Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource. | -| 0x8024401E| WU_E_PT_HTTP_STATUS_GONE| Same as HTTP status 410 - requested resource is no longer available at the server.| -| 0x8024401F| WU_E_PT_HTTP_STATUS_SERVER_ERROR| Same as HTTP status 500 - an error internal to the server prevented fulfilling the request. | -| 0x80244020| WU_E_PT_HTTP_STATUS_NOT_SUPPORTED| Same as HTTP status 500 - server does not support the functionality required to fulfill the request. | -| 0x80244021| WU_E_PT_HTTP_STATUS_BAD_GATEWAY |Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfil the request.| -| 0x80244022| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL| Same as HTTP status 503 - the service is temporarily overloaded.  | -| 0x80244023| WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT| Same as HTTP status 503 - the request was timed out waiting for a gateway. | -| 0x80244024| WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP| Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request. | -| 0x80244025| WU_E_PT_FILE_LOCATIONS_CHANGED| Operation failed due to a changed file location; refresh internal state and resend.|  -| 0x80244026| WU_E_PT_REGISTRATION_NOT_SUPPORTED| Operation failed because Windows Update Agent does not support registration with a non-WSUS server. | -| 0x80244027| WU_E_PT_NO_AUTH_PLUGINS_REQUESTED| The server returned an empty authentication information list.  | -| 0x80244028| WU_E_PT_NO_AUTH_COOKIES_CREATED| Windows Update Agent was unable to create any valid authentication cookies. | -| 0x80244029| WU_E_PT_INVALID_CONFIG_PROP| A configuration property value was wrong. | -| 0x8024402A| WU_E_PT_CONFIG_PROP_MISSING| A configuration property value was missing. | -| 0x8024402B| WU_E_PT_HTTP_STATUS_NOT_MAPPED| The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_* error codes. | -| 0x8024402C| WU_E_PT_WINHTTP_NAME_NOT_RESOLVED| Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved. | -| 0x8024402F| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS| External cab file processing completed with some errors.| -| 0x80244030| WU_E_PT_ECP_INIT_FAILED| The external cab processor initialization did not complete. | -| 0x80244031| WU_E_PT_ECP_INVALID_FILE_FORMAT| The format of a metadata file was invalid. | -| 0x80244032| WU_E_PT_ECP_INVALID_METADATA| External cab processor found invalid metadata. | -| 0x80244033| WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST| The file digest could not be extracted from an external cab file. | -| 0x80244034| WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE| An external cab file could not be decompressed. | -| 0x80244035| WU_E_PT_ECP_FILE_LOCATION_ERROR| External cab processor was unable to get file locations. | -| 0x80244FFF| WU_E_PT_UNEXPECTED| A communication error not covered by another WU_E_PT_* error code. | -| 0x8024502D| WU_E_PT_SAME_REDIR_ID| Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery. | -| 0x8024502E| WU_E_PT_NO_MANAGED_RECOVER| A redirector recovery action did not complete because the server is managed. | + +| Error code | Message | Description | +|-------------|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +|  0x8024400B |  WU_E_PT_SOAP_VERSION |  Same as SOAP_E_VERSION_MISMATCH - SOAP client found an unrecognizable namespace for the SOAP envelope. | +|  0x8024400C |  WU_E_PT_SOAP_MUST_UNDERSTAND |  Same as SOAP_E_MUST_UNDERSTAND - SOAP client was unable to understand a header.  | +|  0x8024400D |  WU_E_PT_SOAP_CLIENT |  Same as SOAP_E_CLIENT - SOAP client found the message was malformed; fix before resending.  | +|  0x8024400E |  WU_E_PT_SOAP_SERVER |  Same as SOAP_E_SERVER - The SOAP message could not be processed due to a server error; resend later.  | +|  0x8024400F |  WU_E_PT_WMI_ERROR |  There was an unspecified Windows Management Instrumentation (WMI) error. | +|  0x80244010 |  WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS |  The number of round trips to the server exceeded the maximum limit.  | +|  0x80244011 |  WU_E_PT_SUS_SERVER_NOT_SET |  WUServer policy value is missing in the registry.  | +|  0x80244012 |  WU_E_PT_DOUBLE_INITIALIZATION |  Initialization failed because the object was already initialized.  | +|  0x80244013 |  WU_E_PT_INVALID_COMPUTER_NAME |  The computer name could not be determined.  | +|  0x80244015 |  WU_E_PT_REFRESH_CACHE_REQUIRED |  The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry. | +|  0x80244016 |  WU_E_PT_HTTP_STATUS_BAD_REQUEST |  Same as HTTP status 400 - the server could not process the request due to invalid syntax.  | +|  0x80244017 |  WU_E_PT_HTTP_STATUS_DENIED |  Same as HTTP status 401 - the requested resource requires user authentication.  | +|  0x80244018 |  WU_E_PT_HTTP_STATUS_FORBIDDEN |  Same as HTTP status 403 - server understood the request but declined to fulfill it. | +|  0x80244019 |  WU_E_PT_HTTP_STATUS_NOT_FOUND |  Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier).  | +|  0x8024401A |  WU_E_PT_HTTP_STATUS_BAD_METHOD |  Same as HTTP status 405 - the HTTP method is not allowed.  | +|  0x8024401B |  WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ |  Same as HTTP status 407 - proxy authentication is required.  | +|  0x8024401C |  WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT |  Same as HTTP status 408 - the server timed out waiting for the request.  | +|  0x8024401D |  WU_E_PT_HTTP_STATUS_CONFLICT |  Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource.  | +|  0x8024401E |  WU_E_PT_HTTP_STATUS_GONE |  Same as HTTP status 410 - requested resource is no longer available at the server. | +|  0x8024401F |  WU_E_PT_HTTP_STATUS_SERVER_ERROR |  Same as HTTP status 500 - an error internal to the server prevented fulfilling the request.  | +|  0x80244020 |  WU_E_PT_HTTP_STATUS_NOT_SUPPORTED |  Same as HTTP status 500 - server does not support the functionality required to fulfill the request.  | +|  0x80244021 |  WU_E_PT_HTTP_STATUS_BAD_GATEWAY | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfil the request. | +|  0x80244022 |  WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL |  Same as HTTP status 503 - the service is temporarily overloaded.  | +|  0x80244023 |  WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT |  Same as HTTP status 503 - the request was timed out waiting for a gateway.  | +|  0x80244024 |  WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP |  Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request.  | +|  0x80244025 |  WU_E_PT_FILE_LOCATIONS_CHANGED |  Operation failed due to a changed file location; refresh internal state and resend. | +|  0x80244026 |  WU_E_PT_REGISTRATION_NOT_SUPPORTED |  Operation failed because Windows Update Agent does not support registration with a non-WSUS server.  | +|  0x80244027 |  WU_E_PT_NO_AUTH_PLUGINS_REQUESTED |  The server returned an empty authentication information list.  | +|  0x80244028 |  WU_E_PT_NO_AUTH_COOKIES_CREATED |  Windows Update Agent was unable to create any valid authentication cookies.  | +|  0x80244029 |  WU_E_PT_INVALID_CONFIG_PROP |  A configuration property value was wrong.  | +|  0x8024402A |  WU_E_PT_CONFIG_PROP_MISSING |  A configuration property value was missing.  | +|  0x8024402B |  WU_E_PT_HTTP_STATUS_NOT_MAPPED |  The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_\* error codes.  | +|  0x8024402C |  WU_E_PT_WINHTTP_NAME_NOT_RESOLVED |  Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved.  | +|  0x8024402F |  WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |  External cab file processing completed with some errors. | +|  0x80244030 |  WU_E_PT_ECP_INIT_FAILED |  The external cab processor initialization did not complete.  | +|  0x80244031 |  WU_E_PT_ECP_INVALID_FILE_FORMAT |  The format of a metadata file was invalid.  | +|  0x80244032 |  WU_E_PT_ECP_INVALID_METADATA |  External cab processor found invalid metadata.  | +|  0x80244033 |  WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST |  The file digest could not be extracted from an external cab file.  | +|  0x80244034 |  WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE |  An external cab file could not be decompressed.  | +|  0x80244035 |  WU_E_PT_ECP_FILE_LOCATION_ERROR |  External cab processor was unable to get file locations.  | +|  0x80244FFF |  WU_E_PT_UNEXPECTED |  A communication error not covered by another WU_E_PT_\* error code.  | +|  0x8024502D |  WU_E_PT_SAME_REDIR_ID |  Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery.  | +|  0x8024502E |  WU_E_PT_NO_MANAGED_RECOVER |  A redirector recovery action did not complete because the server is managed.  | ## Download Manager errors -|Error code|Message|Description| -|-|-|-| -| 0x80246001| WU_E_DM_URLNOTAVAILABLE| A download manager operation could not be completed because the requested file does not have a URL. | -| 0x80246002| WU_E_DM_INCORRECTFILEHASH| A download manager operation could not be completed because the file digest was not recognized. | -| 0x80246003| WU_E_DM_UNKNOWNALGORITHM| A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm. | -| 0x80246004| WU_E_DM_NEEDDOWNLOADREQUEST| An operation could not be completed because a download request is required from the download handler. | -| 0x80246005| WU_E_DM_NONETWORK| A download manager operation could not be completed because the network connection was unavailable. | -| 0x80246006| WU_E_DM_WRONGBITSVERSION| A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible.|  -| 0x80246007| WU_E_DM_NOTDOWNLOADED| The update has not been downloaded. | -| 0x80246008| WU_E_DM_FAILTOCONNECTTOBITS| A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS).|  -| 0x80246009|WU_E_DM_BITSTRANSFERERROR| A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error.  | -| 0x8024600A| WU_E_DM_DOWNLOADLOCATIONCHANGED| A download must be restarted because the location of the source of the download has changed.|  -| 0x8024600B| WU_E_DM_CONTENTCHANGED| A download must be restarted because the update content changed in a new revision.  | -| 0x80246FFF| WU_E_DM_UNEXPECTED| There was a download manager error not covered by another WU_E_DM_* error code.  | +| Error code | Message | Description | +|-------------|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +|  0x80246001 |  WU_E_DM_URLNOTAVAILABLE |  A download manager operation could not be completed because the requested file does not have a URL.  | +|  0x80246002 |  WU_E_DM_INCORRECTFILEHASH |  A download manager operation could not be completed because the file digest was not recognized.  | +|  0x80246003 |  WU_E_DM_UNKNOWNALGORITHM |  A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm.  | +|  0x80246004 |  WU_E_DM_NEEDDOWNLOADREQUEST |  An operation could not be completed because a download request is required from the download handler.  | +|  0x80246005 |  WU_E_DM_NONETWORK |  A download manager operation could not be completed because the network connection was unavailable.  | +|  0x80246006 |  WU_E_DM_WRONGBITSVERSION |  A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. | +|  0x80246007 |  WU_E_DM_NOTDOWNLOADED |  The update has not been downloaded.  | +|  0x80246008 |  WU_E_DM_FAILTOCONNECTTOBITS |  A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). | +|  0x80246009 | WU_E_DM_BITSTRANSFERERROR |  A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error.  | +|  0x8024600A |  WU_E_DM_DOWNLOADLOCATIONCHANGED |  A download must be restarted because the location of the source of the download has changed. | +|  0x8024600B |  WU_E_DM_CONTENTCHANGED |  A download must be restarted because the update content changed in a new revision.  | +|  0x80246FFF |  WU_E_DM_UNEXPECTED |  There was a download manager error not covered by another WU_E_DM_\* error code.  | ## Update Handler errors -|Error code|Message|Description| -|-|-|-| -| 0x80242000| WU_E_UH_REMOTEUNAVAILABLE|9 A request for a remote update handler could not be completed because no remote process is available. | -| 0x80242001| WU_E_UH_LOCALONLY| A request for a remote update handler could not be completed because the handler is local only. | -| 0x80242002| WU_E_UH_UNKNOWNHANDLER| A request for an update handler could not be completed because the handler could not be recognized. | -| 0x80242003| WU_E_UH_REMOTEALREADYACTIVE| A remote update handler could not be created because one already exists.  | -| 0x80242004| WU_E_UH_DOESNOTSUPPORTACTION| A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall).|  -| 0x80242005| WU_E_UH_WRONGHANDLER| An operation did not complete because the wrong handler was specified.  | -| 0x80242006| WU_E_UH_INVALIDMETADATA| A handler operation could not be completed because the update contains invalid metadata. | -| 0x80242007| WU_E_UH_INSTALLERHUNG| An operation could not be completed because the installer exceeded the time limit. | -| 0x80242008| WU_E_UH_OPERATIONCANCELLED| An operation being done by the update handler was cancelled. | -| 0x80242009| WU_E_UH_BADHANDLERXML| An operation could not be completed because the handler-specific metadata is invalid.  | -| 0x8024200A| WU_E_UH_CANREQUIREINPUT| A request to the handler to install an update could not be completed because the update requires user input. | -| 0x8024200B| WU_E_UH_INSTALLERFAILURE| The installer failed to install (uninstall) one or more updates.  | -| 0x8024200C| WU_E_UH_FALLBACKTOSELFCONTAINED| The update handler should download self-contained content rather than delta-compressed content for the update. | -| 0x8024200D| WU_E_UH_NEEDANOTHERDOWNLOAD| The update handler did not install the update because it needs to be downloaded again.  | -| 0x8024200E| WU_E_UH_NOTIFYFAILURE| The update handler failed to send notification of the status of the install (uninstall) operation.  | -| 0x8024200F| WU_E_UH_INCONSISTENT_FILE_NAMES | The file names contained in the update metadata and in the update package are inconsistent.  | -| 0x80242010| WU_E_UH_FALLBACKERROR| The update handler failed to fall back to the self-contained content.  | -| 0x80242011| WU_E_UH_TOOMANYDOWNLOADREQUESTS| The update handler has exceeded the maximum number of download requests.  | -| 0x80242012| WU_E_UH_UNEXPECTEDCBSRESPONSE| The update handler has received an unexpected response from CBS.  | -| 0x80242013| WU_E_UH_BADCBSPACKAGEID| The update metadata contains an invalid CBS package identifier.  | -| 0x80242014| WU_E_UH_POSTREBOOTSTILLPENDING| The post-reboot operation for the update is still in progress.  | -| 0x80242015| WU_E_UH_POSTREBOOTRESULTUNKNOWN| The result of the post-reboot operation for the update could not be determined.  | -| 0x80242016| WU_E_UH_POSTREBOOTUNEXPECTEDSTATE| The state of the update after its post-reboot operation has completed is unexpected.  | -| 0x80242017| WU_E_UH_NEW_SERVICING_STACK_REQUIRED| The OS servicing stack must be updated before this update is downloaded or installed.  | -| 0x80242FFF| WU_E_UH_UNEXPECTED| An update handler error not covered by another WU_E_UH_* code.  | +| Error code | Message | Description | +|-------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +|  0x80242000 |  WU_E_UH_REMOTEUNAVAILABLE | 9 A request for a remote update handler could not be completed because no remote process is available.  | +|  0x80242001 |  WU_E_UH_LOCALONLY |  A request for a remote update handler could not be completed because the handler is local only.  | +|  0x80242002 |  WU_E_UH_UNKNOWNHANDLER |  A request for an update handler could not be completed because the handler could not be recognized.  | +|  0x80242003 |  WU_E_UH_REMOTEALREADYACTIVE |  A remote update handler could not be created because one already exists.  | +|  0x80242004 |  WU_E_UH_DOESNOTSUPPORTACTION |  A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). | +|  0x80242005 |  WU_E_UH_WRONGHANDLER |  An operation did not complete because the wrong handler was specified.  | +|  0x80242006 |  WU_E_UH_INVALIDMETADATA |  A handler operation could not be completed because the update contains invalid metadata.  | +|  0x80242007 |  WU_E_UH_INSTALLERHUNG |  An operation could not be completed because the installer exceeded the time limit.  | +|  0x80242008 |  WU_E_UH_OPERATIONCANCELLED |  An operation being done by the update handler was cancelled.  | +|  0x80242009 |  WU_E_UH_BADHANDLERXML |  An operation could not be completed because the handler-specific metadata is invalid.  | +| 0x8024200A |  WU_E_UH_CANREQUIREINPUT |  A request to the handler to install an update could not be completed because the update requires user input.  | +|  0x8024200B |  WU_E_UH_INSTALLERFAILURE |  The installer failed to install (uninstall) one or more updates.  | +|  0x8024200C |  WU_E_UH_FALLBACKTOSELFCONTAINED |  The update handler should download self-contained content rather than delta-compressed content for the update.  | +|  0x8024200D |  WU_E_UH_NEEDANOTHERDOWNLOAD |  The update handler did not install the update because it needs to be downloaded again.  | +|  0x8024200E |  WU_E_UH_NOTIFYFAILURE |  The update handler failed to send notification of the status of the install (uninstall) operation.  | +|  0x8024200F | WU_E_UH_INCONSISTENT_FILE_NAMES |  The file names contained in the update metadata and in the update package are inconsistent.  | +|  0x80242010 |  WU_E_UH_FALLBACKERROR |  The update handler failed to fall back to the self-contained content.  | +|  0x80242011 |  WU_E_UH_TOOMANYDOWNLOADREQUESTS |  The update handler has exceeded the maximum number of download requests.  | +|  0x80242012 |  WU_E_UH_UNEXPECTEDCBSRESPONSE |  The update handler has received an unexpected response from CBS.  | +|  0x80242013 |  WU_E_UH_BADCBSPACKAGEID |  The update metadata contains an invalid CBS package identifier.  | +|  0x80242014 |  WU_E_UH_POSTREBOOTSTILLPENDING |  The post-reboot operation for the update is still in progress.  | +|  0x80242015 |  WU_E_UH_POSTREBOOTRESULTUNKNOWN |  The result of the post-reboot operation for the update could not be determined.  | +|  0x80242016 |  WU_E_UH_POSTREBOOTUNEXPECTEDSTATE |  The state of the update after its post-reboot operation has completed is unexpected.  | +|  0x80242017 |  WU_E_UH_NEW_SERVICING_STACK_REQUIRED |  The OS servicing stack must be updated before this update is downloaded or installed.  | +|  0x80242FFF |  WU_E_UH_UNEXPECTED |  An update handler error not covered by another WU_E_UH_\* code.  | ## Data Store errors -|Error code|Message|Description | -|-|-|-| -| 0x80248000| WU_E_DS_SHUTDOWN| An operation failed because Windows Update Agent is shutting down.  | -| 0x80248001| WU_E_DS_INUSE| An operation failed because the data store was in use.|  -| 0x80248002| WU_E_DS_INVALID| The current and expected states of the data store do not match.|  -| 0x80248003| WU_E_DS_TABLEMISSING| The data store is missing a table.  | -| 0x80248004| WU_E_DS_TABLEINCORRECT| The data store contains a table with unexpected columns.  | -| 0x80248005| WU_E_DS_INVALIDTABLENAME| A table could not be opened because the table is not in the data store. | -| 0x80248006| WU_E_DS_BADVERSION| The current and expected versions of the data store do not match. | -| 0x80248007| WU_E_DS_NODATA| The information requested is not in the data store.  | -| 0x80248008| WU_E_DS_MISSINGDATA| The data store is missing required information or has a NULL in a table column that requires a non-null value.  | -| 0x80248009| WU_E_DS_MISSINGREF| The data store is missing required information or has a reference to missing license terms file localized property or linked row. | -| 0x8024800A| WU_E_DS_UNKNOWNHANDLER| The update was not processed because its update handler could not be recognized.  | -| 0x8024800B| WU_E_DS_CANTDELETE| The update was not deleted because it is still referenced by one or more services.  | -| 0x8024800C| WU_E_DS_LOCKTIMEOUTEXPIRED| The data store section could not be locked within the allotted time.  | -| 0x8024800D| WU_E_DS_NOCATEGORIES | The category was not added because it contains no parent categories and is not a top-level category itself.  | -| 0x8024800E| WU_E_DS_ROWEXISTS| The row was not added because an existing row has the same primary key.  | -| 0x8024800F| WU_E_DS_STOREFILELOCKED| The data store could not be initialized because it was locked by another process.  | -| 0x80248010| WU_E_DS_CANNOTREGISTER| The data store is not allowed to be registered with COM in the current process.  -| 0x80248011| WU_E_DS_UNABLETOSTART| Could not create a data store object in another process.  -| 0x80248013| WU_E_DS_DUPLICATEUPDATEID |The server sent the same update to the client with two different revision IDs.  -| 0x80248014 |WU_E_DS_UNKNOWNSERVICE| An operation did not complete because the service is not in the data store.  -| 0x80248015 |WU_E_DS_SERVICEEXPIRED |An operation did not complete because the registration of the service has expired.  -| 0x80248016 | WU_E_DS_DECLINENOTALLOWED | A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline.  -| 0x80248017 | WU_E_DS_TABLESESSIONMISMATCH| A table was not closed because it is not associated with the session.  -| 0x80248018 | WU_E_DS_SESSIONLOCKMISMATCH| A table was not closed because it is not associated with the session.  -| 0x80248019 | WU_E_DS_NEEDWINDOWSSERVICE| A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service.  -| 0x8024801A | WU_E_DS_INVALIDOPERATION| A request was declined because the operation is not allowed.  -| 0x8024801B | WU_E_DS_SCHEMAMISMATCH| The schema of the current data store and the schema of a table in a backup XML document do not match.  -| 0x8024801C | WU_E_DS_RESETREQUIRED| The data store requires a session reset; release the session and retry with a new session.  -| 0x8024801D | WU_E_DS_IMPERSONATED| A data store operation did not complete because it was requested with an impersonated identity.  -| 0x80248FFF | WU_E_DS_UNEXPECTED| A data store error not covered by another WU_E_DS_* code.  +| Error code | Message | Description | +|-------------|-------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +|  0x80248000 |  WU_E_DS_SHUTDOWN |  An operation failed because Windows Update Agent is shutting down.  | +|  0x80248001 |  WU_E_DS_INUSE |  An operation failed because the data store was in use. | +|  0x80248002 |  WU_E_DS_INVALID |  The current and expected states of the data store do not match. | +|  0x80248003 |  WU_E_DS_TABLEMISSING |  The data store is missing a table.  | +|  0x80248004 |  WU_E_DS_TABLEINCORRECT |  The data store contains a table with unexpected columns.  | +|  0x80248005 |  WU_E_DS_INVALIDTABLENAME |  A table could not be opened because the table is not in the data store.  | +|  0x80248006 |  WU_E_DS_BADVERSION |  The current and expected versions of the data store do not match.  | +|  0x80248007 |  WU_E_DS_NODATA |  The information requested is not in the data store.  | +|  0x80248008 |  WU_E_DS_MISSINGDATA |  The data store is missing required information or has a NULL in a table column that requires a non-null value.  | +|  0x80248009 |  WU_E_DS_MISSINGREF |  The data store is missing required information or has a reference to missing license terms file localized property or linked row. | +|  0x8024800A |  WU_E_DS_UNKNOWNHANDLER |  The update was not processed because its update handler could not be recognized.  | +|  0x8024800B |  WU_E_DS_CANTDELETE |  The update was not deleted because it is still referenced by one or more services.  | +|  0x8024800C |  WU_E_DS_LOCKTIMEOUTEXPIRED |  The data store section could not be locked within the allotted time.  | +|  0x8024800D |  WU_E_DS_NOCATEGORIES |  The category was not added because it contains no parent categories and is not a top-level category itself.  | +|  0x8024800E |  WU_E_DS_ROWEXISTS |  The row was not added because an existing row has the same primary key.  | +|  0x8024800F |  WU_E_DS_STOREFILELOCKED |  The data store could not be initialized because it was locked by another process.  | +|  0x80248010 |  WU_E_DS_CANNOTREGISTER |  The data store is not allowed to be registered with COM in the current process.  | +|  0x80248011 | WU_E_DS_UNABLETOSTART |  Could not create a data store object in another process.  | +|  0x80248013 |  WU_E_DS_DUPLICATEUPDATEID | The server sent the same update to the client with two different revision IDs.  | +|  0x80248014 | WU_E_DS_UNKNOWNSERVICE |  An operation did not complete because the service is not in the data store.  | +| 0x80248015 | WU_E_DS_SERVICEEXPIRED | An operation did not complete because the registration of the service has expired.  | +| 0x80248016 |  WU_E_DS_DECLINENOTALLOWED |  A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline.  | +| 0x80248017 |  WU_E_DS_TABLESESSIONMISMATCH |  A table was not closed because it is not associated with the session.  | +| 0x80248018 |  WU_E_DS_SESSIONLOCKMISMATCH |  A table was not closed because it is not associated with the session.  | +| 0x80248019 |  WU_E_DS_NEEDWINDOWSSERVICE |  A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service.  | +| 0x8024801A |  WU_E_DS_INVALIDOPERATION |  A request was declined because the operation is not allowed.  | +| 0x8024801B |  WU_E_DS_SCHEMAMISMATCH |  The schema of the current data store and the schema of a table in a backup XML document do not match.  | +| 0x8024801C |  WU_E_DS_RESETREQUIRED |  The data store requires a session reset; release the session and retry with a new session.  | +| 0x8024801D |  WU_E_DS_IMPERSONATED |  A data store operation did not complete because it was requested with an impersonated identity.  | +| 0x80248FFF |  WU_E_DS_UNEXPECTED |  A data store error not covered by another WU_E_DS_\* code.  | ## Driver Util errors The PnP enumerated device is removed from the System Spec because one of the hardware IDs or the compatible IDs matches an installed printer driver. This is not a fatal error, and the device is merely skipped. @@ -360,4 +362,4 @@ The following errors are used to indicate that part of a search fails because of | 0x8024D00F | WU_E_SETUP_HANDLER_EXEC_FAILURE| Windows Update Agent could not be updated because the setup handler failed during execution.  | 0x8024D010 | WU_E_SETUP_INVALID_REGISTRY_DATA| Windows Update Agent could not be updated because the registry contains invalid information.  | 0x8024D013 | WU_E_SETUP_WRONG_SERVER_VERSION| Windows Update Agent could not be updated because the server does not contain update information for this version.  -| 0x8024DFFF | WU_E_SETUP_UNEXPECTED| Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code.  \ No newline at end of file +| 0x8024DFFF | WU_E_SETUP_UNEXPECTED| Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code.  diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index d63d0500b4..44bb1240ca 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -4,10 +4,12 @@ description: Learn about some common issues you might experience with Windows Up ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -17,20 +19,22 @@ ms.topic: article The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them. -|Error Code|Message|Description|Mitigation| -|-|-|-|-| -|0x8024402F|WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS|External cab file processing completed with some errors|One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering.
                                      The IP addresses of the computers you want to get updates successfully on, should be added to the exceptions list of Lightspeed | -|0x80242006|WU_E_UH_INVALIDMETADATA|A handler operation could not be completed because the update contains invalid metadata.|Rename Software Redistribution Folder and attempt to download the updates again:
                                      Rename the following folders to *.BAK:
                                      - %systemroot%\system32\catroot2

                                      To do this, type the following commands at a command prompt. Press ENTER after you type each command.
                                      - Ren %systemroot%\SoftwareDistribution\DataStore *.bak
                                      - Ren %systemroot%\SoftwareDistribution\Download *.bak
                                      Ren %systemroot%\system32\catroot2 *.bak | -|0x80070BC9|ERROR_FAIL_REBOOT_REQUIRED|The requested operation failed. A system reboot is required to roll back changes made.|Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS.| -|0x80200053|BG_E_VALIDATION_FAILED|NA|Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.

                                      If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). | -|0x80072EE2|WININET_E_TIMEOUT|The operation timed out|This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
                                      http://*.update.microsoft.com
                                      https://*.update.microsoft.com
                                      http://download.windowsupdate.com

                                      Additionally , you can take a network trace and see what is timing out. | -|0x80072EFD
                                      0x80072EFE 
                                      0x80D02002|TIME OUT ERRORS|The operation timed out|Make sure there are no firewall rules or proxy to block Microsoft download URLs.
                                      Take a network monitor trace to understand better. | -|0X8007000D|ERROR_INVALID_DATA|Indicates invalid data downloaded or corruption occurred.|Attempt to re-download the update and initiate installation. | -|0x8024A10A|USO_E_SERVICE_SHUTTING_DOWN|Indicates that the WU Service is shutting down.|This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade. | -|0x80240020|WU_E_NO_INTERACTIVE_USER|Operation did not complete because there is no logged-on interactive user.|Please login to the system to initiate the installation and allow the system to be rebooted. | -|0x80242014|WU_E_UH_POSTREBOOTSTILLPENDING|The post-reboot operation for the update is still in progress.|Some Windows Updates require the system to be restarted. Reboot the system to complete the installation of the Updates. | -|0x80246017|WU_E_DM_UNAUTHORIZED_LOCAL_USER|The download failed because the local user was denied authorization to download the content.|Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).| -|0x8024000B|WU_E_CALL_CANCELLED|Operation was cancelled.|This indicates that the operation was cancelled by the user/service. You may also encounter this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.| -|0x8024000E|WU_E_XML_INVALID|Windows Update Agent found invalid information in the update's XML data.|Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. | -|0x8024D009|WU_E_SETUP_SKIP_UPDATE|An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file.|You may encounter this error when WSUS is not sending the Self-update to the clients.

                                      Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.| -|0x80244007|WU_E_PT_SOAPCLIENT_SOAPFAULT|SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_* error codes.|This issue occurs because Windows cannot renew the cookies for Windows Update.

                                      Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.| \ No newline at end of file + +| Error Code | Message | Description | Mitigation | +|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering.
                                      The IP addresses of the computers you want to get updates successfully on, should be added to the exceptions list of Lightspeed | +| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again:
                                      Rename the following folders to \*.BAK:
                                      - %systemroot%\system32\catroot2

                                      To do this, type the following commands at a command prompt. Press ENTER after you type each command.
                                      - Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
                                      - Ren %systemroot%\SoftwareDistribution\Download \*.bak
                                      Ren %systemroot%\system32\catroot2 \*.bak | +| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS. | +| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.

                                      If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). | +| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
                                      http://.update.microsoft.com
                                      https://                                      .update.microsoft.com


                                      Additionally , you can take a network trace and see what is timing out. | +| 0x80072EFD
                                      0x80072EFE 
                                      0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
                                      Take a network monitor trace to understand better. | +| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. | +| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the WU Service is shutting down. | This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade. | +| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Please login to the system to initiate the installation and allow the system to be rebooted. | +| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-reboot operation for the update is still in progress. | Some Windows Updates require the system to be restarted. Reboot the system to complete the installation of the Updates. | +| 0x80246017 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator). | +| 0x8024000B | WU_E_CALL_CANCELLED | Operation was cancelled. | This indicates that the operation was cancelled by the user/service. You may also encounter this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. | +| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. | +| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.

                                      Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | +| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.

                                      Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. | + diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index df6c14cfbf..854d12fc0e 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -4,10 +4,12 @@ description: Learn about the Windows Update log files ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -61,7 +63,7 @@ The WU engine has different component names. The following are some of the most - DataStore - Caching update data locally - IdleTimer - Tracking active calls, stopping a service ->[!NOTE] +>[!NOTE] >Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what’s important. ### Windows Update log structure diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index 18664e5161..87b016f3a5 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -4,10 +4,12 @@ description: Learn how Windows Update works, including architecture and troubles ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -35,15 +37,15 @@ To understand the changes to the Windows Update architecture that UUP introduces - **Update Session Orchestrator (USO)**- A Windows OS component that orchestrates the sequence of downloading and installing various update types from Windows Update. Update types- - - OS Feature updates - - OS Security updates - - Device drivers - - Defender definition updates + - OS Feature updates + - OS Security updates + - Device drivers + - Defender definition updates - >[!NOTE] - > Other types of updates, like Office desktop updates, are installed if the user opts into Microsoft Update. - > - >Store apps aren't installed by USO, today they are separate. + >[!NOTE] + > Other types of updates, like Office desktop updates, are installed if the user opts into Microsoft Update. + > + >Store apps aren't installed by USO, today they are separate. - **WU Client/ UpdateAgent** - The component running on your PC. It's essentially a DLL that is downloaded to the device when an update is applicable. It surfaces the APIs needed to perform an update, including those needed to generate a list of payloads to download, as well as starts stage and commit operations. It provides a unified interface that abstracts away the underlying update technologies from the caller. - **WU Arbiter handle**- Code that is included in the UpdateAgent binary. The arbiter gathers information about the device, and uses the CompDB(s) to output an action list. It is responsible for determining the final "composition state" of your device, and which payloads (like ESDs or packages) are needed to get your device up to date. @@ -52,4 +54,4 @@ To understand the changes to the Windows Update architecture that UUP introduces Additional components include the following- - **CompDB** – A generic term to refer to the XML describing information about target build composition, available diff packages, and conditional rules. -- **Action List** – The payload and additional information needed to perform an update. The action list is consumed by the UpdateAgent, as well as other installers to determine what payload to download. It's also consumed by the "Install Agent" to determine what actions need to be taken, such as installing or removing packages. \ No newline at end of file +- **Action List** – The payload and additional information needed to perform an update. The action list is consumed by the UpdateAgent, as well as other installers to determine what payload to download. It's also consumed by the "Install Agent" to determine what actions need to be taken, such as installing or removing packages. diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index 0066e48950..3c86a313b1 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -4,10 +4,12 @@ description: Additional resources for Windows Update ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -119,6 +121,6 @@ The following resources provide additional information about using Windows Updat net start wuauserv ``` 10. If you are running Windows Vista or Windows Server 2008, clear the BITS queue. To do this, type the following command at a command prompt, and then press ENTER: - ``` - bitsadmin.exe /reset /allusers - ``` \ No newline at end of file + ``` + bitsadmin.exe /reset /allusers + ``` diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 4c56170e4d..10c28bdca8 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -4,10 +4,12 @@ description: Learn how to troubleshoot Windows Update ms.prod: w10 ms.mktglfcycl: ms.sitesec: library -author: kaushika-msft +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 09/18/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md index da64371629..8b02223e9a 100644 --- a/windows/deployment/update/wufb-autoupdate.md +++ b/windows/deployment/update/wufb-autoupdate.md @@ -4,10 +4,12 @@ description: Learn how to get started using Windows Update for Business. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 06/20/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md index 6cdd0a1cc6..79bfff04d8 100644 --- a/windows/deployment/update/wufb-basics.md +++ b/windows/deployment/update/wufb-basics.md @@ -4,10 +4,12 @@ description: Learn how to get started using the Basic GPO in Windows Update for ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 06/20/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- # Configure the Basic group policy for Windows Update for Business @@ -24,4 +26,4 @@ For Windows Update for Business configurations to work, devices need to be confi |Policy|Location|Suggested configuration| |-|-|-| |Allow Telemetry |GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow Telemetry |State: Enabled
                                      **Option**: 1-Basic| -|Configure Commercial ID|GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Commercial ID |State: Enabled
                                      **Commercial ID**: The GUID created for you at the time of onboarding to Windows Analytics| \ No newline at end of file +|Configure Commercial ID|GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Commercial ID |State: Enabled
                                      **Commercial ID**: The GUID created for you at the time of onboarding to Windows Analytics| diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 5d1f0ea0d5..eb8f6bcde2 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -4,10 +4,12 @@ description: Learn how to enforce compliance deadlines using Windows Update for ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 06/20/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- # Enforcing compliance deadlines for updates @@ -27,7 +29,7 @@ This flow only enforces the deadline where the device will attempt to silently r Once the device is in the pending restart state, it will attempt to restart the device during non-active hours. This is known as the auto-restart period, and by default it does not require user interaction to reboot the device. ->[!NOTE] +>[!NOTE] >Deadlines are enforced from pending restart state (for example, when the device has completed the installation and download from Windows Update). ### Policy overview diff --git a/windows/deployment/update/wufb-managedrivers.md b/windows/deployment/update/wufb-managedrivers.md index c49ed5ff8a..80f65c4baf 100644 --- a/windows/deployment/update/wufb-managedrivers.md +++ b/windows/deployment/update/wufb-managedrivers.md @@ -4,10 +4,12 @@ description: Learn how to manage drivers, dual managed environments, and bandwid ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 06/21/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- # Managing drivers, dual-managed environments, and Delivery Optimization with group policies @@ -63,4 +65,4 @@ You can use an on-premises catalog, like WSUS, to deploy 3rd Party patches and u |Download Mode|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Download Mode|State: Enabled
                                      **Download Mode**: Group (2)| |Minimum Peer Caching Content File Size (in MB)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Minimum Peer Caching Content File Size (in MB)|State: Enabled
                                      **Minimum Peer caching content file size (in MB)**: 10 MB| |Allow uploads while the device is on battery while under set battery level (percentage)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Allow uploads while the device is on battery while under set battery level (percentage)|State: Enabled
                                      **Minimum battery level (Percentage)**: 60| -|Max Cache Age (in seconds)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Max Cache Age (in seconds)|State: Enabled
                                      **Max Cache Age (in seconds)**: 604800 ~ 7 days| \ No newline at end of file +|Max Cache Age (in seconds)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Max Cache Age (in seconds)|State: Enabled
                                      **Max Cache Age (in seconds)**: 604800 ~ 7 days| diff --git a/windows/deployment/update/wufb-manageupdate.md b/windows/deployment/update/wufb-manageupdate.md index 84aa983ea8..a631ad47fa 100644 --- a/windows/deployment/update/wufb-manageupdate.md +++ b/windows/deployment/update/wufb-manageupdate.md @@ -4,10 +4,12 @@ description: Learn how to get started using Windows Update for Business. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo +ms.author: lomayor ms.date: 06/20/2018 +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -20,6 +22,7 @@ Windows Update for Business allows users to control when devices should receive The following policies let you configure when you want a device to see a feature and or quality update from Windows Update. ## Policy overview + |Policy name| Description | |-|-| |Select when Quality Updates are received|Configures when the device should receive quality update. In this policy you can also select a date to pause receiving Quality Updates until. | @@ -29,9 +32,10 @@ The following policies let you configure when you want a device to see a feature ## Suggested configuration for a non-wave deployment If you don't need a wave deployment and have a small set of devices to manage, we recommend the following configuration: + |Policy| Location|Suggested configuration | |-|-|-| -|Select when Quality Updates are received | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled
                                      **Defer receiving it for this many days**: 0
                                      **Pause Quality Updates**: Blank
                                      *Note: use this functionality to prevent the device from receiving a quality update until the time passes| +|Select when Quality Updates are received | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled
                                      **Defer receiving it for this many days**: 0
                                      **Pause Quality Updates**: Blank
                                      *Note: use this functionality to prevent the device from receiving a quality update until the time passes| |Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled
                                      **Select Windows Readiness Level**: SAC
                                      **Defer receiving for this many days**: 0-365
                                      **Pause Feature Updates**: Blank
                                      *Note: use this functionality to prevent the device from receiving a feature update until the time passes| |Do not allow update deferral policies to cause scans against Windows Update|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not allow update deferral policies to cause scans against Windows Update|State: Disabled| diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md index 022e4b177b..13e56f815c 100644 --- a/windows/deployment/update/wufb-onboard.md +++ b/windows/deployment/update/wufb-onboard.md @@ -4,10 +4,11 @@ description: Learn how to get started using Windows Update for Business. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: lizap +author: lomayor ms.localizationpriority: medium -ms.author: elizapo -ms.date: 06/20/2018 +ms.author: lomayor +ms.reviewer: +manager: dansimp ms.topic: article --- @@ -15,30 +16,30 @@ ms.topic: article >Applies to: Windows 10 -Windows Update for Business is a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service (WU). Windows Update for Business can control the following: +Windows Update for Business is a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service. Windows Update for Business can control the following: -- Interaction between the client and Windows Update service (AU Options) +- Interaction between the client and Windows Update service - End user notification for pending updates - Compliance deadlines for feature or quality updates -- Configure wave deployment for feature or quality updates bandwidth optimization (DO) +- Configure wave deployment for feature or quality updates bandwidth optimization -We also provide additional functionality to manage your environment when risk or issues arise such as a LOB application being blocked: +We also provide additional functionality to manage your environment when risk or issues arise such as applications being blocked: - Uninstall latest feature or quality update - Pause for a duration of time Use the following information to set up your environment using Windows Update for Business policies: -- [Supported SKUs](#supported_skus) +- [Supported SKUs](#supported-editions) - [Windows Update for Business basics](wufb-basics.md) - [Setting up automatic update](wufb-autoupdate.md) - [Managing feature and quality updates](wufb-manageupdate.md) - [Enforcing compliance deadlines](wufb-compliancedeadlines.md) - [Managing drivers, environments with both Windows Update for Business and WSUS, and Download Optmization](wufb-managedrivers.md) -## Supported SKUs +## Supported editions -Windows Update for Business is supported on the following versions of Windows 10: +Windows Update for Business is supported on the following editions of Windows 10: - Windows 10 Education - Windows 10 Enterprise diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index a966f7ad8e..1454e87f15 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -1,13 +1,15 @@ --- title: Log files - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 03/30/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- @@ -82,9 +84,9 @@ See the following example:
                                      1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process. -
                                      2. Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. +
                                      3. Based on the extend code portion of the error code, determine the type and location of a log files to investigate.
                                      4. Open the log file in a text editor, such as notepad. -
                                      5. Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below. +
                                      6. Using the result code portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
                                      7. To find the last occurrence of the result code:
                                        1. Scroll to the bottom of the file and click after the last character. diff --git a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md index 05ad622fed..6808396a25 100644 --- a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md +++ b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md @@ -1,9 +1,12 @@ ---- +--- title: Manage Windows upgrades with Upgrade Readiness (Windows 10) description: Provides an overview of the process of managing Windows upgrades with Upgrade Readiness. ms.prod: w10 -author: greg-lindsay +author: lomayor ms.date: 04/25/2017 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.topic: article --- @@ -35,7 +38,7 @@ The Upgrade Readiness workflow steps you through the discovery and rationalizati - [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services) - [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) -##**Related topics** +## **Related topics** [Upgrade Readiness architecture](upgrade-readiness-architecture.md)
                                          [Upgrade Readiness requirements](upgrade-readiness-requirements.md)
                                          diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index d8b5c9b9e4..a2633ed3d5 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -1,13 +1,15 @@ --- title: Quick fixes - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 05/03/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- @@ -30,18 +32,18 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr ## List of fixes
                                            -
                                          1. Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware).
                                            2. -
                                          2. Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive).
                                            3. -
                                          3. Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter).
                                            4. -
                                          4. Attempt to restore and repair system files. [More information](#repair-system-files).
                                            5. -
                                          5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows).
                                            6. +
                                          6. Remove nonessential external hardware, such as docks and USB devices. More information.
                                            7. +
                                          7. Check the system drive for errors and attempt repairs. More information.
                                            8. +
                                          8. Run the Windows Update troubleshooter. More information.
                                            9. +
                                          9. Attempt to restore and repair system files. More information.
                                            10. +
                                          10. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
                                          11. Temporarily uninstall non-Microsoft antivirus software. - [More information](#uninstall-non-microsoft-antivirus-software).
                                            12. + More information. -
                                          12. Uninstall all nonessential software. [More information](#uninstall-non-essential-software).
                                            13. -
                                          13. Update firmware and drivers. [More information](#update-firmware-and-drivers)
                                            14. -
                                          14. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected).
                                            15. -
                                          15. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space).
                                            16. +
                                          16. Uninstall all nonessential software. More information.
                                            17. +
                                          17. Update firmware and drivers. More information
                                            18. +
                                          18. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
                                            19. +
                                          19. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
                                          ## Step by step instructions @@ -234,4 +236,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
                                          [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
                                          [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
                                          [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
                                          [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
                                          [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 3b660307e8..5e999480f6 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -1,13 +1,15 @@ --- title: Resolution procedures - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 03/30/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- @@ -83,7 +85,7 @@ The device install log is particularly helpful if rollback occurs during the sys Mitigation Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
                                          Contact your hardware vendor to obtain updated device drivers. -
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. +
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. @@ -112,7 +114,7 @@ The device install log is particularly helpful if rollback occurs during the sys Ensure that all that drivers are updated.
                                          Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers. -
                                          For more information, see [Understanding Failures and Log Files](https://technet.microsoft.com/library/ee851579.aspx). +
                                          For more information, see Understanding Failures and Log Files.
                                          Update or uninstall the problem drivers. @@ -138,7 +140,7 @@ Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
                                          Contact your hardware vendor to obtain updated device drivers. -
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. +
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. @@ -193,7 +195,7 @@ Disconnect all peripheral devices that are connected to the system, except for t
                                          Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
                                          Review the rollback log and determine the stop code. -
                                          The rollback log is located in the **C:\$Windows.~BT\Sources\Panther** folder. An example analysis is shown below. This example is not representative of all cases: +
                                          The rollback log is located in the C:$Windows.~BT\Sources\Panther folder. An example analysis is shown below. This example is not representative of all cases:
                                          Info SP Crash 0x0000007E detected
                                          Info SP Module name :
                                          Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005 @@ -496,13 +498,13 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m 0xC1800118 WSUS has downloaded content that it cannot use due to a missing decryption key. -See [Steps to resolve error 0xC1800118](https://blogs.technet.microsoft.com/wsus/2016/09/21/resolving-error-0xc1800118/) for information. +See Steps to resolve error 0xC1800118 for information. 0xC1900200 Setup.exe has detected that the machine does not meet the minimum system requirements. -Ensure the system you are trying to upgrade meets the minimum system requirements.
                                          See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) for information. +Ensure the system you are trying to upgrade meets the minimum system requirements.
                                          See Windows 10 specifications for information. @@ -510,28 +512,34 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m 0x80090011 A device driver error occurred during user data migration. Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process. -
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. +
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 0xC7700112 Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk. This issue is resolved in the latest version of Upgrade Assistant. -
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. +
                                          Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. 0x80190001 An unexpected error was encountered while attempting to download files required for upgrade. -To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). +To resolve this issue, download and run the media creation tool. See Download windows 10. 0x80246007 The update was not downloaded successfully. Attempt other methods of upgrading the operating system.
                                          -Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). +Download and run the media creation tool. See Download windows 10.
                                          Attempt to upgrade using .ISO or USB.
                                          -**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). +Note: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center. + + + +0x80244018 +Your machine is connected through a proxy server. +Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings). @@ -548,7 +556,7 @@ Download and run the media creation tool. See [Download windows 10](https://www. 0x80070020 The existing process cannot access the file because it is being used by another process. -Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135). +Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see How to perform a clean boot in Windows. 0x80070522 @@ -559,12 +567,12 @@ Download and run the media creation tool. See [Download windows 10](https://www. 0xC1900107 A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade. -Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10). +Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see Disk cleanup in Windows 10. 0xC1900209 The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications. -Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information. +Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See Windows 10 Pre-Upgrade Validation using SETUP.EXE for more information.
                                          You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools. @@ -574,7 +582,7 @@ Download and run the media creation tool. See [Download windows 10](https://www. 0x8007002 This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403) -Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760) +Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
                                          The error 80072efe means that the connection with the server was terminated abnormally. @@ -584,7 +592,7 @@ Download and run the media creation tool. See [Download windows 10](https://www. 0x80240FFF -Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. +Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
                                            @@ -627,49 +635,49 @@ Download and run the media creation tool. See [Download windows 10](https://www. 0x80070003- 0x20007 This is a failure during SafeOS phase driver installation. -[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver. +Verify device drivers on the computer, and analyze log files to determine the problem driver. 0x8007025D - 0x2000C -This error occurs if the ISO file's metadata is corrupt."Re-download the ISO/Media and re-attempt the upgrade. +This error occurs if the ISO file's metadata is corrupt."Re-download the ISO/Media and re-attempt the upgrade. Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10). 0x80070490 - 0x20007An incompatible device driver is present. -[Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver. +Verify device drivers on the computer, and analyze log files to determine the problem driver. 0xC1900101 - 0x2000c An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption. -Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide. -
                                            Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display. +Run checkdisk to repair the file system. For more information, see the quick fixes section in this guide. +
                                            Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display. 0xC1900200 - 0x20008 The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. -See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements. +See Windows 10 Specifications and verify the computer meets minimum requirements.
                                            Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/). 0x80070004 - 0x3000D This is a problem with data migration during the first boot phase. There are multiple possible causes. -[Analyze log files](log-files.md#analyze-log-files) to determine the issue. +Analyze log files to determine the issue. 0xC1900101 - 0x4001E Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation. -This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section. +This is a generic error that occurs during the OOBE phase of setup. See the 0xC1900101 section of this guide and review general troubleshooting procedures described in that section. 0x80070005 - 0x4000D The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data. -[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied. +Analyze log files to determine the data point that is reporting access denied. 0x80070004 - 0x50012 Windows Setup failed to open a file. -[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems. +Analyze log files to determine the data point that is reporting access problems. 0xC190020e
                                            0x80070070 - 0x50011
                                            0x80070070 - 0x50012
                                            0x80070070 - 0x60000 These errors indicate the computer does not have enough free space available to install the upgrade. -To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade. +To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to free up drive space before proceeding with the upgrade.
                                            Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby. diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 3193a41095..f8c61e91e8 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -1,13 +1,15 @@ --- title: Resolve Windows 10 upgrade errors - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 04/18/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- @@ -59,4 +61,4 @@ See the following topics in this article:
                                            [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
                                            [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
                                            [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) -
                                            \ No newline at end of file +
                                            diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 9b97b16be8..3472d88e0f 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -1,13 +1,15 @@ --- title: SetupDiag +ms.reviewer: +manager: dansimp +ms.author: lomayor description: How to use the SetupDiag tool to diagnose Windows Setup errors keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 12/18/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- @@ -25,7 +27,7 @@ ms.topic: article ## About SetupDiag -Current version of SetupDiag: 1.4.0.0 +Current version of SetupDiag: 1.4.1.0 SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. @@ -64,8 +66,9 @@ The [Release notes](#release-notes) section at the bottom of this topic has info | /Output:\ |
                                            • This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below).
                                            • Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.
                                            | | /LogsPath:\ |
                                            • This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.
                                            | | /ZipLogs:\ |
                                            • This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.
                                            • Default: If not specified, a value of 'true' is used.
                                            | -| /Verbose |
                                            • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
                                            | | /Format:\ |
                                            • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
                                            | +| /Scenario:\[Recovery\] | This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.| +| /Verbose |
                                            • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
                                            | | /NoTel |
                                            • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
                                            | Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. @@ -97,6 +100,19 @@ The following example specifies that SetupDiag is to run in offline mode, and to SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 ``` +The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. + +``` +SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery +``` + +The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. + +``` +SetupDiag.exe /Scenario:Recovery /Format:xml +``` + + ## Log files [Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: @@ -141,7 +157,7 @@ The output also provides an error code 0xC1900208 - 0x4000C which corresponds to ``` C:\SetupDiag>SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:C:\Temp\BobMacNeill -SetupDiag v1.4.0.0 +SetupDiag v1.4.1.0 Copyright (c) Microsoft Corporation. All rights reserved. Searching for setup logs, this can take a minute or more depending on the number and size of the logs...please wait. @@ -397,6 +413,9 @@ Each rule name and its associated unique rule identifier are listed with a descr ## Release notes +05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). + 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - The FindDownlevelFailure rule is up to 10x faster. diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index a3241982d6..beb151b43d 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -1,13 +1,15 @@ --- title: Submit Windows 10 upgrade errors using Feedback Hub +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Submit Windows 10 upgrade errors for diagnosis using feedback hub keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, feedback ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 03/16/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index e89aab650c..b663b5680f 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -1,12 +1,15 @@ --- title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: lomayor ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 398c6de350..1f5d32e449 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -1,13 +1,15 @@ --- title: Upgrade error codes - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 08/18/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 7c3bfe6c23..84ce07f8df 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -1,8 +1,11 @@ --- title: Upgrade Readiness - Additional insights +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Explains additional features of Upgrade Readiness. ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -11,7 +14,7 @@ ms.collection: M365-analytics This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include: -- [Spectre and Meltdown protections](#spectre-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities. +- [Spectre and Meltdown protections](#spectre-and-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities. - [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer. - [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers. @@ -53,10 +56,10 @@ This blade reports the number of devices that have installed a firmware update t The IE site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. -> [!NOTE] +> [!NOTE] > Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. - ->IE site discovery is disabled on devices running Windows 7 and Windows 8.1 that are in Switzerland and EU countries. +> +> IE site discovery is disabled on devices running Windows 7 and Windows 8.1 that are in Switzerland and EU countries. In order to use site discovery, a separate opt-in is required; see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started). @@ -90,4 +93,4 @@ Office add-ins provides a list of the Microsoft Office add-ins in your environme ## Related topics -[Upgrade Readiness release notes](upgrade-readiness-release-notes.md) \ No newline at end of file +[Upgrade Readiness release notes](upgrade-readiness-release-notes.md) diff --git a/windows/deployment/upgrade/upgrade-readiness-architecture.md b/windows/deployment/upgrade/upgrade-readiness-architecture.md index bba456b2e9..ae046f6abf 100644 --- a/windows/deployment/upgrade/upgrade-readiness-architecture.md +++ b/windows/deployment/upgrade/upgrade-readiness-architecture.md @@ -1,8 +1,11 @@ ---- +--- title: Upgrade Readiness architecture (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Describes Upgrade Readiness architecture. ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -25,7 +28,7 @@ For more information about what diagnostic data Microsoft collects and how that [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
                                            [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
                                            -##**Related topics** +## **Related topics** [Upgrade Readiness requirements](upgrade-readiness-requirements.md)
                                            [Upgrade Readiness release notes](upgrade-readiness-requirements.md#important-information-about-this-release)
                                            diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index 3eff878d63..d5b3c8d42a 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -1,11 +1,14 @@ --- title: Upgrade Readiness data sharing +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Connectivity scenarios for data sharing with Upgrade Readiness ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -29,10 +32,10 @@ In order to use the direct connection scenario, set the parameter **ClientProxy= This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. In order to set the WinHTTP proxy system-wide on your computers, you need to -•Use the command netsh winhttp set proxy \:\ -•Set ClientProxy=System in runconfig.bat +- Use the command netsh winhttp set proxy \:\ +- Set ClientProxy=System in runconfig.bat -The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3. +The WinHTTP scenario is most appropriate for customers who use a single proxy. If you have more advanced proxy requirements, refer to Scenario 3. If you want to learn more about proxy considerations on Windows, see [Understanding Web Proxy Configuration](https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/). @@ -45,4 +48,10 @@ In order to enable this scenario, you need: - Set the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableEnterpriseAuthProxy to 0. If the value does not exist, create a new DWORD, name it DisableEnterpriseAuthProxy and set the value to 0. The deployment script will check this is configured correctly. - Set ClientProxy=User in bat. +> [!IMPORTANT] +> Using **Logged-in user's internet connection** with **DisableEnterpriseAuthProxy = 0** scenario is incompatible with ATP where the required value of that attribute is 1.(Read more here)[] + + + + diff --git a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md index 38f7cf60aa..7a445d7a3b 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md +++ b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md @@ -1,8 +1,11 @@ ---- +--- title: Upgrade Readiness - Get a list of computers that are upgrade ready (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness. ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -96,4 +99,4 @@ Upgrade assessment and guidance details are explained in the following table. Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file. ->**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. \ No newline at end of file +>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index e7440a2195..8bb240a99d 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -1,11 +1,14 @@ --- title: Upgrade Readiness deployment script (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Deployment script for Upgrade Readiness. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -152,29 +155,29 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi ->[!NOTE] ->**Additional steps to follow if you receive exit code 33** - ->Check the exit code for any of these messages: -> ->- CompatTelRunner.exe exited with last error code: 0x800703F1 ->- CompatTelRunner.exe exited with last error code: 0x80070005 ->- CompatTelRunner.exe exited with last error code: 0x80080005 +> [!NOTE] +> **Additional steps to follow if you receive exit code 33** +> +> Check the exit code for any of these messages: +> +> - CompatTelRunner.exe exited with last error code: 0x800703F1 +> - CompatTelRunner.exe exited with last error code: 0x80070005 +> - CompatTelRunner.exe exited with last error code: 0x80080005 >  -> ->If the exit code includes any of those messages, then run these commands from an elevated command prompt: -> ->1. Net stop diagtrack ->2. Net stop pcasvc ->3. Net stop dps ->4. Del %windir%\appcompat\programs\amcache.hve ->5. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v AmiHivePermissionsCorrect /f ->6. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v LogFlags /t REG_DWORD /d 4 /f ->7. Net start diagtrack ->8. Net start pcasvc ->9. Net start dps -> ->Then run the Enterprise Config script (RunConfig.bat) again.  -> ->If the script still fails, then send mail to **uasupport@microsoft.com** including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. +> +> If the exit code includes any of those messages, then run these commands from an elevated command prompt: +> +> 1. Net stop diagtrack +> 2. Net stop pcasvc +> 3. Net stop dps +> 4. Del %windir%\appcompat\programs\amcache.hve +> 5. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v AmiHivePermissionsCorrect /f +> 6. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v LogFlags /t REG_DWORD /d 4 /f +> 7. Net start diagtrack +> 8. Net start pcasvc +> 9. Net start dps +> +> Then run the Enterprise Config script (RunConfig.bat) again. +> +> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index a796d396d4..e5c2bfe712 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -1,13 +1,15 @@ --- title: Get started with Upgrade Readiness (Windows 10) +ms.reviewer: +manager: dansimp description: Explains how to get started with Upgrade Readiness. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.topic: article ms.collection: M365-analytics @@ -31,7 +33,7 @@ Before you begin, consider reviewing the following helpful information:
                                            When you are ready to begin using Upgrade Readiness, perform the following steps: 1. Review [data collection and privacy](#data-collection-and-privacy) information. -2. [Add the Upgrade Readiness solution to your Azure subsctiption](#add-the-upgrade-readiness-solution-to-your-Azure-subscription). +2. [Add the Upgrade Readiness solution to your Azure subsctiption](#add-the-upgrade-readiness-solution-to-your-azure-subscription). 3. [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics). 4. [Use Upgrade Readiness to manage Windows Upgrades](#use-upgrade-readiness-to-manage-windows-upgrades) once your devices are enrolled. @@ -45,7 +47,7 @@ Upgrade Readiness is offered as a *solution* which you link to a new or existing 1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal. - >[!NOTE] + >[!NOTE] > Upgrade Readiness is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness. 2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution. diff --git a/windows/deployment/upgrade/upgrade-readiness-identify-apps.md b/windows/deployment/upgrade/upgrade-readiness-identify-apps.md index 0d0bf625ef..9d236c0832 100644 --- a/windows/deployment/upgrade/upgrade-readiness-identify-apps.md +++ b/windows/deployment/upgrade/upgrade-readiness-identify-apps.md @@ -1,8 +1,11 @@ ---- +--- title: Upgrade Readiness - Identify important apps (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades. ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- diff --git a/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md index f84da4c3eb..a1ba5c430c 100644 --- a/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md +++ b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md @@ -1,11 +1,13 @@ --- title: Monitor deployment with Upgrade Readiness +ms.reviewer: +manager: dansimp description: Describes how to use Upgrade Readiness to monitor the deployment after Windows upgrades. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, ms.localizationpriority: medium ms.prod: w10 -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.topic: article ms.collection: M365-analytics --- @@ -46,4 +48,4 @@ We recommend that you encourage your end users to submit any feedback they have When viewing user feedback in Upgrade Readiness, you'll be able to see the raw "Title" and "Feedback" text from the user's submission in Feedback Hub, as well as the number of upvotes the submission has received. (Since feedback is publicly visible, the number of upvotes is a global value and not specific to your company.) If a Microsoft engineer has responded to the submission in Feedback Hub, we'll pull in the Microsoft response for you to see as well. ![Example user feedback item](../images/UR-example-feedback.png) - \ No newline at end of file + diff --git a/windows/deployment/upgrade/upgrade-readiness-release-notes.md b/windows/deployment/upgrade/upgrade-readiness-release-notes.md index 38b0510215..40445e1737 100644 --- a/windows/deployment/upgrade/upgrade-readiness-release-notes.md +++ b/windows/deployment/upgrade/upgrade-readiness-release-notes.md @@ -1,5 +1,9 @@ ---- +--- title: Upgrade Readiness release notes (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor +author: lomayor description: Provides tips and limitations about Upgrade Readiness. redirect_url: https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-requirements#important-information-about-this-release ---- \ No newline at end of file +--- diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 9d4f85609f..4dce07d5b1 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -1,10 +1,12 @@ --- title: Upgrade Readiness requirements (Windows 10) +ms.reviewer: +manager: dansimp description: Provides requirements for Upgrade Readiness. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, ms.prod: w10 -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.topic: article ms.collection: M365-analytics @@ -26,7 +28,7 @@ The compatibility update that sends diagnostic data from user computers to Micro If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center. -> [!NOTE] +> [!NOTE] > Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance. See [Windows 10 Specifications](https://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements. diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index d6d2f7af15..7a049836e4 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -1,10 +1,12 @@ ---- +--- title: Upgrade Readiness - Resolve application and driver issues (Windows 10) +ms.reviewer: +manager: dansimp description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, ms.prod: w10 -author: jaimeo -ms.author: jaimeo +author: lomayor +ms.author: lomayor ms.localizationpriority: medium ms.topic: article ms.collection: M365-analytics @@ -19,7 +21,7 @@ This section of the Upgrade Readiness workflow reports application and driver in The blades in the **Step 2: Resolve issues** section are: - [Review applications with known issues](#review-applications-with-known-issues) -- [Review known driver issues](#review-known-driver-issues) +- [Review known driver issues](#review-drivers-with-known-issues) - [Review low-risk apps and drivers](#review-low-risk-apps-and-drivers) - [Prioritize app and driver testing](#prioritize-app-and-driver-testing) @@ -27,12 +29,14 @@ The blades in the **Step 2: Resolve issues** section are: Upgrade decisions include: -| Upgrade decision | When to use it | Guidance | -|--------------------|-------------------|-------------| -| Not reviewed | All drivers are marked as Not reviewed by default.

                                            Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
                                            | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.

                                            | -| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.

                                            Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.

                                            | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
                                            | -| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.

                                            In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
                                            | -| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.

                                            Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
                                            | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.

                                            | + +| Upgrade decision | When to use it | Guidance | +|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Not reviewed | All drivers are marked as Not reviewed by default.

                                            Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
                                            | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.

                                            | +| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.

                                            Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.

                                            | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
                                            | +| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.

                                            In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
                                            | +| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.

                                            Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
                                            | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.

                                            | + As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/). ## Review applications with known issues @@ -92,20 +96,20 @@ If you query with RollupLevel="NamePublisher", each version of the application c ![Name publisher rollup](../images/upgrade-analytics-namepub-rollup.png) ->[!TIP] ->Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer. - ->To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing. Rolling up to the **Granular** level enables display of the **App** level. In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language. Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed. - ->Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app. In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions. +> [!TIP] +> Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer. +> +> To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing. Rolling up to the **Granular** level enables display of the **App** level. In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language. Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed. +> +> Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app. In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions. The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses) | Ready for Windows Status | Query rollup level | What this means | Guidance | |-------------------|--------------------------|-----------------|----------| |Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. | -| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | -| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. | +| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | +| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. | | Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A | | Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.| |Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.| @@ -145,11 +149,11 @@ Applications and drivers that are meet certain criteria to be considered low ris The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system. -The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in diagnostic data. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. +The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in diagnostic data. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. -Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**.  This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app. +Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**. This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app. -You can customize the criteria further by using the Log Search query language. For example, if a ReadyForWindows status of "Adopted" is not sufficient by itself for you to be confident in an app's compatibility, you can add additional filters. To do this, click the row labeled **Apps that are 'Adopted'**.  Then, modify the resulting query to fit your company's risk tolerance. If, for example, you prefer that an app must be "Adopted" and have fewer than 1,000 installations, then add *TotalInstalls < 1000* to the end of the Log Search query. Similarly, you can append additional criteria by using other attributes such as monthly active users or app importance. +You can customize the criteria further by using the Log Search query language. For example, if a ReadyForWindows status of "Adopted" is not sufficient by itself for you to be confident in an app's compatibility, you can add additional filters. To do this, click the row labeled **Apps that are 'Adopted'**. Then, modify the resulting query to fit your company's risk tolerance. If, for example, you prefer that an app must be "Adopted" and have fewer than 1,000 installations, then add *TotalInstalls < 1000* to the end of the Log Search query. Similarly, you can append additional criteria by using other attributes such as monthly active users or app importance. >[!NOTE] >Apps that you have designated as *Mission critical* or *Business critical* are automatically **excluded** from the counts on this blade. If an app is critical, you should always validate it manually it prior to upgrading. @@ -173,7 +177,7 @@ Each item in the proposed action plan represents either an application or a driv >Since “Low install count” apps are automatically marked “Ready to upgrade”, you will not see any of these apps in the proposed action plan. Each item in the plan has the following attributes: - + | Attribute | Description | Example value | |-----------------------|------------------------------------------|----------------| | ItemRank | The location of this item in the context of the proposed action plan. For example, the item with ItemRank 7 is the 7th item in the Plan. It is crucial that the Plan is viewed in order by increasing ItemRank. Sorting the Plan in any other way invalidates the insights that the Plan provides. | 7 | @@ -193,7 +197,7 @@ See the following example action plan items (click the image for a full-size vie ![Proposed action plan](../images/UR-lift-report.jpg)
                                            -In this example, the 3rd item is an application: **Microsoft Bing Sports**, a modern app, version **4.20.951.0**, published by Microsoft. By validating this app and making its UpgradeDecision “Ready to upgrade”, you can potentially make **1014** computers “Ready to upgrade” – but only after you have already validated items 1 and 2 in the list. By marking items 1, 2, and 3 “Ready to upgrade”, 14779 of your computers will become upgrade-ready. This represents 10.96% of the machines in this workspace. +In this example, the 3rd item is an application: Microsoft Bing Sports, a modern app, version 4.20.951.0, published by Microsoft. By validating this app and making its UpgradeDecision “Ready to upgrade”, you can potentially make 1014 computers “Ready to upgrade” – but only after you have already validated items 1 and 2 in the list. By marking items 1, 2, and 3 “Ready to upgrade”, 14779 of your computers will become upgrade-ready. This represents 10.96% of the machines in this workspace. #### Using the proposed action plan @@ -209,4 +213,4 @@ There are several valid use cases for the proposed action plan. But it’s alwa The most common misconceptions about the proposed action plan involve the assumption that each item in the plan is independent of those around it. The apps and drivers in the plan must be considered in the correct order to draw valid conclusions. For example, if you choose to validate items 1, 3, 4, and 5 and mark each of them “Ready to upgrade,” the proposed action plan cannot tell you how many computers will become upgrade-ready as a result of your testing. Even the non-cumulative “ComputersUnblocked” count is dependent upon all prior issues having already been resolved. -If an item with ItemRank = 7 has a ComputersUnblocked value of 50, do not assume that 50 of your computers will become upgrade-ready if you test this item. However, if you validate items 1 through 6 in the plan, you can make an additional 50 computers upgrade-ready by validating the 7th item in the plan. \ No newline at end of file +If an item with ItemRank = 7 has a ComputersUnblocked value of 50, do not assume that 50 of your computers will become upgrade-ready if you test this item. However, if you validate items 1 through 6 in the plan, you can make an additional 50 computers upgrade-ready by validating the 7th item in the plan. diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md index 24abb86fb6..865b2f92fa 100644 --- a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -1,8 +1,11 @@ --- title: Upgrade Readiness - Targeting a new operating system version +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Explains how to run Upgrade Readiness again to target a different operating system version or bulk-approve all apps from a given vendor ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- diff --git a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md index fb74ebaab1..099a473f14 100644 --- a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md +++ b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md @@ -1,8 +1,11 @@ ---- +--- title: Upgrade Readiness - Upgrade Overview (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Displays the total count of computers sharing data and upgraded. ms.prod: w10 -author: jaimeo +author: lomayor ms.topic: article ms.collection: M365-analytics --- diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index d9763887fe..e52a6199cf 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -2,12 +2,14 @@ title: Perform an in-place upgrade to Windows 10 using Configuration Manager (Windows 10) description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process. ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 +ms.reviewer: +manager: dansimp +ms.author: lomayor keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.localizationpriority: medium ms.mktglfcycl: deploy -author: mtniehaus -ms.date: 07/27/2017 +author: lomayor ms.topic: article --- @@ -116,7 +118,7 @@ With System Center Configuration Manager Current Branch, new built-in functional **Note**   For more details about Configuration Manager Current Branch, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released. -  + ### Create the OS upgrade package @@ -204,9 +206,9 @@ After the task sequence completes, the computer will be fully upgraded to Window [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620109) -  + -  + diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index 7986e2b587..4628fe593e 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -2,14 +2,16 @@ title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10) description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460 +ms.reviewer: +manager: dansimp +ms.author: lomayor keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt -author: mtniehaus -ms.date: 07/27/2017 +author: lomayor ms.topic: article --- @@ -36,13 +38,13 @@ MDT adds support for Windows 10 deployment, including a new in-place upgrade ta The steps to create the deployment share for production are the same as when you created the deployment share to create the custom reference image: -1. On MDT01, log on as Administrator in the CONTOSO domain with a password of **P@ssw0rd**. -2. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. -3. On the **Path** page, in the **Deployment share path** text box, type **E:\\MDTProduction**, and then click **Next**. -4. On the **Share** page, in the **Share name** text box, type **MDTProduction$**, and then click **Next**. -5. On the **Descriptive Name** page, in the **Deployment share** description text box, type **MDT Production**, and then click **Next**. -6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**. -7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share. +1. On MDT01, log on as Administrator in the CONTOSO domain with a password of P@ssw0rd. +2. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. +3. On the **Path** page, in the **Deployment share path** text box, type **E:\\MDTProduction**, and then click **Next**. +4. On the **Share** page, in the **Share name** text box, type **MDTProduction$**, and then click **Next**. +5. On the **Descriptive Name** page, in the **Deployment share** description text box, type **MDT Production**, and then click **Next**. +6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**. +7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share. ## Add Windows 10 Enterprise x64 (full source) @@ -82,16 +84,16 @@ Figure 3. The task sequence to upgrade to Windows 10. To initiate the in-place upgrade, perform the following steps on PC0003 (currently running Windows 7 SP1). -1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs** -2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**. +1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs** +2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**. - ![figure 4](../images/upgrademdt-fig4-selecttask.png) + ![figure 4](../images/upgrademdt-fig4-selecttask.png) - Figure 4. Upgrade task sequence. + Figure 4. Upgrade task sequence. -3. On the **Credentials** tab, specify the **MDT\_BA** account, **P@ssw0rd** password, and **CONTOSO** for the domain. (Some or all of these values can be specified in Bootstrap.ini so they are automatically populated.) -4. On the **Ready** tab, click **Begin** to start the task sequence. -When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers. +3. On the **Credentials** tab, specify the **MDT\_BA** account, P@ssw0rd password, and **CONTOSO** for the domain. (Some or all of these values can be specified in Bootstrap.ini so they are automatically populated.) +4. On the **Ready** tab, click **Begin** to start the task sequence. + When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers. ![figure 5](../images/upgrademdt-fig5-winupgrade.png) @@ -104,4 +106,4 @@ After the task sequence completes, the computer will be fully upgraded to Window [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md) [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117) -  + diff --git a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md index ed314a0bb8..6758f63dd2 100644 --- a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md +++ b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md @@ -1,5 +1,8 @@ --- title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. keywords: upgrade, update, windows, phone, windows 10, mdm, mobile ms.prod: w10 @@ -7,7 +10,7 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdm -author: greg-lindsay +author: lomayor ms.topic: article --- diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index e3ad02a8ae..4dd2b034b1 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -1,12 +1,13 @@ ---- +--- title: Use Upgrade Readiness to manage Windows upgrades (Windows 10) +ms.reviewer: +manager: dansimp description: Describes how to use Upgrade Readiness to manage Windows upgrades. keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, ms.localizationpriority: medium ms.prod: w10 -author: jaimeo -ms.author: jaimeo -ms.date: 07/31/2018 +author: lomayor +ms.author: lomayor ms.topic: article --- diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 7183dcd91c..e727489a71 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -2,12 +2,15 @@ title: Windows 10 edition upgrade (Windows 10) description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mobile -author: greg-lindsay +author: lomayor ms.topic: article --- @@ -234,9 +237,9 @@ You can move directly from Enterprise to any valid destination edition. In this ->**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. - ->**Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above. +> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. +> +> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above. Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro. diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 6c780da774..437295f796 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -1,12 +1,15 @@ --- title: Windows 10 upgrade paths (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: lomayor description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.pagetype: mobile -author: greg-lindsay +author: lomayor ms.topic: article --- @@ -20,15 +23,15 @@ ms.topic: article This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). ->**Windows 10 version upgrade**: You can directly upgrade a supported version of Windows 10 to a newer version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. - ->**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. - ->In-place upgrade from Windows 7, Windows 8.1, or Windows 10 semi-annual channel to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). - ->**Windows N/KN**: Windows "N" and "KN" SKUs follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. - ->**Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355). +> **Windows 10 version upgrade**: You can directly upgrade a supported version of Windows 10 to a newer version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. +> +> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. +> +> In-place upgrade from Windows 7, Windows 8.1, or Windows 10 semi-annual channel to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). +> +> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. +> +> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355). ✔ = Full upgrade is supported including personal data, settings, and applications.
                                            D = Edition downgrade; personal data is maintained, applications and settings are removed. diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 1b021674ca..b76cbcc4c0 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -1,32 +1,37 @@ --- title: Windows error reporting - Windows IT Pro +ms.reviewer: +manager: dansimp +ms.author: lomayor description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay -ms.date: 03/30/2018 +author: lomayor ms.localizationpriority: medium ms.topic: article --- -# Windows error reporting +# Windows Error Reporting **Applies to** - Windows 10 >[!NOTE] ->This is a 300 level topic (moderately advanced).
                                            ->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. +> This is a 300 level topic (moderately advanced). +> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. You can use Event Viewer to review this event, or you can use Windows PowerShell. To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt: -``` +>[!IMPORTANT] +>}The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable. + +```Powershell $events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"} $event = [xml]$events[0].ToXml() $event.Event.EventData.Data @@ -40,19 +45,20 @@ To use Event Viewer: Note: For legacy operating systems, the Event Name was WinSetupDiag01. Ten parameters are listed in the event: -
                                            - - - - - - - - - - - -
                                            P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)
                                            P2: Setup Mode (x=default,1=Downlevel,5=Rollback)
                                            P3: New OS Architecture (x=default,0=X86,9=AMD64)
                                            P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)
                                            P5: Result Error Code (Ex: 0xc1900101)
                                            P6: Extend Error Code (Ex: 0x20017)
                                            P7: Source OS build (Ex: 9600)
                                            P8: Source OS branch (not typically available)
                                            P9: New OS build (Ex: 16299}
                                            P10: New OS branch (Ex: rs3_release}
                                            + +| Parameters | +| ------------- | +|P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) | +|P2: Setup Mode (x=default,1=Downlevel,5=Rollback) | +|P3: New OS Architecture (x=default,0=X86,9=AMD64) | +|P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) | +|**P5: Result Error Code** (Ex: 0xc1900101) | +|**P6: Extend Error Code** (Ex: 0x20017) | +|P7: Source OS build (Ex: 9600) | +|P8: Source OS branch (not typically available) | +|P9: New OS build (Ex: 16299} | +|P10: New OS branch (Ex: rs3_release} | + The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below. @@ -60,8 +66,8 @@ The event will also contain links to log files that can be used to perform a det ## Related topics -[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) -
                                            [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
                                            [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) -
                                            [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
                                            [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) +[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index d5eff8daa4..5e98406385 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -2,11 +2,13 @@ title: Windows Upgrade and Migration Considerations (Windows 10) description: Windows Upgrade and Migration Considerations ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay -ms.date: 11/17/2017 +author: lomayor ms.topic: article --- @@ -28,6 +30,9 @@ Windows Easy Transfer is a software wizard for transferring files and settings With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you cannot use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store. +> [!NOTE] +> Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10). + ### Migrate with the User State Migration Tool You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they are migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded. diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 060c4485ec..4091d13b4e 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -2,10 +2,13 @@ title: Getting Started with the User State Migration Tool (USMT) (Windows 10) description: Getting Started with the User State Migration Tool (USMT) ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -81,4 +84,4 @@ This topic outlines the general process that you should follow to migrate files **Note**   Run the **LoadState** command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) will not take effect until the next time that the user logs on. \ No newline at end of file +5. Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) will not take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index f80bc67ba2..6cdbb764fc 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -2,10 +2,13 @@ title: Migrate Application Settings (Windows 10) description: Migrate Application Settings ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -74,7 +77,7 @@ Next, you should go through the user interface and make a list of all of the ava **Note**   Most applications store their settings under the user profile. That is, the settings stored in the file system are under the %**UserProfile**% directory, and the settings stored in the registry are under the **HKEY\_CURRENT\_USER** hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. -   + 4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you are changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically will not take effect until you close the dialog box by clicking **OK**. @@ -83,7 +86,7 @@ Next, you should go through the user interface and make a list of all of the ava **Note**   Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. -   + ## Step 3: Identify how to apply the gathered settings. @@ -116,12 +119,12 @@ After you have completed steps 1 through 3, you will need to create a custom mig **Note**   We recommend that you create a separate .xml file instead of adding your script to the **MigApp.xml** file. This is because the **MigApp.xml** file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the **MigApp.xml** file will be overwritten by the default version of the file and you will lose your customized version. -  + **Important**   Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. -  + Your script should do the following: @@ -159,9 +162,9 @@ To speed up the time it takes to collect and migrate the data, you can migrate o [Log Files](usmt-log-files.md) -  + -  + diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index d019dc53f2..c0a4e086b3 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -2,10 +2,13 @@ title: Migration Store Types Overview (Windows 10) description: Migration Store Types Overview ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -57,7 +60,7 @@ If there is not enough local disk space, or if you are moving the user state to **Important**   If possible, have users store their data within their %UserProfile%\\My Documents and %UserProfile%\\Application Data folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. -  + ### The /localonly Command-Line Option @@ -68,9 +71,9 @@ You should use this option to exclude the data from removable drives and network [Plan Your Migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 93bdc1523e..8ae2bd96b0 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -2,10 +2,13 @@ title: Offline Migration Reference (Windows 10) description: Offline Migration Reference ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -89,12 +92,12 @@ The following table defines the supported combination of online and offline oper -  + **Note**   It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](https://go.microsoft.com/fwlink/p/?LinkId=190314). -  + ## User-Group Membership and Profile Control @@ -156,7 +159,7 @@ An offline migration can either be enabled by using a configuration file on the -  + You can use only one of the **/offline**,**/offlineWinDir** , or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. @@ -194,7 +197,7 @@ The following system environment variables are necessary in the scenarios outlin -  + ## Offline.xml Elements @@ -255,9 +258,9 @@ The following XML example illustrates some of the elements discussed earlier in [Plan Your Migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 0f29913dee..69edbd4515 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -2,10 +2,13 @@ title: Understanding Migration XML Files (Windows 10) description: Understanding Migration XML Files ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -52,7 +55,7 @@ The Config.xml file is the configuration file created by the `/genconfig` option **Note**   When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. -  + ## Overview of the MigApp.xml file @@ -62,7 +65,7 @@ The MigApp.xml file installed with USMT includes instructions to migrate the set **Important**   The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. See the [Sample migration rules for customized versions of XML files](#bkmk-samples) section of this document for more information about migrating .pst files that are not linked to Outlook. -  + ## Overview of the MigDocs.xml file @@ -179,7 +182,7 @@ You can make a copy of the MigUser.xml file and modify it to include or exclude **Note**   Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than three hundred file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. -  + ## Using multiple XML files @@ -201,7 +204,7 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t

                                            Config.xml file

                                            Operating-system components such as desktop wallpaper and background theme.

                                            -

                                            You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).

                                            +

                                            You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see Customize USMT XML Files and Config.xml File.

                                            MigApps.xml file

                                            @@ -218,7 +221,7 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t -  + For example, you can use all of the XML migration file types for a single migration, as in the following example: @@ -231,7 +234,7 @@ Scanstate /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml / **Important**   You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. -  + If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions. @@ -245,7 +248,7 @@ You can use the **/genmigxml** command-line option to determine which files will **Note**   If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. -  + To generate the XML migration rules file for a source computer: @@ -289,7 +292,7 @@ The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes thr

                                            ScanProgramFiles

                                            The ScanProgramFiles argument is valid only when the GenerateDocPatterns function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.

                                            For example, when set to TRUE, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The GenerateDocPatterns function generates this inclusion pattern for .doc files:

                                            -
                                            <pattern type="File">C:\Program Files\Microsoft Office\*[*.doc]</pattern>
                                            +
                                            <pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>

                                            If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.

                                            False

                                            @@ -306,7 +309,7 @@ The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes thr -  + **Usage:** @@ -318,9 +321,9 @@ To create include data patterns for only the system drive: ``` syntax -      -         -      + + + ``` @@ -328,9 +331,9 @@ To create an include rule to gather files for registered extensions from the %PR ``` syntax -      -         -      + + + ``` @@ -338,9 +341,9 @@ To create exclude data patterns: ``` syntax -      -         -      + + + ``` @@ -399,14 +402,14 @@ The user context includes rules for data in the User Profiles directory. When ca **Note**   Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. -  + ### Sample migration rules for customized versions of XML files **Note**   For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). -  + ### Exclude rules usage examples @@ -420,16 +423,16 @@ In the examples below, the source computer has a .txt file called "new text docu

                                            Rule 1

                                            -
                                            <pattern type="File">d:\new folder\[new text document.txt]</pattern>
                                            +
                                            <pattern type="File">d:\new folder[new text document.txt]</pattern>

                                            Rule 2

                                            -
                                            <pattern type="File">d:\new folder\*[*]</pattern>
                                            +
                                            <pattern type="File">d:\new folder[]</pattern>
                                            -  + To exclude the new text document.txt file as well as any .txt files in “new folder”, you can do the following: @@ -439,10 +442,10 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f ``` syntax -      -        D:\Newfolder\[new text document.txt] -         D:\New folder\*[*.txt] -      + + D:\Newfolder\[new text document.txt] + D:\New folder\*[*.txt] + ``` @@ -452,9 +455,9 @@ If you do not know the file name or location of the file, but you do know the fi ``` syntax -      -         -      + + + ``` @@ -464,16 +467,16 @@ If you want the <UnconditionalExclude> element to apply to both the system ``` syntax -   MigDocExcludes -    -      -        -          -                 -          -        -      -    + MigDocExcludes + + + + + + + + + ``` @@ -489,9 +492,9 @@ This rule will include .pst files that are located in the default location, but ``` syntax -      -        %CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst] -      + + %CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst] + ``` @@ -501,9 +504,9 @@ For locations outside the user profile, such as the Program Files folder, you ca ``` syntax -      -        %CSIDL_PROGRAM_FILES%\*[*.pst] -      + + %CSIDL_PROGRAM_FILES%\*[*.pst] + ``` @@ -512,7 +515,7 @@ For more examples of include rules that you can use in custom migration XML file **Note**   For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). -  + ## Next steps @@ -528,9 +531,9 @@ You can use an XML schema (MigXML.xsd) file to validate the syntax of your custo [Include Files and Settings](usmt-include-files-and-settings.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 5d26845936..71c900fa77 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -2,10 +2,13 @@ title: USMT Best Practices (Windows 10) description: USMT Best Practices ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -62,7 +65,7 @@ As the authorized administrator, it is your responsibility to protect the privac **Important**   If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. -   + - **Encrypt the store** @@ -121,7 +124,7 @@ As the authorized administrator, it is your responsibility to protect the privac **Note**   The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. -   + - **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** @@ -136,7 +139,7 @@ As the authorized administrator, it is your responsibility to protect the privac **Note**   The question mark is not valid as a wildcard character in USMT .xml files. -   + ## Related topics @@ -145,9 +148,9 @@ As the authorized administrator, it is your responsibility to protect the privac [Plan Your Migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index fd3170f994..30f49c1574 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -2,10 +2,13 @@ title: Choose a Migration Store Type (Windows 10) description: Choose a Migration Store Type ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -25,25 +28,25 @@ One of the main considerations for planning your migration is to determine which -

                                            [Migration Store Types Overview](migration-store-types-overview.md)

                                            +

                                            Migration Store Types Overview

                                            Choose the migration store type that works best for your needs and migration scenario.

                                            -

                                            [Estimate Migration Store Size](usmt-estimate-migration-store-size.md)

                                            -

                                            Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.

                                            +

                                            Estimate Migration Store Size

                                            +

                                            Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.

                                            -

                                            [Hard-Link Migration Store](usmt-hard-link-migration-store.md)

                                            +

                                            Hard-Link Migration Store

                                            Learn about hard-link migration stores and the scenarios in which they are used.

                                            -

                                            [Migration Store Encryption](usmt-migration-store-encryption.md)

                                            +

                                            Migration Store Encryption

                                            Learn about the using migration store encryption to protect user data integrity during a migration.

                                            -  + ## Related topics @@ -52,9 +55,9 @@ One of the main considerations for planning your migration is to determine which [User State Migration Tool (USMT) How-to topics](usmt-how-to.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 9d5968c09d..c4e0977727 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -2,10 +2,13 @@ title: User State Migration Tool (USMT) Command-line Syntax (Windows 10) description: User State Migration Tool (USMT) Command-line Syntax ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -25,25 +28,25 @@ The User State Migration Tool (USMT) 10.0 migrates user files and settings duri -

                                            [ScanState Syntax](usmt-scanstate-syntax.md)

                                            +

                                            ScanState Syntax

                                            Lists the command-line options for using the ScanState tool.

                                            -

                                            [LoadState Syntax](usmt-loadstate-syntax.md)

                                            +

                                            LoadState Syntax

                                            Lists the command-line options for using the LoadState tool.

                                            -

                                            [UsmtUtils Syntax](usmt-utilities.md)

                                            +

                                            UsmtUtils Syntax

                                            Lists the command-line options for using the UsmtUtils tool.

                                            -  + -  + -  + diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 753055a44c..6944af7cea 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -2,11 +2,14 @@ title: Common Issues (Windows 10) description: Common Issues ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.date: 09/19/2017 -author: greg-lindsay +author: lomayor ms.topic: article --- @@ -37,31 +40,31 @@ The following sections discuss common issues that you might see when you run the When you encounter a problem or error message during migration, you can use the following general guidelines to help determine the source of the problem: -- Examine the ScanState, LoadState, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. +- Examine the ScanState, LoadState, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. - In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v***:5* option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. + In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. - **Note**   - Running the ScanState and LoadState tools with the **/v***:5* option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. + **Note** + Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. -   + -- Use the **/Verify** option in the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). +- Use the **/Verify** option in the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). -- Use the **/Extract** option in the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). +- Use the **/Extract** option in the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). -- Create a progress log using the **/Progress** option to monitor your migration. +- Create a progress log using the **/Progress** option to monitor your migration. -- For the source and destination computers, obtain operating system information, and versions of applications such as Internet Explorer and any other relevant programs. Then verify the exact steps that are needed to reproduce the problem. This information might help you to understand what is wrong and to reproduce the issue in your testing environment. +- For the source and destination computers, obtain operating system information, and versions of applications such as Internet Explorer and any other relevant programs. Then verify the exact steps that are needed to reproduce the problem. This information might help you to understand what is wrong and to reproduce the issue in your testing environment. -- Log off after you run the LoadState tool. Some settings—for example, fonts, desktop backgrounds, and screen-saver settings—will not take effect until the next time the end user logs on. +- Log off after you run the LoadState tool. Some settings—for example, fonts, desktop backgrounds, and screen-saver settings—will not take effect until the next time the end user logs on. -- Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. +- Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. - **Note**   - USMT will fail if it cannot migrate a file or setting unless you specify the **/c** option. When you specify the **/c** option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that did not migrate. + **Note** + USMT will fail if it cannot migrate a file or setting unless you specify the **/c** option. When you specify the **/c** option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that did not migrate. -   + ## User Account Problems @@ -327,9 +330,9 @@ You should also reboot the machine. [UsmtUtils Syntax](usmt-utilities.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 9610ddc0ca..4442b789c5 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -2,10 +2,13 @@ title: Common Migration Scenarios (Windows 10) description: Common Migration Scenarios ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 7a81795919..bde6f9635e 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -2,10 +2,13 @@ title: Config.xml File (Windows 10) description: Config.xml File ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -27,7 +30,7 @@ For more information about using the Config.xml file with other migration files, **Note**   To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. -  + ## In This Topic @@ -107,7 +110,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority **Important**   The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. -  + ### <fatal> @@ -143,7 +146,7 @@ Syntax: ``*<pattern>*`` -  + You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. @@ -197,14 +200,14 @@ Syntax: ``*<pattern>*`` -  + You use the **<nonFatal>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. ## <registryError> -The **<registryError>**element is not required. +The <registryError>element is not required. - **Number of occurrences**: Once for each component @@ -236,7 +239,7 @@ Syntax: `` -  + You use the **<registryError>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. @@ -260,7 +263,7 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links **Important**   The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file’s location. -  + ``` syntax @@ -355,7 +358,7 @@ This element describes the source and destination groups for a local group membe -  + The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. @@ -576,9 +579,9 @@ Refer to the following sample Config.xml file for additional details about items [USMT XML Reference](usmt-xml-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 835c365684..ed6b77296b 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -2,10 +2,13 @@ title: Conflicts and Precedence (Windows 10) description: Conflicts and Precedence ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -171,40 +174,40 @@ These examples explain how USMT deals with <include> and <exclude> r
                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\* [*]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\* [*.txt]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1* []</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:* [.txt]</pattern>

                                            Migrates all files and subfolders in Dir1 (including all .txt files in C:).

                                            The <exclude> rule does not affect the migration because the <include> rule is more specific.

                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\* [*]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2\* [*.txt]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1* []</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

                                            Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders.

                                            Both rules are processed as intended.

                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\* [*]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\Dir1\ * [*.txt]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1* []</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>

                                            Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders.

                                            Both rules are processed as intended.

                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\Dir2\* [*.txt]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2\* [*.txt]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

                                            Nothing will be migrated.

                                            The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

                                              -

                                            • Include rule: C:\Dir1\* [*.txt]

                                              • -

                                            • Exclude rule: C:\Dir1\Dir2\* [*]

                                              • +

                                            • Include rule: C:\Dir1* [.txt]

                                              • +

                                            • Exclude rule: C:\Dir1\Dir2* []

                                            Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.

                                            No files are migrated from Dir2 or its subfolders.

                                            @@ -212,8 +215,8 @@ These examples explain how USMT deals with <include> and <exclude> r
                                              -

                                            • Include rule: C:\Dir1\Dir2\* [*]

                                              • -

                                            • Exclude rule: C:\Dir1\* [*.txt]

                                              • +

                                            • Include rule: C:\Dir1\Dir2* []

                                              • +

                                            • Exclude rule: C:\Dir1* [.txt]

                                            Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2).

                                            Both rules are processed as intended.

                                            @@ -221,7 +224,7 @@ These examples explain how USMT deals with <include> and <exclude> r -  + @@ -240,13 +243,13 @@ These examples explain how USMT deals with <include> and <exclude> r @@ -254,11 +257,11 @@ These examples explain how USMT deals with <include> and <exclude> r @@ -266,11 +269,11 @@ These examples explain how USMT deals with <include> and <exclude> r @@ -278,7 +281,7 @@ These examples explain how USMT deals with <include> and <exclude> r

                                            Component 1:

                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\* [*]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2\* [*.txt]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1* []</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

                                            Component 2:

                                              -

                                            • Include rule: <pattern type="File">C:\Dir1\Dir2\* [*.txt]</pattern>

                                              • -

                                            • Exclude rule: <pattern type="File">C:\Dir1\* [*]</pattern>

                                              • +

                                            • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

                                              • +

                                            • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>

                                            Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2).

                                            Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed.

                                            Component 1:

                                              -

                                            • Include rule: C:\Dir1\Dir2\* [*]

                                              • +

                                            • Include rule: C:\Dir1\Dir2* []

                                            Component 2:

                                              -

                                            • Exclude rule: C:\Dir1\* [*.txt]

                                              • +

                                            • Exclude rule: C:\Dir1* [.txt]

                                            Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders.

                                            Both rules are processed as intended.

                                            Component 1:

                                              -

                                            • Exclude rule: C:\Dir1\Dir2\* [*]

                                              • +

                                            • Exclude rule: C:\Dir1\Dir2* []

                                            Component 2:

                                              -

                                            • Include rule: C:\Dir1\* [*.txt]

                                              • +

                                            • Include rule: C:\Dir1* [.txt]

                                            Migrates all .txt files in Dir1 and any subfolders.

                                            Component 1 does not contain an <include> rule, so the <exclude> rule is not processed.
                                            -  + ### Including and excluding registry objects @@ -298,7 +301,7 @@ These examples explain how USMT deals with <include> and <exclude> r
                                              -

                                            • Include rule: HKLM\Software\Microsoft\Command Processor\* [*]

                                              • +

                                            • Include rule: HKLM\Software\Microsoft\Command Processor* []

                                            • Exclude Rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

                                            Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor.

                                            @@ -307,7 +310,7 @@ These examples explain how USMT deals with <include> and <exclude> r

                                            • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

                                              • -

                                            • Exclude Rule: HKLM\Software\Microsoft\Command Processor\* [*]

                                              • +

                                            • Exclude Rule: HKLM\Software\Microsoft\Command Processor* []

                                            Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor.

                                            DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule.

                                            @@ -323,7 +326,7 @@ These examples explain how USMT deals with <include> and <exclude> r -  + @@ -343,11 +346,11 @@ These examples explain how USMT deals with <include> and <exclude> r @@ -356,7 +359,7 @@ These examples explain how USMT deals with <include> and <exclude> r

                                            Component 1:

                                            • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

                                              • -

                                            • Exclude rule: HKLM\Software\Microsoft\Command Processor\* [*]

                                              • +

                                            • Exclude rule: HKLM\Software\Microsoft\Command Processor* []

                                            Component 2:

                                              -

                                            • Include rule: HKLM\Software\Microsoft\Command Processor\* [*]

                                              • +

                                            • Include rule: HKLM\Software\Microsoft\Command Processor* []

                                            • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

                                            Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor.
                                            -  + ## File collisions @@ -412,7 +415,7 @@ For this example, the following table describes the resulting behavior if you ad 
                                            <merge script="MigXmlHelper.DestinationPriority()"> 
    <objectSet> 
-      <pattern type="File">c:\data\* [*]</pattern> 
+      <pattern type="File">c:\data* []</pattern> 
    </objectSet> 
 </merge>

                                            During ScanState, all the files will be added to the store.

                                            @@ -421,7 +424,7 @@ For this example, the following table describes the resulting behavior if you ad 
                                            <merge script="MigXmlHelper.SourcePriority()"> 
    <objectSet> 
-      <pattern type="File">c:\data\* [*]</pattern> 
+      <pattern type="File">c:\data* []</pattern> 
    </objectSet> 
 </merge>

                                            During ScanState, all the files will be added to the store.

                                            @@ -444,16 +447,16 @@ For this example, the following table describes the resulting behavior if you ad -  + ## Related topics [USMT XML Reference](usmt-xml-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 7aa6d0c5d4..c937f9a6ab 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -2,10 +2,13 @@ title: Custom XML Examples (Windows 10) description: Custom XML Examples ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -16,7 +19,7 @@ ms.topic: article **Note**   Because the tables in this topic are wide, you may need to adjust the width of its window. -  + ## In This Topic: @@ -124,13 +127,13 @@ The following is a custom .xml file named CustomFile.xml that migrates My Videos

                                            Filters out the shortcuts in My Videos that do not resolve on the destination computer. This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.

                                            -
                                            <pattern type="File">%CSIDL_MYVIDEO%\* [*]</pattern>
                                            +
                                            <pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>

                                            Migrates My Videos for all users.

                                            -  + ``` syntax @@ -173,25 +176,25 @@ This table describes the behavior in the following example .xml file. -
                                            <pattern type="File">%ProgramFiles%\USMTTestFolder\* [USMTTestFile.txt]</pattern>
                                            +
                                            <pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>

                                            Migrates all instances of the file Usmttestfile.txt from all sub-directories under %ProgramFiles%\USMTTestFolder.

                                            -
                                            <pattern type="File">%ProgramFiles%\USMTDIRTestFolder\* [*]</pattern>
                                            +
                                            <pattern type="File">%ProgramFiles%\USMTDIRTestFolder* []</pattern>

                                            Migrates the whole directory under %ProgramFiles%\USMTDIRTestFolder.

                                            -
                                            <pattern type="Registry">HKCU\Software\USMTTESTKEY\* [MyKey]</pattern>
                                            +
                                            <pattern type="Registry">HKCU\Software\USMTTESTKEY* [MyKey]</pattern>

                                            Migrates all instances of MyKey under HKCU\Software\USMTTESTKEY.

                                            -
                                            <pattern type="Registry">HKLM\Software\USMTTESTKEY\* [*]</pattern>
                                            +
                                            <pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>

                                            Migrates the entire registry hive under HKLM\Software\USMTTESTKEY.

                                            -  + ``` syntax @@ -305,9 +308,9 @@ The behavior for this custom .xml file is described within the <`displayName` [Customize USMT XML Files](usmt-customize-xml-files.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index a07abab50d..113321c67a 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -2,10 +2,13 @@ title: Customize USMT XML Files (Windows 10) description: Customize USMT XML Files ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -53,7 +56,7 @@ This section describes the migration .xml files that are included with USMT. Eac **Note**   You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character. -  + - **The MigApp.xml file.** Specify this file with both the **ScanState** and **LoadState** commands to migrate application settings. @@ -64,7 +67,7 @@ You can use the asterisk (\*) wildcard character in each of these files. However **Note**   Do not use the MigUser.xml and MigDocs.xml files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) topics. -   + ## Custom .xml Files @@ -93,7 +96,7 @@ In addition, note the following functionality with the Config.xml file: **Note**   To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. -  + ### Examples @@ -125,9 +128,9 @@ To exclude a component from the Config.xml file, set the **migrate** value to ** [USMT Resources](usmt-resources.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 224a7d5a1b..5d036e690f 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -2,10 +2,13 @@ title: Determine What to Migrate (Windows 10) description: Determine What to Migrate ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -29,34 +32,34 @@ To reduce complexity and increase standardization, your organization should cons -

                                            [Identify Users](usmt-identify-users.md)

                                            +

                                            Identify Users

                                            Use command-line options to specify which users to migrate and how they should be migrated.

                                            -

                                            [Identify Applications Settings](usmt-identify-application-settings.md)

                                            +

                                            Identify Applications Settings

                                            Determine which applications you want to migrate and prepare a list of application settings to be migrated.

                                            -

                                            [Identify Operating System Settings](usmt-identify-operating-system-settings.md)

                                            +

                                            Identify Operating System Settings

                                            Use migration to create a new standard environment on each of the destination computers.

                                            -

                                            [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)

                                            +

                                            Identify File Types, Files, and Folders

                                            Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.

                                            -  + ## Related topics [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 670edce731..48949d7a00 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -2,10 +2,13 @@ title: Estimate Migration Store Size (Windows 10) description: Estimate Migration Store Size ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093 +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -83,7 +86,7 @@ The ScanState tool also allows you to estimate disk space requirements based on **Note**   To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *<path to a file>* is still available in USMT. -  + The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***<path to a file>*. @@ -111,7 +114,7 @@ The amount of space that is required in the store will vary, depending on the lo **Note**   You can create a space-estimate file (Usmtsize.txt), by using the legacy **/p** command-line option to estimate the size of the store. -  + When trying to determine how much disk space you will need, consider the following issues: @@ -126,9 +129,9 @@ When trying to determine how much disk space you will need, consider the followi [Common Migration Scenarios](usmt-common-migration-scenarios.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 3e8388b8b8..0cdacd74e9 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -2,10 +2,13 @@ title: Exclude Files and Settings (Windows 10) description: Exclude Files and Settings ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b +ms.reviewer: +manager: dansimp +ms.author: lomayor ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: lomayor ms.date: 04/19/2017 ms.topic: article --- @@ -266,9 +269,9 @@ To exclude a component from the Config.xml file, set the **migrate** value to ** - [Customize USMT XML Files](usmt-customize-xml-files.md) - [USMT XML Reference](usmt-xml-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 90f1903e5d..1eb40410a6 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -2,6 +2,9 @@ title: Extract Files from a Compressed USMT Migration Store (Windows 10) description: Extract Files from a Compressed USMT Migration Store ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-faq.md b/windows/deployment/usmt/usmt-faq.md index 70d6e1b2f5..21a5b714f0 100644 --- a/windows/deployment/usmt/usmt-faq.md +++ b/windows/deployment/usmt/usmt-faq.md @@ -2,6 +2,9 @@ title: Frequently Asked Questions (Windows 10) description: Frequently Asked Questions ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index ea9b591221..6b9330d5ec 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -2,6 +2,9 @@ title: General Conventions (Windows 10) description: General Conventions ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -58,44 +61,44 @@ Before you modify the .xml files, become familiar with the following guidelines: You can use the XML helper functions in the [XML Elements Library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following: -- **All of the parameters are strings** +- **All of the parameters are strings** -- **You can leave NULL parameters blank** +- **You can leave NULL parameters blank** - As with parameters with a default value convention, if you have a NULL parameter at the end of a list, you can leave it out. For example, the following function: + As with parameters with a default value convention, if you have a NULL parameter at the end of a list, you can leave it out. For example, the following function: - ``` syntax - SomeFunction("My String argument",NULL,NULL) - ``` + ``` syntax + SomeFunction("My String argument",NULL,NULL) + ``` - is equivalent to: + is equivalent to: - ``` syntax - SomeFunction("My String argument") - ``` + ``` syntax + SomeFunction("My String argument") + ``` -- **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object** +- **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object** - It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. + It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. - For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters. + For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters. - The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**. + The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**. -- **You specify a location pattern in a way that is similar to how you specify an actual location** +- **You specify a location pattern in a way that is similar to how you specify an actual location** - The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. + The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. - For example, the pattern **c:\\Windows\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**. + For example, the pattern **c:\\Windows\\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**. ## Related topics [USMT XML Reference](usmt-xml-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 2de6572380..100e1e1f04 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -2,6 +2,9 @@ title: Hard-Link Migration Store (Windows 10) description: Hard-Link Migration Store ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -67,7 +70,7 @@ When you create a hard link, you give an existing file an additional path. For i **Note**   A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. -  + For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934) @@ -78,7 +81,7 @@ As a best practice, we recommend that you delete the hard-link migration store a **Important**   Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. -  + Keeping the hard-link migration store can result in additional disk space being consumed or problems with some applications for the following reasons: @@ -91,7 +94,7 @@ Keeping the hard-link migration store can result in additional disk space being **Important**   The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links. -  + ## Hard-Link Migration Scenario @@ -103,7 +106,7 @@ For example, a company has decided to deploy Windows 10 on all of their compute **Note**   As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate. -   + 2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. @@ -159,7 +162,7 @@ Files that are locked by an application are treated the same in hard-link migrat **Important**   There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. -  + ## XML Elements in the Config.xml File @@ -197,12 +200,12 @@ A new section in the Config.xml file allows optional configuration of some of th -  + **Important**   You must use the **/nocompress** option with the **/HardLink** option. -  + The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. @@ -222,9 +225,9 @@ The following XML sample specifies that files locked by an application under the [Plan Your Migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index 956abe0554..84bf06500d 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -2,6 +2,9 @@ title: How USMT Works (Windows 10) description: How USMT Works ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -22,7 +25,7 @@ USMT includes two tools that migrate settings and data: ScanState and LoadState. **Note**   For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). -   + ## The ScanState Process @@ -54,7 +57,7 @@ When you run the ScanState tool on the source computer, it goes through the foll **Note**   From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. ScanState processes all components in the same way. -   + 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory. @@ -69,7 +72,7 @@ When you run the ScanState tool on the source computer, it goes through the foll **Note**   ScanState ignores some subsections such as <destinationCleanup> and <locationModify>. These sections are evaluated only on the destination computer. -   + 5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile. @@ -78,68 +81,68 @@ When you run the ScanState tool on the source computer, it goes through the foll **Note**   ScanState does not modify the source computer in any way. -   + ## The LoadState Process The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer. -1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging. +1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging. -2. LoadState collects information about the migration components that need to be migrated. +2. LoadState collects information about the migration components that need to be migrated. - LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command. + LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command. - In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file. + In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file. -3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration. +3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration. - - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the**/lac** command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated. + - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the/lac command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated. - - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified. + - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified. - - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md). + - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md). -4. In the "Scanning" phase, LoadState does the following for each user profile: +4. In the "Scanning" phase, LoadState does the following for each user profile: - 1. For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored. + 1. For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored. - **Note**   - From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way. + **Note** + From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way. -   + - 2. Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory). + 2. Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory). - **Note**   - LoadState ignores the <detects> section specified in a component. At this point, all specified components are considered to be detected and are selected for migration. + **Note** + LoadState ignores the <detects> section specified in a component. At this point, all specified components are considered to be detected and are selected for migration. -   + - 3. For each selected component, LoadState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. + 3. For each selected component, LoadState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. - 4. LoadState creates a master list of migration units by processing the various subsections under the <rules> section. Each migration unit that is in an <include> subsection is migrated as long, as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + 4. LoadState creates a master list of migration units by processing the various subsections under the <rules> section. Each migration unit that is in an <include> subsection is migrated as long, as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - 5. LoadState evaluates the destination computer-specific subsections; for example, the <destinationCleanup> and <locationModify> subsections. + 5. LoadState evaluates the destination computer-specific subsections; for example, the <destinationCleanup> and <locationModify> subsections. - 6. If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState. + 6. If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState. - **Important**   - It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as <locationModify>, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran. + **Important** + It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as <locationModify>, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran. -   + -5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a <merge> rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed. +5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a <merge> rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed. ## Related topics [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index 57faa88dd9..f26b1b8cd3 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -2,6 +2,9 @@ title: User State Migration Tool (USMT) How-to topics (Windows 10) description: User State Migration Tool (USMT) How-to topics ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -29,4 +32,4 @@ The following table lists topics that describe how to use User State Migration T ## Related topics - [User State Migration Tool (USMT) Overview Topics](usmt-topics.md) - [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) -- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) \ No newline at end of file +- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index 134ae9d3a7..874e4e4399 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -2,6 +2,9 @@ title: Identify Applications Settings (Windows 10) description: Identify Applications Settings ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index 5070fe03e4..2dfe827d3f 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -2,6 +2,9 @@ title: Identify File Types, Files, and Folders (Windows 10) description: Identify File Types, Files, and Folders ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 28d95e4b3b..cce810e31f 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -2,6 +2,9 @@ title: Identify Operating System Settings (Windows 10) description: Identify Operating System Settings ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -40,16 +43,16 @@ For more information about how to change the operating-system settings that are For information about the operating-system settings that USMT migrates, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) -  + ## Related topics [Determine What to Migrate](usmt-determine-what-to-migrate.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index 5654585491..4f0534cf76 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -2,6 +2,9 @@ title: Identify Users (Windows 10) description: Identify Users ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -29,16 +32,16 @@ It is important to carefully consider how you plan to migrate users. By default, Before migrating local accounts, note the following: -- [You must explicitly specify that local accounts that are not on the destination computer should be migrated.](#bkmk-8) If you are migrating local accounts and the local account does not exist on the destination computer, you must use the**/lac** option when using the LoadState command. If the **/lac** option is not specified, no local user accounts will be migrated. +- [You must explicitly specify that local accounts that are not on the destination computer should be migrated.](#bkmk-8) If you are migrating local accounts and the local account does not exist on the destination computer, you must use the/lac option when using the LoadState command. If the **/lac** option is not specified, no local user accounts will be migrated. -- [Consider whether to enable user accounts that are new to the destination computer.](#bkmk-8) The **/lae** option enables the account that was created with the **/lac** option. However, if you create a disabled local account by using only the **/lac** option, a local administrator must enable the account on the destination computer. +- [Consider whether to enable user accounts that are new to the destination computer.](#bkmk-8) The **/lae** option enables the account that was created with the **/lac** option. However, if you create a disabled local account by using only the **/lac** option, a local administrator must enable the account on the destination computer. -- [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools. +- [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools. - **Note**   - If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password. + **Note** + If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password. -   + ## Migrating Domain Accounts @@ -55,7 +58,7 @@ USMT provides several options to migrate multiple users on a single computer. Th **Important**   The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations. -   + - [Moving users to another domain.](#bkmk-8) You can move user accounts to another domain using the **/md** option with the LoadState command-line tool. @@ -66,7 +69,7 @@ USMT provides several options to migrate multiple users on a single computer. Th **Note**   By default, if a user name is not specified in any of the command-line options, the user will be migrated. -   + ## Related topics @@ -77,9 +80,9 @@ USMT provides several options to migrate multiple users on a single computer. Th [LoadState Syntax](usmt-loadstate-syntax.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index b3e26e37b3..89b7d8fa3a 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -2,6 +2,9 @@ title: Include Files and Settings (Windows 10) description: Include Files and Settings ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 760fbb96ed..63c3b443b8 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -2,6 +2,9 @@ title: LoadState Syntax (Windows 10) description: LoadState Syntax ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -58,7 +61,7 @@ The **LoadState** command's syntax is: loadstate *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] -For example, to decrypt the store and migrate the files and settings to a computer running Windows 7 type the following on the command line: +For example, to decrypt the store and migrate the files and settings to a computer running Windows 7 type the following on the command line: `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:13 /decrypt /key:"mykey"` @@ -88,28 +91,27 @@ USMT provides the following options that you can use to specify how and where th

                                            or

                                            /decrypt /key:"Key String"

                                            or

                                            -

                                            /decrypt /keyfile:[Path\]FileName

                                            +

                                            /decrypt /keyfile:[Path</em>]FileName

                                            Decrypts the store with the specified key. With this option, you will need to specify the encryption key in one of the following ways:

                                            • /key:KeyString specifies the encryption key. If there is a space in KeyString, you must surround the argument with quotation marks.

                                            • /keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key

                                            -

                                            KeyString cannot exceed 256 characters.

                                            +

                                            KeyString cannot exceed 256 characters.

                                            The /key and /keyfile options cannot be used on the same command line.

                                            The /decrypt and /nocompress options cannot be used on the same command line.

                                            -Important   -

                                            Use caution with this option, because anyone who has access to the LoadState command-line script will also have access to the encryption key.

                                            +Important

                                            Use caution with this option, because anyone who has access to the LoadState command-line script will also have access to the encryption key.

                                            -  +

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /decrypt /key:mykey

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey

                                            /decrypt:"encryption strength"

                                            -

                                            The /decrypt option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md).

                                            +

                                            The /decrypt option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see Migration Store Encryption.

                                            /hardlink

                                            @@ -119,12 +121,12 @@ USMT provides the following options that you can use to specify how and where th

                                            /nocompress

                                            Specifies that the store is not compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option cannot be used with the /decrypt option.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /nocompress

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress

                                            -  + ## Migration Rule Options @@ -144,16 +146,16 @@ USMT provides the following options to specify what files you want to migrate. -

                                            /i:[Path\]FileName

                                            +

                                            /i:[Path]FileName

                                            (include)

                                            Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.

                                            -

                                            For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.md) topic.

                                            +

                                            For more information about which files to specify, see the "XML files" section of the Frequently Asked Questions topic.

                                            -

                                            /config:[Path\]FileName

                                            +

                                            /config:[Path]FileName

                                            Specifies the Config.xml file that the LoadState command should use. You cannot specify this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then the FileName must be located in the current directory.

                                            This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

                                            -

                                            loadstate \\server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log

                                            +

                                            loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log

                                            /auto:"path to script files"

                                            @@ -162,7 +164,7 @@ USMT provides the following options to specify what files you want to migrate. -  + ## Monitoring Options @@ -182,7 +184,7 @@ USMT provides several command-line options that you can use to analyze problems -

                                            /l:[Path\]FileName

                                            +

                                            /l:[Path]FileName

                                            Specifies the location and name of the LoadState log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can specify the /v option to adjust the amount of output.

                                            If you run the LoadState command from a shared network resource, you must specify this option or USMT will fail with the error: "USMT was unable to create the log file(s)". To fix this issue, use the /l:load.log option.

                                            @@ -237,15 +239,15 @@ USMT provides several command-line options that you can use to analyze problems -

                                             

                                            +

                                            For example:

                                            -

                                            loadstate \\server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml

                                            +

                                            loadstate \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml

                                            -

                                            /progress:[Path\]FileName

                                            +

                                            /progress:[Path</em>]FileName

                                            Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /progress:prog.log /l:scanlog.log

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log

                                            /c

                                            @@ -254,13 +256,13 @@ USMT provides several command-line options that you can use to analyze problems

                                            /r:<TimesToRetry>

                                            (Retry)

                                            -

                                            Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

                                            +

                                            Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

                                            While restoring the user state, the /r option will not recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem.

                                            /w:<SecondsBeforeRetry>

                                            (Wait)

                                            -

                                            Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

                                            +

                                            Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

                                            /? or /help

                                            @@ -269,7 +271,7 @@ USMT provides several command-line options that you can use to analyze problems -  + ## User Options @@ -294,24 +296,23 @@ By default, all users are migrated. The only way to specify which users to inclu

                                            USMT migrates all user accounts on the computer, unless you specifically exclude an account with the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to use the /all option, you cannot also use the /ui, /ue or /uel options.

                                            -

                                            /ui:DomainName\UserName

                                            +

                                            /ui:DomainName<em>UserName

                                            or

                                            -

                                            /ui:"DomainName\User Name"

                                            +

                                            /ui:"DomainName<em>User Name"

                                            or

                                            -

                                            /ui:ComputerName\LocalUserName

                                            +

                                            /ui:ComputerName<em>LocalUserName

                                            (User include)

                                            -

                                            Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue option. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks.

                                            +

                                            Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue option. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks.

                                            For example:

                                            • To include only User2 from the Corporate domain, type:

                                              -

                                              /ue:*\* /ui:corporate\user2

                                              • +

                                              /ue:* /ui:corporate\user2

                                            -Note   -

                                            If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

                                            +Note

                                            If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

                                            -  +

                                            For more examples, see the descriptions of the /uel, /ue, and /ui options in this table.

                                            @@ -322,34 +323,33 @@ By default, all users are migrated. The only way to specify which users to inclu

                                            or

                                            /uel:0

                                            (User exclude based on last logon)

                                            -

                                            Migrates only the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.

                                            +

                                            Migrates only the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.

                                            -Note   -

                                            The /uel option is not valid in offline migrations.

                                            +Note

                                            The /uel option is not valid in offline migrations.

                                            -  +

                                            Examples:

                                            • /uel:0 migrates accounts that were logged on to the source computer when the ScanState command was run.

                                              • -

                                            • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

                                              • -

                                            • /uel:1 migrates users whose accounts have been modified within the last 24 hours.

                                              • +

                                            • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

                                              • +

                                            • /uel:1 migrates users whose accounts have been modified within the last 24 hours.

                                            • /uel:2002/1/15 migrates users who have logged on or whose accounts have been modified since January 15, 2002.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0

                                            -

                                            /ue:DomainName\UserName

                                            +

                                            /ue:DomainName<em>UserName

                                            or

                                            -

                                            /ue:"DomainName\User Name"

                                            +

                                            /ue:"DomainName<em>User Name"

                                            or

                                            -

                                            /ue:ComputerName\LocalUserName

                                            +

                                            /ue:ComputerName<em>LocalUserName

                                            (User exclude)

                                            -

                                            Excludes the specified users from the migration. You can specify multiple /ue options but you cannot use the /ue option with the /all option. DomainName and UserName can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

                                            +

                                            Excludes the specified users from the migration. You can specify multiple /ue options but you cannot use the /ue option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /ue:contoso\user1

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1

                                            For more examples, see the descriptions of the /uel, /ue, and /ui options in this table.

                                            @@ -357,27 +357,26 @@ By default, all users are migrated. The only way to specify which users to inclu

                                            or

                                            /md:LocalComputerName:NewDomain

                                            (move domain)

                                            -

                                            Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. OldDomain may contain the asterisk (*) wildcard character.

                                            +

                                            Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. OldDomain may contain the asterisk () wildcard character.

                                            You can specify this option more than once. You may want to specify multiple /md options if you are consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: /md:corporate:fabrikam and /md:farnorth:fabrikam.

                                            If there are conflicts between two /md commands, the first rule that you specify is applied. For example, if you specify the /md:corporate:fabrikam and /md:corporate:farnorth commands, then Corporate users would be mapped to the Fabrikam domain.

                                            -Note   -

                                            If you specify an OldDomain that did not exist on the source computer, the LoadState command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to NewDomain but will remain in their original domain. For example, if you misspell "contoso" and you specify "/md:contso:fabrikam", the users will remain in contoso on the destination computer.

                                            +Note

                                            If you specify an OldDomain that did not exist on the source computer, the LoadState command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to NewDomain but will remain in their original domain. For example, if you misspell "contoso" and you specify "/md:contso:fabrikam", the users will remain in contoso on the destination computer.

                                            -  +

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

                                            /progress:prog.log /l:load.log /md:contoso:fabrikam

                                            -

                                            /mu:OldDomain\OldUserName:[NewDomain\]NewUserName

                                            +

                                            /mu:OldDomain<em>OldUserName:[NewDomain]NewUserName

                                            or

                                            -

                                            /mu:OldLocalUserName:NewDomain\NewUserName

                                            +

                                            /mu:OldLocalUserName:NewDomain<em>NewUserName

                                            Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple /mu options. You cannot use wildcard characters with this option.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

                                            /progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1

                                            @@ -387,30 +386,29 @@ By default, all users are migrated. The only way to specify which users to inclu

                                            If the /lac option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated.

                                            Password is the password for the newly created account. An empty password is used by default.

                                            -Caution   -

                                            Use the Password variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the LoadState command.

                                            +Caution

                                            Use the Password variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the LoadState command.

                                            Also, if the computer has multiple users, all migrated users will have the same password.

                                            -  +

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore

                                            -

                                            For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md).

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

                                            +

                                            For instructions, see Migrate User Accounts.

                                            /lae

                                            (local account enable)

                                            Enables the account that was created with the /lac option. You must specify the /lac option with this option.

                                            For example:

                                            -

                                            loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore

                                            +

                                            loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

                                            /progress:prog.log /l:load.log /lac:password /lae

                                            -

                                            For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md).

                                            +

                                            For instructions, see Migrate User Accounts.

                                            -  + ### Examples for the /ui and /ue options @@ -442,20 +440,20 @@ The following examples apply to both the **/ui** and **/ue** options. You can re

                                            Exclude all domain users.

                                            -

                                            /ue:Domain\*

                                            +

                                            /ue:Domain

                                            Exclude all local users.

                                            -

                                            /ue:%computername%\*

                                            +

                                            /ue:%computername%

                                            Exclude users in all domains named User1, User2, and so on.

                                            -

                                            /ue:*\user*

                                            +

                                            /ue:\user

                                            -  + ### Using the Options Together @@ -463,7 +461,7 @@ You can use the **/uel**, **/ue** and **/ui** options together to migrate only t **The /ui option has precedence over the /ue and /uel options.** If a user is specified to be included using the **/ui** option, and also specified to be excluded using either the **/ue** or **/uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the **/ui** option takes precedence over the **/ue** option. -**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the **/uel** option, that user’s profile will be migrated even if they are excluded by using the **/ue** option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. +**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the **/uel** option, that user’s profile will be migrated even if they are excluded by using the **/ue** option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. @@ -479,28 +477,28 @@ You can use the **/uel**, **/ue** and **/ui** options together to migrate only t - + - + - +

                                            Include only User2 from the Fabrikam domain and exclude all other users.

                                            /ue:*\* /ui:fabrikam\user2

                                            /ue:* /ui:fabrikam\user2

                                            Include only the local user named User1 and exclude all other users.

                                            /ue:*\* /ui:user1

                                            /ue:* /ui:user1

                                            Include only the domain users from Contoso, except Contoso\User1.

                                            This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:

                                              -

                                            • Using the ScanState command-line tool, type: /ue:*\* /ui:contoso\*

                                              • +

                                            • Using the ScanState command-line tool, type: /ue:* /ui:contoso

                                            • Using the LoadState command-line tool, type: /ue:contoso\user1

                                            Include only local (non-domain) users.

                                            /ue:*\* /ui:%computername%\*

                                            /ue: /ui:%computername%*
                                            -  + ## Incompatible Command-Line Options @@ -689,21 +687,21 @@ The following table indicates which command-line options are not compatible with -  -**Note**   + +**Note** You must specify either the **/key** or **/keyfile** option with the **/encrypt** option. -  + ## Related topics [XML Elements Library](usmt-xml-elements-library.md) -  - -  + + + diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 3c71bf52ca..34f4626318 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -2,6 +2,9 @@ title: Log Files (Windows 10) description: Log Files ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -45,22 +48,22 @@ The following table describes each command-line option related to logs, and it p -

                                            /l[Path\]FileName

                                            +

                                            /l[Path]FileName

                                            Scanstate.log or LoadState.log

                                            Specifies the path and file name of the ScanState.log or LoadState log.

                                            -

                                            /progress[Path\]FileName

                                            +

                                            /progress[Path]FileName

                                            Specifies the path and file name of the Progress log.

                                            Provides information about the status of the migration, by percentage complete.

                                            /v[VerbosityLevel]

                                            Not applicable

                                            -

                                            See the "Monitoring Options" section in [ScanState Syntax](usmt-scanstate-syntax.md).

                                            +

                                            See the "Monitoring Options" section in ScanState Syntax.

                                            -

                                            /listfiles[Path\]FileName

                                            +

                                            /listfiles[Path]FileName

                                            Specifies the path and file name of the Listfiles log.

                                            Provides a list of the files that were migrated.

                                            @@ -72,12 +75,12 @@ The following table describes each command-line option related to logs, and it p -  + **Note**   You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run. -  + ## ScanState and LoadState Logs @@ -218,7 +221,7 @@ The remaining fields are key/value pairs as indicated in the following table. -  + ## List Files Log @@ -480,9 +483,9 @@ Your revised migration XML script excludes the files from migrating, as confirme [LoadState Syntax](usmt-loadstate-syntax.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index c38ad5f818..0e3db8dd0c 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -2,6 +2,9 @@ title: Migrate EFS Files and Certificates (Windows 10) description: Migrate EFS Files and Certificates ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -23,7 +26,7 @@ Encrypting File System (EFS) certificates will be migrated automatically. Howeve **Note**   The **/efs** options are not used with the LoadState command. -  + Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. @@ -42,9 +45,9 @@ Where *<Path>* is the full path of the topmost parent directory where the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 94224b2a0c..0842197047 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -2,6 +2,9 @@ title: Migrate User Accounts (Windows 10) description: Migrate User Accounts ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -46,7 +49,7 @@ Links to detailed explanations of commands are available in the Related Topics s **Note**   You do not have to specify the **/lae** option, which enables the account that was created with the **/lac** option. Instead, you can create a disabled local account by specifying only the **/lac** option, and then a local administrator needs to enable the account on the destination computer. -   + ## To migrate two domain accounts (User1 and User2) Links to detailed explanations of commands are available in the Related Topics section. @@ -83,9 +86,9 @@ Links to detailed explanations of commands are available in the Related Topics s [LoadState Syntax](usmt-loadstate-syntax.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index a177f4bccb..007c4b258a 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -2,6 +2,9 @@ title: Migration Store Encryption (Windows 10) description: Migration Store Encryption ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -51,21 +54,21 @@ The following table describes the command-line encryption options in USMT. -  + **Important**   Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md) -  + ## Related topics [Plan Your Migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 6cd2240e96..d35c195f0f 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -2,6 +2,9 @@ title: User State Migration Tool (USMT) Overview (Windows 10) description: User State Migration Tool (USMT) Overview ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index aabd7f7072..6b8319c12a 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -2,6 +2,9 @@ title: Plan Your Migration (Windows 10) description: Plan Your Migration ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -29,38 +32,38 @@ One of the most important requirements for migrating settings and data is restor -

                                            [Common Migration Scenarios](usmt-common-migration-scenarios.md)

                                            +

                                            Common Migration Scenarios

                                            Determine whether you will perform a refresh migration or a replace migration.

                                            -

                                            [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)

                                            +

                                            What Does USMT Migrate?

                                            Learn which applications, user data, and operating system components USMT migrates.

                                            -

                                            [Choose a Migration Store Type](usmt-choose-migration-store-type.md)

                                            +

                                            Choose a Migration Store Type

                                            Choose an uncompressed, compressed, or hard-link migration store.

                                            -

                                            [Determine What to Migrate](usmt-determine-what-to-migrate.md)

                                            +

                                            Determine What to Migrate

                                            Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.

                                            -

                                            [Test Your Migration](usmt-test-your-migration.md)

                                            +

                                            Test Your Migration

                                            Test your migration before you deploy Windows to all users.

                                            -  + ## Related topics [USMT XML Reference](usmt-xml-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 7012dc5ff6..29f59d9b74 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -2,6 +2,9 @@ title: Recognized Environment Variables (Windows 10) description: Recognized Environment Variables ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index 6472bb3b6a..2ab5b4c6c7 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -2,6 +2,9 @@ title: User State Migration Toolkit (USMT) Reference (Windows 10) description: User State Migration Toolkit (USMT) Reference ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -23,37 +26,37 @@ ms.topic: article -

                                            [USMT Requirements](usmt-requirements.md)

                                            +

                                            USMT Requirements

                                            Describes operating system, hardware, and software requirements, and user prerequisites.

                                            -

                                            [USMT Best Practices](usmt-best-practices.md)

                                            +

                                            USMT Best Practices

                                            Discusses general and security-related best practices when using USMT.

                                            -

                                            [How USMT Works](usmt-how-it-works.md)

                                            +

                                            How USMT Works

                                            Learn about the processes behind the ScanState and LoadState tools.

                                            -

                                            [Plan Your Migration](usmt-plan-your-migration.md)

                                            +

                                            Plan Your Migration

                                            Choose what to migrate and the best migration scenario for your enterprise.

                                            -

                                            [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)

                                            +

                                            User State Migration Tool (USMT) Command-line Syntax

                                            Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.

                                            -

                                            [USMT XML Reference](usmt-xml-reference.md)

                                            +

                                            USMT XML Reference

                                            Learn about customizing a migration with XML files.

                                            -

                                            [Offline Migration Reference](offline-migration-reference.md)

                                            +

                                            Offline Migration Reference

                                            Find requirements, best practices, and other considerations for performing a migration offline.

                                            -  + ## Related topics @@ -64,9 +67,9 @@ ms.topic: article [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index c4d78425d6..20590672c3 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -2,6 +2,9 @@ title: USMT Requirements (Windows 10) description: USMT Requirements ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -79,7 +82,7 @@ The following table lists the operating systems supported in USMT. -  + **Note**   You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system. @@ -148,9 +151,9 @@ This documentation assumes that IT professionals using USMT understand command-l [Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
                                            [User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
                                            -  + -  + diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index 9f146337b3..4ea1caaac3 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -2,6 +2,9 @@ title: Reroute Files and Settings (Windows 10) description: Reroute Files and Settings ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index c934bdd8eb..32ed639508 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -2,6 +2,9 @@ title: USMT Resources (Windows 10) description: USMT Resources ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 0ec3d9f0f8..18d223385b 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -2,6 +2,9 @@ title: Return Codes (Windows 10) description: Return Codes ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -43,7 +46,7 @@ Non-fatal Errors Fatal Errors -As a best practice, we recommend that you set verbosity level to 5, **/v***:5*, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. +As a best practice, we recommend that you set verbosity level to 5, **/v**:5, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. ## USMT Error Messages @@ -127,7 +130,7 @@ The following table lists each return code by numeric value, along with the asso

                                            -

                                            /encrypt can't be used with /nocompress

                                            +

                                            /encrypt can't be used with /nocompress

                                            Review ScanState log or LoadState log for details about command-line errors.

                                            @@ -141,14 +144,14 @@ The following table lists each return code by numeric value, along with the asso

                                            -

                                            /genconfig can't be used with most other options

                                            +

                                            /genconfig can't be used with most other options

                                            Review ScanState log or LoadState log for details about command-line errors.

                                            -

                                            /genmigxml can't be used with most other options

                                            +

                                            /genmigxml can't be used with most other options

                                            Review ScanState log or LoadState log for details about command-line errors.

                                            @@ -435,7 +438,7 @@ The following table lists each return code by numeric value, along with the asso

                                            27

                                            USMT_INVALID_STORE_LOCATION

                                            -

                                            A store path can't be used because an existing store exists; specify /o to overwrite

                                            +

                                            A store path can't be used because an existing store exists; specify /o to overwrite

                                            Specify /o to overwrite an existing intermediate or migration store.

                                            Setup and Initialization

                                            @@ -596,7 +599,7 @@ The following table lists each return code by numeric value, along with the asso

                                            -

                                            A store path can't be used because it contains data that could not be overwritten

                                            +

                                            A store path can't be used because it contains data that could not be overwritten

                                            A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use USMTUtils /rd command to delete the store.

                                            @@ -673,7 +676,7 @@ The following table lists each return code by numeric value, along with the asso

                                            41

                                            USMT_PREFLIGHT_FILE_CREATION_FAILED

                                            -

                                            Can't overwrite existing file

                                            +

                                            Can't overwrite existing file

                                            The Progress log could not be created. Verify that the location is valid and that you have write access.

                                            Setup and Initialization

                                            @@ -688,7 +691,7 @@ The following table lists each return code by numeric value, along with the asso

                                            42

                                            USMT_ERROR_CORRUPTED_STORE

                                            The store contains one or more corrupted files

                                            -

                                            Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).

                                            +

                                            Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see Extract Files from a Compressed USMT Migration Store.

                                            @@ -764,7 +767,7 @@ The following table lists each return code by numeric value, along with the asso -  + ## Related topics @@ -773,9 +776,9 @@ The following table lists each return code by numeric value, along with the asso [Log Files](usmt-log-files.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 3090160049..77c1c1b5d6 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -2,6 +2,9 @@ title: ScanState Syntax (Windows 10) description: ScanState Syntax ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -13,7 +16,7 @@ ms.topic: article # ScanState Syntax -The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. +The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. ## In This Topic @@ -119,32 +122,31 @@ To create an encrypted store using the Config.xml file and the default migration

                                          1. /key:KeyString specifies the encryption key. If there is a space in KeyString, you will need to surround KeyString with quotation marks.

                                          2. /keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key.

                                    -

                                    We recommend that KeyString be at least eight characters long, but it cannot exceed 256 characters. The /key and /keyfile options cannot be used on the same command line. The /encrypt and /nocompress options cannot be used on the same command line.

                                    +

                                    We recommend that KeyString be at least eight characters long, but it cannot exceed 256 characters. The /key and /keyfile options cannot be used on the same command line. The /encrypt and /nocompress options cannot be used on the same command line.

                                    -Important   -

                                    You should use caution with this option, because anyone who has access to the ScanState command-line script will also have access to the encryption key.

                                    +Important

                                    You should use caution with this option, because anyone who has access to the ScanState command-line script will also have access to the encryption key.

                                    -  +

                                    The following example shows the ScanState command and the /key option:

                                    -

                                    scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /encrypt /key:mykey

                                    +

                                    scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey

                                    /encrypt:<EncryptionStrength>

                                    -

                                    The /encrypt option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md).

                                    +

                                    The /encrypt option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see Migration Store Encryption.

                                    /nocompress

                                    Disables compression of data and saves the files to a hidden folder named "File" at StorePath\USMT. Compression is enabled by default. Combining the /nocompress option with the /hardlink option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the /nocompress option with the /hardlink option.

                                    The /nocompress and /encrypt options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the LoadState command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

                                    For example:

                                    -

                                    scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /nocompress

                                    +

                                    scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress

                                    -  + ## Run the ScanState Command on an Offline Windows System @@ -199,7 +201,7 @@ There are several benefits to running the **ScanState** command on an offline Wi -  + ## Migration Rule Options @@ -219,12 +221,12 @@ USMT provides the following options to specify what files you want to migrate. -

                                    /i:[Path\]FileName

                                    +

                                    /i:[Path]FileName

                                    (include)

                                    -

                                    Specifies an .xml file that contains rules that define what user, application or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the [Frequently Asked Questions](usmt-faq.md) topic.

                                    +

                                    Specifies an .xml file that contains rules that define what user, application or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the Frequently Asked Questions topic.

                                    -

                                    /genconfig:[Path\]FileName

                                    +

                                    /genconfig:[Path]FileName

                                    (Generate Config.xml)

                                    Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the /i option, when you specify this option.

                                    After you create this file, you will need to make use of it with the ScanState command using the /config option.

                                    @@ -236,12 +238,12 @@ USMT provides the following options to specify what files you want to migrate.
                                  -

                                  /config:[Path\]FileName

                                  +

                                  /config:[Path</em>]FileName

                                  Specifies the Config.xml file that the ScanState command should use to create the store. You cannot use this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.

                                  The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:

                                  -

                                  scanstate \\server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log

                                  +

                                  scanstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log

                                  The following example migrates the files and settings to the destination computer using the Config.xml, MigDocs.xml, and MigApp.xml files:

                                  -

                                  loadstate \\server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log

                                  +

                                  loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log

                                  /auto:path to script files

                                  @@ -253,24 +255,24 @@ USMT provides the following options to specify what files you want to migrate.

                                  /targetwindows8

                                  -

                                  Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command line option in the following scenarios:

                                  +

                                  Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command line option in the following scenarios:

                                    -

                                  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows8 option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.

                                    • +

                                  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows8 option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.

                                  • To create a migration store. Using the /targetwindows8 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows8 command-line option, some settings can be lost during the migration.

                                  /targetwindows7

                                  -

                                  Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command line option in the following scenarios:

                                  +

                                  Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command line option in the following scenarios:

                                    -

                                  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows7 option optimizes the Config.xml file so that it only contains components that relate to Windows 7.

                                    • +

                                  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows7 option optimizes the Config.xml file so that it only contains components that relate to Windows 7.

                                  • To create a migration store. Using the /targetwindows7 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows7 command-line option, some settings can be lost during the migration.

                                  /localonly

                                  Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the /localonly option is not specified, then the ScanState command will copy files from these removable or network drives into the store.

                                  -

                                  Anything that is not considered a fixed drive by the OS will be excluded by /localonly. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).

                                  +

                                  Anything that is not considered a fixed drive by the OS will be excluded by /localonly. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see Exclude Files and Settings.

                                  The /localonly command-line option includes or excludes data in the migration as identified in the following table:

                                  @@ -298,22 +300,22 @@ USMT provides the following options to specify what files you want to migrate.
                                  -

                                   

                                  +

                                  -  + ## Monitoring Options USMT provides several options that you can use to analyze problems that occur during migration. -**Note**   +**Note** The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option. -  + @@ -332,7 +334,7 @@ The ScanState log is created by default, but you can specify the name and locati - + @@ -388,16 +390,16 @@ The ScanState log is created by default, but you can specify the name and locati

                                  You can use the /listfiles command-line option with the ScanState command to generate a text file that lists all of the files included in the migration.

                                  /l:[Path\]FileName

                                  /l:[Path]FileName

                                  Specifies the location and name of the ScanState log.

                                  You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can use the /v option to adjust the amount of output.

                                  If you run the ScanState or LoadState commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /l:scan.log command.
                                  -

                                   

                                  +

                                  For example:

                                  -

                                  scanstate \\server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml

                                  +

                                  scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml

                                  -

                                  /progress:[Path\]FileName

                                  +

                                  /progress:[Path</em>]FileName

                                  Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.

                                  For example:

                                  -

                                  scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /progress:prog.log /l:scanlog.log

                                  +

                                  scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log

                                  /c

                                  @@ -413,14 +415,14 @@ The ScanState log is created by default, but you can specify the name and locati

                                  /w:<SecondsBeforeRetry>

                                  (Wait)

                                  -

                                  Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

                                  +

                                  Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

                                  /p:<pathToFile>

                                  When the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:

                                  Scanstate.exe C:\MigrationLocation [additional parameters]

                                  /p:"C:\MigrationStoreSize.xml"

                                  -

                                  For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

                                  +

                                  For more information, see Estimate Migration Store Size.

                                  To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying "pathtoafile", in USMT. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT3.x releases.

                                  @@ -430,7 +432,7 @@ The ScanState log is created by default, but you can specify the name and locati -  + ## User Options @@ -455,25 +457,24 @@ By default, all users are migrated. The only way to specify which users to inclu

                                  USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /all option, you cannot also use the /ui, /ue or /uel options.

                                  -

                                  /ui:<DomainName>\<UserName>

                                  +

                                  /ui:<DomainName>\<UserName>

                                  or

                                  -

                                  /ui:<ComputerName>\<LocalUserName>

                                  +

                                  /ui:<ComputerName>\<LocalUserName>

                                  (User include)

                                  -

                                  Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue or /uel options. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

                                  +

                                  Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue or /uel options. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

                                  -Note   -

                                  If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

                                  +Note

                                  If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

                                  -  +

                                  For example:

                                    -

                                  • To include only User2 from the Fabrikam domain, type:

                                    -

                                    /ue:*\* /ui:fabrikam\user2

                                    • -

                                  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:

                                    -

                                    /uel:30 /ui:fabrikam\*

                                    -

                                    In this example, a user account from the Contoso domain that was last modified 2 months ago will not be migrated.

                                    • +

                                    To include only User2 from the Fabrikam domain, type:

                                    +

                                    /ue:*\* /ui:fabrikam\user2

                                    +

                                    To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:

                                    +

                                    /uel:30 /ui:fabrikam\*

                                    +

                                    In this example, a user account from the Contoso domain that was last modified 2 months ago will not be migrated.

                                  For more examples, see the descriptions of the /ue and /ui options in this table.

                                  @@ -484,38 +485,37 @@ By default, all users are migrated. The only way to specify which users to inclu

                                  or

                                  /uel:0

                                  (User exclude based on last logon)

                                  -

                                  Migrates the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

                                  +

                                  Migrates the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

                                  You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.

                                  -Note   -

                                  The /uel option is not valid in offline migrations.

                                  +Note

                                  The /uel option is not valid in offline migrations.

                                  -  +

                                  • /uel:0 migrates any users who are currently logged on.

                                    • -

                                  • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

                                    • -

                                  • /uel:1 migrates users whose account has been modified within the last 24 hours.

                                    • +

                                  • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

                                    • +

                                  • /uel:1 migrates users whose account has been modified within the last 24 hours.

                                  • /uel:2002/1/15 migrates users who have logged on or been modified January 15, 2002 or afterwards.

                                  For example:

                                  -

                                  scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0

                                  +

                                  scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0

                                  -

                                  /ue:<DomainName>\<UserName>

                                  +

                                  /ue:<DomainName>\<UserName>

                                  -or-

                                  -

                                  /ue:<ComputerName>\<LocalUserName>

                                  +

                                  /ue:<ComputerName>\<LocalUserName>

                                  (User exclude)

                                  -

                                  Excludes the specified users from the migration. You can specify multiple /ue options. You cannot use this option with the /all option. <DomainName> and <UserName> can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

                                  +

                                  Excludes the specified users from the migration. You can specify multiple /ue options. You cannot use this option with the /all option. <DomainName> and <UserName> can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

                                  For example:

                                  -

                                  scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1

                                  +

                                  scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1

                                  -  + ## How to Use /ui and /ue @@ -548,20 +548,20 @@ The following examples apply to both the /**ui** and /**ue** options. You can re

                                  Exclude all domain users.

                                  -

                                  /ue:Domain\*

                                  +

                                  /ue:Domain\*

                                  Exclude all local users.

                                  -

                                  /ue:%computername%\*

                                  +

                                  /ue:%computername%\*

                                  Exclude users in all domains named User1, User2, and so on.

                                  -

                                  /ue:*\user*

                                  +

                                  /ue:*\user*

                                  -  + ## Using the Options Together @@ -570,7 +570,7 @@ You can use the /**uel**, /**ue** and /**ui** options together to migrate only t The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option. -The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. +The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. @@ -586,28 +586,28 @@ The /**uel** option takes precedence over the /**ue** option. If a user has logg - + - + - +

                                  Include only User2 from the Fabrikam domain and exclude all other users.

                                  /ue:*\* /ui:fabrikam\user2

                                  /ue:*\* /ui:fabrikam\user2

                                  Include only the local user named User1 and exclude all other users.

                                  /ue:*\* /ui:user1

                                  /ue:*\* /ui:user1

                                  Include only the domain users from Contoso, except Contoso\User1.

                                  This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:

                                    -

                                  • On the ScanState command line, type: /ue:*\* /ui:contoso\*

                                    • +

                                  • On the ScanState command line, type: /ue:*\* /ui:contoso\*

                                  • On the LoadState command line, type: /ue:contoso\user1

                                  Include only local (non-domain) users.

                                  /ue:*\* /ui:%computername%\*

                                  /ue:*\* /ui:%computername%\*
                                  -  + ## Encrypted File Options @@ -616,15 +616,15 @@ You can use the following options to migrate encrypted files. In all cases, by d For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). -**Note**   -EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files +**Note** +EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files -  -**Caution**   + +**Caution** Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. -  + @@ -658,19 +658,18 @@ Take caution when migrating encrypted files. If you migrate an encrypted file wi

                                  /efs:copyraw

                                  Causes the ScanState command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an /efs option. Therefore you should specify the /efs:copyraw option with the ScanState command to migrate the encrypted file. Then, when you run the LoadState command, the encrypted file and the EFS certificate will be automatically migrated.

                                  For example:

                                  -

                                  ScanState /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /efs:copyraw

                                  +

                                  ScanState /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw

                                  -Important   -

                                  All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).

                                  +Important

                                  All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see Migrate EFS Files and Certificates.

                                  -  +
                                  -  + ## Incompatible Command-Line Options @@ -852,21 +851,21 @@ The following table indicates which command-line options are not compatible with -  -**Note**   + +**Note** You must specify either the /**key** or /**keyfile** option with the /**encrypt** option. -  + ## Related topics [XML Elements Library](usmt-xml-elements-library.md) -  - -  + + + diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 8386dcb426..9b8726e0ce 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -2,6 +2,9 @@ title: User State Migration Tool (USMT) Technical Reference (Windows 10) description: The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals. ms.assetid: f90bf58b-5529-4520-a9f8-b6cb4e4d3add +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index fd06ddddea..bbe67d5535 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -2,6 +2,9 @@ title: Test Your Migration (Windows 10) description: Test Your Migration ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -19,19 +22,19 @@ After you have thoroughly tested the entire migration process on a single comput If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line. -In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v***:5* option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger. +In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger. **Note**   -Running the ScanState and LoadState tools with the **/v***:5* option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred. +Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred. -  + After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246). **Note**   For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration. -  + ## Related topics @@ -40,9 +43,9 @@ For testing purposes, you can create an uncompressed store using the **/hardlink [Log Files](usmt-log-files.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index 16bffa6816..4c60bb319d 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -2,6 +2,9 @@ title: User State Migration Tool (USMT) Overview Topics (Windows 10) description: User State Migration Tool (USMT) Overview Topics ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -24,4 +27,4 @@ The User State Migration Tool (USMT) 10.0 provides a highly customizable user-p ## Related topics - [User State Migration Tool (USMT) How-to topics](usmt-how-to.md) - [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) -- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) \ No newline at end of file +- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index a3c18ef846..29613f1c1c 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -2,6 +2,9 @@ title: User State Migration Tool (USMT) Troubleshooting (Windows 10) description: User State Migration Tool (USMT) Troubleshooting ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -25,29 +28,29 @@ The following table describes topics that address common User State Migration To -

                                  [Common Issues](usmt-common-issues.md)

                                  +

                                  Common Issues

                                  Find troubleshooting solutions for common problems in USMT.

                                  -

                                  [Frequently Asked Questions](usmt-faq.md)

                                  +

                                  Frequently Asked Questions

                                  Find answers to questions about how to use USMT.

                                  -

                                  [Log Files](usmt-log-files.md)

                                  +

                                  Log Files

                                  Learn how to enable logging to help you troubleshoot issues in USMT.

                                  -

                                  [Return Codes](usmt-return-codes.md)

                                  +

                                  Return Codes

                                  Learn how to use return codes to identify problems in USMT.

                                  -

                                  [USMT Resources](usmt-resources.md)

                                  +

                                  USMT Resources

                                  Find more information and support for using USMT.

                                  -  + ## Related topics @@ -60,9 +63,9 @@ The following table describes topics that address common User State Migration To [User State Migration Toolkit (USMT) Reference](usmt-reference.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index 1f7f57ce3e..aad70a5dee 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -2,6 +2,9 @@ title: UsmtUtils Syntax (Windows 10) description: UsmtUtils Syntax ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -70,17 +73,17 @@ usmtutils \[/ec | /rd *<storeDir>* | /verify *<filepath>* \[options\

                                  /verify

                                  Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog.

                                  -

                                  See [Verify Options](#bkmk-verifyoptions) for syntax and options to use with /verify.

                                  +

                                  See Verify Options for syntax and options to use with /verify.

                                  /extract

                                  Recovers files from a compressed USMT migration store.

                                  -

                                  See [Extract Options](#bkmk-extractoptions) for syntax and options to use with /extract.

                                  +

                                  See Extract Options for syntax and options to use with /extract.

                                  -  + ## Verify Options @@ -184,12 +187,12 @@ usmtutils /verify\[:*<reportType>*\] *<filePath>* \[/l:*<logfile&

                                • /key:<KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.

                                • /keyfile: <FileName> specifies the location and name of a text (.txt) file that contains the encryption key.

                                -

                                For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md)

                                +

                                For more information about supported encryption algorithms, see Migration Store Encryption

                                -  + Some examples of **/verify** commands: @@ -310,7 +313,7 @@ The syntax for **/extract** is:

                              • /key: <KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.

                              • /keyfile:<FileName> specifies a text (.txt) file that contains the encryption key

                              -

                              For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md).

                              +

                              For more information about supported encryption algorithms, see Migration Store Encryption.

                              /o

                              @@ -319,7 +322,7 @@ The syntax for **/extract** is: -  + Some examples of **/extract** commands: @@ -338,9 +341,9 @@ Some examples of **/extract** commands: [Return Codes](usmt-return-codes.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 90ad6b1407..16fd8bd5bc 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -2,6 +2,9 @@ title: What does USMT migrate (Windows 10) description: What does USMT migrate ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -80,14 +83,14 @@ This section describes the user data that USMT migrates by default, using the Mi **Note**   The asterisk (\*) stands for zero or more characters. -   + - **Access control lists.** USMT migrates ACLs for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will still apply on the destination computer after the migration. **Important**   To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `c:\test docs`. -  + ## Operating-system components @@ -149,12 +152,12 @@ The following components are migrated by default using the manifest files: **Important**   This list may not be complete. There may be additional components that are migrated. -  + **Note**   Some settings, such as fonts, are not applied by the LoadState tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the LoadState tool. -  + ## Supported applications @@ -164,12 +167,12 @@ Although it is not required for all applications, it is good practice to install **Note**   The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. -  + **Note**   USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate. -  + When you specify the MigApp.xml file, USMT migrates the settings for the following applications: @@ -364,7 +367,7 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi -  + ## What USMT does not migrate @@ -416,9 +419,9 @@ Starting in Windows 10, version 1607 the USMT does not migrate the Start menu la [Plan your migration](usmt-plan-your-migration.md) -  + -  + diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index edea901079..84d7c89277 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -2,6 +2,9 @@ title: XML Elements Library (Windows 10) description: XML Elements Library ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -53,66 +56,66 @@ The following table describes the XML elements and helper functions you can use -

                              [<addObjects>](#addobjects)

                              -

                              [<attributes>](#attribute)

                              -

                              [<bytes>](#bytes)

                              -

                              [<commandLine>](#commandline)

                              -

                              [<component>](#component)

                              -

                              [<condition>](#condition)

                              -

                              [<conditions>](#conditions)

                              -

                              [<content>](#content)

                              -

                              [<contentModify>](#contentmodify)

                              -

                              [<description>](#description)

                              -

                              [<destinationCleanup>](#destinationcleanup)

                              -

                              [<detect>](#detect)

                              -

                              [<detects>](#detects)

                              -

                              [<detection>](#detection)

                              -

                              [<displayName>](#displayname)

                              -

                              [<environment>](#bkmk-environment)

                              -

                              [<exclude>](#exclude)

                              -

                              [<excludeAttributes>](#excludeattributes)

                              -

                              [<extensions>](#extensions)

                              -

                              [<extension>](#extension)

                              -

                              [<externalProcess>](#externalprocess)

                              -

                              [<icon>](#icon)

                              -

                              [<include>](#include)

                              -

                              [<includeAttribute>](#includeattributes)

                              -

                              [<library>](#library)

                              -

                              [<location>](#location)

                              -

                              [<locationModify>](#locationmodify)

                              -

                              [<_locDefinition>](#locdefinition)

                              -

                              [<manufacturer>](#manufacturer)

                              -

                              [<merge>](#merge)

                              -

                              [<migration>](#migration)

                              -

                              [<namedElements>](#namedelements)

                              -

                              [<object>](#object)

                              -

                              [<objectSet>](#objectset)

                              -

                              [<path>](#path)

                              -

                              [<paths>](#paths)

                              -

                              [<pattern>](#pattern)

                              -

                              [<processing>](#processing)

                              -

                              [<plugin>](#plugin)

                              -

                              [<role>](#role)

                              -

                              [<rules>](#rules)

                              -

                              [<script>](#script)

                              -

                              [<text>](#text)

                              -

                              [<unconditionalExclude>](#unconditionalexclude)

                              -

                              [<variable>](#variable)

                              -

                              [<version>](#version)

                              -

                              [<windowsObjects>](#windowsobjects)

                              -

                              [<condition> functions](#conditionfunctions)

                              -

                              [<content> functions](#contentfunctions)

                              -

                              [<contentModify> functions](#contentmodifyfunctions)

                              -

                              [<include> and <exclude> filter functions](#persistfilterfunctions)

                              -

                              [<locationModify> functions](#locationmodifyfunctions)

                              -

                              [<merge> functions](#mergefunctions)

                              -

                              [<script> functions](#scriptfunctions)

                              -

                              [Internal USMT functions](#internalusmtfunctions)

                              +

                              <addObjects>

                              +

                              <attributes>

                              +

                              <bytes>

                              +

                              <commandLine>

                              +

                              <component>

                              +

                              <condition>

                              +

                              <conditions>

                              +

                              <content>

                              +

                              <contentModify>

                              +

                              <description>

                              +

                              <destinationCleanup>

                              +

                              <detect>

                              +

                              <detects>

                              +

                              <detection>

                              +

                              <displayName>

                              +

                              <environment>

                              +

                              <exclude>

                              +

                              <excludeAttributes>

                              +

                              <extensions>

                              +

                              <extension>

                              +

                              <externalProcess>

                              +

                              <icon>

                              +

                              <include>

                              +

                              <includeAttribute>

                              +

                              <library>

                              +

                              <location>

                              +

                              <locationModify>

                              +

                              <_locDefinition>

                              +

                              <manufacturer>

                              +

                              <merge>

                              +

                              <migration>

                              +

                              <namedElements>

                              +

                              <object>

                              +

                              <objectSet>

                              +

                              <path>

                              +

                              <paths>

                              +

                              <pattern>

                              +

                              <processing>

                              +

                              <plugin>

                              +

                              <role>

                              +

                              <rules>

                              +

                              <script>

                              +

                              <text>

                              +

                              <unconditionalExclude>

                              +

                              <variable>

                              +

                              <version>

                              +

                              <windowsObjects>

                              +

                              <condition> functions

                              +

                              <content> functions

                              +

                              <contentModify> functions

                              +

                              <include> and <exclude> filter functions

                              +

                              <locationModify> functions

                              +

                              <merge> functions

                              +

                              <script> functions

                              +

                              Internal USMT functions

                              -  + ## <addObjects> @@ -205,7 +208,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -268,7 +271,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -317,12 +320,12 @@ Syntax: -  + ## <component> -The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. +The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. A component can be nested inside another component; that is, the <component> element can be a child of the <role> element within the <component> element in two cases: 1) when the parent <component> element is a container or 2) if the child <component> element has the same role as the parent <component> element. @@ -362,7 +365,7 @@ hidden="Yes|No">

                              You can use the following to group settings, and define the type of the component.

                              • System: Operating system settings. All Windows® components are defined by this type.

                                -

                                When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

                                • +

                                When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

                              • Application: Settings for an application.

                              • Device: Settings for a device.

                              • Documents: Specifies files.

                                • @@ -385,17 +388,17 @@ hidden="Yes|No">

                                No

                                (default = TRUE)

                                Can be any of TRUE, FALSE, YES or NO. If this parameter is FALSE (or NO), the component will not be migrated unless there is an equivalent component on the destination computer.

                                -

                                When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

                                +

                                When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

                                hidden

                                -

                                 

                                +

                                This parameter is for internal USMT use only.

                                -  + For an example, see any of the default migration .xml files. @@ -446,7 +449,7 @@ Syntax: -  + For example, @@ -512,16 +515,18 @@ The <condition> functions return a Boolean value. You can use these elemen

                                OSVersion

                                Yes

                                -

                                The major version, minor version, build number and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version with a pattern. For example, 5.0.*.

                                +

                                The major version, minor version, build number and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version with a pattern. For example, 5.0.*.

                                -   - For example: - <condition>MigXmlHelper.DoesOSMatch("NT","\*")</condition> +~~~ +For example: + +<condition>MigXmlHelper.DoesOSMatch("NT","\*")</condition> +~~~ - **IsNative64Bit** @@ -550,22 +555,24 @@ The <condition> functions return a Boolean value. You can use these elemen

                                OSType

                                Yes

                                -

                                Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x”, the result will be FALSE.

                                +

                                Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x”, the result will be FALSE.

                                OSVersion

                                Yes

                                -

                                The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

                                +

                                The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

                                The IsOSLaterThan function returns TRUE if the current operating system is later than or equal to OSVersion.

                                -   - For example: - <condition negation="Yes">MigXmlHelper.IsOSLaterThan("NT","6.0")</condition> +~~~ +For example: + +<condition negation="Yes">MigXmlHelper.IsOSLaterThan("NT","6.0")</condition> +~~~ - **IsOSEarlierThan** @@ -590,412 +597,420 @@ The <condition> functions return a Boolean value. You can use these elemen

                                OSType

                                Yes

                                -

                                Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x” the result will be FALSE.

                                +

                                Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x” the result will be FALSE.

                                OSVersion

                                Yes

                                -

                                The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

                                +

                                The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

                                The IsOSEarlierThan function returns TRUE if the current operating system is earlier than OSVersion.

                                -   + ### Object content functions -- **DoesObjectExist** +- **DoesObjectExist** - The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration. + The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration. - Syntax: DoesObjectExist("*ObjectType*","*EncodedLocationPattern*") + Syntax: DoesObjectExist("*ObjectType*","*EncodedLocationPattern*") - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the object type. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The [location pattern](#locations). Environment variables are allowed.

                                + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the object type. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The location pattern. Environment variables are allowed.

                                -   - For an example of this element, see the MigApp.xml file. -- **DoesFileVersionMatch** +~~~ +For an example of this element, see the MigApp.xml file. +~~~ - The pattern check is case insensitive. +- **DoesFileVersionMatch** - Syntax: DoesFileVersionMatch("*EncodedFileLocation*","*VersionTag*","*VersionValue*") + The pattern check is case insensitive. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The [version tag](#allowed) value that will be checked.

                                VersionValue

                                Yes

                                A string pattern. For example, "Microsoft*".

                                + Syntax: DoesFileVersionMatch("*EncodedFileLocation*","*VersionTag*","*VersionValue*") -   + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The location pattern for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The version tag value that will be checked.

                                VersionValue

                                Yes

                                A string pattern. For example, "Microsoft*".

                                - For example: - <condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","6.\*")</condition> - <condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","7.\*")</condition> +~~~ +For example: -- **IsFileVersionAbove** +<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","6.\*")</condition> - The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*. +<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","7.\*")</condition> +~~~ - Syntax: IsFileVersionAbove("*EncodedFileLocation*","*VersionTag*","*VersionValue*") +- **IsFileVersionAbove** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The [version tag](#allowed) value that will be checked.

                                VersionValue

                                Yes

                                The value to compare to. You cannot specify a pattern.

                                + The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*. -   + Syntax: IsFileVersionAbove("*EncodedFileLocation*","*VersionTag*","*VersionValue*") -- **IsFileVersionBelow** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The location pattern for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The version tag value that will be checked.

                                VersionValue

                                Yes

                                The value to compare to. You cannot specify a pattern.

                                - Syntax: IsFileVersionBelow("*EncodedFileLocation*","*VersionTag*","*VersionValue*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The [version tag](#allowed) value that will be checked.

                                VersionValue

                                Yes

                                The value to compare to. You cannot specify a pattern.

                                -   +- **IsFileVersionBelow** -- **IsSystemContext** + Syntax: IsFileVersionBelow("*EncodedFileLocation*","*VersionTag*","*VersionValue*") - The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                EncodedFileLocation

                                Yes

                                The location pattern for the file that will be checked. Environment variables are allowed.

                                VersionTag

                                Yes

                                The version tag value that will be checked.

                                VersionValue

                                Yes

                                The value to compare to. You cannot specify a pattern.

                                - Syntax: IsSystemContext() -- **DoesStringContentEqual** - The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`. +- **IsSystemContext** - Syntax: DoesStringContentEqual("*ObjectType*","*EncodedLocation*","*StringContent*") + The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The [encoded location](#locations) for the object that will be examined. You can specify environment variables.

                                StringContent

                                Yes

                                The string that will be checked against.

                                + Syntax: IsSystemContext() -   +- **DoesStringContentEqual** - For example: + The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`. - ``` syntax - MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","") - ``` + Syntax: DoesStringContentEqual("*ObjectType*","*EncodedLocation*","*StringContent*") -- **DoesStringContentContain** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The encoded location for the object that will be examined. You can specify environment variables.

                                StringContent

                                Yes

                                The string that will be checked against.

                                - The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object. - Syntax: DoesStringContentContain("*ObjectType*","*EncodedLocation*","*StrToFind*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The [encoded location](#locations) for the object that will be examined. You can specify environment variables.

                                StrToFind

                                Yes

                                A string that will be searched inside the content of the given object.

                                +~~~ +For example: -   +``` syntax +MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","") +``` +~~~ -- **IsSameObject** +- **DoesStringContentContain** - The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE. + The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object. - Syntax: IsSameObject("*ObjectType*","*EncodedLocation1*","*EncodedLocation2*") + Syntax: DoesStringContentContain("*ObjectType*","*EncodedLocation*","*StrToFind*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The [encoded location](#locations) for the first object. You can specify environment variables.

                                EncodedLocation2

                                Yes

                                The [encoded location](#locations) for the second object. You can specify environment variables.

                                + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocationPattern

                                Yes

                                The encoded location for the object that will be examined. You can specify environment variables.

                                StrToFind

                                Yes

                                A string that will be searched inside the content of the given object.

                                -   - For example: - ``` syntax - - MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%") - %CSIDL_FAVORITES%\* [*] - - ``` +- **IsSameObject** -- **IsSameContent** + The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE. - The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte. + Syntax: IsSameObject("*ObjectType*","*EncodedLocation1*","*EncodedLocation2*") - Syntax: IsSameContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType

                                Yes

                                Defines the type of object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The encoded location for the first object. You can specify environment variables.

                                EncodedLocation2

                                Yes

                                The encoded location for the second object. You can specify environment variables.

                                - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType1

                                Yes

                                Defines the type of the first object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The [encoded location](#locations) for the first object. You can specify environment variables.

                                ObjectType2

                                Yes

                                Defines the type of the second object. Can be File or Registry.

                                EncodedLocation2

                                Yes

                                The [encoded location](#locations) for the second object. You can specify environment variables.

                                -   -- **IsSameStringContent** +~~~ +For example: - The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string. +``` syntax + + MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%") + %CSIDL_FAVORITES%\* [*] + +``` +~~~ - Syntax: IsSameStringContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") +- **IsSameContent** + + The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte. + + Syntax: IsSameContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType1

                                Yes

                                Defines the type of the first object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The encoded location for the first object. You can specify environment variables.

                                ObjectType2

                                Yes

                                Defines the type of the second object. Can be File or Registry.

                                EncodedLocation2

                                Yes

                                The encoded location for the second object. You can specify environment variables.

                                + + + +- **IsSameStringContent** + + The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string. + + Syntax: IsSameStringContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectType1

                                Yes

                                Defines the type of the first object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The encoded location for the first object. You can specify environment variables.

                                ObjectType2

                                Yes

                                Defines the type of the second object. Can be File or Registry.

                                EncodedLocation2

                                Yes

                                The encoded location for the second object. You can specify environment variables.

                                - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectType1

                                Yes

                                Defines the type of the first object. Can be File or Registry.

                                EncodedLocation1

                                Yes

                                The [encoded location](#locations) for the first object. You can specify environment variables.

                                ObjectType2

                                Yes

                                Defines the type of the second object. Can be File or Registry.

                                EncodedLocation2

                                Yes

                                The [encoded location](#locations) for the second object. You can specify environment variables.

                                -   ## <conditions> @@ -1036,7 +1051,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -1093,7 +1108,7 @@ Syntax: -  + ### <content> functions @@ -1132,19 +1147,21 @@ The following functions generate patterns out of the content of an object. These -   - For example: - ``` syntax - - ``` +~~~ +For example: - and +``` syntax + +``` - ``` syntax - - ``` +and + +``` syntax + +``` +~~~ - **ExtractMultipleFiles** @@ -1181,7 +1198,7 @@ The following functions generate patterns out of the content of an object. These -   + - **ExtractDirectory** @@ -1221,19 +1238,21 @@ The following functions generate patterns out of the content of an object. These -   - For example: - ``` syntax - - - - %HklmWowSoftware%\Classes\Software\RealNetworks\Preferences\DT_Common [] - - - - ``` +~~~ +For example: + +``` syntax + + + + %HklmWowSoftware%\Classes\Software\RealNetworks\Preferences\DT_Common [] + + + +``` +~~~ ## <contentModify> @@ -1277,7 +1296,7 @@ Syntax: -  + ### <contentModify> functions @@ -1311,7 +1330,7 @@ The following functions change the content of objects as they are migrated. Thes -   + - **ConvertToString** @@ -1341,17 +1360,19 @@ The following functions change the content of objects as they are migrated. Thes -   - For example: - ``` syntax - - - HKCU\Control Panel\Desktop [ScreenSaveUsePassword] - - - ``` +~~~ +For example: + +``` syntax + + + HKCU\Control Panel\Desktop [ScreenSaveUsePassword] + + +``` +~~~ - **ConvertToBinary** @@ -1387,7 +1408,7 @@ The following functions change the content of objects as they are migrated. Thes -   + - **SetValueByTable** @@ -1428,7 +1449,7 @@ The following functions change the content of objects as they are migrated. Thes -   + - **KeepExisting** @@ -1474,7 +1495,7 @@ The following functions change the content of objects as they are migrated. Thes -   + - **MergeMultiSzContent** @@ -1513,7 +1534,7 @@ The following functions change the content of objects as they are migrated. Thes -   + - **MergeDelimitedContent** @@ -1558,7 +1579,7 @@ The following functions change the content of objects as they are migrated. Thes -   + ## <description> @@ -1597,7 +1618,7 @@ Syntax: -  + The following code sample shows how the <description> element defines the "My custom component" description.: @@ -1610,10 +1631,10 @@ The following code sample shows how the <description> element defines the The <destinationCleanup> element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool. -**Important**   +**Important** Use this option with extreme caution because it will delete objects from the destination computer. -  + For each <destinationCleanup> element there can be multiple <objectSet> elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. @@ -1652,7 +1673,7 @@ Syntax: -  + For example: @@ -1723,7 +1744,7 @@ Syntax: -  + For examples, see the examples for [<detection>](#detection). @@ -1782,7 +1803,7 @@ Syntax: -  + The following example is from the MigApp.xml file. @@ -1853,7 +1874,7 @@ Syntax: -  + For example: @@ -1920,7 +1941,7 @@ Syntax: -  + For example: @@ -1982,7 +2003,7 @@ Syntax: -  + ## @@ -2108,7 +2129,7 @@ Syntax: -  + For example, from the MigUser.xml file: @@ -2165,7 +2186,7 @@ Syntax: -  + Example: @@ -2272,7 +2293,7 @@ Syntax: -  + For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the <component> element: @@ -2341,7 +2362,7 @@ Syntax: -  + For an example of how to use the <externalProcess> element, see the example for [<excludeAttributes>](#excludeattributes). @@ -2393,7 +2414,7 @@ Syntax: -  + The following example is from the MigUser.xml file: @@ -2470,7 +2491,7 @@ The following functions return a Boolean value. You can use them to migrate cert -   + - **IgnoreIrrelevantLinks** @@ -2545,7 +2566,7 @@ Syntax:

                              • Owner. The owner of the object (SID).

                              • Group. The primary group for the object (SID).

                              • DACL (discretionary access control list). An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.

                                • -

                              • SACL (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

                                • +

                              • SACL (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

                            • TimeFields can be one of the following:

                                @@ -2558,7 +2579,7 @@ Syntax: -  + For an example of how to use the <includeAttributes> element, see the example for [<excludeAttributes>](#excludeattributes). @@ -2609,7 +2630,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -2670,7 +2691,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -2686,45 +2707,47 @@ The following example is from the MigApp.xml file: The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent <ObjectSet> element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. -- **ExactMove** +- **ExactMove** - The ExactMove function moves all of the objects that are matched by the parent <ObjectSet> element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. + The ExactMove function moves all of the objects that are matched by the parent <ObjectSet> element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. - Syntax: ExactMove(*ObjectEncodedLocation*) + Syntax: ExactMove(*ObjectEncodedLocation*) - - - - - - - - - - - - - - - - - - - - -
                                SettingRequired?Value

                                ObjectEncodedLocation

                                Yes

                                The destination [location](#locations) for all of the source objects.

                                + + + + + + + + + + + + + + + + + + + + +
                                SettingRequired?Value

                                ObjectEncodedLocation

                                Yes

                                The destination location for all of the source objects.

                                -   - For example: - ``` syntax - - - HKCU\Keyboard Layout\Toggle [] - - - ``` +~~~ +For example: + +``` syntax + + + HKCU\Keyboard Layout\Toggle [] + + +``` +~~~ - **Move** @@ -2754,7 +2777,7 @@ The following functions change the location of objects as they are migrated when -   + - **RelativeMove** @@ -2789,22 +2812,24 @@ The following functions change the location of objects as they are migrated when -   - For example: - ``` syntax - - +~~~ +For example: + +``` syntax + + + %CSIDL_COMMON_FAVORITES%\* [*] + + + + %CSIDL_COMMON_FAVORITES%\* [*] - - - - - %CSIDL_COMMON_FAVORITES%\* [*] - - - ``` + + +``` +~~~ ## <\_locDefinition> @@ -2848,7 +2873,7 @@ Syntax: -  + ## <merge> @@ -2894,7 +2919,7 @@ Syntax: -  + The following example is from the MigUser.xml file: @@ -2966,7 +2991,7 @@ These functions control how collisions are resolved. -   + - **NewestVersion** @@ -2996,7 +3021,7 @@ These functions control how collisions are resolved. -   + - **HigherValue()** @@ -3037,7 +3062,7 @@ The <migration> element is the single root element of a migration .xml fil Syntax: -<migration urlid="*UrlID/*Name"> +<migration urlid="UrlID/Name"> </migration> @@ -3058,7 +3083,7 @@ Syntax:

                                urlid

                                Yes

                                -

                                UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](https://go.microsoft.com/fwlink/p/?LinkId=220938).

                                +

                                UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see Use XML Namespaces.

                                Name

                                @@ -3068,7 +3093,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -3111,10 +3136,10 @@ This filter helper function can be used to filter the migration of files based o -  + ``` syntax - + File_size @@ -3288,25 +3313,24 @@ Syntax:

                                Yes

                                A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.

                                  -

                                • Path can contain the asterisk (*) wildcard character or can be an [Recognized Environment Variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.

                                  • -

                                • Object can contain the asterisk (*) wildcard character. However, you cannot use the question mark as a wildcard character. For example:

                                  -

                                  C:\Folder\ [*] enumerates all files in C:\Path but no subfolders of C:\Folder.

                                  -

                                  C:\Folder\* [*] enumerates all files and subfolders of C:\Folder.

                                  +

                                • Path can contain the asterisk () wildcard character or can be an Recognized Environment Variables. You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.

                                  • +

                                • Object can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:

                                  +

                                  C:\Folder\ [] enumerates all files in C:<em>Path but no subfolders of C:\Folder.

                                  +

                                  C:\Folder* [] enumerates all files and subfolders of C:\Folder.

                                  C:\Folder\ [*.mp3] enumerates all .mp3 files in C:\Folder.

                                  C:\Folder\ [Sample.doc] enumerates only the Sample.doc file located in C:\Folder.

                                  -Note   -

                                  If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

                                  +Note

                                  If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

                                  -  +
                                -  + For example: @@ -3387,7 +3411,7 @@ Syntax: -  + ## <plugin> @@ -3443,20 +3467,20 @@ Syntax:

                              • Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

                                • <component context="UserAndSystem" type="Application">
-  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
+  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
   <environment name="GlobalEnv" /> 
   <role role="Container">
     <detection name="AnyOffice2003Version" /> 
     <detection name="FrontPage2003" /> 
     <!-- 
- Office 2003 Common Settings 
-  --> 
+ Office 2003 Common Settings 
+  --> 
     <component context="UserAndSystem" type="Application">
                                -  + The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file: @@ -3543,7 +3567,7 @@ Syntax: -  + The following example is from the MigUser.xml file: @@ -3639,18 +3663,17 @@ The return value that is required by <script> depends on the parent elemen

                              • When used within <objectSet>, the return value must be a two-dimensional array of strings.

                              • When used within <location>, the return value must be a valid location that aligns with the type attribute of <location>. For example, if <location type="File">, the child script element, if specified, must be a valid file location.

                                -Note   -

                                If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

                                +Note

                                If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

                                -  +
                              -  + Examples: @@ -3716,137 +3739,143 @@ These functions return either a string or a pattern. -   - For example: - ``` syntax - - - - ``` +~~~ +For example: -- **GenerateDrivePatterns** +``` syntax + + + +``` +~~~ - The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within <include>/<exclude>. +- **GenerateDrivePatterns** - Syntax: GenerateDrivePatterns("*PatternSegment*","*DriveType*") + The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within <include>/<exclude>. - - - - - - - - - - - - - - - - - - - - - - - - - -
                              SettingRequired?Value

                              PatternSegment

                              Yes

                              The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:\", to form a complete [encoded file pattern](#locations). For example, "* [*.doc]". PatternSegment cannot be an environment variable.

                              DriveType

                              Yes

                              The drive type for which the patterns are to be generated. You can specify one of:

                              -
                                -

                              • Fixed

                                • -

                              • CDROM

                                • -

                              • Removable

                                • -

                              • Remote

                                • -
                              + Syntax: GenerateDrivePatterns("*PatternSegment*","*DriveType*") -   + + + + + + + + + + + + + + + + + + + + + + + + + +
                              SettingRequired?Value

                              PatternSegment

                              Yes

                              The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:&quot;, to form a complete encoded file pattern. For example, "* [*.doc]". PatternSegment cannot be an environment variable.

                              DriveType

                              Yes

                              The drive type for which the patterns are to be generated. You can specify one of:

                              +
                                +

                              • Fixed

                                • +

                              • CDROM

                                • +

                              • Removable

                                • +

                              • Remote

                                • +
                              - See the last component in the MigUser.xml file for an example of this element. -- **GenerateUserPatterns** - The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: +~~~ +See the last component in the MigUser.xml file for an example of this element. +~~~ - - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" +- **GenerateUserPatterns** - - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" + The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: - - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" + - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" - Syntax:GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*") + - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                              SettingRequired?Value

                              ObjectType

                              Yes

                              Defines the object type. Can be File or Registry.

                              EncodedLocationPattern

                              Yes

                              The [location pattern](#locations). Environment variables are allowed.

                              ProcessCurrentUser

                              Yes

                              Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.

                              + - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" -   + Syntax:GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*") - **Example:** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                              SettingRequired?Value

                              ObjectType

                              Yes

                              Defines the object type. Can be File or Registry.

                              EncodedLocationPattern

                              Yes

                              The location pattern. Environment variables are allowed.

                              ProcessCurrentUser

                              Yes

                              Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.

                              - If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile. - The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. - ``` syntax - - - - - - - - - %ProfilesFolder%\* [*.doc] - - - - - - - %ProfilesFolder%\* [*.doc] - - - - - - - - - ``` +~~~ +**Example:** + +If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile. + +The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. + +``` syntax + + + + + + + + + %ProfilesFolder%\* [*.doc] + + + + + + + %ProfilesFolder%\* [*.doc] + + + + + + + + +``` +~~~ ### MigXmlHelper.GenerateDocPatterns @@ -3884,27 +3913,27 @@ This helper function invokes the document finder to scan the system for all file -  + ``` syntax -  -    MigDocUser -    -      -        -          -            -          -        -        -          -            -          -        -      -    + + + MigDocUser + + + + + + + + + + + + + + + ``` ### Simple executing scripts @@ -3987,7 +4016,7 @@ Syntax: -  + For example: @@ -4083,7 +4112,7 @@ Syntax: -  + The following example is from the MigApp.xml file: @@ -4135,7 +4164,7 @@ Syntax: -  + For example: @@ -4224,9 +4253,9 @@ The following version tags contain values that can be compared: [USMT XML Reference](usmt-xml-reference.md) -  - -  + + + diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index bf89e762e9..8dda62c31d 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -2,6 +2,9 @@ title: USMT XML Reference (Windows 10) description: USMT XML Reference ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -25,49 +28,49 @@ This section contains topics that you can use to work with and to customize the -

                              [Understanding Migration XML Files](understanding-migration-xml-files.md)

                              +

                              Understanding Migration XML Files

                              Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.

                              -

                              [Config.xml File](usmt-configxml-file.md)

                              +

                              Config.xml File

                              Describes the Config.xml file and policies concerning its configuration.

                              -

                              [Customize USMT XML Files](usmt-customize-xml-files.md)

                              +

                              Customize USMT XML Files

                              Describes how to customize USMT XML files.

                              -

                              [Custom XML Examples](usmt-custom-xml-examples.md)

                              +

                              Custom XML Examples

                              Gives examples of XML files for various migration scenarios.

                              -

                              [Conflicts and Precedence](usmt-conflicts-and-precedence.md)

                              +

                              Conflicts and Precedence

                              Describes the precedence of migration rules and how conflicts are handled.

                              -

                              [General Conventions](usmt-general-conventions.md)

                              +

                              General Conventions

                              Describes the XML helper functions.

                              -

                              [XML File Requirements](xml-file-requirements.md)

                              +

                              XML File Requirements

                              Describes the requirements for custom XML files.

                              -

                              [Recognized Environment Variables](usmt-recognized-environment-variables.md)

                              +

                              Recognized Environment Variables

                              Describes environment variables recognized by USMT.

                              -

                              [XML Elements Library](usmt-xml-elements-library.md)

                              +

                              XML Elements Library

                              Describes the XML elements and helper functions for authoring migration XML files to use with USMT.

                              -  + -  + -  + diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 273d230290..5c83d3b22e 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -2,6 +2,9 @@ title: Verify the Condition of a Compressed Migration Store (Windows 10) description: Verify the Condition of a Compressed Migration Store ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index 968c47e9bb..8baca0f103 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -2,6 +2,9 @@ title: XML File Requirements (Windows 10) description: XML File Requirements ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 52d00d7f17..07ff40a76b 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -1,5 +1,8 @@ --- title: Configure VDA for Windows 10 Subscription Activation +ms.reviewer: +manager: dansimp +ms.author: dansimp description: How to enable Windows 10 Enterprise E3 and E5 subscriptions for VDA keywords: upgrade, update, task sequence, deploy ms.prod: w10 @@ -7,15 +10,14 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt -ms.date: 05/17/2018 -author: greg-lindsay +author: dansimp ms.topic: article ms.collection: M365-modern-desktop --- # Configure VDA for Windows 10 Subscription Activation -This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops. +This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops. Deployment instructions are provided for the following scenarios: 1. [Active Directory-joined VMs](#active-directory-joined-vms) @@ -40,7 +42,7 @@ Deployment instructions are provided for the following scenarios: ### Scenario 2 - The Hyper-V host and the VM are both running Windows 10, version 1803 or later. - [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in iwth a local account or using an Azure Active Directory account. + [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in iwth a local account or using an Azure Active Directory account. ### Scenario 3 - The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner. @@ -83,18 +85,18 @@ For examples of activation issues, see [Troubleshoot the user experience](https: Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg" ``` 3. Right-click the mounted image in file explorer and click **Eject**. -1. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image. +16. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image. ## Azure Active Directory-joined VMs >[!IMPORTANT] ->Azure Active Directory (Azure AD) provisioning packages have a 30 day limit on bulk token usage. You will need to update the provisioning package and re-inject it into the image after 30 days. Existing virtual machines that are Azure AD-joined and deployed will not need to be recreated. +>Azure Active Directory (Azure AD) provisioning packages have a 180 day limit on bulk token usage. You will need to update the provisioning package and re-inject it into the image after 180 days. Existing virtual machines that are Azure AD-joined and deployed will not need to be recreated. For Azure AD-joined VMs, follow the same instructions (above) as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions: - In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**. - In step 11, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials. - In step 15, sub-step 2, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**) -- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rpd-settings-for-azure). +- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure). ## Azure Gallery VMs @@ -120,7 +122,7 @@ For Azure AD-joined VMs, follow the same instructions (above) as for [Active Dir 13. On the Finish page, click **Create**. 14. Copy the .ppkg file to the remote Virtual machine. Double click to initiate the provisioning package install. This will reboot the system. -- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rpd-settings-for-azure). +- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rdp-settings-for-azure). ## Create custom RDP settings for Azure @@ -141,7 +143,7 @@ To create custom RDP settings for Azure: ## Related topics -[Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) +[Windows 10 Subscription Activation](windows-10-subscription-activation.md)
                              [Recommended settings for VDI desktops](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
                              [Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20and%20VDA%20FAQ%20v3%200.pdf) diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index feaadc8e47..78990c1268 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -2,11 +2,14 @@ title: Activate by Proxy an Active Directory Forest (Windows 10) description: Activate by Proxy an Active Directory Forest ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index ea37d1ba1a..0f46e1a22e 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -2,11 +2,14 @@ title: Activate an Active Directory Forest Online (Windows 10) description: Activate an Active Directory Forest Online ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 03e0029f83..40953c27e9 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -2,6 +2,9 @@ title: Activate using Active Directory-based activation (Windows 10) description: Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy @@ -20,6 +23,7 @@ ms.topic: article - Windows 8 - Windows Server 2012 R2 - Windows Server 2012 +- Windows Server 2016 **Looking for retail activation?** - [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index dd8545387c..aff4f923e1 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -1,13 +1,16 @@ --- title: Activate using Key Management Service (Windows 10) ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac +ms.reviewer: +manager: laurawi +ms.author: greglin description: keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 10/16/2017 ms.topic: article @@ -66,45 +69,45 @@ If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, **Configure KMS in Windows Server 2012 R2** -1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. -2. Launch Server Manager. -3. Add the Volume Activation Services role, as shown in Figure 4. +1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. +2. Launch Server Manager. +3. Add the Volume Activation Services role, as shown in Figure 4. - ![Adding the Volume Activation Services role in Server Manager](../images/volumeactivationforwindows81-04.jpg) + ![Adding the Volume Activation Services role in Server Manager](../images/volumeactivationforwindows81-04.jpg) - **Figure 4**. Adding the Volume Activation Services role in Server Manager\ + **Figure 4**. Adding the Volume Activation Services role in Server Manager\ -4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5). +4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5). - ![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-05.jpg) + ![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-05.jpg) - **Figure 5**. Launching the Volume Activation Tools + **Figure 5**. Launching the Volume Activation Tools - 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6). - This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10. + 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6). + This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10. - ![Configuring the computer as a KMS host](../images/volumeactivationforwindows81-06.jpg) + ![Configuring the computer as a KMS host](../images/volumeactivationforwindows81-06.jpg) - **Figure 6**. Configuring the computer as a KMS host + **Figure 6**. Configuring the computer as a KMS host -6. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7). +5. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7). - ![Installing your KMS host key](../images/volumeactivationforwindows81-07.jpg) + ![Installing your KMS host key](../images/volumeactivationforwindows81-07.jpg) - **Figure 7**. Installing your KMS host key + **Figure 7**. Installing your KMS host key -7. If asked to confirm replacement of an existing key, click **Yes**. -8. After the product key is installed, you must activate it. Click **Next** (Figure 8). +6. If asked to confirm replacement of an existing key, click **Yes**. +7. After the product key is installed, you must activate it. Click **Next** (Figure 8). - ![Activating the software](../images/volumeactivationforwindows81-08.jpg) + ![Activating the software](../images/volumeactivationforwindows81-08.jpg) - **Figure 8**. Activating the software + **Figure 8**. Activating the software - The KMS key can be activated online or by phone. See Figure 9. + The KMS key can be activated online or by phone. See Figure 9. - ![Choosing to activate online](../images/volumeactivationforwindows81-09.jpg) + ![Choosing to activate online](../images/volumeactivationforwindows81-09.jpg) - **Figure 9**. Choosing to activate online + **Figure 9**. Choosing to activate online Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met. @@ -133,11 +136,9 @@ If you have already established a KMS infrastructure in your organization for an 1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. 2. Request a new KMS host key from the Volume Licensing Service Center. 3. Install the new KMS host key on your KMS host. -4. Activate the new KMS host key by running the slmrg.vbs script. +4. Activate the new KMS host key by running the slmgr.vbs script. For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). ## See also - [Volume Activation for Windows 10](volume-activation-windows-10.md) -  - diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index 2747cb444b..2ca1ee6338 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -2,12 +2,15 @@ title: Activate clients running Windows 10 (Windows 10) description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md index f217d8827c..df06a4be92 100644 --- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md +++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md @@ -2,6 +2,9 @@ title: Active Directory-Based Activation Overview (Windows 10) description: Active Directory-Based Activation Overview ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index 3f226d854d..f913c13504 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -2,11 +2,14 @@ title: Add and Manage Products (Windows 10) description: Add and Manage Products ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -22,6 +25,6 @@ This section describes how to add client computers into the Volume Activation Ma |[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. | |[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. | |[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. | -  -  -  + + + diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 612916effe..0f68956571 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -2,10 +2,13 @@ title: Add and Remove Computers (Windows 10) description: Add and Remove Computers ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerms +author: greg-lindsay ms.pagetype: activation ms.date: 04/25/2017 ms.topic: article @@ -56,5 +59,5 @@ You can delete a computer by clicking on it in the product list view, and then c ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index 0168f3de62..93ac0b75a1 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -2,11 +2,14 @@ title: Add and Remove a Product Key (Windows 10) description: Add and Remove a Product Key ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index 09daa5dffb..e311d05013 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -1,13 +1,16 @@ --- title: Appendix Information sent to Microsoft during activation (Windows 10) ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8 +ms.reviewer: +manager: laurawi +ms.author: greglin description: keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index ce4dae56e7..c602675503 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -2,11 +2,14 @@ title: Configure Client Computers (Windows 10) description: Configure Client Computers ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -87,5 +90,5 @@ The above configurations will open an additional port through the Windows Firewa ## Related topics - [Install and Configure VAMT](install-configure-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 6c5122845f..5bdfd8a7ce 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -2,11 +2,14 @@ title: Import and Export VAMT Data (Windows 10) description: Import and Export VAMT Data ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index cd82ce78a4..5ac36425a9 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -2,11 +2,14 @@ title: Install and Configure VAMT (Windows 10) description: Install and Configure VAMT ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index 2894ba4f88..2674b655be 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -2,11 +2,14 @@ title: Install a KMS Client Key (Windows 10) description: Install a KMS Client Key ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index fb7df4b2e4..3ca3caf3c4 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -2,11 +2,14 @@ title: Install a Product Key (Windows 10) description: Install a Product Key ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article @@ -38,5 +41,5 @@ You can use the Volume Activation Management Tool (VAMT) to install retail, Mult ## Related topics - [Manage Product Keys](manage-product-keys-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index a4905eb8ae..cf26bea3e6 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -2,11 +2,14 @@ title: Install VAMT (Windows 10) description: Install VAMT ms.assetid: 2eabd3e2-0a68-43a5-8189-2947e46482fc +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 03/11/2019 ms.topic: article @@ -20,10 +23,10 @@ This topic describes how to install the Volume Activation Management Tool (VAMT) You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. ->[!IMPORTANT]   +>[!IMPORTANT] >VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator.  ->[!NOTE]   +>[!NOTE] >The VAMT Microsoft Management Console snap-in ships as an x86 package. ### Requirements @@ -67,5 +70,5 @@ To uninstall VAMT using the **Programs and Features** Control Panel: 2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. -  -  + + diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index da71484e83..57f8ef18af 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -2,11 +2,14 @@ title: Introduction to VAMT (Windows 10) description: Introduction to VAMT ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -59,5 +62,5 @@ VAMT provides a single, graphical user interface for managing activations, and f ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) -  -  + + diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index 9752481f0b..a72215d2ee 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -2,11 +2,14 @@ title: Perform KMS Activation (Windows 10) description: Perform KMS Activation ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -43,4 +46,4 @@ Before configuring KMS activation, ensure that your network and VAMT installatio 9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. 10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**. VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane. -  \ No newline at end of file +  diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index c2c0095d04..9b6d9f5afe 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -2,11 +2,14 @@ title: Perform Local Reactivation (Windows 10) description: Perform Local Reactivation ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index 480d593d6d..36a4814fd5 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -2,11 +2,14 @@ title: Manage Activations (Windows 10) description: Manage Activations ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -25,6 +28,6 @@ This section describes how to activate a client computer, by using a variety of |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. | |[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to online activate an Active Directory forest. | |[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that is not connected to the Internet. | -  -  -  + + + diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index 356b2adbca..80fd4d4ff0 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -2,11 +2,14 @@ title: Manage Product Keys (Windows 10) description: Manage Product Keys ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -21,6 +24,6 @@ This section describes how to add and remove a product key from the Volume Activ |[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. | |[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. | |[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. | -  -  -  + + + diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index f2a1b046c1..e647b8109a 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -2,11 +2,14 @@ title: Manage VAMT Data (Windows 10) description: Manage VAMT Data ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index 1b13e0e5ff..8edef39950 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -1,6 +1,9 @@ --- title: Monitor activation (Windows 10) ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26 +ms.reviewer: +manager: laurawi +ms.author: greglin description: keywords: vamt, volume activation, activation, windows activation ms.prod: w10 diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index 1342ffa177..d9a73bae46 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -2,11 +2,14 @@ title: Perform Online Activation (Windows 10) description: Perform Online Activation ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index 26eb638a78..92c3657316 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -2,12 +2,15 @@ title: Plan for volume activation (Windows 10) description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 09/27/2017 ms.topic: article @@ -32,7 +35,7 @@ ms.topic: article During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. ->[!NOTE]  +>[!NOTE] >The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. ## Distribution channels and activation @@ -225,5 +228,5 @@ The flow of KMS activation is shown in Figure 3, and it follows this sequence: ## See also - [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  + + diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index aab7a8768c..805b3dfd6c 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -2,11 +2,14 @@ title: Perform Proxy Activation (Windows 10) description: Perform Proxy Activation ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -50,6 +53,6 @@ The product keys that are installed on the client products must have a sufficien **Note**   You can use proxy activation to select products that have different key types and activate the products at the same time. -  -  -  + + + diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index 719e036af3..5869a5725e 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -2,11 +2,14 @@ title: Remove Products (Windows 10) description: Remove Products ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 74bb58d089..6fb201f1e4 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -2,11 +2,14 @@ title: Scenario 3 KMS Client Activation (Windows 10) description: Scenario 3 KMS Client Activation ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index ba55442b69..2e35cec348 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -2,11 +2,14 @@ title: Scenario 1 Online Activation (Windows 10) description: Scenario 1 Online Activation ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -79,14 +82,14 @@ You can sort the list of products so that it is easier to find the computers tha ## Step 6: Collect status information from the computers in the list To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. -**To collect status information from the selected computers** -1. In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. -2. VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. +- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. +- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. + **To collect status information from the selected computers** +- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. +- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note**   - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + **Note** + If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add product keys and determine the remaining activation count @@ -129,5 +132,5 @@ To collect the status from select computers in the database, you can select comp ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) -  -  + + diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index e83331d22e..c06bae6554 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -2,11 +2,14 @@ title: Scenario 2 Proxy Activation (Windows 10) description: Scenario 2 Proxy Activation ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -65,14 +68,14 @@ You can sort the list of products so that it is easier to find the computers tha ## Step 6: Collect Status Information from the Computers in the Isolated Lab To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** ley and select each computer for which you want to collect the status information. -**To collect status information from the selected computers** -1. In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. -2. VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. +- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. +- To select computers which are not listed consecutively, hold down the **Ctrl** ley and select each computer for which you want to collect the status information. + **To collect status information from the selected computers** +- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. +- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note**   - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + **Note** + If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add Product Keys @@ -163,5 +166,5 @@ If you have captured new images of the computers in the isolated lab, but the un ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) -  -  + + diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index a114a8e286..35c36497d3 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -2,11 +2,14 @@ title: Update Product Status (Windows 10) description: Update Product Status ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -30,6 +33,6 @@ The license-status query requires a valid computer name for each system queried. **Note**   If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. -  + ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 68c4c3cd66..eac425c66b 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -2,12 +2,15 @@ title: Use the Volume Activation Management Tool (Windows 10) description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index 521f5ee32b..034bbfc2c8 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -2,11 +2,14 @@ title: Use VAMT in Windows PowerShell (Windows 10) description: Use VAMT in Windows PowerShell ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -15,28 +18,28 @@ ms.topic: article The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool. **To install PowerShell 3.0** -- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356). -**To install the Windows Assessment and Deployment Kit** -- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). -**To prepare the VAMT PowerShell environment** -1. To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. +- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356). + **To install the Windows Assessment and Deployment Kit** +- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). + **To prepare the VAMT PowerShell environment** +- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. - **Important**   - If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe -2. For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. + **Important** + If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: + - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe + - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe +- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. - For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: + For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: - ``` ps1 - cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” - ``` -3. Import the VAMT PowerShell module. To import the module, type the following at a command prompt: - ``` syntax - Import-Module .\VAMT.psd1 - ``` - Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. + ``` ps1 + cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” + ``` +- Import the VAMT PowerShell module. To import the module, type the following at a command prompt: + ``` syntax + Import-Module .\VAMT.psd1 + ``` + Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. ## To Get Help for VAMT PowerShell cmdlets @@ -54,19 +57,19 @@ The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view onl **To view VAMT PowerShell Help sections** -1. To get the syntax to use with a cmdlet, type the following at a command prompt: - ``` ps1 - get-help - ``` - For example, type: - ``` ps1 - get-help get-VamtProduct - ``` -2. To see examples using a cmdlet, type: - ``` ps1 - get-help -examples - ``` - For example, type: - ``` ps1 - get-help get-VamtProduct -examples - ``` +1. To get the syntax to use with a cmdlet, type the following at a command prompt: + ``` ps1 + get-help + ``` + For example, type: + ``` ps1 + get-help get-VamtProduct + ``` +2. To see examples using a cmdlet, type: + ``` ps1 + get-help -examples + ``` + For example, type: + ``` ps1 + get-help get-VamtProduct -examples + ``` diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 19ce9dbba1..a8b0716151 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -2,11 +2,14 @@ title: VAMT Known Issues (Windows 10) description: VAMT Known Issues ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 553111ae6f..db74ca8874 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -2,11 +2,14 @@ title: VAMT Requirements (Windows 10) description: VAMT Requirements ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index f057e3302e..396863340c 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -2,11 +2,14 @@ title: VAMT Step-by-Step Scenarios (Windows 10) description: VAMT Step-by-Step Scenarios ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10 +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index 1880d0e682..d8bb56ec77 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -2,11 +2,14 @@ title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10) description: The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a +ms.reviewer: +manager: laurawi +ms.author: greglin ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.date: 04/25/2017 ms.topic: article --- @@ -37,4 +40,4 @@ VAMT is only available in an EN-US (x86) package. |[Manage VAMT Data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. | |[VAMT Step-by-Step Scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. | |[VAMT Known Issues](vamt-known-issues.md) |Lists known issues in VAMT. | -  + diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index ebf9a48213..49204c7ae4 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -2,12 +2,15 @@ title: Volume Activation for Windows 10 (Windows 10) description: This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. ms.assetid: 6e8cffae-7322-4fd3-882a-cde68187aef2 +ms.reviewer: +manager: laurawi +ms.author: greglin keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerms +author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 ms.topic: article @@ -63,4 +66,4 @@ Keep in mind that the method of activation does not change an organization’s r - [Monitor activation](monitor-activation-client.md) - [Use the Volume Activation Management Tool](use-the-volume-activation-management-tool-client.md) - [Appendix: Information sent to Microsoft during activation](appendix-information-sent-to-microsoft-during-activation-client.md) -  \ No newline at end of file +  diff --git a/windows/deployment/windows-10-architecture-posters.md b/windows/deployment/windows-10-architecture-posters.md index ec1efe188a..34ea8d17f3 100644 --- a/windows/deployment/windows-10-architecture-posters.md +++ b/windows/deployment/windows-10-architecture-posters.md @@ -2,9 +2,11 @@ title: Deploy Windows 10 - architectural posters description: Provides architural planning posters for Windows 10 in the enterprise ms.prod: w10 -ms.author: elizapo -author: lizap +ms.author: dansimp +author: dansimp ms.date: 09/28/2017 +ms.reviewer: +manager: dansimp ms.tgt_pltfrm: na ms.topic: article ms.localizationpriority: medium diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index e9cd9edd07..6ab4fdfd25 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -2,13 +2,16 @@ title: Windows 10 deployment scenarios (Windows 10) description: To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5 +ms.reviewer: +manager: dansimp +ms.author: dansimp keywords: upgrade, in-place, configuration, deploy ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.date: 11/06/2018 -author: greg-lindsay +author: dansimp ms.topic: article --- diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md index 0395575429..b6df1cee2f 100644 --- a/windows/deployment/windows-10-deployment-tools-reference.md +++ b/windows/deployment/windows-10-deployment-tools-reference.md @@ -2,10 +2,13 @@ title: Windows 10 deployment tools (Windows 10) description: Learn about the tools available to deploy Windows 10. ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 07/12/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index ec368c30f1..55daa46548 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -2,10 +2,13 @@ title: Windows 10 deployment tools (Windows 10) description: Learn about the tools available to deploy Windows 10. ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 10/16/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index 8419e4ccb1..0837197376 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -8,7 +8,10 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt ms.date: 08/24/2017 -author: greg-lindsay +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.collection: M365-modern-desktop ms.topic: article --- @@ -75,17 +78,17 @@ Windows 10 Enterprise edition has a number of features that are unavailable in -

                              Credential Guard\*

                              +

                              Credential Guard

                              This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.

                              Credential Guard has the following features:

                                -

                              • **Hardware-level security**.  Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.

                                • -

                              • **Virtualization-based security**.  Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.

                                • -

                              • **Improved protection against persistent threats**.  Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.

                                • -

                              • **Improved manageability**.  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.

                                • +

                              • Hardware-level security.  Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.

                                • +

                              • Virtualization-based security.  Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.

                                • +

                              • Improved protection against persistent threats.  Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.

                                • +

                              • Improved manageability.  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.

                              -

                              For more information, see [Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard).

                              -

                              \* Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)

                              +

                              For more information, see Protect derived domain credentials with Credential Guard.

                              +

                              Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)

                              Device Guard

                              @@ -96,17 +99,17 @@ Windows 10 Enterprise edition has a number of features that are unavailable in

                            • Helps protect the Windows system core from vulnerability and zero-day exploits

                            • Allows only trusted apps to run

                            -

                            For more information, see [Introduction to Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies).

                            +

                            For more information, see Introduction to Device Guard.

                            AppLocker management

                            This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.

                            -

                            For more information, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).

                            +

                            For more information, see AppLocker.

                            Application Virtualization (App-V)

                            -

                            This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.

                            -

                            For more information, see [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started).

                            +

                            This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.

                            +

                            For more information, see Getting Started with App-V for Windows 10.

                            User Experience Virtualization (UE-V)

                            @@ -118,7 +121,7 @@ Windows 10 Enterprise edition has a number of features that are unavailable in

                          • Create custom templates for your third-party or line-of-business applications

                          • Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state

                          -

                          For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows).

                          +

                          For more information, see User Experience Virtualization (UE-V) for Windows 10 overview.

                          Managed User Experience

                          @@ -249,7 +252,7 @@ The Managed User Experience feature is a set of Windows 10 Enterprise edition f ## Related topics -[Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) +[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
                          [Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
                          [Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
                          [Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx) diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index ab9ff889c0..77df5bd241 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.date: 10/20/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.sitesec: library -author: greg-lindsay +author: dansimp ms.topic: article --- @@ -36,7 +39,7 @@ Windows 10, version 1709 is available starting on 10/17/2017 in all relevant dis For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can still search for the individual Windows editions. However, each of these editions (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education) will point to the same ISO file, so you only need to download the ISO once. A single Windows image (WIM) file is included in the ISO that contains all the volume licensing images: -![Images](images\table01.png) +![Images](images/table01.png) When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update. @@ -63,7 +66,7 @@ This Semi-Annual Channel release of Windows 10 continues the Windows as a servic See the following example for Windows 10, version 1709: -![Windows 10, version 1709 lang pack](images\lang-pack-1709.png) +![Windows 10, version 1709 lang pack](images/lang-pack-1709.png) ### Features on demand diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md index 708ffc8476..8cb97149cb 100644 --- a/windows/deployment/windows-10-missing-fonts.md +++ b/windows/deployment/windows-10-missing-fonts.md @@ -6,9 +6,11 @@ ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium -author: kaushika-msft -ms.author: kaushika +author: dansimp +ms.author: dansimp ms.date: 10/31/2017 +ms.reviewer: +manager: dansimp ms.topic: article --- # How to install fonts that are missing after upgrading to Windows 10 diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index 340920f673..f6f85fd75d 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -8,7 +8,10 @@ ms.pagetype: deploy keywords: deployment, automate, tools, configure, mdt ms.localizationpriority: medium ms.date: 10/11/2017 -author: greg-lindsay +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.topic: article --- @@ -45,13 +48,13 @@ Topics and procedures in this guide are summarized in the following table. An es
                          TopicDescriptionTime -
                          [About MDT](#about-mdt)A high-level overview of the Microsoft Deployment Toolkit (MDT).Informational -
                          [Install MDT](#install-mdt)Download and install MDT.40 minutes -
                          [Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)A reference image is created to serve as the template for deploying new images.90 minutes -
                          [Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)The reference image is deployed in the PoC environment.60 minutes -
                          [Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.60 minutes -
                          [Replace a computer with Windows 10](#replace-a-computer-with-windows-10)Back up an existing client computer, then restore this backup to a new computer.60 minutes -
                          [Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)Log locations and troubleshooting hints.Informational +
                          About MDTA high-level overview of the Microsoft Deployment Toolkit (MDT).Informational +
                          Install MDTDownload and install MDT.40 minutes +
                          Create a deployment share and reference imageA reference image is created to serve as the template for deploying new images.90 minutes +
                          Deploy a Windows 10 image using MDTThe reference image is deployed in the PoC environment.60 minutes +
                          Refresh a computer with Windows 10Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.60 minutes +
                          Replace a computer with Windows 10Back up an existing client computer, then restore this backup to a new computer.60 minutes +
                          Troubleshooting logs, events, and utilitiesLog locations and troubleshooting hints.Informational
                          @@ -494,12 +497,12 @@ This section will demonstrate how to export user data from an existing client co **Note**: The USMT will still back up the computer. 7. Lite Touch Installation will perform the following actions: - - Back up user settings and data using USMT. - - Install the Windows 10 Enterprise X64 operating system. - - Update the operating system via Windows Update. - - Restore user settings and data using USMT. + - Back up user settings and data using USMT. + - Install the Windows 10 Enterprise X64 operating system. + - Update the operating system via Windows Update. + - Restore user settings and data using USMT. - You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. + You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. 8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share). @@ -560,18 +563,18 @@ At a high level, the computer replace process consists of:
                          Remove-Item c:\_SMSTaskSequence -recurse Restart-Computer ``` -2. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: +3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: ``` cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` -3. Complete the deployment wizard using the following: +4. Complete the deployment wizard using the following: - **Task Sequence**: Backup Only Task Sequence - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1** - **Computer Backup**: Do not back up the existing computer. -4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks. -5. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete. -6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example: +5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks. +6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete. +7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example: ``` PS C:\> dir C:\MigData\PC1\USMT @@ -582,15 +585,15 @@ At a high level, the computer replace process consists of:
                          ---- ------------- ------ ---- -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG ``` -### Deploy PC3 + ### Deploy PC3 -1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: +8. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: ``` New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 ``` -2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: +9. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: ``` Disable-NetAdapter "Ethernet 2" -Confirm:$false @@ -599,32 +602,32 @@ At a high level, the computer replace process consists of:
                          >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding. -3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: +10. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` - Start-VM PC3 - vmconnect localhost PC3 - ``` + ``` + Start-VM PC3 + vmconnect localhost PC3 + ``` -4. When prompted, press ENTER for network boot. +11. When prompted, press ENTER for network boot. -6. On PC3, use the following settings for the Windows Deployment Wizard: - - **Task Sequence**: Windows 10 Enterprise x64 Custom Image - - **Move Data and Settings**: Do not move user data and settings - - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1** +12. On PC3, use the following settings for the Windows Deployment Wizard: + - **Task Sequence**: Windows 10 Enterprise x64 Custom Image + - **Move Data and Settings**: Do not move user data and settings + - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1** -5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: +13. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: - ``` - Enable-NetAdapter "Ethernet 2" - ``` -7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. + ``` + Enable-NetAdapter "Ethernet 2" + ``` +14. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. -8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**. +15. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**. -9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure. +16. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure. -10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure. +17. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure. ## Troubleshooting logs, events, and utilities @@ -644,7 +647,7 @@ Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade- [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741)
                          [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) -  + diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index a83edcf57d..9c5989a965 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -8,7 +8,10 @@ ms.pagetype: deploy keywords: deployment, automate, tools, configure, sccm ms.localizationpriority: medium ms.date: 10/11/2017 -author: greg-lindsay +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.topic: article --- @@ -44,17 +47,17 @@ Topics and procedures in this guide are summarized in the following table. An es
                          TopicDescriptionTime -
                          [Install prerequisites](#install-prerequisites)Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.60 minutes -
                          [Install System Center Configuration Manager](#install-system-center-configuration-manager)Download System Center Configuration Manager, configure prerequisites, and install the package.45 minutes -
                          [Download MDOP and install DaRT](#download-mdop-and-install-dart)Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.15 minutes -
                          [Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)Prerequisite procedures to support Zero Touch installation.60 minutes -
                          [Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)Use the MDT wizard to create the boot image in Configuration Manager.20 minutes -
                          [Create a Windows 10 reference image](#create-a-windows-10-reference-image)This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.0-60 minutes -
                          [Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)Add a Windows 10 operating system image and distribute it.10 minutes
                          [Create a task sequence](#create-a-task-sequence)Create a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes -
                          [Finalize the operating system configuration](#finalize-the-operating-system-configuration)Enable monitoring, configure rules, and distribute content.30 minutes -
                          [Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)Deploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes -
                          [Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)Replace a client computer with Windows 10 using Configuration Manager.90 minutes -
                          [Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes +
                          Install prerequisitesInstall prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.60 minutes +
                          Install System Center Configuration ManagerDownload System Center Configuration Manager, configure prerequisites, and install the package.45 minutes +
                          Download MDOP and install DaRTDownload the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.15 minutes +
                          Prepare for Zero Touch installationPrerequisite procedures to support Zero Touch installation.60 minutes +
                          Create a boot image for Configuration ManagerUse the MDT wizard to create the boot image in Configuration Manager.20 minutes +
                          Create a Windows 10 reference imageThis procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.0-60 minutes +
                          Add a Windows 10 operating system imageAdd a Windows 10 operating system image and distribute it.10 minutes
                          Create a task sequenceCreate a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes +
                          Finalize the operating system configurationEnable monitoring, configure rules, and distribute content.30 minutes +
                          Deploy Windows 10 using PXE and Configuration ManagerDeploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes +
                          Replace a client with Windows 10 using Configuration ManagerReplace a client computer with Windows 10 using Configuration Manager.90 minutes +
                          Refresh a client with Windows 10 using Configuration ManagerUse a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes
                          @@ -274,7 +277,7 @@ This section contains several procedures to support Zero Touch installation with 3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**. 4. Click the yellow starburst and then click **New Account**. 5. Click **Browse** and then under **Enter the object name to select**, type **CM_NAA** and click **OK**. -6. Next to **Password** and **Confirm Password**, type **pass@word1**, and then click **OK** twice. +6. Next to **Password** and **Confirm Password**, type pass@word1, and then click **OK** twice. ### Configure a boundary group @@ -313,16 +316,16 @@ WDSUTIL /Set-Server /AnswerClients:None 2. In the System Center Configuration Manager console, in the **Administration** workspace, click **Distribution Points**. 3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**. 4. On the PXE tab, select the following settings: - - **Enable PXE support for clients**. Click **Yes** in the popup that appears. - - **Allow this distribution point to respond to incoming PXE requests** - - **Enable unknown computer support**. Click **OK** in the popup that appears. - - **Require a password when computers use PXE** - - **Password** and **Confirm password**: pass@word1 - - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure. + - **Enable PXE support for clients**. Click **Yes** in the popup that appears. + - **Allow this distribution point to respond to incoming PXE requests** + - **Enable unknown computer support**. Click **OK** in the popup that appears. + - **Require a password when computers use PXE** + - **Password** and **Confirm password**: pass@word1 + - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure. - See the following example: + See the following example: - Config Mgr PXE + Config Mgr PXE 5. Click **OK**. 6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present: @@ -592,20 +595,20 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**. 4. On the Details page, enter the following settings: - - Join a domain: **contoso.com** - - Account: click **Set** - - User name: **contoso\CM_JD** - - Password: **pass@word1** - - Confirm password: **pass@word1** - - Click **OK** - - Windows Settings - - User name: **Contoso** - - Organization name: **Contoso** - - Product key: \ - - Administrator Account: **Enable the account and specify the local administrator password** - - Password: **pass@word1** - - Confirm password: **pass@word1** - - Click **Next** + - Join a domain: **contoso.com** + - Account: click **Set** + - User name: **contoso\CM_JD** + - Password: pass@word1 + - Confirm password: pass@word1 + - Click **OK** + - Windows Settings + - User name: **Contoso** + - Organization name: **Contoso** + - Product key: \ + - Administrator Account: **Enable the account and specify the local administrator password** + - Password: pass@word1 + - Confirm password: pass@word1 + - Click **Next** 5. On the Capture Settings page, accept the default settings and click **Next**. @@ -750,20 +753,20 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 2. Press ENTER when prompted to start the network boot service. -3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then click **Next**. +3. In the Task Sequence Wizard, provide the password: pass@word1, and then click **Next**. 4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open. 5. At the command prompt, type **explorer.exe** and review the Windows PE file structure. 6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations: - - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted. - - x:\smstslog\smsts.log after disks are formatted. - - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the System Center Configuration Manager client is installed. - - c:\windows\ccm\logs\Smstslog\smsts.log after the System Center Configuration Manager client is installed. - - c:\windows\ccm\logs\smsts.log when the task sequence is complete. + - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted. + - x:\smstslog\smsts.log after disks are formatted. + - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the System Center Configuration Manager client is installed. + - c:\windows\ccm\logs\Smstslog\smsts.log after the System Center Configuration Manager client is installed. + - c:\windows\ccm\logs\smsts.log when the task sequence is complete. - Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open. + Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open. 7. In the explorer window, click **Tools** and then click **Map Network Drive**. @@ -1029,7 +1032,7 @@ In the Configuration Manager console, in the Software Library workspace under Op Start-VM PC4 vmconnect localhost PC4 ``` -2. In the **Welcome to the Task Sequence Wizard**, enter **pass@word1** and click **Next**. +2. In the **Welcome to the Task Sequence Wizard**, enter pass@word1 and click **Next**. 3. Choose the **Windows 10 Enterprise X64** image. 4. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1. 5. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs. @@ -1070,7 +1073,7 @@ In the Configuration Manager console, in the Software Library workspace under Op [System Center 2012 Configuration Manager Survival Guide](https://social.technet.microsoft.com/wiki/contents/articles/7075.system-center-2012-configuration-manager-survival-guide.aspx#Step-by-Step_Guides) -  + diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 08755c35c9..a8e9c7409f 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -1,5 +1,8 @@ --- title: Configure a test lab to deploy Windows 10 +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Concepts and procedures for deploying Windows 10 in a proof of concept lab environment. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,8 +10,7 @@ ms.sitesec: library ms.pagetype: deploy keywords: deployment, automate, tools, configure, mdt, sccm ms.localizationpriority: medium -ms.date: 11/16/2017 -author: greg-lindsay +author: dansimp ms.topic: article --- @@ -29,9 +31,9 @@ Approximately 3 hours are required to configure the PoC environment. You will ne Windows PowerShell commands are provided to set up the PoC environment quickly. You do not need to be an expert in Windows PowerShell to complete the steps in the guide, however you are required to customize some commands to your environment. ->Instructions to "type" Windows PowerShell commands provided in this guide can be followed literally by typing the commands, but the preferred method is to copy and paste these commands. - ->A Windows PowerShell window can be used to run all commands in this guide. However, when commands are specified for a command prompt, you must either type CMD at the Windows PowerShell prompt to enter the command prompt, or preface the command with "cmd /c", or if desired you can escape special characters in the command using the back-tick character (`). In most cases, the simplest thing is to type cmd and enter a command prompt, type the necessary commands, then type "exit" to return to Windows PowerShell. +> Instructions to "type" Windows PowerShell commands provided in this guide can be followed literally by typing the commands, but the preferred method is to copy and paste these commands. +> +> A Windows PowerShell window can be used to run all commands in this guide. However, when commands are specified for a command prompt, you must either type CMD at the Windows PowerShell prompt to enter the command prompt, or preface the command with "cmd /c", or if desired you can escape special characters in the command using the back-tick character (`). In most cases, the simplest thing is to type cmd and enter a command prompt, type the necessary commands, then type "exit" to return to Windows PowerShell. Hyper-V is installed, configured and used extensively in this guide. If you are not familiar with Hyper-V, review the [terminology](#appendix-b-terminology-used-in-this-guide) used in this guide before starting. @@ -49,18 +51,18 @@ Topics and procedures in this guide are summarized in the following table. An es -
                          TopicDescriptionTime
                          [Hardware and software requirements](#hardware-and-software-requirements)Prerequisites to complete this guide.Informational -
                          [Lab setup](#lab-setup)A description and diagram of the PoC environment.Informational -
                          [Configure the PoC environment](#configure-the-poc-environment)Parent topic for procedures.Informational -
                          [Verify support and install Hyper-V](#verify-support-and-install-hyper-v)Verify that installation of Hyper-V is supported, and install the Hyper-V server role.10 minutes -
                          [Download VHD and ISO files](#download-vhd-and-iso-files)Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.30 minutes -
                          [Convert PC to VM](#convert-pc-to-vm)Convert a physical computer on your network to a VM hosted in Hyper-V.30 minutes -
                          [Resize VHD](#resize-vhd)Increase the storage capacity for one of the Windows Server VMs.5 minutes -
                          [Configure Hyper-V](#configure-hyper-v)Create virtual switches, determine available RAM for virtual machines, and add virtual machines.15 minutes -
                          [Configure service and user accounts](#configure-service-and-user-accounts)Start virtual machines and configure all services and settings.60 minutes -
                          [Configure VMs](#configure-vms)Start virtual machines and configure all services and settings.60 minutes -
                          [Appendix A: Verify the configuration](#appendix-a-verify-the-configuration)Verify and troubleshoot network connectivity and services in the PoC environment.30 minutes -
                          [Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide)Terms used in this guide.Informational +
                          Hardware and software requirementsPrerequisites to complete this guide.Informational +
                          Lab setupA description and diagram of the PoC environment.Informational +
                          Configure the PoC environmentParent topic for procedures.Informational +
                          Verify support and install Hyper-VVerify that installation of Hyper-V is supported, and install the Hyper-V server role.10 minutes +
                          Download VHD and ISO filesDownload evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.30 minutes +
                          Convert PC to VMConvert a physical computer on your network to a VM hosted in Hyper-V.30 minutes +
                          Resize VHDIncrease the storage capacity for one of the Windows Server VMs.5 minutes +
                          Configure Hyper-VCreate virtual switches, determine available RAM for virtual machines, and add virtual machines.15 minutes +
                          Configure service and user accountsStart virtual machines and configure all services and settings.60 minutes +
                          Configure VMsStart virtual machines and configure all services and settings.60 minutes +
                          Appendix A: Verify the configurationVerify and troubleshoot network connectivity and services in the PoC environment.30 minutes +
                          Appendix B: Terminology in this guideTerms used in this guide.Informational
                          @@ -78,52 +80,52 @@ Harware requirements are displayed below: - - + + - + - + - - + + - + - + - + - + - + - + @@ -218,7 +220,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon ![hyper-v](images/svr_mgr2.png) -

                          If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**. +

                          If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. ### Download VHD and ISO files @@ -231,7 +233,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below.

                          **Computer 1** (required)**Computer 2** (recommended)Computer 1 (required)Computer 2 (recommended)
                          **Role**Role Hyper-V host Client computer
                          **Description**Description This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module. This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process.
                          **OS**Windows 8.1/10 or Windows Server 2012/2012 R2/2016\*OSWindows 8.1/10 or Windows Server 2012/2012 R2/2016* Windows 7 or a later
                          **Edition**Edition Enterprise, Professional, or Education Any
                          **Architecture**Architecture 64-bit Any
                          Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.
                          **RAM**RAM 8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
                          16 GB RAM to test Windows 10 deployment with System Center Configuration Manager.                          		 Any
                          **Disk**Disk 200 GB available hard disk space, any format. Any size, MBR formatted.
                          **CPU**CPU SLAT-Capable CPU Any
                          **Network**Network Internet connection Any
                          - +
                          ![VHD](images/download_vhd.png)
                          VHD
                          2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type. @@ -247,13 +249,13 @@ After completing these steps, you will have three files in the **C:\VHD** direct The following displays the procedures described in this section, both before and after downloading files: 
                          -C:\>mkdir VHD
-C:\>cd VHD
-C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
-C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd
+C:>mkdir VHD
+C:>cd VHD
+C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
+C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd
    1 file(s) copied.
 C:\VHD ren *.iso w10-enterprise.iso
-C:\VHD>dir /B
+C:\VHD>dir /B
 2012R2-poc-1.vhd
 2012R2-poc-2.vhd
 w10-enterprise.iso
@@ -267,14 +269,14 @@ w10-enterprise.iso
 If you do not have a PC available to convert to VM, perform the following steps to download an evaluation VM:
 
                          
 
                            
-
                          1. Open the [Download virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) page.
-
                          2. Under **Virtual machine**, choose **IE11 on Win7**.
-
                          3. Under **Select platform** choose **HyperV (Windows)**.
-
                          4. Click **Download .zip**. The download is 3.31 GB.
+
                          5. Open the Download virtual machines page.
+
                          6. Under Virtual machine, choose IE11 on Win7.
+
                          7. Under Select platform choose HyperV (Windows).
+
                          8. Click Download .zip. The download is 3.31 GB.
 
                          9. Extract the zip file. Three directories are created.
-
                          10. Open the **Virtual Hard Disks** directory and then copy **IE11 - Win7.vhd** to the **C:\VHD** directory.
-
                          11. Rename **IE11 - Win7.vhd** to **w7.vhd** (do not rename the file to w7.vhdx).
-
                          12. In step 5 of the [Configure Hyper-V](#configure-hyper-v) section, replace the VHD file name **w7.vhdx** with **w7.vhd**.
+
                          13. Open the Virtual Hard Disks directory and then copy IE11 - Win7.vhd to the C:\VHD directory.
+
                          14. Rename IE11 - Win7.vhd to w7.vhd (do not rename the file to w7.vhdx).
+
                          15. In step 5 of the Configure Hyper-V section, replace the VHD file name w7.vhdx with w7.vhd.
 
                          
 
 
@@ -328,7 +330,7 @@ Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Ca
 If the **Type** column does not indicate GPT, then the disk partition format is MBR ("Installable File System" = MBR). In the following example, the disk is GPT:
 
 
                          -PS C:\> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
+PS C:> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
 
 SystemName                           Caption                                 Type
 ----------                           -------                                 ----
@@ -339,7 +341,7 @@ USER-PC1                             Disk #0, Partition #1                   GPT
 On a computer running Windows 8 or later, you can also type **Get-Disk** at a Windows PowerShell prompt to discover the partition style. The default output of this cmdlet displays the partition style for all attached disks. Both commands are displayed below. In this example, the client computer is running Windows 8.1 and uses a GPT style partition format:
 
 
                          -PS C:\> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
+PS C:> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
 
 SystemName                            Caption                               Type
 ----------                            -------                               ----
@@ -349,7 +351,7 @@ PC-X1                                 Disk #0, Partition #2                 GPT:
 PC-X1                                 Disk #0, Partition #3                 GPT: Basic Data
 PC-X1                                 Disk #0, Partition #4                 GPT: Basic Data
 
-PS C:\> Get-Disk
+PS C:> Get-Disk
 
 Number Friendly Name                  OperationalStatus                     Total Size Partition Style
 ------ -------------                  -----------------                     ---------- ---------------
@@ -377,12 +379,12 @@ The following table displays the Hyper-V VM generation to choose based on the OS
         MBR
         32
         1
-        [Prepare a generation 1 VM](#prepare-a-generation-1-vm)
+        Prepare a generation 1 VM
     
     
         64
         1
-        [Prepare a generation 1 VM](#prepare-a-generation-1-vm)
+        Prepare a generation 1 VM
     
     
         GPT
@@ -393,30 +395,30 @@ The following table displays the Hyper-V VM generation to choose based on the OS
     
         64
         1
-        [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)
+        Prepare a generation 1 VM from a GPT disk
     
     
         Windows 8 or later
         MBR
         32
         1
-        [Prepare a generation 1 VM](#prepare-a-generation-1-vm)
+        Prepare a generation 1 VM
     
     
         64
         1, 2
-        [Prepare a generation 1 VM](#prepare-a-generation-1-vm)
+        Prepare a generation 1 VM
     
     
         GPT
         32
         1
-        [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)
+        Prepare a generation 1 VM from a GPT disk
     
     
         64
         2
-        [Prepare a generation 2 VM](#prepare-a-generation-2-vm)
+        Prepare a generation 2 VM
     
 
 
@@ -424,9 +426,9 @@ The following table displays the Hyper-V VM generation to choose based on the OS
 
 Notes:
                          
 
                            
-
                          • If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk).
-
                          • If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the **mountvol** command. In this case, see [Prepare a generation 2 VM](#prepare-a-generation-2-vm).
-
                          • If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see [Prepare a generation 1 VM](#prepare-a-generation-1-vm).
+
                          • If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see Prepare a generation 1 VM from a GPT disk.
+
                          • If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see Prepare a generation 2 VM.
+
                          • If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see Prepare a generation 1 VM.
 
                          
 
 #### Prepare a generation 1 VM
@@ -436,7 +438,7 @@ Notes:
                          
     >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
 
 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-3. Select the checkboxes next to the **C:\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Determine VM generation](#determine-vm-generation).
+3. Select the checkboxes next to the **C:\\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Determine VM generation](#determine-vm-generation).
 4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and click **Create**. See the following example:
 
     ![disk2vhd](images/disk2vhd.png)
@@ -466,7 +468,7 @@ Notes:
                          
     This command temporarily assigns a drive letter of S to the system volume and mounts it. If the letter S is already assigned to a different volume on the computer, then choose one that is available (ex: mountvol z: /s).
 
 3. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-4. Select the checkboxes next to the **C:\** and the **S:\** volumes, and clear the **Use Volume Shadow Copy checkbox**. Volume shadow copy will not work if the EFI system partition is selected.
+4. Select the checkboxes next to the **C:\\** and the **S:\\** volumes, and clear the **Use Volume Shadow Copy checkbox**. Volume shadow copy will not work if the EFI system partition is selected.
 
     **Important**: You must include the EFI system partition in order to create a bootable VHD. The Windows RE tools partition (shown below) is not required, but it can also be converted if desired.
 
@@ -493,7 +495,7 @@ Notes:
                          
     >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
 
 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-3. Select the checkbox next to the **C:\** volume and clear the checkbox next to **Use Vhdx**. Note: the system volume is not copied in this scenario, it will be added later.
+3. Select the checkbox next to the **C:\\** volume and clear the checkbox next to **Use Vhdx**. Note: the system volume is not copied in this scenario, it will be added later.
 4. Specify a location to save the resulting VHD file (F:\VHD\w7.vhd in the following example) and click **Create**. See the following example:
 
     ![disk2vhd](images/disk2vhd4.png)
@@ -515,7 +517,7 @@ Notes:
                          
 ### Resize VHD
 
 
                          
-**Enhanced session mode**
+Enhanced session mode
 
 **Important**: Before proceeding, verify that you can take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer.
 
@@ -643,48 +645,48 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
 
     The VM will automatically boot into Windows Setup. In the PC1 window:
 
-    1. Click **Next**.
-    2. Click **Repair your computer**.
-    3. Click **Troubleshoot**.
-    4. Click **Command Prompt**.
-    5. Type the following command to save an image of the OS drive:
+   1. Click **Next**.
+   2. Click **Repair your computer**.
+   3. Click **Troubleshoot**.
+   4. Click **Command Prompt**.
+   5. Type the following command to save an image of the OS drive:
 
-    
                          -    dism /Capture-Image /ImageFile:D:\c.wim /CaptureDir:C:\ /Name:Drive-C
-    
                          
+      
                          +      dism /Capture-Image /ImageFile:D:\c.wim /CaptureDir:C:\ /Name:Drive-C
+      
                          
 
-    6. Wait for the OS image to complete saving, and then type the following commands to convert the C: drive to MBR:
+   6. Wait for the OS image to complete saving, and then type the following commands to convert the C: drive to MBR:
 
-    
                          -    diskpart
-    select disk 0
-    clean
-    convert MBR
-    create partition primary size=100
-    format fs=ntfs quick
-    active
-    create partition primary
-    format fs=ntfs quick label=OS
-    assign letter=c
-    exit
-    
                          
+      
                          +      diskpart
+      select disk 0
+      clean
+      convert MBR
+      create partition primary size=100
+      format fs=ntfs quick
+      active
+      create partition primary
+      format fs=ntfs quick label=OS
+      assign letter=c
+      exit
+      
                          
 
-    7. Type the following commands to restore the OS image and boot files:
+   7. Type the following commands to restore the OS image and boot files:
 
-    
                          -    dism /Apply-Image /ImageFile:D:\c.wim /Index:1 /ApplyDir:C:\
-    bcdboot c:\windows
-    exit
-    
                          
+      
                          +      dism /Apply-Image /ImageFile:D:\c.wim /Index:1 /ApplyDir:C:\
+      bcdboot c:\windows
+      exit
+      
                          
 
-    8. Click **Continue** and verify the VM boots successfully (do not boot from DVD).
-    9. Click **Ctrl+Alt+Del**, and then in the bottom right corner, click **Shut down**.
-    10. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to remove the temporary disks and drives from PC1:
+   8. Click **Continue** and verify the VM boots successfully (do not boot from DVD).
+   9. Click **Ctrl+Alt+Del**, and then in the bottom right corner, click **Shut down**.
+   10. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to remove the temporary disks and drives from PC1:
 
-    
                          -    Remove-VMHardDiskDrive -VMName PC1 -ControllerType IDE -ControllerNumber 0 -ControllerLocation 1
-    Set-VMDvdDrive -VMName PC1 -Path $null
-    
                          
+       
                          +       Remove-VMHardDiskDrive -VMName PC1 -ControllerType IDE -ControllerNumber 0 -ControllerLocation 1
+       Set-VMDvdDrive -VMName PC1 -Path $null
+       
                          
 
 ### Configure VMs
 
@@ -695,7 +697,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     vmconnect localhost DC1
     
                          
 
-2. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of **pass@word1**, and click **Finish**.
+2. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of pass@word1, and click **Finish**.
 3. Click **Ctrl+Alt+Del** in the upper left corner of the virtual machine connection window, and then sign in to DC1 using the Administrator account.
 4. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in again with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It is only necessary to do this the first time you sign in to a new VM.
 5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway:
@@ -706,9 +708,9 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
     
                          
 
-    >The default gateway at 192.168.0.2 will be configured later in this guide.
-
-    >Note: A list of available tasks for an app will be populated the first time you run it on the taskbar. Because these tasks aren't available until the App has been run, you will not see the **Run as Administrator** task until you have left-clicked Windows PowerShell for the first time. In this newly created VM, you will need to left-click Windows PowerShell one time, and then you can right-click and choose Run as Administrator to open an elevated Windows PowerShell prompt.
+   > The default gateway at 192.168.0.2 will be configured later in this guide.
+   > 
+   > Note: A list of available tasks for an app will be populated the first time you run it on the taskbar. Because these tasks aren't available until the App has been run, you will not see the **Run as Administrator** task until you have left-clicked Windows PowerShell for the first time. In this newly created VM, you will need to left-click Windows PowerShell one time, and then you can right-click and choose Run as Administrator to open an elevated Windows PowerShell prompt.
 
 6. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt:
 
@@ -901,7 +903,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     vmconnect localhost SRV1
                          -25. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. +25. Accept the default settings, read license terms and accept them, provide an administrator password of pass@word1, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. 26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. 27. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: @@ -1082,7 +1084,7 @@ Use the following procedures to verify that the PoC environment is configured pr Hyper-V ManagerThe user-interface console used to view and configure Hyper-V. MBRMaster Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format. Proof of concept (PoC)Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process. -Shadow copyA copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes. +Shadow copyA copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes. Virtual machine (VM)A VM is a virtual computer with its own operating system, running on the Hyper-V host. Virtual switchA virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host. VM snapshotA point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken. @@ -1094,9 +1096,9 @@ Use the following procedures to verify that the PoC environment is configured pr [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) -  + -  + diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index 2e66746137..8d7e310a22 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -1,5 +1,8 @@ --- title: Switch to Windows 10 Pro/Enterprise from S mode +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional. keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode ms.mktglfcycl: deploy @@ -7,7 +10,7 @@ ms.localizationpriority: medium ms.prod: w10 ms.sitesec: library ms.pagetype: deploy -author: jaimeo +author: dansimp ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md similarity index 54% rename from windows/deployment/windows-10-enterprise-subscription-activation.md rename to windows/deployment/windows-10-subscription-activation.md index e57c8a14cc..914c40a5d6 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -1,6 +1,6 @@ --- title: Windows 10 Subscription Activation -description: How to enable Windows 10 Enterprise E3 and E5 subscriptions +description: How to dynamically enable Windows 10 Enterprise or Educations subscriptions keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy @@ -16,20 +16,33 @@ ms.topic: article # Windows 10 Subscription Activation -With Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots. +Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5. - If you are running Windows 10 version 1703 or later: +With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions – **Windows 10 Education**. + +The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices. + +## Subscription Activation for Windows 10 Enterprise + +With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots. + + If you are running Windows 10, version 1703 or later: - Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise. - Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions. Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-whatis). -See the following topics in this article: +## Subscription Activation for Windows 10 Education + +Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section. + +## In this article + - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later. - [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment. -- [Requirements](#requirements): Prerequisites to use the Windows 10 Enterprise subscription model. -- [Benefits](#benefits): Advantages of Windows 10 Enterprise + subscription-based licensing. +- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model. +- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing. - [How it works](#how-it-works): A summary of the subscription-based licensing option. - [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud. @@ -39,7 +52,7 @@ For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Win Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host. -When a user with Windows 10 E3 or E5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM. +When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM. To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. @@ -53,14 +66,17 @@ The following figure illustrates how deploying Windows 10 has evolved with each - **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
                          - **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.
                          -- **Windows 10 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
                          -- **Windows 10 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
                          -- **Windows 10 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
                          -- **Windows 10 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise. -- **Windows 10 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled. +- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
                          +- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
                          +- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
                          +- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
                          +- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
                          +- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription. ## Requirements +### Windows 10 Enterprise requirements + For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. @@ -70,33 +86,62 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & >[!NOTE] >An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal. -For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3 or E5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). +For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/) +### Windows 10 Education requirements + +1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded. +2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security> Activation. +3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription. +4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. + +>If Windows 10 Pro is converted to Windows 10 Pro Education [using benefits available in Store for Education](https://docs.microsoft.com/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition. + + ## Benefits -With Windows 10 Enterprise, businesses can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise E3 or E5 to their users. Now, with Windows 10 Enterprise E3 and E5 being available as a true online service, it is available in every channel thus allowing all organizations to take advantage of enterprise grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: +With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: - [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare) - [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-pricing) You can benefit by moving to Windows as an online service in the following ways: -1. Licenses for Windows 10 Enterprise are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization. +1. Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization. 2. User logon triggers a silent edition upgrade, with no reboot required 3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys. -4. Compliance support via seat assignment. +4. Compliance support via seat assignment. +5. Licenses can be updated to different users dynamically, enabling you to optimize your licensing investment against changing needs. ## How it works -When a licensed user signs in to a device that meets requirements using the Azure AD credentials associated with a Windows 10 Enterprise E3 or E5 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition, after a grace period of up to 90 days. +The device is AAD joined from Settings > Accounts > Access work or school. -Devices currently running Windows 10 Pro, version 1703 or later can get Windows 10 Enterprise Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel. +The IT administrator assigns Windows 10 Enterprise to a user. See the following figure. + +![Windows 10 Enterprise](images/ent.png) + +When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user’s subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires. + +Devices running Windows 10 Pro, version 1703 or Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel. + +The following figures summarize how the Subscription Activation model works: + +Before Windows 10, version 1903:
                          +![1703](images/before.png) + +After Windows 10, version 1903:
                          +![1903](images/after.png) + +Note: +1. A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019). +2. A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019). ### Scenarios -**Scenario #1**:  You are using Windows 10 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise). +**Scenario #1**:  You are using Windows 10, version 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise). All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device. @@ -118,15 +163,12 @@ If you’re running Windows 7, it can be more work.  A wipe-and-load approach w ### Licenses The following policies apply to acquisition and renewal of licenses on devices: -- Devices that have been upgraded will attempt to acquire licenses every 30 days, and must be connected to the Internet to be successful. -- Licenses are valid for 90 days. If a device is disconnected from the Internet until its current license expires, the operating system will revert to Windows 10 Pro. As soon as the device is connected to the Internet again, the license will automatically renew assuming the device is still present on list of user devices. +- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license. +- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew. - Up to five devices can be upgraded for each user license. -- The list of devices is chronological and cannot be manually modified. -- If a device meets requirements and a licensed user signs in on that device, it will be upgraded. -- If five devices are already on the list and a subscribed user signs in on a sixth device, then this new device is added to the end of the list and the first device is removed. -- Devices that are removed from the list will cease trying to acquire a license and revert to Windows 10 Pro when the grace period expires. +- If a device the meets requirements and a licensed user signs in on that device, it will be upgraded. -Licenses can also be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs. +Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs. When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal). @@ -154,7 +196,7 @@ changepk.exe /ProductKey %ProductKey% ) -### Obtaining an Azure AD licence +### Obtaining an Azure AD license Enterprise Agreement/Software Assurance (EA/SA): - Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea). @@ -178,6 +220,6 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr ## Related topics -[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/) -
                          [Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) -
                          [Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx) +[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
                          +[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
                          +[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
                          diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md index 06d9b89385..34ae2d46d7 100644 --- a/windows/deployment/windows-adk-scenarios-for-it-pros.md +++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md @@ -2,11 +2,14 @@ title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10) description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 07/27/2017 ms.topic: article --- diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md index 35cd9c6cba..a2ae9455f6 100644 --- a/windows/deployment/windows-autopilot/TOC.md +++ b/windows/deployment/windows-autopilot/TOC.md @@ -1,31 +1,28 @@ -# [Windows Autopilot](windows-autopilot.md) +# [Windows Autopilot deployment](index.md) +# [What's new](windows-autopilot-whats-new.md) +# Understanding Windows Autopilot +## [Overview](windows-autopilot.md) ## [Requirements](windows-autopilot-requirements.md) -### [Configuration requirements](windows-autopilot-requirements-configuration.md) -#### [Intune Connector (preview)](intune-connector.md) -### [Network requirements](windows-autopilot-requirements-network.md) -### [Licensing requirements](windows-autopilot-requirements-licensing.md) -## [Scenarios and Capabilities](windows-autopilot-scenarios.md) -### [Support for existing devices](existing-devices.md) -### [User-driven mode](user-driven.md) -#### [Azure Active Directory joined](user-driven-aad.md) -#### [Hybrid Azure Active Directory joined](user-driven-hybrid.md) -### [Self-deploying mode](self-deploying.md) -### [Windows Autopilot Reset](windows-autopilot-reset.md) -#### [Remote reset](windows-autopilot-reset-remote.md) -#### [Local reset](windows-autopilot-reset-local.md) -## [Administering Autopilot](administer.md) -### [Configuring](configure-autopilot.md) -#### [Adding devices](add-devices.md) -#### [Creating profiles](profiles.md) -#### [Enrollment status page](enrollment-status.md) -#### [BitLocker encryption](bitlocker.md) -### [Administering Autopilot via Partner Center](https://docs.microsoft.com/en-us/partner-center/autopilot) -### [Administering Autopilot via Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot) -### [Administering Autopilot via Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles) -### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa) -## Getting started -### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md) -## [Customer consent](registration-auth.md) +## [Scenarios and capabilities](windows-autopilot-scenarios.md) +## [Get started](demonstrate-deployment-on-vm.md) + +# Deployment scenarios +## [User-driven mode](user-driven.md) +## [Self-deploying mode](self-deploying.md) +## [Windows Autopilot Reset](windows-autopilot-reset.md) +## [White glove](white-glove.md) +## [Support for existing devices](existing-devices.md) + +# Administering Windows Autopilot +## [Registering devices](add-devices.md) +## [Configuring device profiles](profiles.md) +## [Enrollment status page](enrollment-status.md) +## [BitLocker encryption](bitlocker.md) ## [Troubleshooting](troubleshooting.md) +## [Known issues](known-issues.md) + +# Support ## [FAQ](autopilot-faq.md) -## [Support](autopilot-support.md) +## [Contacts](autopilot-support.md) +## [Registration authorization](registration-auth.md) +## [Device guidelines](autopilot-device-guidelines.md) \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 853bcdd07b..8024b7af27 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -1,5 +1,7 @@ --- title: Adding devices +ms.reviewer: +manager: laurawi description: How to add devices to Windows Autopilot keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 @@ -8,7 +10,7 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.author: greg-lindsay +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -22,19 +24,31 @@ ms.topic: article Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually. +## OEM registration + +When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/windowsforbusiness/windows-autopilot). + +Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/registration-auth#oem-authorization). + +## Reseller, distributor, or partner registration + +Customers may purchase devices from resellers, distributors, or other partners. As long as these resellers, distributors, and partners are part of the [Cloud Solution Partners (CSP) program](https://partner.microsoft.com/en-us/cloud-solution-provider), they too can register devices on behalf of the customer. + +As with OEMs, CSP parnters must be granted permission to register devices on behalf of an organization. This follows the process described on the [Customer consent page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/registration-auth#csp-authorization). The CSP partner initiates a request to establish a relationship with the organization, with approval granted by a global administrator from the organization. Once approved, CSP partners add devices using [Partner Center](https://partner.microsoft.com/en-us/pcv/dashboard/overview), either directly through the web site or via available APIs that can automate the same tasks. + +Windows Autopilot does not require delegated administrator permissions when establishing the relationship between the CSP partner and the organization. As part of the approval process performed by the global administrator, the global administrator can choose to uncheck the "Include delegated administration permissions" checkbox. + +## Automatic registration of existing devices + +If an existing device is already running Windows 10 version 1703 or later and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardwareh ID (also known as a hardware hash). Once it has that, it can automatically register the device with Windows Autopilot. + +For instructions on how to do this with Microsoft Intune, see [Create an Autopilot deployment profile](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile) documentation describing the "Convert all targeted devices to Autopilot" setting. + +Also note that when using the [Windows Autopilot for existing devices](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/existing-devices) scenario, it is not necessary to pre-register the devices with Windows Autopilot. Instead, a configuration file (AutopilotConfigurationFile.json) containing all the Windows Autopilot profile settings is used; the device can be registered with Windows Autopilot after the fact using the same "Convert all targeted devices to Autopilot" setting. + ## Manual registration -To perform manual registration of a device, you must caputure its hardware ID (also known as a hardware hash) and upload this to the Windows Autopilot deployment service. See the topics below for detailed information on how to collect and upload hardware IDs. - ->[!IMPORTANT] ->Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**.
                          ->After Intune reports the profile ready to go, only then should the device be connected to the Internet. - -Also note that if OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries: - -**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE** - -To ensure OOBE has not been restarted too many times, you can change this value to 1. +To perform manual registration of a device, you must first caputure its hardware ID (also known as a hardware hash). Once this process has completed, the resulting hardware ID can be uploaded to the Windows Autopilot service. Because this process requires booting the device into Windows 10 in order to obtain the hardware ID, this is intended primarily for testing and evaluation scenarios. ## Device identification @@ -42,9 +56,13 @@ To define a device to the Windows Autopilot deployment service, a unique hardwar The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device. -Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot Deployment Service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as motherboard replacement, would not match, so the device would need to be re-uploaded. +Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded. -## Collecting the hardware ID from existing devices using PowerShell +### Collecting the hardware ID from existing devices using System Center Configuration Manager + +Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file. + +### Collecting the hardware ID from existing devices using PowerShell The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running Windows 10 version 1703 or later. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo). @@ -60,25 +78,85 @@ Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv The commands can also be run remotely, as long as WMI permissions are in place and WMI is accessible through the Windows Firewall on that remote computer. See the Get-WindowsAutoPilotInfo script’s help (using “Get-Help Get-WindowsAutoPilotInfo.ps1”) for more information about running the script. +>[!IMPORTANT] +>Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**.
                          +>After Intune reports the profile ready to go, only then should the device be connected to the Internet. + >[!NOTE] ->If you will connect to the device remotely to collect the hardware ID, see the information at the top of this page about device connectivity to the Internet. - -## Collecting the hardware ID from existing devices using System Center Configuration Manager - -Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. +>If OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries:
                          +>**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE**
                          +>To ensure OOBE has not been restarted too many times, you can change this value to 1. ## Registering devices -Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism: + -For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options: -- [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot) +Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism. -- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles) +- [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot). This is the preferred mechanism for all customers. +- [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). This is used by CSP partners to register devices on behalf of customers. +- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa). This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business. +- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings. -- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa) +A summary of each platform's capabilities is provided below. -- [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                          Platform/Portal +Register devices? +Create/Assign profile +Acceptable DeviceID +
                          OEM Direct APIYES - 1000 at a time maxNOTuple or PKID
                          Partner CenterYES - 1000 at a time maxYESTuple or PKID or 4K HH
                          IntuneYES - 500 at a time max\*YES\*4K HH
                          Microsoft Store for BusinessYES - 1000 at a time maxYES4K HH
                          Microsoft Business 365YES - 1000 at a time maxYES4K HH
                          + +>*Microsoft recommended platform to use + +## Summary + +When deploying new devices using Windows Autopilot, the following steps are required: + +1. [Register devices](#registering-devices). Ideally, this step is performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually. +2. [Configure device profiles](profiles.md), specifying how the device should be deployed and what user experience should be presented. +3. Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download profile settings such as the [Enrollment Status page](enrollment-status.md), which are used to customize the end user experience. + +## Other configuration settings + +- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started. -For those using Microsoft Intune, devices should normally be uploaded via Intune; for those using Microsoft 365 Business, its administrative portal would be used. For [Cloud Solution Provider (CSP)](https://partnercenter.microsoft.com/en-us/partner/cloud-solution-provider) partners uploading devices on the behalf of a customer that they are authorized to manage, Partner Center can be used. For any other scenario, the Microsoft Store for Business is available. diff --git a/windows/deployment/windows-autopilot/administer.md b/windows/deployment/windows-autopilot/administer.md deleted file mode 100644 index 402c3a2f7d..0000000000 --- a/windows/deployment/windows-autopilot/administer.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Administering Autopilot -description: A short description of methods for configuring Autopilot -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: low -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay -ms.author: greg-lindsay -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Administering Autopilot - -**Applies to: Windows 10** - -Several platforms are available to register devices with Windows Autopilot. A summary of each platform's capabilities is provided below. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                          Platform/Portal -Register devices? -Create/Assign profile -Acceptable DeviceID -
                          OEM Direct APIYES - 1000 at a time maxNOTuple or PKID
                          Partner CenterYES - 1000 at a time max\*YESTuple or PKID or 4K HH
                          IntuneYES - 175 at a time maxYES\*4K HH
                          Microsoft Store for BusinessYES - 1000 at a time maxYES4K HH
                          Microsoft Business 365YES - 1000 at a time maxYES4K HH
                          - ->*Microsoft recommended platform to use \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md new file mode 100644 index 0000000000..2997787bd1 --- /dev/null +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -0,0 +1,44 @@ +--- +title: Windows Autopilot device guidelines +ms.reviewer: +manager: laurawi +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot device guidelines + +**Applies to** + +- Windows 10 + +## Hardware and firmware best practice guidelines for Windows Autopilot + +All devices used with Windows Autopilot should meet the [minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) for Windows 10. + +The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process: +- Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode. +- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h). +- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner. +- As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days +- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel. + +## Software best practice guidelines for Windows Autopilot + +- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers and Office 365 Pro Plus Retail (C2R). +- Unless explicitly requested by the customer, no other preinstalled software should be included. + - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed. + +## Related topics + +[Windows Autopilot customer consent](registration-auth.md)
                          diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 7399e75801..9df667a4bc 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -1,5 +1,7 @@ --- title: Windows Autopilot support +ms.reviewer: +manager: laurawi description: Support information for Windows Autopilot keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 @@ -8,7 +10,7 @@ ms.localizationpriority: low ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.author: greg-lindsay +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -16,7 +18,7 @@ ms.topic: article # Windows Autopilot FAQ -**Applies to: Windows 10** +**Applies to: Windows 10** This topic provides OEMs, partners, administrators, and end-users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot. @@ -91,16 +93,15 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e ## The end user experience -| Question | Answer | -| --- | --- | -| How do I know that I received Autopilot? | You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page. | -| Windows Autopilot didn’t work, what do I do now? | Questions and actions to assist in troubleshooting: Did a screen not get skipped? Did a user end up as an admin when configured not to? Remember that AAD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin Collection information – run licensingdiag.exe and send the .cab (Cabinet file) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from WPR. Often in these cases, users are not signing into the right AAD tenant, or are creating local user accounts. For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). | -| If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? | No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is re-imaged or reset, the new profile settings will take effect the next time the device goes through OOBE. | -| What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy? | If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will NOT be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience. The IT Admin would then have to manually enrol that device into the MDM, after which—the next time that device is “reset”—it will go through the Windows Autopilot OOBE experience. | -| What may be a reason why I did not receive a customized sign-in screen during Autopilot? | Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience. | -| What happens if a device is registered with Azure AD but does not have an Windows Autopilot profile assigned? | The regular AAD OOBE will occur since no Windows Autopilot profile was assigned to the device. | -| How can I collect logs on Autopilot? | The best way to collect logs on Windows Autopilot performance is to collect a Windows Performance Recorder (WPR) trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request. | - +| Question | Answer | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| How do I know that I received Autopilot? | You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page. | +| Windows Autopilot didn’t work, what do I do now? | Questions and actions to assist in troubleshooting: Did a screen not get skipped? Did a user end up as an admin when configured not to? Remember that AAD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin Collection information – run licensingdiag.exe and send the .cab (Cabinet file) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from WPR. Often in these cases, users are not signing into the right AAD tenant, or are creating local user accounts. For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). | +| If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? | No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is re-imaged or reset, the new profile settings will take effect the next time the device goes through OOBE. | +| What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy? | If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will NOT be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience. The IT Admin would then have to manually enrol that device into the MDM, after which—the next time that device is “reset”—it will go through the Windows Autopilot OOBE experience. | +| What may be a reason why I did not receive a customized sign-in screen during Autopilot? | Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience. | +| What happens if a device is registered with Azure AD but does not have an Windows Autopilot profile assigned? | The regular AAD OOBE will occur since no Windows Autopilot profile was assigned to the device. | +| How can I collect logs on Autopilot? | The best way to collect logs on Windows Autopilot performance is to collect a Windows Performance Recorder (WPR) trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request. | ## MDM @@ -126,21 +127,21 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e ## General -| Question | Answer | -| --- | --- | -| If I wipe the machine and restart, will I still receive Windows Autopilot? | Yes, if the device is still registered for Windows Autopilot and is running Windows 10, version 1703 7B and above releases, it will receive the Windows Autopilot experience. | -| Can I harvest the device fingerprint on existing machines? | Yes, if the device is running Windows 10, version 1703 and above, you can harvest device fingerprints for registration. There are no plans to backport the functionality to previous releases and no way to harvest them on pre-Windows 10 Windows 10, version 1703 devices that have not been updated to Windows 10, version 1703. | -| What is Windows 10, version 1703 7B and why does it matter? | Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients **must** run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:

                          Windows Autopilot will not apply its profiles to the machine unless AAD credentials match the expected AAD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same AAD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, we can determine that if the user signs into a domain with a tenant matching the one they registered with, we can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.

                          **Key Take-Aways**: When using pre-Windows 10, version 1703 7B clients the user’s domain **must** match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. | -| What is the impact of not updating to 7B? | See the detailed scenario described directly above. | -| Is Windows Autopilot supported on other SKUs, e.g. Surface Hub, HoloLens, Windows Mobile. | No, Windows Autopilot isn’t supported on other SKUs. | -| Does Windows Autopilot work after MBR or image re-installation? | Yes. | -| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. | There are limits to the number of devices a particular AAD user can enroll in AAD, as well as the number of devices that are supported per user in Intune. (These are somewhat configurable but not “infinite.”) You’ll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots. | -| What happens if a device is registered to a malicious agent? | By design, Windows Autopilot does not apply a profile until the user signs in with the matching tenant for the configured profile via the AAD sign-in process. What occurs is illustrated below. If badguys.com registers a device owned by contoso.com, at worst, the user would be directed to sign into badguys.com. When the user enters their email/password, the sign-in information is redirected through AAD to the proper AAD authentication and the user is prompted to then sign into contoso.com. Since contoso.com does not match badguys.com as the tenant, the Windows Autopilot profile will not be applied and the regular AAD OOBE will occur. | -| Where is the Windows Autopilot data stored? | Windows Autopilot data is stored in the United States (US), not in a sovereign cloud, even when the AAD tenant is registered in a sovereign cloud. This is applicable to all Windows Autopilot data, regardless of the portal leveraged to deploy Autopilot. | -| Why is Windows Autopilot data stored in the US and not in a sovereign cloud? | It is not customer data that we store, but business data which enables Microsoft to provide a service, therefore it is okay for the data to reside in the US. Customers can stop subscribing to the service any time, and, in that event, the business data is removed by Microsoft. | -| How many ways are there to register a device for Windows Autopilot | There are six ways to register a device, depending on who is doing the registering:

                          1. OEM Direct API (only available to TVOs)
                          2. MPC via the MPC API (must be a CSP)
                          3. MPC via manual upload of CSV file in the UI (must be a CSP)
                          4. MSfB via CSV file upload
                          5. Intune via CSV file upload
                          6. Microsoft 365 Business portal via CSV file upload | -| How many ways are there to create an Windows Autopilot profile? | There are four ways to create & assign an Windows Autopilot profile:

                          1. Through MPC (must be a CSP)
                          2. Through MSfB
                          3. Through Intune (or another MDM)
                          4. Microsoft 365 Business portal

                          Microsoft recommends creation and assignment of profiles through Intune.| -| What are some common causes of registration failures? |
                          1. Bad or missing Hardware hash entries can lead to faulty registration attempts
                          2. Hidden special characters in CSV files.

                          To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.| +| Question | Answer | +|------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| If I wipe the machine and restart, will I still receive Windows Autopilot? | Yes, if the device is still registered for Windows Autopilot and is running Windows 10, version 1703 7B and above releases, it will receive the Windows Autopilot experience. | +| Can I harvest the device fingerprint on existing machines? | Yes, if the device is running Windows 10, version 1703 and above, you can harvest device fingerprints for registration. There are no plans to backport the functionality to previous releases and no way to harvest them on pre-Windows 10 Windows 10, version 1703 devices that have not been updated to Windows 10, version 1703. | +| What is Windows 10, version 1703 7B and why does it matter? | Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients **must** run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:

                          Windows Autopilot will not apply its profiles to the machine unless AAD credentials match the expected AAD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same AAD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, we can determine that if the user signs into a domain with a tenant matching the one they registered with, we can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.

                          **Key Take-Aways**: When using pre-Windows 10, version 1703 7B clients the user’s domain **must** match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. | +| What is the impact of not updating to 7B? | See the detailed scenario described directly above. | +| Is Windows Autopilot supported on other SKUs, e.g. Surface Hub, HoloLens, Windows Mobile. | No, Windows Autopilot isn’t supported on other SKUs. | +| Does Windows Autopilot work after MBR or image re-installation? | Yes. | +| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. | There are limits to the number of devices a particular AAD user can enroll in AAD, as well as the number of devices that are supported per user in Intune. (These are somewhat configurable but not “infinite.”) You’ll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots. | +| What happens if a device is registered to a malicious agent? | By design, Windows Autopilot does not apply a profile until the user signs in with the matching tenant for the configured profile via the AAD sign-in process. What occurs is illustrated below. If badguys.com registers a device owned by contoso.com, at worst, the user would be directed to sign into badguys.com. When the user enters their email/password, the sign-in information is redirected through AAD to the proper AAD authentication and the user is prompted to then sign into contoso.com. Since contoso.com does not match badguys.com as the tenant, the Windows Autopilot profile will not be applied and the regular AAD OOBE will occur. | +| Where is the Windows Autopilot data stored? | Windows Autopilot data is stored in the United States (US), not in a sovereign cloud, even when the AAD tenant is registered in a sovereign cloud. This is applicable to all Windows Autopilot data, regardless of the portal leveraged to deploy Autopilot. | +| Why is Windows Autopilot data stored in the US and not in a sovereign cloud? | It is not customer data that we store, but business data which enables Microsoft to provide a service, therefore it is okay for the data to reside in the US. Customers can stop subscribing to the service any time, and, in that event, the business data is removed by Microsoft. | +| How many ways are there to register a device for Windows Autopilot | There are six ways to register a device, depending on who is doing the registering:

                          1. OEM Direct API (only available to TVOs)
                          2. MPC via the MPC API (must be a CSP)
                          3. MPC via manual upload of CSV file in the UI (must be a CSP)
                          4. MSfB via CSV file upload
                          5. Intune via CSV file upload
                          6. Microsoft 365 Business portal via CSV file upload | +| How many ways are there to create an Windows Autopilot profile? | There are four ways to create & assign an Windows Autopilot profile:

                          1. Through MPC (must be a CSP)
                          2. Through MSfB
                          3. Through Intune (or another MDM)
                          4. Microsoft 365 Business portal

                          Microsoft recommends creation and assignment of profiles through Intune. | +| What are some common causes of registration failures? |
                          1. Bad or missing Hardware hash entries can lead to faulty registration attempts
                          2. Hidden special characters in CSV files.

                          To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions. | ## Glossary diff --git a/windows/deployment/windows-autopilot/autopilot-support.md b/windows/deployment/windows-autopilot/autopilot-support.md index 370197bca0..d53325cfde 100644 --- a/windows/deployment/windows-autopilot/autopilot-support.md +++ b/windows/deployment/windows-autopilot/autopilot-support.md @@ -8,38 +8,36 @@ ms.localizationpriority: low ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.author: greg-lindsay +ms.author: greglin ms.date: 10/31/2018 +ms.reviewer: +manager: laurawi ms.collection: M365-modern-desktop ms.topic: article --- # Windows Autopilot support information -**Applies to: Windows 10** +**Applies to: Windows 10** The following table displays support information for the Windows Autopilot program. Before contacting the resources listed below for Windows Autopilot-related issues, check the [Windows Autopilot FAQ](autopilot-faq.md). -| Audience | Support contact | -| --- | --- | -OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. | -| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority:
                          Low – 120 hours
                          Normal – 72 hours
                          High – 24 hours
                          Immediate – 4 hours | -| OEM with a PFE | Reach out to your PFE for support. | -| Partners with a Partner Technology Strategist (PTS) | If you have a PTS (whether you’re a CSP or not), you may first try working through your account’s specific Partner Technology Strategist (PTS). | -| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether you’re a CSP or not), you may first try working through your account’s specific Ecosystem PM, especially for technical issues. | -| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. | -| End-user | Contact your IT administrator. | -| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. | -| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. | -| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). | -| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. | -| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. | -| All other queries, or when unsure who to contact | Contact msoemops@microsoft.com. | - - - - +| Audience | Support contact | +|---------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. | +| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority:
                          Low – 120 hours
                          Normal – 72 hours
                          High – 24 hours
                          Immediate – 4 hours | +| OEM with a PFE | Reach out to your PFE for support. | +| Partners with a Partner Technology Strategist (PTS) | If you have a PTS (whether you’re a CSP or not), you may first try working through your account’s specific Partner Technology Strategist (PTS). | +| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether you’re a CSP or not), you may first try working through your account’s specific Ecosystem PM, especially for technical issues. | +| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. | +| End-user | Contact your IT administrator. | +| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. | +| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. | +| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). | +| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. | +| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. | +| All other queries, or when unsure who to contact | Contact msoemops@microsoft.com. | diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md index cf06f0bc75..a3a91da1f5 100644 --- a/windows/deployment/windows-autopilot/bitlocker.md +++ b/windows/deployment/windows-autopilot/bitlocker.md @@ -1,5 +1,7 @@ --- title: Setting the BitLocker encryption algorithm for Autopilot devices +ms.reviewer: +manager: laurawi description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices. keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10 ms.prod: w10 @@ -9,7 +11,7 @@ ms.sitesec: library ms.pagetype: deploy ms.localizationpriority: medium author: greg-lindsay -ms.author: greg-lindsay +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -17,6 +19,10 @@ ms.topic: article # Setting the BitLocker encryption algorithm for Autopilot devices +**Applies to** + +- Windows 10 + With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins. The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use. @@ -45,4 +51,4 @@ Windows 10, version 1809 or later. ## See also -[Bitlocker overview](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) \ No newline at end of file +[Bitlocker overview](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md deleted file mode 100644 index 988b5d91f2..0000000000 --- a/windows/deployment/windows-autopilot/configure-autopilot.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Configure Autopilot deployment -description: How to configure Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay -ms.author: greg-lindsay -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Configure Autopilot deployment - -**Applies to** - -- Windows 10 - -## Deploying new devices - -When deploying new devices using Windows Autopilot, a common set of steps are required: - -1. [Register devices with the Windows Autopilot deployment service](add-devices.md). Ideally, this step would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually. - -2. [Assign a profile of settings to each device](profiles.md), specifying how the device should be deployed and what user experience should be presented. - -3. Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download profile settings such as the [Enrollment Status page](enrollment-status.md), which are used to customize the end user experience. - - - -## Related topics - -[Windows Autopilot scenarios](windows-autopilot-scenarios.md) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index f8dd9eb38c..5cd9c37d9a 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -1,5 +1,7 @@ --- -title: Demonstrate Autopilot deployment on a VM +title: Demonstrate Autopilot deployment +ms.reviewer: +manager: laurawi description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade ms.prod: w10 @@ -8,20 +10,24 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.author: greg-lindsay +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article ms.custom: autopilot --- -# Demonstrate Autopilot deployment on a VM +# Demonstrate Autopilot deployment **Applies to** - Windows 10 -In this topic you'll learn how to set-up a Windows Autopilot deployment for a virtual machine (VM) using Hyper-V. Note: Although there are [multiple platforms](administer.md) available to enable Autopilot, this lab primarily uses Intune. +To get started with Windows Autopilot, you should try it out with a virtual machine (VM) or you can use a physical device that will be wiped and then have a fresh install of Windows 10. + +In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM using Hyper-V. Note: Although there are [multiple platforms](administer.md) available to enable Autopilot, this lab primarily uses Intune. + +>Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you are using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. The following video provides an overview of the process: @@ -33,8 +39,8 @@ The following video provides an overview of the process: ## Prerequisites These are the things you'll need to complete this lab: - - +
                          Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file), version 1703 or later is required. If you do not already have an ISO to use, a link is provided to download an [evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise).
                          Internet accessIf you are behind a firewall, see the detailed [networking requirements](windows-autopilot-requirements-network.md). Otherwise, just ensure that you have a connection to the Internet.
                          +
                          Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file), version 1703 or later is required. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.
                          Internet accessIf you are behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
                          Hyper-V or a physical device running Windows 10The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.
                          A Premium Intune accountThis guide will describe how to obtain a free 30-day trial premium account that can be used to complete the lab.
                          @@ -105,7 +111,7 @@ When you are prompted to restart the computer, choose **Yes**. The computer migh ![hyper-v](../images/svr_mgr2.png) -

                          If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**. +

                          If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box. @@ -166,7 +172,7 @@ After entering these commands, connect to the VM that you just created and wait See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the vmconnect.exe command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. 

                          -PS C:\autopilot> dir c:\iso
+PS C:\autopilot> dir c:\iso
 
 
     Directory: C:\iso
@@ -176,24 +182,24 @@ Mode                LastWriteTime         Length Name
 ----                -------------         ------ ----
 -a----        3/12/2019   2:46 PM     4627343360 win10-eval.iso
 
-PS C:\autopilot> (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
+PS C:\autopilot> (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
 Ethernet
-PS C:\autopilot> New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
+PS C:\autopilot> New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
 
 Name              SwitchType NetAdapterInterfaceDescription
 ----              ---------- ------------------------------
 AutopilotExternal External   Intel(R) Ethernet Connection (2) I218-LM
 
-PS C:\autopilot> New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
+PS C:\autopilot> New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
 
 Name             State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
 ----             ----- ----------- ----------------- ------   ------             -------
 WindowsAutopilot Off   0           0                 00:00:00 Operating normally 8.0
 
-PS C:\autopilot> Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-PS C:\autopilot> Start-VM -VMName WindowsAutopilot
-PS C:\autopilot> vmconnect.exe localhost WindowsAutopilot
-PS C:\autopilot> dir
+PS C:\autopilot> Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
+PS C:\autopilot> Start-VM -VMName WindowsAutopilot
+PS C:\autopilot> vmconnect.exe localhost WindowsAutopilot
+PS C:\autopilot> dir
 
     Directory: C:\autopilot
 
@@ -202,7 +208,7 @@ Mode                LastWriteTime         Length Name
 d-----        3/12/2019   3:15 PM                VMData
 d-----        3/12/2019   3:42 PM                VMs
 
-PS C:\autopilot>
+PS C:\autopilot>
                          ### Install Windows 10 @@ -601,7 +607,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: 
                          -C:\>systeminfo
+C:>systeminfo
 
 ...
 Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
@@ -617,7 +623,7 @@ In this example, the computer supports SLAT and Hyper-V.
 You can also identify Hyper-V support using [tools](https://blogs.msdn.microsoft.com/taylorb/2008/06/19/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v/) provided by the processor manufacturer, the [msinfo32](https://technet.microsoft.com/library/cc731397.aspx) tool, or you can download the [coreinfo](https://technet.microsoft.com/sysinternals/cc835722) utility and run it, as shown in the following example:
 
 
                          -C:\>coreinfo -v
+C:>coreinfo -v
 
 Coreinfo v3.31 - Dump information on system CPU and memory topology
 Copyright (C) 2008-2014 Mark Russinovich
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
index d2e6471454..401c84e8fe 100644
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -1,5 +1,7 @@
 ---
 title: Windows Autopilot Enrollment Status page 
+ms.reviewer: 
+manager: laurawi
 description: Gives an overview of the enrollment status page capabilities, configuration
 keywords: Autopilot Plug and Forget, Windows 10
 ms.prod: w10
@@ -9,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 ms.localizationpriority: medium
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -17,9 +19,15 @@ ms.topic: article
 
 # Windows Autopilot Enrollment Status page
 
-The Windows Autopilot Enrollment Status page displaying the status of the complete device configuration process.  Incorporating feedback from customers, this provides information to the user to show that the device is being set up and can be configured to prevent access to the desktop until the configuration is complete. 
+**Applies to**
+
+-   Windows 10
+
+The Windows Autopilot Enrollment Status Page displays the status of the complete device configuration process.  Incorporating feedback from customers, this provides information to the user to show that the device is being configured. The Enrollment Status Page can be also configured to prevent access to the desktop until the configuration process is complete. 
  
  ![Enrollment status page](images/enrollment-status-page.png)
+ 
+From Windows 10 version 1803 onwards, you can opt out of the account setup phase. If it is skipped, settings will be applied for users when they access their desktop for the first time. 
 
 ## Available settings
 
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index 0996810392..aa49b12f4f 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -1,27 +1,31 @@
 ---
 title: Windows Autopilot for existing devices
-description: Listing of Autopilot scenarios
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
-ms.localizationpriority: low
+ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
-ms.date: 11/05/2018
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
 # Windows Autopilot for existing devices
 
-**Applies to: Windows 10**
+**Applies to: Windows 10**
 
 Modern desktop management with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
 
 This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.
 
+>[!NOTE]
+>Windows Autopilot for existing devices only supports user-driven Azure Active Directory profiles. Hybrid AAD joined devices and self-deploying profiles are not supported.
+
 ## Prerequisites
 
 - System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808)
@@ -65,19 +69,19 @@ See the following examples.
     ```
 
 3. Enter the following lines and provide Intune administrative credentials
-    - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
+   - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
 
-    ```
-    Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com
-    ```
-    The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. 
-    
                          See the following example:
+     ```
+     Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com
+     ```
+     The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. 
+     
                          See the following example:
 
-    ![Azure AD authentication](images/pwd.png)
+     ![Azure AD authentication](images/pwd.png)
 
-    If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
-    - Select **Consent on behalf or your organization**
-    - Click **Accept**
+     If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
+   - Select **Consent on behalf or your organization**
+   - Click **Accept**
 
 4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
 
@@ -106,17 +110,19 @@ See the following examples.
 
     See the following table for a description of properties used in the JSON file.
 
-    | Property | Description |
-    | --- | --- |
-    | Version (number, optional) | The version number that identifies the format of the JSON file.  For Windows 10 1809, the version specified must be 2049. |
-    | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used.  This is the GUID for the tenant, and can be found in properties of the tenant.  The value should not include braces. |
-    | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. |
-    | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
-    | CloudAssignedDomainJoinMethod (number, required) | This property should be set to 0 and specifies that the device should join Azure AD. |
-    | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment.  
                          0 = not required, 1 = required.   |
-    | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration.|
-    | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled. 
                           Example value: "CloudAssignedAadServerData":  "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}"|
-    | CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer.  This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. |
+
+   |                          Property                          |                                                                                                                                                                        Description                                                                                                                                                                         |
+   |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+   |                 Version (number, optional)                 |                                                                                                                 The version number that identifies the format of the JSON file.  For Windows 10 1809, the version specified must be 2049.                                                                                                                  |
+   |           CloudAssignedTenantId (guid, required)           |                                                                                      The Azure Active Directory tenant ID that should be used.  This is the GUID for the tenant, and can be found in properties of the tenant.  The value should not include braces.                                                                                       |
+   |        CloudAssignedTenantDomain (string, required)        |                                                                                                                                  The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com.                                                                                                                                  |
+   |         CloudAssignedOobeConfig (number, required)         |                                                                           This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16                                                                           |
+   |      CloudAssignedDomainJoinMethod (number, required)      |                                                                                                                                    This property should be set to 0 and specifies that the device should join Azure AD.                                                                                                                                    |
+   |      CloudAssignedForcedEnrollment (number, required)      |                                                                                                                         Specifies that the device should require AAD Join and MDM enrollment.  
                          0 = not required, 1 = required.                                                                                                                         |
+   |             ZtdCorrelationId (guid, required)              | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. |
+   | CloudAssignedAadServerData (encoded JSON string, required) |                                                  An embedded JSON string used for branding. It requires AAD corp branding enabled. 
                           Example value: "CloudAssignedAadServerData":  "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}"                                                   |
+   |         CloudAssignedDeviceName (string, optional)         |                                                                          The name automatically assigned to the computer.  This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use.                                                                           |
+
 
 5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below:
 
@@ -157,19 +163,19 @@ See the following examples.
 1. Navigate to **\Assets and Compliance\Overview\Device Collections**
 2. On the ribbon, click **Create** and then click **Create Device Collection**
 3. In the **Create Device Collection Wizard** enter the following **General** details:
-    - Name: **Autopilot for existing devices collection**
-    - Comment: (optional)
-    - Limiting collection: Click **Browse** and select **All Systems**
+   - Name: **Autopilot for existing devices collection**
+   - Comment: (optional)
+   - Limiting collection: Click **Browse** and select **All Systems**
 
-    >[!NOTE]
-    >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
+     >[!NOTE]
+     >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
 
 4. Click **Next**, then enter the following **Membership Rules** details:
-    - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
-    - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples.
+   - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
+   - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples.
 
-    ![Named resource1](images/pc-01a.png)
-    ![Named resource2](images/pc-01b.png)
+     ![Named resource1](images/pc-01a.png)
+     ![Named resource2](images/pc-01b.png)
 
 5. Continue creating the device collection with the default settings:
     - Use incremental updates for this collection: not selected
@@ -185,28 +191,28 @@ See the following examples.
 2. On the Home ribbon, click **Create Task Sequence**
 3. Select **Install an existing image package** and then click **Next**
 4. In the Create Task Sequence Wizard enter the following details:
-    - Task sequence name: **Autopilot for existing devices**
-    - Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later)
-    - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
-    - Select the **Partition and format the target computer before installing the operating system** checkbox.
-    - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional.
-    - Product Key and Server licensing mode: Optionally enter a product key and server licencing mode.
-    - Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional.
-    - Enable the account and specify the local administrator password: Optional.
-    - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
+   - Task sequence name: **Autopilot for existing devices**
+   - Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later)
+   - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
+   - Select the **Partition and format the target computer before installing the operating system** checkbox.
+   - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional.
+   - Product Key and Server licensing mode: Optionally enter a product key and server licencing mode.
+   - Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional.
+   - Enable the account and specify the local administrator password: Optional.
+   - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
 
-    >[!IMPORTANT]
-    >The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain.
+     >[!IMPORTANT]
+     >The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain.
 
 5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page.
 6. On the State Migration page, enter the following details:
-    - Clear the **Capture user settings and files** checkbox.
-    - Clear the **Capture network settings** checkbox.
-    - Clear the **Capture Microsoft Windows settings** checkbox.
-    - Click **Next**.
+   - Clear the **Capture user settings and files** checkbox.
+   - Clear the **Capture network settings** checkbox.
+   - Clear the **Capture Microsoft Windows settings** checkbox.
+   - Click **Next**.
 
-    >[!NOTE]
-    >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices.
+     >[!NOTE]
+     >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices.
 
 7. On the Include Updates page, choose one of the three available options. This selection is optional.
 8. On the Install applications page, add applications if desired. This is optional.
diff --git a/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png b/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png
new file mode 100644
index 0000000000..0f458e9306
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png differ
diff --git a/windows/deployment/windows-autopilot/images/choice.png b/windows/deployment/windows-autopilot/images/choice.png
new file mode 100644
index 0000000000..881744eec5
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/choice.png differ
diff --git a/windows/deployment/windows-autopilot/images/image1.png b/windows/deployment/windows-autopilot/images/image1.png
index ed70e84120..e5bd9e3cba 100644
Binary files a/windows/deployment/windows-autopilot/images/image1.png and b/windows/deployment/windows-autopilot/images/image1.png differ
diff --git a/windows/deployment/windows-autopilot/images/landing.png b/windows/deployment/windows-autopilot/images/landing.png
new file mode 100644
index 0000000000..13dea20b07
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/landing.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg01.png b/windows/deployment/windows-autopilot/images/wg01.png
new file mode 100644
index 0000000000..fa08be3f48
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg01.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg02.png b/windows/deployment/windows-autopilot/images/wg02.png
new file mode 100644
index 0000000000..5de01d6803
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg02.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg03.png b/windows/deployment/windows-autopilot/images/wg03.png
new file mode 100644
index 0000000000..89ac12747c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg03.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg04.png b/windows/deployment/windows-autopilot/images/wg04.png
new file mode 100644
index 0000000000..a59ea766b7
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg04.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg05.png b/windows/deployment/windows-autopilot/images/wg05.png
new file mode 100644
index 0000000000..cea36fb6bd
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg05.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg06.png b/windows/deployment/windows-autopilot/images/wg06.png
new file mode 100644
index 0000000000..68cd29c24d
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg06.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg07.png b/windows/deployment/windows-autopilot/images/wg07.png
new file mode 100644
index 0000000000..bc5a81bb3f
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg07.png differ
diff --git a/windows/deployment/windows-autopilot/images/white-glove-result.png b/windows/deployment/windows-autopilot/images/white-glove-result.png
new file mode 100644
index 0000000000..de3701e76d
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/white-glove-result.png differ
diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md
new file mode 100644
index 0000000000..f3911a5db3
--- /dev/null
+++ b/windows/deployment/windows-autopilot/index.md
@@ -0,0 +1,75 @@
+---
+title: Windows Autopilot deployment
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot deployment
+
+**Applies to**
+
+-   Windows 10
+
+Windows Autopilot is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks.  
+
+This guide is intended for use by an IT-specialist, system architect, or business decision maker. The guide provides information about how Windows Autopilot deployment works, including detailed requirements, deployment scenarios, and platform capabilities. The document highlights options that are available to you when planning a modern, cloud-joined Windows 10 deployment strategy. Links are provided to detailed step by step configuration procedures.
+
+## In this guide
+
+
+
                          What's new Windows Autopilot is always being updated with new features! Check this topic to read about the latests capabilities.
+
                          
+
+### Understanding Windows Autopilot
+
+
+
                          Overview of Windows AutopilotA review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed.
+
                          RequirementsDetailed software, network, licensiing, and configuration requirments are provided.
+
                          Scenarios and CapabilitiesA summary of Windows Autopilot deployment scenarios and capabilities.
+
                          Get startedInterested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account.
+
                          
+
+### Deployment scenarios
+
+
+
                          User-driven modeRequirements and validation steps for deploying a new Azure Active Directory (AAD) joined or hybrid AAD-joined Windows 10 device are provided.
+
                          Self-deploying modeRequirements and validation steps for deploying a new Windows 10 device device with little to no user interaction are provided.
+
                          Windows Autopilot ResetUsing Windows Autopilot Reset, a device can be restored to its original settings, taking it back to a business-ready state. Both local and remote reset scenarios are discussed.
+
                          Windows Autopilot for white glove deploymentRequirements and procedures are described that enable additional policies and apps to be delivered to a Windows Autopilot device.
+
                          Support for existing devicesThis topic describes how Windows Autopilot can be used to convert Windows 7 or Windows 8.1 domain-joined computers to AAD-joined computers running Windows 10.
+
                          
+
+### Using Windows Autopilot
+
+
+
                          Registering devicesThe process of registering a device with the Windows Autopilot deployment service is described.
+
                          Configuring device profilesThe device profile settings that specifie its behavior when it is deployed are described.
+
                          Enrollment status pageSettings that are available on the Enrollment Status Page are described.
+
                          Bitlocker encryption Available options for configuring BitLocker on Windows Autopilot devices are described.
+
                          Troubleshooting Windows AutopilotDiagnotic event information and troubleshooting procedures are provided.
+
                          Known issuesA list of current known issues and solutions is provided.
+
                          
+
+### Support topics
+
+
+
                          FAQFrequently asked questions on several topics are provided.
+
                          Support contactsSupport information is provided.
+
                          Registration authorizationThis article discusses how a CSP partner or OEM can obtain customer authorization to register Windows Autopilot devices.
+
                          
+
+## Related topics
+
+[Windows Autopilot](https://www.microsoft.com/windowsforbusiness/windows-autopilot)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/intune-connector.md b/windows/deployment/windows-autopilot/intune-connector.md
deleted file mode 100644
index f557867c0b..0000000000
--- a/windows/deployment/windows-autopilot/intune-connector.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Intune Connector (preview) requirements
-description: Intune Connector (preview) issue workaround
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.date: 11/26/2018
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Intune Connector (preview) language requirements
-
-**Applies to: Windows 10**
-
-Microsoft has released a [preview for Intune connector for Active Directory](https://docs.microsoft.com/intune/windows-autopilot-hybrid) that enables user-driven [Hybrid Azure Active Directory join](user-driven-hybrid.md) for Windows Autopilot.
-
-In this preview version of the Intune Connector, you might receive an error message indicating a setup failure with the following error code and message:
-
-**0x80070658 - Error applying transforms. Verify that the specified transform paths are valid.**
-
-An [example](#example) of the error message is displayed at the bottom of this topic. 
-
-This error can be resolved by ensuring that the member server where Intune Connector is running has one of the following language packs installed and configured to be the default keyboard layout:
-
-|  |  |  |  |  |  |  |  |  |  |  | 
-| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
-| en-US | cs-CZ | da-DK | de-DE | el-GR | es-ES | fi-FI | fr-FR | hu-HU | it-IT | ja-JP |
-| ko-KR | nb-NO | nl-NL | pl-PL | pt-BR | ro-RO | ru-RU | sv-SE | tr-TR | zh-CN | zh-TW |
-
->[!NOTE]
->After installing the Intune Connector, you can restore the keyboard layout to its previous settings.
                          
->This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
-
-To change the default keyboard layout:
-
-1. Click **Settings > Time & language > Region and language** 
-2. Select one of the languages listed above and choose **Set as default**.
-
-If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
-
-## Example
-
-The following is an example of the error message that can be displayed if one of the listed languages is not used during setup:
-
-![Connector error](images/connector-fail.png)
-
-
diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md
new file mode 100644
index 0000000000..4495c6c055
--- /dev/null
+++ b/windows/deployment/windows-autopilot/known-issues.md
@@ -0,0 +1,36 @@
+---
+title: Windows Autopilot known issues
+ms.reviewer: 
+manager: laurawi
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - known issues
+
+**Applies to**
+
+-   Windows 10
+
+
+
                          IssueMore information
+
                          White glove gives a red screenWhite glove is not supported on a VM.
+
                          Error importing Windows Autopilot devices from a .csv fileEnsure that you have not edited the .csv file in Microsoft Excel or an editor other than Notepad. Some of these editors can introduce extra characters causing the file format to be invalid. 
+
                          Windows Autopilot for existing devices does not follow the Autopilot OOBE experience.Ensure that the JSON profile file is saved in ANSI/ASCII format, not Unicode or UTF-8.
+
                          Something went wrong is displayed page during OOBE.The client is likely unable to access all the required AAD/MSA-related URLs. For more information, see Networking requirements.
+
                          
+
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md
index 8884be069a..996999fc4f 100644
--- a/windows/deployment/windows-autopilot/profiles.md
+++ b/windows/deployment/windows-autopilot/profiles.md
@@ -1,14 +1,16 @@
 ---
 title: Configure Autopilot profiles
-description: How to configure Windows Autopilot deployment
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -22,24 +24,6 @@ ms.topic: article
 
 For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices).
 
-## Profile download
-
-When an Internet-connected Windows 10 device boots up, it will attempt to connect to the Autopilot service and download an Autopilot profile. Note: It is important that a profile exists at this stage so that a blank profile is not cached locally on the PC. To remove the currently cached local profile in Windows 10 version 1803 and earlier, it is necessary to re-generalize the OS using **sysprep /generalize /oobe**, reinstall the OS, or re-image the PC. In Windows 10 version 1809 and later, you can retrieve a new profile by rebooting the PC.
-
-When a profile is downloaded depends on the version of Windows 10 that is running on the PC. See the following table.
-
-| Windows 10 version | Profile download behavior |
-| --- | --- |
-| 1703 and 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
-| 1803 | The profile is downloaded as soon as possible.  If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
-| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
-
-If you need to reboot a computer during OOBE: 
-- Press Shift-F10 to open a command prompt.
-- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.
-
-For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
-
 ## Profile settings
 
 The following profile settings are available:
@@ -60,4 +44,5 @@ The following profile settings are available:
 
 ## Related topics
 
-[Configure Autopilot deployment](configure-autopilot.md)
+[Profile download](troubleshooting.md#profile-download)
+[Registering devices](add-devices.md)
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index 563dc03e5f..413adf3a32 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -1,14 +1,16 @@
 ---
 title: Windows Autopilot customer consent
-description: Support information for Windows Autopilot
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, csp, OEM
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
-ms.localizationpriority: low
+ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
diff --git a/windows/deployment/windows-autopilot/rip-and-replace.md b/windows/deployment/windows-autopilot/rip-and-replace.md
deleted file mode 100644
index 92c1d57447..0000000000
--- a/windows/deployment/windows-autopilot/rip-and-replace.md
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: Rip and Replace
-description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-ms.sitesec: library
-ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
-ms.date: 06/01/2018
----
-
-# Rip and replace
-
-**Applies to: Windows 10**
-
-DO NOT PUBLISH.  Just a placeholder for now, coming with 1809.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index be36013432..e2fb1ecaa1 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,21 +1,22 @@
 ---
 title: Windows Autopilot Self-Deploying mode (Preview) 
-description: Gives an overview of Autopilot Plug and Forget and how to use it.
-keywords: Autopilot Plug and Forget, Windows 10
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype:
 ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
 
-# Windows Autopilot Self-Deploying mode (Preview)
+# Windows Autopilot Self-Deploying mode
 
 **Applies to: Windows 10, version 1809 or later**
 
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
index 0d365a9cac..52b66ab257 100644
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -1,14 +1,16 @@
----
+---
 title: Troubleshooting Windows Autopilot
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -20,7 +22,7 @@ ms.topic: article
 
 Windows Autopilot is designed to simplify all parts of the Windows device lifecycle, but there are always situations where issues may arise, either due to configuration or other issues.  To assist with troubleshooting efforts, review the following information.
 
-## Windows Autopilot deployment
+## Troubleshooting process
 
 Regardless of whether performing user-driven or self-deploying device deployments, the troubleshooting process is the mostly the same.  It is useful to understand the flow for a specific device:
 
@@ -33,17 +35,17 @@ Regardless of whether performing user-driven or self-deploying device deployment
 
 For troubleshooting, key activities to perform are:
 
--   Configuration.  Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements-configuration.md)?
--   Network connectivity.  Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements-network.md)?
+-   Configuration.  Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
+-   Network connectivity.  Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
 -   Autopilot OOBE behavior.  Were only the expected out-of-box experience screens displayed?  Was the Azure AD credentials page customized with organization-specific details as expected?
 -   Azure AD join issues.  Was the device able to join Azure Active Directory?
 -   MDM enrollment issues.  Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
 
-### Troubleshooting Autopilot OOBE issues
+## Troubleshooting Autopilot OOBE issues
 
 If the expected Autopilot behavior does not occur during the out-of-box experience (OOBE), it is useful to see whether the device received an Autopilot profile and what settings that profile contained.  Depending on the Windows 10 release, there are different mechanisms available to do that.
 
-#### Windows 10 version 1803 and above
+### Windows 10 version 1803 and above
 
 To see details related to the Autopilot profile settings and OOBE flow, Windows 10 version 1803 and above adds event log entries.  These can be viewed using Event Viewer, navigating to the log at **Application and Services Logs –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> AutoPilot**.  The following events may be recorded, depending on the scenario and profile configuration.
 
@@ -64,7 +66,7 @@ To see details related to the Autopilot profile settings and OOBE flow, Windows
 
 In addition to the event log entries, the registry and ETW trace options described below also work with Windows 10 version 1803 and above.
 
-#### Windows 10 version 1709 and above
+### Windows 10 version 1709 and above
 
 On Windows 10 version 1709 and above, information about the Autopilot profile settings are stored in the registry on the device after they are received from the Autopilot deployment service.  These can be found at **HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot**.  Available registry entries include:
 
@@ -77,20 +79,38 @@ On Windows 10 version 1709 and above, information about the Autopilot profile se
 | TenantMatched | This will be set to 1 if the tenant ID of the user matches the tenant ID that the device was registered with.  If this is 0, the user would be shown an error and forced to start over. |
 | CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured.  Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
 
-#### Windows 10 version 1703 and above
+### Windows 10 version 1703 and above
 
 On Windows 10 version 1703 and above, ETW tracing can be used to capture detailed information from Autopilot and related components.  The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools.  See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
 
-### Troubleshooting Azure AD Join issues
+## Troubleshooting Azure AD Join issues
 
-The most common issue joining a device to Azure AD is related to Azure AD permissions.  Ensure [the correct configuration is in place](windows-autopilot-requirements-configuration.md) to allow users to join devices to Azure AD.  Errors can also happen if the user has exceeded the number of devices that they are allowed to join, as configured in Azure AD.
+The most common issue joining a device to Azure AD is related to Azure AD permissions.  Ensure [the correct configuration is in place](windows-autopilot-requirements.md) to allow users to join devices to Azure AD.  Errors can also happen if the user has exceeded the number of devices that they are allowed to join, as configured in Azure AD.
 
 Error code 801C0003 will typically be reported on an error page titled "Something went wrong".  This error means that the Azure AD join failed.
 
-### Troubleshooting Intune enrollment issues
+## Troubleshooting Intune enrollment issues
 
 See [this knowledge base article](https://support.microsoft.com/help/4089533/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for assistance with Intune enrollment issues.  Common issues include incorrect or missing licenses assigned to the user or too many devices enrolled for the user.
 
 Error code 80180018 will typically be reported on an error page titled "Something went wrong".  This error means that the MDM enrollment failed.
 
 If Autopilot Reset fails immediately with an error "Ran into trouble. Please sign in with an administrator account to see why and reset manually," see [Troubleshoot Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset#troubleshoot-autopilot-reset) for more help.
+
+## Profile download
+
+When an Internet-connected Windows 10 device boots up, it will attempt to connect to the Autopilot service and download an Autopilot profile. Note: It is important that a profile exists at this stage so that a blank profile is not cached locally on the PC. To remove the currently cached local profile in Windows 10 version 1803 and earlier, it is necessary to re-generalize the OS using **sysprep /generalize /oobe**, reinstall the OS, or re-image the PC. In Windows 10 version 1809 and later, you can retrieve a new profile by rebooting the PC.
+
+When a profile is downloaded depends on the version of Windows 10 that is running on the PC. See the following table.
+
+| Windows 10 version | Profile download behavior |
+| --- | --- |
+| 1703 and 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
+| 1803 | The profile is downloaded as soon as possible.  If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
+| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
+
+If you need to reboot a computer during OOBE: 
+- Press Shift-F10 to open a command prompt.
+- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.
+
+For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md
deleted file mode 100644
index 2058c34488..0000000000
--- a/windows/deployment/windows-autopilot/user-driven-aad.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: User-driven mode for AAD
-description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot user-driven mode for Azure Active Directory join
-
-**Applies to: Windows 10**
-
-## Procedures
-
-In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
-
--   Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory.  See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
--   Create an Autopilot profile for user-driven mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
--   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
-
-For each device that will be deployed using user-driven deployment, these additional steps are needed:
-
--   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
--   Ensure an Autopilot profile has been assigned to the device:
-    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
-    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
-    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
-
-Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
deleted file mode 100644
index d69c5869ba..0000000000
--- a/windows/deployment/windows-autopilot/user-driven-hybrid.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Hybrid AAD Join
-description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-
-# Windows Autopilot user-driven mode for hybrid Azure Active Directory join
-
-**Applies to: Windows 10**
-
-Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).  
-
-## Requirements
-
-To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
-
-- A Windows Autopilot profile for user-driven mode must be created and 
-    - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
-- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
-- The device must be running Windows 10, version 1809 or later.
-- The device must be connected to the Internet and have access to an Active Directory domain controller.
-- The Intune Connector for Active Directory must be installed.
-    - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. 
-- If using Proxy, WPAD Proxy settings option must be enabled and configured.
-
-**AAD device join**: The hybrid AAD join process uses the system context to perform device AAD join, therefore it is not affected by user based AAD join permission settings. In addition, all users are enabled to join devices to AAD by default.
-
-## Step by step instructions
-
-See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
-
-Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
index eb34848a9d..0b60714d75 100644
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ b/windows/deployment/windows-autopilot/user-driven.md
@@ -1,15 +1,16 @@
 ---
 title: Windows Autopilot User-Driven Mode
-description: Canonical Autopilot scenario
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 11/07/2018
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -32,8 +33,52 @@ Today, Windows Autopilot user-driven mode supports joining devices to Azure Acti
 
 The following options are available for user-driven deployment:
 
-- [Azure Active Directory join](user-driven-aad.md) is available if devices do not need to be joined to an on-prem Active Directory domain.
-- [Hybrid Azure Active Directory join](user-driven-hybrid.md) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
+- [Azure Active Directory join](#user-driven-mode-for-azure-active-directory-join) is available if devices do not need to be joined to an on-prem Active Directory domain.
+- [Hybrid Azure Active Directory join](#user-driven-mode-for-hybrid-azure-active-directory-join) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
+
+### User-driven mode for Azure Active Directory join
+
+In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+
+-   Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory.  See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
+-   Create an Autopilot profile for user-driven mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
+-   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
+
+For each device that will be deployed using user-driven deployment, these additional steps are needed:
+
+-   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
+-   Ensure an Autopilot profile has been assigned to the device:
+    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
+    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
+    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+
+Also see the [Validation](#validation) section below.
+
+### User-driven mode for hybrid Azure Active Directory join
+
+Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).  
+
+#### Requirements
+
+To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
+
+- A Windows Autopilot profile for user-driven mode must be created and 
+    - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
+- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
+- The device must be running Windows 10, version 1809 or later.
+- The device must be able to access an Active Directory domain controller, so it must be connected to the organization's network (where it can resolve the DNS records for the AD domain and the AD domain controller, and communicate with the domain controller to authenticate the user).
+- The device must be able to access the Internet, following the [documented Windows Autopilot network requirements](windows-autopilot-requirements.md).
+- The Intune Connector for Active Directory must be installed.
+    - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. 
+- If using Proxy, WPAD Proxy settings option must be enabled and configured.
+
+**AAD device join**: The hybrid AAD join process uses the system context to perform device AAD join, therefore it is not affected by user based AAD join permission settings. In addition, all users are enabled to join devices to AAD by default.
+
+#### Step by step instructions
+
+See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
+
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 
 
 ## Validation
 
@@ -51,4 +96,4 @@ When performing a user-driven deployment using Windows Autopilot, the following
 -   Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided.
 -   Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
 
-In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
\ No newline at end of file
+In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md
new file mode 100644
index 0000000000..d0a2891d0c
--- /dev/null
+++ b/windows/deployment/windows-autopilot/white-glove.md
@@ -0,0 +1,110 @@
+---
+title: Windows Autopilot for white glove deployment
+description: Windows Autopilot for white glove deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greg-lindsay
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Windows Autopilot for white glove deployment
+
+**Applies to: Windows 10, version 1903** 
+
+Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready.
+
+ ![OEM](images/wg01.png)
+
+Windows Autopilot can also provide a white glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
+
+With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few necessary settings and polices and then they can begin using their device.
+
+ ![OEM](images/wg02.png)
+
+Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven [Azure AD join](user-driven-aad.md) and [Hybrid Azure AD](user-driven-hybrid.md) join scenarios.
+
+## Prerequisites
+
+In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following:
+
+- Windows 10, version 1903 or later is required.
+- An Intune subscription.
+- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported.  The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
+- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
+
+## Preparation
+
+Devices slated for WG provisioning are registered for Autopilot via the normal registration process. 
+
+To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios:
+
+- User-driven Azure AD join.  Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant.
+- User-driven with Hybrid Azure AD join.  Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features.
+
+If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios.
+
+To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility:
+
+ ![allow white glove](images/allow-white-glove-oobe.png)
+
+The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune.  That includes certificates, security templates, settings, apps, and more – anything targeting the device.  Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed.  
+
+>[!NOTE]
+>Other user-targeted policies will not apply until the user signs into the device.  To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users.
+
+## Scenarios
+
+Windows Autopilot for white glove deployment supports two distinct scenarios:
+- User-driven deployments with Azure AD Join.  The device will be joined to an Azure AD tenant.
+- User-driven deployments with Hybrid Azure AD Join.  The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD.
+Each of these scenarios consists of two parts, a technician flow and a user flow.  At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps.
+
+### Technican flow
+
+After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process.  The technician could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same:
+- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later).
+- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**.  Instead, press the Windows key five times to view an additional options dialog.  From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**.
+
+  ![choice](images/choice.png)
+
+- On the **Windows Autopilot Configuration** screen, information will be displayed about the device:
+    - The Autopilot profile assigned to the device.
+    - The organization name for the device.
+    - The user assigned to the device (if there is one).
+    - A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting).
+    - **Note**: The QR codes can be scanned using a companion app, which will also configure the device to specify who it belongs to.  An [open-source sample of the companion app](https://github.com/Microsoft/WindowsAutopilotCompanion) that integrates with Intune via the Graph API has been published to GitHub by the Autopilot team.
+- Validate the information displayed.  If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details.
+
+  ![landing](images/landing.png)
+
+- Click **Provision** to begin the provisioning process.
+
+If the pre-provisioning process completes successfully:
+- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
+ ![white-glove-result](images/white-glove-result.png)
+- Click **Reseal** to shut the device down.  At that point, the device can be shipped to the end user.
+
+If the pre-provisioning process fails:
+- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
+- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.
+
+### User flow
+
+If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process.  They will perform a standard set of steps:
+
+- Power on the device.
+- Select the appropriate language, locale, and keyboard layout.
+- Connect to a network (if using Wi-Fi).  If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required.
+- On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
+- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
+- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP).  Once complete, the user will be able to access the desktop.
+
+## Related topics
+
+[White glove video](https://youtu.be/nE5XSOBV0rI)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
deleted file mode 100644
index 9610dbb4af..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Windows Autopilot configuration requirements
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot configuration requirements
-
-**Applies to: Windows 10**
-
-Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios.  
-
--   Configure Azure Active Directory automatic enrollment.  For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details.  If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services.
--   Configure Azure Active Directory custom branding.  In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed.  See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details.  Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties).
--   Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise.
-
-Specific scenarios will then have additional requirements.  Generally, there are two specific tasks:
-
--   Device registration.  Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios.  See [Adding devices to Windows Autopilot](add-devices.md) for more details.
--   Profile configuration.  Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device.  See [Configure Autopilot profiles](profiles.md) for details.  Note that Microsoft Intune can automate this profile assignment; see [Create an AutoPilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an AutoPilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group) for more information.
-
-See [Windows Autopilot Scenarios](windows-autopilot-scenarios.md) for additional details.
-
-For a walkthrough for some of these and related steps, see this video:
-
                          
- 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
deleted file mode 100644
index aaae7ae596..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Windows Autopilot licensing requirements
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot licensing requirements
-
-**Applies to: Windows 10**
-
-Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory; it also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
-
--   To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
-    -   [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
-    -   [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
-    -   [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
-    -   [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
-    -   [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features
-    -   [Intune for Education subscriptions](https://docs.microsoft.com/en-us/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features
-    -   [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/en-us/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service)
-
-Additionally, the following are also recommended (but not required):
--   [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services)
--   [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
deleted file mode 100644
index f2b2c19fb8..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: Windows Autopilot networking requirements
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot networking requirements
-
-**Applies to: Windows 10**
-
-Windows Autopilot depends on a variety of internet-based services; access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
-
--   Ensure DNS name resolution for internet DNS names
-
--   Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
-
-In environments that have more restrictive internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the needed services. For additional details about each of these services and their specific requirements, review the following details:
-
--   **Windows Autopilot Deployment Service (and Windows Activation).**  After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service.  With Windows 10 builds 18204 and above, the following URLs are used:
-
-    -   https://ztd.dds.microsoft.com
-    -   https://cs.dds.microsoft.com
-    
-    For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See the following link for details:
-
-    -   
-
--   **Azure Active Directory.**  User credentials are validated by Azure Active Directory, then the device may also be joined to Azure Active Directory. See the following link for more information:
-
-    -   
-
--   **Intune.**  Once authenticated, Azure Active Directory will trigger the enrollment of the device into the Intune MDM service. See the following link for details:
-
-    -    (Network communication requirements section)
-
--   **Windows Update.**  During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates.
-
-    -   
-
-    -   NOTE:  If Windows Update is inaccessible, the AutoPilot process will still continue.
-
--   **Delivery Optimization.**  When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
-
-    -   
-
-    -   NOTE: If Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
-
--   **Network Time Protocol (NTP) Sync.**  When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate.
-
-    -   Ensure that UDP port 123 to time.windows.com is accessible.
-
--   **Domain Name Services (DNS).**  To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names.
-
--   **Diagnostics data.**  To enable Windows Analytics and related diagnostics capabilities, see the following documentation:
-
-    -   
-
-    -   NOTE: If diagnostic data cannot be sent, the Autopilot process will still continue.
-
--   **Network Connection Status Indicator (NCSI).**  Windows must be able to tell that the device is able to access the internet.
-
-    -    (Network Connection Status Indicator section, [www.msftconnecttest.com](http://www.msftconnecttest.com) must be resolvable via DNS and accessible via HTTP)
-
--   **Windows Notification Services (WNS).**  This service is used to enable Windows to receive notifications from apps and services.
-
-    -    (Microsoft store section)
-
-    -   NOTE: If the WNS services are not available, the Autopilot process will still continue.
-
--   **Microsoft Store, Microsoft Store for Business.**  Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in.
-
-    -    (also includes Azure AD and Windows Notification Services)
-
-    -   NOTE: If the Microsoft Store is not accessible, the AutoPilot process will still continue.
-
--   **Office 365.**  As part of the Intune device configuration, installation of Office 365 ProPlus may be required.
-
-    -    (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above)
-
--   **Certificate revocation lists (CRLs).**  Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented in the Office documentation at  and .
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index 358e9fefd8..f4f79e0f88 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -1,14 +1,16 @@
 ---
 title: Windows Autopilot requirements
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+ms.reviewer: 
+manager: laurawi
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.prod: w10
 ms.mktglfcycl: deploy
-ms.localizationpriority: high
+ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -20,6 +22,10 @@ ms.topic: article
 
 Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune.  In order to use Windows Autopilot and leverage these capabilities, some requirements must be met.
 
+**Note**: For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsautopilot).
+
+## Software requirements
+
 - Windows 10 version 1703 (semi-annual channel) or higher is required. 
 - The following editions are supported:
     -   Windows 10 Pro
@@ -28,23 +34,84 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur
     -   Windows 10 Enterprise
     -   Windows 10 Education
     -   Windows 10 Enterprise 2019 LTSC
-    
- - If you're using Autopilot for Surface devices, note that only the following Surface devices support Autopilot:
-    - Surface Go
-    - Surface Go with LTE Advanced
-    - Surface Pro (5th gen) 
-    - Surface Pro with LTE Advanced (5th gen) 
-    - Surface Pro 6
-    - Surface Laptop (1st gen)
-    - Surface Laptop 2
-    - Surface Studio (1st gen)
-    - Surface Studio 2
-    - Surface Book 2
 
-See the following topics for details on network and configuration requirements:
-- [Networking requirements](windows-autopilot-requirements-network.md)
-- [Configuration requirements](windows-autopilot-requirements-configuration.md)
-    - For details about specific configuration requirements to enable user-driven Hybrid Azure Active Directory join for Windows Autopilot, see [Intune Connector (preview) language requirements](intune-connector.md). This requirement is a temporary workaround, and will be removed in the next release of Intune Connector. 
+## Networking requirements
+
+Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
+
+-   Ensure DNS name resolution for internet DNS names
+-   Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
+
+In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details:
+
+
                          ServiceInformation
+
                          Windows Autopilot Deployment Service and Windows ActivationAfter a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service.  With Windows 10 builds 18204 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com. 
                          
+    
+For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See Windows activation or validation fails with error code 0x8004FE33 for details about problems that might occur when you connect to the Internet through a proxy server.
+
                          Azure Active DirectoryUser credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information.
+
                          IntuneOnce authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth.
+
                          Windows UpdateDuring the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
                          
+
+If Windows Update is inaccessible, the AutoPilot process will still continue but critical updates will not be available.
+
+
                          Delivery OptimizationWhen downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
                          
+
+If the Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
+
+
                          Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible.
+
                          Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names.
+
                          Diagnostics dataTo enable Windows Analytics and related diagnostics capabilities, see Configure Windows diagnostic data in your organization.
                          
+
+If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work.
+
                          Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI).
+
+www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP.
+
                          Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
                          
+
+If the WNS services are not available, the Autopilot process will still continue without notifications.
+
                          Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
                          
+
+If the Microsoft Store is not accessible, the AutoPilot process will still continue without Microsoft Store apps.
+
+
                          Office 365As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
+
                          Certificate revocation lists (CRLs)Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at Office 365 URLs and IP address ranges and Office 365 Certificate Chains.
+
                          
+
+## Licensing requirements
+
+Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
+
+To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
+ - [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
+ - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
+ - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
+ - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
+ - [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
+ - [Intune for Education subscriptions](https://docs.microsoft.com/en-us/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
+ - [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/en-us/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service).
+
+Additionally, the following are also recommended (but not required):
+- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
+- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise.
+
+## Configuration requirements
+
+Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios.  
+
+- Configure Azure Active Directory automatic enrollment.  For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details.  If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services.
+- Configure Azure Active Directory custom branding.  In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed.  See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details.  Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties).
+- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise.
+
+Specific scenarios will then have additional requirements.  Generally, there are two specific tasks:
+
+- Device registration.  Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios.  See [Adding devices to Windows Autopilot](add-devices.md) for more details.
+- Profile configuration.  Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device.  See [Configure Autopilot profiles](profiles.md) for details.  Note that Microsoft Intune can automate this profile assignment; see [Create an AutoPilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an AutoPilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group) for more information.
+
+See [Windows Autopilot Scenarios](windows-autopilot-scenarios.md) for additional details.
+
+For a walkthrough for some of these and related steps, see this video:
+
                           
                          
+ 
 
 There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications).
 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
deleted file mode 100644
index ac25a597f7..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: Reset devices using local Windows Autopilot Reset
-description: Gives an overview of Local Autopilot Reset and how to use it.
-keywords: Autopilot Reset, Windows 10
-ms.prod: w10
-ms.technology: Windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype:
-ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Reset devices with local Windows Autopilot Reset 
-
-**Applies to: Windows 10, version 1709 and above
-
-IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
-
-To enable local Autopilot Reset in Windows 10:
-
-1. [Enable the policy for the feature](#enable-autopilot-reset)
-2. [Trigger a reset for each device](#trigger-autopilot-reset)
-
-## Enable local Windows Autopilot Reset
-
-To enable a local Windows Autopilot Reset, the **DisableAutomaticReDeploymentCredentials** policy must be configured. This policy is documented in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, local Windows Autopilot is disabled. This ensures that a local Autopilot Reset is not triggered by accident.
-
-You can set the policy using one of these methods:
-
-- MDM provider
-
-    - When using Intune, you can create a new device configuration profile, specifying "Windows 10 or later" for the platform, "Device restrictions" for the profile type, and "General" for the settings category.  The **Automatic Redeployment** setting should be set to **Allow**.  Deploy this setting to all devices where a local reset should be permitted.
-    - If you're using an MDM provider other than Intune, check your MDM provider documentation on how to set this policy. 
-
-- Windows Configuration Designer
-
-    You can [use Windows Configuration Designer](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting to 0 and then create a provisioning package.
-
-- Set up School PCs app
-
-    The latest release of the Set up School PCs app supports enabling local Windows Autopilot Reset.
-
-## Trigger local Windows Autopilot Reset
-
-Performing a local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it is done, the device is again ready for use. 
-
-**To trigger a local Autopilot Reset**
-
-1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**. 
-
-    ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)
-
-    This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes:
-    1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset
-    2. Notify the user in case a provisioning package, created using Windows Configuration Designer, will be used as part of the process.
-
-    ![Custom login screen for local Autopilot Reset](images/autopilot-reset-customlogin.png)
-
-2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger the local Autopilot Reset.
-
-    Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
deleted file mode 100644
index 7e67c7eca1..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Reset devices with remote Autopilot Reset (Preview)
-description: Gives an overview of remote Autopilot Reset and how to use it.
-keywords: Autopilot Reset, Windows 10
-ms.prod: w10
-ms.technology: Windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype:
-ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Reset devices with remote Windows Autopilot Reset (Preview)
-
-**Applies to: Windows 10, build 17672 or later**
-
-When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process.
-
-To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed, joined to Azure AD, and configured to use the [enrollment status page](enrollment-status.md). This feature is not supported on devices that were enrolled using [Autopilot self deploying mode](self-deploying.md).
-
-## Triggering a remote Windows Autopilot Reset
-
-To trigger a remote Windows Autopilot Reset via Intune, follow these steps:
- 
--   Navigate to **Devices** tab in the Intune console. 
--   In the **All devices** view, select the targeted reset devices and then click **More** to view device actions. 
--   Select **Autopilot Reset** to kick-off the reset task. 
-
->[!NOTE]
->The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher.
-
->[!IMPORTANT]
->The feature for Autopilot Reset (preview) will stay grayed out, **unless** you reset the device using Autopilot (either using Fresh Reset or manually sysprep the device).
-
-Once the reset is complete, the device is again ready for use.
- 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
index 78eca0eb39..8e06edad48 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -1,15 +1,16 @@
 ---
 title: Windows Autopilot Reset
-description: Gives an overview of Remote Autopilot Reset and how to use it.
-keywords: Autopilot Reset, Windows 10
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
-ms.technology: Windows
 ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype:
 ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -17,7 +18,8 @@ ms.topic: article
 
 # Windows Autopilot Reset
 
-**Applies to: Windows 10** 
+- Applies to: Windows 10, version 1709 and later (local reset)
+- Applies to: Windows 10, version 1809 and later (remote reset)
 
 Windows Autopilot Reset removes personal files, apps, and settings and reapplies a device’s original settings, maintaining its identity connection to Azure AD and its management connection to Intune so that the device is once again ready for use. Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply. 
 
@@ -28,10 +30,7 @@ The Windows Autopilot Reset process automatically retains information from the e
 -   Provisioning packages previously applied to the device, as well as a provisioning package present on a USB drive when the reset process is initiated. 
 -   Azure Active Directory device membership and MDM enrollment information.
 
-Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  This requires configuring the device to use the [enrollment status page](enrollment-status.md).
-
->[!IMPORTANT] 
->To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
+Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  
 
 >[!NOTE]
 >The Autopilot Reset does not support Hybrid Azure AD joined devices.
@@ -40,11 +39,89 @@ Windows Autopilot Reset will block the user from accessing the desktop until thi
 
 Windows Autopilot Reset supports two scenarios:
 
--   [Local reset](windows-autopilot-reset-local.md), initiated by IT personnel or other administrators from the organization.
--   [Remote reset](windows-autopilot-reset-remote.md), initiated remotely by IT personnel via an MDM service such as Microsoft Intune.
+-   [Local reset](#reset-devices-with-local-windows-autopilot-reset) initiated by IT personnel or other administrators from the organization.
+-   [Remote reset](#reset-devices-with-remote-windows-autopilot-reset) initiated remotely by IT personnel via an MDM service such as Microsoft Intune.
 
 Additional requirements and configuration details apply with each scenario; see the detailed links above for more information.
 
+## Reset devices with local Windows Autopilot Reset 
+
+**Applies to: Windows 10, version 1709 and above**
+
+The Intune Service Administrator role is required to perform this task.  For more information, see [Add users and grant administrative permission to Intune](https://docs.microsoft.com/en-us/intune/users-add).
+
+IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
+
+To enable local Autopilot Reset in Windows 10:
+
+1. [Enable the policy for the feature](#enable-local-windows-autopilot-reset)
+2. [Trigger a reset for each device](#trigger-local-windows-autopilot-reset)
+
+### Enable local Windows Autopilot Reset
+
+To enable a local Windows Autopilot Reset, the **DisableAutomaticReDeploymentCredentials** policy must be configured. This policy is documented in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, local Windows Autopilot is disabled. This ensures that a local Autopilot Reset is not triggered by accident.
+
+You can set the policy using one of these methods:
+
+- MDM provider
+
+    - When using Intune, you can create a new device configuration profile, specifying "Windows 10 or later" for the platform, "Device restrictions" for the profile type, and "General" for the settings category.  The **Automatic Redeployment** setting should be set to **Allow**.  Deploy this setting to all devices where a local reset should be permitted.
+    - If you're using an MDM provider other than Intune, check your MDM provider documentation on how to set this policy. 
+
+- Windows Configuration Designer
+
+    You can [use Windows Configuration Designer](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting to 0 and then create a provisioning package.
+
+- Set up School PCs app
+
+    The latest release of the Set up School PCs app supports enabling local Windows Autopilot Reset.
+
+### Trigger local Windows Autopilot Reset
+
+Performing a local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it is done, the device is again ready for use. 
+
+**To trigger a local Autopilot Reset**
+
+1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**. 
+
+    ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)
+
+    This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes:
+    1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset
+    2. Notify the user in case a provisioning package, created using Windows Configuration Designer, will be used as part of the process.
+
+    ![Custom login screen for local Autopilot Reset](images/autopilot-reset-customlogin.png)
+
+2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger the local Autopilot Reset.
+
+    Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
+
+## Reset devices with remote Windows Autopilot Reset
+
+**Applies to: Windows 10, version 1809 or later**
+
+When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process.
+
+To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed and joined to Azure AD. This feature is not supported on devices that were enrolled using [Autopilot self deploying mode](self-deploying.md).
+
+### Triggering a remote Windows Autopilot Reset
+
+To trigger a remote Windows Autopilot Reset via Intune, follow these steps:
+ 
+-   Navigate to **Devices** tab in the Intune console. 
+-   In the **All devices** view, select the targeted reset devices and then click **More** to view device actions. 
+-   Select **Autopilot Reset** to kick-off the reset task. 
+
+>[!NOTE]
+>The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher.
+
+>[!IMPORTANT]
+>The feature for Autopilot Reset will stay grayed out, **unless** you reset the device using Autopilot (either using Fresh Reset or manually sysprep the device).
+
+Once the reset is complete, the device is again ready for use.
+ 
+
+
 ## Troubleshooting
 
 Windows Autopilot Reset requires that the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is correctly configured and enabled on the device. If it is not configured and enabled, an error such as `Error code: ERROR_NOT_SUPPORTED (0x80070032)` will be reported.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index d73e7bb81f..ec85b05086 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -1,32 +1,68 @@
 ---
-title: Windows Autopilot scenarios
-description: Listing of Autopilot scenarios
+title: Windows Autopilot scenarios and capabilities
+description: Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
 
-# Windows Autopilot scenarios
+# Windows Autopilot scenarios and capabilities
 
 **Applies to: Windows 10**
 
+## Scenarios
+
 Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
 
-For details about these scenarios, see these additional topics:
+The following Windows Autopilot scenarios are described in this guide:
 
-- [Windows Autopilot for existing devices](existing-devices.md), to deploy Windows 10 on an existing Windows 7 or 8.1 device.
-- [Windows Autopilot user-driven mode](user-driven.md), for devices that will be set up by a member of the organization and configured for that person.
-- [Windows Autopilot self-deploying mode](self-deploying.md), for devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.
-- [Windows Autopilot Reset](windows-autopilot-reset.md), to re-deploy a device in a business-ready state.
+
+
                          ScenarioMore information
+
                          Deploy devices that will be set up by a member of the organization and configured for that person[Windows Autopilot user-driven mode](user-driven.md)
+
                          Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.[Windows Autopilot self-deploying mode](self-deploying.md)
+
                          Re-deploy a device in a business-ready state.[Windows Autopilot Reset](windows-autopilot-reset.md)
+
                          Pre-provision a device with up-to-date applications, policies and settings.[White glove](white-glove.md)
+
                          Deploy Windows 10 on an existing Windows 7 or 8.1 device[Windows Autopilot for existing devices](existing-devices.md)
+
                          
+
+## Windows Autopilot capabilities
+
+### Windows Autopilot is self-updating during OOBE
+
+Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly.  Windows will alert the user that the device is checking for, downloading and installing the updates.
+
+### Cortana voiceover and speech recognition during OOBE
+
+In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
+
+If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
+
+HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
+
+The key value is a DWORD with  **0** = disabled and **1** = enabled.
+
+| Value | Description |
+| --- | --- |
+| 0 | Cortana voiceover is disabled |
+| 1 | Cortana voiceover is enabled |
+| No value | Device will fall back to default behavior of the edition |
+
+To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+
+### Bitlocker encryption
+
+With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
 
 ## Related topics
 
-[Windows Autopilot Enrollment Status page](enrollment-status.md)
+[Windows Autopilot: What's new](windows-autopilot-whats-new.md)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
new file mode 100644
index 0000000000..9f414b3464
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
@@ -0,0 +1,48 @@
+---
+title: Windows Autopilot what's new
+ms.reviewer: 
+manager: laurawi
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot: What's new
+
+**Applies to**
+
+-   Windows 10
+
+## New in Windows 10, version 1903
+
+[Windows Autopilot for white glove deployment](white-glove.md) is new in Windows 10, version 1903. See the following video:
+
+
                          
+
+> [!VIDEO https://www.youtube.com/embed/nE5XSOBV0rI]
+
+Also new in this version of Windows:
+- The Intune enrollment status page (ESP) now tracks Intune Management Extensions.
+- [Cortana voiceover and speech recognition during OOBE](windows-autopilot-scenarios.md#cortana-voiceover-and-speech-recognition-during-oobe) is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
+- [Windows Autopilot is self-updating during OOBE](windows-autopilot-scenarios.md#windows-autopilot-is-self-updating-during-oobe). Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
+- Windows Autopilot will set the diagnostics data level to Full on Windows 10 version 1903 and later during OOBE. 
+
+## New in Windows 10, version 1809
+
+Windows Autopilot [self-deploying mode](self-deploying.md) enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured by Windows Autopilot. This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. 
+
+You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. 
+
+## Related topics
+
+[What's new in Microsoft Intune](https://docs.microsoft.com/intune/whats-new)
                          
+[What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index bbbde28edc..d728e20c8b 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -1,14 +1,16 @@
 ---
 title: Overview of Windows Autopilot
-description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, msfb, intune
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -20,16 +22,22 @@ ms.topic: article
 
 -   Windows 10
 
-Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices.
                          
-This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
+Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
 
-Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.
+Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following diagram:
 
-
+   ![Process overview](images/image1.png)
 
-When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images as well as drivers for every model of device being used. Instead of re-imaging the device, that existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise, to support advanced features).
+When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
 
-Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can help with device re-purposing scenarios, leveraging Windows Autopilot Reset to quickly prepare a device for a new user, as well as in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
+Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
+
+Windows Autopilot enables you to:
+* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join).  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
+* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](windows-autopilot-requirements-configuration.md)).
+* Restrict the Administrator account creation.
+* Create and auto-assign devices to configuration groups based on a device's profile.
+* Customize OOBE content specific to the organization.
 
 ## Windows Autopilot walkthrough
 
@@ -45,32 +53,13 @@ Traditionally, IT pros spend a lot of time building and customizing images that
 
 From the user's perspective, it only takes a few simple operations to make their device ready to use.
 
-From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything past that is automated.
+From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
 
 ## Requirements
 
-Windows 10 version 1703 or higher is required to use Windows Autopilot. The following editions are supported:
-- Pro
-- Pro Education
-- Pro for Workstations
-- Enterprise
-- Education
-
-See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on configuration, network, and licensing requirements.
-
-## Windows Autopilot Scenarios
-
-Windows Autopilot enables you to pre-register devices to your organization so that they will be fully configured with no additional intervention required by the user.
-
-Windows Autopilot enables you to:
-* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join).  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
-* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites)).
-* Restrict the Administrator account creation.
-* Create and auto-assign devices to configuration groups based on a device's profile.
-* Customize OOBE content specific to the organization.
-
-See [Windows Autopilot scenarios](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-scenarios) for more information about scenarios for using Windows Autopilot.
+Windows 10 version 1703 or higher is required to use Windows Autopilot. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
 
 ## Related topics
 
-[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)
+[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)
                          
+[Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index 2682bbad0b..c4e4de3c77 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -2,12 +2,14 @@
 title: Windows 10 deployment tools (Windows 10)
 description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process.
 ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
 keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: mtniehaus
-ms.date: 07/12/2017
+author: dansimp
 ms.topic: article
 ---
 
@@ -59,7 +61,7 @@ USMT is a backup and restore tool that allows you to migrate user state, data, a
 **Note**  
 Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you will learn below, using USMT is not difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it is easy to use. With MDT, you do nothing at all and USMT just works.
 
- 
+ 
 
 USMT includes several command-line tools, the most important of which are ScanState and LoadState:
 
@@ -92,7 +94,7 @@ By default USMT migrates many settings, most of which are related to the user pr
     **Note**  
     The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default.
 
-     
+     
 
 -   Operating system component settings
 
@@ -196,7 +198,7 @@ MDT has two main parts: the first is Lite Touch, which is a stand-alone deployme
 **Note**  
 Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information.
 
- 
+ 
 
 ![figure 11](images/mdt-11-fig13.png)
 
@@ -338,9 +340,9 @@ For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/f
 
 [Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json
index bac00186ea..7c76654379 100644
--- a/windows/device-security/docfx.json
+++ b/windows/device-security/docfx.json
@@ -20,7 +20,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
-		  "**/*.gif"
+          "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",
@@ -31,21 +31,22 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.author": "justinha",
-		"ms.date": "04/05/2017",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.win-device-security",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.author": "justinha",
+      "ms.date": "04/05/2017",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.win-device-security",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
-    "dest": "win-device-security"
+    "dest": "win-device-security",
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 292438cfe3..31963629cf 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -4,7 +4,7 @@
       {
         "files": [
           "**/*.md",
-		  "**/*.yml"
+          "**/*.yml"
         ],
         "exclude": [
           "**/obj/**",
@@ -22,8 +22,8 @@
           "**/*.png",
           "**/*.jpg",
           "**/*.svg",
-		  "**/*.gif",
-		  "**/*.pdf"
+          "**/*.gif",
+          "**/*.pdf"
         ],
         "exclude": [
           "**/obj/**",
@@ -34,24 +34,24 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
-		"ms.technology": "windows",
-		"ms.topic": "article",
-		"ms.author": "brianlic",
-		"feedback_system": "GitHub",
-		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.windows-hub",
-                           "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "ms.author": "brianlic",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.windows-hub",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
     "dest": "windows-hub",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/hub/index.md b/windows/hub/index.md
index dac41359d2..805d3fa7cd 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -15,19 +15,14 @@ ms.date: 10/02/2018
 
 Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile.
 
-
  
 
-
-> [!video https://www.youtube.com/embed/hAva4B-wsVA]
-
-
-## Check out [what's new in Windows 10, version 1809](/windows/whats-new/whats-new-windows-10-version-1809).
+## Check out [what's new in Windows 10, version 1903](/windows/whats-new/whats-new-windows-10-version-1903).
 
                          
 
diff --git a/windows/hub/windows-10-landing.yml b/windows/hub/windows-10-landing.yml
deleted file mode 100644
index 9932c85367..0000000000
--- a/windows/hub/windows-10-landing.yml
+++ /dev/null
@@ -1,77 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10
-metadata:
-  document_id: 
-  title: Windows 10
-  description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-  keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
-  ms.localizationpriority: medium
-  author: lizap
-  ms.author: elizapo
-  manager: dougkim
-  ms.topic: article
-  ms.devlang: na
-
-sections:
-- items:
-  - type: markdown
-    text: "
-      Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-      "  
-- title: Explore
-- items:
-  - type: markdown
-    text: "
-      Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.
                           
-      
                          
   
                          
     
-       
+       
         Read what's new in Windows 10
       
                          What's New? 
                          
     
                          
-      

                          **Download a free 90-day evaluation**
                          Try the latest features. Test your apps, hardware, and deployment strategies.
                          Start evaluation
                          **Get started with virtual labs**
                          Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.
                          See Windows 10 labs
                          **Conduct a proof of concept**
                          Download a lab environment with MDT, Configuration Manager, Windows 10, and more.
                          Get deployment kit
                          
-      "
-- title: What's new
-- items:
-  - type: markdown
-    text: "
-      Learn about the latest releases and servicing options.
                           
-      
-      
                          What's new in Windows 10, version 1809
                          What's new in Windows 10, version 1803
                          What's new in Windows 10, version 1709
                          Windows 10 release information
                          Windows 10 update history
                          Windows 10 roadmap
                          
-      "
-- title: Frequently asked questions
-- items:
-  - type: markdown
-    text: "
-      Get answers to commom questions, or get help with a specific problem.
                           
-      
-      
                          Windows 10 FAQ for IT Pros
                          Windows 10 forums
                          Windows 10 TechCommunity
                          Which edition is right for your organization?
                          Infrastructure requirements
                          What's Windows as a service?
                          Windows 10 Mobile deployment and management guide
                          
-      "
-- title: Plan
-- items:
-  - type: markdown
-    text: "
-      Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options. 
                           
-      
-      

                          **Application compatibility**
                          Get best practices and tools to help you address compatibility issues prior to deployment.
                          Find apps that are ready for Windows 10.
                          Identify and prioritize apps with Upgrade Readiness
                          Test, validate, and implement with the Web Application Compatibility Lab Kit
                          **Upgrade options**
                          Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.
                          Manage Windows upgrades with Upgrade Readiness
                          Windows 10 upgrade paths
                          Windows 10 edition upgrades
                          **Windows as a service**
                          Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.
                          Explore
                          
-      "
-- title: Deploy
-- items:
-  - type: markdown
-    text: "
-      Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
                           
-      
-      

                          **In-place upgrade**
                          The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
                          Upgrade to Windows 10 with Configuration Manager
                          Upgrade to Windows 10 with MDT
                          **Traditional deployment**
                          Some organizations may still need to opt for an image-based deployment of Windows 10.
                          Deploy Windows 10 with Configuration Manager
                          Deploy Windows 10 with MDT

                          **Dynamic provisioning**
                          With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
                          Provisioning packages for Windows 10
                          Build and apply a provisioning package
                          Customize Windows 10 start and the taskbar
                          **Other deployment scenarios**
                          Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.
                          Windows deployment for education environments
                          Set up a shared or guest PC with Windows 10
                          Sideload apps in Windows 10
                          
-      "
-- title: Management and security
-- items:
-  - type: markdown
-    text: "
-      Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
                           
-      
-      

                          **Manage Windows 10 updates**
                          Get best practices and tools to help you manage clients and apps.
                          Manage clients in Windows 10
                          Manage apps and features in Windows 10
                          **Security**
                          Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.
                          Windows 10 enterprise security
                          Threat protection
                          Identity protection
                          Information protection
                          
-      "
-- title: Stay informed
-- items:
-  - type: markdown
-    text: "
-      
-      

                          **Sign up for the Windows IT Pro Insider**
                          Find out about new resources and get expert tips and tricks on deployment, management, security, and more.
                          Learn more
                          **Follow us on Twitter**
                          Keep up with the latest desktop and device trends, Windows news, and events for IT pros.
                          Visit Twitter
                          **Join the Windows Insider Program for Business**
                          Get early access to new builds and provide feedback on the latest features and functionalities.
                          Get started
                          
-      "
diff --git a/windows/keep-secure/docfx.json b/windows/keep-secure/docfx.json
index e7c4c32d2a..49eb6c151a 100644
--- a/windows/keep-secure/docfx.json
+++ b/windows/keep-secure/docfx.json
@@ -30,15 +30,16 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.keep-secure",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.keep-secure",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
-    "dest": "keep-secure"
+    "dest": "keep-secure",
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/manage/docfx.json b/windows/manage/docfx.json
index 36d3bfc69c..a65600c79b 100644
--- a/windows/manage/docfx.json
+++ b/windows/manage/docfx.json
@@ -30,15 +30,16 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.windows-manage",
-			  "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.windows-manage",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
-    "dest": "windows-manage"
+    "dest": "windows-manage",
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/plan/docfx.json b/windows/plan/docfx.json
index 1a52d12cc9..a05d2009a6 100644
--- a/windows/plan/docfx.json
+++ b/windows/plan/docfx.json
@@ -30,15 +30,16 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-		"_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.windows-plan",
-			  "folder_relative_path_in_docset": "./"
-			}
-		}
-	},
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.windows-plan",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
+    },
     "fileMetadata": {},
     "template": [],
-    "dest": "windows-plan"
+    "dest": "windows-plan",
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md
index f0573631e9..07465d680b 100644
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 01/17/2018
+ms.reviewer: 
 ---
 
 # Diagnostic Data Viewer for PowerShell Overview
@@ -107,7 +108,7 @@ The Diagnostic Data Viewer for PowerShell provides you with the following featur
 
     Each event is displayed as a PowerShell Object. By default each event shows the event name, the time when it was seen by your Windows device, whether the event is [Basic](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization), its [diagnostic event category](#view-diagnostic-event-categories), and a detailed JSON view of the information it contains, which shows the event exactly as it was when sent to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
 
-- **View Diagnostic event categories.** Each event shows the diagnostic event categories that it belongs to. These categories define how events are used by Microsoft. The categories are shown as numeric identifiers. For more information about these categories, see [Windows Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data).  
+- **View diagnostic event categories.** Each event shows the diagnostic event categories that it belongs to. These categories define how events are used by Microsoft. The categories are shown as numeric identifiers. For more information about these categories, see [Windows Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data).  
     
     To view the diagnostic category represented by each numeric identifier and what the category means, you can run the command:
 
@@ -185,4 +186,4 @@ When resetting the size of your data history to a lower value, be sure to turn o
 
 ## Related Links
 - [Module in PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer)
-- [Documentation for Diagnostic Data Viewer for PowerShell](https://docs.microsoft.com/en-us/powershell/module/microsoft.diagnosticdataviewer/?view=win10-ps)
\ No newline at end of file
+- [Documentation for Diagnostic Data Viewer for PowerShell](https://docs.microsoft.com/en-us/powershell/module/microsoft.diagnosticdataviewer/?view=win10-ps)
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index 35561d07af..1dd34ad810 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -1,12 +1,14 @@
 # [Privacy](index.yml)
 ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
 ## [Windows and the GDPR: Information for IT Administrators and Decision Makers](gdpr-it-guidance.md)
+## [Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals](Windows-10-and-privacy-compliance.md)
 ## [Windows 10 personal data services configuration](windows-personal-data-services-configuration.md)
 ## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 ## Diagnostic Data Viewer
 ### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
 ### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md)
 ## Basic level Windows diagnostic data events and fields
+### [Windows 10, version 1903 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 ### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 ### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 ### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -17,10 +19,14 @@
 ### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md)
 ### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
 ## Manage Windows 10 connection endpoints
-### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
-### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+### [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+### [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md)
+### [Connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
 ### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
-### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
-### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1903](windows-endpoints-1903-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1809](windows-endpoints-1809-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1803](windows-endpoints-1803-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1709](windows-endpoints-1709-non-enterprise-editions.md)
+
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index ab42290c6b..4b6a124ff2 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-audience: ITPro
-author: brianlic-msft
-ms.author: brianlic
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
+ms.reviewer: 
 ---
 
 
@@ -33,6 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -1464,7 +1466,7 @@ The following fields are available:
 
 ### Census.Processor
 
-This event sends data about the processor (architecture, speed, number of cores, manufacturer, and model number), to help keep Windows up to date.
+This event sends data about the processor to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1822,61 +1824,6 @@ The following fields are available:
 
 ## Diagnostic data events
 
-### TelClientSynthetic.AbnormalShutdown_0
-
-This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AbnormalShutdownBootId**  Retrieves the Boot ID for which the abnormal shutdown was observed.
-- **CrashDumpEnabled**  Indicates whether crash dumps are enabled.
-- **CumulativeCrashCount**  Cumulative count of operating system crashes since the BootId reset.
-- **CurrentBootId**  BootId at the time the abnormal shutdown event was being reported.
-- **FirmwareResetReasonEmbeddedController**  Firmware-supplied reason for the reset.
-- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional data related to the reset reason provided by the firmware.
-- **FirmwareResetReasonPch**  Hardware-supplied reason for the reset.
-- **FirmwareResetReasonPchAdditional**  Additional data related to the reset reason provided by the hardware.
-- **FirmwareResetReasonSupplied**  Indicates whether the firmware supplied any reset reason.
-- **FirmwareType**  ID of the FirmwareType as enumerated in DimFirmwareType.
-- **HardwareWatchdogTimerGeneratedLastReset**  Indicates whether the hardware watchdog timer caused the last reset.
-- **HardwareWatchdogTimerPresent**  Indicates whether hardware watchdog timer was present or not.
-- **LastBugCheckBootId**  The Boot ID of the last captured crash.
-- **LastBugCheckCode**  Code that indicates the type of error.
-- **LastBugCheckContextFlags**  Additional crash dump settings.
-- **LastBugCheckOriginalDumpType**  The type of crash dump the system intended to save.
-- **LastBugCheckOtherSettings**  Other crash dump settings.
-- **LastBugCheckParameter1**  The first parameter with additional info on the type of the error.
-- **LastBugCheckProgress**  Progress towards writing out the last crash dump.
-- **LastSuccessfullyShutdownBootId**  The Boot ID of the last fully successful shutdown.
-- **PowerButtonCumulativePressCount**  Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released").
-- **PowerButtonCumulativeReleaseCount**  Indicates the number of times the power button has been released ("released" not to be confused with "pressed").
-- **PowerButtonErrorCount**  Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file).
-- **PowerButtonLastPressBootId**  The Boot ID of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released").
-- **PowerButtonLastPressTime**  The date and time the Power Button was most recently pressed ("pressed" not to be confused with "released").
-- **PowerButtonLastReleaseBootId**  The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed").
-- **PowerButtonLastReleaseTime**  The date and time the Power Button was most recently released ("released" not to be confused with "pressed").
-- **PowerButtonPressCurrentCsPhase**  Represents the phase of Connected Standby exit when the power button was pressed.
-- **PowerButtonPressIsShutdownInProgress**  Indicates whether a system shutdown was in progress at the last time the Power Button was pressed.
-- **PowerButtonPressLastPowerWatchdogStage**  The last stage completed when the Power Button was most recently pressed.
-- **PowerButtonPressPowerWatchdogArmed**  Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
-- **TransitionInfoBootId**  The Boot ID of the captured transition information.
-- **TransitionInfoCSCount**  The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved.
-- **TransitionInfoCSEntryReason**  Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited").
-- **TransitionInfoCSExitReason**  Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered").
-- **TransitionInfoCSInProgress**  Indicates whether the system was in or entering Connected Standby mode when the last marker was saved.
-- **TransitionInfoLastReferenceTimeChecksum**  The checksum of TransitionInfoLastReferenceTimestamp.
-- **TransitionInfoLastReferenceTimestamp**  The date and time that the marker was last saved.
-- **TransitionInfoPowerButtonTimestamp**  The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime).
-- **TransitionInfoSleepInProgress**  Indicates whether the system was in or entering Sleep mode when the last marker was saved.
-- **TransitionInfoSleepTranstionsToOn**  The total number of times the system transitioned from Sleep mode to on, when the last marker was saved.
-- **TransitionInfoSystemRunning**  Indicates whether the system was running when the last marker was saved.
-- **TransitionInfoSystemShutdownInProgress**  Indicates whether a device shutdown was in progress when the power button was pressed.
-- **TransitionInfoUserShutdownInProgress**  Indicates whether a user shutdown was in progress when the power button was pressed.
-- **TransitionLatestCheckpointId**  Represents a unique identifier for a checkpoint during the device state transition.
-- **TransitionLatestCheckpointSeqNumber**  Represents the chronological sequence number of the checkpoint.
-- **TransitionLatestCheckpointType**  Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
-
-
 ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
 
 This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect.
@@ -3009,26 +2956,43 @@ The following fields are available:
 - **winInetError**  The HResult of the operation.
 
 
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
+- **modalAction**  The action the user took on the dialog that was presented to them.
+- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult**  The return code of the action to correct the known issue.
+
+
 ## Remediation events
 
 ### Microsoft.Windows.Remediation.Applicable
 
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
 
 The following fields are available:
 
 - **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
 - **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
 - **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
 - **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
 - **AppraiserTaskValidFailed**  Indicates the Appraiser task did not function and requires intervention.
 - **CV**  Correlation vector
 - **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
 - **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
 - **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
 - **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
 - **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
 - **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -3042,12 +3006,12 @@ The following fields are available:
 - **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
 - **RemediationNoisyHammerAutoStartCount**  The number of times hammer auto-started.
 - **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
 - **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
 - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent Noisy Hammer task ran.
 - **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
 - **RemediationNoisyHammerIsInstalled**  TRUE if the noisy hammer is installed.
 - **RemediationNoisyHammerLastTaskRunResult**  The result of the last hammer task run.
@@ -3097,7 +3061,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Completed
 
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
 
 The following fields are available:
 
@@ -3113,12 +3077,12 @@ The following fields are available:
 - **CV**  The Correlation Vector.
 - **DateTimeDifference**  The difference between the local and reference clocks.
 - **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
 - **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
 - **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
 - **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
 - **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
 - **HResult**  The result of the event execution.
 - **LatestState**  The final state of the plug-in component.
 - **PackageVersion**  The package version for the current Remediation.
@@ -3173,7 +3137,7 @@ The following fields are available:
 - **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
 - **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
 - **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
 - **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
 - **WindowsHyberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, measured in Megabytes.
 - **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, measured in Megabytes.
@@ -3302,13 +3266,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Started
 
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+deny
 
 The following fields are available:
 
 - **CV**  Correlation vector.
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
+- **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Result**  This is the HRESULT for detection or perform action phases of the plugin.
 
@@ -3717,7 +3681,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Applicable
 
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3733,7 +3697,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Completed
 
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3779,7 +3743,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Started
 
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3817,7 +3781,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Applicable
 
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3833,7 +3797,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Completed
 
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3886,7 +3850,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Started
 
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4042,7 +4006,7 @@ The following fields are available:
 
 ### SIHEngineTelemetry.EvalApplicability
 
-This event is sent when targeting logic is evaluated to determine if a device is eligible a given action.
+This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action.
 
 
 
@@ -4236,7 +4200,7 @@ The following fields are available:
 - **RelatedCV**  The Correlation Vector that was used before the most recent change to a new Correlation Vector.
 - **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
 - **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5127,12 +5091,12 @@ This event lists the reboot reason when an app is going to reboot.
 
 The following fields are available:
 
-- **BootId**  The boot ID.
+- **BootId**  The system boot ID.
 - **BoottimeSinceLastShutdown**  The boot time since the last shutdown.
 - **RebootReason**  Reason for the reboot.
 
 
-## Microsoft Store events
+## Windows Store events
 
 ### Microsoft.Windows.Store.Partner.ReportApplication
 
@@ -6296,6 +6260,12 @@ This event sends data specific to the FixupEditionId mitigation used for OS Upda
 
 ## Windows Update Reserve Manager events
 
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
 ### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
 
 This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 658324d8b4..a88ae5d6a4 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-audience: ITPro
-author: brianlic-msft
-ms.author: brianlic
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
+ms.reviewer: 
 ---
 
 
@@ -33,6 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -68,7 +70,7 @@ The following fields are available:
 - **DecisionSystemBios_19H1Setup**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **DecisionSystemBios_RS4**  The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
 - **InventoryApplicationFile**  The count of the number of this particular object type present on this device.
-- **InventoryLanguagePack**  The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack**  The count of InventoryLanguagePack objects present on this machine.
 - **InventoryMediaCenter**  The count of the number of this particular object type present on this device.
 - **InventorySystemBios**  The count of the number of this particular object type present on this device.
 - **InventoryUplevelDriverPackage**  The count of the number of this particular object type present on this device.
@@ -1329,7 +1331,7 @@ The following fields are available:
 
 ### Census.App
 
-Provides information on IE and Census versions running on the device
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1538,7 +1540,7 @@ The following fields are available:
 
 ### Census.Processor
 
-Provides information on several important data points about Processor settings
+This event sends data about the processor to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1912,6 +1914,41 @@ The following fields are available:
 - **pendingDecision**  Indicates the cause of reboot, if applicable.
 
 
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
+- **buildVersion**  The build version of the package being installed.
+- **clientId**  The name of the application requesting the optional content change.
+- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult**  The return code of the download operation.
+- **hrStatusUpdate**  The return code of the servicing operation.
+- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion**  The major version of the package being installed.
+- **minorVersion**  The minor version of the package being installed.
+- **packageArchitecture**  The architecture of the package being installed.
+- **packageLanguage**  The language of the package being installed.
+- **packageName**  The name of the package being installed.
+- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
+- **revisionVersion**  The revision number of the package being installed.
+- **stackBuild**  The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
+- **stackRevision**  The revision number of the servicing stack binary performing the installation.
+- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState**  A value indicating the state of the optional content before the operation started.
+- **updateTargetState**  A value indicating the desired state of the optional content.
+
+
 ## Diagnostic data events
 
 ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
@@ -3107,25 +3144,42 @@ The following fields are available:
 - **winInetError**  The HResult of the operation.
 
 
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
+- **modalAction**  The action the user took on the dialog that was presented to them.
+- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult**  The return code of the action to correct the known issue.
+
+
 ## Remediation events
 
 ### Microsoft.Windows.Remediation.Applicable
 
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
 
 The following fields are available:
 
 - **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
 - **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
 - **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
 - **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
 - **CV**  Correlation vector
 - **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
 - **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
 - **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
 - **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
 - **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
 - **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -3139,12 +3193,12 @@ The following fields are available:
 - **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
 - **RemediationNoisyHammerAutoStartCount**  The number of times hammer auto-started.
 - **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
 - **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
 - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent Noisy Hammer task ran.
 - **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
 - **RemediationNoisyHammerIsInstalled**  TRUE if the noisy hammer is installed.
 - **RemediationNoisyHammerLastTaskRunResult**  The result of the last hammer task run.
@@ -3214,7 +3268,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Completed
 
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
 
 The following fields are available:
 
@@ -3232,12 +3286,12 @@ The following fields are available:
 - **CV**  The Correlation Vector.
 - **DateTimeDifference**  The difference between the local and reference clocks.
 - **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
 - **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
 - **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
 - **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
 - **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
 - **hasRolledBack**  Indicates whether the client machine has rolled back.
 - **hasUninstalled**  Indicates whether the client machine has uninstalled a later version of the OS.
 - **hResult**  The result of the event execution.
@@ -3298,7 +3352,7 @@ The following fields are available:
 - **RunResult**  The HRESULT for Detection or Perform Action phases of the plug-in.
 - **ServiceHealthPlugin**  The nae of the Service Health plug-in.
 - **StartComponentCleanupTask**  TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive in MBs.
+- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive, in megabytes.
 - **systemUptimeInHours**  Indicates the amount of time the system in hours has been on since the last boot.
 - **TotalSizeofOrphanedInstallerFilesInMegabytes**  The size of any orphaned Windows Installer files, measured in Megabytes.
 - **TotalSizeofStoreCacheAfterCleanupInMegabytes**  The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@@ -3313,7 +3367,7 @@ The following fields are available:
 - **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
 - **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
 - **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
 - **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
 - **windows10UpgraderBlockWuUpdates**  Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
 - **windowsEditionId**  Event to report the value of Windows Edition ID.
@@ -3347,13 +3401,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Started
 
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
 
 The following fields are available:
 
 - **CV**  Correlation vector.
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
+- **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Result**  This is the HRESULT for detection or perform action phases of the plugin.
 
@@ -3615,7 +3669,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Applicable
 
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3631,7 +3685,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Completed
 
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3678,7 +3732,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Started
 
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3716,7 +3770,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Applicable
 
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3732,7 +3786,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Completed
 
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -3786,7 +3840,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Started
 
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4128,7 +4182,7 @@ The following fields are available:
 - **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
 - **RevisionNumber**  Unique revision number of Update
 - **ServerId**  Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **SystemBIOSMajorRelease**  Major version of the BIOS.
 - **SystemBIOSMinorRelease**  Minor version of the BIOS.
 - **UpdateId**  Unique Update ID
@@ -4192,7 +4246,7 @@ The following fields are available:
 - **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
 - **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
 - **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5298,7 +5352,7 @@ The following fields are available:
 - **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
 
 
-## Microsoft Store events
+## Windows Store events
 
 ### Microsoft.Windows.Store.Partner.ReportApplication
 
@@ -6514,12 +6568,29 @@ The following fields are available:
 
 ## Windows Update Reserve Manager events
 
+### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
 ### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
 
 This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
 
 
 
+### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
+
+
+
 ## Winlogon events
 
 ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 55e5adf886..ac8f4d3e3c 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-audience: ITPro
-author: brianlic-msft
-ms.author: brianlic
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
+ms.reviewer: 
 ---
 
 
@@ -32,7 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 
 You can learn more about Windows functional and diagnostic data through these articles:
 
-
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
 - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -1374,7 +1375,7 @@ The following fields are available:
 
 ### Census.App
 
-Provides information on IE and Census versions running on the device.
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1582,9 +1583,53 @@ The following fields are available:
 - **SLICVersion**  Returns OS type/version from SLIC table.
 
 
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values:  -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity**  Current state of the activity history setting.
+- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection**  Current state of the activity history collection setting.
+- **AdvertisingId**  Current state of the advertising ID setting.
+- **AppDiagnostics**  Current state of the app diagnostics setting.
+- **Appointments**  Current state of the calendar setting.
+- **Bluetooth**  Current state of the Bluetooth capability setting.
+- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess**  Current state of the broad file system access setting.
+- **CellularData**  Current state of the cellular data capability setting.
+- **Chat**  Current state of the chat setting.
+- **Contacts**  Current state of the contacts setting.
+- **DocumentsLibrary**  Current state of the documents library setting.
+- **Email**  Current state of the email setting.
+- **FindMyDevice**  Current state of the "find my device" setting.
+- **GazeInput**  Current state of the gaze input setting.
+- **HumanInterfaceDevice**  Current state of the human interface device setting.
+- **InkTypeImprovement**  Current state of the improve inking and typing setting.
+- **Location**  Current state of the location setting.
+- **LocationHistory**  Current state of the location history setting.
+- **Microphone**  Current state of the microphone setting.
+- **PhoneCall**  Current state of the phone call setting.
+- **PhoneCallHistory**  Current state of the call history setting.
+- **PicturesLibrary**  Current state of the pictures library setting.
+- **Radios**  Current state of the radios setting.
+- **SensorsCustom**  Current state of the custom sensor setting.
+- **SerialCommunication**  Current state of the serial communication setting.
+- **Sms**  Current state of the text messaging setting.
+- **SpeechPersonalization**  Current state of the speech services setting.
+- **USB**  Current state of the USB setting.
+- **UserAccountInformation**  Current state of the account information setting.
+- **UserDataTasks**  Current state of the tasks setting.
+- **UserNotificationListener**  Current state of the notifications setting.
+- **VideosLibrary**  Current state of the videos library setting.
+- **Webcam**  Current state of the camera setting.
+- **WiFiDirect**  Current state of the Wi-Fi direct setting.
+
+
 ### Census.Processor
 
-Provides information on several important data points about Processor settings.
+This event sends data about the processor to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1695,6 +1740,50 @@ The following fields are available:
 - **SpeechInputLanguages**  The Speech Input languages installed on the device.
 
 
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity**  Current state of the activity history setting.
+- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection**  Current state of the activity history collection setting.
+- **AdvertisingId**  Current state of the advertising ID setting.
+- **AppDiagnostics**  Current state of the app diagnostics setting.
+- **Appointments**  Current state of the calendar setting.
+- **Bluetooth**  Current state of the Bluetooth capability setting.
+- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess**  Current state of the broad file system access setting.
+- **CellularData**  Current state of the cellular data capability setting.
+- **Chat**  Current state of the chat setting.
+- **Contacts**  Current state of the contacts setting.
+- **DocumentsLibrary**  Current state of the documents library setting.
+- **Email**  Current state of the email setting.
+- **GazeInput**  Current state of the gaze input setting.
+- **HumanInterfaceDevice**  Current state of the human interface device setting.
+- **InkTypeImprovement**  Current state of the improve inking and typing setting.
+- **InkTypePersonalization**  Current state of the inking and typing personalization setting.
+- **Location**  Current state of the location setting.
+- **LocationHistory**  Current state of the location history setting.
+- **Microphone**  Current state of the microphone setting.
+- **PhoneCall**  Current state of the phone call setting.
+- **PhoneCallHistory**  Current state of the call history setting.
+- **PicturesLibrary**  Current state of the pictures library setting.
+- **Radios**  Current state of the radios setting.
+- **SensorsCustom**  Current state of the custom sensor setting.
+- **SerialCommunication**  Current state of the serial communication setting.
+- **Sms**  Current state of the text messaging setting.
+- **SpeechPersonalization**  Current state of the speech services setting.
+- **USB**  Current state of the USB setting.
+- **UserAccountInformation**  Current state of the account information setting.
+- **UserDataTasks**  Current state of the tasks setting.
+- **UserNotificationListener**  Current state of the notifications setting.
+- **VideosLibrary**  Current state of the videos library setting.
+- **Webcam**  Current state of the camera setting.
+- **WiFiDirect**  Current state of the Wi-Fi direct setting.
+
+
 ### Census.VM
 
 This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
@@ -1819,7 +1908,6 @@ The following fields are available:
 - **ext_cs**  Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
 - **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
 - **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_receipts**  Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
 - **ext_sdk**  Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
 - **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
 - **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
@@ -1845,16 +1933,6 @@ The following fields are available:
 - **ver**  Represents the major and minor version of the extension.
 
 
-### Common Data Extensions.receipts
-
-Represents various time information as provided by the client and helps for debugging purposes.
-
-The following fields are available:
-
-- **originalTime**  The original event time.
-- **uploadTime**  The time the event was uploaded.
-
-
 ### Common Data Extensions.sdk
 
 Used by platform specific libraries to record fields that are required for a specific SDK.
@@ -2027,6 +2105,41 @@ The following fields are available:
 - **transactionCanceled**  Indicates whether the uninstall was cancelled.
 
 
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
+- **buildVersion**  The build version of the package being installed.
+- **clientId**  The name of the application requesting the optional content change.
+- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult**  The return code of the download operation.
+- **hrStatusUpdate**  The return code of the servicing operation.
+- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion**  The major version of the package being installed.
+- **minorVersion**  The minor version of the package being installed.
+- **packageArchitecture**  The architecture of the package being installed.
+- **packageLanguage**  The language of the package being installed.
+- **packageName**  The name of the package being installed.
+- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
+- **revisionVersion**  The revision number of the package being installed.
+- **stackBuild**  The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
+- **stackRevision**  The revision number of the servicing stack binary performing the installation.
+- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState**  A value indicating the state of the optional content before the operation started.
+- **updateTargetState**  A value indicating the desired state of the optional content.
+
+
 ## Deployment extensions
 
 ### DeploymentTelemetry.Deployment_End
@@ -4120,26 +4233,43 @@ The following fields are available:
 - **threadId**  The ID of the thread the activity was run on.
 
 
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask**  Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult**  The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated**  Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted**  Indicates whether the device was impacted by a known issue.
+- **modalAction**  The action the user took on the dialog that was presented to them.
+- **modalResult**  The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult**  The return code of the action to correct the known issue.
+
+
 ## Remediation events
 
 ### Microsoft.Windows.Remediation.Applicable
 
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
 
 The following fields are available:
 
 - **ActionName**  The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult**  Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
 - **AppraiserDetectCondition**  Indicates whether the plug-in passed the appraiser's check.
 - **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
 - **AppraiserTaskDisabled**  Indicates the appraiser task is disabled.
 - **AppraiserTaskValidFailed**  Indicates the Appraiser task did not function and requires intervention.
 - **CV**  Correlation vector
 - **DateTimeDifference**  The difference between local and reference clock times.
-- **DateTimeSyncEnabled**  Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
 - **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
 - **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
-- **DetectedCondition**  Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
 - **EvalAndReportAppraiserBinariesFailed**  Indicates the EvalAndReportAppraiserBinaries event failed.
 - **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
 - **EvalAndReportAppraiserRegEntriesFailed**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -4153,12 +4283,12 @@ The following fields are available:
 - **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Reload**  True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus**  Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
 - **RemediationNoisyHammerAutoStartCount**  The number of times hammer auto-started.
 - **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
 - **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
 - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent Noisy Hammer task ran.
 - **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
 - **RemediationNoisyHammerIsInstalled**  TRUE if the noisy hammer is installed.
 - **RemediationNoisyHammerLastTaskRunResult**  The result of the last hammer task run.
@@ -4228,7 +4358,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Completed
 
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
 
 The following fields are available:
 
@@ -4246,12 +4376,12 @@ The following fields are available:
 - **CV**  The Correlation Vector.
 - **DateTimeDifference**  The difference between the local and reference clocks.
 - **DaysSinceOsInstallation**  The number of days since the installation of the Operating System.
-- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned**  The amount of space cleaned on the hard disk, measured in megabytes.
 - **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
 - **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
 - **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
 - **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
 - **hasRolledBack**  Indicates whether the client machine has rolled back.
 - **hasUninstalled**  Indicates whether the client machine has uninstalled a later version of the OS.
 - **hResult**  The result of the event execution.
@@ -4316,7 +4446,7 @@ The following fields are available:
 - **ServiceHealthInstalledBitMap**  List of services installed by the plugin.
 - **ServiceHealthPlugin**  The nae of the Service Health plug-in.
 - **StartComponentCleanupTask**  TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive in MBs.
+- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive, in megabytes.
 - **systemUptimeInHours**  Indicates the amount of time the system in hours has been on since the last boot.
 - **TotalSizeofOrphanedInstallerFilesInMegabytes**  The size of any orphaned Windows Installer files, measured in Megabytes.
 - **TotalSizeofStoreCacheAfterCleanupInMegabytes**  The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@@ -4331,7 +4461,7 @@ The following fields are available:
 - **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
 - **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
 - **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
-- **usoScanPastThreshold**  TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
 - **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
 - **windows10UpgraderBlockWuUpdates**  Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
 - **windowsEditionId**  Event to report the value of Windows Edition ID.
@@ -4365,13 +4495,13 @@ The following fields are available:
 
 ### Microsoft.Windows.Remediation.Started
 
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
 
 The following fields are available:
 
 - **CV**  Correlation vector.
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion**  Current package version of Remediation.
+- **PackageVersion**  The version of the current remediation package.
 - **PluginName**  Name of the plugin specified for each generic plugin event.
 - **Result**  This is the HRESULT for detection or perform action phases of the plugin.
 - **RunCount**  The number of times the remediation event started (whether it completed successfully or not).
@@ -4598,7 +4728,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Applicable
 
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4614,7 +4744,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Completed
 
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4629,7 +4759,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentLauncher.Started
 
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4642,7 +4772,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Applicable
 
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4658,7 +4788,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Completed
 
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4680,7 +4810,7 @@ The following fields are available:
 
 ### Microsoft.Windows.SedimentService.Started
 
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
 
 The following fields are available:
 
@@ -4934,7 +5064,7 @@ The following fields are available:
 - **FlightId**  The specific id of the flight the device is getting
 - **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
 - **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **SystemBIOSMajorRelease**  Major release version of the system bios
 - **SystemBIOSMinorRelease**  Minor release version of the system bios
 - **UpdateId**  Identifier associated with the specific piece of content
@@ -4997,7 +5127,7 @@ The following fields are available:
 - **RelatedCV**  The Correlation Vector that was used before the most recent change to a new Correlation Vector.
 - **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
 - **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5988,7 +6118,7 @@ The following fields are available:
 - **PertProb**  Constant used in algorithm for randomization.
 
 
-## Microsoft Store events
+## Windows Store events
 
 ### Microsoft.Windows.Store.StoreActivating
 
@@ -7646,6 +7776,12 @@ This event is sent when the Update Reserve Manager returns an error from one of
 
 
 
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
 ### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
 
 This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index f8a042ef3d..765419c245 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-audience: ITPro
-author: brianlic-msft
-ms.author: brianlic
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
+ms.reviewer: 
 ---
 
 
@@ -32,7 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 
 You can learn more about Windows functional and diagnostic data through these articles:
 
-
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
 - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -311,6 +312,7 @@ The following fields are available:
 - **DatasourceApplicationFile_RS1**  An ID for the system, calculated by hashing hardware identifiers.
 - **DatasourceApplicationFile_RS2**  An ID for the system, calculated by hashing hardware identifiers.
 - **DatasourceApplicationFile_RS3**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_RS4**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DatasourceApplicationFile_RS5**  The count of the number of this particular object type present on this device.
@@ -349,6 +351,7 @@ The following fields are available:
 - **DataSourceMatchingInfoBlock_RS1**  The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device.
 - **DataSourceMatchingInfoBlock_RS2**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS3**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
@@ -361,6 +364,7 @@ The following fields are available:
 - **DataSourceMatchingInfoPassive_RS1**  The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
 - **DataSourceMatchingInfoPassive_RS2**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS3**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
@@ -373,6 +377,7 @@ The following fields are available:
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS2**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS3**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
@@ -398,6 +403,7 @@ The following fields are available:
 - **DecisionApplicationFile_RS1**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS2**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS3**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionApplicationFile_RS5**  The count of the number of this particular object type present on this device.
@@ -436,6 +442,7 @@ The following fields are available:
 - **DecisionMatchingInfoBlock_RS1**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device.
 - **DecisionMatchingInfoBlock_RS2**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device.
 - **DecisionMatchingInfoBlock_RS3**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device.
+- **DecisionMatchingInfoBlock_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_RS4**  The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1803 present on this device.
 - **DecisionMatchingInfoBlock_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
@@ -448,6 +455,7 @@ The following fields are available:
 - **DecisionMatchingInfoPassive_RS1**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
 - **DecisionMatchingInfoPassive_RS2**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device.
 - **DecisionMatchingInfoPassive_RS3**  The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device.
+- **DecisionMatchingInfoPassive_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
@@ -460,6 +468,7 @@ The following fields are available:
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
 - **DecisionMatchingInfoPostUpgrade_RS2**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
 - **DecisionMatchingInfoPostUpgrade_RS3**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
@@ -472,6 +481,7 @@ The following fields are available:
 - **DecisionMediaCenter_RS1**  The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device.
 - **DecisionMediaCenter_RS2**  The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device.
 - **DecisionMediaCenter_RS3**  The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device.
+- **DecisionMediaCenter_RS3Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_RS4**  The total DecisionMediaCenter objects targeting Windows 10 version 1803 present on this device.
 - **DecisionMediaCenter_RS4Setup**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_RS5**  The count of the number of this particular object type present on this device.
@@ -522,6 +532,7 @@ The following fields are available:
 - **Wmdrm_RS1**  An ID for the system, calculated by hashing hardware identifiers.
 - **Wmdrm_RS2**  An ID for the system, calculated by hashing hardware identifiers.
 - **Wmdrm_RS3**  An ID for the system, calculated by hashing hardware identifiers.
+- **Wmdrm_RS3Setup**  The count of the number of this particular object type present on this device.
 - **Wmdrm_RS4**  The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
 - **Wmdrm_RS4Setup**  The count of the number of this particular object type present on this device.
 - **Wmdrm_RS5**  The count of the number of this particular object type present on this device.
@@ -624,6 +635,17 @@ The following fields are available:
 - **AppraiserVersion**  The version of the appraiser file generating the events.
 
 
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
+
+This event indicates that the DatasourceDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
 ### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
 
 This event indicates that a new set of DatasourceDriverPackageAdd events will be sent.
@@ -1780,7 +1802,7 @@ The following fields are available:
 
 ### Census.App
 
-Provides information on IE and Census versions running on the device
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
 
 The following fields are available:
 
@@ -1796,6 +1818,17 @@ The following fields are available:
 - **IEVersion**  The version of Internet Explorer that is running on the device.
 
 
+### Census.Azure
+
+This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets.
+
+The following fields are available:
+
+- **CloudCoreBuildEx**  The Azure CloudCore build number.
+- **CloudCoreSupportBuildEx**  The Azure CloudCore support build number.
+- **NodeID**  The node identifier on the device that indicates whether the device is part of the Azure fleet.
+
+
 ### Census.Battery
 
 This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
@@ -2038,7 +2071,7 @@ The following fields are available:
 
 ### Census.Processor
 
-Provides information on several important data points about Processor settings
+This event sends data about the processor to help keep Windows up to date.
 
 The following fields are available:
 
@@ -2325,7 +2358,6 @@ The following fields are available:
 - **ext_cs**  Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
 - **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
 - **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_receipts**  Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
 - **ext_sdk**  Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
 - **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
 - **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
@@ -2351,16 +2383,6 @@ The following fields are available:
 - **ver**  Represents the major and minor version of the extension.
 
 
-### Common Data Extensions.receipts
-
-Represents various time information as provided by the client and helps for debugging purposes.
-
-The following fields are available:
-
-- **originalTime**  The original event time.
-- **uploadTime**  The time the event was uploaded.
-
-
 ### Common Data Extensions.sdk
 
 Used by platform specific libraries to record fields that are required for a specific SDK.
@@ -2580,6 +2602,41 @@ The following fields are available:
 - **stageTimeSeconds**  The time (in seconds) required to stage all files that are part of the update.
 
 
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
+- **buildVersion**  The build version of the package being installed.
+- **clientId**  The name of the application requesting the optional content change.
+- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds**  The number of seconds required to complete the optional content download.
+- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult**  The return code of the download operation.
+- **hrStatusUpdate**  The return code of the servicing operation.
+- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion**  The major version of the package being installed.
+- **minorVersion**  The minor version of the package being installed.
+- **packageArchitecture**  The architecture of the package being installed.
+- **packageLanguage**  The language of the package being installed.
+- **packageName**  The name of the package being installed.
+- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
+- **revisionVersion**  The revision number of the package being installed.
+- **stackBuild**  The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
+- **stackRevision**  The revision number of the servicing stack binary performing the installation.
+- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState**  A value indicating the state of the optional content before the operation started.
+- **updateTargetState**  A value indicating the desired state of the optional content.
+
+
 ## Deployment extensions
 
 ### DeploymentTelemetry.Deployment_End
@@ -2730,6 +2787,7 @@ The following fields are available:
 - **MaxActiveAgentConnectionCount**  The maximum number of active agents during this heartbeat timeframe.
 - **MaxInUseScenarioCounter**  Soft maximum number of scenarios loaded by UTC.
 - **PreviousHeartBeatTime**  Time of last heartbeat event (allows chaining of events).
+- **PrivacyBlockedCount**  The number of events blocked due to privacy settings or tags.
 - **RepeatedUploadFailureDropped**  Number of events lost due to repeated upload failures for a single buffer.
 - **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
 - **SettingsHttpFailures**  The number of failures from contacting the OneSettings service.
@@ -2769,6 +2827,7 @@ The following fields are available:
 - **LastEventSizeOffender**  Event name of last event which exceeded max event size.
 - **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
 - **PreviousHeartBeatTime**  The FILETIME of the previous heartbeat fire.
+- **PrivacyBlockedCount**  The number of events blocked due to privacy settings or tags.
 - **RepeatedUploadFailureDropped**  Number of events lost due to repeated upload failures for a single buffer.
 - **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
 - **SettingsHttpFailures**  Number of failures from contacting OneSettings service.
@@ -2837,6 +2896,33 @@ The following fields are available:
 
 ## Direct to update events
 
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability
+
+Event to indicate that the Coordinator CheckApplicability call succeeded.
+
+The following fields are available:
+
+- **ApplicabilityResult**  Result of CheckApplicability function.
+- **CampaignID**  Campaign ID being run.
+- **ClientID**  Client ID being run.
+- **CoordinatorVersion**  Coordinator version of DTU.
+- **CV**  Correlation vector.
+- **IsDeviceAADDomainJoined**  Indicates whether the device is logged in to the AAD (Azure Active Directory) domain.
+- **IsDeviceADDomainJoined**  Indicates whether the device is logged in to the AD (Active Directory) domain.
+- **IsDeviceCloverTrail**  Indicates whether the device has a Clover Trail system installed.
+- **IsDeviceFeatureUpdatingPaused**  Indicates whether Feature Update is paused on the device.
+- **IsDeviceNetworkMetered**  Indicates whether the device is connected to a metered network.
+- **IsDeviceOobeBlocked**  Indicates whether user approval is required to install updates on the device.
+- **IsDeviceRequireUpdateApproval**  Indicates whether user approval is required to install updates on the device.
+- **IsDeviceSccmManaged**  Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
+- **IsDeviceUninstallActive**  Indicates whether the OS (operating system) on the device was recently updated.
+- **IsDeviceUpdateNotificationLevel**  Indicates whether the device has a set policy to control update notifications.
+- **IsDeviceUpdateServiceManaged**  Indicates whether the device uses WSUS (Windows Server Update Services).
+- **IsDeviceZeroExhaust**  Indicates whether the device subscribes to the Zero Exhaust policy to minimize connections from Windows to Microsoft.
+- **IsGreaterThanMaxRetry**  Indicates whether the DTU (Direct to Update) service has exceeded its maximum retry count.
+- **IsVolumeLicensed**  Indicates whether a volume license was used to authenticate the operating system or applications on the device.
+
+
 ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
 
 This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call.
@@ -3813,6 +3899,8 @@ The following fields are available:
 - **COMPID**  The list of “Compatible IDs” for this device.
 - **ContainerId**  The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to.
 - **Description**  The description of the device.
+- **DeviceDriverFlightId**  The test build (Flight) identifier of the device driver.
+- **DeviceExtDriversFlightIds**  The test build (Flight) identifier for all extended device drivers.
 - **DeviceInterfaceClasses**  The device interfaces that this device implements.
 - **DeviceState**  Identifies the current state of the parent (main) device.
 - **DriverId**  The unique identifier for the installed driver.
@@ -3822,8 +3910,10 @@ The following fields are available:
 - **DriverVerVersion**  The version number of the driver installed on the device.
 - **Enumerator**  Identifies the bus that enumerated the device.
 - **ExtendedInfs**  The extended INF file names.
+- **FirstInstallDate**  The first time this device was installed on the machine.
 - **HWID**  A list of hardware IDs for the device.
 - **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
+- **InstallDate**  The date of the most recent installation of the device on the machine.
 - **InstallState**  The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
 - **InventoryVersion**  The version number of the inventory process generating the events.
 - **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
@@ -3879,6 +3969,7 @@ The following fields are available:
 
 This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent.
 
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 
 The following fields are available:
 
@@ -3980,12 +4071,18 @@ The following fields are available:
 
 This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
 
+The following fields are available:
+
+- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
 
 
 ### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
 
 This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
 
+The following fields are available:
+
+- **key**  The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
 
 
 ### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
@@ -4437,6 +4534,43 @@ The following fields are available:
 - **UserInputTime**  The amount of time the loader application spent waiting for user input.
 
 
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid**  Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]**  Predefined folder path locations.
+- **migDiagSession->CString**  The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
+- **objectCount**  The count for the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **knownFoldersSys[i]**  The predefined folder path locations.
+- **migDiagSession->CString**  Identifies the phase of the upgrade where migration happens.
+- **objectCount**  The count of the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid**  Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]**  Predefined folder path locations.
+- **migDiagSession->CString**  The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount**  The number of objects that are being transferred.
+
+
 ## Miracast events
 
 ### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
@@ -4669,6 +4803,354 @@ The following fields are available:
 - **threadId**  The ID of the thread on which the activity is executing.
 
 
+## Remediation events
+
+### Microsoft.Windows.Remediation.Applicable
+
+This event indicates whether Windows Update sediment remediations need to be applied to the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **AllowAutoUpdateExists**  Indicates whether the Automatic Update feature is turned on.
+- **AllowAutoUpdateProviderSetExists**  Indicates whether the Allow Automatic Update provider exists.
+- **AppraiserBinariesValidResult**  Indicates whether the plug-in was appraised as valid.
+- **AppraiserRegistryValidResult**  Indicates whether the registry entry checks out as valid.
+- **AppraiserTaskRepairDisabled**  Task repair performed by the Appraiser plug-in is disabled.
+- **AppraiserTaskValid**  Indicates that the Appraiser task is valid.
+- **AUOptionsExists**  Indicates whether the Automatic Update options exist.
+- **CTACTargetingAttributesInvalid**  Indicates whether the Common Targeting Attribute Client (CTAC) attributes are valid. CTAC is a Windows Runtime client library.
+- **CTACVersion**  The Common Targeting Attribute Client (CTAT) version on the device. CTAT is a Windows Runtime client library.
+- **CV**  Correlation vector
+- **DataStoreSizeInBytes**  Size of the data store, in bytes.
+- **DateTimeDifference**  The difference between local and reference clock times.
+- **DateTimeSyncEnabled**  Indicates whether the Datetime Sync plug-in is enabled.
+- **daysSinceInstallThreshold**  The maximum number of days since the operating system was installed before the device is checked to see if remediation is needed.
+- **daysSinceInstallValue**  Number of days since the operating system was installed.
+- **DaysSinceLastSIH**  The number of days since the most recent SIH executed.
+- **DaysToNextSIH**  The number of days until the next scheduled SIH execution.
+- **DetectConditionEnabled**  Indicates whether a condition that the remediation tool can repair was detected.
+- **DetectedCondition**  Indicates whether detected condition is true and the perform action will be run.
+- **DetectionFailedReason**  Indicates why a given remediation failed to fix a problem that was detected.
+- **DiskFreeSpaceBeforeSedimentPackInMB**  Number of megabytes of disk space available on the device before running the Sediment Pack.
+- **DiskSpaceBefore**  The amount of free disk space available before a remediation was run.
+- **EditionIdFixCorrupted**  Indicates whether the Edition ID is corrupted.
+- **EscalationTimerResetFixResult**  The result of fixing the escalation timer.
+- **EvalAndReportAppraiserRegEntries**  Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **FixedEditionId**  Indicates whether we fixed the edition ID.
+- **FlightRebootTime**  The amount of time before the system is rebooted.
+- **ForcedRebootToleranceDays**  The maximum number of days before a system reboot is forced on the devie.
+- **FreeSpaceRequirement**  The amount of free space required.
+- **GlobalEventCounter**  Client side counter that indicates ordering of events sent by the remediation system.
+- **HResult**  The HRESULT for detection or perform action phases of the plugin.
+- **installDateValue**  The date of the installation.
+- **IsAppraiserLatestResult**  The HRESULT from the appraiser task.
+- **IsConfigurationCorrected**  Indicates whether the configuration of SIH task was successfully corrected.
+- **IsEscalationTimerResetFixNeeded**  Determines whether a fix is applicable.
+- **IsForcedModeEnabled**  Indicates whether forced reboot mode is enabled.
+- **IsHomeSku**  Indicates whether the device is running the Windows 10 Home edition.
+- **IsRebootForcedMode**  Indicates whether the forced reboot mode is turned on.
+- **IsServiceHardeningEnabled**  Indicates whether the Windows Service Hardening feature was turned on for the device.
+- **IsServiceHardeningNeeded**  Indicates whether Windows Service Hardening was needed for the device (multiple instances of service tampering were detected.)
+- **isThreshold**  Indicates whether the value meets our threshold.
+- **IsUsoRebootPending**  Indicates whether a system reboot is pending.
+- **IsUsoRebootPendingInUpdateStore**  Indicates whether a reboot is pending.
+- **IsUsoRebootTaskEnabled**  Indicates whether the Update Service Orchestrator (USO) reboot task is enabled
+- **IsUsoRebootTaskExists**  Indicates whether the Update Service Orchestrator (USO) reboot task exists.
+- **IsUsoRebootTaskValid**  Indicates whether the Update Service Orchestrator (USO) reboot task is valid.
+- **LastHresult**  The HRESULT for detection or perform action phases of the plugin.
+- **LastRebootTaskRunResult**  Indicates the result of the last reboot task.
+- **LastRebootTaskRunTime**  The length of time the last reboot task took to run.
+- **LastRun**  The date of the most recent SIH run.
+- **LPCountBefore**  The number of language packs on the device before remediation started.
+- **NextCheck**  Indicates when remediation will next be attempted.
+- **NextRebootTaskRunTime**  Indicates when the next system reboot task will run.
+- **NextRun**  Date of the next scheduled SIH run.
+- **NoAutoUpdateExists**  Indicates whether the Automatic Updates feature is turned off.
+- **NumberOfDaysStuckInReboot**  The number of days tht the device has been unable to successfully reboot.
+- **OriginalEditionId**  The Windows edition ID before remediation started.
+- **PackageVersion**  The version of the current remediation package.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **ProductType**  The product type of Windows 10.
+- **QualityUpdateSedimentFunnelState**  Provides information about whether Windows Quality Updates are missing on the device.
+- **QualityUpdateSedimentJsonSchemaVersion**  The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLastRunSeconds**  The number of seconds since the Quality Updates were run.
+- **QualityUpdateSedimentLocalStartTime**  Provides information about when Quality Updates were run.
+- **QualityUpdateSedimentLocaltTime**  The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedPlugins**  Provides the list of remediation plug-ins that are applicable to enable Quality Updates on the device.
+- **QualityUpdateSedimentTargetedTriggers**  Provides information about remediations that are applicable to enable Quality Updates on the device.
+- **RegkeysExist**  Indicates whether specified registry keys exist.
+- **Reload**  True if SIH reload is required.
+- **RemediationAutoUAAcLineStatus**  Indicates the power status returned by the Automatic Update Assistant tool.
+- **RemediationAutoUAAutoStartCount**  Indicates the number of times the Automatic Update Assistant tool has automatically started.
+- **RemediationAutoUACalendarTaskEnabled**  Indicates whether an Automatic Update Assistant tool task is enabled.
+- **RemediationAutoUACalendarTaskExists**  Indicates whether an Automatic Update Assistant tool task exists.
+- **RemediationAutoUACalendarTaskTriggerEnabledCount**  Indicates the number of times an Automatic Update Assistant tool task has been triggered.
+- **RemediationAutoUADaysSinceLastTaskRunTime**  Indicates the last run time an Automatic Update Assistant tool task was run.
+- **RemediationAutoUAGetCurrentSize**  Indicates the current size of the Automatic Update Assistant tool.
+- **RemediationAutoUAIsInstalled**  Indicates whether the Automatic Update Assistant tool is installed.
+- **RemediationAutoUALastTaskRunResult**  Indicates the result from the last time the Automatic Update Assistant tool was run.
+- **RemediationAutoUAMeteredNetwork**  Indicates whether the Automatic Update Assistant tool is running on a metered network.
+- **RemediationAutoUATaskEnabled**  Indicates whether the Automatic Update Assistant tool task is enabled.
+- **RemediationAutoUATaskExists**  Indicates whether an Automatic Update Assistant tool task exists.
+- **RemediationAutoUATasksStalled**  Indicates whether an Automatic Update Assistant tool task is stalled.
+- **RemediationAutoUATaskTriggerEnabledCount**  Indicates how many times an Automatic Update Assistant tool task was triggered.
+- **RemediationAutoUAUAExitCode**  Indicates any exit code provided by the Automatic Update Assistant tool.
+- **RemediationAutoUAUAExitState**  Indicates the exit state of the Automatic Update Assistant tool.
+- **RemediationAutoUAUserLoggedIn**  Indicates whether a user is logged in.
+- **RemediationAutoUAUserLoggedInAdmin**  Indicates whether a user is logged in as an Administrator.
+- **RemediationCorruptionRepairBuildNumber**  The build number to use to repair corruption.
+- **RemediationCorruptionRepairCorruptionsDetected**  Indicates whether corruption was detected.
+- **RemediationCorruptionRepairDetected**  Indicates whether an attempt was made to repair the corruption.
+- **RemediationDeliverToastBuildNumber**  Indicates a build number that should be applicable to this device.
+- **RemediationDeliverToastDetected**  Indicates that a plug-in has been detected.
+- **RemediationDeliverToastDeviceExcludedNation**  Indicates the geographic identity (GEO ID) that is not applicable for a given plug-in.
+- **RemediationDeliverToastDeviceFreeSpaceInMB**  Indicates the amount of free space, in megabytes.
+- **RemediationDeliverToastDeviceHomeSku**  Indicates whether the plug-in is applicable for the Windows 10 Home edition.
+- **RemediationDeliverToastDeviceIncludedNation**  Indicates the geographic identifier (GEO ID) that is applicable for a given plug-in.
+- **RemediationDeliverToastDeviceProSku**  Indicates whether the plug-in is applicable for the Windows 10 Professional edition.
+- **RemediationDeliverToastDeviceSystemDiskSizeInMB**  Indicates the size of a system disk, in megabytes.
+- **RemediationDeliverToastGeoId**  Indicates the geographic identifier (GEO ID) that is applicable for a given plug-in.
+- **RemediationDeviceSkuId**  The Windows 10 edition ID that maps to the version of Windows 10 on the device.
+- **RemediationGetCurrentFolderExist**  Indicates whether the GetCurrent folder exists.
+- **RemediationNoisyHammerAcLineStatus**  Indicates the AC Line Status of the device.
+- **RemediationNoisyHammerAutoStartCount**  The number of times hammer auto-started.
+- **RemediationNoisyHammerCalendarTaskEnabled**  Event that indicates Update Assistant Calendar Task is enabled.
+- **RemediationNoisyHammerCalendarTaskExists**  Event that indicates an Update Assistant Calendar Task exists.
+- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount**  Event that indicates calendar triggers are enabled in the task.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime**  The number of days since the most recent Noisy Hammer task ran.
+- **RemediationNoisyHammerGetCurrentSize**  Size in MB of the $GetCurrent folder.
+- **RemediationNoisyHammerIsInstalled**  TRUE if the noisy hammer is installed.
+- **RemediationNoisyHammerLastTaskRunResult**  The result of the last hammer task run.
+- **RemediationNoisyHammerMeteredNetwork**  TRUE if the machine is on a metered network.
+- **RemediationNoisyHammerTaskEnabled**  Indicates whether the Update Assistant Task (Noisy Hammer) is enabled.
+- **RemediationNoisyHammerTaskExists**  Indicates whether the Update Assistant Task (Noisy Hammer) exists.
+- **RemediationNoisyHammerTasksStalled**  Indicates whether a task (Noisy Hammer) is stalled.
+- **RemediationNoisyHammerTaskTriggerEnabledCount**  Indicates whether counting is enabled for the Update Assistant (Noisy Hammer) task trigger.
+- **RemediationNoisyHammerUAExitCode**  The exit code of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUAExitState**  The code for the exit state of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUserLoggedIn**  TRUE if there is a user logged in.
+- **RemediationNoisyHammerUserLoggedInAdmin**  TRUE if there is the user currently logged in is an Admin.
+- **RemediationNotifyUserFixIssuesBoxStatusKey**  Status of the remediation plug-in.
+- **RemediationNotifyUserFixIssuesBuildNumber**  The build number of the remediation plug-in.
+- **RemediationNotifyUserFixIssuesDetected**  Indicates whether the remediation is necessary.
+- **RemediationNotifyUserFixIssuesDiskSpace**  Indicates whether the remediation is necessary due to low disk space.
+- **RemediationNotifyUserFixIssuesFeatureUpdateBlocked**  Indicates whether the remediation is necessary due to Feature Updates being blocked.
+- **RemediationNotifyUserFixIssuesFeatureUpdateInProgress**  Indicates whether the remediation is necessary due to Feature Updates in progress.
+- **RemediationNotifyUserFixIssuesIsUserAdmin**  Indicates whether the remediation requires that an Administrator is logged in.
+- **RemediationNotifyUserFixIssuesIsUserLoggedIn**  Indicates whether the remediation can take place when a non-Administrator is logged in.
+- **RemediationProgramDataFolderSizeInMB**  The size (in megabytes) of the Program Data folder on the device.
+- **RemediationProgramFilesFolderSizeInMB**  The size (in megabytes) of the Program Files folder on the device.
+- **RemediationShellDeviceApplicabilityFailedReason**  The reason the Remediation is not applicable to the device (expressed as a bitmap).
+- **RemediationShellDeviceEducationSku**  Indicates whether the Windows 10 Education edition is detected on the device.
+- **RemediationShellDeviceEnterpriseSku**  Indicates whether the Windows 10 Enterprise edition is detected on the device.
+- **RemediationShellDeviceFeatureUpdatesPaused**  Indicates whether Feature Updates are paused on the device.
+- **RemediationShellDeviceHomeSku**  Indicates whether the Windows 10 Home edition is detected on the device.
+- **RemediationShellDeviceIsAllowedSku**  Indicates whether the Windows 10 edition is applicable to the device.
+- **RemediationShellDeviceManaged**  TRUE if the device is WSUS managed or Windows Updated disabled.
+- **RemediationShellDeviceNewOS**  TRUE if the device has a recently installed OS.
+- **RemediationShellDeviceProSku**  Indicates whether a Windows 10 Professional edition is detected.
+- **RemediationShellDeviceQualityUpdatesPaused**  Indicates whether Quality Updates are paused on the device.
+- **RemediationShellDeviceSccm**  TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSedimentMutexInUse**  Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
+- **RemediationShellDeviceSetupMutexInUse**  Indicates whether device setup is in progress.
+- **RemediationShellDeviceWuRegistryBlocked**  Indicates whether the Windows Update is blocked on the device via the registry.
+- **RemediationShellDeviceZeroExhaust**  TRUE if the device has opted out of Windows Updates completely.
+- **RemediationShellHasExpired**  Indicates whether the remediation iterations have ended.
+- **RemediationShellHasUpgraded**  Indicates whether the device upgraded.
+- **RemediationShellIsDeviceApplicable**  Indicates whether the remediation is applicable to the device.
+- **RemediationTargetMachine**  Indicates whether the device is a target of the specified fix.
+- **RemediationTaskHealthAutochkProxy**  True/False based on the health of the AutochkProxy task.
+- **RemediationTaskHealthChkdskProactiveScan**  True/False based on the health of the Check Disk task.
+- **RemediationTaskHealthDiskCleanup_SilentCleanup**  True/False based on the health of the Disk Cleanup task.
+- **RemediationTaskHealthMaintenance_WinSAT**  True/False based on the health of the Health Maintenance task.
+- **RemediationTaskHealthServicing_ComponentCleanupTask**  True/False based on the health of the Health Servicing Component task.
+- **RemediationTaskHealthUSO_ScheduleScanTask**  True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
+- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask**  True/False based on the health of the Windows Update Scheduled Start task.
+- **RemediationTaskHealthWindowsUpdate_SihbootTask**  True/False based on the health of the Sihboot task.
+- **RemediationUHServiceDisabledBitMap**  A bitmap indicating which services were disabled.
+- **RemediationUHServiceNotExistBitMap**  A bitmap indicating which services were deleted.
+- **RemediationUsersFolderSizeInMB**  The size (in megabytes) of the Users folder on the device.
+- **RemediationWindows10UpgradeFolderExist**  Indicates whether the Windows 10 Upgrade folder exists.
+- **RemediationWindows10UpgradeFolderSizeInMB**  The size (in megabytes) of the Windows 10 Upgrade folder on the device.
+- **RemediationWindowsAppsFolderSizeInMB**  The size (in megabytes) of the Windows Applications folder on the device.
+- **RemediationWindowsBtFolderSizeInMB**  The size (in megabytes) of the Windows BT folder on the device.
+- **RemediationWindowsFolderSizeInMB**  The size (in megabytes) of the Windows folder on the device.
+- **RemediationWindowsServiceProfilesFolderSizeInMB**  The size (in megabytes) of the Windows service profile on the device.
+- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
+- **RunTask**  TRUE if SIH task should be run by the plug-in.
+- **StorageSenseDiskCompresserEstimateInMB**  The estimated amount of free space that can be cleaned up by running Storage Sense.
+- **StorageSenseHelloFaceRecognitionFodCleanupEstimateInByte**  The estimated amount of space that can be cleaned up by running Storage Sense and removing Windows Hello facial recognition.
+- **StorageSenseRestorePointCleanupEstimateInMB**  The estimated amount of free space (in megabytes) that can be cleaned up by running Storage Sense.
+- **StorageSenseUserDownloadFolderCleanupEstimateInByte**  The estimated amount of space that can be cleaned up by running Storage Sense to clean up the User Download folder.
+- **TimeServiceNTPServer**  The URL for the NTP time server used by device.
+- **TimeServiceStartType**  The startup type for the NTP time service.
+- **TimeServiceSyncDomainJoined**  True if device domain joined and hence uses DC for clock.
+- **TimeServiceSyncType**  Type of sync behavior for Date & Time service on device.
+- **uninstallActiveValue**  Indicates whether an uninstall is in progress.
+- **UpdateApplicabilityFixerTriggerBitMap**  A bitmap containing the reason(s) why the Update Applicability Fixer Plugin was executed.
+- **UpdateRebootTime**  The amount of time it took to reboot to install the updates.
+- **usoScanHoursSinceLastScan**  The number of hours since the last scan by the Update Service Orchestrator (USO).
+- **usoScanPastThreshold**  Indicates whether the Update Service Orchestrator (USO) scan is overdue.
+- **WindowsHiberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, in megabytes.
+- **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, in megabytes.
+- **WindowsPageFileSysSizeInMegabytes**  The size of the Windows Page file, in megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes**  The size of the Software Distribution folder, in megabytes.
+- **WindowsSwapFileSysSizeInMegabytes**  The size of the Windows Swap file, in megabytes.
+- **WindowsSxsFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) folder, in megabytes.
+
+
+### Microsoft.Windows.Remediation.Completed
+
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **ActionName**  Name of the action to be completed by the plug-in.
+- **AppraiserTaskMissing**  TRUE if the Appraiser task is missing.
+- **branchReadinessLevel**  Branch readiness level policy.
+- **cloudControlState**  Value indicating whether the shell is enabled on the cloud control settings.
+- **CV**  The Correlation Vector.
+- **DiskFreeSpaceAfterSedimentPackInMB**  The amount of free disk space (in megabytes) after executing the Sediment Pack.
+- **DiskFreeSpaceBeforeSedimentPackInMB**  The amount of free disk space (in megabytes) before executing the Sediment Pack.
+- **DiskMbFreeAfterCleanup**  The amount of free hard disk space after cleanup, measured in Megabytes.
+- **DiskMbFreeBeforeCleanup**  The amount of free hard disk space before cleanup, measured in Megabytes.
+- **DiskSpaceCleanedByComponentCleanup**  The amount of disk space (in megabytes) in the component store that was cleaned up by the plug-in.
+- **DiskSpaceCleanedByNGenRemoval**  The amount of diskspace (megabytes) in the Native Image Generator (NGEN) cache that was cleaned up by the plug-in.
+- **DiskSpaceCleanedByRestorePointRemoval**  The amount of disk space (megabytes) in restore points that was cleaned up by the plug-in.
+- **ForcedAppraiserTaskTriggered**  TRUE if Appraiser task ran from the plug-in.
+- **GlobalEventCounter**  Client-side counter that indicates ordering of events sent by the active user.
+- **HandlerCleanupFreeDiskInMegabytes**  The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
+- **hasRolledBack**  Indicates whether the client machine has rolled back.
+- **hasUninstalled**  Indicates whether the client machine has uninstalled a later version of the OS.
+- **hResult**  The result of the event execution.
+- **HResult**  The result of the event execution.
+- **installDate**  The value of installDate registry key. Indicates the install date.
+- **isNetworkMetered**  Indicates whether the client machine has uninstalled a later version of the OS.
+- **LatestState**  The final state of the plug-in component.
+- **MicrosoftCompatibilityAppraiser**  The name of the component targeted by the Appraiser plug-in.
+- **PackageVersion**  The package version for the current Remediation.
+- **PluginName**  The name of the plug-in specified for each generic plug-in event.
+- **QualityUpdateSedimentExecutedPlugins**  The number of plug-ins executed by the Windows Quality Update remediation.
+- **QualityUpdateSedimentFunnelState**  The state of the Windows Quality Update remediation funnel for the device.
+- **QualityUpdateSedimentJsonSchemaVersion**  The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLocalEndTime**  The local time on the device when the Windows Quality Update remediation executed.
+- **QualityUpdateSedimentLocaltTime**  The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentMatchedTriggers**  The list of triggers that were matched by the Windows Quality Update remediation.
+- **QualityUpdateSedimentModelExecutionSeconds**  The number of seconds needed to execute the Windows Quality Update remediation.
+- **recoveredFromTargetOS**  Indicates whether the device recovered from the target operating system (OS).
+- **RemediationBatteryPowerBatteryLevel**  Indicates the battery level at which it is acceptable to continue operation.
+- **RemediationBatteryPowerExitDueToLowBattery**  True when we exit due to low battery power.
+- **RemediationBatteryPowerOnBattery**  True if we allow execution on battery.
+- **RemediationCbsTempDiskSpaceCleanedInMB**  The amount of space (in megabytes) that the plug-in cleaned up in the CbsTemp folder.
+- **RemediationCbsTempEstimateInMB**  The amount of space (megabytes) in the CbsTemp folder that is available for cleanup by the plug-in.
+- **RemediationComponentCleanupEstimateInMB**  The amount of space (megabytes) in the WinSxS (Windows Side-by-Side) folder that is available for cleanup by the plug-in.
+- **RemediationConfigurationTroubleshooterIpconfigFix**  TRUE if IPConfig Fix completed successfully.
+- **RemediationConfigurationTroubleshooterNetShFix**  TRUE if network card cache reset ran successfully.
+- **RemediationCorruptionRepairCorruptionsDetected**  Number of corruptions detected on the device.
+- **RemediationCorruptionRepairCorruptionsFixed**  Number of detected corruptions that were fixed on the device.
+- **RemediationCorruptionRepairPerformActionSuccessful**  Indicates whether corruption repair was successful on the device.
+- **RemediationDiskCleanupSearchFileSizeInMB**  The size of the Cleanup Search index file, measured in megabytes.
+- **RemediationDiskSpaceSavedByCompressionInMB**  The amount of disk space (megabytes) that was compressed by the plug-in.
+- **RemediationDiskSpaceSavedByUserProfileCompressionInMB**  The amount of User disk space (in megabytes) that was compressed by the plug-in.
+- **remediationExecution**  Remediation shell is in "applying remediation" state.
+- **RemediationHandlerCleanupEstimateInMB**  The estimated amount of disk space (in megabytes) to be cleaned up by running Storage Sense.
+- **RemediationHibernationMigrated**  TRUE if hibernation was migrated.
+- **RemediationHibernationMigrationSucceeded**  TRUE if hibernation migration succeeded.
+- **RemediationNGenDiskSpaceRestored**  The amount of disk space (in megabytes) that was restored after re-running the Native Image Generator (NGEN).
+- **RemediationNGenEstimateInMB**  The amount of disk space (in megabytes) estimated to be in the Native Image Generator (NGEN) cache by the plug-in.
+- **RemediationNGenMigrationSucceeded**  Indicates whether the Native Image Generator (NGEN) migration succeeded.
+- **RemediationRestorePointEstimateInMB**  The amount of disk space (in megabytes) estimated to be used by storage points found by the plug-in.
+- **RemediationSearchFileSizeEstimateInMB**  The amount of disk space (megabytes) estimated to be used by the Cleanup Search index file found by the plug-in.
+- **RemediationShellHasUpgraded**  TRUE if the device upgraded.
+- **RemediationShellMinimumTimeBetweenShellRuns**  Indicates the time between shell runs exceeded the minimum required to execute plugins.
+- **RemediationShellRunFromService**  TRUE if the shell driver was run from the service.
+- **RemediationShellSessionIdentifier**  Unique identifier tracking a shell session.
+- **RemediationShellSessionTimeInSeconds**  Indicates the time the shell session took in seconds.
+- **RemediationShellTaskDeleted**  Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
+- **RemediationSoftwareDistributionCleanedInMB**  The amount of disk space (megabytes) in the Software Distribution folder that was cleaned up by the plug-in.
+- **RemediationSoftwareDistributionEstimateInMB**  The amount of disk space (megabytes) in the Software Distribution folder that is available for clean up by the plug-in.
+- **RemediationTotalDiskSpaceCleanedInMB**  The total disk space (in megabytes) that was cleaned up by the plug-in.
+- **RemediationUpdateServiceHealthRemediationResult**  The result of the Update Service Health plug-in.
+- **RemediationUpdateTaskHealthRemediationResult**  The result of the Update Task Health plug-in.
+- **RemediationUpdateTaskHealthTaskList**  A list of tasks fixed by the Update Task Health plug-in.
+- **RemediationUserFolderCompressionEstimateInMB**  The amount of disk space (in megabytes) estimated to be compressible in User folders by the plug-in.
+- **RemediationUserProfileCompressionEstimateInMB**  The amount of disk space (megabytes) estimated to be compressible in User Profile folders by the plug-in.
+- **RemediationUSORebootRequred**  Indicates whether a reboot is determined to be required by calling the Update Service Orchestrator (USO).
+- **RemediationWindowsCompactedEstimateInMB**  The amount of disk space (megabytes) estimated to be available by compacting the operating system using the plug-in.
+- **RemediationWindowsLogSpaceEstimateInMB**  The amount of disk space (in megabytes) available in Windows logs that can be cleaned by the plug-in.
+- **RemediationWindowsLogSpaceFreed**  The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
+- **RemediationWindowsOldSpaceEstimateInMB**  The amount of disk space (megabytes) in the Windows.OLD folder that can be cleaned up by the plug-in.
+- **RemediationWindowsSpaceCompactedInMB**  The amount of disk space (megabytes) that can be cleaned up by the plug-in.
+- **RemediationWindowsStoreSpaceCleanedInMB**  The amount of disk space (megabytes) from the Windows Store cache that was cleaned up by the plug-in.
+- **RemediationWindowsStoreSpaceEstimateInMB**  The amount of disk space (megabytes) in the Windows store cache that is estimated to be cleanable by the plug-in.
+- **Result**  The HRESULT for Detection or Perform Action phases of the plug-in.
+- **RunCount**  The number of times the plugin has executed.
+- **RunResult**  The HRESULT for Detection or Perform Action phases of the plug-in.
+- **ServiceHardeningExitCode**  The exit code returned by Windows Service Repair.
+- **ServiceHealthEnabledBitMap**  List of services updated by the plugin.
+- **ServiceHealthInstalledBitMap**  List of services installed by the plugin.
+- **StorageSenseDiskCompresserTotalInMB**  The total number of megabytes that Storage Sense cleaned up in the User Download folder.
+- **StorageSenseHelloFaceRecognitionFodCleanupTotalInByte**  The amount of space that Storage Sense was able to clean up in the User Download folder by removing Windows Hello facial recognition.
+- **StorageSenseRestorePointCleanupTotalInMB**  The total number of megabytes that Storage Sense cleaned up in the User Download folder.
+- **StorageSenseUserDownloadFolderCleanupTotalInByte**  The total number of bytes that Storage Sense cleaned up in the User Download folder.
+- **systemDriveFreeDiskSpace**  Indicates the free disk space on system drive, in megabytes.
+- **systemUptimeInHours**  Indicates the amount of time the system in hours has been on since the last boot.
+- **uninstallActive**  TRUE if previous uninstall has occurred for current OS
+- **usoScanDaysSinceLastScan**  The number of days since the last USO (Update Session Orchestrator) scan.
+- **usoScanInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsAllowAutoUpdateKeyPresent**  TRUE if the AllowAutoUpdate registry key is set.
+- **usoScanIsAllowAutoUpdateProviderSetKeyPresent**  TRUE if AllowAutoUpdateProviderSet registry key is set.
+- **usoScanIsAuOptionsPresent**  TRUE if Auto Update Options registry key is set.
+- **usoScanIsFeatureUpdateInProgress**  TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsNetworkMetered**  TRUE if the device is currently connected to a metered network.
+- **usoScanIsNoAutoUpdateKeyPresent**  TRUE if no Auto Update registry key is set/present.
+- **usoScanIsUserLoggedOn**  TRUE if the user is logged on.
+- **usoScanPastThreshold**  TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
+- **usoScanType**  The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
+- **windows10UpgraderBlockWuUpdates**  Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
+- **windowsEditionId**  Event to report the value of Windows Edition ID.
+- **WindowsOldSpaceCleanedInMB**  The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
+- **windowsUpgradeRecoveredFromRs4**  Event to report the value of the Windows Upgrade Recovered key.
+
+
+### Microsoft.Windows.Remediation.Started
+
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion**  The version of the current remediation package.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **QualityUpdateSedimentFunnelState**  Provides information about whether quality updates are missing on the device.
+- **QualityUpdateSedimentFunnelType**  Indicates whether the Remediation is for Quality Updates or Feature Updates.
+- **QualityUpdateSedimentJsonSchemaVersion**  The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLastRunSeconds**  The number of seconds since Quality Updates were run.
+- **QualityUpdateSedimentLocaltTime**  The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentMatchedTriggers**  The list of triggers that were matched by the Windows Quality Update Remediation.
+- **QualityUpdateSedimentSelectedPlugins**  The number of plugins that were selected for execution in the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedPlugins**  The list of plug-ins targeted by the current Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedTriggers**  The list of triggers targeted by the current Quality Update Sediment Remediation.
+- **RemediationProgramDataFolderSizeInMB**  The size (in megabytes) of the Program Data folder on the device.
+- **RemediationProgramFilesFolderSizeInMB**  The size (in megabytes) of the Program Files folder on the device.
+- **RemediationUsersFolderSizeInMB**  The size (in megabytes) of the Users folder on the device.
+- **RemediationWindowsAppsFolderSizeInMB**  The size (in megabytes) of the Windows Applications folder on the device.
+- **RemediationWindowsBtFolderSizeInMB**  The size (in megabytes) of the Windows BT folder on the device.
+- **RemediationWindowsFolderSizeInMB**  The size (in megabytes) of the Windows folder on the device.
+- **RemediationWindowsServiceProfilesFolderSizeInMB**  The size (in megabytes) of the Windows Service Profiles folder on the device.
+- **RemediationWindowsTotalSystemDiskSize**  The total storage capacity of the System disk drive, measured in megabytes.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+- **RunCount**  The number of times the remediation event started (whether it completed successfully or not).
+- **WindowsHiberFilSysSizeInMegabytes**  The size of the Windows Hibernation file, measured in megabytes.
+- **WindowsInstallerFolderSizeInMegabytes**  The size of the Windows Installer folder, measured in megabytes.
+- **WindowsOldFolderSizeInMegabytes**  The size of the Windows.OLD folder, measured in megabytes.
+- **WindowsPageFileSysSizeInMegabytes**  The size of the Windows Page file, measured in megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes**  The size of the Software Distribution folder, measured in megabytes.
+- **WindowsSwapFileSysSizeInMegabytes**  The size of the Windows Swap file, measured in megabytes.
+- **WindowsSxsFolderSizeInMegabytes**  The size of the WinSxS (Windows Side-by-Side) folder, measured in megabytes.
+
+
 ## Sediment events
 
 ### Microsoft.Windows.Sediment.Info.DetailedState
@@ -4709,6 +5191,107 @@ The following fields are available:
 - **Time**  The system time at which the phase chance occurred.
 
 
+### Microsoft.Windows.SedimentLauncher.Applicable
+
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **DetectedCondition**  Boolean true if detect condition is true and perform action will be run.
+- **FileVersion**  The version of the data-link library (DLL) that will be applied by the self-update process.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **IsHashMismatch**  Indicates whether the hash is a mismatch.
+- **IsSelfUpdateEnabledInOneSettings**  True if self update enabled in Settings.
+- **IsSelfUpdateNeeded**  True if self update needed by device.
+- **PackageVersion**  Current package version of Remediation.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Completed
+
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **FailedReasons**  Concatenated list of failure reasons.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion**  Current package version of Remediation.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+- **SedLauncherExecutionResult**  HRESULT for one execution of the Sediment Launcher.
+
+
+### Microsoft.Windows.SedimentLauncher.Started
+
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion**  Current package version of Remediation.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Applicable
+
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **DetectedCondition**  Determine whether action needs to run based on device properties.
+- **FileVersion**  The version of the dynamic-link library (DLL) that will be applied by the self-update process.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **IsHashMismatch**  Indicates whether the hash is a mismatch.
+- **IsSelfUpdateEnabledInOneSettings**  Indicates if self update is enabled in One Settings.
+- **IsSelfUpdateNeeded**  Indicates if self update is needed.
+- **PackageVersion**  Current package version of Remediation.
+- **PluginName**  Name of the plugin.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Completed
+
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  Correlation vector.
+- **FailedReasons**  List of reasons when the plugin action failed.
+- **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion**  Current package version of Remediation.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **Result**  This is the HRESULT for detection or perform action phases of the plugin.
+- **SedimentServiceCheckTaskFunctional**  True/False if scheduled task check succeeded.
+- **SedimentServiceCurrentBytes**  Number of current private bytes of memory consumed by sedsvc.exe.
+- **SedimentServiceKillService**  True/False if service is marked for kill (Shell.KillService).
+- **SedimentServiceMaximumBytes**  Maximum bytes allowed for the service.
+- **SedimentServiceRanShell**  Indicates whether the shell was run by the service.
+- **SedimentServiceRetrievedKillService**  True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
+- **SedimentServiceShellRunHResult**  The HRESULT returned when the shell was run by the service.
+- **SedimentServiceStopping**  True/False indicating whether the service is stopping.
+- **SedimentServiceTaskFunctional**  True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
+- **SedimentServiceTotalIterations**  Number of 5 second iterations service will wait before running again.
+
+
+### Microsoft.Windows.SedimentService.Started
+
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates.  A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV**  The Correlation Vector.
+- **GlobalEventCounter**  The client-side counter that indicates ordering of events.
+- **PackageVersion**  The version number of the current remediation package.
+- **PluginName**  Name of the plugin specified for each generic plugin event.
+- **Result**  This is the HRESULT for Detection or Perform Action phases of the plugin.
+
+
 ## Setup events
 
 ### SetupPlatformTel.SetupPlatformTelActivityEvent
@@ -4748,6 +5331,32 @@ The following fields are available:
 - **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
 
 
+## SIH events
+
+### SIHEngineTelemetry.EvalApplicability
+
+This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action.
+
+The following fields are available:
+
+- **ActionReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
+- **AdditionalReasons**  If an action has been assessed as inapplicable, the additional logic prevented it.
+- **CachedEngineVersion**  The engine DLL version that is being used.
+- **EventInstanceID**  A unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **HandlerReasons**  If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
+- **IsExecutingAction**  If the action is presently being executed.
+- **ServiceGuid**  A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.)
+- **SihclientVersion**  The client version that is being used.
+- **StandardReasons**  If an action has been assessed as inapplicable, the standard logic the prevented it.
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
+- **UpdateID**  A unique identifier for the action being acted upon.
+- **WuapiVersion**  The Windows Update API version that is currently installed.
+- **WuaucltVersion**  The Windows Update client version that is currently installed.
+- **WuauengVersion**  The Windows Update engine version that is currently installed.
+- **WUDeviceID**  The unique identifier controlled by the software distribution client.
+
+
 ## Software update events
 
 ### SoftwareUpdateClientTelemetry.CheckForUpdates
@@ -4859,7 +5468,7 @@ The following fields are available:
 - **FlightId**  The specific id of the flight the device is getting
 - **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
 - **RevisionNumber**  Identifies the revision number of this specific piece of content
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **SystemBIOSMajorRelease**  Major release version of the system bios
 - **SystemBIOSMinorRelease**  Minor release version of the system bios
 - **UpdateId**  Identifier associated with the specific piece of content
@@ -4901,7 +5510,7 @@ The following fields are available:
 - **CurrentMobileOperator**  The mobile operator the device is currently connected to.
 - **DeviceModel**  The model of the device.
 - **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadProps**  Information about the download operation.
+- **DownloadProps**  Information about the download operation properties in the form of a bitmask.
 - **DownloadType**  Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
 - **EventInstanceID**  A globally unique identifier for event instance.
 - **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed.
@@ -4935,7 +5544,7 @@ The following fields are available:
 - **RepeatFailCount**  Indicates whether this specific content has previously failed.
 - **RepeatFailFlag**  Indicates whether this specific content previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
-- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
 - **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **SizeCalcTime**  Time (in seconds) taken to calculate the total download size of the payload.
@@ -5117,7 +5726,7 @@ The following fields are available:
 - **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
 - **RepeatFailCount**  Indicates whether this specific piece of content has previously failed.
 - **RevisionNumber**  Identifies the revision number of this specific piece of content.
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
 - **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
 - **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5177,7 +5786,7 @@ The following fields are available:
 - **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
 - **RepeatFailCount**  Indicates whether this specific piece of content previously failed.
 - **RevisionNumber**  Identifies the revision number of this specific piece of content.
-- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
 - **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
 - **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5209,12 +5818,12 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether
 The following fields are available:
 
 - **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl**  The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario**  The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode**  The secondary status code of the event.
+- **EndpointUrl**  URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
 - **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
 - **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode**  The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
+- **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
 - **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
 - **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
 - **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
@@ -5225,8 +5834,8 @@ The following fields are available:
 - **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
 - **SHA256OfTimestampToken**  An encoded string of the timestamp token.
 - **SignatureAlgorithm**  The hash algorithm for the metadata signature.
-- **SLSPrograms**  A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode**  The status code of the event.
+- **SLSPrograms**  A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult)
 - **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
 - **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
 - **UpdateId**  The update ID for a specific piece of content.
@@ -5319,10 +5928,12 @@ The following fields are available:
 - **PackageCountTotalCanonical**  Total number of canonical packages.
 - **PackageCountTotalDiff**  Total number of diff packages.
 - **PackageCountTotalExpress**  Total number of express packages.
+- **PackageCountTotalPSFX**  The total number of PSFX packages.
 - **PackageExpressType**  Type of express package.
 - **PackageSizeCanonical**  Size of canonical packages in bytes.
 - **PackageSizeDiff**  Size of diff packages in bytes.
 - **PackageSizeExpress**  Size of express packages in bytes.
+- **PackageSizePSFX**  The size of PSFX packages, in bytes.
 - **RangeRequestState**  Indicates the range request type used.
 - **RelatedCV**  Correlation vector value generated from the latest USO scan.
 - **Result**  Outcome of the download request phase of update.
@@ -5918,14 +6529,21 @@ Result of the WaaSMedic operation.
 The following fields are available:
 
 - **callerApplication**  The name of the calling application.
+- **capsuleCount**  The number of Sediment Pack capsules.
+- **capsuleFailureCount**  The number of capsule failures.
 - **detectionSummary**  Result of each applicable detection that was run.
 - **featureAssessmentImpact**  WaaS Assessment impact for feature updates.
+- **hrEngineBlockReason**  Indicates the reason for stopping WaaSMedic.
 - **hrEngineResult**  Error code from the engine operation.
+- **hrLastSandboxError**  The last error sent by the WaaSMedic sandbox.
+- **initSummary**  Summary data of the initialization method.
 - **insufficientSessions**  Device not eligible for diagnostics.
 - **isInteractiveMode**  The user started a run of WaaSMedic.
 - **isManaged**  Device is managed for updates.
 - **isWUConnected**  Device is connected to Windows Update.
 - **noMoreActions**  No more applicable diagnostics.
+- **pluginFailureCount**  The number of plugins that have failed.
+- **pluginsCount**  The number of plugins.
 - **qualityAssessmentImpact**  WaaS Assessment impact for quality updates.
 - **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
 - **usingBackupFeatureAssessment**  Relying on backup feature assessment.
@@ -5983,7 +6601,7 @@ The following fields are available:
 - **PertProb**  The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
 
 
-## Microsoft Store events
+## Windows Store events
 
 ### Microsoft.Windows.Store.StoreActivating
 
@@ -6422,6 +7040,7 @@ The following fields are available:
 - **bytesFromCDN**  The number of bytes received from a CDN source.
 - **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
 - **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLinkLocalPeers**  The number of bytes received from local peers.
 - **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
 - **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
 - **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
@@ -6473,6 +7092,7 @@ The following fields are available:
 - **downloadModeReason**  Reason for the download.
 - **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
 - **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt**  The time when the content will expire from the Delivery Optimization Cache.
 - **fileID**  The ID of the file being downloaded.
 - **fileSize**  The size of the file being downloaded.
 - **gCurMemoryStreamBytes**  Current usage for memory streaming.
@@ -7462,6 +8082,21 @@ The following fields are available:
 - **ReturnCode**  The return code of the function.
 
 
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+The following fields are available:
+
+- **ClientId**  The ID of the caller application.
+- **Flags**  The enumerated flags used to initialize the manager.
+- **FlightId**  The flight ID of the content the calling client is currently operating with.
+- **Offline**  Indicates whether or the reserve manager is called during offline operations.
+- **PolicyPassed**  Indicates whether the machine is able to use reserves.
+- **ReturnCode**  Return code of the operation.
+- **Version**  The version of the Update Reserve Manager.
+
+
 ### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
 
 This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
@@ -7484,6 +8119,8 @@ This event is sent when the Update Reserve Manager needs to adjust the size of t
 The following fields are available:
 
 - **ChangeSize**  The change in the hard reserve size based on the addition or removal of optional content.
+- **Disposition**  The parameter for the hard reserve adjustment function.
+- **Flags**  The flags passed to the hard reserve adjustment function.
 - **PendingHardReserveAdjustment**  The final change to the hard reserve size.
 - **UpdateType**  Indicates whether the change is an increase or decrease in the size of the hard reserve.
 
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
new file mode 100644
index 0000000000..9f8a2900c9
--- /dev/null
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -0,0 +1,7937 @@
+---
+description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
+title: Windows 10, version 1903 basic diagnostic events and fields (Windows 10)
+keywords: privacy, telemetry
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: high
+author: brianlic-msft
+ms.author: brianlic
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: article
+audience: ITPro
+ms.date: 04/23/2019
+---
+
+
+# Windows 10, version 1903 basic level Windows diagnostic events and fields
+
+ **Applies to**
+
+- Windows 10, version 1903
+
+
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
+
+The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
+
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
+
+You can learn more about Windows functional and diagnostic data through these articles:
+
+
+- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
+- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
+- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
+- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
+## AppLocker events
+
+### Microsoft.Windows.Security.AppLockerCSP.AddParams
+
+Parameters passed to Add function of the AppLockerCSP Node.
+
+The following fields are available:
+
+- **child**  The child URI of the node to add.
+- **uri**  URI of the node relative to %SYSTEM32%/AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStart
+
+Start of "Add" Operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStop
+
+End of "Add" Operation for AppLockerCSP Node.
+
+The following fields are available:
+
+- **hr**  The HRESULT returned by Add function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit
+
+This event returns information about the “Commit” operation in AppLockerCSP.
+
+The following fields are available:
+
+- **oldId**  The unique identifier for the most recent previous CSP transaction.
+- **txId**  The unique identifier for the current CSP transaction.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback
+
+Result of the 'Rollback' operation in AppLockerCSP.
+
+The following fields are available:
+
+- **oldId**  Previous id for the CSP transaction.
+- **txId**  Current id for the CSP transaction.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearParams
+
+Parameters passed to the "Clear" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **uri**  The URI relative to the %SYSTEM32%\AppLocker folder.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStart
+
+Start of the "Clear" operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStop
+
+End of the "Clear" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr**  HRESULT reported at the end of the 'Clear' function.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart
+
+Start of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **NotifyState**  State sent by ConfigManager to AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop
+
+End of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **hr**  HRESULT returned by the ConfigManagerNotification function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams
+
+Parameters passed to the CreateNodeInstance function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **NodeId**  NodeId passed to CreateNodeInstance.
+- **nodeOps**  NodeOperations parameter passed to CreateNodeInstance.
+- **uri**  URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart
+
+Start of the "CreateNodeInstance" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop
+
+End of the "CreateNodeInstance" operation for the AppLockerCSP node
+
+The following fields are available:
+
+- **hr**  HRESULT returned by the CreateNodeInstance function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams
+
+Parameters passed to the DeleteChild function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **child**  The child URI of the node to delete.
+- **uri**  URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart
+
+Start of the "DeleteChild" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop
+
+End of the "DeleteChild" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr**  HRESULT returned by the DeleteChild function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies
+
+Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present.
+
+The following fields are available:
+
+- **uri**  URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams
+
+Parameters passed to the GetChildNodeNames function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **uri**  URI relative to %SYSTEM32%/AppLocker for MDM node.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart
+
+Start of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop
+
+End of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **child[0]**  If function succeeded, the first child's name, else "NA".
+- **count**  If function succeeded, the number of child node names returned by the function, else 0.
+- **hr**  HRESULT returned by the GetChildNodeNames function of AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetLatestId
+
+The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID).
+
+The following fields are available:
+
+- **dirId**  The latest directory identifier found by GetLatestId.
+- **id**  The id returned by GetLatestId if id > 0 - otherwise the dirId parameter.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.HResultException
+
+HRESULT thrown by any arbitrary function in AppLockerCSP.
+
+The following fields are available:
+
+- **file**  File in the OS code base in which the exception occurs.
+- **function**  Function in the OS code base in which the exception occurs.
+- **hr**  HRESULT that is reported.
+- **line**  Line in the file in the OS code base in which the exception occurs.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStart
+
+Indicates the start of a call to the IsDependencySatisfied function in the Configuration Service Provider (CSP).
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStop
+
+Indicates the end of an IsDependencySatisfied function call in the Configuration Service Provider (CSP).
+
+The following fields are available:
+
+- **edpActive**  Indicates whether enterprise data protection is active.
+- **hr**  HRESULT that is reported.
+- **internalHr**  Internal HRESULT that is reported.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueParams
+
+Parameters passed to the SetValue function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **dataLength**  Length of the value to set.
+- **uri**  The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStart
+
+Start of the "SetValue" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStop
+
+End of the "SetValue" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr**  HRESULT returned by the SetValue function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies
+
+EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed.
+
+The following fields are available:
+
+- **uri**  URI for node relative to %SYSTEM32%/AppLocker.
+
+
+## Appraiser events
+
+### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
+
+This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client.
+
+The following fields are available:
+
+- **DatasourceApplicationFile_19A**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19ASetup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19H1**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS5**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_TH2**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19A**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19ASetup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19H1**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS5**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_TH2**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19A**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19ASetup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19H1**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS5**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_TH2**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19A**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19ASetup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_TH2**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19A**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19ASetup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_TH2**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19A**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19ASetup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19H1**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS1**  The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_TH2**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19A**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19ASetup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19H1**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS4**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS5**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19A**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19A**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19A**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19A**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19A**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19A**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19H1Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS1**  The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19A**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19H1Setup**  The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS4**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS5**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_TH2**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19A**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19ASetup**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19H1**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19H1Setup**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS4**  The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
+- **DecisionSystemBios_RS5**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS5Setup**  The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_TH2**  The count of the number of this particular object type present on this device.
+- **InventoryApplicationFile**  The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack**  The count of the number of this particular object type present on this device.
+- **InventoryMediaCenter**  The count of the number of this particular object type present on this device.
+- **InventorySystemBios**  The count of the number of this particular object type present on this device.
+- **InventoryUplevelDriverPackage**  The count of the number of this particular object type present on this device.
+- **PCFP**  The count of the number of this particular object type present on this device.
+- **SystemMemory**  The count of the number of this particular object type present on this device.
+- **SystemProcessorCompareExchange**  The count of the number of this particular object type present on this device.
+- **SystemProcessorLahfSahf**  The count of the number of this particular object type present on this device.
+- **SystemProcessorNx**  The total number of objects of this type present on this device.
+- **SystemProcessorPrefetchW**  The total number of objects of this type present on this device.
+- **SystemProcessorSse2**  The total number of objects of this type present on this device.
+- **SystemTouch**  The count of the number of this particular object type present on this device.
+- **SystemWim**  The total number of objects of this type present on this device.
+- **SystemWindowsActivationStatus**  The count of the number of this particular object type present on this device.
+- **SystemWlan**  The total number of objects of this type present on this device.
+- **Wmdrm_19A**  The count of the number of this particular object type present on this device.
+- **Wmdrm_19ASetup**  The count of the number of this particular object type present on this device.
+- **Wmdrm_19H1**  The count of the number of this particular object type present on this device.
+- **Wmdrm_19H1Setup**  The total Wmdrm objects targeting the next release of Windows on this device.
+- **Wmdrm_RS4**  The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
+- **Wmdrm_RS5**  The count of the number of this particular object type present on this device.
+- **Wmdrm_RS5Setup**  The count of the number of this particular object type present on this device.
+- **Wmdrm_TH2**  The count of the number of this particular object type present on this device.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
+
+Represents the basic metadata about specific application files installed on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file that is generating the events.
+- **AvDisplayName**  If the app is an anti-virus app, this is its display name.
+- **CompatModelIndex**  The compatibility prediction for this file.
+- **HasCitData**  Indicates whether the file is present in CIT data.
+- **HasUpgradeExe**  Indicates whether the anti-virus app has an upgrade.exe file.
+- **IsAv**  Is the file an anti-virus reporting EXE?
+- **ResolveAttempted**  This will always be an empty string when sending telemetry.
+- **SdbEntries**  An array of fields that indicates the SDB entries that apply to this file.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
+
+This event indicates that the DatasourceApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
+
+This event indicates that a new set of DatasourceApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
+
+This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **ActiveNetworkConnection**  Indicates whether the device is an active network device.
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+- **CosDeviceRating**  An enumeration that indicates if there is a driver on the target operating system.
+- **CosDeviceSolution**  An enumeration that indicates how a driver on the target operating system is available.
+- **CosDeviceSolutionUrl**  Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string
+- **CosPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage data.
+- **IsBootCritical**  Indicates whether the device boot is critical.
+- **UplevelInboxDriver**  Indicates whether there is a driver uplevel for this device.
+- **WuDriverCoverage**  Indicates whether there is a driver uplevel for this device, according to Windows Update.
+- **WuDriverUpdateId**  The Windows Update ID of the applicable uplevel driver.
+- **WuPopulatedFromId**  The expected uplevel driver matching ID based on driver coverage from Windows Update.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
+
+This event indicates that the DatasourceDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
+
+This event indicates that a new set of DatasourceDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
+
+This event sends compatibility database data about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
+
+This event indicates that the DatasourceDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
+
+This event indicates that a new set of DatasourceDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
+
+This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
+
+This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
+
+This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
+
+This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
+
+This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
+
+This event indicates that a new set of DatasourceSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
+
+This event sends compatibility decision data about a file to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file that is generating the events.
+- **BlockAlreadyInbox**  The uplevel runtime block on the file already existed on the current OS.
+- **BlockingApplication**  Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
+- **DisplayGenericMessage**  Will be a generic message be shown for this file?
+- **DisplayGenericMessageGated**  Indicates whether a generic message be shown for this file.
+- **HardBlock**  This file is blocked in the SDB.
+- **HasUxBlockOverride**  Does the file have a block that is overridden by a tag in the SDB?
+- **MigApplication**  Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
+- **MigRemoval**  Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
+- **NeedsDismissAction**  Will the file cause an action that can be dimissed?
+- **NeedsInstallPostUpgradeData**  After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
+- **NeedsNotifyPostUpgradeData**  Does the file have a notification that should be shown after upgrade?
+- **NeedsReinstallPostUpgradeData**  After upgrade, this file will have a post-upgrade notification to reinstall the app.
+- **NeedsUninstallAction**  The file must be uninstalled to complete the upgrade.
+- **SdbBlockUpgrade**  The file is tagged as blocking upgrade in the SDB,
+- **SdbBlockUpgradeCanReinstall**  The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
+- **SdbBlockUpgradeUntilUpdate**  The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
+- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
+- **SdbReinstallUpgradeWarn**  The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
+- **SoftBlock**  The file is softblocked in the SDB and has a warning.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
+
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
+
+This event indicates that a new set of DecisionApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
+
+This event sends compatibility decision data about a PNP device to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+- **AssociatedDriverIsBlocked**  Is the driver associated with this PNP device blocked?
+- **AssociatedDriverWillNotMigrate**  Will the driver associated with this plug-and-play device migrate?
+- **BlockAssociatedDriver**  Should the driver associated with this PNP device be blocked?
+- **BlockingDevice**  Is this PNP device blocking upgrade?
+- **BlockUpgradeIfDriverBlocked**  Is the PNP device both boot critical and does not have a driver included with the OS?
+- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork**  Is this PNP device the only active network device?
+- **DisplayGenericMessage**  Will a generic message be shown during Setup for this PNP device?
+- **DisplayGenericMessageGated**  Indicates whether a generic message will be shown during Setup for this PNP device.
+- **DriverAvailableInbox**  Is a driver included with the operating system for this PNP device?
+- **DriverAvailableOnline**  Is there a driver for this PNP device on Windows Update?
+- **DriverAvailableUplevel**  Is there a driver on Windows Update or included with the operating system for this PNP device?
+- **DriverBlockOverridden**  Is there is a driver block on the device that has been overridden?
+- **NeedsDismissAction**  Will the user would need to dismiss a warning during Setup for this device?
+- **NotRegressed**  Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
+- **SdbDeviceBlockUpgrade**  Is there an SDB block on the PNP device that blocks upgrade?
+- **SdbDriverBlockOverridden**  Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
+
+This event indicates that the DecisionDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
+
+The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
+
+This event sends decision data about driver package compatibility to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for this driver package.
+- **DriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+- **DriverIsDeviceBlocked**  Was the driver package was blocked because of a device block?
+- **DriverIsDriverBlocked**  Is the driver package blocked because of a driver block?
+- **DriverIsTroubleshooterBlocked**  Indicates whether the driver package is blocked because of a troubleshooter block.
+- **DriverShouldNotMigrate**  Should the driver package be migrated during upgrade?
+- **SdbDriverBlockOverridden**  Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
+
+This event indicates that the DecisionDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
+
+This event indicates that a new set of DecisionDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
+
+This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser file generating the events.
+- **BlockingApplication**  Are there are any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessage**  Will a generic message be shown for this block?
+- **NeedsUninstallAction**  Does the user need to take an action in setup due to a matching info block?
+- **SdbBlockUpgrade**  Is a matching info block blocking upgrade?
+- **SdbBlockUpgradeCanReinstall**  Is a matching info block blocking upgrade, but has the can reinstall tag?
+- **SdbBlockUpgradeUntilUpdate**  Is a matching info block blocking upgrade but has the until update tag?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
+
+This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
+
+This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **BlockingApplication**  Are there any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown due to matching info blocks.
+- **MigApplication**  Is there a matching info block with a mig for the current mode of upgrade?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
+
+This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **NeedsInstallPostUpgradeData**  Will the file have a notification after upgrade to install a replacement for the app?
+- **NeedsNotifyPostUpgradeData**  Should a notification be shown for this file after upgrade?
+- **NeedsReinstallPostUpgradeData**  Will the file have a notification after upgrade to reinstall the app?
+- **SdbReinstallUpgrade**  The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
+
+This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **BlockingApplication**  Is there any application issues that interfere with upgrade due to Windows Media Center?
+- **MediaCenterActivelyUsed**  If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
+- **MediaCenterIndicators**  Do any indicators imply that Windows Media Center is in active use?
+- **MediaCenterInUse**  Is Windows Media Center actively being used?
+- **MediaCenterPaidOrActivelyUsed**  Is Windows Media Center actively being used or is it running on a supported edition?
+- **NeedsDismissAction**  Are there any actions that can be dismissed coming from Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
+
+This event indicates that a new set of DecisionMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
+
+This event sends compatibility decision data about the BIOS to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **Blocking**  Is the device blocked from upgrade due to a BIOS block?
+- **DisplayGenericMessageGated**  Indicates whether a generic offer block message will be shown for the bios.
+- **HasBiosBlock**  Does the device have a BIOS block?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
+
+This event indicates that a new set of DecisionSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.GatedRegChange
+
+This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
+
+The following fields are available:
+
+- **NewData**  The data in the registry value after the scan completed.
+- **OldData**  The previous data in the registry value before the scan ran.
+- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
+- **RegKey**  The registry key name for which a result is being sent.
+- **RegValue**  The registry value for which a result is being sent.
+- **Time**  The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
+
+This event represents the basic metadata about a file on the system.  The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **AvDisplayName**  If the app is an antivirus app, this is its display name.
+- **AvProductState**  Indicates whether the antivirus program is turned on and the signatures are up to date.
+- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
+- **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
+- **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
+- **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
+- **CompanyName**  The company name of the vendor who developed this file.
+- **FileId**  A hash that uniquely identifies a file.
+- **FileVersion**  The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe**  Indicates whether the antivirus app has an upgrade.exe file.
+- **IsAv**  Indicates whether the file an antivirus reporting EXE.
+- **LinkDate**  The date and time that this file was linked on.
+- **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
+- **Name**  The name of the file that was inventoried.
+- **ProductName**  The Product name field from the file metadata under Properties -> Details.
+- **ProductVersion**  The Product version field from the file metadata under Properties -> Details.
+- **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
+- **Size**  The size of the file (in hexadecimal bytes).
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
+
+This event indicates that the InventoryApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
+
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
+
+This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **HasLanguagePack**  Indicates whether this device has 2 or more language packs.
+- **LanguagePackCount**  The number of language packs are installed.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
+
+This event indicates that the InventoryLanguagePack object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
+
+This event indicates that a new set of InventoryLanguagePackAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
+
+This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **EverLaunched**  Has Windows Media Center ever been launched?
+- **HasConfiguredTv**  Has the user configured a TV tuner through Windows Media Center?
+- **HasExtendedUserAccounts**  Are any Windows Media Center Extender user accounts configured?
+- **HasWatchedFolders**  Are any folders configured for Windows  Media Center to watch?
+- **IsDefaultLauncher**  Is Windows Media Center the default app for opening music or video files?
+- **IsPaid**  Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
+- **IsSupported**  Does the running OS support Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
+
+This event indicates that the InventoryMediaCenter object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
+
+This event indicates that a new set of InventoryMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
+
+This event sends basic metadata about the BIOS to determine whether it has a compatibility block.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **BiosDate**  The release date of the BIOS in UTC format.
+- **BiosName**  The name field from Win32_BIOS.
+- **Manufacturer**  The manufacturer field from Win32_ComputerSystem.
+- **Model**  The model field from Win32_ComputerSystem.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
+
+This event indicates that a new set of InventorySystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
+
+This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **BootCritical**  Is the driver package marked as boot critical?
+- **Build**  The build value from the driver package.
+- **CatalogFile**  The name of the catalog file within the driver package.
+- **Class**  The device class from the driver package.
+- **ClassGuid**  The device class unique ID from the driver package.
+- **Date**  The date from the driver package.
+- **Inbox**  Is the driver package of a driver that is included with Windows?
+- **OriginalName**  The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
+- **Provider**  The provider of the driver package.
+- **PublishedName**  The name of the INF file after it was renamed.
+- **Revision**  The revision of the driver package.
+- **SignatureStatus**  Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
+- **VersionMajor**  The major version of the driver package.
+- **VersionMinor**  The minor version of the driver package.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
+
+This event indicates that the InventoryUplevelDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
+
+This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.RunContext
+
+This event indicates what should be expected in the data payload.
+
+The following fields are available:
+
+- **AppraiserBranch**  The source branch in which the currently running version of Appraiser was built.
+- **AppraiserProcess**  The name of the process that launched Appraiser.
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **CensusId**  A unique hardware identifier.
+- **Context**  Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
+- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
+- **Subcontext**  Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan.
+- **Time**  The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
+
+This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **Blocking**  Is the device from upgrade due to memory restrictions?
+- **MemoryRequirementViolated**  Was a memory requirement violated?
+- **pageFile**  The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
+- **ram**  The amount of memory on the device.
+- **ramKB**  The amount of memory (in KB).
+- **virtual**  The size of the user-mode portion of the virtual address space of the calling process (in bytes).
+- **virtualKB**  The amount of virtual memory (in KB).
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
+
+This event indicates that a new set of SystemMemoryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
+
+This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **Blocking**  Is the upgrade blocked due to the processor?
+- **CompareExchange128Support**  Does the CPU support CompareExchange128?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
+
+This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
+
+This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **Blocking**  Is the upgrade blocked due to the processor?
+- **LahfSahfSupport**  Does the CPU support LAHF/SAHF?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
+
+This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
+
+This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **Blocking**  Is the upgrade blocked due to the processor?
+- **NXDriverResult**  The result of the driver used to do a non-deterministic check for NX support.
+- **NXProcessorSupport**  Does the processor support NX?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
+
+This event  indicates that a new set of SystemProcessorNxAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
+
+This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **Blocking**  Is the upgrade blocked due to the processor?
+- **PrefetchWSupport**  Does the processor support PrefetchW?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
+
+This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
+
+This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **Blocking**  Is the upgrade blocked due to the processor?
+- **SSE2ProcessorSupport**  Does the processor support SSE2?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
+
+This event indicates that a new set of SystemProcessorSse2Add events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchAdd
+
+This event sends data indicating whether the system supports touch, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **IntegratedTouchDigitizerPresent**  Is there an integrated touch digitizer?
+- **MaximumTouches**  The maximum number of touch points supported by the device hardware.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
+
+This event indicates that a new set of SystemTouchAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimAdd
+
+This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **IsWimBoot**  Is the current operating system running from a compressed WIM file?
+- **RegistryWimBootValue**  The raw value from the registry that is used to indicate if the device is running from a WIM.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimStartSync
+
+This event indicates that a new set of SystemWimAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
+
+This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **WindowsIsLicensedApiValue**  The result from the API that's used to indicate if operating system is activated.
+- **WindowsNotActivatedDecision**  Is the current operating system activated?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
+
+This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **Blocking**  Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock**  Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver**  Does the device have an emulated WLAN driver?
+- **WlanExists**  Does the device support WLAN at all?
+- **WlanModulePresent**  Are any WLAN modules present?
+- **WlanNativeDriver**  Does the device have a non-emulated WLAN driver?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
+
+This event indicates that a new set of SystemWlanAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
+
+This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserBranch**  The source branch in which the version of Appraiser that is running was built.
+- **AppraiserDataVersion**  The version of the data files being used by the Appraiser telemetry run.
+- **AppraiserProcess**  The name of the process that launched Appraiser.
+- **AppraiserVersion**  The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
+- **AuxFinal**  Obsolete, always set to false.
+- **AuxInitial**  Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
+- **DeadlineDate**  A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
+- **EnterpriseRun**  Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
+- **FullSync**  Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
+- **InboxDataVersion**  The original version of the data files before retrieving any newer version.
+- **IndicatorsWritten**  Indicates if all relevant UEX indicators were successfully written or updated.
+- **InventoryFullSync**  Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
+- **PCFP**  An ID for the system calculated by hashing hardware identifiers.
+- **PerfBackoff**  Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
+- **PerfBackoffInsurance**  Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
+- **RunAppraiser**  Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
+- **RunDate**  The date that the telemetry run was stated, expressed as a filetime.
+- **RunGeneralTel**  Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
+- **RunOnline**  Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
+- **RunResult**  The hresult of the Appraiser telemetry run.
+- **ScheduledUploadDay**  The day scheduled for the upload.
+- **SendingUtc**  Indicates if the Appraiser client is sending events during the current telemetry run.
+- **StoreHandleIsNotNull**  Obsolete, always set to false
+- **TelementrySent**  Indicates if telemetry was successfully sent.
+- **ThrottlingUtc**  Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
+- **Time**  The client time of the event.
+- **VerboseMode**  Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
+- **WhyFullSyncWithoutTablePrefix**  Indicates the reason or reasons that a full sync was generated.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmAdd
+
+This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+- **BlockingApplication**  Same as NeedsDismissAction.
+- **NeedsDismissAction**  Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
+- **WmdrmApiResult**  Raw value of the API used to gather DRM state.
+- **WmdrmCdRipped**  Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
+- **WmdrmIndicators**  WmdrmCdRipped OR WmdrmPurchased.
+- **WmdrmInUse**  WmdrmIndicators AND dismissible block in setup was not dismissed.
+- **WmdrmNonPermanent**  Indicates if the system has any files with non-permanent licenses.
+- **WmdrmPurchased**  Indicates if the system has any files with permanent licenses.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmStartSync
+
+This event indicates that a new set of WmdrmAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion**  The version of the Appraiser file that is generating the events.
+
+
+## Audio endpoint events
+
+### MicArrayGeometry
+
+This event provides information about the layout of the individual microphone elements in the microphone array.
+
+The following fields are available:
+
+- **MicCoords**  The location and orientation of the microphone element.
+- **usFrequencyBandHi**  The high end of the frequency range for the microphone.
+- **usFrequencyBandLo**  The low end of the frequency range for the microphone.
+- **usMicArrayType**  The type of the microphone array.
+- **usNumberOfMicrophones**  The number of microphones in the array.
+- **usVersion**  The version of the microphone array specification.
+- **wHorizontalAngleBegin**  The horizontal angle of the start of the working volume (reported as radians times 10,000).
+- **wHorizontalAngleEnd**  The horizontal angle of the end of the working volume (reported as radians times 10,000).
+- **wVerticalAngleBegin**  The vertical angle of the start of the working volume (reported as radians times 10,000).
+- **wVerticalAngleEnd**  The vertical angle of the end of the working volume (reported as radians times 10,000).
+
+
+### MicCoords
+
+This event provides information about the location and orientation of the microphone element.
+
+The following fields are available:
+
+- **usType**  The type of microphone.
+- **wHorizontalAngle**  The horizontal angle of the microphone (reported as radians times 10,000).
+- **wVerticalAngle**  The vertical angle of the microphone (reported as radians times 10,000).
+- **wXCoord**  The x-coordinate of the microphone.
+- **wYCoord**  The y-coordinate of the microphone.
+- **wZCoord**  The z-coordinate of the microphone.
+
+
+### Microsoft.Windows.Audio.EndpointBuilder.DeviceInfo
+
+This event logs the successful enumeration of an audio endpoint (such as a microphone or speaker) and provides information about the audio endpoint.
+
+The following fields are available:
+
+- **BusEnumeratorName**  The name of the bus enumerator (for example, HDAUDIO or USB).
+- **ContainerId**  An identifier that uniquely groups the functional devices associated with a single-function or multifunction device.
+- **DeviceInstanceId**  The unique identifier for this instance of the device.
+- **EndpointDevnodeId**  The IMMDevice identifier of the associated devnode.
+- **endpointEffectClsid**  The COM Class Identifier (CLSID) for the endpoint effect audio processing object.
+- **endpointEffectModule**  Module name for the endpoint effect audio processing object.
+- **EndpointFormFactor**  The enumeration value for the form factor of the endpoint device (for example speaker, microphone, remote  network device).
+- **endpointID**  The unique identifier for the audio endpoint.
+- **endpointInstanceId**  The unique identifier for the software audio endpoint. Used for joining to other audio event.
+- **Flow**  Indicates whether the endpoint is capture (1) or render (0).
+- **globalEffectClsid**  COM Class Identifier (CLSID) for the legacy global effect audio processing object.
+- **globalEffectModule**  Module name for the legacy global effect audio processing object.
+- **HWID**  The hardware identifier for the endpoint.
+- **IsBluetooth**  Indicates whether the device is a Bluetooth device.
+- **isFarField**  A flag indicating whether the microphone endpoint is capable of hearing far field audio.
+- **IsSideband**  Indicates whether the device is a sideband device.
+- **IsUSB**  Indicates whether the device is a USB device.
+- **JackSubType**  A unique ID representing the KS node type of the endpoint.
+- **localEffectClsid**  The COM Class Identifier (CLSID) for the legacy local effect audio processing object.
+- **localEffectModule**  Module name for the legacy local effect audio processing object.
+- **MicArrayGeometry**  Describes the microphone array, including the microphone position, coordinates, type, and frequency range. See [MicArrayGeometry](#micarraygeometry).
+- **modeEffectClsid**  The COM Class Identifier (CLSID) for the mode effect audio processing object.
+- **modeEffectModule**  Module name for the mode effect audio processing object.
+- **persistentId**  A unique ID for this endpoint which is retained across migrations.
+- **streamEffectClsid**  The COM Class Identifier (CLSID) for the stream effect audio processing object.
+- **streamEffectModule**  Module name for the stream effect audio processing object.
+
+
+## Census events
+
+### Census.App
+
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserEnterpriseErrorCode**  The error code of the last Appraiser enterprise run.
+- **AppraiserErrorCode**  The error code of the last Appraiser run.
+- **AppraiserRunEndTimeStamp**  The end time of the last Appraiser run.
+- **AppraiserRunIsInProgressOrCrashed**  Flag that indicates if the Appraiser run is in progress or has crashed.
+- **AppraiserRunStartTimeStamp**  The start time of the last Appraiser run.
+- **AppraiserTaskEnabled**  Whether the Appraiser task is enabled.
+- **AppraiserTaskExitCode**  The Appraiser task exist code.
+- **AppraiserTaskLastRun**  The last runtime for the Appraiser task.
+- **CensusVersion**  The version of Census that generated the current data for this device.
+- **IEVersion**  The version of Internet Explorer that is running on the device.
+
+
+### Census.Azure
+
+This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets.
+
+The following fields are available:
+
+- **CloudCoreBuildEx**  The Azure CloudCore build number.
+- **CloudCoreSupportBuildEx**  The Azure CloudCore support build number.
+- **NodeID**  The node identifier on the device that indicates whether the device is part of the Azure fleet.
+
+
+### Census.Battery
+
+This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
+- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
+- **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
+- **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
+- **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
+
+
+### Census.Camera
+
+This event sends data about the resolution of cameras on the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FrontFacingCameraResolution**  Represents the resolution of the front facing camera in megapixels. If a front facing camera does not exist, then the value is 0.
+- **RearFacingCameraResolution**  Represents the resolution of the rear facing camera in megapixels. If a rear facing camera does not exist, then the value is 0.
+
+
+### Census.Enterprise
+
+This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment.
+
+The following fields are available:
+
+- **AADDeviceId**  Azure Active Directory device ID.
+- **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
+- **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
+- **CDJType**  Represents the type of cloud domain joined for the machine.
+- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
+- **ContainerType**  The type of container, such as process or virtual machine hosted.
+- **EnrollmentType**  Defines the type of MDM enrollment on the device.
+- **HashedDomain**  The hashed representation of the user domain used for login.
+- **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (AAD) tenant? true/false
+- **IsDERequirementMet**  Represents if the device can do device encryption.
+- **IsDeviceProtected**  Represents if Device protected by BitLocker/Device Encryption
+- **IsDomainJoined**  Indicates whether a machine is joined to a domain.
+- **IsEDPEnabled**  Represents if Enterprise data protected on the device.
+- **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
+- **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+
+
+### Census.Firmware
+
+This event sends data about the BIOS and startup embedded in the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FirmwareManufacturer**  Represents the manufacturer of the device's firmware (BIOS).
+- **FirmwareReleaseDate**  Represents the date the current firmware was released.
+- **FirmwareType**  Represents the firmware type. The various types can be unknown, BIOS, UEFI.
+- **FirmwareVersion**  Represents the version of the current firmware.
+
+
+### Census.Flighting
+
+This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DeviceSampleRate**  The telemetry sample rate assigned to the device.
+- **DriverTargetRing**  Indicates if the device is participating in receiving pre-release drivers and firmware contrent.
+- **EnablePreviewBuilds**  Used to enable Windows Insider builds on a device.
+- **FlightIds**  A list of the different Windows Insider builds on this device.
+- **FlightingBranchName**  The name of the Windows Insider branch currently used by the device.
+- **IsFlightsDisabled**  Represents if the device is participating in the Windows Insider program.
+- **MSA_Accounts**  Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
+- **SSRK**  Retrieves the mobile targeting settings.
+
+
+### Census.Hardware
+
+This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActiveMicCount**  The number of active microphones attached to the device.
+- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
+- **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
+- **D3DMaxFeatureLevel**  Supported Direct3D version.
+- **DeviceForm**  Indicates the form as per the device classification.
+- **DeviceName**  The device name that is set by the user.
+- **DigitizerSupport**  Is a digitizer supported?
+- **DUID**  The device unique ID.
+- **Gyroscope**  Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
+- **InventoryId**  The device ID used for compatibility testing.
+- **Magnetometer**  Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
+- **NFCProximity**  Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
+- **OEMDigitalMarkerFileName**  The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
+- **OEMManufacturerName**  The device manufacturer name.  The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
+- **OEMModelBaseBoard**  The baseboard model used by the OEM.
+- **OEMModelBaseBoardVersion**  Differentiates between developer and retail devices.
+- **OEMModelName**  The device model name.
+- **OEMModelNumber**  The device model number.
+- **OEMModelSKU**  The device edition that is defined by the manufacturer.
+- **OEMModelSystemFamily**  The system family set on the device by an OEM.
+- **OEMModelSystemVersion**  The system model version set on the device by the OEM.
+- **OEMOptionalIdentifier**  A Microsoft assigned value that represents a specific OEM subsidiary.
+- **OEMSerialNumber**  The serial number of the device that is set by the manufacturer.
+- **PhoneManufacturer**  The friendly name of the phone manufacturer.
+- **PowerPlatformRole**  The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
+- **SoCName**  The firmware manufacturer of the device.
+- **StudyID**  Used to identify retail and non-retail device.
+- **TelemetryLevel**  The telemetry level the user has opted into, such as Basic or Enhanced.
+- **TelemetryLevelLimitEnhanced**  The telemetry level for Windows Analytics-based solutions.
+- **TelemetrySettingAuthority**  Determines who set the telemetry level, such as GP, MDM, or the user.
+- **TPMManufacturerId**  The ID of the TPM manufacturer.
+- **TPMManufacturerVersion**  The version of the TPM manufacturer.
+- **TPMVersion**  The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
+- **VoiceSupported**  Does the device have a cellular radio capable of making voice calls?
+
+
+### Census.Memory
+
+This event sends data about the memory on the device, including ROM and RAM, to help keep Windows up to date.
+
+The following fields are available:
+
+- **TotalPhysicalRAM**  Represents the physical memory (in MB).
+- **TotalVisibleMemory**  Represents the memory that is not reserved by the system.
+
+
+### Census.Network
+
+This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors), to help keep Windows up to date.
+
+The following fields are available:
+
+- **IMEI0**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **IMEI1**  Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **MCC0**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MCC1**  Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MEID**  Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
+- **MNC0**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MNC1**  Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MobileOperatorBilling**  Represents the telephone company that provides services for mobile phone users.
+- **MobileOperatorCommercialized**  Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
+- **MobileOperatorNetwork0**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **MobileOperatorNetwork1**  Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **NetworkAdapterGUID**  The GUID of the primary network adapter.
+- **NetworkCost**  Represents the network cost associated with a connection.
+- **SPN0**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SPN1**  Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+
+
+### Census.OS
+
+This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActivationChannel**  Retrieves the retail license key or Volume license key for a machine.
+- **AssignedAccessStatus**  Kiosk configuration mode.
+- **CompactOS**  Indicates if the Compact OS feature from Win10 is enabled.
+- **DeveloperUnlockStatus**  Represents if a device has been developer unlocked by the user or Group Policy.
+- **DeviceTimeZone**  The time zone that is set on the device. Example: Pacific Standard Time
+- **GenuineState**  Retrieves the ID Value specifying the OS Genuine check.
+- **InstallationType**  Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
+- **InstallLanguage**  The first language installed on the user machine.
+- **IsDeviceRetailDemo**  Retrieves if the device is running in demo mode.
+- **IsEduData**  Returns Boolean if the education data policy is enabled.
+- **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
+- **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
+- **LanguagePacks**  The list of language packages installed on the device.
+- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
+- **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
+- **OSEdition**  Retrieves the version of the current OS.
+- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
+- **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
+- **OSSKU**  Retrieves the Friendly Name of OS Edition.
+- **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
+- **OSSubscriptionTypeId**  Returns boolean for enterprise subscription feature for selected PRO machines.
+- **OSTimeZoneBiasInMins**  Retrieves the time zone set on machine.
+- **OSUILocale**  Retrieves the locale of the UI that is currently used by the OS.
+- **ProductActivationResult**  Returns Boolean if the OS Activation was successful.
+- **ProductActivationTime**  Returns the OS Activation time for tracking piracy issues.
+- **ProductKeyID2**  Retrieves the License key if the machine is updated with a new license key.
+- **RACw7Id**  Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
+- **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
+- **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
+- **ServiceProductKeyID**  Retrieves the License key of the KMS
+- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
+- **SLICStatus**  Whether a SLIC table exists on the device.
+- **SLICVersion**  Returns OS type/version from SLIC table.
+
+
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values:  -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity**  Current state of the activity history setting.
+- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection**  Current state of the activity history collection setting.
+- **AdvertisingId**  Current state of the advertising ID setting.
+- **AppDiagnostics**  Current state of the app diagnostics setting.
+- **Appointments**  Current state of the calendar setting.
+- **AppointmentsSystem**  Current state of the calendar setting.
+- **Bluetooth**  Current state of the Bluetooth capability setting.
+- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess**  Current state of the broad file system access setting.
+- **CellularData**  Current state of the cellular data capability setting.
+- **Chat**  Current state of the chat setting.
+- **ChatSystem**  Current state of the chat setting.
+- **Contacts**  Current state of the contacts setting.
+- **ContactsSystem**  Current state of the Contacts setting.
+- **DocumentsLibrary**  Current state of the documents library setting.
+- **Email**  Current state of the email setting.
+- **EmailSystem**  Current state of the email setting.
+- **FindMyDevice**  Current state of the "find my device" setting.
+- **GazeInput**  Current state of the gaze input setting.
+- **HumanInterfaceDevice**  Current state of the human interface device setting.
+- **InkTypeImprovement**  Current state of the improve inking and typing setting.
+- **Location**  Current state of the location setting.
+- **LocationHistory**  Current state of the location history setting.
+- **LocationHistoryCloudSync**  Current state of the location history cloud sync setting.
+- **LocationHistoryOnTimeline**  Current state of the location history on timeline setting.
+- **Microphone**  Current state of the microphone setting.
+- **PhoneCall**  Current state of the phone call setting.
+- **PhoneCallHistory**  Current state of the call history setting.
+- **PhoneCallHistorySystem**  Current state of the call history setting.
+- **PicturesLibrary**  Current state of the pictures library setting.
+- **Radios**  Current state of the radios setting.
+- **SensorsCustom**  Current state of the custom sensor setting.
+- **SerialCommunication**  Current state of the serial communication setting.
+- **Sms**  Current state of the text messaging setting.
+- **SpeechPersonalization**  Current state of the speech services setting.
+- **USB**  Current state of the USB setting.
+- **UserAccountInformation**  Current state of the account information setting.
+- **UserDataTasks**  Current state of the tasks setting.
+- **UserDataTasksSystem**  Current state of the tasks setting.
+- **UserNotificationListener**  Current state of the notifications setting.
+- **VideosLibrary**  Current state of the videos library setting.
+- **Webcam**  Current state of the camera setting.
+- **WiFiDirect**  Current state of the Wi-Fi direct setting.
+
+
+### Census.Processor
+
+This event sends data about the processor to help keep Windows up to date.
+
+The following fields are available:
+
+- **KvaShadow**  This is the micro code information of the processor.
+- **MMSettingOverride**  Microcode setting of the processor.
+- **MMSettingOverrideMask**  Microcode setting override of the processor.
+- **PreviousUpdateRevision**  Previous microcode revision
+- **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system.
+- **ProcessorClockSpeed**  Clock speed of the processor in MHz.
+- **ProcessorCores**  Number of logical cores in the processor.
+- **ProcessorIdentifier**  Processor Identifier of a manufacturer.
+- **ProcessorManufacturer**  Name of the processor manufacturer.
+- **ProcessorModel**  Name of the processor model.
+- **ProcessorPhysicalCores**  Number of physical cores in the processor.
+- **ProcessorUpdateRevision**  The microcode revision.
+- **ProcessorUpdateStatus**  Enum value that represents the processor microcode load status
+- **SocketCount**  Count of CPU sockets.
+- **SpeculationControl**  If the system has enabled protections needed to validate the speculation control vulnerability.
+
+
+### Census.Security
+
+This event provides information on about security settings used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AvailableSecurityProperties**  This field helps to enumerate and report state on the relevant security properties for Device Guard.
+- **CGRunning**  Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
+- **DGState**  This field summarizes the Device Guard state.
+- **HVCIRunning**  Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
+- **IsSawGuest**  Indicates whether the device is running as a Secure Admin Workstation Guest.
+- **IsSawHost**  Indicates whether the device is running as a Secure Admin Workstation Host.
+- **RequiredSecurityProperties**  Describes the required security properties to enable virtualization-based security.
+- **SecureBootCapable**  Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
+- **SModeState**  The Windows S mode trail state.
+- **VBSState**  Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation.  VBS has a tri-state that can be Disabled, Enabled, or Running.
+
+
+### Census.Speech
+
+This event is used to gather basic speech settings on the device.
+
+The following fields are available:
+
+- **AboveLockEnabled**  Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization**  Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled**  Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote**  Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KeyVer**  Version information for the census speech event.
+- **KWSEnabled**  Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization**  Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged**  Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled**  Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled**  Windows setting that represents whether a user is opted-in for speech services on the device.
+- **SpeechServicesValueSource**  Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference.
+
+
+### Census.Storage
+
+This event sends data about the total capacity of the system volume and primary disk, to help keep Windows up to date.
+
+The following fields are available:
+
+- **PrimaryDiskTotalCapacity**  Retrieves the amount of disk space on the primary disk of the device in MB.
+- **PrimaryDiskType**  Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
+- **StorageReservePassedPolicy**  Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device.
+- **SystemVolumeTotalCapacity**  Retrieves the size of the partition that the System volume is installed on in MB.
+
+
+### Census.Userdefault
+
+This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CalendarType**  The calendar identifiers that are used to specify different calendars.
+- **DefaultApp**  The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
+- **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
+- **LongDateFormat**  The long date format the user has selected.
+- **ShortDateFormat**  The short date format the user has selected.
+
+
+### Census.UserDisplay
+
+This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalPrimaryDisplayLogicalDPIX**  Retrieves the logical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayLogicalDPIY**  Retrieves the logical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIX**  Retrieves the physical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIY**  Retrieves the physical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayResolutionHorizontal**  Retrieves the number of pixels in the horizontal direction of the internal display.
+- **InternalPrimaryDisplayResolutionVertical**  Retrieves the number of pixels in the vertical direction of the internal display.
+- **InternalPrimaryDisplaySizePhysicalH**  Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
+- **InternalPrimaryDisplaySizePhysicalY**  Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
+- **NumberofExternalDisplays**  Retrieves the number of external displays connected to the machine
+- **NumberofInternalDisplays**  Retrieves the number of internal displays in a machine.
+- **VRAMDedicated**  Retrieves the video RAM in MB.
+- **VRAMDedicatedSystem**  Retrieves the amount of memory on the dedicated video card.
+- **VRAMSharedSystem**  Retrieves the amount of RAM memory that the video card can use.
+
+
+### Census.UserNLS
+
+This event sends data about the default app language, input, and display language preferences set by the user, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DefaultAppLanguage**  The current user Default App Language.
+- **DisplayLanguage**  The current user preferred Windows Display Language.
+- **HomeLocation**  The current user location, which is populated using GetUserGeoId() function.
+- **KeyboardInputLanguages**  The Keyboard input languages installed on the device.
+- **SpeechInputLanguages**  The Speech Input languages installed on the device.
+
+
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity**  Current state of the activity history setting.
+- **ActivityHistoryCloudSync**  Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection**  Current state of the activity history collection setting.
+- **AdvertisingId**  Current state of the advertising ID setting.
+- **AppDiagnostics**  Current state of the app diagnostics setting.
+- **Appointments**  Current state of the calendar setting.
+- **AppointmentsSystem**  Current state of the calendar setting.
+- **Bluetooth**  Current state of the Bluetooth capability setting.
+- **BluetoothSync**  Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess**  Current state of the broad file system access setting.
+- **CellularData**  Current state of the cellular data capability setting.
+- **Chat**  Current state of the chat setting.
+- **ChatSystem**  Current state of the chat setting.
+- **Contacts**  Current state of the contacts setting.
+- **ContactsSystem**  Current state of the Contacts setting.
+- **DocumentsLibrary**  Current state of the documents library setting.
+- **Email**  Current state of the email setting.
+- **EmailSystem**  Current state of the email setting.
+- **GazeInput**  Current state of the gaze input setting.
+- **HumanInterfaceDevice**  Current state of the human interface device setting.
+- **InkTypeImprovement**  Current state of the improve inking and typing setting.
+- **InkTypePersonalization**  Current state of the inking and typing personalization setting.
+- **Location**  Current state of the location setting.
+- **LocationHistory**  Current state of the location history setting.
+- **LocationHistoryCloudSync**  Current state of the location history cloud sync setting.
+- **LocationHistoryOnTimeline**  Current state of the location history on timeline setting.
+- **Microphone**  Current state of the microphone setting.
+- **PhoneCall**  Current state of the phone call setting.
+- **PhoneCallHistory**  Current state of the call history setting.
+- **PhoneCallHistorySystem**  Current state of the call history setting.
+- **PicturesLibrary**  Current state of the pictures library setting.
+- **Radios**  Current state of the radios setting.
+- **SensorsCustom**  Current state of the custom sensor setting.
+- **SerialCommunication**  Current state of the serial communication setting.
+- **Sms**  Current state of the text messaging setting.
+- **SpeechPersonalization**  Current state of the speech services setting.
+- **USB**  Current state of the USB setting.
+- **UserAccountInformation**  Current state of the account information setting.
+- **UserDataTasks**  Current state of the tasks setting.
+- **UserDataTasksSystem**  Current state of the tasks setting.
+- **UserNotificationListener**  Current state of the notifications setting.
+- **VideosLibrary**  Current state of the videos library setting.
+- **Webcam**  Current state of the camera setting.
+- **WiFiDirect**  Current state of the Wi-Fi direct setting.
+
+
+### Census.VM
+
+This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CloudService**  Indicates which cloud service, if any, that this virtual machine is running within.
+- **HyperVisor**  Retrieves whether the current OS is running on top of a Hypervisor.
+- **IOMMUPresent**  Represents if an input/output memory management unit (IOMMU) is present.
+- **IsVDI**  Is the device using Virtual Desktop Infrastructure?
+- **IsVirtualDevice**  Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
+- **SLATSupported**  Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
+- **VirtualizationFirmwareEnabled**  Represents whether virtualization is enabled in the firmware.
+
+
+### Census.WU
+
+This event sends data about the Windows update server and other App store policies, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserGatedStatus**  Indicates whether a device has been gated for upgrading.
+- **AppStoreAutoUpdate**  Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
+- **AppStoreAutoUpdateMDM**  Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
+- **AppStoreAutoUpdatePolicy**  Retrieves the Microsoft Store App Auto Update group policy setting
+- **DelayUpgrade**  Retrieves the Windows upgrade flag for delaying upgrades.
+- **OSAssessmentFeatureOutOfDate**  How many days has it been since a the last feature update was released but the device did not install it?
+- **OSAssessmentForFeatureUpdate**  Is the device is on the latest feature update?
+- **OSAssessmentForQualityUpdate**  Is the device on the latest quality update?
+- **OSAssessmentForSecurityUpdate**  Is the device  on the latest security update?
+- **OSAssessmentQualityOutOfDate**  How many days has it been since a the last quality update was released but the device did not install it?
+- **OSAssessmentReleaseInfoTime**  The freshness of release information used to perform an assessment.
+- **OSRollbackCount**  The number of times feature updates have rolled back on the device.
+- **OSRolledBack**  A flag that represents when a feature update has rolled back during setup.
+- **OSUninstalled**  A flag that represents when a feature update is uninstalled on a device .
+- **OSWUAutoUpdateOptions**  Retrieves the auto update settings on the device.
+- **OSWUAutoUpdateOptionsSource**  The source of auto update setting that appears in the OSWUAutoUpdateOptions field.  For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
+- **UninstallActive**  A flag that represents when a device has uninstalled a previous upgrade recently.
+- **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
+- **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
+- **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
+- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network.
+- **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
+- **WUPauseState**  Retrieves WU setting to determine if updates are paused.
+- **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
+
+
+## Common data extensions
+
+### Common Data Extensions.app
+
+Describes the properties of the running application. This extension could be populated by a client app or a web app.
+
+The following fields are available:
+
+- **asId**  An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
+- **env**  The environment from which the event was logged.
+- **expId**  Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
+- **id**  Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
+- **locale**  The locale of the app.
+- **name**  The name of the app.
+- **userId**  The userID as known by the application.
+- **ver**  Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
+
+
+### Common Data Extensions.container
+
+Describes the properties of the container for events logged within a container.
+
+The following fields are available:
+
+- **epoch**  An ID that's incremented for each SDK initialization.
+- **localId**  The device ID as known by the client.
+- **osVer**  The operating system version.
+- **seq**  An ID that's incremented for each event.
+- **type**  The container type. Examples: Process or VMHost
+
+
+### Common Data Extensions.device
+
+Describes the device-related fields.
+
+The following fields are available:
+
+- **deviceClass**  The device classification. For example, Desktop, Server, or Mobile.
+- **localId**  A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
+- **make**  Device manufacturer.
+- **model**  Device model.
+
+
+### Common Data Extensions.Envelope
+
+Represents an envelope that contains all of the common data extensions.
+
+The following fields are available:
+
+- **data**  Represents the optional unique diagnostic data for a particular event schema.
+- **ext_app**  Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
+- **ext_container**  Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
+- **ext_device**  Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
+- **ext_mscv**  Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv).
+- **ext_os**  Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
+- **ext_sdk**  Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
+- **ext_user**  Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
+- **ext_utc**  Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
+- **ext_xbl**  Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
+- **iKey**  Represents an ID for applications or other logical groupings of events.
+- **name**  Represents the uniquely qualified name for the event.
+- **time**  Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
+- **ver**  Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.mscv
+
+Describes the correlation vector-related fields.
+
+The following fields are available:
+
+- **cV**  Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries.
+
+
+### Common Data Extensions.os
+
+Describes some properties of the operating system.
+
+The following fields are available:
+
+- **bootId**  An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
+- **expId**  Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
+- **locale**  Represents the locale of the operating system.
+- **name**  Represents the operating system name.
+- **ver**  Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.sdk
+
+Used by platform specific libraries to record fields that are required for a specific SDK.
+
+The following fields are available:
+
+- **epoch**  An ID that is incremented for each SDK initialization.
+- **installId**  An ID that's created during the initialization of the SDK for the first time.
+- **libVer**  The SDK version.
+- **seq**  An ID that is incremented for each event.
+- **ver**  The version of the logging SDK.
+
+
+### Common Data Extensions.user
+
+Describes the fields related to a user.
+
+The following fields are available:
+
+- **authId**  This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
+- **locale**  The language and region.
+- **localId**  Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
+
+
+### Common Data Extensions.utc
+
+Describes the properties that could be populated by a logging library on Windows.
+
+The following fields are available:
+
+- **aId**  Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
+- **bSeq**  Upload buffer sequence number in the format: buffer identifier:sequence number
+- **cat**  Represents a bitmask of the ETW Keywords associated with the event.
+- **cpId**  The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
+- **epoch**  Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **eventFlags**  Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
+- **flags**  Represents the bitmap that captures various Windows specific flags.
+- **loggingBinary**  The binary (executable, library, driver, etc.) that fired the event.
+- **mon**  Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
+- **op**  Represents the ETW Op Code.
+- **pgName**  The short form of the provider group name associated with the event.
+- **popSample**  Represents the effective sample rate for this event at the time it was generated by a client.
+- **providerGuid**  The ETW provider ID associated with the provider name.
+- **raId**  Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
+- **seq**  Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **stId**  Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
+- **wcmp**  The Windows Shell Composer ID.
+- **wPId**  The Windows Core OS product ID.
+- **wsId**  The Windows Core OS session ID.
+
+
+### Common Data Extensions.xbl
+
+Describes the fields that are related to XBOX Live.
+
+The following fields are available:
+
+- **claims**  Any additional claims whose short claim name hasn't been added to this structure.
+- **did**  XBOX device ID
+- **dty**  XBOX device type
+- **dvr**  The version of the operating system on the device.
+- **eid**  A unique ID that represents the developer entity.
+- **exp**  Expiration time
+- **ip**  The IP address of the client device.
+- **nbf**  Not before time
+- **pid**  A comma separated list of PUIDs listed as base10 numbers.
+- **sbx**  XBOX sandbox identifier
+- **sid**  The service instance ID.
+- **sty**  The service type.
+- **tid**  The XBOX Live title ID.
+- **tvr**  The XBOX Live title version.
+- **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
+- **xid**  A list of base10-encoded XBOX User IDs.
+
+
+## Common data fields
+
+### Ms.Device.DeviceInventoryChange
+
+Describes the installation state for all hardware and software components available on a particular device.
+
+The following fields are available:
+
+- **action**  The change that was invoked on a device inventory object.
+- **inventoryId**  Device ID used for Compatibility testing
+- **objectInstanceId**  Object identity which is unique within the device scope.
+- **objectType**  Indicates the object type that the event applies to.
+- **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
+
+## Component-based servicing events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update.
+
+The following fields are available:
+
+- **architecture**  Indicates the scan was limited to the specified architecture.
+- **capabilityCount**  The number of optional content packages found during the scan.
+- **clientId**  The name of the application requesting the optional content.
+- **duration**  The amount of time it took to complete the scan.
+- **hrStatus**  The HReturn code of the scan.
+- **language**  Indicates the scan was limited to the specified language.
+- **majorVersion**  Indicates the scan was limited to the specified major version.
+- **minorVersion**  Indicates the scan was limited to the specified minor version.
+- **namespace**  Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter**  A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild**  The build number of the servicing stack.
+- **stackMajorVersion**  The major version number of the servicing stack.
+- **stackMinorVersion**  The minor version number of the servicing stack.
+- **stackRevision**  The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update.
+
+The following fields are available:
+
+- **capabilities**  The names of the optional content packages that were installed.
+- **clientId**  The name of the application requesting the optional content.
+- **currentID**  The ID of the current install session.
+- **downloadSource**  The source of the download.
+- **highestState**  The highest final install state of the optional content.
+- **hrLCUReservicingStatus**  Indicates whether the optional content was updated to the latest available version.
+- **hrStatus**  The HReturn code of the install operation.
+- **rebootCount**  The number of reboots required to complete the install.
+- **retryID**  The session ID that will be used to retry a failed operation.
+- **retryStatus**  Indicates whether the install will be retried in the event of failure.
+- **stackBuild**  The build number of the servicing stack.
+- **stackMajorVersion**  The major version number of the servicing stack.
+- **stackMinorVersion**  The minor version number of the servicing stack.
+- **stackRevision**  The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId**  The name of the application requesting the optional content.
+- **pendingDecision**  Indicates the cause of reboot, if applicable.
+
+
+### CbsServicingProvider.CbsQualityUpdateInstall
+
+This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion**  The build version number of the update package.
+- **clientId**  The name of the application requesting the optional content.
+- **corruptionHistoryFlags**  A bitmask of the types of component store corruption that have caused update failures on the device.
+- **corruptionType**  An enumeration listing the type of data corruption responsible for the current update failure.
+- **currentStateEnd**  The final state of the package after the operation has completed.
+- **doqTimeSeconds**  The time in seconds spent updating drivers.
+- **executeTimeSeconds**  The number of seconds required to execute the install.
+- **failureDetails**  The driver or installer that caused the update to fail.
+- **failureSourceEnd**  An enumeration indicating at what phase of the update a failure occurred.
+- **hrStatusEnd**  The return code of the install operation.
+- **initiatedOffline**  A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
+- **majorVersion**  The major version number of the update package.
+- **minorVersion**  The minor version number of the update package.
+- **originalState**  The starting state of the package.
+- **overallTimeSeconds**  The time (in seconds) to perform the overall servicing operation.
+- **planTimeSeconds**  The time in seconds required to plan the update operations.
+- **poqTimeSeconds**  The time in seconds processing file and registry operations.
+- **postRebootTimeSeconds**  The time (in seconds) to do startup processing for the update.
+- **preRebootTimeSeconds**  The time (in seconds) between execution of the installation and the reboot.
+- **primitiveExecutionContext**  An enumeration indicating at what phase of shutdown or startup the update was installed.
+- **rebootCount**  The number of reboots required to install the update.
+- **rebootTimeSeconds**  The time (in seconds) before startup processing begins for the update.
+- **resolveTimeSeconds**  The time in seconds required to resolve the packages that are part of the update.
+- **revisionVersion**  The revision version number of the update package.
+- **rptTimeSeconds**  The time in seconds spent executing installer plugins.
+- **shutdownTimeSeconds**  The time (in seconds) required to do shutdown processing for the update.
+- **stackRevision**  The revision number of the servicing stack.
+- **stageTimeSeconds**  The time (in seconds) required to stage all files that are part of the update.
+
+
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState**  Indicates the highest applicable state of the optional content.
+- **buildVersion**  The build version of the package being installed.
+- **clientId**  The name of the application requesting the optional content change.
+- **downloadSource**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds**  Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID**  A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence**  A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence**  The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID**  A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult**  The return code of the download operation.
+- **hrStatusUpdate**  The return code of the servicing operation.
+- **identityHash**  A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline**  Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion**  The major version of the package being installed.
+- **minorVersion**  The minor version of the package being installed.
+- **packageArchitecture**  The architecture of the package being installed.
+- **packageLanguage**  The language of the package being installed.
+- **packageName**  The name of the package being installed.
+- **rebootRequired**  Indicates whether a reboot is required to complete the operation.
+- **revisionVersion**  The revision number of the package being installed.
+- **stackBuild**  The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion**  The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion**  The minor version number of the servicing stack binary performing the installation.
+- **stackRevision**  The revision number of the servicing stack binary performing the installation.
+- **updateName**  The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState**  A value indicating the state of the optional content before the operation started.
+- **updateTargetState**  A value indicating the desired state of the optional content.
+
+
+## Diagnostic data events
+
+### TelClientSynthetic.AbnormalShutdown_0
+
+This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AbnormalShutdownBootId**  BootId of the abnormal shutdown being reported by this event.
+- **AbsCausedbyAutoChk**  This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
+- **AcDcStateAtLastShutdown**  Identifies if the device was on battery or plugged in.
+- **BatteryLevelAtLastShutdown**  The last recorded battery level.
+- **BatteryPercentageAtLastShutdown**  The battery percentage at the last shutdown.
+- **CrashDumpEnabled**  Are crash dumps enabled?
+- **CumulativeCrashCount**  Cumulative count of operating system crashes since the BootId reset.
+- **CurrentBootId**  BootId at the time the abnormal shutdown event was being reported.
+- **Firmwaredata->ResetReasonEmbeddedController**  The reset reason that was supplied by the firmware.
+- **Firmwaredata->ResetReasonEmbeddedControllerAdditional**  Additional data related to reset reason provided by the firmware.
+- **Firmwaredata->ResetReasonPch**  The reset reason that was supplied by the hardware.
+- **Firmwaredata->ResetReasonPchAdditional**  Additional data related to the reset reason supplied by the hardware.
+- **Firmwaredata->ResetReasonSupplied**  Indicates whether the firmware supplied any reset reason or not.
+- **FirmwareType**  ID of the FirmwareType as enumerated in DimFirmwareType.
+- **HardwareWatchdogTimerGeneratedLastReset**  Indicates whether the hardware watchdog timer caused the last reset.
+- **HardwareWatchdogTimerPresent**  Indicates whether hardware watchdog timer was present or not.
+- **InvalidBootStat**  This is a sanity check flag that ensures the validity of the bootstat file.
+- **LastBugCheckBootId**  bootId of the last captured crash.
+- **LastBugCheckCode**  Code that indicates the type of error.
+- **LastBugCheckContextFlags**  Additional crash dump settings.
+- **LastBugCheckOriginalDumpType**  The type of crash dump the system intended to save.
+- **LastBugCheckOtherSettings**  Other crash dump settings.
+- **LastBugCheckParameter1**  The first parameter with additional info on the type of the error.
+- **LastBugCheckProgress**  Progress towards writing out the last crash dump.
+- **LastBugCheckVersion**  The version of the information struct written during the crash.
+- **LastSuccessfullyShutdownBootId**  BootId of the last fully successful shutdown.
+- **LongPowerButtonPressDetected**  Identifies if the user was pressing and holding power button.
+- **OOBEInProgress**  Identifies if OOBE is running.
+- **OSSetupInProgress**  Identifies if the operating system setup is running.
+- **PowerButtonCumulativePressCount**  How many times has the power button been pressed?
+- **PowerButtonCumulativeReleaseCount**  How many times has the power button been released?
+- **PowerButtonErrorCount**  Indicates the number of times there was an error attempting to record power button metrics.
+- **PowerButtonLastPressBootId**  BootId of the last time the power button was pressed.
+- **PowerButtonLastPressTime**  Date and time of the last time the power button was pressed.
+- **PowerButtonLastReleaseBootId**  BootId of the last time the power button was released.
+- **PowerButtonLastReleaseTime**  Date and time of the last time the power button was released.
+- **PowerButtonPressCurrentCsPhase**  Represents the phase of Connected Standby exit when the power button was pressed.
+- **PowerButtonPressIsShutdownInProgress**  Indicates whether a system shutdown was in progress at the last time the power button was pressed.
+- **PowerButtonPressLastPowerWatchdogStage**  Progress while the monitor is being turned on.
+- **PowerButtonPressPowerWatchdogArmed**  Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
+- **RegKeyLastShutdownBootId**  The last recorded boot ID.
+- **ShutdownDeviceType**  Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
+- **SleepCheckpoint**  Provides the last checkpoint when there is a failure during a sleep transition.
+- **SleepCheckpointSource**  Indicates whether the source is the EFI variable or bootstat file.
+- **SleepCheckpointStatus**  Indicates whether the checkpoint information is valid.
+- **StaleBootStatData**  Identifies if the data from bootstat is stale.
+- **TransitionInfoBootId**  BootId of the captured transition info.
+- **TransitionInfoCSCount**  l number of times the system transitioned from Connected Standby mode.
+- **TransitionInfoCSEntryReason**  Indicates the reason the device last entered Connected Standby mode.
+- **TransitionInfoCSExitReason**  Indicates the reason the device last exited Connected Standby mode.
+- **TransitionInfoCSInProgress**  At the time the last marker was saved, the system was in or entering Connected Standby mode.
+- **TransitionInfoLastReferenceTimeChecksum**  The checksum of TransitionInfoLastReferenceTimestamp,
+- **TransitionInfoLastReferenceTimestamp**  The date and time that the marker was last saved.
+- **TransitionInfoLidState**  Describes the state of the laptop lid.
+- **TransitionInfoPowerButtonTimestamp**  The date and time of the last time the power button was pressed.
+- **TransitionInfoSleepInProgress**  At the time the last marker was saved, the system was in or entering sleep mode.
+- **TransitionInfoSleepTranstionsToOn**  Total number of times the device transitioned from sleep mode.
+- **TransitionInfoSystemRunning**  At the time the last marker was saved, the device was running.
+- **TransitionInfoSystemShutdownInProgress**  Indicates whether a device shutdown was in progress when the power button was pressed.
+- **TransitionInfoUserShutdownInProgress**  Indicates whether a user shutdown was in progress when the power button was pressed.
+- **TransitionLatestCheckpointId**  Represents a unique identifier for a checkpoint during the device state transition.
+- **TransitionLatestCheckpointSeqNumber**  Represents the chronological sequence number of the checkpoint.
+- **TransitionLatestCheckpointType**  Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
+- **VirtualMachineId**  If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
+
+
+### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
+
+This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
+- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
+- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
+- **PreviousPermissions**  Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.AuthorizationInfo_Startup
+
+Fired by UTC at startup to signal what data we are allowed to collect.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry**  True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry**  True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectCoreTelemetry**  True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry**  True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents**  True if we can collect Windows Analytics data, false otherwise.
+- **CanPerformDiagnosticEscalations**  True if we can perform diagnostic escalation collection, false otherwise.
+- **CanPerformTraceEscalations**  True if we can perform trace escalation collection, false otherwise.
+- **CanReportScenarios**  True if we can report scenario completions, false otherwise.
+- **PreviousPermissions**  Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff**  True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.ConnectivityHeartBeat_0
+
+This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
+
+The following fields are available:
+
+- **CensusExitCode**  Returns last execution codes from census client run.
+- **CensusStartTime**  Returns timestamp corresponding to last successful census run.
+- **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
+- **LastConnectivityLossTime**  Retrieves the last time the device lost free network.
+- **NetworkState**  Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
+- **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
+- **RestrictedNetworkTime**  Retrieves the time spent on a metered (cost restricted) network in seconds.
+
+
+### TelClientSynthetic.EventMonitor_0
+
+This event provides statistics for specific diagnostic events.
+
+The following fields are available:
+
+- **ConsumerCount**  The number of instances seen in the Event Tracing for Windows consumer.
+- **EventName**  The name of the event being monitored.
+- **EventSnFirst**  The expected first event serial number.
+- **EventSnLast**  The expected last event serial number.
+- **EventStoreCount**  The number of events reaching the event store.
+- **MonitorSn**  The serial number of the monitor.
+- **TriggerCount**  The number of events reaching the trigger buffer.
+- **UploadedCount**  The number of events uploaded.
+
+
+### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0
+
+This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions.
+
+The following fields are available:
+
+- **FilePath**  The unexpanded path in the scenario XML.
+- **FilePathExpanded**  The file path, with environment variables expanded.
+- **FilePathExpandedScenario**  The file path, with property identifiers and environment variables expanded.
+- **ScenarioId**  The globally unique identifier (GUID) of the scenario.
+- **ScenarioInstanceId**  The error code denoting which path failed (internal or external).
+
+
+### TelClientSynthetic.HeartBeat_5
+
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+
+The following fields are available:
+
+- **AgentConnectionErrorsCount**  Number of non-timeout errors associated with the host/agent channel.
+- **CensusExitCode**  The last exit code of the Census task.
+- **CensusStartTime**  Time of last Census run.
+- **CensusTaskEnabled**  True if Census is enabled, false otherwise.
+- **CompressedBytesUploaded**  Number of compressed bytes uploaded.
+- **ConsumerDroppedCount**  Number of events dropped at consumer layer of telemetry client.
+- **CriticalDataDbDroppedCount**  Number of critical data sampled events dropped at the database layer.
+- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events that were dropped because of throttling.
+- **CriticalOverflowEntersCounter**  Number of times critical overflow mode was entered in event DB.
+- **DbCriticalDroppedCount**  Total number of dropped critical events in event DB.
+- **DbDroppedCount**  Number of events dropped due to DB fullness.
+- **DbDroppedFailureCount**  Number of events dropped due to DB failures.
+- **DbDroppedFullCount**  Number of events dropped due to DB fullness.
+- **DecodingDroppedCount**  Number of events dropped due to decoding failures.
+- **EnteringCriticalOverflowDroppedCounter**  Number of events dropped due to critical overflow mode being initiated.
+- **EtwDroppedBufferCount**  Number of buffers dropped in the UTC ETW session.
+- **EtwDroppedCount**  Number of events dropped at ETW layer of telemetry client.
+- **EventsPersistedCount**  Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter**  Number of times event DB was reset for the lifetime of UTC.
+- **EventStoreResetCounter**  Number of times event DB was reset.
+- **EventStoreResetSizeSum**  Total size of event DB across all resets reports in this instance.
+- **EventsUploaded**  Number of events uploaded.
+- **Flags**  Flags indicating device state such as network state, battery state, and opt-in state.
+- **FullTriggerBufferDroppedCount**  Number of events dropped due to trigger buffer being full.
+- **HeartBeatSequenceNumber**  The sequence number of this heartbeat.
+- **InvalidHttpCodeCount**  Number of invalid HTTP codes received from contacting Vortex.
+- **LastAgentConnectionError**  Last non-timeout error encountered in the host/agent channel.
+- **LastEventSizeOffender**  Event name of last event which exceeded max event size.
+- **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
+- **MaxActiveAgentConnectionCount**  The maximum number of active agents during this heartbeat timeframe.
+- **MaxInUseScenarioCounter**  Soft maximum number of scenarios loaded by UTC.
+- **PreviousHeartBeatTime**  Time of last heartbeat event (allows chaining of events).
+- **PrivacyBlockedCount**  The number of events blocked due to privacy settings or tags.
+- **RepeatedUploadFailureDropped**  Number of events lost due to repeated upload failures for a single buffer.
+- **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures**  The number of failures from contacting the OneSettings service.
+- **ThrottledDroppedCount**  Number of events dropped due to throttling of noisy providers.
+- **TopUploaderErrors**  List of top errors received from the upload endpoint.
+- **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
+- **UploaderErrorCount**  Number of errors received from the upload endpoint.
+- **VortexFailuresTimeout**  The number of timeout failures received from Vortex.
+- **VortexHttpAttempts**  Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures**  Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents**  Number of Vortex responses containing at least 1 dropped event.
+
+
+### TelClientSynthetic.HeartBeat_Agent_5
+
+This event sends data about the health and quality of the diagnostic data from the specified device (agent), to help keep Windows up to date.
+
+The following fields are available:
+
+- **ConsumerDroppedCount**  The number of events dropped at the consumer layer of the diagnostic data collection client.
+- **ContainerBufferFullDropCount**  The number of events dropped due to the container buffer being full.
+- **ContainerBufferFullSevilleDropCount**  The number of “Seville” events dropped due to the container buffer being full.
+- **CriticalDataThrottleDroppedCount**  The number of critical data sampled events dropped due to data throttling.
+- **DecodingDroppedCount**  The number of events dropped due to decoding failures.
+- **EtwDroppedBufferCount**  The number of buffers dropped in the ETW (Event Tracing for Windows) session.
+- **EtwDroppedCount**  The number of events dropped at the ETW (Event Tracing for Windows) layer of the diagnostic data collection client on the user’s device.
+- **EventsForwardedToHost**  The number of events forwarded from agent (device) to host (server).
+- **FullTriggerBufferDroppedCount**  The number of events dropped due to the trigger buffer being full.
+- **HeartBeatSequenceNumber**  The heartbeat sequence number associated with this event.
+- **HostConnectionErrorsCount**  The number of non-timeout errors encountered in the host (server)/agent (device) socket transport channel.
+- **HostConnectionTimeoutsCount**  The number of connection timeouts between the host (server) and agent (device).
+- **LastHostConnectionError**  The last error from a connection between host (server) and agent (device).
+- **PreviousHeartBeatTime**  The timestamp of the last heartbeat event.
+- **ThrottledDroppedCount**  The number of events dropped due to throttling of “noisy” providers.
+
+
+### TelClientSynthetic.HeartBeat_DevHealthMon_5
+
+This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up-to-date with the latest security and safety features.
+
+The following fields are available:
+
+- **HeartBeatSequenceNumber**  The heartbeat sequence number associated with this event.
+- **PreviousHeartBeatTime**  The timestamp of the last heartbeat event.
+
+
+### TelClientSynthetic.LifetimeManager_ConsumerBaseTimestampChange_0
+
+This event sends data when the Windows Diagnostic data collection mechanism detects a timestamp adjustment for incoming diagnostic events. This data is critical for dealing with time changes during diagnostic data analysis, to help keep the device up to date.
+
+The following fields are available:
+
+- **NewBaseTime**  The new QPC (Query Performance Counter) base time from ETW (Event Tracing for Windows).
+- **NewSystemTime**  The new system time of the device.
+- **OldSystemTime**  The previous system time of the device.
+
+
+### TelClientSynthetic.MatchEngine_ScenarioCompletionThrottled_0
+
+This event sends data when scenario completion is throttled (truncated or otherwise restricted) because the scenario is excessively large.
+
+The following fields are available:
+
+- **MaxHourlyCompletionsSetting**  The maximum number of scenario completions per hour until throttling kicks in.
+- **ScenarioId**  The globally unique identifier (GUID) of the scenario being throttled.
+- **ScenarioName**  The name of the scenario being throttled.
+
+
+### TelClientSynthetic.OsEvents_BootStatReset_0
+
+This event sends data when the Windows diagnostic data collection mechanism resets the Boot ID. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **BootId**  The current Boot ID.
+- **ResetReason**  The reason code for resetting the Boot ID.
+
+
+### TelClientSynthetic.ProducerThrottled_At_TriggerBuffer_0
+
+This event sends data when a producer is throttled due to the trigger buffer exceeding defined thresholds.
+
+The following fields are available:
+
+- **BufferSize**  The size of the trigger buffer.
+- **DataType**  The type of event that this producer generates (Event Tracing for Windows, Time, Synthetic).
+- **EstSeenCount**  Estimated total number of inputs determining other “Est…” values.
+- **EstTopEvent1Count**  The count for estimated “noisiest” event from this producer.
+- **EstTopEvent1Name**  The name for estimated “noisiest” event from this producer.
+- **EstTopEvent2Count**  The count for estimated second “noisiest” event from this producer.
+- **EstTopEvent2Name**  The name for estimated second “noisiest” event from this producer.
+- **Hit**  The number of events seen from this producer.
+- **IKey**  The IKey identifier of the producer, if available.
+- **ProviderId**  The provider ID of the producer being throttled.
+- **ProviderName**  The provider name of the producer being throttled.
+- **Threshold**  The threshold crossed, which caused the throttling.
+
+
+### TelClientSynthetic.ProducerThrottled_Event_Rate_0
+
+This event sends data when an event producer is throttled by the Windows Diagnostic data collection mechanism. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **EstSeenCount**  Estimated total number of inputs determining other “Est…” values.
+- **EstTopEvent1Count**  The count for estimated “noisiest” event from this producer.
+- **EstTopEvent1Name**  The name for estimated “noisiest” event from this producer.
+- **EstTopEvent2Count**  The count for estimated second “noisiest” event from this producer.
+- **EstTopEvent2Name**  The name for estimated second “noisiest” event from this producer.
+- **EventPerProviderThreshold**  The trigger point for throttling (value for each provider). This value is only applied once EventRateThreshold has been met.
+- **EventRateThreshold**  The total event rate trigger point for throttling.
+- **Hit**  The number of events seen from this producer.
+- **IKey**  The IKey identifier of the producer, if available.
+- **ProviderId**  The provider ID of the producer being throttled.
+- **ProviderName**  The provider name of the producer being throttled.
+
+
+### TelClientSynthetic.RunExeWithArgsAction_ExeTerminated_0
+
+This event sends data when an executable (EXE) file is terminated during escalation because it exceeded its maximum runtime (the maximum amount of time it was expected to run). This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **ExpandedExeName**  The expanded name of the executable (EXE) file.
+- **MaximumRuntimeMs**  The maximum runtime (in milliseconds) for this action.
+- **ScenarioId**  The globally unique identifier (GUID) of the scenario that was terminated.
+- **ScenarioInstanceId**  The globally unique identifier (GUID) of the scenario instance that was terminated.
+
+
+### TelClientSynthetic.RunExeWithArgsAction_ProcessReturnedNonZeroExitCode
+
+This event sends data when the RunExe process finishes during escalation, but returns a non-zero exit code. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **ExitCode**  The exit code of the process
+- **ExpandedExeName**  The expanded name of the executable (EXE) file.
+- **ScenarioId**  The globally unique identifier (GUID) of the escalating scenario.
+- **ScenarioInstanceId**  The globally unique identifier (GUID) of the scenario instance.
+
+
+### TelClientSynthetic.ServiceMain_DevHealthMonEvent
+
+This event is a low latency health alert that is part of the 4Nines device health monitoring feature currently available on Surface Hub devices. For a device that is opted in, this event is sent before shutdown to signal that the device is about to be powered down.
+
+
+
+## Driver installation events
+
+### Microsoft.Windows.DriverInstall.DeviceInstall
+
+This critical event sends information about the driver installation that took place.
+
+The following fields are available:
+
+- **ClassGuid**  The unique ID for the device class.
+- **ClassLowerFilters**  The list of lower filter class drivers.
+- **ClassUpperFilters**  The list of upper filter class drivers.
+- **CoInstallers**  The list of coinstallers.
+- **ConfigFlags**  The device configuration flags.
+- **DeviceConfigured**  Indicates whether this device was configured through the kernel configuration.
+- **DeviceInstanceId**  The unique identifier of the device in the system.
+- **DeviceStack**  The device stack of the driver being installed.
+- **DriverDate**  The date of the driver.
+- **DriverDescription**  A description of the driver function.
+- **DriverInfName**  Name of the INF file (the setup information file) for the driver.
+- **DriverInfSectionName**  Name of the DDInstall section within the driver INF file.
+- **DriverPackageId**  The ID of the driver package that is staged to the driver store.
+- **DriverProvider**  The driver manufacturer or provider.
+- **DriverUpdated**  Indicates whether the driver is replacing an old driver.
+- **DriverVersion**  The version of the driver file.
+- **EndTime**  The time the installation completed.
+- **Error**  Provides the WIN32 error code for the installation.
+- **ExtensionDrivers**  List of extension drivers that complement this installation.
+- **FinishInstallAction**  Indicates whether the co-installer invoked the finish-install action.
+- **FinishInstallUI**  Indicates whether the installation process shows the user interface.
+- **FirmwareDate**  The firmware date that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareRevision**  The firmware revision that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareVersion**  The firmware version that will be stored in the EFI System Resource Table (ESRT).
+- **FirstHardwareId**  The ID in the hardware ID list that provides the most specific device description.
+- **FlightIds**  A list of the different Windows Insider builds on the device.
+- **GenericDriver**  Indicates whether the driver is a generic driver.
+- **Inbox**  Indicates whether the driver package is included with Windows.
+- **InstallDate**  The date the driver was installed.
+- **LastCompatibleId**  The ID in the hardware ID list that provides the least specific device description.
+- **LegacyInstallReasonError**  The error code for the legacy installation.
+- **LowerFilters**  The list of lower filter drivers.
+- **MatchingDeviceId**  The hardware ID or compatible ID that Windows used to install the device instance.
+- **NeedReboot**  Indicates whether the driver requires a reboot.
+- **OriginalDriverInfName**  The original name of the INF file before it was renamed.
+- **ParentDeviceInstanceId**  The device instance ID of the parent of the device.
+- **PendedUntilReboot**  Indicates whether the installation is pending until the device is rebooted.
+- **Problem**  Error code returned by the device after installation.
+- **ProblemStatus**  The status of the device after the driver installation.
+- **SecondaryDevice**  Indicates whether the device is a secondary device.
+- **ServiceName**  The service name of the driver.
+- **SetupMode**  Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed.
+- **StartTime**  The time when the installation started.
+- **SubmissionId**  The driver submission identifier assigned by the Windows Hardware Development Center.
+- **UpperFilters**  The list of upper filter drivers.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceEnd
+
+This event sends data about the driver installation once it is completed.
+
+The following fields are available:
+
+- **DeviceInstanceId**  The unique identifier of the device in the system.
+- **DriverUpdated**  Indicates whether the driver was updated.
+- **Error**  The Win32 error code of the installation.
+- **FlightId**  The ID of the Windows Insider build the device received.
+- **InstallDate**  The date the driver was installed.
+- **InstallFlags**  The driver installation flags.
+- **RebootRequired**  Indicates whether a reboot is required after the installation.
+- **RollbackPossible**  Indicates whether this driver can be rolled back.
+- **WuTargetedHardwareId**  Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update.
+- **WuUntargetedHardwareId**  Indicates that the driver was installed because Windows Update performed a generic driver update for all devices of that hardware class.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceStart
+
+This event sends data about the driver that the new driver installation is replacing.
+
+The following fields are available:
+
+- **DeviceInstanceId**  The unique identifier of the device in the system.
+- **FirstInstallDate**  The first time a driver was installed on this device.
+- **LastDriverDate**  Date of the driver that is being replaced.
+- **LastDriverInbox**  Indicates whether the previous driver was included with Windows.
+- **LastDriverInfName**  Name of the INF file (the setup information file) of the driver being replaced.
+- **LastDriverVersion**  The version of the driver that is being replaced.
+- **LastFirmwareDate**  The date of the last firmware reported from the EFI System Resource Table (ESRT).
+- **LastFirmwareRevision**  The last firmware revision number reported from EFI System Resource Table (ESRT).
+- **LastFirmwareVersion**  The last firmware version reported from the EFI System Resource Table (ESRT).
+- **LastInstallDate**  The date a driver was last installed on this device.
+- **LastMatchingDeviceId**  The hardware ID or compatible ID that Windows last used to install the device instance.
+- **LastProblem**  The previous problem code that was set on the device.
+- **LastProblemStatus**  The previous problem code that was set on the device.
+- **LastSubmissionId**  The driver submission identifier of the driver that is being replaced.
+
+
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue**  The numeric value indicating the type of Graphics adapter.
+- **aiSeqId**  The event sequence ID.
+- **bootId**  The system boot ID.
+- **BrightnessVersionViaDDI**  The version of the Display Brightness Interface.
+- **ComputePreemptionLevel**  The maximum preemption level supported by GPU for compute payload.
+- **DedicatedSystemMemoryB**  The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB**  The amount of dedicated VRAM of the GPU (in bytes).
+- **DisplayAdapterLuid**  The display adapter LUID.
+- **DriverDate**  The date of the display driver.
+- **DriverRank**  The rank of the display driver.
+- **DriverVersion**  The display driver version.
+- **DX10UMDFilePath**  The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath**  The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath**  The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath**  The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **GPUDeviceID**  The GPU device ID.
+- **GPUPreemptionLevel**  The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID**  The GPU revision ID.
+- **GPUVendorID**  The GPU vendor ID.
+- **InterfaceId**  The GPU interface ID.
+- **IsDisplayDevice**  Does the GPU have displaying capabilities?
+- **IsHwSchSupported**  Indicates whether the adapter supports hardware scheduling.
+- **IsHybridDiscrete**  Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated**  Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA**  Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported**  Does the GPU support Miracast?
+- **IsMismatchLDA**  Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported**  Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported**  Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter**  Is this GPU the POST GPU in the device?
+- **IsRemovable**  TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice**  Does the GPU have rendering capabilities?
+- **IsSoftwareDevice**  Is this a software implementation of the GPU?
+- **KMDFilePath**  The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MeasureEnabled**  Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumVidPnSources**  The number of supported display output sources.
+- **NumVidPnTargets**  The number of supported display output targets.
+- **SharedSystemMemoryB**  The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID**  The subsystem ID.
+- **SubVendorID**  The GPU sub vendor ID.
+- **TelemetryEnabled**  Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger**  What triggered this event to be logged?  Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version**  The event version.
+- **WDDMVersion**  The Windows Display Driver Model version.
+
+
+## Failover Clustering events
+
+### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
+
+This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
+
+The following fields are available:
+
+- **autoAssignSite**  The cluster parameter: auto site.
+- **autoBalancerLevel**  The cluster parameter: auto balancer level.
+- **autoBalancerMode**  The cluster parameter: auto balancer mode.
+- **blockCacheSize**  The configured size of the block cache.
+- **ClusterAdConfiguration**  The ad configuration of the cluster.
+- **clusterAdType**  The cluster parameter: mgmt_point_type.
+- **clusterDumpPolicy**  The cluster configured dump policy.
+- **clusterFunctionalLevel**  The current cluster functional level.
+- **clusterGuid**  The unique identifier for the cluster.
+- **clusterWitnessType**  The witness type the cluster is configured for.
+- **countNodesInSite**  The number of nodes in the cluster.
+- **crossSiteDelay**  The cluster parameter: CrossSiteDelay.
+- **crossSiteThreshold**  The cluster parameter: CrossSiteThreshold.
+- **crossSubnetDelay**  The cluster parameter: CrossSubnetDelay.
+- **crossSubnetThreshold**  The cluster parameter: CrossSubnetThreshold.
+- **csvCompatibleFilters**  The cluster parameter: ClusterCsvCompatibleFilters.
+- **csvIncompatibleFilters**  The cluster parameter: ClusterCsvIncompatibleFilters.
+- **csvResourceCount**  The number of resources in the cluster.
+- **currentNodeSite**  The name configured for the current site for the cluster.
+- **dasModeBusType**  The direct storage bus type of the storage spaces.
+- **downLevelNodeCount**  The number of nodes in the cluster that are running down-level.
+- **drainOnShutdown**  Specifies whether a node should be drained when it is shut down.
+- **dynamicQuorumEnabled**  Specifies whether dynamic Quorum has been enabled.
+- **enforcedAntiAffinity**  The cluster parameter: enforced anti affinity.
+- **genAppNames**  The win32 service name of a clustered service.
+- **genSvcNames**  The command line of a clustered genapp.
+- **hangRecoveryAction**  The cluster parameter: hang recovery action.
+- **hangTimeOut**  Specifies the “hang time out” parameter for the cluster.
+- **isCalabria**  Specifies whether storage spaces direct is enabled.
+- **isMixedMode**  Identifies if the cluster is running with different version of OS for nodes.
+- **isRunningDownLevel**  Identifies if the current node is running down-level.
+- **logLevel**  Specifies the granularity that is logged in the cluster log.
+- **logSize**  Specifies the size of the cluster log.
+- **lowerQuorumPriorityNodeId**  The cluster parameter: lower quorum priority node ID.
+- **minNeverPreempt**  The cluster parameter: minimum never preempt.
+- **minPreemptor**  The cluster parameter: minimum preemptor priority.
+- **netftIpsecEnabled**  The parameter: netftIpsecEnabled.
+- **NodeCount**  The number of nodes in the cluster.
+- **nodeId**  The current node number in the cluster.
+- **nodeResourceCounts**  Specifies the number of node resources.
+- **nodeResourceOnlineCounts**  Specifies the number of node resources that are online.
+- **numberOfSites**  The number of different sites.
+- **numNodesInNoSite**  The number of nodes not belonging to a site.
+- **plumbAllCrossSubnetRoutes**  The cluster parameter: plumb all cross subnet routes.
+- **preferredSite**  The preferred site location.
+- **privateCloudWitness**  Specifies whether a private cloud witness exists for this cluster.
+- **quarantineDuration**  The quarantine duration.
+- **quarantineThreshold**  The quarantine threshold.
+- **quorumArbitrationTimeout**  In the event of an arbitration event, this specifies the quorum timeout period.
+- **resiliencyLevel**  Specifies the level of resiliency.
+- **resourceCounts**  Specifies the number of resources.
+- **resourceTypeCounts**  Specifies the number of resource types in the cluster.
+- **resourceTypes**  Data representative of each resource type.
+- **resourceTypesPath**  Data representative of the DLL path for each resource type.
+- **sameSubnetDelay**  The cluster parameter: same subnet delay.
+- **sameSubnetThreshold**  The cluster parameter: same subnet threshold.
+- **secondsInMixedMode**  The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
+- **securityLevel**  The cluster parameter: security level.
+- **securityLevelForStorage**  The cluster parameter: security level for storage.
+- **sharedVolumeBlockCacheSize**  Specifies the block cache size for shared for shared volumes.
+- **shutdownTimeoutMinutes**  Specifies the amount of time it takes to time out when shutting down.
+- **upNodeCount**  Specifies the number of nodes that are up (online).
+- **useClientAccessNetworksForCsv**  The cluster parameter: use client access networks for CSV.
+- **vmIsolationTime**  The cluster parameter: VM isolation time.
+- **witnessDatabaseWriteTimeout**  Specifies the timeout period for writing to the quorum witness database.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName**  The name of the app that has crashed.
+- **AppSessionGuid**  GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp**  The date/time stamp of the app.
+- **AppVersion**  The version of the app that has crashed.
+- **ExceptionCode**  The exception code returned by the process that has crashed.
+- **ExceptionOffset**  The address where the exception had occurred.
+- **Flags**  Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
+- **FriendlyAppName**  The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
+- **IsFatal**  True/False to indicate whether the crash resulted in process termination.
+- **ModName**  Exception module name (e.g. bar.dll).
+- **ModTimeStamp**  The date/time stamp of the module.
+- **ModVersion**  The version of the module that has crashed.
+- **PackageFullName**  Store application identity.
+- **PackageRelativeAppId**  Store application identity.
+- **ProcessArchitecture**  Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime**  The time of creation of the process that has crashed.
+- **ProcessId**  The ID of the process that has crashed.
+- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId**  The kernel reported AppId of the application being reported.
+- **TargetAppVer**  The specific version of the application being reported
+- **TargetAsId**  The sequence number for the hanging process.
+
+
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName**  The name of the app that has hung.
+- **AppSessionGuid**  GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion**  The version of the app that has hung.
+- **IsFatal**  True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName**  Store application identity.
+- **PackageRelativeAppId**  Store application identity.
+- **ProcessArchitecture**  Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime**  The time of creation of the process that has hung.
+- **ProcessId**  The ID of the process that has hung.
+- **ReportId**  A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId**  The kernel reported AppId of the application being reported.
+- **TargetAppVer**  The specific version of the application being reported.
+- **TargetAsId**  The sequence number for the hanging process.
+- **TypeCode**  Bitmap describing the hang type.
+- **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
+## Inventory events
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
+
+This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object.
+
+The following fields are available:
+
+- **Device**  A count of device objects in cache.
+- **DeviceCensus**  A count of device census objects in cache.
+- **DriverPackageExtended**  A count of driverpackageextended objects in cache.
+- **File**  A count of file objects in cache.
+- **FileSigningInfo**  A count of file signing objects in cache.
+- **Generic**  A count of generic objects in cache.
+- **HwItem**  A count of hwitem objects in cache.
+- **InventoryApplication**  A count of application objects in cache.
+- **InventoryApplicationAppV**  A count of application AppV objects in cache.
+- **InventoryApplicationDriver**  A count of application driver objects in cache
+- **InventoryApplicationFile**  A count of application file objects in cache.
+- **InventoryApplicationFramework**  A count of application framework objects in cache
+- **InventoryApplicationShortcut**  A count of application shortcut objects in cache
+- **InventoryDeviceContainer**  A count of device container objects in cache.
+- **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
+- **InventoryDeviceMediaClass**  A count of device media objects in cache.
+- **InventoryDevicePnp**  A count of device Plug and Play objects in cache.
+- **InventoryDeviceUsbHubClass**  A count of device usb objects in cache
+- **InventoryDriverBinary**  A count of driver binary objects in cache.
+- **InventoryDriverPackage**  A count of device objects in cache.
+- **InventoryMiscellaneousOfficeAddIn**  A count of office add-in objects in cache
+- **InventoryMiscellaneousOfficeAddInUsage**  A count of office add-in usage objects in cache.
+- **InventoryMiscellaneousOfficeIdentifiers**  A count of office identifier objects in cache
+- **InventoryMiscellaneousOfficeIESettings**  A count of office ie settings objects in cache
+- **InventoryMiscellaneousOfficeInsights**  A count of office insights objects in cache
+- **InventoryMiscellaneousOfficeProducts**  A count of office products objects in cache
+- **InventoryMiscellaneousOfficeSettings**  A count of office settings objects in cache
+- **InventoryMiscellaneousOfficeVBA**  A count of office vba objects in cache
+- **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office vba rule violations objects in cache
+- **InventoryMiscellaneousUUPInfo**  A count of uup info objects in cache
+- **Metadata**  A count of metadata objects in cache.
+- **Orphan**  A count of orphan file objects in cache.
+- **Programs**  A count of program objects in cache.
+
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
+
+This event sends inventory component versions for the Device Inventory data.
+
+The following fields are available:
+
+- **aeinv**  The version of the App inventory component.
+- **devinv**  The file version of the Device inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
+
+This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **CatalogSigners**  Signers from catalog. Each signer starts with Chain.
+- **DigestAlgorithm**  The pseudonymizing (hashing) algorithm used when the file or package was signed.
+- **DriverPackageStrongName**  Optional. Available only if FileSigningInfo is collected on a driver package.
+- **EmbeddedSigners**  Embedded signers. Each signer starts with Chain.
+- **FileName**  The file name of the file whose signatures are listed.
+- **FileType**  Either exe or sys, depending on if a driver package or application executable.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **Thumbprint**  Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
+
+This event sends basic metadata about an application on the system to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **HiddenArp**  Indicates whether a program hides itself from showing up in ARP.
+- **InstallDate**  The date the application was installed (a best guess based on folder creation date heuristics).
+- **InstallDateArpLastModified**  The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015  00:00:00
+- **InstallDateFromLinkFile**  The estimated date of install based on the links to the files.  Passed as an array.
+- **InstallDateMsi**  The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **Language**  The language code of the program.
+- **MsiPackageCode**  A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
+- **MsiProductCode**  A GUID that describe the MSI Product.
+- **Name**  The name of the application.
+- **OSVersionAtInstallTime**  The four octets from the OS version at the time of the application's install.
+- **PackageFullName**  The package full name for a Store application.
+- **ProgramInstanceId**  A hash of the file IDs in an app.
+- **Publisher**  The Publisher of the application. Location pulled from depends on the 'Source' field.
+- **RootDirPath**  The path to the root directory where the program was installed.
+- **Source**  How the program was installed (for example, ARP, MSI, Appx).
+- **StoreAppType**  A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
+- **Type**  One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
+- **Version**  The version number of the program.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents what drivers an application installs.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory component
+- **ProgramIds**  The unique program identifier the driver is associated with
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
+
+The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFileAdd
+
+This event provides file-level information about the applications that exist on the system. This event is used to understand the applications on a device to determine if those applications will experience compatibility issues when upgrading Windows.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BinaryType**  The architecture of the binary (executable) file.
+- **BinFileVersion**  Version information for the binary (executable) file.
+- **BinProductVersion**  The product version provided by the binary (executable) file.
+- **BoeProgramId**  The “bag of evidence” program identifier.
+- **CompanyName**  The company name included in the binary (executable) file.
+- **FileId**  A pseudonymized (hashed) unique identifier derived from the file itself.
+- **FileVersion**  The version of the file.
+- **InventoryVersion**  The version of the inventory component.
+- **Language**  The language declared in the binary (executable) file.
+- **LinkDate**  The compiler link date.
+- **LowerCaseLongPath**  The file path in “long” format.
+- **Name**  The file name.
+- **ProductName**  The product name declared in the binary (executable) file.
+- **ProductVersion**  The product version declared in the binary (executable) file.
+- **ProgramId**  The program identifier associated with the binary (executable) file.
+- **Size**  The size of the binary (executable) file.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
+
+This event provides the basic metadata about the frameworks an application may depend on.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **FileId**  A hash that uniquely identifies a file.
+- **Frameworks**  The list of frameworks this file depends on.
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
+
+This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
+
+This event indicates that a new set of InventoryApplicationAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
+
+This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Categories**  A comma separated list of functional categories in which the container belongs.
+- **DiscoveryMethod**  The discovery method for the device container.
+- **FriendlyName**  The name of the device container.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **IsActive**  Is the device connected, or has it been seen in the last 14 days?
+- **IsConnected**  For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
+- **IsMachineContainer**  Is the container the root device itself?
+- **IsNetworked**  Is this a networked device?
+- **IsPaired**  Does the device container require pairing?
+- **Manufacturer**  The manufacturer name for the device container.
+- **ModelId**  A unique model ID.
+- **ModelName**  The model name.
+- **ModelNumber**  The model number for the device container.
+- **PrimaryCategory**  The primary category for the device container.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
+
+This event indicates that the InventoryDeviceContainer object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
+
+This event indicates that a new set of InventoryDeviceContainerAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
+
+This event retrieves information about what sensor interfaces are available on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Accelerometer3D**  Indicates if an Accelerator3D sensor is found.
+- **ActivityDetection**  Indicates if an Activity Detection sensor is found.
+- **AmbientLight**  Indicates if an Ambient Light sensor is found.
+- **Barometer**  Indicates if a Barometer sensor is found.
+- **Custom**  Indicates if a Custom sensor is found.
+- **EnergyMeter**  Indicates if an Energy sensor is found.
+- **FloorElevation**  Indicates if a Floor Elevation sensor is found.
+- **GeomagneticOrientation**  Indicates if a Geo Magnetic Orientation sensor is found.
+- **GravityVector**  Indicates if a Gravity Detector sensor is found.
+- **Gyrometer3D**  Indicates if a Gyrometer3D sensor is found.
+- **Humidity**  Indicates if a Humidity sensor is found.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **LinearAccelerometer**  Indicates if a Linear Accelerometer sensor is found.
+- **Magnetometer3D**  Indicates if a Magnetometer3D sensor is found.
+- **Orientation**  Indicates if an Orientation sensor is found.
+- **Pedometer**  Indicates if a Pedometer sensor is found.
+- **Proximity**  Indicates if a Proximity sensor is found.
+- **RelativeOrientation**  Indicates if a Relative Orientation sensor is found.
+- **SimpleDeviceOrientation**  Indicates if a Simple Device Orientation sensor is found.
+- **Temperature**  Indicates if a Temperature sensor is found.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
+
+This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
+
+This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Audio.CaptureDriver**  The capture driver endpoint for the audio device.
+- **Audio.RenderDriver**  The render driver for the audio device.
+- **Audio_CaptureDriver**  The Audio device capture driver endpoint.
+- **Audio_RenderDriver**  The Audio device render driver endpoint.
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
+
+This event indicates that the InventoryDeviceMediaClassRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
+
+This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
+
+This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BusReportedDescription**  The description of the device reported by the bux.
+- **Class**  The device setup class of the driver loaded for the device.
+- **ClassGuid**  The device class GUID from the driver package
+- **COMPID**  The device setup class guid of the driver loaded for the device.
+- **ContainerId**  The list of compat ids for the device.
+- **Description**  System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
+- **DeviceDriverFlightId**  The test build (Flight) identifier of the device driver.
+- **DeviceExtDriversFlightIds**  The test build (Flight) identifier for all extended device drivers.
+- **DeviceInterfaceClasses**  The device interfaces that this device implements.
+- **DeviceState**  The device description.
+- **DriverId**  DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
+- **DriverName**  A unique identifier for the driver installed.
+- **DriverPackageStrongName**  The immediate parent directory name in the Directory field of InventoryDriverPackage
+- **DriverVerDate**  Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
+- **DriverVerVersion**  The immediate parent directory name in the Directory field of InventoryDriverPackage.
+- **Enumerator**  The date of the driver loaded for the device.
+- **ExtendedInfs**  The extended INF file names.
+- **FirstInstallDate**  The first time this device was installed on the machine.
+- **HWID**  The version of the driver loaded for the device.
+- **Inf**  The bus that enumerated the device.
+- **InstallDate**  The date of the most recent installation of the device on the machine.
+- **InstallState**  The device installation state.  One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
+- **InventoryVersion**  List of hardware ids for the device.
+- **LowerClassFilters**  Lower filter class drivers IDs installed for the device
+- **LowerFilters**  Lower filter drivers IDs installed for the device
+- **Manufacturer**  INF file name (the name could be renamed by OS, such as oemXX.inf)
+- **MatchingID**  Device installation state.
+- **Model**  The version of the inventory binary generating the events.
+- **ParentId**  Lower filter class drivers IDs installed for the device.
+- **ProblemCode**  Lower filter drivers IDs installed for the device.
+- **Provider**  The device manufacturer.
+- **Service**  The device service name
+- **STACKID**  Represents the hardware ID or compatible ID that Windows uses to install a device instance.
+- **UpperClassFilters**  Upper filter drivers IDs installed for the device
+- **UpperFilters**  The device model.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
+
+This event indicates that the InventoryDevicePnpRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
+
+This event sends basic metadata about the USB hubs on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **TotalUserConnectablePorts**  Total number of connectable USB ports.
+- **TotalUserConnectableTypeCPorts**  Total number of connectable USB Type C ports.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
+
+This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
+
+This event provides the basic metadata about driver binaries running on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **DriverCheckSum**  The checksum of the driver file.
+- **DriverCompany**  The company name that developed the driver.
+- **DriverInBox**  Is the driver included with the operating system?
+- **DriverIsKernelMode**  Is it a kernel mode driver?
+- **DriverName**  The file name of the driver.
+- **DriverPackageStrongName**  The strong name of the driver package
+- **DriverSigned**  The strong name of the driver package
+- **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
+- **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
+- **DriverVersion**  The version of the driver file.
+- **ImageSize**  The size of the driver file.
+- **Inf**  The name of the INF file.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **Product**  The product name that is included in the driver file.
+- **ProductVersion**  The product version that is included in the driver file.
+- **Service**  The name of the service that is installed for the device.
+- **WdfVersion**  The Windows Driver Framework version.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
+
+This event indicates that the InventoryDriverBinary object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
+
+This event indicates that a new set of InventoryDriverBinaryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
+
+This event sends basic metadata about drive packages installed on the system  to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Class**  The class name for the device driver.
+- **ClassGuid**  The class GUID for the device driver.
+- **Date**  The driver package date.
+- **Directory**  The path to the driver package.
+- **DriverInBox**  Is the driver included with the operating system?
+- **Inf**  The INF name of the driver package.
+- **InventoryVersion**  The version of the inventory file generating the events.
+- **Provider**  The provider for the driver package.
+- **SubmissionId**  The HLK submission ID for the driver package.
+- **Version**  The version of the driver package.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
+
+This event indicates that the InventoryDriverPackageRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
+
+This event indicates that a new set of InventoryDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
+
+
+
+### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
+
+Provides data on the installed Office Add-ins.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AddinCLSID**  The class identifier key for the Microsoft Office add-in.
+- **AddInId**  The identifier for the Microsoft Office add-in.
+- **AddinType**  The type of the Microsoft Office add-in.
+- **BinFileTimestamp**  The timestamp of the Office add-in.
+- **BinFileVersion**  The version of the Microsoft Office add-in.
+- **Description**  Description of the Microsoft Office add-in.
+- **FileId**  The file identifier of the Microsoft Office add-in.
+- **FileSize**  The file size of the Microsoft Office add-in.
+- **FriendlyName**  The friendly name for the Microsoft Office add-in.
+- **FullPath**  The full path to the Microsoft Office add-in.
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **LoadBehavior**  Integer that describes the load behavior.
+- **OfficeApplication**  The Microsoft Office application associated with the add-in.
+- **OfficeArchitecture**  The architecture of the add-in.
+- **OfficeVersion**  The Microsoft Office version for this add-in.
+- **OutlookCrashingAddin**  Indicates whether crashes have been found for this add-in.
+- **ProductCompany**  The name of the company associated with the Office add-in.
+- **ProductName**  The product name associated with the Microsoft Office add-in.
+- **ProductVersion**  The version associated with the Office add-in.
+- **ProgramId**  The unique program identifier of the Microsoft Office add-in.
+- **Provider**  Name of the provider for this add-in.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd
+
+Provides data on the Office identifiers.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **OAudienceData**  Sub-identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OAudienceId**  Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OMID**  Identifier for the Office SQM Machine
+- **OPlatform**  Whether the installed Microsoft Office product is 32-bit or 64-bit
+- **OTenantId**  Unique GUID representing the Microsoft O365 Tenant
+- **OVersion**  Installed version of Microsoft Office. For example, 16.0.8602.1000
+- **OWowMID**  Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows)
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd
+
+Provides data on Office-related Internet Explorer features.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **OIeFeatureAddon**  Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature.
+- **OIeMachineLockdown**  Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files.
+- **OIeMimeHandling**  Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeMimeSniffing**  Flag indicating which Microsoft Office products have this setting enabled. Determines a file's type by examining its bit signature. Windows Internet Explorer uses this information to determine how to render the file. The FEATURE_MIME_SNIFFING feature, when enabled, allows to be set differently for each security zone by using the URLACTION_FEATURE_MIME_SNIFFING URL action flag
+- **OIeNoAxInstall**  Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request
+- **OIeNoDownload**  Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeObjectCaching**  Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts
+- **OIePasswordDisable**  Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords
+- **OIeSafeBind**  Flag indicating which Microsoft Office products have this setting enabled.  The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control
+- **OIeSecurityBand**  Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted
+- **OIeUncSaveCheck**  Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC)
+- **OIeValidateUrl**  Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_VALIDATE_NAVIGATE_URL feature control prevents Windows Internet Explorer from navigating to a badly formed URL
+- **OIeWebOcPopup**  Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior
+- **OIeWinRestrict**  Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows
+- **OIeZoneElevate**  Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd
+
+This event provides insight data on the installed Office products
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **OfficeApplication**  The name of the Office application.
+- **OfficeArchitecture**  The bitness of the Office application.
+- **OfficeVersion**  The version of the Office application.
+- **Value**  The insights collected about this entity.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync
+
+This diagnostic event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd
+
+Describes Office Products installed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **OC2rApps**  A GUID the describes the Office Click-To-Run apps
+- **OC2rSkus**  Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus
+- **OMsiApps**  Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word
+- **OProductCodes**  A GUID that describes the Office MSI products
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd
+
+This event describes various Office settings
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BrowserFlags**  Browser flags for Office-related products
+- **ExchangeProviderFlags**  Provider policies for Office Exchange
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **SharedComputerLicensing**  Office shared computer licensing policies
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
+
+Indicates a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd
+
+This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Design**  Count of files with design issues found.
+- **Design_x64**  Count of files with 64 bit design issues found.
+- **DuplicateVBA**  Count of files with duplicate VBA code.
+- **HasVBA**  Count of files with VBA code.
+- **Inaccessible**  Count of files that were inaccessible for scanning.
+- **InventoryVersion**  The version of the inventory binary generating the events.
+- **Issues**  Count of files with issues detected.
+- **Issues_x64**  Count of files with 64-bit issues detected.
+- **IssuesNone**  Count of files with no issues detected.
+- **IssuesNone_x64**  Count of files with no 64-bit issues detected.
+- **Locked**  Count of files that were locked, preventing scanning.
+- **NoVBA**  Count of files with no VBA inside.
+- **Protected**  Count of files that were password protected, preventing scanning.
+- **RemLimited**  Count of files that require limited remediation changes.
+- **RemLimited_x64**  Count of files that require limited remediation changes for 64-bit issues.
+- **RemSignificant**  Count of files that require significant remediation changes.
+- **RemSignificant_x64**  Count of files that require significant remediation changes for 64-bit issues.
+- **Score**  Overall compatibility score calculated for scanned content.
+- **Score_x64**  Overall 64-bit compatibility score calculated for scanned content.
+- **Total**  Total number of files scanned.
+- **Validation**  Count of files that require additional manual validation.
+- **Validation_x64**  Count of files that require additional manual validation for 64-bit issues.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd
+
+This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Count**  Count of total Microsoft Office VBA rule violations
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion**  The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
+
+Provides data on Unified Update Platform (UUP) products and what version they are at.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Identifier**  UUP identifier
+- **LastActivatedVersion**  Last activated version
+- **PreviousVersion**  Previous version
+- **Source**  UUP source
+- **Version**  UUP version
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.Checksum
+
+This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events.
+
+The following fields are available:
+
+- **CensusId**  A unique hardware identifier.
+- **ChecksumDictionary**  A count of each operating system indicator.
+- **PCFP**  Equivalent to the InventoryId field that is found in other core events.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
+
+These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **IndicatorValue**  The indicator value.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorEndSync
+
+This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events has been sent. This data helps ensure the device is up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
+
+This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
+
+This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+## IoT events
+
+### Microsoft.Windows.IoT.Client.CEPAL.MonitorStarted
+
+This event identifies Windows Internet of Things (IoT) devices which are running the CE PAL subsystem by sending data during CE PAL startup.
+
+
+
+## Kernel events
+
+### IO
+
+This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
+
+The following fields are available:
+
+- **BytesRead**  The total number of bytes read from or read by the OS upon system startup.
+- **BytesWritten**  The total number of bytes written to or written by the OS upon system startup.
+
+
+### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
+
+OS information collected during Boot, used to evaluate the success of the upgrade process.
+
+The following fields are available:
+
+- **BootApplicationId**  This field tells us what the OS Loader Application Identifier is.
+- **BootAttemptCount**  The number of consecutive times the boot manager has attempted to boot into this operating system.
+- **BootSequence**  The current Boot ID, used to correlate events related to a particular boot session.
+- **BootStatusPolicy**  Identifies the applicable Boot Status Policy.
+- **BootType**  Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
+- **EventTimestamp**  Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
+- **FirmwareResetReasonEmbeddedController**  Reason for system reset provided by firmware.
+- **FirmwareResetReasonEmbeddedControllerAdditional**  Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonPch**  Reason for system reset provided by firmware.
+- **FirmwareResetReasonPchAdditional**  Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonSupplied**  Flag indicating that a reason for system reset was provided by firmware.
+- **IO**  Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
+- **LastBootSucceeded**  Flag indicating whether the last boot was successful.
+- **LastShutdownSucceeded**  Flag indicating whether the last shutdown was successful.
+- **MaxAbove4GbFreeRange**  This field describes the largest memory range available above 4Gb.
+- **MaxBelow4GbFreeRange**  This field describes the largest memory range available below 4Gb.
+- **MeasuredLaunchPrepared**  This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
+- **MeasuredLaunchResume**  This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation.
+- **MenuPolicy**  Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
+- **RecoveryEnabled**  Indicates whether recovery is enabled.
+- **SecureLaunchPrepared**  This field indicates if DRTM was prepared during boot.
+- **TcbLaunch**  Indicates whether the Trusted Computing Base was used during the boot flow.
+- **UserInputTime**  The amount of time the loader application spent waiting for user input.
+
+
+### Microsoft.Windows.Kernel.DeviceConfig.DeviceConfig
+
+This critical device configuration event provides information about drivers for a driver installation that took place within the kernel.
+
+The following fields are available:
+
+- **ClassGuid**  The unique ID for the device class.
+- **DeviceInstanceId**  The unique ID for the device on the system.
+- **DriverDate**  The date of the driver.
+- **DriverFlightIds**  The IDs for the driver flights.
+- **DriverInfName**  Driver INF file name.
+- **DriverProvider**  The driver manufacturer or provider.
+- **DriverSubmissionId**  The driver submission ID assigned by the hardware developer center.
+- **DriverVersion**  The driver version number.
+- **ExtensionDrivers**  The list of extension driver INF files, extension IDs, and associated flight IDs.
+- **FirstHardwareId**  The ID in the hardware ID list that provides the most specific device description.
+- **InboxDriver**  Indicates whether the driver package is included with Windows.
+- **InstallDate**  Date the driver was installed.
+- **LastCompatibleId**  The ID in the hardware ID list that provides the least specific device description.
+- **Legacy**  Indicates whether the driver is a legacy driver.
+- **NeedReboot**  Indicates whether the driver requires a reboot.
+- **SetupMode**  Indicates whether the device configuration occurred during the Out Of Box Experience (OOBE).
+- **StatusCode**  The NTSTATUS of device configuration operation.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateClearDevNodeProblem
+
+This event is sent when a problem code is cleared from a device.
+
+The following fields are available:
+
+- **Count**  The total number of events.
+- **DeviceInstanceId**  The unique identifier of the device on the system.
+- **LastProblem**  The previous problem that was cleared.
+- **LastProblemStatus**  The previous NTSTATUS value that was cleared.
+- **ServiceName**  The name of the driver or service attached to the device.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem
+
+This event is sent when a new problem code is assigned to a device.
+
+The following fields are available:
+
+- **Count**  The total number of events.
+- **DeviceInstanceId**  The unique identifier of the device in the system.
+- **LastProblem**  The previous problem code that was set on the device.
+- **LastProblemStatus**  The previous NTSTATUS value that was set on the device.
+- **Problem**  The new problem code that was set on the device.
+- **ProblemStatus**  The new NTSTATUS value that was set on the device.
+- **ServiceName**  The driver or service name that is attached to the device.
+
+
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid**  Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]**  Predefined folder path locations.
+- **migDiagSession->CString**  The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
+- **objectCount**  The count for the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **knownFoldersSys[i]**  The predefined folder path locations.
+- **migDiagSession->CString**  Identifies the phase of the upgrade where migration happens.
+- **objectCount**  The count of the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid**  Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]**  Predefined folder path locations.
+- **migDiagSession->CString**  The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount**  The number of objects that are being transferred.
+
+
+## Miracast events
+
+### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
+
+This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session
+
+The following fields are available:
+
+- **AudioChannelCount**  The number of audio channels.
+- **AudioSampleRate**  The sample rate of audio in terms of samples per second.
+- **AudioSubtype**  The unique subtype identifier of the audio codec (encoding method) used for audio encoding.
+- **AverageBitrate**  The average video bitrate used during the Miracast session, in bits per second.
+- **AverageDataRate**  The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second.
+- **AveragePacketSendTimeInMs**  The average time required for the network to send a sample, in milliseconds.
+- **ConnectorType**  The type of connector used during the Miracast session.
+- **EncodeAverageTimeMS**  The average time to encode a frame of video, in milliseconds.
+- **EncodeCount**  The count of total frames encoded in the session.
+- **EncodeMaxTimeMS**  The maximum time to encode a frame, in milliseconds.
+- **EncodeMinTimeMS**  The minimum time to encode a frame, in milliseconds.
+- **EncoderCreationTimeInMs**  The time required to create the video encoder, in milliseconds.
+- **ErrorSource**  Identifies the component that encountered an error that caused a disconnect, if applicable.
+- **FirstFrameTime**  The time (tick count) when the first frame is sent.
+- **FirstLatencyMode**  The first latency mode.
+- **FrameAverageTimeMS**  Average time to process an entire frame, in milliseconds.
+- **FrameCount**  The total number of frames processed.
+- **FrameMaxTimeMS**  The maximum time required to process an entire frame, in milliseconds.
+- **FrameMinTimeMS**  The minimum time required to process an entire frame, in milliseconds.
+- **Glitches**  The number of frames that failed to be delivered on time.
+- **HardwareCursorEnabled**  Indicates if hardware cursor was enabled when the connection ended.
+- **HDCPState**  The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended.
+- **HighestBitrate**  The highest video bitrate used during the Miracast session, in bits per second.
+- **HighestDataRate**  The highest available bandwidth reported by the WiFi driver, in bits per second.
+- **LastLatencyMode**  The last reported latency mode.
+- **LogTimeReference**  The reference time, in tick counts.
+- **LowestBitrate**  The lowest video bitrate used during the Miracast session, in bits per second.
+- **LowestDataRate**  The lowest video bitrate used during the Miracast session, in bits per second.
+- **MediaErrorCode**  The error code reported by the media session, if applicable.
+- **MiracastEntry**  The time (tick count) when the Miracast driver was first loaded.
+- **MiracastM1**  The time (tick count) when the M1 request was sent.
+- **MiracastM2**  The time (tick count) when the M2 request was sent.
+- **MiracastM3**  The time (tick count) when the M3 request was sent.
+- **MiracastM4**  The time (tick count) when the M4 request was sent.
+- **MiracastM5**  The time (tick count) when the M5 request was sent.
+- **MiracastM6**  The time (tick count) when the M6 request was sent.
+- **MiracastM7**  The time (tick count) when the M7 request was sent.
+- **MiracastSessionState**  The state of the Miracast session when the connection ended.
+- **MiracastStreaming**  The time (tick count) when the Miracast session first started processing frames.
+- **ProfileCount**  The count of profiles generated from the receiver M4 response.
+- **ProfileCountAfterFiltering**  The count of profiles after filtering based on available bandwidth and encoder capabilities.
+- **RefreshRate**  The refresh rate set on the remote display.
+- **RotationSupported**  Indicates if the Miracast receiver supports display rotation.
+- **RTSPSessionId**  The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session.
+- **SessionGuid**  The unique identifier of to correlate various Miracast events from a session.
+- **SinkHadEdid**  Indicates if the Miracast receiver reported an EDID.
+- **SupportMicrosoftColorSpaceConversion**  Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver.
+- **SupportsMicrosoftDiagnostics**  Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension.
+- **SupportsMicrosoftFormatChange**  Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension.
+- **SupportsMicrosoftLatencyManagement**  Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension.
+- **SupportsMicrosoftRTCP**  Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension.
+- **SupportsMicrosoftVideoFormats**  Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution.
+- **SupportsWiDi**  Indicates whether Miracast receiver supports Intel WiDi extensions.
+- **TeardownErrorCode**  The error code reason for teardown provided by the receiver, if applicable.
+- **TeardownErrorReason**  The text string reason for teardown provided by the receiver, if applicable.
+- **UIBCEndState**  Indicates whether UIBC was enabled when the connection ended.
+- **UIBCEverEnabled**  Indicates whether UIBC was ever enabled.
+- **UIBCStatus**  The result code reported by the UIBC setup process.
+- **VideoBitrate**  The starting bitrate for the video encoder.
+- **VideoCodecLevel**  The encoding level used for encoding, specific to the video subtype.
+- **VideoHeight**  The height of encoded video frames.
+- **VideoSubtype**  The unique subtype identifier of the video codec (encoding method) used for video encoding.
+- **VideoWidth**  The width of encoded video frames.
+- **WFD2Supported**  Indicates if the Miracast receiver supports WFD2 protocol.
+
+
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience.
+
+The following fields are available:
+
+- **presentationVersion**  Which display version of the privacy consent experience the user completed
+- **privacyConsentState**  The current state of the privacy consent experience
+- **settingsVersion**  Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason**  The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+Event tells us effectiveness of new privacy experience.
+
+The following fields are available:
+
+- **isAdmin**  whether the person who is logging in is an admin
+- **isExistingUser**  whether the account existed in a downlevel OS
+- **isLaunching**  Whether or not the privacy consent experience will be launched
+- **isSilentElevation**  whether the user has most restrictive UAC controls
+- **privacyConsentState**  whether the user has completed privacy experience
+- **userRegionCode**  The current user's region setting
+
+
+## Push Button Reset events
+
+### Microsoft.Windows.PBR.BitLockerWipeFinished
+
+This event sends error data after the BitLocker wipe finishes if there were any issues during the wipe.
+
+The following fields are available:
+
+- **error**  The error code if there were any issues during the BitLocker wipe.
+- **sessionID**  This is the session ID.
+- **succeeded**  Indicates the BitLocker wipe successful completed.
+- **timestamp**  Time the event occurred.
+
+
+### Microsoft.Windows.PBR.BootState
+
+This event sends data on the Windows Recovery Environment (WinRE) boot, which can be used to determine whether the boot was successful.
+
+The following fields are available:
+
+- **BsdSummaryInfo**  Summary of the last boot.
+- **sessionID**  The ID of the push-button reset session.
+- **timestamp**  The timestamp of the boot state.
+
+
+### Microsoft.Windows.PBR.ClearTPMStarted
+
+This event sends basic data about the recovery operation on the device to allow investigation.
+
+The following fields are available:
+
+- **sessionID**  The ID for this push-button restart session.
+- **timestamp**  The time when the Trusted Platform Module will be erased.
+
+
+### Microsoft.Windows.PBR.ClientInfo
+
+This event indicates whether push-button reset (PBR) was initiated while the device was online or offline.
+
+The following fields are available:
+
+- **name**  Name of the user interface entry point.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The time when this event occurred.
+
+
+### Microsoft.Windows.PBR.Completed
+
+This event sends data about the recovery operation on the device to allow for investigation.
+
+The following fields are available:
+
+- **sessionID**  The ID of the push-button reset session.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.DataVolumeCount
+
+This event provides the number of additional data volumes that the push-button reset operation has detected.
+
+The following fields are available:
+
+- **count**  The number of attached data drives.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Time the event occurred.
+
+
+### Microsoft.Windows.PBR.DiskSpaceRequired
+
+This event sends the peak disk usage required for the push-button reset operation.
+
+The following fields are available:
+
+- **numBytes**  The number of bytes required for the reset operation.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Time the event occurred.
+
+
+### Microsoft.Windows.PBR.EnterAPI
+
+This event is sent at the beginning of each push-button reset (PRB) operation.
+
+The following fields are available:
+
+- **apiName**  Name of the API command that is about to execute.
+- **sessionID**  The session ID.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.EnteredOOBE
+
+This event is sent when the push-button reset (PRB) process enters the Out Of Box Experience (OOBE).
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.LeaveAPI
+
+This event is sent when the push-button reset operation is complete.
+
+The following fields are available:
+
+- **apiName**  Name of the API command that completed.
+- **errorCode**  Error code if an error occurred during the API call.
+- **sessionID**  The ID of this push-button reset session.
+- **success**  Indicates whether the API call was successful.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OEMExtensionFinished
+
+This event is sent when the OEM extensibility scripts have completed.
+
+The following fields are available:
+
+- **exitCode**  The exit code from OEM extensibility scripts to push-button reset.
+- **param**  Parameters used for the OEM extensibility script.
+- **phase**  Name of the OEM extensibility script phase.
+- **script**  The path to the OEM extensibility script.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether the OEM extensibility script executed successfully.
+- **timedOut**  Indicates whether the OEM extensibility script timed out.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OEMExtensionStarted
+
+This event is sent when the OEM extensibility scripts start to execute.
+
+The following fields are available:
+
+- **param**  The parameters used by the OEM extensibility script.
+- **phase**  The name of the OEM extensibility script phase.
+- **script**  The path to the OEM extensibility script.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationExecuteFinished
+
+This event is sent at the end of a push-button reset (PBR) operation.
+
+The following fields are available:
+
+- **error**  Indicates the result code of the event.
+- **index**  The operation index.
+- **operation**  The name of the operation.
+- **phase**  The name of the operation phase.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether the operation successfully completed.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationExecuteStarted
+
+This event is sent at the beginning of a push-button reset operation.
+
+The following fields are available:
+
+- **index**  The index of this operation.
+- **operation**  The name of this operation.
+- **phase**  The phase of this operation.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Timestamp of this push-button reset event.
+- **weight**  The weight of the operation used to distribute the change in percentage.
+
+
+### Microsoft.Windows.PBR.OperationQueueConstructFinished
+
+This event is sent when construction of the operation queue for push-button reset is finished.
+
+The following fields are available:
+
+- **error**  The result code for operation queue construction.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether the operation successfully completed.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationQueueConstructStarted
+
+This event is sent when construction of the operation queue for push-button reset is started.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.PBRClearRollBackEntry
+
+This event is sent when the push-button reset operation clears the rollback entry. Push-button reset cannot rollback after this point.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRClearTPMFailed
+
+This event is sent when there was a failure while clearing the Trusted Platform Module (TPM).
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionFailed
+
+This event is sent when the push-button reset operation fails to construct a new copy of the operating system.
+
+The following fields are available:
+
+- **HRESULT**  Indicates the result code of the event.
+- **PBRType**  The type of push-button reset.
+- **SessionID**  The ID of this push-button reset session.
+- **SPErrorCode**  The error code for the Setup Platform operation.
+- **SPOperation**  The last Setup Platform operation.
+- **SPPhase**  The last phase of the Setup Platform operation.
+
+
+### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionSucceed
+
+This event is sent when the push-button reset operation succeeds in constructing a new copy of the operating system.
+
+The following fields are available:
+
+- **CBSPackageCount**  The Component Based Servicing package count.
+- **CustomizationPackageCount**  The Customization package count.
+- **PBRType**  The type of push-button reset.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRDriverInjectionFailed
+
+This event is sent when the driver injection fails.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFailed
+
+This event is sent when the push-button reset operation fails and rolls back to the previous state.
+
+The following fields are available:
+
+- **ErrorType**  The result code for the push-button reset error.
+- **PBRType**  The type of push-button reset.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFinalizeNewSystemFailed
+
+This event is sent when the push-button reset operation fails to finalize the new system.
+
+The following fields are available:
+
+- **HRESULT**  The result error code.
+- **SessionID**  The ID of this push-button reset session.
+- **SPErrorCode**  The error code for the Setup Platform operation.
+- **SPOperation**  The Setup Platform operation.
+- **SPPhase**  The phase of the Setup Platform operation.
+
+
+### Microsoft.Windows.PBR.PBRFinalizeNewSystemSucceed
+
+This event is sent when the push-button reset operation succeeds in finalizing the new system.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFinalUserSelection
+
+This event is sent when the user makes the final selection in the user interface.
+
+The following fields are available:
+
+- **PBREraseData**  Indicates whether the option to erase data is selected.
+- **PBRRecoveryStrategy**  The recovery strategy for the push-button reset operation.
+- **PBRRepartitionDisk**  Indicates whether the user has selected the option to repartition the disk.
+- **PBRVariation**  Indicates the push-button reset type.
+- **PBRWipeDataDrives**  Indicates whether the option to wipe the data drives is selected.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFormatOSVolumeFailed
+
+This event is sent when the operation to format the operating system volume fails during push-button reset (PBR).
+
+The following fields are available:
+
+- **JustDeleteFiles**  Indicates whether disk formatting was skipped.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFormatOSVolumeSucceed
+
+This event is sent when the operation to format the operating system volume succeeds during push-button reset (PBR).
+
+The following fields are available:
+
+- **JustDeleteFiles**  Indicates whether disk formatting was skipped.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRInstallWinREFailed
+
+This event sends basic data about the recovery operation failure on the device to allow investigation.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRIOCTLErasureSucceed
+
+This event is sent when the erasure operation succeeds during push-button reset (PBR).
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRLayoutImageFailed
+
+This event is sent when push-button reset fails to create a new image of Windows.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRLayoutImageSucceed
+
+This event is sent when push-button reset succeeds in creating a new image of Windows.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBROEM1Failed
+
+This event is sent when the first OEM extensibility operation is successfully completed.
+
+The following fields are available:
+
+- **HRESULT**  The result error code from the OEM extensibility script.
+- **Parameters**  The parameters that were passed to the OEM extensibility script.
+- **PBRType**  The type of push-button reset.
+- **ScriptName**  The path to the OEM extensibility script.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBROEM2Failed
+
+This event is sent when the second OEM extensibility operation is successfully completed.
+
+The following fields are available:
+
+- **HRESULT**  The result error code from the OEM extensibility script.
+- **Parameters**  The parameters that were passed to the OEM extensibility script.
+- **PBRType**  The type of push-button reset.
+- **ScriptName**  The path to the OEM extensibility script.
+- **SessionID**  The ID of the push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyFailed
+
+This event returns data indicating the failure of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyFinished
+
+This event returns data indicating the completion of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyStarted
+
+This event returns data indicating the start of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyFailed
+
+This event returns data indicating the failure of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyFinished
+
+This event returns data indicating the completion of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyStarted
+
+This event returns data indicating the start of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRReachedOOBE
+
+This event returns data when the PBR (Push Button Reset) process reaches the OOBE (Out of Box Experience).
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRReconstructionInitiated
+
+This event returns data when a PBR (Push Button Reset) reconstruction operation begins.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecks
+
+This event returns data when PBR (Push Button Reset) requirement checks begin.
+
+The following fields are available:
+
+- **DeploymentType**  The type of deployment.
+- **InstallType**  The type of installation.
+- **PBRType**  The type of push-button reset.
+- **SessionID**  The ID for this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecksFailed
+
+This event returns data when PBR (Push Button Reset) requirement checks fail.
+
+The following fields are available:
+
+- **DiskSpaceAvailable**  The disk space available for the push-button reset.
+- **DiskSpaceRequired**  The disk space required for the push-button reset.
+- **ErrorType**  The type of error that occurred during the requirement checks phase of the push-button reset operation.
+- **PBRImageVersion**  The image version of the push-button reset tool.
+- **PBRRecoveryStrategy**  The recovery strategy for this phase of push-button reset.
+- **PBRStartedFrom**  Identifies the push-button reset entry point.
+- **PBRType**  The type of push-button reset specified by the user interface.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecksPassed
+
+This event returns data when PBR (Push Button Reset) requirement checks are passed.
+
+The following fields are available:
+
+- **OSVersion**  The OS version installed on the device.
+- **PBRImageType**  The push-button reset image type.
+- **PBRImageVersion**  The version of the push-button reset image.
+- **PBRRecoveryStrategy**  The push-button reset recovery strategy.
+- **PBRStartedFrom**  Identifies the push-button reset entry point.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRestoreLicenseFailed
+
+This event sends basic data about recovery operation failure on the device. This data allows investigation to help keep Windows and PBR (Push Button Reset) up to date.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRSucceed
+
+This event returns data when PBR (Push Button Reset) succeeds.
+
+The following fields are available:
+
+- **OSVersion**  The OS version installed on the device.
+- **PBRType**  The type of push-button reset.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRUserCancelled
+
+This event returns data when the user cancels the PBR (Push Button Reset) from the UI (user interface).
+
+The following fields are available:
+
+- **CancelPage**  The ID of the page where the user clicked Cancel.
+- **PBRVariation**  The type of push-button reset.
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRVersionsMistmatch
+
+This event returns data when there is a version mismatch for WinRE (Windows Recovery) and the OS.
+
+The following fields are available:
+
+- **OSVersion**  The OS version installed on the device.
+- **REVersion**  The version of Windows Recovery Environment (WinRE).
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRWinREInstallationFailed
+
+This event returns data when the WinRE (Windows Recovery) installation fails.
+
+The following fields are available:
+
+- **SessionID**  The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PhaseFinished
+
+This event returns data when a phase of PBR (Push Button Reset) has completed.
+
+The following fields are available:
+
+- **error**  The result code for this phase of push-button reset.
+- **phase**  The name of this push-button reset phase.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether this phase of push-button reset executed successfully.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.PhaseStarted
+
+This event is sent when a phase of the push-button reset (PBR) operation starts.
+
+The following fields are available:
+
+- **phase**  The name of this phase of push-button reset.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReconstructionInfo
+
+This event returns data about the PBR (Push Button Reset) reconstruction.
+
+The following fields are available:
+
+- **numPackagesAbandoned**  The number of packages that were abandoned during the reconstruction operation of push-button reset.
+- **numPackagesFailed**  The number of packages that failed during the reconstruction operation of push-button reset.
+- **sessionID**  The ID of this push-button reset session.
+- **slowMode**  The mode of reconstruction.
+- **targetVersion**  The target version of the OS for the reconstruction.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ResetOptions
+
+This event returns data about the PBR (Push Button Reset) reset options selected by the user.
+
+The following fields are available:
+
+- **overwriteSpace**  Indicates whether the option was selected to erase data during push-button reset.
+- **preserveWorkplace**  Indicates whether the option was selected to reserve the workplace during push-button reset.
+- **scenario**  The selected scenario for the push-button on reset operation.
+- **sessionID**  The ID of this push-button on reset session.
+- **timestamp**  The timestamp of this push-button on reset event.
+- **wipeData**  Indicates whether the option was selected to wipe additional drives during push-button reset.
+
+
+### Microsoft.Windows.PBR.RetryQueued
+
+This event returns data about the retry count when PBR (Push Button Reset) is restarted due to a reboot.
+
+The following fields are available:
+
+- **attempt**  The number of retry attempts that were made
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReturnedToOldOS
+
+This event returns data after PBR (Push Button Reset) has completed the rollback.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp  of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReturnTaskSchedulingFailed
+
+This event returns data when there is a failure scheduling a boot into WinRE (Windows Recovery).
+
+The following fields are available:
+
+- **errorCode**  The error that occurred while scheduling the task.
+- **sessionID**  The ID of this push-button reset session.
+- **taskName**  The name of the task.
+- **timestamp**  The ID of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.RollbackFinished
+
+This event returns data when the PBR (Push Button Reset) rollback completes.
+
+The following fields are available:
+
+- **error**  Any errors that occurred during rollback to the old operating system.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether the rollback succeeded.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.RollbackStarted
+
+This event returns data when the PBR (Push Button Reset) rollback begins.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ScenarioNotSupported
+
+This event returns data when the PBR (Push Button Reset) scenario selected is not supported on the device.
+
+The following fields are available:
+
+- **errorCode**  The error that occurred.
+- **reason**  The reason why this push-button reset scenario is not supported.
+- **sessionID**  The ID for this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionCreated
+
+This event returns data when the PRB (Push Button Reset) session is created at the beginning of the UI (user interface) process.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionResumed
+
+This event returns data when the PRB (Push Button Reset) session is resumed after reboots.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionSaved
+
+This event returns data when the PRB (Push Button Reset) session is suspended between reboots.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupExecuteFinished
+
+This event returns data when the PBR (Push Button Reset) setup finishes.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **systemState**  Information about the system state of the Setup Platform operation.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupExecuteStarted
+
+This event returns data when the PBR (Push Button Reset) setup starts.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupFinalizeStarted
+
+This event returns data when the Finalize operation is completed by setup during PBR (Push Button Reset).
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupOperationFailed
+
+This event returns data when a PRB (Push Button Reset) setup operation fails.
+
+The following fields are available:
+
+- **errorCode**  An error that occurred during the setup phase of push-button reset.
+- **sessionID**  The ID of this push-button reset session.
+- **setupExecutionOperation**  The name of the Setup Platform operation.
+- **setupExecutionPhase**  The phase of the setup operation that failed.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SystemInfoField
+
+This event returns data about the device when the user initiates the PBR UI (Push Button Reset User Interface), to ensure the appropriate reset options are shown to the user.
+
+The following fields are available:
+
+- **name**  Name of the system information field.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp of this push-button reset event.
+- **value**  The system information field value.
+
+
+### Microsoft.Windows.PBR.SystemInfoListItem
+
+This event returns data about the device when the user initiates the PBR UI (Push Button Reset User Interface), to ensure the appropriate options can be shown to the user.
+
+The following fields are available:
+
+- **index**  The index number associated with the system information item.
+- **name**  The name of the list of system information items.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+- **value**  The value of the system information item.
+
+
+### Microsoft.Windows.PBR.SystemInfoSenseFinished
+
+This event returns data when System Info Sense is finished.
+
+The following fields are available:
+
+- **error**  The error code if an error occurred while querying for system information.
+- **sessionID**  The ID of this push-button reset session.
+- **succeeded**  Indicates whether the query for system information was successful.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SystemInfoSenseStarted
+
+This event returns data when System Info Sense is started.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset event.
+- **timestamp**  The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserAcknowledgeCleanupWarning
+
+This event returns data when the user acknowledges the cleanup warning pop-up after PRB (Push Button Reset) is complete.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserCancel
+
+This event returns data when the user confirms they wish to cancel PBR (Push Button Reset) from the user interface.
+
+The following fields are available:
+
+- **pageID**  The page ID for the page the user canceled.
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserConfirmStart
+
+This event returns data when the user confirms they wish to reset their device and PBR (Push Button Reset) begins.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.WinREInstallFinished
+
+This event returns data when WinRE (Windows Recovery) installation is complete.
+
+The following fields are available:
+
+- **errorCode**  Any error that occurred during the Windows Recovery Environment (WinRE) installation.
+- **sessionID**  The ID of this push-button reset session.
+- **success**  Indicates whether the Windows Recovery Environment (WinRE) installation successfully completed.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.WinREInstallStarted
+
+This event returns data when WinRE (Windows Recovery) installation starts.
+
+The following fields are available:
+
+- **sessionID**  The ID of this push-button reset session.
+- **timestamp**  The timestamp for this push-button reset event.
+
+
+## Sediment events
+
+### Microsoft.Windows.Sediment.Info.DetailedState
+
+This event is sent when detailed state information is needed from an update trial run.
+
+The following fields are available:
+
+- **Data**  Data relevant to the state, such as what percent of disk space the directory takes up.
+- **Id**  Identifies the trial being run, such as a disk related trial.
+- **ReleaseVer**  The version of the component.
+- **State**  The state of the reporting data from the trial, such as the top-level directory analysis.
+- **Time**  The time the event was fired.
+
+
+### Microsoft.Windows.Sediment.Info.PhaseChange
+
+The event indicates progress made by the updater. This information assists in keeping Windows up to date.
+
+The following fields are available:
+
+- **NewPhase**  The phase of progress made.
+- **ReleaseVer**  The version information for the component in which the change occurred.
+- **Time**  The system time at which the phase chance occurred.
+
+
+## Setup events
+
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value**  Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name**  The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+
+
+### SetupPlatformTel.SetupPlatformTelEvent
+
+This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios.
+
+The following fields are available:
+
+- **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value**  Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
+
+
+## Software update events
+
+### SoftwareUpdateClientTelemetry.CheckForUpdates
+
+Scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActivityMatchingId**  Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults**  Indicates if the scan allowed using cached results.
+- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable
+- **BiosFamily**  The family of the BIOS (Basic Input Output System).
+- **BiosName**  The name of the device BIOS.
+- **BiosReleaseDate**  The release date of the device BIOS.
+- **BiosSKUNumber**  The sku number of the device BIOS.
+- **BIOSVendor**  The vendor of the BIOS.
+- **BiosVersion**  The version of the BIOS.
+- **BranchReadinessLevel**  The servicing branch configured on the device.
+- **CachedEngineVersion**  For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
+- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
+- **CapabilityDetectoidGuid**  The GUID for a hardware applicability detectoid that could not be evaluated.
+- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+- **ClientVersion**  The version number of the software distribution client.
+- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
+- **Context**  Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
+- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
+- **DeferralPolicySources**  Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
+- **DeferredUpdates**  Update IDs which are currently being deferred until a later time
+- **DeviceModel**  What is the device model.
+- **DriverError**  The error code hit during a driver scan. This is 0 if no error was encountered.
+- **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
+- **DriverSyncPassPerformed**  Were drivers scanned this time?
+- **EventInstanceID**  A globally unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
+- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
+- **FailedUpdatesCount**  The number of updates that failed to be evaluated during the scan.
+- **FeatureUpdateDeferral**  The deferral period configured for feature OS updates on the device (in days).
+- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
+- **FeatureUpdatePausePeriod**  The pause duration configured for feature OS updates on the device (in days).
+- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
+- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
+- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6
+- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
+- **IsWUfBFederatedScanDisabled**  Indicates if Windows Update for Business federated scan is disabled on the device.
+- **MetadataIntegrityMode**  The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MSIError**  The last error that was encountered during a scan for updates.
+- **NetworkConnectivityDetected**  Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
+- **NumberOfApplicableUpdates**  The number of updates which were ultimately deemed applicable to the system after the detection process is complete
+- **NumberOfApplicationsCategoryScanEvaluated**  The number of categories (apps) for which an app update scan checked
+- **NumberOfLoop**  The number of round trips the scan required
+- **NumberOfNewUpdatesFromServiceSync**  The number of updates which were seen for the first time in this scan
+- **NumberOfUpdatesEvaluated**  The total number of updates which were evaluated as a part of the scan
+- **NumFailedMetadataSignatures**  The number of metadata signatures checks which failed for new metadata synced down.
+- **Online**  Indicates if this was an online scan.
+- **PausedUpdates**  A list of UpdateIds which that currently being paused.
+- **PauseFeatureUpdatesEndTime**  If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseFeatureUpdatesStartTime**  If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PauseQualityUpdatesEndTime**  If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseQualityUpdatesStartTime**  If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
+- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdateDeferral**  The deferral period configured for quality OS updates on the device (in days).
+- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
+- **QualityUpdatePausePeriod**  The pause duration configured for quality OS updates on the device (in days).
+- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
+- **ScanDurationInSeconds**  The number of seconds a scan took
+- **ScanEnqueueTime**  The number of seconds it took to initialize a scan
+- **ScanProps**  This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
+- **ServiceUrl**  The environment URL a device is configured to scan with
+- **ShippingMobileOperator**  The mobile operator that a device shipped on.
+- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
+- **SyncType**  Describes the type of scan the event was
+- **SystemBIOSMajorRelease**  Major version of the BIOS.
+- **SystemBIOSMinorRelease**  Minor version of the BIOS.
+- **TargetMetadataVersion**  For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **TotalNumMetadataSignatures**  The total number of metadata signatures checks done for new metadata that was synced down.
+- **WebServiceRetryMethods**  Web service method requests that needed to be retried to complete operation.
+- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Commit
+
+This event tracks the commit process post the update installation when software update client is trying to update the device.
+
+The following fields are available:
+
+- **BiosFamily**  Device family as defined in the system BIOS
+- **BiosName**  Name of the system BIOS
+- **BiosReleaseDate**  Release date of the system BIOS
+- **BiosSKUNumber**  Device SKU as defined in the system BIOS
+- **BIOSVendor**  Vendor of the system BIOS
+- **BiosVersion**  Version of the system BIOS
+- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber**  Identifies the revision number of the content bundle
+- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion**  Version number of the software distribution client
+- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
+- **DeviceModel**  Device model as defined in the system bios
+- **EventInstanceID**  A globally unique identifier for event instance
+- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **EventType**  Possible values are "Child", "Bundle", "Relase" or "Driver".
+- **FlightId**  The specific id of the flight the device is getting
+- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
+- **RevisionNumber**  Identifies the revision number of this specific piece of content
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **SystemBIOSMajorRelease**  Major release version of the system bios
+- **SystemBIOSMinorRelease**  Minor release version of the system bios
+- **UpdateId**  Identifier associated with the specific piece of content
+- **WUDeviceID**  Unique device id controlled by the software distribution client
+
+
+### SoftwareUpdateClientTelemetry.Download
+
+Download process event for target update on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActiveDownloadTime**  Number of seconds the update was actively being downloaded.
+- **AppXBlockHashFailures**  Indicates the number of blocks that failed hash validation during download.
+- **AppXBlockHashValidationFailureCount**  A count of the number of blocks that have failed validation after being downloaded.
+- **AppXDownloadScope**  Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client.
+- **AppXScope**  Indicates the scope of the app download.
+- **BiosFamily**  The family of the BIOS (Basic Input Output System).
+- **BiosName**  The name of the device BIOS.
+- **BiosReleaseDate**  The release date of the device BIOS.
+- **BiosSKUNumber**  The sku number of the device BIOS.
+- **BIOSVendor**  The vendor of the BIOS.
+- **BiosVersion**  The version of the BIOS.
+- **BundleBytesDownloaded**  Number of bytes downloaded for the specific content bundle.
+- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount**  Indicates whether this particular update bundle previously failed.
+- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to download.
+- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
+- **BytesDownloaded**  Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
+- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
+- **CbsDownloadMethod**  Indicates whether the download was a full-file download or a partial/delta download.
+- **CbsMethod**  The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
+- **CDNCountryCode**  Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId**  ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion**  The version number of the software distribution client.
+- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior.
+- **ConnectTime**  Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
+- **CurrentMobileOperator**  The mobile operator the device is currently connected to.
+- **DeviceModel**  What is the device model.
+- **DownloadPriority**  Indicates whether a download happened at background, normal, or foreground priority.
+- **DownloadProps**  Information about the download operation properties in the form of a bitmask.
+- **EventInstanceID**  A globally unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
+- **EventType**  Possible values are Child, Bundle, or Driver.
+- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
+- **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
+- **FlightId**  The specific ID of the flight (pre-release build) the device is getting.
+- **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
+- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
+- **HostName**  The hostname URL the content is downloading from.
+- **IPVersion**  Indicates whether the download took place over IPv4 or IPv6.
+- **IsDependentSet**  Indicates whether a driver is a part of a larger System Hardware/Firmware Update
+- **IsWUfBDualScanEnabled**  Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Indicates if Windows Update for Business is enabled on the device.
+- **NetworkCost**  A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
+- **NetworkCostBitMask**  Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
+- **NetworkRestrictionStatus**  More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
+- **PackageFullName**  The package name of the content.
+- **PhonePreviewEnabled**  Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
+- **PostDnldTime**  Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
+- **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
+- **Reason**  A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
+- **RegulationReason**  The reason that the update is regulated
+- **RegulationResult**  The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
+- **RepeatFailCount**  Indicates whether this specific content has previously failed.
+- **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
+- **RevisionNumber**  The revision number of the specified piece of content.
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **Setup360Phase**  If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator**  The mobile operator that a device shipped on.
+- **SizeCalcTime**  Time taken (in seconds) to calculate the total download size of the payload.
+- **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease**  Major version of the BIOS.
+- **SystemBIOSMinorRelease**  Minor version of the BIOS.
+- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **ThrottlingServiceHResult**  Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
+- **TimeToEstablishConnection**  Time (in ms) it took to establish the connection prior to beginning downloaded.
+- **TotalExpectedBytes**  The total count of bytes that the download is expected to be.
+- **UpdateId**  An identifier associated with the specific piece of content.
+- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedDO**  Whether the download used the delivery optimization service.
+- **UsedSystemVolume**  Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.DownloadCheckpoint
+
+This event provides a checkpoint between each of the Windows Update download phases for UUP content
+
+The following fields are available:
+
+- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion**  The version number of the software distribution client
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
+- **EventType**  Possible values are "Child", "Bundle", "Relase" or "Driver"
+- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
+- **FileId**  A hash that uniquely identifies a file
+- **FileName**  Name of the downloaded file
+- **FlightId**  The unique identifier for each flight
+- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
+- **RevisionNumber**  Unique revision number of Update
+- **ServiceGuid**  An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
+- **StatusCode**  Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
+- **UpdateId**  Unique Update ID
+- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
+### SoftwareUpdateClientTelemetry.DownloadHeartbeat
+
+This event allows tracking of ongoing downloads and contains data to explain the current state of the download
+
+The following fields are available:
+
+- **BytesTotal**  Total bytes to transfer for this content
+- **BytesTransferred**  Total bytes transferred for this content at the time of heartbeat
+- **CallerApplicationName**  Name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion**  The version number of the software distribution client
+- **ConnectionStatus**  Indicates the connectivity state of the device at the time of heartbeat
+- **CurrentError**  Last (transient) error encountered by the active download
+- **DownloadFlags**  Flags indicating if power state is ignored
+- **DownloadState**  Current state of the active download for this content (queued, suspended, or progressing)
+- **EventType**  Possible values are "Child", "Bundle", or "Driver"
+- **FlightId**  The unique identifier for each flight
+- **IsNetworkMetered**  Indicates whether Windows considered the current network to be ?metered"
+- **MOAppDownloadLimit**  Mobile operator cap on size of application downloads, if any
+- **MOUpdateDownloadLimit**  Mobile operator cap on size of operating system update downloads, if any
+- **PowerState**  Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
+- **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
+- **ResumeCount**  Number of times this active download has resumed from a suspended state
+- **RevisionNumber**  Identifies the revision number of this specific piece of content
+- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **SuspendCount**  Number of times this active download has entered a suspended state
+- **SuspendReason**  Last reason for why this active download entered a suspended state
+- **UpdateId**  Identifier associated with the specific piece of content
+- **WUDeviceID**  Unique device id controlled by the software distribution client
+
+
+### SoftwareUpdateClientTelemetry.Install
+
+This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
+
+The following fields are available:
+
+- **BiosFamily**  The family of the BIOS (Basic Input Output System).
+- **BiosName**  The name of the device BIOS.
+- **BiosReleaseDate**  The release date of the device BIOS.
+- **BiosSKUNumber**  The sku number of the device BIOS.
+- **BIOSVendor**  The vendor of the BIOS.
+- **BiosVersion**  The version of the BIOS.
+- **BundleId**  Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount**  Indicates whether this particular update bundle has previously failed.
+- **BundleRepeatFailFlag**  Indicates whether this particular update bundle previously failed to install.
+- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
+- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
+- **ClientVersion**  The version number of the software distribution client.
+- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
+- **CSIErrorType**  The stage of CBS installation where it failed.
+- **CurrentMobileOperator**  The mobile operator to which the device is currently connected.
+- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
+- **DeviceModel**  The device model.
+- **DriverPingBack**  Contains information about the previous driver and system state.
+- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID**  A globally unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **EventType**  Possible values are Child, Bundle, or Driver.
+- **ExtendedErrorCode**  The extended error code.
+- **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
+- **FlightBranch**  The branch that a device is on if participating in the Windows Insider Program.
+- **FlightBuildNumber**  If this installation was for a Windows Insider build, this is the build number of that build.
+- **FlightId**  The specific ID of the Windows Insider build the device is getting.
+- **FlightRing**  The ring that a device is on if participating in the Windows Insider Program.
+- **HandlerType**  Indicates what kind of content is being installed (for example, app, driver, Windows update).
+- **HardwareId**  If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator**  The mobile operator that the device was originally intended to work with.
+- **InstallProps**  A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
+- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
+- **IsDependentSet**  Indicates whether the driver is part of a larger System Hardware/Firmware update.
+- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware**  Indicates whether this update is a firmware update.
+- **IsSuccessFailurePostReboot**  Indicates whether the update succeeded and then failed after a restart.
+- **IsWUfBDualScanEnabled**  Indicates whether Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Indicates whether Windows Update for Business is enabled on the device.
+- **MergedUpdate**  Indicates whether the OS update and a BSP update merged for installation.
+- **MsiAction**  The stage of MSI installation where it failed.
+- **MsiProductCode**  The unique identifier of the MSI installer.
+- **PackageFullName**  The package name of the content being installed.
+- **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
+- **ProcessName**  The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
+- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
+- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one
+- **RepeatFailCount**  Indicates whether this specific piece of content has previously failed.
+- **RepeatFailFlag**  Indicates whether this specific piece of content previously failed to install.
+- **RevisionNumber**  The revision number of this specific piece of content.
+- **ServiceGuid**  An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **Setup360Phase**  If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator**  The mobile operator that a device shipped on.
+- **StatusCode**  Indicates the result of an installation event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease**  Major version of the BIOS.
+- **SystemBIOSMinorRelease**  Minor version of the BIOS.
+- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode**  The ID that represents a given MSI installation.
+- **UpdateId**  Unique update ID.
+- **UpdateImportance**  Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedSystemVolume**  Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Revert
+
+Revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId**  Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
+- **BundleRepeatFailCount**  Indicates whether this particular update bundle has previously failed.
+- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
+- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion**  Version number of the software distribution client.
+- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType**  Stage of CBS installation that failed.
+- **DeploymentProviderMode**  The mode of operation of the update deployment provider.
+- **DriverPingBack**  Contains information about the previous driver and system state.
+- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID**  A globally unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **EventType**  Event type (Child, Bundle, Release, or Driver).
+- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber**  Indicates the build number of the flight.
+- **FlightId**  The specific ID of the flight the device is getting.
+- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware**  Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot**  Indicates whether an initial success was a failure after a reboot.
+- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
+- **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount**  Indicates whether this specific piece of content has previously failed.
+- **RevisionNumber**  Identifies the revision number of this specific piece of content.
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId**  The identifier associated with the specific piece of content.
+- **UpdateImportance**  Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume**  Indicates whether the device's main system storage drive or an alternate storage drive was used.
+- **WUDeviceID**  Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.TaskRun
+
+Start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed).
+
+The following fields are available:
+
+- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion**  Version number of the software distribution client.
+- **CmdLineArgs**  Command line arguments passed in by the caller.
+- **EventInstanceID**  A globally unique identifier for the event instance.
+- **EventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **Mode**  Indicates the mode that has started.
+- **ServiceGuid**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID**  Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.Uninstall
+
+Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId**  The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount**  Indicates whether this particular update bundle previously failed.
+- **BundleRevisionNumber**  Identifies the revision number of the content bundle.
+- **CallerApplicationName**  Name of the application making the Windows Update request. Used to identify context of request.
+- **ClientVersion**  Version number of the software distribution client.
+- **CommonProps**  A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DeploymentProviderMode**  The mode of operation of the Update Deployment Provider.
+- **DriverPingBack**  Contains information about the previous driver and system state.
+- **DriverRecoveryIds**  The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID**  A globally unique identifier for event instance.
+- **EventScenario**  Indicates the purpose of the event (a scan started, succeded, failed, etc.).
+- **EventType**  Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber**  Indicates the build number of the flight.
+- **FlightId**  The specific ID of the flight the device is getting.
+- **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId**  If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent**  Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware**  Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot**  Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled**  Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled**  Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate**  Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName**  Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause**  Indicates whether quality OS updates are paused on the device.
+- **RelatedCV**  The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount**  Indicates whether this specific piece of content previously failed.
+- **RevisionNumber**  Identifies the revision number of this specific piece of content.
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId**  For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion**  For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId**  Identifier associated with the specific piece of content.
+- **UpdateImportance**  Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume**  Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID**  Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateDetected
+
+This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates.
+
+The following fields are available:
+
+- **ApplicableUpdateInfo**  Metadata for the updates which were detected as applicable.
+- **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client.
+- **IntentPFNs**  Intended application-set metadata for atomic update scenarios.
+- **NumberOfApplicableUpdates**  The number of updates ultimately deemed applicable to the system after the detection process is complete.
+- **RelatedCV**  The previous Correlation Vector that was used before swapping with a new one.
+- **ServiceGuid**  An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
+- **WUDeviceID**  The unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
+
+Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
+
+The following fields are available:
+
+- **CallerApplicationName**  Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl**  URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario**  Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **ExtendedStatusCode**  Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId**  The integral ID from the FragmentSigning data for the certificate that failed.
+- **ListOfSHA256OfIntermediateCerData**  A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
+- **MetadataIntegrityMode**  Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MetadataSignature**  A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
+- **RawMode**  The raw unparsed mode string from the SLS response. This field is null if not applicable.
+- **RawValidityWindowInDays**  The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
+- **RevisionId**  The revision ID for a specific piece of content.
+- **RevisionNumber**  The revision number for a specific piece of content.
+- **ServiceGuid**  Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
+- **SHA256OfLeafCerData**  A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
+- **SHA256OfLeafCertPublicKey**  A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
+- **SHA256OfTimestampToken**  An encoded string of the timestamp token.
+- **SignatureAlgorithm**  The hash algorithm for the metadata signature.
+- **SLSPrograms**  A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode**  Result code of the event (success, cancellation, failure code HResult)
+- **TimestampTokenCertThumbprint**  The thumbprint of the encoded timestamp token.
+- **TimestampTokenId**  The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
+- **UpdateId**  The update ID for a specific piece of content.
+- **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
+
+
+## System reset events
+
+### Microsoft.Windows.SysReset.FlightUninstallCancel
+
+This event indicates the customer has cancelled uninstallation of Windows.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallError
+
+This event sends an error code when the Windows uninstallation fails.
+
+The following fields are available:
+
+- **ErrorCode**  Error code for uninstallation failure.
+
+
+### Microsoft.Windows.SysReset.FlightUninstallReboot
+
+This event is sent to signal an upcoming reboot during uninstallation of Windows.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallStart
+
+This event indicates that the Windows uninstallation has started.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallUnavailable
+
+This event sends diagnostic data when the Windows uninstallation is not available.
+
+The following fields are available:
+
+- **AddedProfiles**  Indicates that new user profiles have been created since the flight was installed.
+- **MissingExternalStorage**  Indicates that the external storage used to install the flight is not available.
+- **MissingInfra**  Indicates that uninstall resources are missing.
+- **MovedProfiles**  Indicates that the user profile has been moved since the flight was installed.
+
+
+### Microsoft.Windows.SysReset.HasPendingActions
+
+This event is sent when users have actions that will block the uninstall of the latest quality update.
+
+
+
+### Microsoft.Windows.SysReset.IndicateLCUWasUninstalled
+
+This event is sent when the registry indicates that the latest cumulative Windows update package has finished uninstalling.
+
+The following fields are available:
+
+- **errorCode**  The error code if there was a failure during uninstallation of the latest cumulative Windows update package.
+
+
+### Microsoft.Windows.SysReset.LCUUninstall
+
+This event is sent when the latest cumulative Windows update was uninstalled on a device.
+
+The following fields are available:
+
+- **errorCode**  An error that occurred while the Windows update package was being uninstalled.
+- **packageName**  The name of the Windows update package that is being uninstalled.
+- **removalTime**  The amount of time it took to uninstall the Windows update package.
+
+
+### Microsoft.Windows.SysReset.PBRBlockedByPolicy
+
+This event is sent when a push-button reset operation is blocked by the System Administrator.
+
+The following fields are available:
+
+- **PBRBlocked**  Reason the push-button reset operation was blocked.
+- **PBRType**  The type of push-button reset operation that was blocked.
+
+
+### Microsoft.Windows.SysReset.PBREngineInitFailed
+
+This event signals a failed handoff between two recovery binaries.
+
+The following fields are available:
+
+- **Operation**  Legacy customer scenario.
+
+
+### Microsoft.Windows.SysReset.PBREngineInitSucceed
+
+This event signals successful handoff between two recovery binaries.
+
+The following fields are available:
+
+- **Operation**  Legacy customer scenario.
+
+
+### Microsoft.Windows.SysReset.PBRFailedOffline
+
+This event reports the error code when recovery fails.
+
+The following fields are available:
+
+- **HRESULT**  Error code for the failure.
+- **PBRType**  The recovery scenario.
+- **SessionID**  The unique ID for the recovery session.
+
+
+### Microsoft.Windows.SystemReset.EsimPresentCheck
+
+This event is sent when a device is checked to see whether it has an embedded SIM (eSIM).
+
+The following fields are available:
+
+- **errorCode**  Any error that occurred while checking for the presence of an embedded SIM.
+- **esimPresent**  Indicates whether an embedded SIM is present on the device.
+- **sessionID**  The ID of this session.
+
+
+### Microsoft.Windows.SystemReset.PBRCorruptionRepairOption
+
+This event sends corruption repair diagnostic data when the PBRCorruptionRepairOption encounters a corruption error.
+
+The following fields are available:
+
+- **cbsSessionOption**  The corruption repair configuration.
+- **errorCode**  The error code encountered.
+- **meteredConnection**  Indicates whether the device is connected to a metered network (wired or WiFi).
+- **sessionID**  The globally unique identifier (GUID) for the session.
+
+
+### Microsoft.Windows.SystemReset.RepairNeeded
+
+This event provides information about whether a system reset needs repair.
+
+The following fields are available:
+
+- **repairNeeded**  Indicates whether there was corruption in the system reset which needs repair.
+- **sessionID**  The ID of this push-button reset session.
+
+
+## UEFI events
+
+### Microsoft.Windows.UEFI.ESRT
+
+This event sends basic data during boot about the firmware loaded or recently installed on the machine. This helps to keep Windows up to date.
+
+The following fields are available:
+
+- **DriverFirmwareFilename**  The firmware file name reported by the device hardware key.
+- **DriverFirmwarePolicy**  The optional version update policy value.
+- **DriverFirmwareStatus**  The firmware status reported by the device hardware key.
+- **DriverFirmwareVersion**  The firmware version reported by the device hardware key.
+- **FirmwareId**  The UEFI (Unified Extensible Firmware Interface) identifier.
+- **FirmwareLastAttemptStatus**  The reported status of the most recent firmware installation attempt, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareLastAttemptVersion**  The version of the most recent attempted firmware installation, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareType**  The UEFI (Unified Extensible Firmware Interface) type.
+- **FirmwareVersion**  The UEFI (Unified Extensible Firmware Interface) version as reported by the EFI System Resource Table (ESRT).
+- **InitiateUpdate**  Indicates whether the system is ready to initiate an update.
+- **LastAttemptDate**  The date of the most recent attempted firmware installation.
+- **LastAttemptStatus**  The result of the most recent attempted firmware installation.
+- **LastAttemptVersion**  The version of the most recent attempted firmware installation.
+- **LowestSupportedFirmwareVersion**  The oldest (lowest) version of firmware supported.
+- **MaxRetryCount**  The maximum number of retries, defined by the firmware class key.
+- **PartA_PrivTags**  The privacy tags associated with the firmware.
+- **RetryCount**  The number of attempted installations (retries), reported by the driver software key.
+- **Status**  The status returned to the PnP (Plug-and-Play) manager.
+- **UpdateAttempted**  Indicates if installation of the current update has been attempted before.
+
+
+## Update events
+
+### Update360Telemetry.Revert
+
+This event sends data relating to the Revert phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the Revert phase.
+- **FlightId**  Unique ID for the flight (test instance version).
+- **ObjectId**  The unique value for each Update Agent mode.
+- **RebootRequired**  Indicates reboot is required.
+- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **RevertResult**  The result code returned for the Revert operation.
+- **ScenarioId**  The ID of the update scenario.
+- **SessionId**  The ID of the update attempt.
+- **UpdateId**  The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentCommit
+
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current install phase.
+- **FlightId**  Unique ID for each flight.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **Result**  Outcome of the install phase of the update.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentDownloadRequest
+
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile.
+
+The following fields are available:
+
+- **DeletedCorruptFiles**  Boolean indicating whether corrupt payload was deleted.
+- **DownloadRequests**  Number of times a download was retried.
+- **ErrorCode**  The error code returned for the current download request phase.
+- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId**  Unique ID for each flight.
+- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
+- **ObjectId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCategoriesSkipped**  Indicates package categories that were skipped, if applicable.
+- **PackageCountOptional**  Number of optional packages requested.
+- **PackageCountRequired**  Number of required packages requested.
+- **PackageCountTotal**  Total number of packages needed.
+- **PackageCountTotalCanonical**  Total number of canonical packages.
+- **PackageCountTotalDiff**  Total number of diff packages.
+- **PackageCountTotalExpress**  Total number of express packages.
+- **PackageCountTotalPSFX**  The total number of PSFX packages.
+- **PackageExpressType**  Type of express package.
+- **PackageSizeCanonical**  Size of canonical packages in bytes.
+- **PackageSizeDiff**  Size of diff packages in bytes.
+- **PackageSizeExpress**  Size of express packages in bytes.
+- **PackageSizePSFX**  The size of PSFX packages, in bytes.
+- **RangeRequestState**  Indicates the range request type used.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **Result**  Outcome of the download request phase of update.
+- **SandboxTaggedForReserves**  The sandbox for reserves.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentExpand
+
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **CanonicalRequestedOnError**  Indicates if an error caused a reversion to a different type of compressed update (TRUE or FALSE).
+- **ElapsedTickCount**  Time taken for expand phase.
+- **EndFreeSpace**  Free space after expand phase.
+- **EndSandboxSize**  Sandbox size after expand phase.
+- **ErrorCode**  The error code returned for the current install phase.
+- **FlightId**  Unique ID for each flight.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **StartFreeSpace**  Free space before expand phase.
+- **StartSandboxSize**  Sandbox size after expand phase.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentFellBackToCanonical
+
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **FlightId**  Unique ID for each flight.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **PackageCount**  Number of packages that feel back to canonical.
+- **PackageList**  PackageIds which fell back to canonical.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInitialize
+
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current install phase.
+- **FlightId**  Unique ID for each flight.
+- **FlightMetadata**  Contains the FlightId and the build being flighted.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **Result**  Outcome of the install phase of the update.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInstall
+
+This event sends data for the install phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current install phase.
+- **ExtensionName**  Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId**  Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **InternalFailureResult**  Indicates a non-fatal error from a plugin.
+- **ObjectId**  Correlation vector value generated from the latest USO scan.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **Result**  The result for the current install phase.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMerge
+
+The UpdateAgentMerge event sends data on the merge phase when updating Windows.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current merge phase.
+- **FlightId**  Unique ID for each flight.
+- **MergeId**  The unique ID to join two update sessions being merged.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **RelatedCV**  Related correlation vector value.
+- **Result**  Outcome of the merge phase of the update.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation.
+
+The following fields are available:
+
+- **Applicable**  Indicates whether the mitigation is applicable for the current update.
+- **CommandCount**  The number of command operations in the mitigation entry.
+- **CustomCount**  The number of custom operations in the mitigation entry.
+- **FileCount**  The number of file operations in the mitigation entry.
+- **FlightId**  Unique identifier for each flight.
+- **Index**  The mitigation index of this particular mitigation.
+- **MitigationScenario**  The update scenario in which the mitigation was executed.
+- **Name**  The friendly name of the mitigation.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **OperationIndex**  The mitigation operation index (in the event of a failure).
+- **OperationName**  The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount**  The number of registry operations in the mitigation entry.
+- **RelatedCV**  The correlation vector value generated from the latest USO scan.
+- **Result**  The HResult of this operation.
+- **ScenarioId**  The update agent scenario ID.
+- **SessionId**  Unique value for each update attempt.
+- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId**  Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update.
+
+The following fields are available:
+
+- **Applicable**  The count of mitigations that were applicable to the system and scenario.
+- **Failed**  The count of mitigations that failed.
+- **FlightId**  Unique identifier for each flight.
+- **MitigationScenario**  The update scenario in which the mitigations were attempted.
+- **ObjectId**  The unique value for each Update Agent mode.
+- **RelatedCV**  The correlation vector value generated from the latest USO scan.
+- **Result**  The HResult of this operation.
+- **ScenarioId**  The update agent scenario ID.
+- **SessionId**  Unique value for each update attempt.
+- **TimeDiff**  The amount of time spent performing all mitigations (in 100-nanosecond increments).
+- **Total**  Total number of mitigations that were available.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **FlightId**  Unique ID for each flight.
+- **Mode**  Indicates the mode that has started.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+- **Version**  Version of update
+
+
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **Count**  The count of applicable OneSettings for the device.
+- **FlightId**  Unique ID for the flight (test instance version).
+- **ObjectId**  The unique value for each Update Agent mode.
+- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result**  The HResult of the event.
+- **ScenarioId**  The ID of the update scenario.
+- **SessionId**  The ID of the update attempt.
+- **UpdateId**  The ID of the update.
+- **Values**  The values sent back to the device, if applicable.
+
+
+### Update360Telemetry.UpdateAgentPostRebootResult
+
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current post reboot phase.
+- **FlightId**  The specific ID of the Windows Insider build the device is getting.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **PostRebootResult**  Indicates the Hresult.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentReboot
+
+This event sends information indicating that a request has been sent to suspend an update.
+
+The following fields are available:
+
+- **ErrorCode**  The error code returned for the current reboot.
+- **FlightId**  Unique ID for the flight (test instance version).
+- **ObjectId**  The unique value for each Update Agent mode.
+- **RelatedCV**  The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result**  The HResult of the event.
+- **ScenarioId**  The ID of the update scenario.
+- **SessionId**  The ID of the update attempt.
+- **UpdateId**  The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentSetupBoxLaunch
+
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs.
+
+The following fields are available:
+
+- **ContainsExpressPackage**  Indicates whether the download package is express.
+- **FlightId**  Unique ID for each flight.
+- **FreeSpace**  Free space on OS partition.
+- **InstallCount**  Number of install attempts using the same sandbox.
+- **ObjectId**  Unique value for each Update Agent mode.
+- **Quiet**  Indicates whether setup is running in quiet mode.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **SandboxSize**  Size of the sandbox.
+- **ScenarioId**  Indicates the update scenario.
+- **SessionId**  Unique value for each update attempt.
+- **SetupMode**  Mode of setup to be launched.
+- **UpdateId**  Unique ID for each Update.
+- **UserSession**  Indicates whether install was invoked by user actions.
+
+
+## Upgrade events
+
+### FacilitatorTelemetry.DCATDownload
+
+This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **DownloadSize**  Download size of payload.
+- **ElapsedTime**  Time taken to download payload.
+- **MediaFallbackUsed**  Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
+- **ResultCode**  Result returned by the Facilitator DCAT call.
+- **Scenario**  Dynamic update scenario (Image DU, or Setup DU).
+- **Type**  Type of package that was downloaded.
+- **UpdateId**  The ID of the update that was downloaded.
+
+
+### FacilitatorTelemetry.InitializeDU
+
+This event determines whether devices received additional or critical supplemental content during an OS upgrade.
+
+The following fields are available:
+
+- **DownloadRequestAttributes**  The attributes we send to DCAT.
+- **ResultCode**  The result returned from the initiation of Facilitator with the URL/attributes.
+- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
+- **Url**  The Delivery Catalog (DCAT) URL we send the request to.
+- **Version**  Version of Facilitator.
+
+
+### Setup360Telemetry.Downlevel
+
+This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId**  If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the downlevel OS.
+- **HostOsSkuName**  The operating system edition which is running Setup360 instance (downlevel OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  More detailed information about phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
+- **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
+- **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
+- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  An ID that uniquely identifies a group of events.
+- **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
+
+
+### Setup360Telemetry.Finalize
+
+This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
+- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  More detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  ID that uniquely identifies a group of events.
+- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.OsUninstall
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall.
+
+The following fields are available:
+
+- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase or action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  ID that uniquely identifies a group of events.
+- **WuId**  Windows Update client ID.
+
+
+### Setup360Telemetry.PostRebootInstall
+
+This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId**  With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
+- **TestId**  A string to uniquely identify a group of events.
+- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
+
+
+### Setup360Telemetry.PreDownloadQuiet
+
+This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId**  Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous operating system).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **TestId**  ID that uniquely identifies a group of events.
+- **WuId**  This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreDownloadUX
+
+This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **HostOSBuildNumber**  The build number of the previous operating system.
+- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
+- **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
+- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  ID that uniquely identifies a group of events.
+- **WuId**  Windows Update client ID.
+
+
+### Setup360Telemetry.PreInstallQuiet
+
+This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
+- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  A string to uniquely identify a group of events.
+- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreInstallUX
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date.  Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  A string to uniquely identify a group of events.
+- **WuId**  Windows Update client ID.
+
+
+### Setup360Telemetry.Setup360
+
+This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId**  Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FieldName**  Retrieves the data point.
+- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
+- **ReportId**  Retrieves the report ID.
+- **ScenarioId**  Retrieves the deployment scenario.
+- **Value**  Retrieves the value associated with the corresponding FieldName.
+
+
+### Setup360Telemetry.Setup360DynamicUpdate
+
+This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **FlightData**  Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId**  Retrieves a unique identifier for each instance of a setup session.
+- **Operation**  Facilitator's last known operation (scan, download, etc.).
+- **ReportId**  ID for tying together events stream side.
+- **ResultCode**  Result returned for the entire setup operation.
+- **Scenario**  Dynamic Update scenario (Image DU, or Setup DU).
+- **ScenarioId**  Identifies the update scenario.
+- **TargetBranch**  Branch of the target OS.
+- **TargetBuild**  Build of the target OS.
+
+
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation.
+
+The following fields are available:
+
+- **Applicable**  TRUE if the mitigation is applicable for the current update.
+- **ClientId**  In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **CommandCount**  The number of command operations in the mitigation entry.
+- **CustomCount**  The number of custom operations in the mitigation entry.
+- **FileCount**  The number of file operations in the mitigation entry.
+- **FlightData**  The unique identifier for each flight (test release).
+- **Index**  The mitigation index of this particular mitigation.
+- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario**  The update scenario in which the mitigation was executed.
+- **Name**  The friendly (descriptive) name of the mitigation.
+- **OperationIndex**  The mitigation operation index (in the event of a failure).
+- **OperationName**  The friendly (descriptive) name of the mitigation operation (in the event of failure).
+- **RegistryCount**  The number of registry operations in the mitigation entry.
+- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result**  HResult of this operation.
+- **ScenarioId**  Setup360 flow type.
+- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update.
+
+The following fields are available:
+
+- **Applicable**  The count of mitigations that were applicable to the system and scenario.
+- **ClientId**  The Windows Update client ID passed to Setup.
+- **Failed**  The count of mitigations that failed.
+- **FlightData**  The unique identifier for each flight (test release).
+- **InstanceId**  The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario**  The update scenario in which the mitigations were attempted.
+- **ReportId**  In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result**  HResult of this operation.
+- **ScenarioId**  Setup360 flow type.
+- **TimeDiff**  The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **Total**  The total number of mitigations that were available.
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ClientId**  The Windows Update client ID passed to Setup.
+- **Count**  The count of applicable OneSettings for the device.
+- **FlightData**  The ID for the flight (test instance version).
+- **InstanceId**  The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
+- **Parameters**  The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **ReportId**  The Update ID passed to Setup.
+- **Result**  The HResult of the event error.
+- **ScenarioId**  The update scenario ID.
+- **Values**  Values sent back to the device, if applicable.
+
+
+### Setup360Telemetry.UnexpectedEvent
+
+This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId**  With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  Unique value that identifies the flight.
+- **HostOSBuildNumber**  The build number of the previous OS.
+- **HostOsSkuName**  The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId**  A unique GUID that identifies each instance of setuphost.exe
+- **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended**  Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId**  A string to uniquely identify a group of events.
+- **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+## Windows as a Service diagnostic events
+
+### Microsoft.Windows.WaaSMedic.SummaryEvent
+
+Result of the WaaSMedic operation.
+
+The following fields are available:
+
+- **callerApplication**  The name of the calling application.
+- **capsuleCount**  The number of Sediment Pack capsules.
+- **capsuleFailureCount**  The number of capsule failures.
+- **detectionSummary**  Result of each applicable detection that was run.
+- **featureAssessmentImpact**  WaaS Assessment impact for feature updates.
+- **hrEngineBlockReason**  Indicates the reason for stopping WaaSMedic.
+- **hrEngineResult**  Error code from the engine operation.
+- **hrLastSandboxError**  The last error sent by the WaaSMedic sandbox.
+- **initSummary**  Summary data of the initialization method.
+- **isInteractiveMode**  The user started a run of WaaSMedic.
+- **isManaged**  Device is managed for updates.
+- **isWUConnected**  Device is connected to Windows Update.
+- **noMoreActions**  No more applicable diagnostics.
+- **pluginFailureCount**  The number of plugins that have failed.
+- **pluginsCount**  The number of plugins.
+- **qualityAssessmentImpact**  WaaS Assessment impact for quality updates.
+- **remediationSummary**  Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
+- **usingBackupFeatureAssessment**  Relying on backup feature assessment.
+- **usingBackupQualityAssessment**  Relying on backup quality assessment.
+- **usingCachedFeatureAssessment**  WaaS Medic run did not get OS build age from the network on the previous run.
+- **usingCachedQualityAssessment**  WaaS Medic run did not get OS revision age from the network on the previous run.
+- **versionString**  Version of the WaaSMedic engine.
+- **waasMedicRunMode**  Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
+
+
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId**  Uint32 identifying the boot number for this device.
+- **BugCheckCode**  Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1**  Uint64 parameter providing additional information.
+- **BugCheckParameter2**  Uint64 parameter providing additional information.
+- **BugCheckParameter3**  Uint64 parameter providing additional information.
+- **BugCheckParameter4**  Uint64 parameter providing additional information.
+- **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
+- **DumpFileSize**  Size of the dump file
+- **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
+- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
+### Value
+
+This event returns data about Mean Time to Failure (MTTF) for Windows devices. It is the primary means of estimating reliability problems in Basic Diagnostic reporting with very strong privacy guarantees. Since Basic Diagnostic reporting does not include system up-time, and since that information is important to ensuring the safe and stable operation of Windows, the data provided by this event provides that data in a manner which does not threaten a user’s privacy.
+
+The following fields are available:
+
+- **Algorithm**  The algorithm used to preserve privacy.
+- **DPRange**  The upper bound of the range being measured.
+- **DPValue**  The randomized response returned by the client.
+- **Epsilon**  The level of privacy to be applied.
+- **HistType**  The histogram type if the algorithm is a histogram algorithm.
+- **PertProb**  The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
+
+
+## Windows Error Reporting MTT events
+
+### Microsoft.Windows.WER.MTT.Denominator
+
+This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date.
+
+The following fields are available:
+
+- **Value**  Standard UTC emitted DP value structure See [Value](#value).
+
+
+## Windows Hardware Error Architecture events
+
+### WheaProvider.WheaErrorRecord
+
+This event collects data about common platform hardware error recorded by the Windows Hardware Error Architecture (WHEA) mechanism.
+
+The following fields are available:
+
+- **creatorId**  The unique identifier for the entity that created the error record.
+- **CreatorId**  The unique identifier for the entity that created the error record.
+- **errorFlags**  Any flags set on the error record.
+- **ErrorFlags**  Any flags set on the error record.
+- **notifyType**  The unique identifier for the notification mechanism which reported the error to the operating system.
+- **NotifyType**  The unique identifier for the notification mechanism which reported the error to the operating system.
+- **partitionId**  The unique identifier for the partition on which the hardware error occurred.
+- **PartitionId**  The unique identifier for the partition on which the hardware error occurred.
+- **platformId**  The unique identifier for the platform on which the hardware error occurred.
+- **PlatformId**  The unique identifier for the platform on which the hardware error occurred.
+- **record**  A collection of binary data containing the full error record.
+- **Record**  A collection of binary data containing the full error record.
+- **recordId**  The identifier of the error record.
+- **RecordId**  The identifier of the error record.
+- **sectionFlags**  The flags for each section recorded in the error record.
+- **SectionFlags**  The flags for each section recorded in the error record.
+- **SectionSeverity**  The severity of each individual section.
+- **sectionTypes**  The unique identifier that represents the type of sections contained in the error record.
+- **SectionTypes**  The unique identifier that represents the type of sections contained in the error record.
+- **severityCount**  The severity of each individual section.
+- **timeStamp**  The error time stamp as recorded in the error record.
+- **TimeStamp**  The error time stamp as recorded in the error record.
+
+
+## Windows Security Center events
+
+### Microsoft.Windows.Security.WSC.DatastoreMigratedVersion
+
+This event provides information about the datastore migration and whether it was successful.
+
+The following fields are available:
+
+- **datastoreisvtype**  The product category of the datastore.
+- **datastoremigrated**  The version of the datastore that was migrated.
+- **status**  The result code of the migration.
+
+
+### Microsoft.Windows.Security.WSC.GetCallerViaWdsp
+
+This event returns data if the registering product EXE (executable file) does not allow COM (Component Object Model) impersonation.
+
+The following fields are available:
+
+- **callerExe**  The registering product EXE that does not support COM impersonation.
+
+
+## Windows Store events
+
+### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
+
+This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
+- **AttemptNumber**  Number of retry attempts before it was canceled.
+- **BundleId**  The Item Bundle ID.
+- **CategoryId**  The Item Category ID.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  The result code of the last action performed before this operation.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Was this requested by a user?
+- **IsMandatory**  Was this a mandatory update?
+- **IsRemediation**  Was this a remediation install?
+- **IsRestore**  Is this automatically restoring a previously acquired product?
+- **IsUpdate**  Flag indicating if this is an update.
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The product family name of the product being installed.
+- **ProductId**  The identity of the package or packages being installed.
+- **SystemAttemptNumber**  The total number of automatic attempts at installation before it was canceled.
+- **UserAttemptNumber**  The total number of user attempts at installation before it was canceled.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
+
+This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
+
+This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
+
+This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all package or packages to be downloaded and installed.
+- **AttemptNumber**  Total number of installation attempts.
+- **BundleId**  The identity of the Windows Insider build that is associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Was this requested by a user?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this an automatic restore of a previously acquired product?
+- **IsUpdate**  Is this a product update?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The name of all packages to be downloaded and installed.
+- **PreviousHResult**  The previous HResult code.
+- **PreviousInstallState**  Previous installation state before it was canceled.
+- **ProductId**  The name of the package or packages requested for installation.
+- **RelatedCV**  Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber**  Total number of automatic attempts to install before it was canceled.
+- **UserAttemptNumber**  Total number of user attempts to install before it was canceled.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
+
+This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId**  The Store Product ID of the app being installed.
+- **HResult**  HResult code of the action being performed.
+- **IsBundle**  Is this a bundle?
+- **PackageFamilyName**  The name of the package being installed.
+- **ProductId**  The Store Product ID of the product being installed.
+- **SkuId**  Specific edition of the item being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
+
+This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  Includes a set of package full names for each app that is part of an atomic set.
+- **AttemptNumber**  The total number of attempts to acquire this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  HResult code to show the result of the operation (success/failure).
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Did the user initiate the installation?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this happening after a device restore?
+- **IsUpdate**  Is this an update?
+- **PFN**  Product Family Name of the product being installed.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SystemAttemptNumber**  The number of attempts by the system to acquire this product.
+- **UserAttemptNumber**  The number of attempts by the user to acquire this product
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
+
+This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
+- **AttemptNumber**  Number of retry attempts before it was canceled.
+- **BundleId**  The identity of the Windows Insider build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **DownloadSize**  The total size of the download.
+- **ExtendedHResult**  Any extended HResult error codes.
+- **HResult**  The result code of the last action performed.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this initiated by the user?
+- **IsMandatory**  Is this a mandatory installation?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this a restore of a previously acquired product?
+- **IsUpdate**  Is this an update?
+- **ParentBundleId**  The parent bundle ID (if it's part of a bundle).
+- **PFN**  The Product Family Name of the app being download.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SystemAttemptNumber**  The number of attempts by the system to download.
+- **UserAttemptNumber**  The number of attempts by the user to download.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
+
+This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult**  The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
+
+This event is sent after sending the inventory of the products installed to determine whether updates for those products are available.  It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult**  The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
+
+This event is sent after a product has been installed to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
+- **AttemptNumber**  The number of retry attempts before it was canceled.
+- **BundleId**  The identity of the build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **ExtendedHResult**  The extended HResult error code.
+- **HResult**  The result code of the last action performed.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this an interactive installation?
+- **IsMandatory**  Is this a mandatory installation?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this automatically restoring a previously acquired product?
+- **IsUpdate**  Is this an update?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  Product Family Name of the product being installed.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SystemAttemptNumber**  The total number of system attempts.
+- **UserAttemptNumber**  The total number of user attempts.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
+
+This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  The result code of the last action performed.
+- **IsApplicability**  Is this request to only check if there are any applicable packages to install?
+- **IsInteractive**  Is this user requested?
+- **IsOnline**  Is the request doing an online check?
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
+
+This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
+- **AttemptNumber**  The total number of retry attempts before it was canceled.
+- **BundleId**  The identity of the build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  The result code of the last action performed.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this user requested?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this restoring previously acquired content?
+- **IsUpdate**  Is this an update?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The name of the package or packages requested for install.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SystemAttemptNumber**  The total number of system attempts.
+- **UserAttemptNumber**  The total number of user attempts.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
+
+This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The name of all packages to be downloaded and installed.
+- **AttemptNumber**  The total number of retry attempts before it was canceled.
+- **BundleId**  The identity of the build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  The result code of the last action performed.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this user requested?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this restoring previously acquired content?
+- **IsUpdate**  Is this an update?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The name of the package or packages requested for install.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SystemAttemptNumber**  The total number of system attempts.
+- **UserAttemptNumber**  The total number of system attempts.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
+
+This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult**  The result code of the last action performed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
+
+This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId**  The name of the product catalog from which this app was chosen.
+- **FailedRetry**  Indicates whether the installation or update retry was successful.
+- **HResult**  The HResult code of the operation.
+- **PFN**  The Package Family Name of the app that is being installed or updated.
+- **ProductId**  The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
+
+This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId**  The name of the product catalog from which this app was chosen.
+- **FulfillmentPluginId**  The ID of the plugin needed to install the package type of the product.
+- **PFN**  The Package Family Name of the app that is being installed or updated.
+- **PluginTelemetryData**  Diagnostic information specific to the package-type plug-in.
+- **ProductId**  The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
+
+This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **BundleId**  The identity of the build associated with this product.
+- **CatalogId**  If this product is from a private catalog, the Store Product ID for the product being installed.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SkuId**  Specific edition ID being installed.
+- **VolumePath**  The disk path of the installation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
+
+This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
+- **AttemptNumber**  The total number of retry attempts before it was canceled.
+- **BundleId**  The identity of the build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this user requested?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this restoring previously acquired content?
+- **IsUpdate**  Is this an update?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The Product Full Name.
+- **PreviousHResult**  The result code of the last action performed before this operation.
+- **PreviousInstallState**  Previous state before the installation or update was paused.
+- **ProductId**  The Store Product ID for the product being installed.
+- **RelatedCV**  Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber**  The total number of system attempts.
+- **UserAttemptNumber**  The total number of user attempts.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
+
+This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames**  The names of all packages to be downloaded and installed.
+- **AttemptNumber**  The number of retry attempts before it was canceled.
+- **BundleId**  The identity of the build associated with this product.
+- **CategoryId**  The identity of the package or packages being installed.
+- **ClientAppId**  The identity of the app that initiated this operation.
+- **HResult**  The result code of the last action performed before this operation.
+- **IsBundle**  Is this a bundle?
+- **IsInteractive**  Is this user requested?
+- **IsMandatory**  Is this a mandatory update?
+- **IsRemediation**  Is this repairing a previous installation?
+- **IsRestore**  Is this restoring previously acquired content?
+- **IsUpdate**  Is this an update?
+- **IsUserRetry**  Did the user initiate the retry?
+- **ParentBundleId**  The product ID of the parent (if this product is part of a bundle).
+- **PFN**  The name of the package or packages requested for install.
+- **PreviousHResult**  The previous HResult error code.
+- **PreviousInstallState**  Previous state before the installation was paused.
+- **ProductId**  The Store Product ID for the product being installed.
+- **RelatedCV**  Correlation Vector for the original install before it was resumed.
+- **ResumeClientId**  The ID of the app that initiated the resume operation.
+- **SystemAttemptNumber**  The total number of system attempts.
+- **UserAttemptNumber**  The total number of user attempts.
+- **WUContentId**  The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
+
+This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ProductId**  The Store Product ID for the product being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
+
+This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId**  The Store Catalog ID for the product being installed.
+- **ProductId**  The Store Product ID for the product being installed.
+- **SkuId**  Specfic edition of the app being updated.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
+
+Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CatalogId**  The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog.
+- **FulfillmentPluginId**  The ID of the plugin needed to install the package type of the product.
+- **HResult**  The resulting HResult error/success code of this operation.
+- **NewState**  The current fulfillment state of this product.
+- **PFN**  The Package Family Name of the app that is being installed or updated.
+- **PluginLastStage**  The most recent product fulfillment step that the plug-in has reported (different than its state).
+- **PluginTelemetryData**  Diagnostic information specific to the package-type plug-in.
+- **Prevstate**  The previous fulfillment state of this product.
+- **ProductId**  Product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
+
+This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **PFamN**  The name of the app that is requested for update.
+
+
+## Windows Update Delivery Optimization events
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
+
+This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background**  Is the download being done in the background?
+- **bytesFromCacheServer**  Bytes received from a cache host.
+- **bytesFromCDN**  The number of bytes received from a CDN source.
+- **bytesFromGroupPeers**  The number of bytes received from a peer in the same group.
+- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLinkLocalPeers**  The number of bytes received from local peers.
+- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
+- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
+- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp**  The IP Address of the source CDN (Content Delivery Network).
+- **cdnUrl**  The URL of the source CDN (Content Delivery Network).
+- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
+- **errorCode**  The error code that was returned.
+- **experimentId**  When running a test, this is used to correlate events that are part of the same test.
+- **fileID**  The ID of the file being downloaded.
+- **gCurMemoryStreamBytes**  Current usage for memory streaming.
+- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
+- **isVpn**  Is the device connected to a Virtual Private Network?
+- **jobID**  Identifier for the Windows Update job.
+- **predefinedCallerName**  The name of the API Caller.
+- **reasonCode**  Reason the action or event occurred.
+- **routeToCacheServer**  The cache server setting, source, and value.
+- **sessionID**  The ID of the file download session.
+- **updateID**  The ID of the update being downloaded.
+- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
+
+This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background**  Is the download a background download?
+- **bytesFromCacheServer**  Bytes received from a cache host.
+- **bytesFromCDN**  The number of bytes received from a CDN source.
+- **bytesFromGroupPeers**  The number of bytes received from a peer in the same domain group.
+- **bytesFromIntPeers**  The number of bytes received from peers not in the same LAN or in the same domain group.
+- **bytesFromLinkLocalPeers**  The number of bytes received from local peers.
+- **bytesFromLocalCache**  Bytes copied over from local (on disk) cache.
+- **bytesFromPeers**  The number of bytes received from a peer in the same LAN.
+- **bytesRequested**  The total number of bytes requested for download.
+- **cacheServerConnectionCount**  Number of connections made to cache hosts.
+- **cdnConnectionCount**  The total number of connections made to the CDN.
+- **cdnErrorCodes**  A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts**  The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp**  The IP address of the source CDN.
+- **cdnUrl**  Url of the source Content Distribution Network (CDN).
+- **dataSourcesTotal**  Bytes received per source type, accumulated for the whole session.
+- **doErrorCode**  The Delivery Optimization error code that was returned.
+- **downlinkBps**  The maximum measured available download bandwidth (in bytes per second).
+- **downlinkUsageBps**  The download speed (in bytes per second).
+- **downloadMode**  The download mode used for this file download session.
+- **downloadModeReason**  Reason for the download.
+- **downloadModeSrc**  Source of the DownloadMode setting.
+- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt**  The time when the content will expire from the Delivery Optimization Cache.
+- **fileID**  The ID of the file being downloaded.
+- **fileSize**  The size of the file being downloaded.
+- **gCurMemoryStreamBytes**  Current usage for memory streaming.
+- **gMaxMemoryStreamBytes**  Maximum usage for memory streaming.
+- **groupConnectionCount**  The total number of connections made to peers in the same group.
+- **internetConnectionCount**  The total number of connections made to peers not in the same LAN or the same group.
+- **isEncrypted**  TRUE if the file is encrypted and will be decrypted after download.
+- **isVpn**  Is the device connected to a Virtual Private Network?
+- **jobID**  Identifier for the Windows Update job.
+- **lanConnectionCount**  The total number of connections made to peers in the same LAN.
+- **linkLocalConnectionCount**  The number of connections made to peers in the same Link-local network.
+- **numPeers**  The total number of peers used for this download.
+- **numPeersLocal**  The total number of local peers used for this download.
+- **predefinedCallerName**  The name of the API Caller.
+- **restrictedUpload**  Is the upload restricted?
+- **routeToCacheServer**  The cache server setting, source, and value.
+- **sessionID**  The ID of the download session.
+- **totalTimeMs**  Duration of the download (in seconds).
+- **updateID**  The ID of the update being downloaded.
+- **uplinkBps**  The maximum measured available upload bandwidth (in bytes per second).
+- **uplinkUsageBps**  The upload speed (in bytes per second).
+- **usedMemoryStream**  TRUE if the download is using memory streaming for App downloads.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
+
+This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background**  Is the download a background download?
+- **cdnUrl**  The URL of the source CDN (Content Delivery Network).
+- **errorCode**  The error code that was returned.
+- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID**  The ID of the file being paused.
+- **isVpn**  Is the device connected to a Virtual Private Network?
+- **jobID**  Identifier for the Windows Update job.
+- **predefinedCallerName**  The name of the API Caller object.
+- **reasonCode**  The reason for pausing the download.
+- **routeToCacheServer**  The cache server setting, source, and value.
+- **sessionID**  The ID of the download session.
+- **updateID**  The ID of the update being paused.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
+
+This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background**  Indicates whether the download is happening in the background.
+- **bytesRequested**  Number of bytes requested for the download.
+- **cdnUrl**  The URL of the source Content Distribution Network (CDN).
+- **costFlags**  A set of flags representing network cost.
+- **deviceProfile**  Identifies the usage or form factor (such as Desktop, Xbox, or VM).
+- **diceRoll**  Random number used for determining if a client will use peering.
+- **doClientVersion**  The version of the Delivery Optimization client.
+- **doErrorCode**  The Delivery Optimization error code that was returned.
+- **downloadMode**  The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
+- **downloadModeReason**  Reason for the download.
+- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **errorCode**  The error code that was returned.
+- **experimentId**  ID used to correlate client/services calls that are part of the same test during A/B testing.
+- **fileID**  The ID of the file being downloaded.
+- **filePath**  The path to where the downloaded file will be written.
+- **fileSize**  Total file size of the file that was downloaded.
+- **fileSizeCaller**  Value for total file size provided by our caller.
+- **groupID**  ID for the group.
+- **isEncrypted**  Indicates whether the download is encrypted.
+- **isVpn**  Indicates whether the device is connected to a Virtual Private Network.
+- **jobID**  The ID of the Windows Update job.
+- **peerID**  The ID for this delivery optimization client.
+- **predefinedCallerName**  Name of the API caller.
+- **routeToCacheServer**  Cache server setting, source, and value.
+- **sessionID**  The ID for the file download session.
+- **setConfigs**  A JSON representation of the configurations that have been set, and their sources.
+- **updateID**  The ID of the update being downloaded.
+- **usedMemoryStream**  Indicates whether the download used memory streaming.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **cdnHeaders**  The HTTP headers returned by the CDN.
+- **cdnIp**  The IP address of the CDN.
+- **cdnUrl**  The URL of the CDN.
+- **errorCode**  The error code that was returned.
+- **errorCount**  The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID**  The ID of the file being downloaded.
+- **httpStatusCode**  The HTTP status code returned by the CDN.
+- **isHeadRequest**  The type of  HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType**  The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset**  The byte offset within the file in the sent request.
+- **requestSize**  The size of the range requested from the CDN.
+- **responseSize**  The size of the range response received from the CDN.
+- **sessionID**  The ID of the download session.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.JobError
+
+This event represents a Windows Update job error. It allows for investigation of top errors.
+
+The following fields are available:
+
+- **cdnIp**  The IP Address of the source CDN (Content Delivery Network).
+- **doErrorCode**  Error code returned for delivery optimization.
+- **errorCode**  The error code returned.
+- **experimentId**  When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID**  The ID of the file being downloaded.
+- **jobID**  The Windows Update job ID.
+
+
+## Windows Update events
+
+### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
+
+This event indicates that a notification dialog box is about to be displayed to user.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
+- **DaysSinceRebootRequired**  Number of days since restart was required.
+- **DeviceLocalTime**  The local time on the device sending the event.
+- **EngagedModeLimit**  The number of days to switch between DTE dialog boxes.
+- **EnterAutoModeLimit**  The maximum number of days for a device to enter Auto Reboot mode.
+- **ETag**  OneSettings versioning value.
+- **IsForcedEnabled**  Indicates whether Forced Reboot mode is enabled for this device.
+- **IsUltimateForcedEnabled**  Indicates whether Ultimate Forced Reboot mode is enabled for this device.
+- **NotificationUxState**  Indicates which dialog box is shown.
+- **NotificationUxStateString**  Indicates which dialog box is shown.
+- **RebootUxState**  Indicates  the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootUxStateString**  Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootVersion**  Version of DTE.
+- **SkipToAutoModeLimit**  The minimum length of time to pass in restart pending before a device can be put into auto mode.
+- **UpdateId**  The ID of the update that is pending restart to finish installation.
+- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
+- **UtcTime**  The time the dialog box notification will be displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
+
+This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime**  The local time on the device sending the event.
+- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag**  OneSettings versioning value.
+- **ExitCode**  Indicates how users exited the dialog box.
+- **RebootVersion**  Version of DTE.
+- **UpdateId**  The ID of the update that is pending restart to finish installation.
+- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
+- **UserResponseString**  The option that user chose on this dialog box.
+- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
+
+This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime**  The local time of the device sending the event.
+- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag**  OneSettings versioning value.
+- **ExitCode**  Indicates how users exited the dialog box.
+- **RebootVersion**  Version of DTE.
+- **UpdateId**  The ID of the update that is pending restart to finish installation.
+- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
+- **UserResponseString**  The option that the user chose in this dialog box.
+- **UtcTime**  The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
+
+This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime**  Time the dialog box was shown on the local device.
+- **EnterpriseAttributionValue**  Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag**  OneSettings versioning value.
+- **ExitCode**  Indicates how users exited the dialog box.
+- **RebootVersion**  Version of DTE.
+- **UpdateId**  The ID of the update that is pending restart to finish installation.
+- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
+- **UserResponseString**  The option that user chose in this dialog box.
+- **UtcTime**  The time that dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog
+
+This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime**  The time at which the reboot reminder dialog was shown (based on the local device time settings).
+- **EnterpriseAttributionValue**  Indicates whether Enterprise attribution is on for this dialog.
+- **ETag**  The OneSettings versioning value.
+- **ExitCode**  Indicates how users exited the reboot reminder dialog box.
+- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
+- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
+- **UserResponseString**  The option chosen by the user on the reboot dialog box.
+- **UtcTime**  The time at which the reboot reminder dialog was shown (in UTC).
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast
+
+This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime**  The local time on the device sending the event.
+- **ETag**  OneSettings versioning value.
+- **ExitCode**  Indicates how users exited the pop-up banner.
+- **RebootVersion**  The version of the reboot logic.
+- **UpdateId**  The ID of the update that is pending restart to finish installation.
+- **UpdateRevision**  The revision of the update that is pending restart to finish installation.
+- **UserResponseString**  The option that the user chose in pop-up banner.
+- **UtcTime**  The time that the pop-up banner was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.RebootScheduled
+
+Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update.
+
+The following fields are available:
+
+- **activeHoursApplicable**  Indicates whether an Active Hours policy is present on the device.
+- **IsEnhancedEngagedReboot**  Indicates whether this is an Enhanced Engaged reboot.
+- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours**  Indicates whether a restart is scheduled outside of active hours.
+- **rebootScheduledByUser**  Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
+- **rebootState**  The current state of the restart.
+- **rebootUsingSmartScheduler**  Indicates whether the reboot is scheduled by smart scheduler.
+- **revisionNumber**  Revision number of the update that is getting installed with this restart.
+- **scheduledRebootTime**  Time of the scheduled restart.
+- **scheduledRebootTimeInUTC**  Time of the scheduled restart in Coordinated Universal Time.
+- **updateId**  ID of the update that is getting installed with this restart.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
+
+This event indicates a policy is present that may restrict update activity to outside of active hours.
+
+The following fields are available:
+
+- **activeHoursEnd**  The end of the active hours window.
+- **activeHoursStart**  The start of the active hours window.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DeferRestart
+
+This event indicates that a restart required for installing updates was postponed.
+
+The following fields are available:
+
+- **displayNeededReason**  List of reasons for needing display.
+- **eventScenario**  Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **filteredDeferReason**  Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
+- **gameModeReason**  Name of the executable that caused the game mode state check to start.
+- **ignoredReason**  List of reasons that were intentionally ignored.
+- **IgnoreReasonsForRestart**  List of reasons why restart was deferred.
+- **revisionNumber**  Update ID revision number.
+- **systemNeededReason**  List of reasons why system is needed.
+- **updateId**  Update ID.
+- **updateScenarioType**  Update session type.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Detection
+
+This event indicates that a scan for a Windows Update occurred.
+
+The following fields are available:
+
+- **deferReason**  Reason why the device could not check for updates.
+- **detectionBlockingPolicy**  State of update action.
+- **detectionBlockreason**  The reason detection did not complete.
+- **detectionRetryMode**  Indicates whether we will try to scan again.
+- **errorCode**  The error code returned for the current process.
+- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **flightID**  The specific ID of the Windows Insider build the device is getting.
+- **interactive**  Indicates whether the session was user initiated.
+- **networkStatus**  Error info
+- **revisionNumber**  Update revision number.
+- **scanTriggerSource**  Source of the triggered scan.
+- **updateId**  Update ID.
+- **updateScenarioType**  Identifies the type of update session being performed.
+- **wuDeviceid**  The unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DetectionActivity
+
+This event returns data about detected updates, as well as the types of update (optional or recommended). This data helps keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateIdList**  The list of update identifiers.
+- **applicableUpdateList**  The list of available updates.
+- **durationInSeconds**  The amount of time (in seconds) it took for the event to run.
+- **expeditedMode**  Indicates whether Expedited Mode is on.
+- **networkCostPolicy**  The network cost.
+- **scanTriggerSource**  Indicates whether the scan is Interactive or Background.
+- **scenario**  The result code of the event.
+- **scenarioReason**  The reason for the result code (scenario).
+- **seekerUpdateIdList**  The list of “seeker” update identifiers.
+- **seekerUpdateList**  The list of “seeker” updates.
+- **services**  The list of services that were called during update.
+- **wilActivity**  The activity results. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
+
+This event indicates the reboot was postponed due to needing a display.
+
+The following fields are available:
+
+- **displayNeededReason**  Reason the display is needed.
+- **eventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber**  Revision number of the update.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
+### Microsoft.Windows.Update.Orchestrator.Download
+
+This event sends launch data for a Windows Update download to help keep Windows up to date.
+
+The following fields are available:
+
+- **deferReason**  Reason for download not completing.
+- **errorCode**  An error code represented as a hexadecimal value.
+- **eventScenario**  End-to-end update session ID.
+- **flightID**  The specific ID of the Windows Insider build the device is getting.
+- **interactive**  Indicates whether the session is user initiated.
+- **revisionNumber**  Update revision number.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels
+
+This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date.
+
+The following fields are available:
+
+- **configVersion**  The escalation configuration version on the device.
+- **downloadElapsedTime**  Indicates how long since the download is required on device.
+- **downloadRiskLevel**  At-risk level of download phase.
+- **installElapsedTime**  Indicates how long since the install is required on device.
+- **installRiskLevel**  The at-risk level of install phase.
+- **isSediment**  Assessment of whether is device is at risk.
+- **scanElapsedTime**  Indicates how long since the scan is required on device.
+- **scanRiskLevel**  At-risk level of the scan phase.
+- **wuDeviceid**  Device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask
+
+This event indicated that USO failed to add a trigger time to a task.
+
+The following fields are available:
+
+- **errorCode**  The Windows Update error code.
+- **wuDeviceid**  The Windows Update device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
+
+This event indicates that the update is no longer applicable to this device.
+
+The following fields are available:
+
+- **EventPublishedTime**  Time when this event was generated.
+- **flightID**  The specific ID of the Windows Insider build.
+- **inapplicableReason**  The reason why the update is inapplicable.
+- **revisionNumber**  Update revision number.
+- **updateId**  Unique Windows Update ID.
+- **updateScenarioType**  Update session type.
+- **UpdateStatus**  Last status of update.
+- **UUPFallBackConfigured**  Indicates whether UUP fallback is configured.
+- **wuDeviceid**  Unique Device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
+
+This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date.
+
+The following fields are available:
+
+- **EventPublishedTime**  Time of the event.
+- **flightID**  Unique update ID
+- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **rebootOutsideOfActiveHours**  Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber**  Revision number of the update.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Install
+
+This event sends launch data for a Windows Update install to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel**  Current battery capacity in mWh or percentage left.
+- **deferReason**  Reason for install not completing.
+- **errorCode**  The error code reppresented by a hexadecimal value.
+- **eventScenario**  End-to-end update session ID.
+- **flightID**  The ID of the Windows Insider build the device is getting.
+- **flightUpdate**  Indicates whether the update is a Windows Insider build.
+- **ForcedRebootReminderSet**  A boolean value that indicates if a forced reboot will happen for updates.
+- **IgnoreReasonsForRestart**  The reason(s) a Postpone Restart command was ignored.
+- **installCommitfailedtime**  The time it took for a reboot to happen but the upgrade failed to progress.
+- **installRebootinitiatetime**  The time it took for a reboot to be attempted.
+- **interactive**  Identifies if session is user initiated.
+- **minutesToCommit**  The time it took to install updates.
+- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber**  Update revision number.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.LowUptimes
+
+This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
+
+The following fields are available:
+
+- **availableHistoryMinutes**  The number of minutes available from the local machine activity history.
+- **isLowUptimeMachine**  Is the machine considered low uptime or not.
+- **lowUptimeMinHours**  Current setting for the minimum number of hours needed to not be considered low uptime.
+- **lowUptimeQueryDays**  Current setting for the number of recent days to check for uptime.
+- **uptimeMinutes**  Number of minutes of uptime measured.
+- **wuDeviceid**  Unique device ID for Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate**  The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate**  The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate**  The last time a scan completed successfully.
+- **wuDeviceid**  The Windows Update Device GUID (Globally-Unique ID).
+
+
+### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
+
+This event is generated before the shutdown and commit operations.
+
+The following fields are available:
+
+- **wuDeviceid**  The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### Microsoft.Windows.Update.Orchestrator.RebootFailed
+
+This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel**  Current battery capacity in mWh or percentage left.
+- **deferReason**  Reason for install not completing.
+- **EventPublishedTime**  The time that the reboot failure occurred.
+- **flightID**  Unique update ID.
+- **rebootOutsideOfActiveHours**  Indicates whether a reboot was scheduled outside of active hours.
+- **RebootResults**  Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
+- **revisionNumber**  Update revision number.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode**  Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime**  Timestamp of the last attempt to acquire settings.
+- **settingsETag**  Version identifier for the settings.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
+
+This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
+
+The following fields are available:
+
+- **RebootTaskMissedTimeUTC**  The time when the reboot task was scheduled to run, but did not.
+- **RebootTaskNextTimeUTC**  The time when the reboot task was rescheduled for.
+- **RebootTaskRestoredTime**  Time at which this reboot task was restored.
+- **wuDeviceid**  Device ID for the device on which the reboot is restored.
+
+
+### Microsoft.Windows.Update.Orchestrator.ScanTriggered
+
+This event indicates that Update Orchestrator has started a scan operation.
+
+The following fields are available:
+
+- **interactive**  Indicates whether the scan is interactive.
+- **isDTUEnabled**  Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system.
+- **isScanPastSla**  Indicates whether the SLA has elapsed for scanning.
+- **isScanPastTriggerSla**  Indicates whether the SLA has elapsed for triggering a scan.
+- **minutesOverScanSla**  Indicates how many minutes the scan exceeded the scan SLA.
+- **minutesOverScanTriggerSla**  Indicates how many minutes the scan exceeded the scan trigger SLA.
+- **scanTriggerSource**  Indicates what caused the scan.
+- **updateScenarioType**  The update session type.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.StickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId**  Identifier associated with the specific piece of content.
+- **wuDeviceid**  Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Orchestrator.SystemNeeded
+
+This event sends data about why a device is unable to reboot, to help keep Windows up to date.
+
+The following fields are available:
+
+- **eventScenario**  End-to-end update session ID.
+- **rebootOutsideOfActiveHours**  Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber**  Update revision number.
+- **systemNeededReason**  List of apps or tasks that are preventing the system from restarting.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorInvalidSignature
+
+This event is sent when an updater has attempted to register a binary that is not signed by Microsoft.
+
+The following fields are available:
+
+- **updaterCmdLine**  The callback executable for the updater.
+- **updaterId**  The ID of the updater.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UnstickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId**  Identifier associated with the specific piece of content.
+- **wuDeviceid**  Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
+
+This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **configuredPoliciescount**  Number of policies on the device.
+- **policiesNamevaluesource**  Policy name and source of policy (group policy, MDM or flight).
+- **policyCacherefreshtime**  Time when policy cache was refreshed.
+- **updateInstalluxsetting**  Indicates whether a user has set policies via a user experience option.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdaterCallbackFailed
+
+This event is sent when an updater failed to execute the registered callback.
+
+The following fields are available:
+
+- **updaterArgument**  The argument to pass to the updater callback.
+- **updaterCmdLine**  The callback executable for the updater.
+- **updaterId**  The ID of the updater.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
+
+This event sends data about whether an update required a reboot to help keep Windows up to date.
+
+The following fields are available:
+
+- **flightID**  The specific ID of the Windows Insider build the device is getting.
+- **interactive**  Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **revisionNumber**  Update revision number.
+- **updateId**  Update ID.
+- **updateScenarioType**  The update session type.
+- **uxRebootstate**  Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdaterMalformedData
+
+This event is sent when a registered updater has missing or corrupted information, to help keep Windows up to date.
+
+The following fields are available:
+
+- **malformedRegValue**  The registry value that contains the malformed or missing entry.
+- **updaterId**  The ID of the updater.
+- **wuDeviceid**  Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode**  The error code encountered.
+- **wuDeviceid**  The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.UsoSession
+
+This event represents the state of the USO service at start and completion.
+
+The following fields are available:
+
+- **activeSessionid**  A unique session GUID.
+- **eventScenario**  The state of the update action.
+- **interactive**  Is the USO session interactive?
+- **lastErrorcode**  The last error that was encountered.
+- **lastErrorstate**  The state of the update when the last error was encountered.
+- **sessionType**  A GUID that refers to the update session type.
+- **updateScenarioType**  A descriptive update session type.
+- **wuDeviceid**  The Windows Update device GUID.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit**  The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit**  The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime**  The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit**  The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit**  The maximum number of days a device can enter Auto Reboot mode.
+- **ETag**  The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled**  Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled**  Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime**  The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState**  Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion**  The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit**  The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId**  The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision**  The revision of the update that is waiting for reboot to finish installation.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
+
+This event is sent when a security update has successfully completed.
+
+The following fields are available:
+
+- **UtcTime**  The Coordinated Universal Time that the restart was no longer needed.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
+
+This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **activeHoursApplicable**  Indicates whether Active Hours applies on this device.
+- **IsEnhancedEngagedReboot**  Indicates whether Enhanced reboot was enabled.
+- **rebootArgument**  Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours**  True, if a reboot is scheduled outside of active hours. False, otherwise.
+- **rebootScheduledByUser**  True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
+- **rebootState**  Current state of the reboot.
+- **rebootUsingSmartScheduler**  Indicates that the reboot is scheduled by SmartScheduler.
+- **revisionNumber**  Revision number of the OS.
+- **scheduledRebootTime**  Time scheduled for the reboot.
+- **scheduledRebootTimeInUTC**  Time scheduled for the reboot, in UTC.
+- **updateId**  Identifies which update is being scheduled.
+- **wuDeviceid**  The unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
+
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up-to-date
+
+The following fields are available:
+
+- **activeHoursApplicable**  Is the restart respecting Active Hours?
+- **IsEnhancedEngagedReboot**  TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
+- **rebootArgument**  The arguments that are passed to the OS for the restarted.
+- **rebootOutsideOfActiveHours**  Was the restart scheduled outside of Active Hours?
+- **rebootScheduledByUser**  Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
+- **rebootState**  The state of the restart.
+- **rebootUsingSmartScheduler**  TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE.
+- **revisionNumber**  The revision number of the OS being updated.
+- **scheduledRebootTime**  Time of the scheduled reboot
+- **scheduledRebootTimeInUTC**  Time of the scheduled restart, in Coordinated Universal Time.
+- **updateId**  The Windows Update device GUID.
+- **wuDeviceid**  The Windows Update device GUID.
+
+
+### wilActivity
+
+This event provides a Windows Internal Library context used for Product and Service diagnostics.
+
+The following fields are available:
+
+- **callContext**  The function where the failure occurred.
+- **currentContextId**  The ID of the current call context where the failure occurred.
+- **currentContextMessage**  The message of the current call context where the failure occurred.
+- **currentContextName**  The name of the current call context where the failure occurred.
+- **failureCount**  The number of failures for this failure ID.
+- **failureId**  The ID of the failure that occurred.
+- **failureType**  The type of the failure that occurred.
+- **fileName**  The file name where the failure occurred.
+- **function**  The function where the failure occurred.
+- **hresult**  The HResult of the overall activity.
+- **lineNumber**  The line number where the failure occurred.
+- **message**  The message of the failure that occurred.
+- **module**  The module where the failure occurred.
+- **originatingContextId**  The ID of the originating call context that resulted in the failure.
+- **originatingContextMessage**  The message of the originating call context that resulted in the failure.
+- **originatingContextName**  The name of the originating call context that resulted in the failure.
+- **threadId**  The ID of the thread on which the activity is executing.
+
+
+## Windows Update mitigation events
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General
+
+This event provides information about application properties to indicate the successful execution.
+
+The following fields are available:
+
+- **AppMode**  Indicates the mode the app is being currently run around privileges.
+- **ExitCode**  Indicates the exit code of the app.
+- **Help**  Indicates if the app needs to be launched in the help mode.
+- **ParseError**  Indicates if there was a parse error during the execution.
+- **RightsAcquired**  Indicates if the right privileges were acquired for successful execution.
+- **RightsWereEnabled**  Indicates if the right privileges were enabled for successful execution.
+- **TestMode**  Indicates whether the app is being run in test mode.
+
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount
+
+This event provides information about the properties of user accounts in the Administrator group.
+
+The following fields are available:
+
+- **Internal**  Indicates the internal property associated with the count group.
+- **LastError**  The error code (if applicable) for the cause of the failure to get the count of the user account.
+- **Result**  The HResult error.
+
+
+### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
+
+This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates.
+
+The following fields are available:
+
+- **ClientId**  The client ID used by Windows Update.
+- **FlightId**  The ID of each Windows Insider build the device received.
+- **InstanceId**  A unique device ID that identifies each update instance.
+- **MitigationScenario**  The update scenario in which the mitigation was executed.
+- **MountedImageCount**  The number of mounted images.
+- **MountedImageMatches**  The number of mounted image matches.
+- **MountedImagesFailed**  The number of mounted images that could not be removed.
+- **MountedImagesRemoved**  The number of mounted images that were successfully removed.
+- **MountedImagesSkipped**  The number of mounted images that were not found.
+- **RelatedCV**  The correlation vector value generated from the latest USO scan.
+- **Result**  HResult of this operation.
+- **ScenarioId**  ID indicating the mitigation scenario.
+- **ScenarioSupported**  Indicates whether the scenario was supported.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each Windows Update.
+- **WuId**  Unique ID for the Windows Update client.
+
+
+### Mitigation360Telemetry.MitigationCustom.FixupEditionId
+
+This event sends data specific to the FixupEditionId mitigation used for OS updates.
+
+The following fields are available:
+
+- **ClientId**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **EditionIdUpdated**  Determine whether EditionId was changed.
+- **FlightId**  Unique identifier for each flight.
+- **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario**  The update scenario in which the mitigation was executed.
+- **ProductEditionId**  Expected EditionId value based on GetProductInfo.
+- **ProductType**  Value returned by GetProductInfo.
+- **RegistryEditionId**  EditionId value in the registry.
+- **RelatedCV**  Correlation vector value generated from the latest USO scan.
+- **Result**  HResult of this operation.
+- **ScenarioId**  ID indicating the mitigation scenario.
+- **ScenarioSupported**  Indicates whether the scenario was supported.
+- **SessionId**  Unique value for each update attempt.
+- **UpdateId**  Unique ID for each update.
+- **WuId**  Unique ID for the Windows Update client.
+
+
+## Windows Update Reserve Manager events
+
+### Microsoft.Windows.UpdateReserveManager.BeginScenario
+
+This event is sent when the Update Reserve Manager is called to begin a scenario.
+
+The following fields are available:
+
+- **Flags**  The flags that are passed to the begin scenario function.
+- **HardReserveSize**  The size of the hard reserve.
+- **HardReserveUsedSpace**  The used space in the hard reserve.
+- **OwningScenarioId**  The scenario ID the client that called the begin scenario function.
+- **ReturnCode**  The return code for the begin scenario operation.
+- **ScenarioId**  The scenario ID that is internal to the reserve manager.
+- **SoftReserveSize**  The size of the soft reserve.
+- **SoftReserveUsedSpace**  The amount of soft reserve space that was used.
+
+
+### Microsoft.Windows.UpdateReserveManager.ClearReserve
+
+This event is sent when the Update Reserve Manager clears one of the reserves.
+
+The following fields are available:
+
+- **FinalReserveUsedSpace**  The amount of used space for the reserve after it was cleared.
+- **InitialReserveUsedSpace**  The amount of used space for the reserve before it was cleared.
+- **ReserveId**  The ID of the reserve that needs to be cleared.
+
+
+### Microsoft.Windows.UpdateReserveManager.ClearSoftReserve
+
+This event is sent when the Update Reserve Manager clears the contents of the soft reserve.
+
+
+
+### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
+
+The following fields are available:
+
+- **FinalAdjustment**  Final adjustment for the hard reserve following the addition or removal of optional content.
+- **InitialAdjustment**  Initial intended adjustment for the hard reserve following the addition or removal of optional content.
+
+
+### Microsoft.Windows.UpdateReserveManager.EndScenario
+
+This event is sent when the Update Reserve Manager ends an active scenario.
+
+The following fields are available:
+
+- **ActiveScenario**  The current active scenario.
+- **Flags**  The flags passed to the end scenario call.
+- **HardReserveSize**  The size of the hard reserve when the end scenario is called.
+- **HardReserveUsedSpace**  The used space in the hard reserve when the end scenario is called.
+- **ReturnCode**  The return code of this operation.
+- **ScenarioId**  The ID of the internal reserve manager scenario.
+- **SoftReserveSize**  The size of the soft reserve when end scenario is called.
+- **SoftReserveUsedSpace**  The amount of the soft reserve used when end scenario is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
+
+This event is sent when the Update Reserve Manager returns an error from one of its internal functions.
+
+The following fields are available:
+
+- **FailedExpression**  The failed expression that was returned.
+- **FailedFile**  The binary file that contained the failed function.
+- **FailedFunction**  The name of the function that originated the failure.
+- **FailedLine**  The line number of the failure.
+- **ReturnCode**  The return code of the function.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeReserves
+
+This event is sent when reserves are initialized on the device.
+
+The following fields are available:
+
+- **FallbackInitUsed**  Indicates whether fallback initialization is used.
+- **FinalUserFreeSpace**  The amount of user free space after initialization.
+- **Flags**  The flags used in the initialization of Update Reserve Manager.
+- **HardReserveFinalSize**  The final size of the hard reserve.
+- **HardReserveFinalUsedSpace**  The used space in the hard reserve.
+- **HardReserveInitialSize**  The size of the hard reserve after initialization.
+- **HardReserveInitialUsedSpace**  The utilization of the hard reserve after initialization.
+- **HardReserveTargetSize**  The target size that was set for the hard reserve.
+- **InitialUserFreeSpace**  The user free space during initialization.
+- **PostUpgradeFreeSpace**  The free space value passed into the Update Reserve Manager to determine reserve sizing post upgrade.
+- **SoftReserveFinalSize**  The final size of the soft reserve.
+- **SoftReserveFinalUsedSpace**  The used space in the soft reserve.
+- **SoftReserveInitialSize**  The soft reserve size after initialization.
+- **SoftReserveInitialUsedSpace**  The utilization of the soft reserve after initialization.
+- **SoftReserveTargetSize**  The target size that was set for the soft reserve.
+- **TargetUserFreeSpace**  The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
+- **UpdateScratchFinalUsedSpace**  The used space in the scratch reserve.
+- **UpdateScratchInitialUsedSpace**  The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveFinalSize**  The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveInitialSize**  The size of the scratch reserve after initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+The following fields are available:
+
+- **ClientId**  The ID of the caller application.
+- **Flags**  The enumerated flags used to initialize the manager.
+- **FlightId**  The flight ID of the content the calling client is currently operating with.
+- **Offline**  Indicates whether or the reserve manager is called during offline operations.
+- **PolicyPassed**  Indicates whether the machine is able to use reserves.
+- **ReturnCode**  Return code of the operation.
+- **Version**  The version of the Update Reserve Manager.
+
+
+### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
+
+This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
+
+The following fields are available:
+
+- **Flags**  The flags that are passed to the function to prepare the Trusted Installer for reserve initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.ReevaluatePolicy
+
+This event is sent when the Update Reserve Manager reevaluates policy to determine reserve usage.
+
+The following fields are available:
+
+- **PolicyChanged**  Indicates whether the policy has changed.
+- **PolicyFailedEnum**  The reason why the policy failed.
+- **PolicyPassed**  Indicates whether the policy passed.
+
+
+### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
+
+
+
+### Microsoft.Windows.UpdateReserveManager.TurnOffReserves
+
+This event is sent when the Update Reserve Manager turns off reserve functionality for certain operations.
+
+The following fields are available:
+
+- **Flags**  Flags used in the turn off reserves function.
+- **HardReserveSize**  The size of the hard reserve when Turn Off is called.
+- **HardReserveUsedSpace**  The amount of space used by the hard reserve when Turn Off is called
+- **ScratchReserveSize**  The size of the scratch reserve when Turn Off is called.
+- **ScratchReserveUsedSpace**  The amount of space used by the scratch reserve when Turn Off is called.
+- **SoftReserveSize**  The size of the soft reserve when Turn Off is called.
+- **SoftReserveUsedSpace**  The amount of the soft reserve used when Turn Off is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
+
+The following fields are available:
+
+- **ChangeSize**  The change in the hard reserve size based on the addition or removal of optional content.
+- **Disposition**  The parameter for the hard reserve adjustment function.
+- **Flags**  The flags passed to the hard reserve adjustment function.
+- **PendingHardReserveAdjustment**  The final change to the hard reserve size.
+- **UpdateType**  Indicates whether the change is an increase or decrease in the size of the hard reserve.
+
+
+## Winlogon events
+
+### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
+
+This event signals the completion of the setup process. It happens only once during the first logon.
+
+
+
+## XBOX events
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+The following fields are available:
+
+- **ActivationUri**  Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
+- **AppId**  The Xbox LIVE Title ID.
+- **AppUserModelId**  The AUMID (Application User Model ID) of the app to activate.
+- **Result**  The HResult error.
+- **UserId**  The Xbox LIVE User ID (XUID).
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+The following fields are available:
+
+- **AppActionId**  The ID of the application action.
+- **AppCurrentVisibilityState**  The ID of the current application visibility state.
+- **AppId**  The Xbox LIVE Title ID of the app.
+- **AppPackageFullName**  The full name of the application package.
+- **AppPreviousVisibilityState**  The ID of the previous application visibility state.
+- **AppSessionId**  The application session ID.
+- **AppType**  The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
+- **BCACode**  The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
+- **DurationMs**  The amount of time (in milliseconds) since the last application state transition.
+- **IsTrialLicense**  This boolean value is TRUE if the application is on a trial license.
+- **LicenseType**  The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
+- **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
+- **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
+- **UserId**  The XUID (Xbox User ID) of the current user.
+
+
+
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 3d87b25a9b..12a92da773 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -8,12 +8,12 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 04/04/2018
+ms.date: 04/29/2019
 ---
 
 # Configure Windows diagnostic data in your organization
@@ -24,6 +24,14 @@ ms.date: 04/04/2018
 -   Windows 10 Mobile
 -   Windows Server
 
+This article applies to Windows and Windows Server diagnostic data only. It describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
+
+Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. Microsoft uses diagnostic data to keep Windows secure and up to date, troubleshoot problems, and make product improvements.
+
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+
+## Overview of Windows diagnostic data
+
 At Microsoft, we use Windows diagnostic data to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data gives users a voice in the operating system’s development. This guide describes the importance of Windows diagnostic data and how we protect that data. Additionally, it differentiates between diagnostic data and functional data. It also describes the diagnostic data levels that Windows supports. Of course, you can choose how much diagnostic data is shared with Microsoft, and this guide demonstrates how.
 
 To frame a discussion about diagnostic data, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways:
@@ -35,15 +43,7 @@ To frame a discussion about diagnostic data, it is important to understand Micro
 -	**No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system.  Customer content inadvertently collected is kept confidential and not used for user targeting.
 -	**Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
 
-This article applies to Windows and Windows Server diagnostic data only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, diagnostic data controls, and so on. This article describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
-
-Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. The diagnostic data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
-
-We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
-
-## Overview
-
-In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM.
+In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM.
 
 For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
 
@@ -83,9 +83,9 @@ The following are specific examples of functional data:
 
 ### Diagnostic data gives users a voice
 
-Windows and Windows Server diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
+Windows and Windows Server diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
 
-### Drive higher app and driver quality
+### Improve app and driver quality
 
 Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
 
@@ -102,10 +102,9 @@ Windows diagnostic data also helps Microsoft better understand how customers use
 
 **These examples show how the use of diagnostic data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
 
-
 ### Insights into your own organization
 
-Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use.  The first of these, called [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
+Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
 
 #### Upgrade Readiness
 
@@ -127,11 +126,23 @@ Use Upgrade Readiness to get:
 
 The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
 
-## How is diagnostic data handled by Microsoft?
+## How Microsoft handles diagnostic data
+
+The diagnostic data is categorized into four levels:
+
+-   [**Security**](#security-level). Information that’s required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
+
+-   [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
+
+-   [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
+
+-   [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels.
+
+Diagnostic data levels are cumulative, meaning each subsequent level includes data collected through lower levels. For more information see the [Diagnostic data levels](#diagnostic-data-levels) section.
 
 ### Data collection
 
-Windows 10 and Windows Server 2016 includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
+Windows 10 and Windows Server includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
 
 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
 2. Events are gathered using public operating system event logging and tracing APIs.
@@ -146,7 +157,6 @@ All diagnostic data is encrypted using SSL and uses certificate pinning during t
 
 The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day,  but occasionally up to 2 MB per device per day).
 
-
 ### Endpoints
 
 The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
@@ -155,18 +165,15 @@ The following table defines the endpoints for Connected User Experiences and Tel
 
 Windows release | Endpoint
 --- | ---
-Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed| Diagnostics data: v10c.vortex-win.data.microsoft.com

                          Functional: v20.vortex-win.data.microsoft.com
                          Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          settings-win.data.microsoft.com
-Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | Diagnostics data: v10.events.data.microsoft.com

                          Functional: v20.vortex-win.data.microsoft.com
                          Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          settings-win.data.microsoft.com
-Windows 10, version 1709 or earlier | Diagnostics data: v10.vortex-win.data.microsoft.com

                          Functional: v20.vortex-win.data.microsoft.com
                          Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          settings-win.data.microsoft.com
-Windows 7 and Windows 8.1 | vortex-win.data.microsoft.com
+Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed| **Diagnostics data** - v10c.vortex-win.data.microsoft.com

                          **Functional** - v20.vortex-win.data.microsoft.com
                          **Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          **Settings** - win.data.microsoft.com
+Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data** - v10.events.data.microsoft.com

                          **Functional** - v20.vortex-win.data.microsoft.com
                          **Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          **Settings** - win.data.microsoft.com
+Windows 10, version 1709 or earlier | **Diagnostics data** - v10.vortex-win.data.microsoft.com

                          **Functional** - v20.vortex-win.data.microsoft.com
                          **Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
                          **Settings** - win.data.microsoft.com
 
 The following table defines the endpoints for other diagnostic data services:
 
 | Service | Endpoint |
 | - | - |
 | [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | 
-| | umwatsonc.events.data.microsoft.com |
-| | kmwatsonc.events.data.microsoft.com |
 | | ceuswatcab01.blob.core.windows.net |
 | | ceuswatcab02.blob.core.windows.net |
 | | eaus2watcab01.blob.core.windows.net |
@@ -174,7 +181,8 @@ The following table defines the endpoints for other diagnostic data services:
 | | weus2watcab01.blob.core.windows.net |
 | | weus2watcab02.blob.core.windows.net |
 | [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
-| OneDrive app for Windows 10 | vortex.data.microsoft.com |
+| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
+| Microsoft Defender Advanced Threat Protection |  https://wdcp.microsoft.com
                          https://wdcpalt.microsoft.com |
 
 ### Data use and access
 
@@ -184,26 +192,92 @@ The principle of least privileged access guides access to diagnostic data. Micro
 
 Microsoft believes in and practices information minimization. We strive to gather only the info we need and to store it only for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Microsoft Store purchase history.
 
+## Manage enterprise diagnostic data level
+
+### Enterprise management
+
+Sharing diagnostic data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
+
+Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
+
+IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level.  If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users’ choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this article describes how to use group policy to configure levels and settings interface.
+
+
+#### Manage your diagnostic data settings
+
+Use the steps in this article to set and/or adjust the diagnostic data settings for Windows and Windows Server in your organization.
+
+> [!IMPORTANT]
+> These diagnostic data levels only apply to Windows and Windows Server components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of privacy controls for Office 365 ProPlus](/deployoffice/privacy/overview-privacy-controls).
+
+The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server is **Enhanced**.
+
+### Configure the diagnostic data level
+
+You can configure your device's diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
+
+Use the appropriate value in the table below when you configure the management policy.
+
+| Level | Value |
+| - | - |
+| Security | **0** |
+| Basic | **1** |
+| Enhanced | **2** |
+| Full | **3** |
+
+   > [!NOTE]
+   > When both the Computer Configuration policy and User Configuration policy are set, the more restrictive policy is used.
+
+### Use Group Policy to set the diagnostic data level
+
+Use a Group Policy object to set your organization’s diagnostic data level.
+
+1.  From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
+
+2.  Double-click **Allow Telemetry**.
+
+3.  In the **Options** box, select the level that you want to configure, and then click **OK**.
+
+### Use MDM to set the diagnostic data level
+
+Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
+
+### Use Registry Editor to set the diagnostic data level
+
+Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
+
+1.  Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
+
+2.  Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
+
+3.  Type **AllowTelemetry**, and then press ENTER.
+
+4.  Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
+
+5.  Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
+
+### Additional diagnostic data controls
+
+There are a few more settings that you can turn off that may send diagnostic data information:
+
+-   To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](https://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
+
+-   Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**.
+
+-   Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
+
+-   Turn off **Improve inking and typing** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
+
+    > [!NOTE]
+    > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
+
 ## Diagnostic data levels
-This section explains the different diagnostic data levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
 
-The diagnostic data is categorized into four levels:
-
--   **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
-
--   **Basic**. Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
-
--   **Enhanced**. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
-
--   **Full**. All data necessary to identify and help to fix problems, plus data from the **Security**, **Basic**, and **Enhanced** levels.
-
-The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016.
-
-![breakdown of diagnostic data levels and types of administrative controls](images/priv-telemetry-levels.png)
+These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server.
 
 ### Security level
 
-The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
+The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
 
 > [!NOTE]
 > If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
@@ -234,11 +308,13 @@ No user content, such as user files or communications, is gathered at the **Secu
 
 The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experiences and Telemetry component does not gather diagnostic data about System Center, but it can transmit diagnostic data for other non-Windows applications if they have user consent.
 
+This is the default level for Windows 10 Education editions, as well as all desktop editions starting with Windows 10, version 1903.
+
 The normal upload range for the Basic diagnostic data level is between 109 KB - 159 KB per day, per device.
 
 The data gathered at this level includes:
 
--   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include:
+-   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include:
 
     -   Device attributes, such as camera resolution and display type
 
@@ -279,7 +355,7 @@ The data gathered at this level includes:
 
 The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experience with the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
 
-This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
+This level is needed to quickly identify and address Windows and Windows Server quality issues.
 
 The normal upload range for the Enhanced diagnostic data level is between 239 KB - 348 KB per day, per device.
 
@@ -295,16 +371,39 @@ The data gathered at this level includes:
 
 If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue.
 
-#### Limit Enhanced diagnostic data to the minimum required by Windows Analytics
+### Full level
+
+The Full level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the Basic, Enhanced, and Security levels.
+
+Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level.
+
+If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem.
+
+However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
+
+-   Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
+
+-   Ability to get registry keys.
+
+-   All crash dump types, including heap dumps and full dumps.
+
+> [!NOTE]
+> Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc.
+
+## Limit Enhanced diagnostic data to the minimum required by Windows Analytics
+
 Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**.
 
-In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
+In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
 
 - **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
 
-- **Some crash dump types.** All crash dump types, except for heap and full dumps.
+- **Some crash dump types.** Triage dumps for user mode and mini dumps for kernel mode.
 
-**To turn on this behavior for devices**
+>[!NOTE]
+> Triage dumps are a type of [minidumps](https://docs.microsoft.com/windows/desktop/debug/minidump-files) that go through a process of user-sensitive information scrubbing. Some user-sensitive information may be missed in the process, and will therefore be sent with the dump.
+
+### Enable limiting enhanced diagnostic data to the minimum required by Windows Analytics
 
 1.	Set the diagnostic data level to **Enhanced**, using either Group Policy or MDM.
 
@@ -324,109 +423,6 @@ In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data t
 
     b. Using MDM, use the Policy CSP to set the **System/LimitEnhancedDiagnosticDataWindowsAnalytics** value to **1**.
 
-### Full level
-
-The **Full** level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the **Basic**, **Enhanced**, and **Security** levels. This is the default level for Windows 10 Pro.
-
-Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level.
-
-If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem.
-
-However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
-
--   Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
-
--   Ability to get registry keys.
-
--   All crash dump types, including heap dumps and full dumps.
-
-## Enterprise management
-
-Sharing diagnostic data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
-
-Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
-
-IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level.  If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users’ choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this section describes how to use group policy to configure levels and settings interface.
-
-
-### Manage your diagnostic data settings
-
-We do not recommend that you turn off diagnostic data in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
-
-> [!IMPORTANT]
-> These diagnostic data levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of Office Telemetry](https://technet.microsoft.com/library/jj863580.aspx).
-
-You can turn on or turn off System Center diagnostic data gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center diagnostic data is turned on. However, setting the operating system diagnostic data level to **Basic** will turn off System Center diagnostic data, even if the System Center diagnostic data switch is turned on.
-
-The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
-
-## Configure the operating system diagnostic data level
-
-You can configure your operating system diagnostic data settings using the management tools you’re already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
-
-Use the appropriate value in the table below when you configure the management policy.
-
-| Level    | Data gathered | Value |
-| - | - | -  |
-| Security | Security data only. | **0** |
-| Basic | Security data, and basic system and quality data. | **1** |
-| Enhanced | Security data, basic system and quality data, and enhanced insights and advanced reliability data. | **2** |
-| Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** |
-
-   > [!NOTE]
-   > When both the Computer Configuration policy and User Configuration policy are set, the more restrictive policy is used.
-
-### Use Group Policy to set the diagnostic data level
-
-Use a Group Policy object to set your organization’s diagnostic data level.
-
-1.  From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
-
-2.  Double-click **Allow Telemetry**.
-
-3.  In the **Options** box, select the level that you want to configure, and then click **OK**.
-
-### Use MDM to set the diagnostic data level
-
-Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
-
-### Use Registry Editor to set the diagnostic data level
-
-Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
-
-1.  Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
-
-2.  Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
-
-3.  Type **AllowTelemetry**, and then press ENTER.
-
-4.  Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
-
-5.  Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
-
-### Configure System Center 2016 diagnostic data
-
-For System Center 2016 Technical Preview, you can turn off System Center diagnostic data by following these steps:
-
--   Turn off diagnostic data by using the System Center UI Console settings workspace.
-
--   For information about turning off diagnostic data for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505).
-
-### Additional diagnostic data controls
-
-There are a few more settings that you can turn off that may send diagnostic data information:
-
--   To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](https://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
-
--   Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**.
-
--   Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
-
--   Turn off **Linguistic Data Collection** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
-
-    > [!NOTE]
-    > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
-
 ## Additional resources
 
 FAQs
@@ -456,5 +452,3 @@ TechNet
 Web Pages
 
 - [Privacy at Microsoft](https://privacy.microsoft.com)
-
-
diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md
index ec17064fc8..f5e4bd8b0e 100644
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 01/17/2018
+ms.reviewer: 
 ---
 
 # Diagnostic Data Viewer Overview
@@ -43,6 +44,9 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn
 ### Download the Diagnostic Data Viewer
 Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
 
+   >[!Important]
+   >It's possible that your Windows machine may not have the Microsoft Store available (e.g. Windows Server). If this is the case, please check out [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830).
+
 ### Start the Diagnostic Data Viewer
 You can start this app from the **Settings** panel.
 
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
index f3f9bf6b3f..29da582e50 100644
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/9/2018
+ms.reviewer: 
 ---
 
 
diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md
index 3cc4c3a5d1..d032754214 100644
--- a/windows/privacy/gdpr-it-guidance.md
+++ b/windows/privacy/gdpr-it-guidance.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 05/11/2018
+ms.reviewer: 
 ---
 # Windows and the GDPR: Information for IT Administrators and Decision Makers
 
@@ -305,4 +306,4 @@ Please visit our [GDPR section of the Microsoft Trust Center](https://www.micros
 
 #### Other resources
 
-* [Privacy at Microsoft](https://privacy.microsoft.com/)
\ No newline at end of file
+* [Privacy at Microsoft](https://privacy.microsoft.com/)
diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md
index 62925e34b9..4797029729 100644
--- a/windows/privacy/gdpr-win10-whitepaper.md
+++ b/windows/privacy/gdpr-win10-whitepaper.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: pwiglemsft
-ms.author: pwigle
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/25/2017
+ms.reviewer: 
 ---
 
 # Beginning your General Data Protection Regulation (GDPR) journey for Windows 10
diff --git a/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md b/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md
index 142906d55e..58c89a6256 100644
--- a/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md
+++ b/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/16/2018
+ms.reviewer: 
 robots: noindex,nofollow
 ---
 
@@ -93,4 +94,4 @@ Cette limitation concerne:
 
 Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.
 
-EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.
\ No newline at end of file
+EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
new file mode 100644
index 0000000000..53034ea742
--- /dev/null
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -0,0 +1,135 @@
+---
+title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
+description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings.
+ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
+keywords: privacy, manage connections to Microsoft, Windows 10
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: medium
+author: medgarmedgar
+ms.author: v-medgar
+ms.date: 3/1/2019
+---
+
+# Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
+
+**Applies to**
+
+-   Windows 10 Enterprise 1903 version and newer
+
+You can use Microsoft InTune with MDM CSPs and custom [OMA URIs](https://docs.microsoft.com/en-us/intune/custom-settings-windows-10) to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
+
+To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.
+
+You can configure diagnostic data at the Security/Basic level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+Note, there is some traffic which is required (i.e. "whitelisted") for the operation of Windows and the Microsoft InTune based management.  This traffic includes CRL and OCSP network traffic which will show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.  Additional whitelisted traffic specifically for MDM managed devices includes Windows Notification Service related traffic as well as some specific Microsoft InTune and Windows Update related traffic.
+
+For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/en-us/intune/).
+
+For detailed information about managing network connections to Microsoft services using Registries, Group Policies, or UI see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services).
+
+
+The endpoints for the MDM “whitelisted” traffic are in the [Whitelisted Traffic](#bkmk-mdm-whitelist). 
+
+
+### Settings for Windows 10 Enterprise edition 1903 and newer
+
+The following table lists management options for each setting.
+
+For Windows 10, the following MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Setting | MDM Policy | Description |
+| --- | --- | --- |
+| 1. Automatic Root Certificates Update | There is intentionally no MDM available for Automatic Root Certificate Update. | This MDM does not exist since it would prevent the operation and management of MDM management of devices.
+| 2. Cortana and Search | [Experience/AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Choose whether to let Cortana install and run on the device. **Set to 0 (zero)**
+| | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results. **Set to 0 (zero)**
+| 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings.  **Set to 0 (zero)**
+| 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet.  **Set to Enabled**
+| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device.  **Set to 0  (zero)** 
+| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | Setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. **Set to 0  (zero)** 
+| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. **Set to 0  (zero)**
+| 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) | 
+| | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. **Set to Disabled**
+| | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to Enabled**
+| | [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature) | Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. **Set to Enabled**
+| | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled**
+| | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled**
+| 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen.  **Set to Enabled**
+| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. **Set to 0 (zero)** 
+| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** 
+| 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). 
+| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)** 
+| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. **Set to 0 (zero)** 
+| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)** 
+| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** 
+| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0  (zero)** 
+| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off.  **Set to 0  (zero)** 
+| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | Note: After you apply this policy you must restart the device for the policy setting to take effect. **Set to 1 (one)** 
+| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections. 
                           **Set to 0 (zero)** 
+| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0  (zero)** 
+| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** 
+| 16. Preinstalled apps | N/A | N/A 
+| 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. 
+|   17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)**
+|   17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0  (zero)**
+|   17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0  (zero)**
+|   17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)**  
+|   17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage.  **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune**
+| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**  
+| | [Settings/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled**
+|   17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)** 
+| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft  **Set to 0 (zero)** 
+|   17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)** 
+|   17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Specifies whether Windows apps can access contacts. **Set to 2 (two)** 
+|   17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Specifies whether Windows apps can access the calendar. **Set to 2 (two)** 
+|   17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Specifies whether Windows apps can access account information. **Set to 2 (two)** 
+|   17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Specifies whether Windows apps can access email. **Set to 2 (two)** 
+|   17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)** 
+|   17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | Specifies whether Windows apps can make phone calls. **Set to 2 (two)** 
+|   17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | Specifies whether Windows apps have access to control radios. **Set to 2 (two)** 
+|   17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Specifies whether Windows apps can sync with devices. **Set to 2 (two)** 
+| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Specifies whether Windows apps can access trusted devices. **Set to 2 (two)** 
+|   17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)** 
+| | [Experience/DoNotShowFeedbackNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications)| Prevents devices from showing feedback questions from Microsoft.  **Set to 1 (one)** 
+|   17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Specifies whether Windows apps can run in the background. **Set to 2 (two)** 
+|   17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Specifies whether Windows apps can access motion data. **Set to 2 (two)** 
+|   17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** 
+|   17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)** 
+| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)**  
+| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. **Set to 0 (zero)** 
+| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. **Set to 0 (zero)** 
+| 21. Teredo | No MDM needed | Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM. 
+| 22. Wi-Fi Sense | No MDM needed | Wi-Fi Sense is no longer available from Windows 10 version 1803 and newer. 
+| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** 
+| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** 
+|   23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** 
+|   23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** 
+| 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** 
+| 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.  **Set to 1 (one)** 
+| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** 
+| 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** 
+| 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). 
+| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** 
+| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** 
+
+
+###                            Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations
+
+|**Allowed traffic endpoints** | 
+| --- | 
+|ctldl.windowsupdate.com|
+|cdn.onenote.net|
+|r.manage.microsoft.com|
+|tile-service.weather.microsoft.com|
+|settings-win.data.microsoft.com|
+|client.wns.windows.com|
+|dm3p.wns.windows.com|
+|crl.microsoft.com/pki/crl/*|
+|*microsoft.com/pkiops/crl/**|
+|activation-v2.sls.microsoft.com/*|
+|ocsp.digicert.com/*|
+
+
+
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 9b76bb4c29..b8f7179b74 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -2,18 +2,19 @@
 title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
 description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
+ms.reviewer: 
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 06/05/2018
+ms.date: 05/16/2019
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
@@ -26,77 +27,24 @@ ms.date: 06/05/2018
 
 If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
-Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
+Learn about the network connections that Windows components make to Microsoft in addition to the privacy settings that affect the data which is shared with either Microsoft or apps and how they can be managed by an IT Pro.
 
 If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
 
 You can configure diagnostic data at the Security/Basic level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
 
-To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887).
-This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state.
-Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document.
-However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended.
-Make sure you've chosen the right settings configuration for your environment before applying.
+To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), but **before application please ensure that Windows and Windows Defender are fully up to date**.  Failure to do so may result in errors. This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state.
+Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure you've chosen the right settings configuration for your environment before applying.
 You should not extract this package to the windows\\system32 folder because it will not apply correctly.
 
->[!IMPORTANT]
-> As part of the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), MDM functionallity is disabled. If you manage devices through MDM, make sure [cloud notifications are enabled](#bkmk-priv-notifications).
-
 Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article.
 It is recommended that you restart a device after making configuration changes to it.
 Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
 
+To use Microsoft InTune cloud based device managment for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
+
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
 
-## What's new in Windows 10, version 1809 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1809:
-
-- Added a policy to disable Windows Defender SmartScreen
-
-## What's new in Windows 10, version 1803 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1803:
-
-- Added a policy to turn off notifications network usage
-- Added a policy for Microsoft Edge to turn off configuration updates for the Books Library
-- Added a policy for Microsoft Edge to turn off Address Bar drop-down list suggestions
-
-## What's new in Windows 10, version 1709 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1709:
-
-- Added the Phone calls section
-- Added the Storage Health section
-- Added discussion of apps for websites in the Microsoft Store section
-
-## What's new in Windows 10, version 1703 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1703:
-
-- Added an MDM policy for Font streaming
-- Added an MDM policy for Network Connection Status Indicator
-- Added an MDM policy for the Micosoft Account Sign-In Assistant
-- Added instructions for removing the Sticky Notes app
-- Added registry paths for some Group Policies
-- Added the Find My Device section
-- Added the Tasks section
-- Added the App Diagnostics section
-
-- Added the following Group Policies:
-
-  - Prevent managing SmartScreen Filter
-  - Turn off Compatibility View
-  - Turn off Automatic Download and Install of updates
-  - Do not connect to any Windows Update locations
-  - Turn off access to all Windows Update features
-  - Specify Intranet Microsoft update service location
-  - Enable Windows NTP client
-  - Turn off Automatic download of the ActiveX VersionList
-  - Allow Automatic Update of Speech Data
-  - Accounts: Block Microsoft Accounts
-  - Do not use diagnostic data for tailored experiences
-
 ## Management options for each setting
 
 The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
@@ -105,172 +53,174 @@ The following sections list the components that make network connections to Micr
 
 The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607.
 
->[!NOTE]
->For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details.
 
-| Setting | UI | Group Policy | MDM policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  |
-| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [9. License Manager](#bkmk-licmgr) | | | | ![Check mark](images/checkmark.png) | |
-| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
-|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | |
-|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
-|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) |  |  | |
-| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| Setting | UI | Group Policy | Registry | 
+| - | :-: | :-: | :-: | 
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [9. License Manager](#bkmk-licmgr) | | |  ![Check mark](images/checkmark.png) |
+| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
+| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | 
+| [18. Settings > Privacy](#bkmk-settingssection) | | | | 
+|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| 
+|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | 
+|     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
+|     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
+| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 
 ### Settings for Windows Server 2016 with Desktop Experience
 
 See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience.
 
-| Setting | UI | Group Policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | |
-|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| Setting | UI | Group Policy | Registry | 
+| - | :-: | :-: | :-: | 
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 ### Settings for Windows Server 2016 Server Core
 
 See the following table for a summary of the management settings for Windows Server 2016 Server Core.
 
-| Setting | Group Policy | Registry | Command line |
-| - | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | |
-| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | | |
-| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
-| [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| Setting | Group Policy | Registry | 
+| - | :-: | :-: | 
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 ### Settings for Windows Server 2016 Nano Server
 
 See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
 
-| Setting | Registry | Command line |
-| - | :-: | :-: | 
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | |
-| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | |
-| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) |
-| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | |
+| Setting | Registry |
+| - | :-: |  
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) |
+| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) |
 
 ### Settings for Windows Server 2019
 
 See the following table for a summary of the management settings for Windows Server 2019.
 
-| Setting | UI | Group Policy | MDM policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  |
-| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
-|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | |
-|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
-|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [18.21 Inking & Typing](#bkmk-priv-ink) | | |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) |  |  | |
-| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| Setting | UI | Group Policy | Registry | 
+| - | :-: | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| 
+|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | 
+|     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
+|     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
+| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)  |
+| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
+| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 ## How to configure each setting
 
@@ -283,7 +233,7 @@ For more information, see [Automatic Root Certificates Update Configuration](htt
 Although not recommended, you can turn off Automatic Root Certificates Update, which also prevents updates to the disallowed certificate list and the pin rules list.
 
 > [!CAUTION]
-> By not automatically downloading the root certificates, the device might have not be able to connect to some websites.
+> By not automatically downloading the root certificates, the device might have not been able to connect to some websites.
 
 For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
 
@@ -317,7 +267,7 @@ On Windows Server 2016 Nano Server:
 
 ### 2. Cortana and Search
 
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
+Use Group Policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
 
 ### 2.1 Cortana and Search Group Policies
 
@@ -374,14 +324,6 @@ You can also apply the Group Policies using the following registry keys:
 
 If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost.
 
-### 2.2 Cortana and Search MDM policies
-
-For Windows 10 only, the following Cortana MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
-| Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. 
                           Default: Allowed|
 
 ### 3. Date & Time
 
@@ -412,9 +354,6 @@ To prevent Windows from retrieving device metadata from the Internet:
 
 - Create a new REG_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
 
-  -or -
-
-- Apply the DeviceInstallation/PreventDeviceMetadataFromNetwork MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork).
 
 ### 5. Find My Device
 
@@ -442,13 +381,6 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
 
 - Create a new REG_DWORD registry setting **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\EnableFontProviders** to **0 (zero)**.
 
-  -or-
-
-- In Windows 10, version 1703, you can apply the System/AllowFontProviders MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-  - **False**. Font streaming is Disabled.
-
-  - **True**. Font streaming is Enabled.
 
 > [!NOTE]
 > After you apply this policy, you must restart the device for it to take effect.
@@ -482,20 +414,11 @@ To turn off Insider Preview builds for Windows 10:
 
 - Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)**
 
-  -or-
-
-- Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-  - **0**. Users cannot make their devices available for downloading and installing preview software.
-
-  - **1**. Users can make their devices available for downloading and installing preview software.
-
-  - **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
 
 
 ### 8. Internet Explorer
 > [!NOTE]
-> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: 
+> The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:  
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -508,11 +431,11 @@ To turn off Insider Preview builds for Windows 10:
 
 | Registry Key                                         | Registry path                                                                                       |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites
                          REG_DWORD: Enabled 
                          **Set Value to: 0**|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer
                          REG_DWORD: AllowServicePoweredQSA 
                          **Set Value to: 0**|
-| Turn off the auto-complete feature for web addresses | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete
                          REG_SZ: AutoSuggest 
                          Set Value to: **no** |
-| Turn off browser geolocation | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation
                          REG_DWORD: PolicyDisableGeolocation 
                          **Set Value to: 1** |
-| Prevent managing SmartScreen filter | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter
                          REG_DWORD: EnabledV9 
                          **Set Value to: 0** |
+| Turn on Suggested Sites| HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites
                          REG_DWORD: Enabled 
                          **Set Value to: 0**|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer
                          REG_DWORD: AllowServicePoweredQSA 
                          **Set Value to: 0**|
+| Turn off the auto-complete feature for web addresses |HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete
                          REG_SZ: AutoSuggest 
                          Set Value to: **no** |
+| Turn off browser geolocation | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation
                          REG_DWORD: PolicyDisableGeolocation 
                          **Set Value to: 1** |
+| Prevent managing SmartScreen filter | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter
                          REG_DWORD: EnabledV9 
                          **Set Value to: 0** |
 
 There are more Group Policy objects that are used by Internet Explorer:
 
@@ -527,14 +450,16 @@ You can also use Registry keys to set these policies.
 
 | Registry Key                                         | Registry path                                                                                       |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation
                          REG_DWORD: DisableSiteListEditing 
                           **Set Value to 1**|
-| Turn off the flip ahead with page prediction feature | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead
                          REG_DWORD: Enabled 
                           **Set Value to 0**|
-| Turn off background synchronization for feeds and Web Slices | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
                          REG_DWORD: BackgroundSyncStatus 
                           **Set Value to 0**|
-| Allow Online Tips | HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
                          REG_DWORD: AllowOnlineTips 
                           **Set Value to 0  (zero)**|
+| Choose whether employees can configure Compatibility View. | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation
                          REG_DWORD: DisableSiteListEditing 
                           **Set Value to 1**|
+| Turn off the flip ahead with page prediction feature | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead
                          REG_DWORD: Enabled 
                           **Set Value to 0**|
+| Turn off background synchronization for feeds and Web Slices | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
                          REG_DWORD: BackgroundSyncStatus 
                           **Set Value to 0**|
+| Allow Online Tips | HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
                          REG_DWORD: AllowOnlineTips 
                           **Set Value to 0**|
 
-To turn off the home page, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
+To turn off the home page:
 
-  -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**
+
+  -or-
 
 - Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
 
@@ -543,16 +468,20 @@ To turn off the home page, **Enable** the Group Policy: **User Configuration** >
 - Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
 
 
-To configure the First Run Wizard, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
+To configure the First Run Wizard:
 
-  -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**
+
+  -or-
 
 - Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
 
 
-To configure the behavior for a new tab, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
+To configure the behavior for a new tab:
 
-  -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**
+
+  -or-
 
 - Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
 
@@ -565,7 +494,7 @@ You can turn this off by:
 
 -  **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
 
-  -or -
+  -or-
 
 -  Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**.
 
@@ -611,9 +540,6 @@ To turn off mail synchronization for Microsoft Accounts that are configured on a
 
 - Remove any Microsoft Accounts from the Mail app.
 
-  -or-
-
-- Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
 
 To turn off the Windows Mail app:
 
@@ -632,16 +558,12 @@ To prevent communication to the Microsoft Account cloud authentication service.
 
 To disable the Microsoft Account Sign-In Assistant:
 
-- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-
-  -or-
-
 - Change the **Start** REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
 
 
 ### 13. Microsoft Edge
 
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
+Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
 
 ### 13.1 Microsoft Edge Group Policies
 
@@ -661,7 +583,7 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
 | Prevent the First Run webpage from opening on Microsoft Edge                       | Choose whether employees see the First Run webpage. 
                           **Set to: Enable**        |
 | Allow Microsoft Compatibility List                       | Choose whether to use the Microsoft Compatibility List in Microsoft Edge. 
                           **Set to: Disabled**        |
 
-Alternatively, you can configure the these Registry keys as described:
+Alternatively, you can configure the following Registry keys as described:
 
 | Registry Key | Registry path |
 | - | - |
@@ -678,21 +600,6 @@ Alternatively, you can configure the these Registry keys as described:
 | Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
                          REG_DWORD: MSCompatibilityMode 
                          Value: **0**|
 
 
-### 13.2 Microsoft Edge MDM policies
-
-The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. 
                           **Set to: Not Allowed**                      |
-| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.
                           **Set to: Allowed**                  |
-| Browser/AllowMicrosoftCompatbilityList               | Specify the Microsoft compatibility list in Microsoft Edge. 
                           **Set to: Not Allowed**                 |
-| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. 
                           **Set to: Not Allowed**       |
-| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the Address Bar shows search suggestions.. 
                           **Set to: Not Allowed**                   |
-| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  
                           **Set to: Not Allowed**                            |
-| Browser/FirstRunURL                                  | Choose the home page for Microsoft Edge on Windows Mobile 10. 
                           **Set to:** blank                 |
-
-
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies).
 
 ### 14. Network Connection Status Indicator
@@ -705,7 +612,6 @@ You can turn off NCSI by doing one of the following:
 
 - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Windows Network Connectivity Status Indicator active tests**
 
-- In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) with a value of 1.
 
 > [!NOTE]
 > After you apply this policy, you must restart the device for the policy setting to take effect.
@@ -724,10 +630,6 @@ You can turn off the ability to download and update offline maps.
 
 - Create a REG_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a **value of 0 (zero)**.
 
-  -or-
-
-- In Windows 10, version 1607 and later, apply the Maps/EnableOfflineMapsAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate) with a **value of 0**.
-
   -and-
 
 - In Windows 10, version 1607 and later, **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
@@ -754,10 +656,6 @@ To turn off OneDrive in your organization:
 
 - Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)** 
 
--or-
-
--   Set the System/DisableOneDriveFileSync MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync) to True (value 1) to disable OneDrive File Sync. 
-
 
 ### 17. Preinstalled apps
 
@@ -768,12 +666,14 @@ To remove the News app:
 - Right-click the app in Start, and then click **Uninstall**.
 
   -or-
-
+>[!IMPORTANT]
+> If you have any issues with these commands, restart the system and try the scripts again.
+>
 - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
 
 To remove the Weather app:
 
@@ -781,7 +681,7 @@ To remove the Weather app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
 
 To remove the Money app:
 
@@ -793,7 +693,7 @@ To remove the Money app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
 
 To remove the Sports app:
 
@@ -805,7 +705,7 @@ To remove the Sports app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
 
 To remove the Twitter app:
 
@@ -817,7 +717,7 @@ To remove the Twitter app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
 
 To remove the XBOX app:
 
@@ -825,7 +725,7 @@ To remove the XBOX app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
 
 To remove the Sway app:
 
@@ -837,7 +737,7 @@ To remove the Sway app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
 
 To remove the OneNote app:
 
@@ -845,7 +745,7 @@ To remove the OneNote app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
 
 To remove the Get Office app:
 
@@ -857,7 +757,7 @@ To remove the Get Office app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
 
 To remove the Get Skype app:
 
@@ -869,7 +769,7 @@ To remove the Get Skype app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
 
 To remove the Sticky notes app:
 
@@ -877,7 +777,7 @@ To remove the Sticky notes app:
 
   -and-
 
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage**
+- Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage**
 
 ### 18. Settings > Privacy
 
@@ -925,6 +825,10 @@ Use Settings > Privacy to configure some settings that may be important to yo
 
 - [18.21 Inking & Typing](#bkmk-priv-ink)
 
+- [18.22 Activity History](#bkmk-act-history)
+
+- [18.23 Voice Activation](#bkmk-voice-act)
+
 ### 18.1 General
 
 **General** includes options that don't fall into other areas.
@@ -1002,14 +906,6 @@ To turn off **Send Microsoft info about how I write to help us improve typing an
 
 - Turn off the feature in the UI.
 
-  -or-
-
-- Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-    - **0**. Not allowed
-
-    - **1**. Allowed (default)
-
 To turn off **Let websites provide locally relevant content by accessing my language list**:
 
 - Turn off the feature in the UI.
@@ -1018,7 +914,7 @@ To turn off **Let websites provide locally relevant content by accessing my lang
 
 - Create a new REG_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY_CURRENT_USER\\Control Panel\\International\\User Profile** with a value of 1.
 
-To turn off **Let apps on my other devices open apps and continue experiences on this devices**:
+To turn off **Let apps on my other devices open apps and continue experiences on this device**:
 
 - Turn off the feature in the UI.
 
@@ -1050,18 +946,6 @@ To turn off **Location for this device**:
 
 - Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  -or-
-
-- Apply the System/AllowLocation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    - **0**. Turned off and the employee can't turn it back on.
-
-    - **1**. Turned on, but lets the employee choose whether to use it. (default)
-
-    - **2**. Turned on and the employee can't turn it off.
-
-    > [!NOTE]
-    > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
 
 To turn off **Location**:
 
@@ -1069,9 +953,7 @@ To turn off **Location**:
   
   -or-
   
-- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
-
-  - Set the **Select a setting** box to **Force Deny**.
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1104,17 +986,6 @@ To turn off **Let apps use my camera**:
 
 - Create a REG_DWORD registry setting named **LetAppsAccessCamera** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
-  -or-
-
-- Apply the Camera/AllowCamera MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    - **0**. Apps can't use the camera.
-
-    - **1**. Apps can use the camera.
-
-    > [!NOTE]
-    > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
-
 
 To turn off **Choose apps that can use your camera**:
 
@@ -1136,14 +1007,6 @@ To turn off **Let apps use my microphone**:
 
   -or-
 
--  Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
 
 To turn off **Choose apps that can use your microphone**:
@@ -1152,26 +1015,14 @@ To turn off **Choose apps that can use your microphone**:
 
 ### 18.5 Notifications
 
->[!IMPORTANT]
->Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below.
-
 To turn off notifications network usage:
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**
-
-  - Set to **Enabled**.
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**
 
   -or-
 
 - Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one)
 
-  -or-
-
-
-- Apply the Notifications/DisallowCloudNotification MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification), where:
-
-    - **0**. WNS notifications allowed
-    - **1**. No WNS notifications allowed
 
 In the **Notifications** area, you can also choose which apps have access to notifications.
 
@@ -1187,21 +1038,13 @@ To turn off **Let apps access my notifications**:
 
   -or-
 
--  Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where:
-
-     - **0**. User in control
-     - **1**. Force allow
-     - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
 
 ### 18.6 Speech
 
 In the **Speech** area, you can configure the functionality as such: 
 
-To turn off streaming audio to Microsoft Speech services,
+To turn off dictation of your voice, speaking to Cortana and other apps, and to prevent sending your voice input to Microsoft Speech services:
 
 - Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** 
 
@@ -1211,11 +1054,18 @@ To turn off streaming audio to Microsoft Speech services,
 
   -or-
 
-- Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP to **0 - Not allowed**
+- Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)**
+
+
+If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
+
+ - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** 
 
   -or-
 
-- Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)**
+ - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** 
+
+
 
 ### 18.7 Account info
 
@@ -1233,14 +1083,6 @@ To turn off **Let apps access my name, picture, and other account info**:
 
   -or-
 
--  Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where:
-
-     - **0**. User in control
-     - **1**. Force allow
-     - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 
@@ -1265,14 +1107,6 @@ To turn off **Choose apps that can access contacts**:
 
   -or-
 
--  Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where:
-
-     - **0**. User in control
-     - **1**. Force allow
-     - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessContacts** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### 18.9 Calendar
@@ -1285,17 +1119,7 @@ To turn off **Let apps access my calendar**:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar**
-
-  - Set the **Select a setting** box to **Force Deny**.
-
-  -or-
-
--  Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar**.  Set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1321,14 +1145,6 @@ To turn off **Let apps access my call history**:
 
   -or-
 
-  -  Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### 18.11 Email
@@ -1347,14 +1163,6 @@ To turn off **Let apps access and send email**:
 
   -or-
 
-  -  Apply the Privacy/LetAppsAccessEmail MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessemail), where:
-
-     - **0**. User in control
-     - **1**. Force allow
-     - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessEmail** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### 18.12 Messaging
@@ -1373,14 +1181,6 @@ To turn off **Let apps read or send messages (text or MMS)**:
 
   -or-
 
--  Apply the Privacy/LetAppsAccessMessaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where:
-
-      - **0**. User in control
-      - **1**. Force allow
-      - **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 To turn off **Choose apps that can read or send messages**:
@@ -1407,17 +1207,7 @@ To turn off **Let apps make phone calls**:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps make phone calls**
-
-  - Set the **Select a setting** box to **Force Deny**.
-
-  -or-
-
--  Apply the Privacy/LetAppsAccessPhone MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone), where:
-
-      - **0**. User in control
-      - **1**. Force allow
-      - **2**. Force deny
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps make phone calls** and set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1438,17 +1228,7 @@ To turn off **Let apps control radios**:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps control radios**
-
-  - Set the **Select a setting** box to **Force Deny**.
-
-  -or-
-
--  Apply the Privacy/LetAppsAccessRadios MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessradios), where:
-
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps control radios** and set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1473,10 +1253,6 @@ To turn off **Let apps automatically share and sync info with wireless devices t
 
   -or-
 
-- Set the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices) to **2**. Force deny
-
-  -or-
-
 - Create a REG_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
 To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
@@ -1491,14 +1267,6 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
 - Create a REG_DWORD registry setting named **LetAppsAccessTrustedDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  -or-
-
-- Apply the **Privacy/LetAppsAccessTrustedDevices** MDM policy from the [Policy CSP](/windows/client-management/mdm/policy-csp-privacy.md#privacy-letappsaccesstrusteddevices
-), where:
-
-     - **0**. User in control
-     - **1**. Force allow
-     - **2**. Force deny
 
 ### 18.16 Feedback & diagnostics
 
@@ -1553,19 +1321,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
 > [!NOTE]
 > If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
-
-  -or-
-
-- Apply the System/AllowTelemetry MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    - **0**. Maps to the **Security** level.
-
-    - **1**. Maps to the **Basic** level.
-
-    - **2**. Maps to the **Enhanced** level.
-
-    - **3**. Maps to the **Full** level.
-    
+  
 
 To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data:
 
@@ -1608,9 +1364,6 @@ To turn off **Let apps run in the background**:
 
 - Create a REG_DWORD registry setting named **LetAppsRunInBackground** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**
 
-  -or-
-
--  Set the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground) to **2 Force Deny**.
 
 > [!NOTE]
 > Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**.
@@ -1631,14 +1384,6 @@ To turn off **Let Windows and your apps use your motion data and collect motion
 
 - Create a REG_DWORD registry setting named **LetAppsAccessMotion** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  -or-
-
--  Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
-
 
 ### 18.19 Tasks
 
@@ -1656,13 +1401,6 @@ To turn this off:
 
 - Create a REG_DWORD registry setting named **LetAppsAccessTasks** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  -or-
-
--  Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
 
 ### 18.20 App Diagnostics
 
@@ -1674,16 +1412,12 @@ To turn this off:
 
   -or-
 
-- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access diagnostic information about other apps**
 
   -or-
 
 - Create a REG_DWORD registry setting named **LetAppsGetDiagnosticInfo** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  -or-
-
--  Set the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo) to **2**. Force deny
-
 
 ### 18.21 Inking & Typing
 
@@ -1697,55 +1431,68 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for
 
  - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
 
-  -or-
 
- - Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP. 
-  [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) to **0** (not allowed). This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. 
+### 18.22 Activity History
+In the **Activity History** area, you can choose turn Off tracking of your Activity History.  
+
+To turn this Off in the UI:
+
+- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes 
+
+-OR-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed** 
+
+     -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities** 
+
+     -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** > named **Allow upload of User Activities** 
+
+-OR-
+ 
+- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+
+     -and-
+
+- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+
+     -and-
+
+- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+    
+### 18.23 Voice Activation
+
+In the **Vocie activation** area, you can choose turn Off apps ability to listen for a Voice keyword.  
+
+To turn this Off in the UI:
+
+- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked** 
+
+-OR-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice** 
+
+     -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice while the system is locked** 
 
 
-If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models:
+-OR-
+ 
+- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
 
-  **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
+     -and-
 
-  -or-
-
- - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** 
-
-  -or-
-
- - Set the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate) to **0**
+- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
 
 
-> [!NOTE]
-> Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area.  For customizing those setting please follow the below instructions.  For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas.
-
-In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
-
-  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
-
-  To turn off the functionality:
-
-  - Click the **Stop getting to know me** button, and then click **Turn off**.
-
-      -or-
-
-  - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Regional and Language Options** > **Handwriting personalization** > **Turn off automatic learning**
-
-      -or-
-
-  - Create a REG_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one).
-
-      -or-
-
-  - Create a REG_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Personalization\\Settings** with a value of 0 (zero).
-
-      -and-
-
-  -  Create a REG_DWORD registry setting named **HarvestContacts** in **HKEY_CURRENT_USER\\Software\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of **0 (zero)**.
 
 ### 19. Software Protection Platform
 
-  Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
+Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
 
   **For Windows 10:**
 
@@ -1753,10 +1500,6 @@ In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better
 
   -or-
 
-  - Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 1 (Enabled)**.
-
-  -or-
-
   - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
 
 **For Windows Server 2019 or later:**
@@ -1784,7 +1527,7 @@ For Windows 10:
 
   -or-
 
-- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0.
+- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a **value of 0**.
 
 ### 21. Sync your settings
 
@@ -1800,11 +1543,6 @@ You can control if your settings are synchronized:
 
 - Create a REG_DWORD registry setting named **DisableSettingSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one).
 
-  -or-
-
-- Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 0 (not allowed)**.
-
-
 To turn off Messaging cloud sync:
 
 -   Note: There is no Group Policy corresponding to this registry key.
@@ -1851,17 +1589,22 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 
 ### 24. Windows Defender
 
-You can disconnect from the Microsoft Antimalware Protection Service.
+You can disconnect from the Microsoft Antimalware Protection Service. 
 
-- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop down box named **Join Microsoft MAPS**
+>[!IMPORTANT]
+>**Required Steps BEFORE setting the Windows Defender Group Policy or RegKey on Windows 10 version 1903**
+>1. Ensure Windows and Windows Defender are fully up to date.
+>2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button.  Then scroll down to >the Tamper Protection toggle and turn it **Off**.  This will allow you to modify the Registry key and allow the Group Policy to make >the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link >and then scroll down to the Tamper Protection toggle to set it to **Off**. 
+
+- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS**
 
 -OR-
 
 - Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to **0 (zero)**.
 
--OR-
+  -and-
 
-- For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+- Delete the registry setting **named** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Updates**.
 
 
 You can stop sending file samples back to Microsoft.
@@ -1870,10 +1613,6 @@ You can stop sending file samples back to Microsoft.
 
   -or-
 
-- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) to **2 (two) for Never Send**.
-
-  -or-
-
 - Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to **2 (two) for Never Send**.
 
 
@@ -1918,7 +1657,9 @@ You can turn off **Enhanced Notifications** as follows:
 
 To disable Windows Defender Smartscreen:
 
-- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
+In Group Policy, configure: 
+
+- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
 
    -and-
 
@@ -1940,14 +1681,10 @@ To disable Windows Defender Smartscreen:
 
 - Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**.
 
--OR-
-
-- Set the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to **0 (turned Off)**.
-
 
 ### 25. Windows Spotlight
 
-Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
+Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy.
 
 If you're running Windows 10, version 1607 or later, you need to: 
 
@@ -1958,10 +1695,6 @@ If you're running Windows 10, version 1607 or later, you need to:
 
    -or-
 
-- For Windows 10 only, apply the Experience/AllowWindowsSpotlight MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience), with a value of 0 (zero).
-
-   -or-
-
 - Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
 
 
@@ -2073,7 +1806,7 @@ Windows Update Delivery Optimization lets you get Windows updates and Microsoft
 
 By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
 
-Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
+Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization.
 
 In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to  **Bypass** (100), as described below.
 
@@ -2103,18 +1836,6 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
 
 - Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **100 (one hundred)**. 
 
-### 27.4 Delivery Optimization MDM policies
-
-The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| MDM Policy                | Description                                                                                         |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| DeliveryOptimization/DODownloadMode            | Lets you choose where Delivery Optimization gets or sends updates and apps, including 
                          • 0. Turns off Delivery Optimization.
                          • 1. Gets or sends updates and apps to PCs on the same NAT only.
                          • 2. Gets or sends updates and apps to PCs on the same local network domain.
                          • 3. Gets or sends updates and apps to PCs on the Internet.
                          • 99. Simple download mode with no peering.
                          • 100. Use BITS instead of Windows Update Delivery Optimization.
                          |
-| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. 
                           **Note** This ID must be a GUID.|
-| DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. 
                           The default value is 259200 seconds (3 days).|
-| DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. 
                           The default value is 20, which represents 20% of the disk.|
-| DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. 
                           The default value is 0, which means unlimited possible bandwidth.|
-
 
 For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
 
@@ -2161,25 +1882,10 @@ You can turn off Windows Update by setting the following registry entries:
 - Set the Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**.  
 
 
-You can turn off automatic updates by doing one of the following. This is not recommended.
+You can turn off automatic updates by doing the following. This is not recommended.
 
 - Add a REG_DWORD value named **AutoDownload** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
 
-  -or-
-
-- For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), where:
-
-  - **0**. Notify the user before downloading the update.
-
-  - **1**. Auto install the update and then notify the user to schedule a device restart.
-
-  - **2** (default). Auto install and restart.
-
-  - **3**. Auto install and restart at a specified time.
-
-  - **4**. Auto install and restart without end-user control.
-
-  - **5**. Turn off automatic updates.
 
 For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic:
 
diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md
index 3c4c5afdbb..35f3ef35ee 100644
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Manage connection endpoints for Windows 10, version 1709
 
@@ -83,7 +84,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
 
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@@ -292,7 +293,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Office
 
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
@@ -303,7 +304,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   |    | *.e-msedge.net  |
 |   |    | *.s-msedge.net  |
 
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md
index 44e5f88ceb..983d8bce4b 100644
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Manage connection endpoints for Windows 10, version 1803
 
@@ -84,7 +85,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
 
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@@ -296,7 +297,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Office
 
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
@@ -308,7 +309,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   |    | *.s-msedge.net  |
 |   | HTTPS | ocos-office365-s2s.msedge.net |
 
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index 33042b0ada..d148047f46 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Manage connection endpoints for Windows 10, version 1809
 
@@ -84,7 +85,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
 
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@@ -308,7 +309,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Office
 
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
@@ -322,7 +323,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   | HTTPS | nexusrules.officeapps.live.com |
 |   | HTTPS | officeclient.microsoft.com |
 
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
 
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
new file mode 100644
index 0000000000..eb0dfe93cd
--- /dev/null
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -0,0 +1,173 @@
+---
+title: Connection endpoints for Windows 10 Enterprise, version 1903
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: danihalfin
+ms.author: v-medgar
+manager: sanashar
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 5/3/2019
+---
+# Manage connection endpoints for Windows 10 Enterprise, version 1903
+
+**Applies to**
+
+- Windows 10 Enterprise, version 1903
+
+Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
+
+-	Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+-	Connecting to email servers to send and receive email.
+-	Connecting to the web for every day web browsing.
+-	Connecting to the cloud to store and access backups.
+-	Using your location to show a weather forecast.
+
+This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
+Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
+Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic. 
+
+The following methodology was used to derive these network endpoints:
+
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+2.	Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+4.	Compile reports on traffic going to public IP addresses.
+5.  The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6.  All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
+7.  These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
+8.  These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 1903 Enterprise connection endpoints
+
+|Area|Description|Protocol|Destination|
+|----------------|----------|----------|------------|
+|Apps|The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
+|||HTTP|tile-service.weather.microsoft.com
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
+||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
+||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
+||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
+||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
+|||HTTPS|wbd.ms|
+|||HTTPS|whiteboard.microsoft.com|
+|||HTTP / HTTPS|whiteboard.ms|
+|Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
+|||HTTPS|ris-prod-atm.trafficmanager.net|
+|||HTTPS|validation-v2.sls.trafficmanager.net|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.|HTTP|ctldl.windowsupdate.com|
+|Cortana and Search|The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions. |HTTPS|store-images.*microsoft.com|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
+|||HTTPS|www.bing.com|
+|||HTTPS|www.bing.com/proactive|
+|||HTTPS|www.bing.com/threshold/xls.aspx|
+|||HTTP|exo-ring.msedge.net|
+|||HTTP|fp.msedge.net|
+|||HTTP|fp-vp.azureedge.net|
+|||HTTP|odinvzc.azureedge.net|
+|||HTTP|spo-ring.msedge.net|
+|Device authentication|
+||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+||The following endpoint is used to retrieve device metadata. If you  turn off traffic for this endpoint, metadata will not be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|HTTP|v10.events.data.microsoft.com|
+|||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
+|||HTTP|www.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
+|||HTTP|cs11.wpc.v0cdn.net|
+|||HTTPS|cs1137.wpc.gammacdn.net|
+|||TLS v1.2|modern.watson.data.microsoft.com*|
+|||HTTPS|watson.telemetry.microsoft.com|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|HTTPS|*licensing.mp.microsoft.com*|
+|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data.|HTTPS|inference.location.live.net|
+|||HTTP|location-inference-westus.cloudapp.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
+|||HTTP|*maps.windows.com*|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
+|||HTTP|us.configsvc1.live.com.akadns.net|
+|Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
+|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
+|Microsoft Store|The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|
+|||HTTPS|store-images.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLS v1.2|*.md.mp.microsoft.com*|
+|||HTTPS|*displaycatalog.mp.microsoft.com|
+|||HTTP \ HTTPS|pti.store.microsoft.com|
+|||HTTP|storeedgefd.dsx.mp.microsoft.com|
+|||HTTP|markets.books.microsoft.com|
+|||HTTP |share.microsoft.com|
+|Network Connection Status Indicator (NCSI)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
+Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
+|||HTTPS|*.e-msedge.net|
+|||HTTPS|*.s-msedge.net|
+|||HTTPS|nexusrules.officeapps.live.com|
+|||HTTPS|ocos-office365-s2s.msedge.net|
+|||HTTPS|officeclient.microsoft.com|
+|||HTTPS|outlook.office365.com|
+|||HTTPS|client-office365-tas.msedge.net|
+|||HTTPS|www.office.com|
+|||HTTPS|onecollector.cloudapp.aria|
+|||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
+|||HTTPS|self.events.data.microsoft.com|
+||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
+|||HTTP|msagfx.live.com|
+|||HTTPS|oneclient.sfx.ms|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|HTTPS|cy2.settings.data.microsoft.com.akadns.net|
+|||HTTPS|settings.data.microsoft.com|
+|||HTTPS|settings-win.data.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|browser.pipe.aria.microsoft.com|
+|||HTTP|config.edge.skype.com|
+|||HTTP|s2s.config.skype.com|
+|||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.|HTTPS|wdcp.microsoft.com|
+|||HTTPS|definitionupdates.microsoft.com|
+|||HTTPS|go.microsoft.com|
+||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications will not appear.|HTTPS|*smartscreen.microsoft.com|
+|||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
+|||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.|TLS v1.2|*.search.msn.com|
+|||HTTPS|arc.msn.com|
+|||HTTPS|g.msn.com*|
+|||HTTPS|query.prod.cms.rt.microsoft.com|
+|||HTTPS|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.|HTTPS|*.prod.do.dsp.mp.microsoft.com|
+|||HTTP|cs9.wac.phicdn.net|
+|||HTTP|emdl.ws.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com*|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.|HTTPS|*.delivery.mp.microsoft.com|
+|||HTTPS|*.update.microsoft.com|
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
+
+
+## Other Windows 10 editions
+
+To view endpoints for other versions of Windows 10 Enterprise, see:
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+
+
+## Related links
+
+- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+
+
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
new file mode 100644
index 0000000000..47ce5b00ee
--- /dev/null
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -0,0 +1,204 @@
+---
+description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows 10.
+title: Windows 10 & Privacy Compliance - A Guide for IT and Compliance Professionals
+keywords: privacy, GDPR, compliance
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: high
+audience: ITPro
+author: brianlic-msft
+ms.author: brianlic
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 05/21/2019
+---
+
+# Windows 10 & Privacy Compliance:
                          A Guide for IT and Compliance Professionals
+
+Applies to:
+- Windows 10, version 1903
+- Windows 10, version 1809
+- Windows 10 Team Edition, version 1703 for Surface Hub
+- Windows Server 2019
+- Windows Server 2016
+- Windows Analytics
+
+For more information about the GDPR, see:
+* [Windows and the GDPR: Information for IT Administrators and Decision Makers](gdpr-it-guidance.md)
+* [Microsoft GDPR Overview](https://aka.ms/GDPROverview)
+* [Microsoft Trust Center FAQs about the GDPR](https://aka.ms/gdpr-faq)
+* [Microsoft Service Trust Portal (STP)](https://aka.ms/stp)
+* [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted)
+
+## Overview
+
+At Microsoft, we are deeply committed to data privacy across all our products and services. With this guide, we provide IT and compliance professionals with data privacy considerations for Windows 10.
+
+Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls and support for data subject requests, all of which are detailed in this guide.
+
+This information allows IT and compliance professionals work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR).
+
+
+## 1. Windows 10 data collection transparency
+
+Transparency is an important part of the data collection process in Windows 10. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up.
+
+If interested in understanding how to manage settings related to data collection skip to the next section [Windows 10 data collection management](#12-data-collection-monitoring).
+
+
+### 1.1 Device set up experience and support for layered transparency
+
+When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used and how to manage the setting after the device setup is complete. The user can also review the privacy statement when connected to the network during this portion of setup. A brief overview of the set up experience for privacy settings are described in [this blog](https://blogs.windows.com/windowsexperience/2018/03/06/windows-insiders-get-first-look-new-privacy-screen-settings-layout-coming-windows-10/#uCC2bKYP8M5BqrDP.97).
+
+The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
+
+> [!NOTE]
+> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+
+| Feature/Setting | Description | Supporting Content | Privacy Statement |
+| --- | --- | --- | --- |
+| Diagnostic Data | 
                          Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.
                          Diagnostic data is categorized into four levels:
                          • **Security**
                            Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
                          • **Basic**
                            Basic device info, including: quality-related data, app compatibility, and data from the Security level.
                          • **Enhanced**
                            Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
                          • **Full**
                            Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
                            At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).
                           | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

                          [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) |
+| Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
+| Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
+| Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you have chosen (Security, Basic, Enhanced, or Full). Tailored experiences mean personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainadvertisingidmodule) |
+| Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) |
+| Cortana | 
                          Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/instantanswers/557b5e0e-0eb0-44db-87d6-5e5db6f9c5b0/cortana-s-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

                          Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.
                           | [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

                          [Cortana integration in your business or enterprise](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) |
+
+### 1.2 Data collection monitoring
+
+The Diagnostic Data Viewer (DDV) is a Windows app (available in Windows 10, version 1803 or later) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft. DDV groups the information into simple categories based on how it is used by Microsoft. The [DDV Overview](diagnostic-data-viewer-overview.md) provides information on how users can get started on using this tool.
+
+An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
+
+
+## 2. Windows 10 data collection management
+
+Windows 10 provides the ability to manage privacy settings through several different methods. Users can change their privacy settings using the Windows 10 settings (**Start** > **Settings** > **Privacy**). The organization can also manage the privacy settings using group policy or mobile device management (MDM). The following sections provide an overview on how to manage the privacy settings previously discussed in this article.
+
+### 2.1 Privacy setting options for users
+
+Once a Windows 10 device is set up, a user can manage data collection settings by going to **Start** > **Settings** > **Privacy**. IT administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says ‘Some settings are hidden or managed by your organization’ when they navigate to **Start** > **Settings** > **Privacy**. Meaning the user can only change settings in accordance with the policies that the administrator has applied to the device.
+
+### 2.2 Privacy setting controls for administrators
+
+The IT department can configure and control privacy settings across their organization by using Group Policy, registry, or Mobile Device Management (MDM) settings.
+
+The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these via policy. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting via policy and suppress the Out-of-box Experience (OOBE) during device setup. For an IT administrator interested in minimizing data, we also provide the recommended value to set.
+
+> [!NOTE]
+> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+
+| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
+|---|---|---|---|
+| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
                          **Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

                          MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
+| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
                          **Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

                          MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off |
+| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
                          **Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

                          MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
                          **Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

                          MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
                          Basic (Windows 10, version 1903 and later)

                          Server SKUs:
                          Enhanced | Security and block endpoints | 
+| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:
                          **Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

                          MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
+| Tailored Experiences | Group Policy:
                          **User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

                          MDM: Link TBD | Off | Off | 
+| Advertising ID | Group Policy:
                          **Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

                          MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
+| Activity History/Timeline – Cloud Sync | Group Policy:
                          **Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

                          MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | 
+| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#2-cortana-and-search) | Group Policy:
                          **Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

                          MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | 
+
+### 2.3 Guidance for configuration options
+
+This section provides general details and links to more detailed information as well as instructions for IT administrators and compliance professional. These instructions allow IT admins and compliance pros to manage the device compliance. This information includes details about setting up a device, to configuring the device’s settings after setup is completed to minimize data collected and drive privacy related user experiences.
+
+#### 2.3.1 Managing the device setup experience
+
+Windows deployment can be configured using several different methods, which provide an administrator with options to control: how a device is set up, what’s enabled by default, and what the user is able to change on the system after they log on.
+
+The [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment/) section of the Windows IT Pro Center provides an overview of the different options.
+
+#### 2.3.2 Managing connections from Windows components to Microsoft services
+
+IT administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by these Windows components.
+
+See [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) for more details, including the different methods available on how to configure each setting, the impact to functionality and which versions of Windows that are applicable.
+
+#### 2.3.3 Managing Windows 10 connections
+
+Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints as an additional measure of ensuring privacy compliance within their organization.
+
+[Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) provides a list of endpoints for the latest Windows 10 release, along with the functionality that would be impacted. Details for additional Windows versions can be found on the [Windows Privacy site](https://docs.microsoft.com/windows/privacy/) under the “Manage Windows 10 connection endpoints” section of the left-hand navigation menu.
+
+#### 2.3.4 Limited functionality baseline
+
+An organization may want to further minimize the amount of data shared with Microsoft or apps by managing the connections and configuring additional settings on their devices. Similar to [Security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), we have a limited functionality baseline-focused configuring settings to minimize the data shared, however this comes with some potential impact to functionality on the device. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators who don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
+
+#### 2.3.5 Diagnostic data: Managing notifications for change of level at logon
+
+Windows 10, version 1803, and later provides users with a notification during sign in about changes to the diagnostic data level on the device so they are aware of any changes where additional data may be collected. For instance, if the diagnostic level on the device is set to Basic and an administrator changes it to Full, users will be notified when they next sign in. The IT administrator can disable these notifications by setting Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`.
+
+#### 2.3.6 Diagnostic data: Managing end user choice for changing the setting
+
+Windows 10, version 1803 and later, allows users to change their diagnostic data level to a lower setting than what their IT administrator has set. For instance, if the administrator has set the diagnostic data level to Enhanced or Full, a user can change the setting to Basic by going into **Settings** > **Privacy** > **Diagnostic & feedback**. The administrator can disable the user ability to change the setting via **Setting** > **Privacy** by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`.
+
+#### 2.3.7 Diagnostic data: Managing device-based data delete
+
+Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script.
+
+An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`.
+
+
+## 3. The process for exercising data subject rights
+
+This section discusses the different methods Microsoft provides for users and IT administrators to exercise data subject rights for data collected from a Windows 10 device.
+
+### 3.1 Delete
+
+Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. Administrators can also use the [Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script.
+
+### 3.2 View
+
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
+
+### 3.3 Export
+
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
+
+### 3.4 Devices connected to a Microsoft account
+
+If a user signs in to a Windows experience or app on their device with their Microsoft account (MSA), they can view, delete, and export data associated with their MSA on the [Privacy dashboard](https://account.microsoft.com/privacy).
+
+
+## 4. Cross-border data transfers
+
+Microsoft complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States.
+
+Microsoft’s [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) provides details on how we store and process personal data.
+
+
+## 5. Related Windows product considerations
+
+The following sections provide details about how privacy data is collected and managed across related Windows products.
+
+### 5.1 Windows Server 2016 and 2019
+
+Windows Server follows the same mechanisms as Windows 10 for handling of personal data. There are some differences regarding [diagnostic default settings for Windows Server](https://microsoft-my.sharepoint.com/personal/v-colinm_microsoft_com/Documents/WINDOWS%20PRIVACY/Windows%20diagnostic%20data%20and%20Windows%20Server).
+
+### 5.2 Surface Hub
+
+Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to an individual user. For removing Windows diagnostic data sent to Microsoft for a Surface Hub, Microsoft created the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store.
+
+For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](gdpr-it-guidance.md#windows-10-team-edition-version-1703-for-surface-hub).
+
+### 5.3 Windows 10 Analytics
+
+[Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-overview) is a set of solutions for Azure Portal that provide you with extensive data about the state of devices in your deployment. There are currently three solutions which you can use singly or in any combination: Device Health, Update Compliance, and Upgrade Readiness. Windows Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function.
+
+For more details, see the [Windows Analytics overview page](https://docs.microsoft.com/windows/deployment/update/windows-analytics-overview).
+
+
+## Additional Resources
+
+* [Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trustcenter/privacy/gdpr/gdpr-overview)
+* [Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/TrustCenter/Privacy/privacy-overview)
+* [Windows IT Pro Docs](https://docs.microsoft.com/windows/#pivot=it-pro)
+
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index de1f934651..d398441cbc 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/28/2017
+ms.reviewer: 
 ---
 
 # Windows 10 diagnostic data for the Full diagnostic data level
@@ -32,7 +33,7 @@ The data covered in this article is grouped into the following categories:
 -   Browsing History data
 -   Inking, Typing, and Speech Utterance data
 
-> [!NOTE]  
+> [!NOTE]
 > The majority of diagnostic data falls into the first four categories.
 
 ## Common data
@@ -106,4 +107,4 @@ This type of data gathers details about the voice, inking, and typing input feat
 
 | Category Name | Description and Examples |
 | - | - |
-| Voice, inking, and typing | Information about voice, inking and typing features such as:
                          • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
                          • Pen gestures (click, double click, pan, zoom, rotate)
                          • Palm Touch x,y coordinates
                          • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
                          • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                          • Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                          • Text of speech recognition results -- result codes and recognized text
                          • Language and model of the recognizer, System Speech language
                          • App ID using speech features
                          • Whether user is known to be a child
                          • Confidence and Success/Failure of speech recognition
                           |
\ No newline at end of file
+| Voice, inking, and typing | Information about voice, inking and typing features such as:
                          • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
                          • Pen gestures (click, double click, pan, zoom, rotate)
                          • Palm Touch x,y coordinates
                          • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
                          • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                          • Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                          • Text of speech recognition results -- result codes and recognized text
                          • Language and model of the recognizer, System Speech language
                          • App ID using speech features
                          • Whether user is known to be a child
                          • Confidence and Success/Failure of speech recognition
                           |
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index dcf4d2be83..a8f66dc068 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -7,22 +7,24 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 03/13/2018
+ms.date: 04/15/2019
+ms.reviewer: 
 ---
 
 # Windows 10, version 1709 and newer diagnostic data for the Full level
 
 Applies to:
+- Windows 10, version 1903
 - Windows 10, version 1809
 - Windows 10, version 1803
 - Windows 10, version 1709
 
-Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1809 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
+Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1903 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
 
 In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
 
@@ -508,4 +510,4 @@ Here are the list of data identification qualifiers and the ISO/IEC 19944:2017 r
 
 - **Pseudonymized Data** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
 - **Anonymized Data** 8.3.5 Anonymized data. Microsoft usage notes are as defined.
-- **Aggregated Data** 8.3.6 Aggregated data. Microsoft usage notes are as defined.
\ No newline at end of file
+- **Aggregated Data** 8.3.6 Aggregated data. Microsoft usage notes are as defined.
diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
index 58b39b8a65..f9dbed1a8c 100644
--- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Windows 10, version 1709, connection endpoints for non-Enterprise editions
 
@@ -64,7 +65,7 @@ We used the following methodology to derive these network endpoints:
 | candycrushsoda.king.com | TLSv1.2 | Used for Candy Crush Saga updates. |
 | cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
 | cdn.onenote.net | HTTP | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | config.edge.skype.com | HTTP | Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
@@ -156,7 +157,7 @@ We used the following methodology to derive these network endpoints:
 | candycrushsoda.king.com | HTTPS | Used for Candy Crush Saga updates. |
 | cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
 | cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cs12.wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
@@ -166,7 +167,7 @@ We used the following methodology to derive these network endpoints:
 | definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
 | displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
 | download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
@@ -254,7 +255,7 @@ We used the following methodology to derive these network endpoints:
 | cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
 | dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
 | download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
 | fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
@@ -291,4 +292,4 @@ We used the following methodology to derive these network endpoints:
 | wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
 
 | wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
-| www.bing.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
\ No newline at end of file
+| www.bing.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
index 833236d614..7b3c0d3958 100644
--- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Windows 10, version 1803, connection endpoints for non-Enterprise editions
 
@@ -46,7 +47,7 @@ We used the following methodology to derive these network endpoints:
 | *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ | HTTP | Enables connections to Windows Update. |
 | arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | arc.msn.com/v3/Delivery/Placement	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| client-office365-tas.msedge.net*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | config.edge.skype.com/config/*	| HTTPS |	Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com/msdownload/update* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
@@ -128,7 +129,7 @@ We used the following methodology to derive these network endpoints:
 | *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
 | au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | cloudtile.photos.microsoft.com.akadns.net	| HTTPS |	Photos App in MS Store 
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
 | ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
index b6be3b5acd..fc7a408f5a 100644
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@@ -7,12 +7,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 6/26/2018
+ms.reviewer: 
 ---
 # Windows 10, version 1809, connection endpoints for non-Enterprise editions
 
@@ -64,7 +65,7 @@ We used the following methodology to derive these network endpoints:
 |\*wns.windows.com\*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
 |\*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
 |auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
-|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
+|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 |fe2.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
 |fe3.\*.mp.microsoft.com.\* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
 |fs.microsoft.com	| |	Font Streaming (in ENT traffic)
@@ -98,7 +99,7 @@ We used the following methodology to derive these network endpoints:
 | *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
 | *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
 | *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
+| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. |
 | *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
 | arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
@@ -132,7 +133,7 @@ We used the following methodology to derive these network endpoints:
 | *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
 | au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
 | ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
new file mode 100644
index 0000000000..a4b71349d5
--- /dev/null
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -0,0 +1,274 @@
+---
+title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: mikeedgar
+ms.author: v-medgar
+manager: sanashar
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 5/9/2019
+---
+# Windows 10, version 1903, connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 10 Home, version 1903
+- Windows 10 Professional, version 1903
+- Windows 10 Education, version 1903
+
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903.
+
+The following methodology was used to derive the network endpoints:
+
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+2.	Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+4.	Compile reports on traffic going to public IP addresses.
+5.  The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6.  All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
+7.  These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
+8.  These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 Family
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.aria.microsoft.com*|HTTPS|Microsoft Office Telemetry
+|\*.b.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.c-msedge.net|HTTP|Microsoft Office 
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+|\*.download.windowsupdate.com*|HTTP|Used to download operating system patches and updates
+|\*.g.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.login.msa.*.net|HTTPS|Microsoft Account related
+|\*.msn.com*|TLSv1.2/HTTPS|Windows Spotlight 
+|\*.skype.com|HTTP/HTTPS|Skype 
+|\*.smartscreen.microsoft.com*|HTTPS|Windows Defender Smartscreen 
+|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|*cdn.onenote.net*|HTTP|OneNote 
+|*displaycatalog.*mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store 
+|*emdl.ws.microsoft.com*|HTTP|Windows Update 
+|*geo-prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update 
+|*hwcdn.net*|HTTP|Highwinds Content Delivery Network / Windows updates 
+|*img-prod-cms-rt-microsoft-com*|HTTPS|Microsoft Store or Inbox MSN Apps image download 
+|*licensing.*mp.microsoft.com*|HTTPS|Licensing 
+|*maps.windows.com*|HTTPS|Related to Maps application 
+|*msedge.net*|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
+|*nexusrules.officeapps.live.com*|HTTPS|Microsoft Office Telemetry
+|*photos.microsoft.com*|HTTPS|Photos App 
+|*prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for Windows Update downloads of apps and OS updates 
+|*purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store 
+|*settings.data.microsoft.com.akadns.net|HTTPS|Used for Windows apps to dynamically update their configuration
+|*wac.phicdn.net*|HTTP|Windows Update 
+|*windowsupdate.com*|HTTP|Windows Update 
+|*wns.*windows.com*|TLSv1.2/HTTPS|Used for the Windows Push Notification Services (WNS)
+|*wpc.v0cdn.net*|HTTP|Windows Telemetry 
+|arc.msn.com|HTTPS|Spotlight  
+|auth.gfx.ms*|HTTPS|MSA related
+|cdn.onenote.net|HTTPS|OneNote Live Tile
+|dmd.metaservices.microsoft.com*|HTTP|Device Authentication 
+|e-0009.e-msedge.net|HTTPS|Microsoft Office 
+|e10198.b.akamaiedge.net|HTTPS|Maps application 
+|evoke-windowsservices-tas.msedge*|HTTPS|Photos app 
+|fe2.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
+|fe3.*.mp.microsoft.com.*|TLSv1.2/HTTPS|Windows Update, Microsoft Update, and Microsoft Store services 
+|g.live.com*|HTTPS|OneDrive 
+|go.microsoft.com|HTTP|Windows Defender
+|iriscoremetadataprod.blob.core.windows.net|HTTPS|Windows Telemetry
+|login.live.com|HTTPS|Device Authentication  
+|msagfx.live.com|HTTP|OneDrive 
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|officeclient.microsoft.com|HTTPS|Microsoft Office 
+|oneclient.sfx.ms*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office
+|ow1.res.office365.com|HTTP|Microsoft Office
+|pti.store.microsoft.com|HTTPS|Microsoft Store
+|purchase.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+|query.prod.cms.rt.microsoft.com*|HTTPS|Used to retrieve Windows Spotlight metadata
+|ris.api.iris.microsoft.com*|TLSv1.2/HTTPS|Used to retrieve Windows Spotlight metadata
+|ris-prod-atm.trafficmanager.net|HTTPS|Azure traffic manager
+|s-0001.s-msedge.net|HTTPS|Microsoft Office
+|self.events.data.microsoft.com|HTTPS|Microsoft Office
+|settings.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+|settings-win.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+|share.microsoft.com|HTTPS|Microsoft Store
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Store
+|sls.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update
+|slscr.update.microsoft.com*|HTTPS|Enables connections to Windows Update
+|store*.dsx.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store
+|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+|store-images.*microsoft.com*|HTTP|Used to get images that are used for Microsoft Store suggestions
+|storesdk.dsx.mp.microsoft.com|HTTP|Microsoft Store
+|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+|time.windows.com|HTTP|Microsoft Windows Time related
+|tsfe.trafficshaping.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for content regulation
+|v10.events.data.microsoft.com|HTTPS|Diagnostic Data
+|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
+|wdcp.microsoft.*|TLSv1.2, HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
+|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com|HTTPS|Windows Defender 
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office
+|www.bing.com*|HTTP|Used for updates for Cortana, apps, and Live Tiles
+|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
+|www.office.com|HTTPS|Microsoft Office
+
+
+## Windows 10 Pro
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.cloudapp.azure.com|HTTPS|Azure 
+|\*.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, and Microsoft Store services 
+|\*.displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store 
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.g.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
+|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.windowsupdate.com*|HTTP|Enables connections to Windows Update
+|\*.wns.notify.windows.com.akadns.net|HTTPS|Used for the Windows Push Notification Services (WNS)
+|\*dsp.mp.microsoft.com.nsatc.net|HTTPS|Enables connections to Windows Update
+|\*c-msedge.net|HTTP|Office
+|a1158.g.akamai.net|HTTP|Maps application 
+|arc.msn.com*|HTTP / HTTPS|Used to retrieve Windows Spotlight metadata
+|blob.mwh01prdstr06a.store.core.windows.net|HTTPS|Microsoft Store 
+|browser.pipe.aria.microsoft.com|HTTPS|Microsoft Office 
+|bubblewitch3mobile.king.com|HTTPS|Bubble Witch application 
+|candycrush.king.com|HTTPS|Candy Crush application 
+|cdn.onenote.net|HTTP|Microsoft OneNote 
+|cds.p9u4n2q3.hwcdn.net|HTTP|Highwinds Content Delivery Network traffic for Windows updates
+|client.wns.windows.com|HTTPS|Winddows Notification System 
+|co4.telecommand.telemetry.microsoft.com.akadns.net|HTTPS|Windows Error Reporting 
+|config.edge.skype.com|HTTPS|Microsoft Skype 
+|cs11.wpc.v0cdn.net|HTTP|Windows Telemetry 
+|cs9.wac.phicdn.net|HTTP|Windows Update 
+|cy2.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|cy2.purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|cy2.settings.data.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|dmd.metaservices.microsoft.com.akadns.net|HTTP|Device Authentication 
+|e-0009.e-msedge.net|HTTPS|Microsoft Office 
+|e10198.b.akamaiedge.net|HTTPS|Maps application 
+|fe3.update.microsoft.com|HTTPS|Windows Update 
+|g.live.com|HTTPS|Microsoft OneDrive 
+|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|geo-prod.do.dsp.mp.microsoft.com|HTTPS|Windows Update 
+|go.microsoft.com|HTTP|Windows Defender 
+|iecvlist.microsoft.com|HTTPS|Microsoft Edge 
+|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP / HTTPS|Microsoft Store 
+|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
+|licensing.mp.microsoft.com|HTTP|Licensing 
+|location-inference-westus.cloudapp.net|HTTPS|Used for location data
+|login.live.com|HTTP|Device Authentication 
+|maps.windows.com|HTTP|Maps application 
+|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
+|msagfx.live.com|HTTP|OneDrive 
+|nav.smartscreen.microsoft.com|HTTPS|Windows Defender 
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|oneclient.sfx.ms|HTTP|OneDrive 
+|pti.store.microsoft.com|HTTPS|Microsoft Store 
+|ris.api.iris.microsoft.com.akadns.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|ris-prod-atm.trafficmanager.net|HTTPS|Azure 
+|s2s.config.skype.com|HTTP|Microsoft Skype 
+|settings-win.data.microsoft.com|HTTPS|Application settings 
+|share.microsoft.com|HTTPS|Microsoft Store 
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Skype 
+|slscr.update.microsoft.com|HTTPS|Windows Update 
+|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store 
+|store-images.microsoft.com|HTTPS|Microsoft Store 
+|tile-service.weather.microsoft.com/*|HTTP|Used to download updates to the Weather app Live Tile
+|time.windows.com|HTTP|Windows time 
+|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation
+|v10.events.data.microsoft.com*|HTTPS|Microsoft Office 
+|vip5.afdorigin-prod-am02.afdogw.com|HTTPS|Used to serve office 365 experimentation traffic
+|watson.telemetry.microsoft.com|HTTPS|Telemetry 
+|wdcp.microsoft.com|HTTPS|Windows Defender 
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office 
+|www.bing.com|HTTPS|Cortana and Search 
+|www.microsoft.com|HTTP|Diagnostic 
+|www.msftconnecttest.com|HTTP|Network connection 
+|www.office.com|HTTPS|Microsoft Office
+
+
+
+## Windows 10 Education
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.b.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
+|\*.c-msedge.net|HTTP|Used by OfficeHub to get the metadata of Office apps
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Windows Update
+|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.g.akamaiedge.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*.settings.data.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*.skype.com*|HTTPS|Used to retrieve Skype configuration values 
+|\*.smartscreen*.microsoft.com|HTTPS|Windows Defender 
+|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|\*.wac.phicdn.net|HTTP|Windows Update 
+|\*.windowsupdate.com*|HTTP|Windows Update
+|\*.wns.windows.com|HTTPS|Windows Notifications Service 
+|\*.wpc.*.net|HTTP|Diagnostic Data
+|\*displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*dsp.mp.microsoft.com|HTTPS|Windows Update
+|a1158.g.akamai.net|HTTP|Maps 
+|a122.dscg3.akamai.net|HTTP|Maps 
+|a767.dscg3.akamai.net|HTTP|Maps 
+|au.download.windowsupdate.com*|HTTP|Windows Update
+|bing.com/*|HTTPS|Used for updates for Cortana, apps, and Live Tiles
+|blob.dz5prdstr01a.store.core.windows.net|HTTPS|Microsoft Store 
+|browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps
+|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
+|cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates
+|client-office365-tas.msedge.net/*|HTTPS|Office 365 porta and Office Online
+|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
+|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
+|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
+|download.windowsupdate.com*|HTTPS|Windows Update
+|emdl.ws.microsoft.com/*|HTTP|Used to download apps from the Microsoft Store
+|evoke-windowsservices-tas.msedge.net|HTTPS|Photo app 
+|fe2.update.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
+|fe3.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
+|fe3.delivery.mp.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
+|g.live.com*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|go.microsoft.com|HTTP|Windows Defender 
+|iecvlist.microsoft.com|HTTPS|Microsoft Edge browser 
+|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
+|licensing.mp.microsoft.com*|HTTPS|Used for online activation and some app licensing
+|login.live.com|HTTPS|Device Authentication
+|maps.windows.com/windows-app-web-link|HTTPS|Maps application
+|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
+|msagfx.live.com|HTTPS|OneDrive 
+|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Office 365 portal's shared infrastructure
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office 
+|pti.store.microsoft.com|HTTPS|Microsoft Store 
+|settings-win.data.microsoft.com/settings/*|HTTPS|Used as a way for apps to dynamically update their configuration 
+|share.microsoft.com|HTTPS|Microsoft Store 
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Skype 
+|sls.update.microsoft.com*|HTTPS|Windows Update
+|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Windows Update 
+|v10.events.data.microsoft.com*|HTTPS|Diagnostic Data
+|vip5.afdorigin-prod-ch02.afdogw.com|HTTPS|Used to serve Office 365 experimentation traffic
+|watson.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|wdcp.microsoft.com|HTTPS|Windows Defender 
+|wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com|HTTPS|Azure 
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office 
+|www.bing.com|HTTPS|Cortana and Search 
+|www.microsoft.com|HTTP|Diagnostic Data
+|www.microsoft.com/pkiops/certs/*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|www.msftconnecttest.com|HTTP|Network Connection 
+|www.office.com|HTTPS|Microsoft Office
+
diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md
index bb0d5fa4f5..a5005057fc 100644
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dansimp
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 05/11/2018
+ms.reviewer: 
 ---
 # Windows 10 personal data services configuration
 
diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md
index 188c87f7a3..735c4e5527 100644
--- a/windows/release-information/TOC.md
+++ b/windows/release-information/TOC.md
@@ -1,23 +1,36 @@
 # [Windows 10 release information](index.md)
 ## [Message center](windows-message-center.yml)
-## [Version 1809 and Windows Server 2019](status-windows-10-1809-and-windows-server-2019.yml)
+## Version 1903
+### [Known issues and notifications](status-windows-10-1903.yml)
+### [Resolved issues](resolved-issues-windows-10-1903.yml)
+## Version 1809 and Windows Server 2019
+### [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
 ### [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
-## [Version 1803](status-windows-10-1803.yml)
+## Version 1803
+### [Known issues and notifications](status-windows-10-1803.yml)
 ### [Resolved issues](resolved-issues-windows-10-1803.yml)
-## [Version 1709](status-windows-10-1709.yml)
+## Version 1709
+### [Known issues and notifications](status-windows-10-1709.yml)
 ### [Resolved issues](resolved-issues-windows-10-1709.yml)
-## [Version 1703](status-windows-10-1703.yml)
+## Version 1703
+### [Known issues and notifications](status-windows-10-1703.yml)
 ### [Resolved issues](resolved-issues-windows-10-1703.yml)
-## [Version 1607 and Windows Server 2016](status-windows-10-1607-and-windows-server-2016.yml)
+## Version 1607 and Windows Server 2016
+### [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
 ### [Resolved issues](resolved-issues-windows-10-1607.yml)
-## [Version 1507](status-windows-10-1507.yml)
+## Version 1507
+### [Known issues and notifications](status-windows-10-1507.yml)
 ### [Resolved issues](resolved-issues-windows-10-1507.yml)
 ## Previous versions
-### [Windows 8.1 and Windows Server 2012 R2](status-windows-8.1-and-windows-server-2012-r2.yml)
+### Windows 8.1 and Windows Server 2012 R2
+#### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
 ####[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
-### [Windows Server 2012](status-windows-server-2012.yml)
+### Windows Server 2012
+#### [Known issues and notifications](status-windows-server-2012.yml)
 ####[Resolved issues](resolved-issues-windows-server-2012.yml)
-### [Windows 7 and Windows Server 2008 R2](status-windows-7-and-windows-server-2008-r2-sp1.yml)
+### Windows 7 and Windows Server 2008 R2
+#### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
 ####[Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
-### [Windows Server 2008 SP2](status-windows-server-2008-sp2.yml)
+### Windows Server 2008 SP2
+#### [Known issues and notifications](status-windows-server-2008-sp2.yml)
 ####[Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
\ No newline at end of file
diff --git a/windows/release-information/index.md b/windows/release-information/index.md
index 2aa38be1de..c80e214ec1 100644
--- a/windows/release-information/index.md
+++ b/windows/release-information/index.md
@@ -13,12 +13,14 @@ ms.localizationpriority: high
 ---
 # Windows 10 release information
 
-Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel and will be serviced with monthly quality updates for 18 months from the date of the release.
 
-Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
+We recommend that you begin deployment of each Semi-Annual Channel release immediately as a targeted deployment to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+
+Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions are serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
 
 >[!NOTE]
->If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
+>Beginning with Windows 10, version 1903, this page will no longer list Semi-Annual Channel (Targeted) information for version 1903 and future feature updates. Instead, you will find a single entry for each Semi-Annual Channel release. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
 
 
 
                          
diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml
index 380ff97270..1c510dd2e2 100644
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@@ -32,6 +32,7 @@ sections:
   - type: markdown
     text: "
       
+      
@@ -41,8 +42,6 @@ sections:
       
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 10240.18215

                          May 14, 2019
                          KB4499154                          		Resolved
                          KB4505051                          		May 19, 2019 
                          02:00 PM PT
                          
       
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). 

                          See details >                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 10240.18158

                          March 12, 2019
                          KB4489872                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 10240.18132

                          February 12, 2019
                          KB4487018                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          Internet Explorer may fail to load images
                          Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

                          See details >                          		OS Build 10240.18132

                          February 12, 2019
                          KB4487018                          		Resolved
                          KB4491101                          		February 21, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Resolved
                          KB4487018                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Resolved
                          KB4487018                          		February 12, 2019 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 10240.18005

                          October 09, 2018
                          KB4462922                          		Resolved
                          KB4471323                          		December 11, 2018 
                          10:00 AM PT
                          Guest VMs running Unicast NLB fail to respond after restart
                          All guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart.

                          See details >                          		OS Build 10240.17976

                          September 11, 2018
                          KB4457132                          		Resolved
                          KB4462922                          		October 09, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -53,6 +52,15 @@ sections:
         
                          
         
                           
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505051) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505051 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505051, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 10240.18215

                          May 14, 2019
                          KB4499154                          		Resolved
                          KB4505051                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
@@ -85,21 +93,3 @@ sections:
       
                          Unable to access hotspots with third-party applications
                          After installing KB4480962, third-party applications may have difficulty authenticating hotspots.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue is resolved in KB4487018.

                          Back to topOS Build 10240.18094

                          January 08, 2019
                          KB4480962Resolved
                          KB4487018Resolved:
                          February 12, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
       
       "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462922, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471323.

                          Back to top                          		OS Build 10240.18005

                          October 09, 2018
                          KB4462922                          		Resolved
                          KB4471323                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: September 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Guest VMs running Unicast NLB fail to respond after restart
                          All guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4462922.

                          Back to top                          		OS Build 10240.17976

                          September 11, 2018
                          KB4457132                          		Resolved
                          KB4462922                          		Resolved:
                          October 09, 2018 
                          10:00 AM PT

                          Opened:
                          September 11, 2018 
                          10:00 AM PT
                          
-      "
diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml
index 72407b6ba9..a6ec153084 100644
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@@ -32,6 +32,12 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
+      
@@ -46,10 +52,6 @@ sections:
       
-      
-      
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 14393.2999

                          May 23, 2019
                          KB4499177                          		Resolved
                          KB4503267                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4503267                          		June 11, 2019 
                          10:00 AM PT
                          Update not showing as applicable through WSUS or SCCM or when manually installed
                          Update not showing as applicable through WSUS or SCCM or when manually installed

                          See details >                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4498947                          		May 14, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4505052                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4493473                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 14393.2879

                          March 19, 2019
                          KB4489889                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          Instant search in Microsoft Outlook fails on Windows Server 2016
                          Instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\" on Windows Server 2016.

                          See details >                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Resolved
                          KB4487026                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          Instantiation of SqlConnection can throw an exception after certain updates have been installed.

                          See details >                          		OS Build 14393.2457

                          August 30, 2018
                          KB4343884                          		Resolved
                          KB4480977                          		January 17, 2019 
                          02:00 PM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4480977                          		January 17, 2019 
                          02:00 PM PT
                          System becomes unresponsive when end-user-defined characters (EUDC)  are used
                          When features related to end-user-defined characters (EUDC) are used, the entire system may become unresponsive.

                          See details >                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Resolved
                          KB4471321                          		December 11, 2018 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 14393.2551

                          October 09, 2018
                          KB4462917                          		Resolved
                          KB4471321                          		December 11, 2018 
                          10:00 AM PT
                          Issues with install and activation of Key Management Service (KMS) (CSVLK) host keys
                          Installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected.

                          See details >                          		OS Build 14393.2457

                          August 30, 2018
                          KB4343884                          		Resolved
                          KB4467684                          		November 27, 2018 
                          10:00 AM PT
                          Promotions that create non-root domains fail with optional features enabled
                          Windows Server 2016 promotions that create non-root domains fail in forests in which optional features like Active Directory recycle have been enabled.

                          See details >                          		OS Build 14393.2515

                          September 20, 2018
                          KB4457127                          		Resolved
                          KB4467684                          		November 27, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -60,11 +62,41 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503267.

                          Back to top                          		OS Build 14393.2999

                          May 23, 2019
                          KB4499177                          		Resolved
                          KB4503267                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Update not showing as applicable through WSUS or SCCM or when manually installed
                          KB4494440 or later updates may not show as applicable through WSUS or SCCM to the affected platforms.  When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\"


                          Affected platforms:
                          • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2016

                          Resolution: The servicing stack update (SSU) (KB4498947) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.

                          Back to top                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4498947                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 24, 2019 
                          04:20 PM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505052) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505052 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505052, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4505052                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4494440.

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       
+      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503267.

                          Back to top                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4503267                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          After installing KB4489882, Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493473

                          Back to top                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4493473                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493470.

                          Back to top                          		OS Build 14393.2879

                          March 19, 2019
                          KB4489889                          		Resolved
                          KB4493470                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          
       
                          
@@ -102,25 +134,6 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Instant search in Microsoft Outlook fails on Windows Server 2016
                          After installing KB4467684 on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\".

                          Affected platforms:
                          • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server 2016
                          Resolution: This issue is resolved in KB4487026.

                          Back to top                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Resolved
                          KB4487026                          		Resolved:
                          February 12, 2019 
                          10:00 AM PT

                          Opened:
                          November 27, 2018 
                          10:00 AM PT
                          System becomes unresponsive when end-user-defined characters (EUDC)  are used
                          When features related to end-user-defined characters (EUDC) are used, the entire system may become unresponsive. 

                          Affected platforms:
                          • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server 2016
                          Resolution: This issue is resolved in KB4471321

                          Back to top                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Resolved
                          KB4471321                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          November 27, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462917, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471321.

                          Back to top                          		OS Build 14393.2551

                          October 09, 2018
                          KB4462917                          		Resolved
                          KB4471321                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: September 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
                          DetailsOriginating updateStatusHistory
                          Promotions that create non-root domains fail with optional features enabled
                          After installing KB4457127, Windows Server 2016 promotions that create non-root domains fail in forests in which optional features like Active Directory recycle have been enabled. The error is, “The replication operation encountered a database error.”

                          Affected platforms:
                          • Server: Windows Server 2016
                          Resolution: This issue is resolved in KB4467684.

                          Back to top                          		OS Build 14393.2515

                          September 20, 2018
                          KB4457127                          		Resolved
                          KB4467684                          		Resolved:
                          November 27, 2018 
                          10:00 AM PT

                          Opened:
                          September 20, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -130,6 +143,5 @@ sections:
     text: "
       
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

                          For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809, SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue is resolved in KB4480977.

                          Back to top                          		OS Build 14393.2457

                          August 30, 2018
                          KB4343884                          		Resolved
                          KB4480977                          		Resolved:
                          January 17, 2019 
                          02:00 PM PT

                          Opened:
                          August 30, 2018 
                          05:00 PM PT
                          Issues with install and activation of Key Management Service (KMS) (CSVLK) host keys
                          After installing KB4343884, installation and client activation of Windows Server 2019 and Windows 10 Enterprise 2019 LTSC Key Management Service (KMS) CSVLK host keys do not work as expected.

                          Affected platforms:
                          • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server 2016
                          Resolution: This issue is resolved in KB4467684.

                          Back to top                          		OS Build 14393.2457

                          August 30, 2018
                          KB4343884                          		Resolved
                          KB4467684                          		Resolved:
                          November 27, 2018 
                          10:00 AM PT

                          Opened:
                          August 30, 2018 
                          05:00 PM PT
                          
       
                          
       "
diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml
index a32bfe383c..3ab3f15bbf 100644
--- a/windows/release-information/resolved-issues-windows-10-1703.yml
+++ b/windows/release-information/resolved-issues-windows-10-1703.yml
@@ -32,6 +32,9 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
@@ -39,14 +42,11 @@ sections:
       
-      
+      
-      
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 15063.1839

                          May 28, 2019
                          KB4499162                          		Resolved
                          KB4503279                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 15063.1805

                          May 14, 2019
                          KB4499181                          		Resolved
                          KB4505055                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 15063.1784

                          April 25, 2019
                          KB4493436                          		Resolved
                          KB4499181                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 15063.1689

                          March 12, 2019
                          KB4489871                          		Resolved
                          KB4493436                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 15063.1716

                          March 19, 2019
                          KB4489888                          		Resolved
                          KB4493474                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4493474                          		April 09, 2019 
                          10:00 AM PT
                          Error 1309 when installing/uninstalling MSI or MSP files
                          Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

                          See details >                          		OS Build 15063.1659

                          February 19, 2019
                          KB4487011                          		Resolved
                          KB4489871                          		March 12, 2019 
                          10:00 AM PT
                          
       
                          First character of the Japanese era name not recognized as an abbreviation
                          The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          See details >                          		OS Build 15063.1596

                          January 15, 2019
                          KB4480959                          		Resolved
                          KB4487011                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Internet Explorer may fail to load images
                          Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

                          See details >                          		OS Build 15063.1631

                          February 12, 2019
                          KB4487020                          		Resolved
                          KB4487011                          		February 19, 2019 
                          02:00 PM PT
                          Applications using Microsoft Jet database and Access 95 file format stop working
                          Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

                          See details >                          		OS Build 15063.1631

                          February 12, 2019
                          KB4487020                          		Resolved
                          KB4487011                          		February 19, 2019 
                          10:00 AM PT
                          Applications using Microsoft Jet database and Access 95 file format stop working
                          Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

                          See details >                          		OS Build 15063.1631

                          February 12, 2019
                          KB4487020                          		Resolved
                          KB4487011                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4487020                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Webpages become unresponsive in Microsoft Edge
                          Microsoft Edge users report difficulty browsing and loading webpages.

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4487020                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          Instantiation of SqlConnection can throw an exception after certain updates have been installed.

                          See details >                          		OS Build 15063.1292

                          August 30, 2018
                          KB4343889                          		Resolved
                          KB4480959                          		January 15, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4480959                          		January 15, 2019 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4471327                          		December 11, 2018 
                          10:00 AM PT
                          LongonUI.exe stops working intermittently
                          LongonUI.exe stops working intermittently.

                          See details >                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4467699                          		November 27, 2018 
                          10:00 AM PT
                          Error message beginning with “Hosted by…” when launching Microsoft Edge
                          Some users may encounter an error message beginning with “Hosted by…” when launching Microsoft Edge.

                          See details >                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4462939                          		October 18, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -57,6 +57,25 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503279.

                          Back to top                          		OS Build 15063.1839

                          May 28, 2019
                          KB4499162                          		Resolved
                          KB4503279                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505055) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505055 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505055, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 15063.1805

                          May 14, 2019
                          KB4499181                          		Resolved
                          KB4505055                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 15063.1784

                          April 25, 2019
                          KB4493436                          		Resolved
                          KB4499181                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
@@ -92,17 +111,6 @@ sections:
       
       "
 
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462937, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471327.

                          Back to top                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4471327                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          LongonUI.exe stops working intermittently
                          After installing KB4462937, LogonUI.exe stops working intermittently.

                          Affected platforms:
                          • Windows 10, version 1703
                          Resolution: This issue is resolved in KB4467699.

                          Back to top                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4467699                          		Resolved:
                          November 27, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          Error message beginning with “Hosted by…” when launching Microsoft Edge
                          After installing KB4462937, some users may see a dialog box with a non-applicable message beginning with the words “Hosted by...” when first starting Microsoft Edge.

                          This dialog will only appear once if they have turned on “Block only third-party cookies” in Microsoft Edge and applied certain language packs before installing this update.

                          Affected platforms:
                          • Client: Windows 10, version 1709; Windows 10, version 1703
                          • Server: Windows Server, version 1709
                          Resolution: This issue is resolved in KB4462939.

                          Back to top                          		OS Build 15063.1387

                          October 09, 2018
                          KB4462937                          		Resolved
                          KB4462939                          		Resolved:
                          October 18, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
-
 - title: August 2018
 - items:
   - type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
index 2893c090ed..2c1d600e65 100644
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@@ -32,6 +32,10 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
@@ -45,8 +49,6 @@ sections:
       
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 16299.1182

                          May 28, 2019
                          KB4499147                          		Resolved
                          KB4503284                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 16299.1143

                          May 14, 2019
                          KB4498946                          		Resolved
                          KB4505062                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 16299.1029

                          March 12, 2019
                          KB4489886                          		Resolved
                          KB4493440                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 16299.1059

                          March 19, 2019
                          KB4489890                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          MSXML6 causes applications to stop responding if an exception was thrown
                          MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          Webpages become unresponsive in Microsoft Edge
                          Microsoft Edge users report difficulty browsing and loading webpages.

                          See details >                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Resolved
                          KB4486996                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          Instantiation of SqlConnection can throw an exception after certain updates have been installed.

                          See details >                          		OS Build 16299.637

                          August 30, 2018
                          KB4343893                          		Resolved
                          KB4480967                          		January 15, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Resolved
                          KB4480967                          		January 15, 2019 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 16299.726

                          October 09, 2018
                          KB4462918                          		Resolved
                          KB4471329                          		December 11, 2018 
                          10:00 AM PT
                          Error message beginning with “Hosted by…” when launching Microsoft Edge
                          Some users may encounter an error message beginning with “Hosted by…” when launching Microsoft Edge.

                          See details >                          		OS Build 16299.726

                          October 09, 2018
                          KB4462918                          		Resolved
                          KB4462932                          		October 18, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -57,6 +59,34 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503284.

                          Back to top                          		OS Build 16299.1182

                          May 28, 2019
                          KB4499147                          		Resolved
                          KB4503284                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505062) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505062 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505062, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 16299.1143

                          May 14, 2019
                          KB4498946                          		Resolved
                          KB4505062                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4499179.

                          Back to top                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
@@ -93,16 +123,6 @@ sections:
       
       "
 
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462918, users may not be able to use the Seek Bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471329.

                          Back to top                          		OS Build 16299.726

                          October 09, 2018
                          KB4462918                          		Resolved
                          KB4471329                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          Error message beginning with “Hosted by…” when launching Microsoft Edge
                          After installing KB4462918, some users may see a dialog box with a non-applicable message beginning with the words “Hosted by...” when first starting Microsoft Edge.

                          This dialog will only appear once if they have turned on “Block only third-party cookies” in Microsoft Edge and applied certain language packs before installing this update.

                          Affected platforms:
                          • Client: Windows 10, version 1709; Windows 10, version 1703
                          • Server: Windows Server, version 1709
                          Resolution: This issue is resolved in KB4462932.

                          Back to top                          		OS Build 16299.726

                          October 09, 2018
                          KB4462918                          		Resolved
                          KB4462932                          		Resolved:
                          October 18, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
-
 - title: August 2018
 - items:
   - type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
index 8eaaa3f3c9..f30b599296 100644
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@@ -32,9 +32,14 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
-      
+      
@@ -45,13 +50,6 @@ sections:
       
-      
-      
-      
-      
-      
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 17134.799

                          May 21, 2019
                          KB4499183                          		Resolved
                          KB4503286                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4503286                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 17134.765

                          May 14, 2019
                          KB4499167                          		Resolved
                          KB4505064                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493437                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 17134.677

                          March 19, 2019
                          KB4489894                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          First character of the Japanese era name not recognized
                          The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          See details >                          		OS Build 17134.556

                          January 15, 2019
                          KB4480976                          		Resolved
                          KB4487029                          		April 09, 2019 
                          10:00 AM PT
                          First character of the Japanese era name not recognized
                          The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          See details >                          		OS Build 17134.556

                          January 15, 2019
                          KB4480976                          		Resolved
                          KB4487029                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Stop error when attempting to start SSH from WSL
                          A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 17134.590

                          February 12, 2019
                          KB4487017                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          Webpages become unresponsive in Microsoft Edge
                          Microsoft Edge users report difficulty browsing and loading webpages.

                          See details >                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Resolved
                          KB4487017                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          After you install the August Preview of Quality Rollup or the September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. 

                          See details >                          		OS Build 17134.285

                          September 11, 2018
                          KB4457128                          		Resolved
                          KB4480976                          		January 15, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Resolved
                          KB4480976                          		January 15, 2019 
                          10:00 AM PT
                          Blue or black screen with \"System thread exception not handled\" error
                          Some users may get a blue or black screen with the error code, “System thread exception not handled.”

                          See details >                          		OS Build 17134.441

                          November 27, 2018
                          KB4467682                          		Resolved
                          KB4471324                          		December 11, 2018 
                          10:00 AM PT
                          Custom Start menu layouts display incorrectly
                          Custom Start menu layouts may display incorrectly.

                          See details >                          		OS Build 17134.441

                          November 27, 2018
                          KB4467682                          		Resolved
                          KB4471324                          		December 11, 2018 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 17134.345

                          October 09, 2018
                          KB4462919                          		Resolved
                          KB4471324                          		December 11, 2018 
                          10:00 AM PT
                          Users cannot set Win32 program defaults
                          Some users cannot set Win32 program defaults for certain app and file type combinations.

                          See details >                          		OS Build 17134.320

                          September 26, 2018
                          KB4458469                          		Resolved
                          KB4467682                          		November 27, 2018 
                          10:00 AM PT
                          Developer Tools (F12) fail to start in Microsoft Edge
                          Developer Tools (F12) may fail to start in Microsoft Edge.

                          See details >                          		OS Build 17134.376

                          October 24, 2018
                          KB4462933                          		Resolved
                          KB4467702                          		November 13, 2018 
                          10:00 AM PT
                          Guest VMs running Unicast NLB fail to respond after restart
                          All guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart.

                          See details >                          		OS Build 17134.285

                          September 11, 2018
                          KB4457128                          		Resolved
                          KB4458469                          		September 26, 2018 
                          10:00 AM PT
                          Microsoft Intune takes a long time to deliver user profiles
                          Windows no longer recognizes the Personal Information exchange (PFX) certificate used for Wi-Fi or VPN authentication, causing delays in Microsoft Intune delivering user profiles.

                          See details >                          		OS Build 17134.191

                          July 24, 2018
                          KB4340917                          		Resolved
                          KB4464218                          		September 17, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -62,11 +60,40 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503286.

                          Back to top                          		OS Build 17134.799

                          May 21, 2019
                          KB4499183                          		Resolved
                          KB4503286                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505064) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505064 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505064, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 17134.765

                          May 14, 2019
                          KB4499167                          		Resolved
                          KB4505064                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4499167.

                          Back to top                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       
+      
@@ -106,42 +133,11 @@ sections:
       
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489868, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503286.

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4503286                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          After installing KB4489868, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493437

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493437                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493464

                          Back to top                          		OS Build 17134.677

                          March 19, 2019
                          KB4489894                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          
       
                          Stop error when attempting to start SSH from WSL
                          After applying KB4489868, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh -A) or a configuration setting.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1709
                          • Server: Windows Server, version 1803; Windows Server, version 1709
                          Resolution: This issue was resolved in KB4493464.

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       "
 
-- title: November 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Blue or black screen with \"System thread exception not handled\" error
                          After installing KB4467682, an optional update, some users may get a blue or black screen with the error code, \"System thread exception not handled.\"

                          Affected platforms:
                          • Client: Windows 10, version 1803
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4471324

                          Back to top                          		OS Build 17134.441

                          November 27, 2018
                          KB4467682                          		Resolved
                          KB4471324                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          November 27, 2018 
                          10:00 AM PT
                          Custom Start menu layouts display incorrectly
                          After installing KB4467682, custom Start menu layouts may display incorrectly. 

                          Affected platforms:
                          • Client: Windows 10, version 1803
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4471324

                          Back to top                          		OS Build 17134.441

                          November 27, 2018
                          KB4467682                          		Resolved
                          KB4471324                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          November 27, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462919, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471324

                          Back to top                          		OS Build 17134.345

                          October 09, 2018
                          KB4462919                          		Resolved
                          KB4471324                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          Developer Tools (F12) fail to start in Microsoft Edge
                          Developer Tools (F12) may fail to start in Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1803
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4467702

                          Back to top                          		OS Build 17134.376

                          October 24, 2018
                          KB4462933                          		Resolved
                          KB4467702                          		Resolved:
                          November 13, 2018 
                          10:00 AM PT

                          Opened:
                          October 24, 2018 
                          02:00 PM PT
                          
-      "
-
 - title: September 2018
 - items:
   - type: markdown
     text: "
       
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          SqlConnection instantiation exception on .NET 4.6 and later
                          After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.  

                          For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809, SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue is resolved in KB4480976

                          Back to top                          		OS Build 17134.285

                          September 11, 2018
                          KB4457128                          		Resolved
                          KB4480976                          		Resolved:
                          January 15, 2019 
                          10:00 AM PT

                          Opened:
                          September 11, 2018 
                          10:00 AM PT
                          Users cannot set Win32 program defaults
                          After installing KB4458469, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with... command or Settings > Apps > Default apps
                           
                          In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803
                          Resolution: This issue is resolved in KB4467682

                          Back to top                          		OS Build 17134.320

                          September 26, 2018
                          KB4458469                          		Resolved
                          KB4467682                          		Resolved:
                          November 27, 2018 
                          10:00 AM PT

                          Opened:
                          September 26, 2018 
                          02:00 PM PT
                          Guest VMs running Unicast NLB fail to respond after restart
                          All guest virtual machines running Unicast NLB fail to respond to NLB requests after the virtual machines restart. 

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4458469

                          Back to top                          		OS Build 17134.285

                          September 11, 2018
                          KB4457128                          		Resolved
                          KB4458469                          		Resolved:
                          September 26, 2018 
                          10:00 AM PT

                          Opened:
                          September 11, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: July 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
                          DetailsOriginating updateStatusHistory
                          Microsoft Intune takes a long time to deliver user profiles
                          After installing KB4457128, Windows no longer recognizes the Personal Information exchange (PFX) certificate that's used for authenticating to a Wi-Fi or VPN connection. As a result, Microsoft Intune takes a long time to deliver user profiles because it doesn't recognize that the required certificate is on the device. 

                          Affected platforms:
                          • Client: Windows 10, version 1803
                          • Server: Windows Server, version 1803
                          Resolution: This issue is resolved in KB4464218

                          Back to top                          		OS Build 17134.191

                          July 24, 2018
                          KB4340917                          		Resolved
                          KB4464218                          		Resolved:
                          September 17, 2018 
                          10:00 AM PT

                          Opened:
                          July 24, 2018 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index b0d3c9f294..1e0221bf45 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -32,9 +32,16 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
+      
+      
-      
+      
@@ -52,12 +59,6 @@ sections:
       
-      
-      
-      
-      
-      
-      
                          SummaryOriginating updateStatusDate resolved
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 17763.529

                          May 21, 2019
                          KB4497934                          		Resolved
                          KB4503327                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4503327                          		June 11, 2019 
                          10:00 AM PT
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		May 21, 2019 
                          07:42 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          KB4505056                          		May 19, 2019 
                          02:00 PM PT
                          Windows 10, version 1809 update history may show an update installed twice
                          Some customers are reporting that KB4494441 installed twice on their device

                          See details >                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          		May 16, 2019 
                          02:37 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Latest cumulative update (KB 4495667) installs automatically
                          Reports that the optional cumulative update (KB 4495667) installs automatically.

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          		May 08, 2019 
                          03:37 PM PT
                          
       
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

                          See details >                          		OS Build 17763.437

                          April 09, 2019
                          KB4493509                          		Resolved
                          		May 08, 2019 
                          03:30 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4495667                          		May 03, 2019 
                          12:40 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4495667                          		May 03, 2019 
                          10:00 AM PT
                          
       
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 17763.404

                          April 02, 2019
                          KB4490481                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
                          Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4487044                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
                          Upgrade block: Microsoft and Trend Micro identified a compatibility issue with the Trend Micro business endpoint security solutions OfficeScan and Worry-Free Business Security.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		February 01, 2019 
                          09:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4476976                          		January 22, 2019 
                          02:00 PM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		OS Build 17763.55

                          October 09, 2018
                          KB4464330                          		Resolved
                          KB4471332                          		December 11, 2018 
                          10:00 AM PT
                          Audio stops working after installing Intel audio driver
                          Upgrade block: Windows 10 audio stops working after installing Intel Smart Sound Technology driver (version 09.21.00.3755).

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4468550                          		December 07, 2018 
                          10:00 AM PT
                          Office apps (32-bit) unable to use 'Save As…' function
                          Upgrade block: Devices using Morphisec Protector (or other application that uses the Morphisec SDK) may be unable to save documents when using 32-bit Microsoft Office apps.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		December 06, 2018 
                          12:00 PM PT
                          Users cannot set Win32 program defaults 
                          Some users cannot set Win32 program defaults for certain app and file type combinations.

                          See details >                          		OS Build 17763.55

                          October 09, 2018
                          KB4464330                          		Resolved
                          KB4469342                          		December 05, 2018 
                          02:00 PM PT
                          Mapped drives fail to reconnect after login
                          Upgrade block: Mapped drives may fail to reconnect after booting and logging on to a Windows device.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4469342                          		December 05, 2018 
                          02:00 PM PT
                          Microsoft Edge may crash or hang while playing video
                          Following an nVidia driver update, Microsoft Edge may crash or hang while playing video.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		December 05, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -68,11 +69,24 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503327.

                          Back to top                          		OS Build 17763.529

                          May 21, 2019
                          KB4497934                          		Resolved
                          KB4503327                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
 - title: May 2019
 - items:
   - type: markdown
     text: "
       
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505056) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505056 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505056, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          KB4505056                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Windows 10, version 1809 update history may show an update installed twice
                          Affected platforms:
                          • Client: Windows 10, version 1809
                          Cause:
                          In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the View your Update history page will report that installation completed successfully twice. 

                          Resolution:
                          No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the Update history correctly reflects the installation of the latest cumulative update (LCU).

                          Back to top                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          		Resolved:
                          May 16, 2019 
                          02:37 PM PT

                          Opened:
                          May 14, 2019 
                          02:56 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4495667
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4494441.

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 14, 2019 
                          01:19 PM PT
                          
       
                          Latest cumulative update (KB 4495667) installs automatically
                          Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices.  This issue has been mitigated.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.
                           

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          		Resolved:
                          May 08, 2019 
                          03:37 PM PT

                          Opened:
                          May 05, 2019 
                          12:01 PM PT
                          
       
                          
       "
@@ -92,6 +106,7 @@ sections:
   - type: markdown
     text: "
       
+      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503327.

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4503327                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          After installing KB4489899, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites
                          1. Go to Tools > Internet options > Security.
                          2. Within Select a zone to view of change security settings, select Local intranet and then select Enable Protected Mode.
                          3. Select Trusted Sites and then select Enable Protected Mode
                          4. Select OK.
                          You must restart the browser after making these changes.

                          Resolution: This issue is resolved in KB4495667.

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4495667                          		Resolved:
                          May 03, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Apps may stop working after selecting an audio output device other than the default
                          After installing KB4482887 on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include: 
                          • Windows Media Player 
                          • Realtek HD Audio Manager 
                          • Sound Blaster Control Panel 
                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: This issue was resolved in KB4490481

                          Back to top                          		OS Build 17763.348

                          March 01, 2019
                          KB4482887                          		Resolved
                          KB4490481                          		Resolved:
                          April 02, 2019 
                          10:00 AM PT

                          Opened:
                          March 01, 2019 
                          10:00 AM PT
                          
       
                          
@@ -128,24 +143,11 @@ sections:
   - type: markdown
     text: "
       
+      
-      
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
                           
                          As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
                          Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019 
                          Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

                          Resolution: Microsoft has removed the safeguard hold. 



                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		Resolved:
                          May 21, 2019 
                          07:42 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          Shared albums may not sync with iCloud for Windows
                          Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Window 10, version 1809 until this issue has been resolved. 

                          We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
                           
                          Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4482887                          		Resolved:
                          March 01, 2019 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
                          Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
                           
                          To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
                           
                          Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4482887                          		Resolved:
                          March 01, 2019 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          F5 VPN clients losing network connectivity 
                          Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4482887                          		Resolved:
                          March 01, 2019 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
                          Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
                           
                          Upgrade block: After updating to Window 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
                           
                          Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: This issue was resolved in KB4487044, and the block was removed.

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4487044                          		Resolved:
                          February 12, 2019 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
                          Upgrade block: Microsoft and Trend Micro have identified a compatibility issue with Trend Micro's OfficeScan and Worry-Free Business Security software when attempting to update to Windows 10, version 1809.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019 
                          Resolution: Trend Micro has released a new version of these products that resolves the issue. To download them, please visit the Trend Micro Business Support Portal.

                          Once you have updated your version of Trend Micro's OfficeScan or Worry-Free Business Security software, you will be offered Windows 10, version 1809 automatically. 

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		Resolved:
                          February 01, 2019 
                          09:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          Audio stops working after installing Intel audio driver
                          Upgrade block: Intel unintentionally released version 9.21.00.3755 of the Intel Smart Sound Technology (ISST) Driver through Windows Update and inadvertently offered it to a range of devices running Window 10, version 1709, 1803, and 1809. If a device contained a compatible audio driver, the new driver overrode it and caused audio to stop working.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: This issue was resolved in KB4468550 and the upgrade block removed. 

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4468550                          		Resolved:
                          December 07, 2018 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          Office apps (32-bit) unable to use 'Save As…' function
                          Upgrade block: Microsoft and Morphisec have identified an issue on devices that have installed Morphisec Protector or another application that uses the Morphisec Software Development Kit (SDK) including Cisco AMP for Endpoints. These applications may impact customers' ability to use the 'Save As.'dialog when saving documents in 32-bit versions of Microsoft Office applications. Saving of files is not impacted.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: Morphisec and Cisco have released updated versions of their applications to address this issue. We recommend customers update to these minimum versions before attempting to attempting to upgrade to Windows 10, version 1809:
                          • Morphisec Protector version 2.4.8 
                          • Cisco AMP for Endpoints version 6.2.3.10814
                          An upgrade block remains in place for earlier versions of the applications than those listed above.

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		Resolved:
                          December 06, 2018 
                          12:00 PM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          Mapped drives fail to reconnect after login
                          Upgrade block: Network drives may fail to reconnect after booting and logging on to a Windows device. Symptoms include:  
                          • In Windows Explorer, a red X appears on the mapped network drives. 
                          • Mapped network drives show as Unavailable when you run the net use command from a command prompt. 
                          • In the notification area, a notification displays the following message, \"Could not reconnect all network drives.\"
                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: This issue was resolved in KB4469342 and the upgrade block removed. 

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          KB4469342                          		Resolved:
                          December 05, 2018 
                          02:00 PM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          Microsoft Edge may crash or hang while playing video
                          nVidia has notified Microsoft of an issue where Microsoft Edge may crash or hang while playing video. This issue occurs following an nVidia driver update.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution: nVidia has released an updated driver to address this issue. Please follow the instructions found in nVidia's support article

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		Resolved:
                          December 05, 2018 
                          10:00 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
-      "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4464330, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471332

                          Back to top                          		OS Build 17763.55

                          October 09, 2018
                          KB4464330                          		Resolved
                          KB4471332                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          Users cannot set Win32 program defaults 
                          After installing KB4464330, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with... command or Settings > Apps > Default apps.
                           
                          In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803
                          Resolution: This issue is resolved in KB4469342

                          Back to top                          		OS Build 17763.55

                          October 09, 2018
                          KB4464330                          		Resolved
                          KB4469342                          		Resolved:
                          December 05, 2018 
                          02:00 PM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
new file mode 100644
index 0000000000..07a61ea961
--- /dev/null
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@@ -0,0 +1,59 @@
+### YamlMime:YamlDocument
+
+documentType: LandingData
+title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903
+metadata:
+  document_id: 
+  title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903
+  description: Resolved issues in Windows 10, version 1903 and Windows Server 1903
+  keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1903"]
+  ms.localizationpriority: high
+  author: greg-lindsay
+  ms.author: greglin
+  manager: dougkim
+  ms.topic: article
+  ms.devlang: na
+
+sections:
+- items:
+  - type: markdown
+    text: "
+      See a list of known issues that have been resolved for Windows 10, version 1903 and Windows Server, version 1903 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
+      
+      " 
+- items:
+  - type: markdown
+    text: "
+        
                          
+      "
+
+- title: Resolved issues
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusDate resolved
                          Duplicate folders and documents showing in user profile directory
                          If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		May 29, 2019 
                          02:00 PM PT
                          Older versions of BattlEye anti-cheat software incompatible
                          Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		June 07, 2019 
                          04:26 PM PT
                          AMD RAID driver incompatibility  
                          Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		June 06, 2019 
                          11:06 AM PT
                          D3D applications and games may fail to enter full-screen mode on rotated displays
                          Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		May 29, 2019 
                          02:00 PM PT
                          
+      "
+
+- title: Issue details
+- items:
+  - type: markdown
+    text: "
+        
                          
+        
                           
+      "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Duplicate folders and documents showing in user profile directory
                          If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

                          To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.
                          (Posted June 11, 2019)

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		Resolved:
                          May 29, 2019 
                          02:00 PM PT

                          Opened:
                          May 21, 2019 
                          07:16 AM PT
                          Older versions of BattlEye anti-cheat software incompatible
                          Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

                          To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: Before updating your machine, we recommend you do one or more of the following:

                          • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
                          • Restart your system and open the game again.
                          • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
                          • Uninstall and reinstall your game.
                          Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		Resolved:
                          June 07, 2019 
                          04:26 PM PT

                          Opened:
                          May 21, 2019 
                          07:34 AM PT
                          AMD RAID driver incompatibility  
                          Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:
                          AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.
                          “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”
                           
                          To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
                           
                          Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		Resolved:
                          June 06, 2019 
                          11:06 AM PT

                          Opened:
                          May 21, 2019 
                          07:12 AM PT
                          D3D applications and games may fail to enter full-screen mode on rotated displays
                          Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          • Server: Windows Server, version 1903
                          Resolution: This issue was resolved in KB4497935

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		Resolved:
                          May 29, 2019 
                          02:00 PM PT

                          Opened:
                          May 21, 2019 
                          07:05 AM PT
                          
+      "
diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
index d034127b65..3f1f8ce7af 100644
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -32,6 +32,11 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
@@ -44,7 +49,6 @@ sections:
       
-      
                          SummaryOriginating updateStatusDate resolved
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499164                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:23 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4499164                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480970                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          Applications using Microsoft Jet database and Access 95 file format stop working
                          Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

                          See details >                          		February 12, 2019
                          KB4486563                          		Resolved
                          KB4486565                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		January 08, 2019
                          KB4480970                          		Resolved
                          KB4486563                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Local Administrators unable to remotely access shares
                          Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines.

                          See details >                          		January 08, 2019
                          KB4480970                          		Resolved
                          KB4487345                          		January 11, 2019 
                          02:00 PM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		October 09, 2018
                          KB4462923                          		Resolved
                          KB4471318                          		December 11, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -55,11 +59,23 @@ sections:
         
                          
         
                           
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499164                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:23 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493472 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
@@ -69,6 +85,7 @@ sections:
   - type: markdown
     text: "
       
+      
                          DetailsOriginating updateStatusHistory
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue was resolved in KB4499164.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4499164                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: This issue is resolved in KB4493472.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          NETDOM.EXE fails to run
                          After installing KB4489878, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4493472.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
@@ -104,6 +121,5 @@ sections:
     text: "
       
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Event Viewer may not show some event descriptions for network interface cards
                          After installing KB4462927, the Event Viewer may not show some event descriptions for network interface cards (NICs).

                          Affected Platforms:
                          • Client: Windows 7 SP1 
                          • Server: Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4489878.

                          Back to top                          		October 18, 2018
                          KB4462927                          		Resolved
                          KB4489878                          		Resolved:
                          March 12, 2019 
                          10:00 AM PT

                          Opened:
                          October 18, 2018 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462923, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471318.

                          Back to top                          		October 09, 2018
                          KB4462923                          		Resolved
                          KB4471318                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
index 1ef62bfe75..71310515c7 100644
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@@ -32,6 +32,12 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
+      
@@ -44,7 +50,6 @@ sections:
       
-      
                          SummaryOriginating updateStatusDate resolved
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4503276                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499151                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		April 25, 2019
                          KB4493443                          		Resolved
                          KB4499151                          		May 14, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          
       
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          MSXML6 may cause applications to stop responding.
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          Internet Explorer may fail to load images
                          Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

                          See details >                          		February 12, 2019
                          KB4487000                          		Resolved
                          KB4487016                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4487000                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4480969                          		January 15, 2019 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		October 09, 2018
                          KB4462926                          		Resolved
                          KB4471320                          		December 11, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -55,11 +60,24 @@ sections:
         
                          
         
                           
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499151                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		April 25, 2019
                          KB4493443                          		Resolved
                          KB4499151                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493446 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
@@ -69,6 +87,7 @@ sections:
   - type: markdown
     text: "
       
+      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Resolution: This issue was resolved in KB4503276.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4503276                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Custom URI schemes may not start corresponding application
                          After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: This issue is resolved in KB4493446.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4493446                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          Devices with winsock kernel client may receive error
                          After installing KB4489881, devices with a winsock kernel client may receive D1, FC, and other errors. Additionally, systems that run the Skype for Business or Lync Server Edge Transport role may be affected by this issue.

                          Affected platforms: 
                          • Client: Windows 8.1 
                          • Server: Windows Server 2012 R2 
                          Resolution: This issue is resolved in KB4489893.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4489893                          		Resolved:
                          March 19, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
@@ -98,12 +117,3 @@ sections:
       
                          Unable to access hotspots with third-party applications
                          After installing KB4480963, third-party applications may have difficulty authenticating hotspots.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue is resolved in KB4480969.

                          Back to topJanuary 08, 2019
                          KB4480963Resolved
                          KB4480969Resolved:
                          January 15, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
       
       "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462926, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471320.

                          Back to top                          		October 09, 2018
                          KB4462926                          		Resolved
                          KB4471320                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
index fe19c4b36e..251a66b50a 100644
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@@ -32,6 +32,9 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
@@ -39,7 +42,6 @@ sections:
       
-      
                          SummaryOriginating updateStatusDate resolved
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Resolved
                          		May 14, 2019 
                          01:19 PM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4499149                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4487023                          		Resolved
                          KB4493471                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          NETDOM.EXE fails to run
                          NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

                          See details >                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4493471                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          First character of the Japanese era name not recognized as an abbreviation
                          The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          See details >                          		January 17, 2019
                          KB4480974                          		Resolved
                          KB4489880                          		March 12, 2019 
                          10:00 AM PT
                          Applications using Microsoft Jet database and Access 95 file format stop working
                          Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

                          See details >                          		February 12, 2019
                          KB4487023                          		Resolved
                          KB4487022                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		January 08, 2019
                          KB4480968                          		Resolved
                          KB4487023                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Local Administrators unable to remotely access shares
                          Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines.

                          See details >                          		January 08, 2019
                          KB4480968                          		Resolved
                          KB4487354                          		January 11, 2019 
                          02:00 PM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		October 09, 2018
                          KB4463097                          		Resolved
                          KB4471325                          		December 11, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -50,11 +52,22 @@ sections:
         
                          
         
                           
       "
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493471                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493471                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:19 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       
+      
                          DetailsOriginating updateStatusHistory
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue was resolved in KB4499149.

                          Back to top                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4499149                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          NETDOM.EXE fails to run
                          After installing KB4489880, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4493471.

                          Back to top                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4493471                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
@@ -80,12 +93,3 @@ sections:
       
                          Local Administrators unable to remotely access shares
                          Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing KB4480968. This does not affect domain accounts in the local Administrators group.

                          Affected platforms: 
                          • Client: Windows 7 SP1 
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4487354.

                          Back to topJanuary 08, 2019
                          KB4480968Resolved
                          KB4487354Resolved:
                          January 11, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
       
       "
-
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4463097, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471325.

                          Back to top                          		October 09, 2018
                          KB4463097                          		Resolved
                          KB4471325                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml
index b2a7ce07c1..144e2d3484 100644
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@@ -32,6 +32,11 @@ sections:
   - type: markdown
     text: "
       
+      
+      
+      
+      
+      
@@ -42,7 +47,6 @@ sections:
       
-      
                          SummaryOriginating updateStatusDate resolved
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489891                          		Resolved
                          KB4503285                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499171                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		April 25, 2019
                          KB4493462                          		Resolved
                          KB4499171                          		May 14, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Resolved
                          		May 14, 2019 
                          01:19 PM PT
                          
       
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4487025                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          Applications using Microsoft Jet database and Access 95 file format stop working
                          Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

                          See details >                          		February 12, 2019
                          KB4487025                          		Resolved
                          KB4487024                          		February 19, 2019 
                          02:00 PM PT
                          
       
                          Applications using Microsoft Jet database fail to open
                          Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4487025                          		February 12, 2019 
                          10:00 AM PT
                          
       
                          Unable to access hotspots with third-party applications
                          Third-party applications may have difficulty authenticating hotspots.

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4480971                          		January 15, 2019 
                          10:00 AM PT
                          Unable to use Seek bar in Windows Media Player
                          Users may not be able to use the Seek bar in Windows Media Player when playing specific files.

                          See details >                          		October 09, 2018
                          KB4462929                          		Resolved
                          KB4471330                          		December 11, 2018 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -53,6 +57,35 @@ sections:
         
                          
         
                           
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499171                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		April 25, 2019
                          KB4493462                          		Resolved
                          KB4499171                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:19 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
+      "
+
+- title: March 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489891, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Resolution: This issue was resolved in KB4503285.

                          Back to top                          		March 12, 2019
                          KB4489891                          		Resolved
                          KB4503285                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
+      "
+
 - title: February 2019
 - items:
   - type: markdown
@@ -78,15 +111,6 @@ sections:
       
       "
 
-- title: October 2018
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Unable to use Seek bar in Windows Media Player
                          After installing KB4462929, users may not be able to use the Seek bar in Windows Media Player when playing specific files. This issue does not affect normal playback.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4471330.

                          Back to top                          		October 09, 2018
                          KB4462929                          		Resolved
                          KB4471330                          		Resolved:
                          December 11, 2018 
                          10:00 AM PT

                          Opened:
                          October 09, 2018 
                          10:00 AM PT
                          
-      "
-
 - title: September 2018
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
index 3cab3fb9e9..ce1f513a1a 100644
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1507
 metadata:
   document_id: 
   title: Windows 10, version 1507
-  description: View annoucements and review known issues and fixes for Windows 10 version 1507
+  description: View announcements and review known issues and fixes for Windows 10 version 1507
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -61,9 +61,7 @@ sections:
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
+      
                          SummaryOriginating updateStatusLast updated
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). 

                          See details >                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 10240.18158

                          March 12, 2019
                          KB4489872                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 10240.18132

                          February 12, 2019
                          KB4487018                          		Resolved
                          KB4493475                          		April 09, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 10240.18215

                          May 14, 2019
                          KB4499154                          		Resolved
                          KB4505051                          		May 19, 2019 
                          02:00 PM PT
                          
       
                          
       "
 
@@ -74,21 +72,12 @@ sections:
         
                          
         
                           
       "
-- title: March 2019
+- title: May 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          Custom URI schemes may not start corresponding application
                          After installing KB4489872, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue was resolved in KB4493475.

                          Back to top                          		OS Build 10240.18158

                          March 12, 2019
                          KB4489872                          		Resolved
                          KB4493475                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493475

                          Back to top                          		OS Build 10240.18132

                          February 12, 2019
                          KB4487018                          		Resolved
                          KB4493475                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505051) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505051 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505051, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 10240.18215

                          May 14, 2019
                          KB4499154                          		Resolved
                          KB4505051                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          
       
                          
       "
 
@@ -98,6 +87,5 @@ sections:
     text: "
       
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following: 
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership. 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4493475.

                          Back to top                          		OS Build 10240.18094

                          January 08, 2019
                          KB4480962                          		Resolved
                          KB4493475                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index b22aced938..28aefbeb37 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1607 and Windows Server 2016
 metadata:
   document_id: 
   title: Windows 10, version 1607 and Windows Server 2016
-  description: View annoucements and review known issues and fixes for Windows 10 version 1607 and Windows Server 2016
+  description: View announcements and review known issues and fixes for Windows 10 version 1607 and Windows Server 2016
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,17 +60,18 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
+      
+      
-      
-      
-      
-      
-      
-      
+      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Investigating
                          		April 25, 2019 
                          02:00 PM PT
                          Some applications may fail to run as expected on clients of AD FS 2016
                          Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Mitigated
                          		June 07, 2019 
                          04:25 PM PT
                          Devices running Windows Server 2016 with Hyper-V seeing Bitlocker error 0xC0210000
                          Some devices running Windows Server with Hyper-V enabled may start into Bitlocker recovery with error 0xC0210000

                          See details >                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Mitigated
                          		May 23, 2019 
                          09:57 AM PT
                          
       
                          Cluster service may fail if the minimum password length is set to greater than 14
                          The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

                          See details >                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          SCVMM cannot enumerate and manage logical switches deployed on the host
                          For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

                          See details >                          		OS Build 14393.2639

                          November 27, 2018
                          KB4467684                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
                          Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

                          See details >                          		OS Build 14393.2608

                          November 13, 2018
                          KB4467691                          		Mitigated
                          		February 19, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4493473                          		April 25, 2019 
                          02:00 PM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 14393.2879

                          March 19, 2019
                          KB4489889                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). 

                          See details >                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 14393.2791

                          February 12, 2019
                          KB4487026                          		Resolved
                          KB4493470                          		April 09, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 14393.2999

                          May 23, 2019
                          KB4499177                          		Resolved
                          KB4503267                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4503267                          		June 11, 2019 
                          10:00 AM PT
                          Update not showing as applicable through WSUS or SCCM or when manually installed
                          Update not showing as applicable through WSUS or SCCM or when manually installed

                          See details >                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4498947                          		May 14, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4505052                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -81,12 +82,34 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Some applications may fail to run as expected on clients of AD FS 2016
                          Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

                          Affected platforms:
                          • Server: Windows Server 2016
                          Workaround: You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL. On the affected server, open a PowerShell window as an administrator and run the following command: set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue \"allow-from https://example.com\"

                          Next steps: We are working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Mitigated
                          		Last updated:
                          June 07, 2019 
                          04:25 PM PT

                          Opened:
                          June 04, 2019 
                          05:55 PM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503267.

                          Back to top                          		OS Build 14393.2999

                          May 23, 2019
                          KB4499177                          		Resolved
                          KB4503267                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Devices running Windows Server 2016 with Hyper-V seeing Bitlocker error 0xC0210000
                          Some devices running Windows Server 2016 with Hyper-V enabled may enter Bitlocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.

                          Note Windows 10, version 1607 may also be affected when Bitlocker and Hyper-V are both enabled.

                          Affected platforms:
                          • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2016
                          Workaround: If your device is already in this state, you can successfully start Windows after suspending Bitlocker from the Windows Recovery Environment (WinRE) using the following steps:
                          1. Retrieve the 48 digit Bitlocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when Bitlocker was first enabled.
                          2. From the recovery screen, press the enter key and enter the recovery password when prompted.
                          3. If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
                          4. select Advanced options then Troubleshoot then Advanced options then Command Prompt.
                          5. Unlock OS drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
                          6. Suspend Bitlocker using the command: Manage-bde -protectors -disable c:
                          7. Exit the command window using the command: exit
                          8. Select Continue from recovery environment.
                          9. The device should now start Windows.
                          10. Once started, launch an Administrator Command Prompt and resume the Bitlocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
                          Note The workaround needs to be followed on every system restart unless Bitlocker is suspended before restarting.

                          To prevent this issue, execute the following command to temporarily suspend Bitlocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1
                          Note This command will suspend Bitlocker for 1 restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).

                          Next steps: Microsoft is presently investigating this issue and will provide an update when available.

                          Back to top                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Mitigated
                          		Last updated:
                          May 23, 2019 
                          09:57 AM PT

                          Opened:
                          May 21, 2019 
                          08:50 AM PT
                          Update not showing as applicable through WSUS or SCCM or when manually installed
                          KB4494440 or later updates may not show as applicable through WSUS or SCCM to the affected platforms.  When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\"


                          Affected platforms:
                          • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2016

                          Resolution: The servicing stack update (SSU) (KB4498947) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.

                          Back to top                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4498947                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 24, 2019 
                          04:20 PM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505052) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505052 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505052, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 14393.2969

                          May 14, 2019
                          KB4494440                          		Resolved
                          KB4505052                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
+      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Investigating
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4494440.

                          Back to top                          		OS Build 14393.2941

                          April 25, 2019
                          KB4493473                          		Resolved
                          KB4494440                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
       
                          
       "
 
@@ -95,19 +118,7 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

                          Option 1:
                          Open an Administrator Command prompt and type the following:
                          Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
-

                          Option 2:
                          Use the Windows Deployment Services UI to make the following adjustment:
                          1. Open Windows Deployment Services from Windows Administrative Tools.
                          2. Expand Servers and right-click a WDS server.
                          3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
                          Option 3:
                          Set the following registry value to 0:
                          HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension

                          Restart the WDSServer service after disabling the Variable Window Extension.

                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          After installing KB4489882, Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493473

                          Back to top                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4493473                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493470.

                          Back to top                          		OS Build 14393.2879

                          March 19, 2019
                          KB4489889                          		Resolved
                          KB4493470                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493470

                          Back to top                          		OS Build 14393.2791

                          February 12, 2019
                          KB4487026                          		Resolved
                          KB4493470                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503267.

                          Back to top                          		OS Build 14393.2848

                          March 12, 2019
                          KB4489882                          		Resolved
                          KB4503267                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -117,8 +128,6 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;  Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership.
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
                          • Cache size and location show zero or empty.
                          • Keyboard shortcuts may not work properly.
                          • Webpages may intermittently fail to load or render correctly.
                          • Issues with credential prompts.
                          • Issues when downloading files.
                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue was resolved in KB4493470.

                          Back to top                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4493470                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4493470.

                          Back to top                          		OS Build 14393.2724

                          January 08, 2019
                          KB4480961                          		Resolved
                          KB4493470                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 10d69d6cc5..7f3a342f47 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1703
 metadata:
   document_id: 
   title: Windows 10, version 1703
-  description: View annoucements and review known issues and fixes for Windows 10 version 1703
+  description: View announcements and review known issues and fixes for Windows 10 version 1703
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -61,10 +61,9 @@ sections:
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 15063.1689

                          March 12, 2019
                          KB4489871                          		Resolved
                          KB4493436                          		April 25, 2019 
                          02:00 PM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 15063.1716

                          March 19, 2019
                          KB4489888                          		Resolved
                          KB4493474                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4493474                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 15063.1631

                          February 12, 2019
                          KB4487020                          		Resolved
                          KB4493474                          		April 09, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 15063.1839

                          May 28, 2019
                          KB4499162                          		Resolved
                          KB4503279                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 15063.1805

                          May 14, 2019
                          KB4499181                          		Resolved
                          KB4505055                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 15063.1784

                          April 25, 2019
                          KB4493436                          		Resolved
                          KB4499181                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -75,22 +74,22 @@ sections:
         
                          
         
                           
       "
-- title: March 2019
+- title: June 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Custom URI schemes may not start corresponding application
                          After installing KB4489871, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493436

                          Back to top                          		OS Build 15063.1689

                          March 12, 2019
                          KB4489871                          		Resolved
                          KB4493436                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493474.

                          Back to top                          		OS Build 15063.1716

                          March 19, 2019
                          KB4489888                          		Resolved
                          KB4493474                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503279.

                          Back to top                          		OS Build 15063.1839

                          May 28, 2019
                          KB4499162                          		Resolved
                          KB4503279                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
       
                          
       "
 
-- title: February 2019
+- title: May 2019
 - items:
   - type: markdown
     text: "
       
-      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493474

                          Back to top                          		OS Build 15063.1631

                          February 12, 2019
                          KB4487020                          		Resolved
                          KB4493474                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505055) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505055 from Windows Update and then restarting your device.

                          This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505055, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 15063.1805

                          May 14, 2019
                          KB4499181                          		Resolved
                          KB4505055                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 15063.1784

                          April 25, 2019
                          KB4493436                          		Resolved
                          KB4499181                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
       
                          
       "
 
@@ -100,6 +99,5 @@ sections:
     text: "
       
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following: 
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership. 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4493474.

                          Back to top                          		OS Build 15063.1563

                          January 08, 2019
                          KB4480973                          		Resolved
                          KB4493474                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index abdaf311b0..378cc71da1 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1709 and Windows Server, version 1709
 metadata:
   document_id: 
   title: Windows 10, version 1709 and Windows Server, version 1709
-  description: View annoucements and review known issues and fixes for Windows 10 version 1709 and Windows Server 1709
+  description: View announcements and review known issues and fixes for Windows 10 version 1709 and Windows Server 1709
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,13 +60,11 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
-      
-      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Investigating
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 16299.1029

                          March 12, 2019
                          KB4489886                          		Resolved
                          KB4493440                          		April 25, 2019 
                          02:00 PM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 16299.1059

                          March 19, 2019
                          KB4489890                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 causes applications to stop responding if an exception was thrown
                          MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          Stop error when attempting to start SSH from WSL
                          A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

                          See details >                          		OS Build 16299.1029

                          March 12, 2019
                          KB4489886                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 16299.967

                          February 12, 2019
                          KB4486996                          		Resolved
                          KB4493441                          		April 09, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 16299.1182

                          May 28, 2019
                          KB4499147                          		Resolved
                          KB4503284                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 16299.1143

                          May 14, 2019
                          KB4498946                          		Resolved
                          KB4505062                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -77,32 +75,31 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503284.

                          Back to top                          		OS Build 16299.1182

                          May 28, 2019
                          KB4499147                          		Resolved
                          KB4503284                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505062) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505062 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505062, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 16299.1143

                          May 14, 2019
                          KB4498946                          		Resolved
                          KB4505062                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

                          Back to top                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Investigating
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
-      "
-
-- title: March 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Custom URI schemes may not start corresponding application
                          After installing KB4489886, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493440

                          Back to top                          		OS Build 16299.1029

                          March 12, 2019
                          KB4489886                          		Resolved
                          KB4493440                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue is resolved in KB4493441.

                          Back to top                          		OS Build 16299.1059

                          March 19, 2019
                          KB4489890                          		Resolved
                          KB4493441                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          Stop error when attempting to start SSH from WSL
                          After applying KB4489886, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1709
                          • Server: Windows Server, version 1803; Windows Server, version 1709
                          Resolution: This issue is resolved in KB4493441.

                          Back to top                          		OS Build 16299.1029

                          March 12, 2019
                          KB4489886                          		Resolved
                          KB4493441                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493441

                          Back to top                          		OS Build 16299.967

                          February 12, 2019
                          KB4486996                          		Resolved
                          KB4493441                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4499179.

                          Back to top                          		OS Build 16299.1127

                          April 25, 2019
                          KB4493440                          		Resolved
                          KB4499179                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
       
                          
       "
 
@@ -112,6 +109,5 @@ sections:
     text: "
       
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership. 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 causes applications to stop responding if an exception was thrown
                          After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue is resolved in KB4493441.

                          Back to top                          		OS Build 16299.904

                          January 08, 2019
                          KB4480978                          		Resolved
                          KB4493441                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index 3e58d9c048..69ffbe452f 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1803
 metadata:
   document_id: 
   title: Windows 10, version 1803
-  description: View annoucements and review known issues and fixes for Windows 10 version 1803
+  description: View announcements and review known issues and fixes for Windows 10 version 1803
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,15 +60,12 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
-      
-      
-      
-      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Investigating
                          		April 25, 2019 
                          02:00 PM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493437                          		April 25, 2019 
                          02:00 PM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 17134.677

                          March 19, 2019
                          KB4489894                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          First character of the Japanese era name not recognized
                          The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          See details >                          		OS Build 17134.556

                          January 15, 2019
                          KB4480976                          		Resolved
                          KB4487029                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          Stop error when attempting to start SSH from WSL
                          A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 17134.590

                          February 12, 2019
                          KB4487017                          		Resolved
                          KB4493464                          		April 09, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 17134.799

                          May 21, 2019
                          KB4499183                          		Resolved
                          KB4503286                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4503286                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 17134.765

                          May 14, 2019
                          KB4499167                          		Resolved
                          KB4505064                          		May 19, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -79,12 +76,31 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503286.

                          Back to top                          		OS Build 17134.799

                          May 21, 2019
                          KB4499183                          		Resolved
                          KB4503286                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505064) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505064 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505064, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 17134.765

                          May 14, 2019
                          KB4499167                          		Resolved
                          KB4505064                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
+      
                          DetailsOriginating updateStatusHistory
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

                          Back to top                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Investigating
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4499167.

                          Back to top                          		OS Build 17134.753

                          April 25, 2019
                          KB4493437                          		Resolved
                          KB4499167                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          April 25, 2019 
                          02:00 PM PT
                          
       
                          
       "
 
@@ -93,20 +109,7 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489868, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

                          Option 1: 
                          Open an Administrator Command prompt and type the following:  
                          Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
-

                           Option 2: 
                          Use the Windows Deployment Services UI to make the following adjustment:  
                          1. Open Windows Deployment Services from Windows Administrative Tools. 
                          2. Expand Servers and right-click a WDS server. 
                          3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.  
                          Option 3: 
                          Set the following registry value to 0:
                          HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension  

                          Restart the WDSServer service after disabling the Variable Window Extension. 
                           
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          After installing KB4489868, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493437

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493437                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493464

                          Back to top                          		OS Build 17134.677

                          March 19, 2019
                          KB4489894                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 19, 2019 
                          10:00 AM PT
                          Stop error when attempting to start SSH from WSL
                          After applying KB4489868, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh -A) or a configuration setting.

                          Affected platforms:
                          • Client: Windows 10, version 1803; Windows 10, version 1709
                          • Server: Windows Server, version 1803; Windows Server, version 1709
                          Resolution: This issue was resolved in KB4493464.

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493464

                          Back to top                          		OS Build 17134.590

                          February 12, 2019
                          KB4487017                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          After installing KB4489868, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503286.

                          Back to top                          		OS Build 17134.648

                          March 12, 2019
                          KB4489868                          		Resolved
                          KB4503286                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -116,7 +119,5 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership. 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          First character of the Japanese era name not recognized
                          After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4487029

                          Back to top                          		OS Build 17134.556

                          January 15, 2019
                          KB4480976                          		Resolved
                          KB4487029                          		Resolved:
                          February 19, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4493464

                          Back to top                          		OS Build 17134.523

                          January 08, 2019
                          KB4480966                          		Resolved
                          KB4493464                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 2b50998415..4ddd5019f9 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -5,7 +5,7 @@ title: Windows 10, version 1809 and Windows Server 2019
 metadata:
   document_id: 
   title: Windows 10, version 1809 and Windows Server 2019
-  description: View annoucements and review known issues and fixes for Windows 10 version 1809 and Windows Server 2019
+  description: View announcements and review known issues and fixes for Windows 10 version 1809 and Windows Server 2019
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -34,21 +34,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -67,16 +67,14 @@ sections:
       
-      
-      
-      
-      
-      
-      
-      
-      
-      
+      
+      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          
       
                          Devices with some Asian language packs installed may receive an error
                          After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

                          See details >                          		OS Build 17763.437

                          April 09, 2019
                          KB4493509                          		Mitigated
                          		May 03, 2019 
                          10:59 AM PT
                          
       
                          Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
                          Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Mitigated
                          		May 02, 2019 
                          04:47 PM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Mitigated
                          		April 09, 2019 
                          10:00 AM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail 
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Mitigated
                          		April 09, 2019 
                          10:00 AM PT
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Mitigated
                          		March 15, 2019 
                          12:00 PM PT
                          Latest cumulative update (KB 4495667) installs automatically
                          Reports that the optional cumulative update (KB 4495667) installs automatically.

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          		May 08, 2019 
                          03:37 PM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

                          See details >                          		OS Build 17763.437

                          April 09, 2019
                          KB4493509                          		Resolved
                          		May 08, 2019 
                          03:30 PM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4495667                          		May 03, 2019 
                          12:40 PM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. 

                          See details >                          		OS Build 17763.404

                          April 02, 2019
                          KB4490481                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		OS Build 17763.316

                          February 12, 2019
                          KB4487044                          		Resolved
                          KB4493509                          		April 09, 2019 
                          10:00 AM PT
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          See details >                          		OS Build 17763.529

                          May 21, 2019
                          KB4497934                          		Resolved
                          KB4503327                          		June 11, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

                          See details >                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4503327                          		June 11, 2019 
                          10:00 AM PT
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

                          See details >                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		May 21, 2019 
                          07:42 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          KB4505056                          		May 19, 2019 
                          02:00 PM PT
                          Windows 10, version 1809 update history may show an update installed twice
                          Some customers are reporting that KB4494441 installed twice on their device

                          See details >                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          		May 16, 2019 
                          02:37 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		May 14, 2019 
                          10:00 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

                          See details >                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -87,6 +85,15 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Opening Internet Explorer 11 may fail
                          Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
                          • Server: Windows Server 2019; Windows Server 2016
                          Resolution: This issue was resolved in KB4503327.

                          Back to top                          		OS Build 17763.529

                          May 21, 2019
                          KB4497934                          		Resolved
                          KB4503327                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          June 05, 2019 
                          05:49 PM PT
                          
+      "
+
 - title: May 2019
 - items:
   - type: markdown
@@ -94,17 +101,10 @@ sections:
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Devices with some Asian language packs installed may receive an error
                          After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Workaround: 
                          1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
                          2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
                          Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
                          1. Go to Settings app -> Recovery.
                          2. Click on Get Started under \"Reset this PC\" recovery option.
                          3. Select \"Keep my Files\".
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 17763.437

                          April 09, 2019
                          KB4493509                          		Mitigated
                          		Last updated:
                          May 03, 2019 
                          10:59 AM PT

                          Opened:
                          May 02, 2019 
                          04:36 PM PT
                          
       
                          Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
                          When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"
                           
                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Workaround: You can use another browser, such as Internet Explorer to print your documents.
                           
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Mitigated
                          		Last updated:
                          May 02, 2019 
                          04:47 PM PT

                          Opened:
                          May 02, 2019 
                          04:47 PM PT
                          Latest cumulative update (KB 4495667) installs automatically
                          Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices.  This issue has been mitigated.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019
                          Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.
                           

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          		Resolved:
                          May 08, 2019 
                          03:37 PM PT

                          Opened:
                          May 05, 2019 
                          12:01 PM PT
                          
-      "
-
-- title: April 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article.

                          Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

                          Back to top                          		OS Build 17763.437

                          April 09, 2019
                          KB4493509                          		Resolved
                          		Resolved:
                          May 08, 2019 
                          03:30 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          End-user-defined characters (EUDC) may cause blue screen at startup
                          If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
                          Resolution: This issue was resolved in KB4493509.

                          Back to top                          		OS Build 17763.404

                          April 02, 2019
                          KB4490481                          		Resolved
                          KB4493509                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          April 02, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505056) to resolve this issue.

                          • UK customers: This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
                          • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing KB4505056 from Windows Update and then restarting your device.
                          To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505056, search for it in the Microsoft Update Catalog.
                           

                          Back to top                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          KB4505056                          		Resolved:
                          May 19, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Windows 10, version 1809 update history may show an update installed twice
                          Affected platforms:
                          • Client: Windows 10, version 1809
                          Cause:
                          In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the View your Update history page will report that installation completed successfully twice. 

                          Resolution:
                          No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the Update history correctly reflects the installation of the latest cumulative update (LCU).

                          Back to top                          		OS Build 17763.503

                          May 14, 2019
                          KB4494441                          		Resolved
                          		Resolved:
                          May 16, 2019 
                          02:37 PM PT

                          Opened:
                          May 14, 2019 
                          02:56 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          Zone transfers over TCP may fail
                          Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4495667
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
                          • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
                          Resolution: This issue was resolved in KB4494441.

                          Back to top                          		OS Build 17763.475

                          May 03, 2019
                          KB4495667                          		Resolved
                          KB4494441                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 14, 2019 
                          01:19 PM PT
                          
       
                          
       "
 
@@ -113,18 +113,7 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

                          Option 1:
                          Open an Administrator Command prompt and type the following:
                          Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No 
-

                          Option 2:
                          Use the Windows Deployment Services UI to make the following adjustment: 
                          1. Open Windows Deployment Services from Windows Administrative Tools. 
                          2. Expand Servers and right-click a WDS server. 
                          3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
                          Option 3:
                          Set the following registry value to 0:
                          HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension  

                          Restart the WDSServer service after disabling the Variable Window Extension. 

                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Mitigated
                          		Last updated:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          After installing KB4489899, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites
                          1. Go to Tools > Internet options > Security.
                          2. Within Select a zone to view of change security settings, select Local intranet and then select Enable Protected Mode.
                          3. Select Trusted Sites and then select Enable Protected Mode
                          4. Select OK.
                          You must restart the browser after making these changes.

                          Resolution: This issue is resolved in KB4495667.

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4495667                          		Resolved:
                          May 03, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1  
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2  
                          Resolution: This issue is resolved in KB4493509.  

                          Back to top                          		OS Build 17763.316

                          February 12, 2019
                          KB4487044                          		Resolved
                          KB4493509                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4503327.

                          Back to top                          		OS Build 17763.379

                          March 12, 2019
                          KB4489899                          		Resolved
                          KB4503327                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -134,8 +123,6 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail 
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:  
                          • Perform the operation from a process that has administrator privilege. 
                          • Perform the operation from a node that doesn’t have CSV ownership. 
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Mitigated
                          		Last updated:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
                          • Cache size and location show zero or empty. 
                          • Keyboard shortcuts may not work properly. 
                          • Webpages may intermittently fail to load or render correctly. 
                          • Issues with credential prompts. 
                          • Issues when downloading files. 
                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue was resolved in KB4493509

                          Back to top                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
                           
                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue was resolved in KB4493509

                          Back to top                          		OS Build 17763.253

                          January 08, 2019
                          KB4480116                          		Resolved
                          KB4493509                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -144,6 +131,6 @@ sections:
   - type: markdown
     text: "
       
-      
+      
                          DetailsOriginating updateStatusHistory
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
                           
                          As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019 
                          Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.

                          For more information, see the Intel Customer Support article.

                          Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Mitigated
                          		Last updated:
                          March 15, 2019 
                          12:00 PM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
                          Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
                           
                          As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
                          Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
                          • Server: Windows Server, version 1809; Windows Server 2019 
                          Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

                          Resolution: Microsoft has removed the safeguard hold. 



                          Back to top                          		OS Build 17763.134

                          November 13, 2018
                          KB4467708                          		Resolved
                          		Resolved:
                          May 21, 2019 
                          07:42 AM PT

                          Opened:
                          November 13, 2018 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
new file mode 100644
index 0000000000..0c64ca5a1d
--- /dev/null
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -0,0 +1,112 @@
+### YamlMime:YamlDocument
+
+documentType: LandingData
+title: Windows 10, version 1903 and Windows Server, version 1903
+metadata:
+  document_id: 
+  title: Windows 10, version 1903 and Windows Server, version 1903
+  description: View announcements and review known issues and fixes for Windows 10 version 1903 and Windows Server 1903
+  keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
+  ms.localizationpriority: high
+  author: greg-lindsay
+  ms.author: greglin
+  manager: dougkim
+  ms.topic: article
+  ms.devlang: na
+
+sections:
+- items:
+  - type: markdown
+    text: "
+      Find information on known issues for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
+      
+ 
+
                          Current status as of June 11, 2019:
                          
+      
                          Windows 10, version 1903 is available for any user who manually selects “Check for updates” via Windows Update for all devices that do not have a safeguard hold. If you are not offered the update, please check below for any known issues that may affect your device. The recommended servicing status is Semi-Annual Channel.

                          The June monthly update is now available for all versions of Windows 10. Microsoft strongly recommends you keep your Windows devices, regardless of which version of Windows they are running, up to date with the latest monthly updates. Monthly updates are critical to device security and ecosystem health, and help mitigate the evolving threat landscape.

                          Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
                          
+
                          
+
+      " 
+
+- items:
+  - type: list
+    style: cards
+    className: cardsM
+    columns: 3
+    items:
+    
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
+      image: 
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
+      image: 
+        src: https://docs.microsoft.com/media/common/i_whats-new.svg
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
+      image: 
+        src: https://docs.microsoft.com/media/common/i_investigate.svg
+      title: What’s new for businesses and IT pros in Windows 10
+- items:
+  - type: markdown
+    text: "
+      
+      "
+- items:
+  - type: markdown
+    text: "
+        
                          
+      "
+
+- title: Known issues
+- items:
+  - type: markdown
+    text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          Windows Sandbox may fail to start with error code “0x80070002”
                          Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

                          See details >                          		OS Build 18362.116

                          May 20, 2019
                          KB4505057                          		Investigating
                          		June 10, 2019 
                          06:06 PM PT
                          Loss of functionality in Dynabook Smartphone Link app
                          After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

                          See details >                          		OS Build 18362.116

                          May 20, 2019
                          KB4505057                          		Investigating
                          		May 24, 2019 
                          03:10 PM PT
                          Display brightness may not respond to adjustments
                          Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Investigating
                          		May 21, 2019 
                          04:47 PM PT
                          Audio not working with Dolby Atmos headphones and home theater 
                          Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Investigating
                          		May 21, 2019 
                          07:17 AM PT
                          Error attempting to update with external USB device or memory card attached 
                          PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		June 11, 2019 
                          12:34 PM PT
                          Gamma ramps, color profiles, and night light settings do not apply in some cases
                          Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		May 24, 2019 
                          11:02 AM PT
                          Unable to discover or connect to Bluetooth devices
                          Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		May 21, 2019 
                          04:48 PM PT
                          Intel Audio displays an intcdaud.sys notification
                          Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.  

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		May 21, 2019 
                          04:47 PM PT
                          Cannot launch Camera app 
                          Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		May 21, 2019 
                          04:47 PM PT
                          Intermittent loss of Wi-Fi connectivity
                          Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. 

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		May 21, 2019 
                          04:46 PM PT
                          Duplicate folders and documents showing in user profile directory
                          If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		May 29, 2019 
                          02:00 PM PT
                          Older versions of BattlEye anti-cheat software incompatible
                          Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		June 07, 2019 
                          04:26 PM PT
                          AMD RAID driver incompatibility  
                          Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		June 06, 2019 
                          11:06 AM PT
                          D3D applications and games may fail to enter full-screen mode on rotated displays
                          Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.

                          See details >                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		May 29, 2019 
                          02:00 PM PT
                          
+      "
+
+- title: Issue details
+- items:
+  - type: markdown
+    text: "
+        
                          
+        
                           
+      "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Windows Sandbox may fail to start with error code “0x80070002”
                          Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Next steps: We are working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 18362.116

                          May 20, 2019
                          KB4505057                          		Investigating
                          		Last updated:
                          June 10, 2019 
                          06:06 PM PT

                          Opened:
                          May 24, 2019 
                          04:20 PM PT
                          Loss of functionality in Dynabook Smartphone Link app
                          Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

                          To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Next steps: Microsoft and Dynabook are working on a resolution; the Dynabook Smartphone Link application may have a loss of functionality until this issue is resolved.

                          Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

                          Back to top                          		OS Build 18362.116

                          May 20, 2019
                          KB4505057                          		Investigating
                          		Last updated:
                          May 24, 2019 
                          03:10 PM PT

                          Opened:
                          May 24, 2019 
                          03:10 PM PT
                          Display brightness may not respond to adjustments
                          Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Window 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

                          To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: Restart your device to apply changes to brightness.

                          Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

                          Next steps: We are working on a resolution that will be made available in upcoming release.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Investigating
                          		Last updated:
                          May 21, 2019 
                          04:47 PM PT

                          Opened:
                          May 21, 2019 
                          07:56 AM PT
                          Audio not working with Dolby Atmos headphones and home theater 
                          After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
                           
                          This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
                           
                          To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Next steps: We are working on a resolution for Microsoft Store and estimate a solution will be available in mid-June.
                          Note We recommend you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved. 

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Investigating
                          		Last updated:
                          May 21, 2019 
                          07:17 AM PT

                          Opened:
                          May 21, 2019 
                          07:16 AM PT
                          Error attempting to update with external USB device or memory card attached 
                          If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

                          Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

                          Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

                          To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: This issue has been partially resolved but to ensure seamless update experience, the safeguard hold is still in place. In the short term, we recommend you do the following workaround to update to Windows 10, version 1903. Remove all external media, such as USB devices and SD cards, from your computer and restart installation of the Windows 10, version 1903 feature update. The update should then proceed normally.

                          Note If you need to keep your external device, SD memory card, or other devices attached to your computer while updating, we recommend that you do not attempt to manually update to Windows 10, version 1903 using the Update now button or the Media Creation Tool until this issue has been resolved.

                          Next steps: We are working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          June 11, 2019 
                          12:34 PM PT

                          Opened:
                          May 21, 2019 
                          07:38 AM PT
                          Gamma ramps, color profiles, and night light settings do not apply in some cases
                          Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

                          Microsoft has identified some scenarios where night light settings may stop working, for example:
                          • Connecting to (or disconnecting from) an external monitor, dock, or projector
                          • Rotating the screen
                          • Updating display drivers or making other display mode changes
                          • Closing full screen applications
                          • Applying custom color profiles
                          • Running applications that rely on custom gamma ramps
                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

                          Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

                          Next steps: We are working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          May 24, 2019 
                          11:02 AM PT

                          Opened:
                          May 21, 2019 
                          07:28 AM PT
                          Unable to discover or connect to Bluetooth devices
                          Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          • Server: Windows Server, version 1903
                          Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

                          • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
                          • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
                          Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

                          Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          May 21, 2019 
                          04:48 PM PT

                          Opened:
                          May 21, 2019 
                          07:29 AM PT
                          Intel Audio displays an intcdaud.sys notification
                          Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
                            
                          To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

                          Affected platforms:
                          • Client: Windows 10, version 1903; Windows 10, version 1809
                          Workaround:
                          On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

                          For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

                          Note We recommend you do not attempt to update your devices until newer device drivers are installed.

                          Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          May 21, 2019 
                          04:47 PM PT

                          Opened:
                          May 21, 2019 
                          07:22 AM PT
                          Cannot launch Camera app 
                          Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:
                          \"Close other apps, error code: 0XA00F4243.”

                          To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: To temporarily resolve this issue, perform one of the following:

                          • Unplug your camera and plug it back in.
                          or
                          • Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.
                          or
                          • Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart
                          Note This workaround will only resolve the issue until your next system restart.

                          Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

                          Next steps: We are working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          May 21, 2019 
                          04:47 PM PT

                          Opened:
                          May 21, 2019 
                          07:20 AM PT
                          Intermittent loss of Wi-Fi connectivity
                          Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

                          To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: Download and install an updated Wi-Fi driver from your device manufacturer (OEM).
                           
                          Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Mitigated
                          		Last updated:
                          May 21, 2019 
                          04:46 PM PT

                          Opened:
                          May 21, 2019 
                          07:13 AM PT
                          Duplicate folders and documents showing in user profile directory
                          If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

                          To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.
                          (Posted June 11, 2019)

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		Resolved:
                          May 29, 2019 
                          02:00 PM PT

                          Opened:
                          May 21, 2019 
                          07:16 AM PT
                          Older versions of BattlEye anti-cheat software incompatible
                          Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

                          To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Workaround: Before updating your machine, we recommend you do one or more of the following:

                          • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
                          • Restart your system and open the game again.
                          • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
                          • Uninstall and reinstall your game.
                          Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		Resolved:
                          June 07, 2019 
                          04:26 PM PT

                          Opened:
                          May 21, 2019 
                          07:34 AM PT
                          AMD RAID driver incompatibility  
                          Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:
                          AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.
                          “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”
                           
                          To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
                           
                          Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          		Resolved:
                          June 06, 2019 
                          11:06 AM PT

                          Opened:
                          May 21, 2019 
                          07:12 AM PT
                          D3D applications and games may fail to enter full-screen mode on rotated displays
                          Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

                          Affected platforms:
                          • Client: Windows 10, version 1903
                          • Server: Windows Server, version 1903
                          Resolution: This issue was resolved in KB4497935

                          Back to top                          		OS Build 18362.116

                          May 21, 2019
                          KB4505057                          		Resolved
                          KB4497935                          		Resolved:
                          May 29, 2019 
                          02:00 PM PT

                          Opened:
                          May 21, 2019 
                          07:05 AM PT
                          
+      "
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index ef1b22e4bf..aae03cfacf 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -5,7 +5,7 @@ title: Windows 7 and Windows Server 2008 R2 SP1
 metadata:
   document_id: 
   title: Windows 7 and Windows Server 2008 R2 SP1
-  description: View annoucements and review known issues and fixes for Windows 7 and Windows Server 2008 R2 SP1
+  description: View announcements and review known issues and fixes for Windows 7 and Windows Server 2008 R2 SP1
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,16 +60,13 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
+      
-      
-      
-      
-      
-      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		May 08, 2019 
                          03:29 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		May 03, 2019 
                          08:50 AM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489878                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          IE11 may stop working when loading or interacting with Power BI reports
                          Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working

                          See details >                          		May 14, 2019
                          KB4499164                          		Mitigated
                          		June 07, 2019 
                          02:57 PM PT
                          
       
                          System may be unresponsive after restart with certain McAfee antivirus products
                          Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

                          See details >                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		April 25, 2019 
                          02:00 PM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480970                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          NETDOM.EXE fails to run
                          NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

                          See details >                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4486563                          		Resolved
                          KB4493472                          		April 09, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499164                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:23 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493472                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4499164                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -80,16 +77,33 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          IE11 may stop working when loading or interacting with Power BI reports
                          Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.


                          Affected platforms:
                          • Client: Windows 7 SP1; Windows 8.1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2

                          Workaround: To mitigate the issue with Power BI reports, the report needs to be republished with markers turned off. Markers can be turned off by selecting the line chart that is having issues and going to the Visualizations pane. Then on the Format tab under Shapes, set the Show marker slider to off.

                          Next steps: We are working on a resolution and estimate a solution will be available in mid-July.

                          Back to top                          		May 14, 2019
                          KB4499164                          		Mitigated
                          		Last updated:
                          June 07, 2019 
                          02:57 PM PT

                          Opened:
                          June 07, 2019 
                          02:57 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499164                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
-      
-      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		Last updated:
                          May 08, 2019 
                          03:29 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		Last updated:
                          May 03, 2019 
                          08:50 AM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          System may be unresponsive after restart with certain McAfee antivirus products
                          Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

                          Affected platforms:
                          • Client:  Windows 8.1; Windows 7 SP1
                          • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
                          Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493472 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:23 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493472                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -98,26 +112,6 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Workaround: To mitigate this issue, use one of the following options:
                          • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
                          • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
                          • Option 3: Use constrained delegation.
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: This issue is resolved in KB4493472.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          NETDOM.EXE fails to run
                          After installing KB4489878, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4493472.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
                           
                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
                           
                          Affected platforms:  
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493472

                          Back to top                          		February 12, 2019
                          KB4486563                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: January 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
                          • Cache size and location show zero or empty.
                          • Keyboard shortcuts may not work properly.
                          • Webpages may intermittently fail to load or render correctly.
                          • Issues with credential prompts.
                          • Issues when downloading files.
                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493472.

                          Back to top                          		January 08, 2019
                          KB4480970                          		Resolved
                          KB4493472                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue was resolved in KB4499164.

                          Back to top                          		March 12, 2019
                          KB4489878                          		Resolved
                          KB4499164                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index e159932ae6..c57eb16042 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -5,7 +5,7 @@ title: Windows 8.1 and Windows Server 2012 R2
 metadata:
   document_id: 
   title: Windows 8.1 and Windows Server 2012 R2
-  description: View annoucements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2
+  description: View announcements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,17 +60,16 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
+      
+      
-      
-      
-      
-      
-      
+      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		May 08, 2019 
                          03:29 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		May 03, 2019 
                          08:50 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489881                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          IE11 may stop working when loading or interacting with Power BI reports
                          Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working

                          See details >                          		May 14, 2019
                          KB4499151                          		Mitigated
                          		June 07, 2019 
                          02:57 PM PT
                          Japanese IME doesn't show the new Japanese Era name as a text input option
                          If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

                          See details >                          		April 25, 2019
                          KB4493443                          		Mitigated
                          		May 15, 2019 
                          05:53 PM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

                          See details >                          		January 08, 2019
                          KB4480963                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          
       
                          System may be unresponsive after restart with certain McAfee antivirus products
                          Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

                          See details >                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		April 18, 2019 
                          05:00 PM PT
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		April 25, 2019 
                          02:00 PM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding.
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

                          See details >                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4487000                          		Resolved
                          KB4493446                          		April 09, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4503276                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499151                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		April 25, 2019
                          KB4493443                          		Resolved
                          KB4499151                          		May 14, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:22 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493446                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          
       
                          
       "
 
@@ -81,16 +80,35 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          IE11 may stop working when loading or interacting with Power BI reports
                          Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.


                          Affected platforms:
                          • Client: Windows 7 SP1; Windows 8.1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2

                          Workaround: To mitigate the issue with Power BI reports, the report needs to be republished with markers turned off. Markers can be turned off by selecting the line chart that is having issues and going to the Visualizations pane. Then on the Format tab under Shapes, set the Show marker slider to off.

                          Next steps: We are working on a resolution and estimate a solution will be available in mid-July.

                          Back to top                          		May 14, 2019
                          KB4499151                          		Mitigated
                          		Last updated:
                          June 07, 2019 
                          02:57 PM PT

                          Opened:
                          June 07, 2019 
                          02:57 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Japanese IME doesn't show the new Japanese Era name as a text input option
                          If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

                          Affected platforms:
                          • Client: Windows 8.1
                          • Server: Windows Server 2012 R2; Windows Server 2012
                          Workaround: 
                          If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

                          Back to top                          		April 25, 2019
                          KB4493443                          		Mitigated
                          		Last updated:
                          May 15, 2019 
                          05:53 PM PT

                          Opened:
                          May 15, 2019 
                          05:53 PM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499151                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		April 25, 2019
                          KB4493443                          		Resolved
                          KB4499151                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
-      
-      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

                          Affected platforms:
                          • Client:  Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		Last updated:
                          May 08, 2019 
                          03:29 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		Last updated:
                          May 03, 2019 
                          08:50 AM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          System may be unresponsive after restart with certain McAfee antivirus products
                          Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

                          Affected platforms:
                          • Client:  Windows 8.1; Windows 7 SP1
                          • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
                          Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

                          Back to top                          		April 09, 2019
                          KB4493446                          		Mitigated
                          		Last updated:
                          April 18, 2019 
                          05:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          Devices may not respond at login or Welcome screen if running certain Avast software
                          Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493446 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if ArcaBit antivirus software installed
                          Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms:
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:22 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493446                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -99,18 +117,7 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

                          Option 1:
                          Open an Administrator Command prompt and type the following:
                          Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
-

                          Option 2:
                          Use the Windows Deployment Services UI to make the following adjustment:
                          1. Open Windows Deployment Services from Windows Administrative Tools.
                          2. Expand Servers and right-click a WDS server.
                          3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
                          Option 3:
                          Set the following registry value to 0:
                          HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension

                          Restart the WDSServer service after disabling the Variable Window Extension.

                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          Custom URI schemes may not start corresponding application
                          After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
                          Resolution: This issue is resolved in KB4493446.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4493446                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

                          Affected platforms 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493446.

                          Back to top                          		February 12, 2019
                          KB4487000                          		Resolved
                          KB4493446                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Resolution: This issue was resolved in KB4503276.

                          Back to top                          		March 12, 2019
                          KB4489881                          		Resolved
                          KB4503276                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -120,7 +127,5 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:
                          • Perform the operation from a process that has administrator privilege.
                          • Perform the operation from a node that doesn’t have CSV ownership.
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		January 08, 2019
                          KB4480963                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
                          • Cache size and location show zero or empty.
                          • Keyboard shortcuts may not work properly.
                          • Webpages may intermittently fail to load or render correctly.
                          • Issues with credential prompts.
                          • Issues when downloading files.
                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493446.

                          Back to top                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding.
                          After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue is resolved in KB4493446.

                          Back to top                          		January 08, 2019
                          KB4480963                          		Resolved
                          KB4493446                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index 102f665769..a38199a095 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -5,7 +5,7 @@ title: Windows Server 2008 SP2
 metadata:
   document_id: 
   title: Windows Server 2008 SP2
-  description: View annoucements and review known issues and fixes for Windows Server 2008 SP2
+  description: View announcements and review known issues and fixes for Windows Server 2008 SP2
   keywords: Windows, Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,11 +60,9 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
-      
-      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Mitigated
                          		May 03, 2019 
                          08:51 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489880                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4487023                          		Resolved
                          KB4493471                          		April 09, 2019 
                          10:00 AM PT
                          NETDOM.EXE fails to run
                          NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

                          See details >                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4493471                          		April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493471                          		Resolved
                          		May 14, 2019 
                          01:19 PM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

                          See details >                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4499149                          		May 14, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -80,8 +78,8 @@ sections:
   - type: markdown
     text: "
       
-      
-      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article

                          Back to top                          		April 09, 2019
                          KB4493471                          		Mitigated
                          		Last updated:
                          May 03, 2019 
                          08:51 AM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493471                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493471                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493471                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:19 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -90,16 +88,6 @@ sections:
   - type: markdown
     text: "
       
-      
-      
-      
                          DetailsOriginating updateStatusHistory
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Workaround: To mitigate this issue, use one of the following options:
                          • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
                          • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
                          • Option 3: Use constrained delegation.
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		March 12, 2019
                          KB4489880                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          NETDOM.EXE fails to run
                          After installing KB4489880, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4493471.

                          Back to top                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4493471                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

                          Affected platforms 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue is resolved in KB4493471.

                          Back to top                          		February 12, 2019
                          KB4487023                          		Resolved
                          KB4493471                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Authentication may fail for services after the Kerberos ticket expires
                          After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

                          Affected platforms: 
                          • Client: Windows 7 SP1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue was resolved in KB4499149.

                          Back to top                          		March 12, 2019
                          KB4489880                          		Resolved
                          KB4499149                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index 831a726f86..4b03573e5d 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -5,7 +5,7 @@ title: Windows Server 2012
 metadata:
   document_id: 
   title: Windows Server 2012
-  description: View annoucements and review known issues and fixes for Windows Server 2012
+  description: View announcements and review known issues and fixes for Windows Server 2012
   keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
   ms.localizationpriority: high
   author: greg-lindsay
@@ -29,21 +29,21 @@ sections:
     columns: 3
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
 - items:
   - type: markdown
     text: "
@@ -60,13 +60,14 @@ sections:
   - type: markdown
     text: "
                          This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

                          
       
-      
-      
-      
+      
+      
-      
-      
-      
+      
+      
+      
+      
+      
                          SummaryOriginating updateStatusLast updated
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Mitigated
                          		May 03, 2019 
                          08:51 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489891                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          IE11 may stop working when loading or interacting with Power BI reports
                          Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working

                          See details >                          		May 14, 2019
                          KB4499171                          		Mitigated
                          		June 07, 2019 
                          02:57 PM PT
                          Japanese IME doesn't show the new Japanese Era name as a text input option
                          If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

                          See details >                          		April 25, 2019
                          KB4493462                          		Mitigated
                          		May 15, 2019 
                          05:53 PM PT
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

                          See details >                          		January 08, 2019
                          KB4480975                          		Mitigated
                          		April 25, 2019 
                          02:00 PM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          See details >                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          See details >                          		February 12, 2019
                          KB4487025                          		Resolved
                          KB4493451                          		April 09, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

                          See details >                          		March 12, 2019
                          KB4489891                          		Resolved
                          KB4503285                          		June 11, 2019 
                          10:00 AM PT
                          Unable to access some gov.uk websites
                          gov.uk websites that don’t support “HSTS” may not be accessible

                          See details >                          		May 14, 2019
                          KB4499171                          		Resolved
                          KB4505050                          		May 18, 2019 
                          02:00 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. 

                          See details >                          		April 25, 2019
                          KB4493462                          		Resolved
                          KB4499171                          		May 14, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Resolved
                          		May 14, 2019 
                          01:21 PM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Devices with Avira antivirus software installed may become unresponsive upon restart.

                          See details >                          		April 09, 2019
                          KB4493451                          		Resolved
                          		May 14, 2019 
                          01:19 PM PT
                          
       
                          
       "
 
@@ -77,13 +78,33 @@ sections:
         
                          
         
                           
       "
+- title: June 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          IE11 may stop working when loading or interacting with Power BI reports
                          Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.


                          Affected platforms:
                          • Client: Windows 7 SP1; Windows 8.1
                          • Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2

                          Workaround: To mitigate the issue with Power BI reports, the report needs to be republished with markers turned off. Markers can be turned off by selecting the line chart that is having issues and going to the Visualizations pane. Then on the Format tab under Shapes, set the Show marker slider to off.

                          Next steps: We are working on a resolution and estimate a solution will be available in mid-July.

                          Back to top                          		May 14, 2019
                          KB4499171                          		Mitigated
                          		Last updated:
                          June 07, 2019 
                          02:57 PM PT

                          Opened:
                          June 07, 2019 
                          02:57 PM PT
                          
+      "
+
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      
+      
+      
+      
+      
                          DetailsOriginating updateStatusHistory
                          Japanese IME doesn't show the new Japanese Era name as a text input option
                          If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

                          Affected platforms:
                          • Client: Windows 8.1
                          • Server: Windows Server 2012 R2; Windows Server 2012
                          Workaround: 
                          If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
                          • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
                          • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

                          Back to top                          		April 25, 2019
                          KB4493462                          		Mitigated
                          		Last updated:
                          May 15, 2019 
                          05:53 PM PT

                          Opened:
                          May 15, 2019 
                          05:53 PM PT
                          Unable to access some gov.uk websites
                          After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device.
                          To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website.

                          Back to top                          		May 14, 2019
                          KB4499171                          		Resolved
                          KB4505050                          		Resolved:
                          May 18, 2019 
                          02:00 PM PT

                          Opened:
                          May 16, 2019 
                          01:57 PM PT
                          Layout and cell size of Excel sheets may change when using MS UI Gothic 
                          When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue has been resolved.

                          Back to top                          		April 25, 2019
                          KB4493462                          		Resolved
                          KB4499171                          		Resolved:
                          May 14, 2019 
                          10:00 AM PT

                          Opened:
                          May 10, 2019 
                          10:35 AM PT
                          
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       
-      
-      
+      
+      
                          DetailsOriginating updateStatusHistory
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Mitigated
                          		Last updated:
                          May 03, 2019 
                          08:51 AM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System unresponsive after restart if Sophos Endpoint Protection installed
                          Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:21 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          System may be unresponsive after restart if Avira antivirus software installed
                          Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

                          Affected platforms: 
                          • Client: Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
                          Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

                          Back to top                          		April 09, 2019
                          KB4493451                          		Resolved
                          		Resolved:
                          May 14, 2019 
                          01:19 PM PT

                          Opened:
                          April 09, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -92,17 +113,7 @@ sections:
   - type: markdown
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          Issue using PXE to start a device from WDS
                          After installing KB4489891, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

                          Option 1:
                          Open an Administrator Command prompt and type the following:
                          Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
-

                          Option 2:
                          Use the Windows Deployment Services UI to make the following adjustment:
                          1. Open Windows Deployment Services from Windows Administrative Tools.
                          2. Expand Servers and right-click a WDS server.
                          3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
                          Option 3:
                          Set the following registry value to 0:
                          HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension

                          Restart the WDSServer service after disabling the Variable Window Extension.

                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		March 12, 2019
                          KB4489891                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      
-      
+      
                          DetailsOriginating updateStatusHistory
                          Embedded objects may display incorrectly
                          Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

                          For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

                          Affected platforms 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
                          Resolution: This issue is resolved in KB4493451.

                          Back to top                          		February 12, 2019
                          KB4487025                          		Resolved
                          KB4493451                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          February 12, 2019 
                          10:00 AM PT
                          Issue using PXE to start a device from WDS
                          After installing KB4489891, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
                          Resolution: This issue was resolved in KB4503285.

                          Back to top                          		March 12, 2019
                          KB4489891                          		Resolved
                          KB4503285                          		Resolved:
                          June 11, 2019 
                          10:00 AM PT

                          Opened:
                          March 12, 2019 
                          10:00 AM PT
                          
       
                          
       "
 
@@ -112,7 +123,5 @@ sections:
     text: "
       
-      
-      
                          DetailsOriginating updateStatusHistory
                          
       
                          Certain operations performed on a Cluster Shared Volume may fail
                          Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Workaround: Do one of the following:
                          • Perform the operation from a process that has administrator privilege.
                          • Perform the operation from a node that doesn’t have CSV ownership.
                          Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

                          Back to top                          		January 08, 2019
                          KB4480975                          		Mitigated
                          		Last updated:
                          April 25, 2019 
                          02:00 PM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          Internet Explorer 11 authentication issue with multiple concurrent logons
                          After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
                          • Cache size and location show zero or empty.
                          • Keyboard shortcuts may not work properly.
                          • Webpages may intermittently fail to load or render correctly.
                          • Issues with credential prompts.
                          • Issues when downloading files.
                          Affected platforms: 
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
                          Resolution: This issue is resolved in KB4493451.

                          Back to top                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          MSXML6 may cause applications to stop responding 
                          After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

                          The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

                          Affected platforms:
                          • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
                          • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
                          Resolution: This issue is resolved in KB4493451.

                          Back to top                          		January 08, 2019
                          KB4480975                          		Resolved
                          KB4493451                          		Resolved:
                          April 09, 2019 
                          10:00 AM PT

                          Opened:
                          January 08, 2019 
                          10:00 AM PT
                          
       
                          
       "
diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml
index 2a4ba41456..9619ecc9de 100644
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@@ -23,21 +23,21 @@ sections:
     columns: 2
     items:
     
-    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
-      html: Read the announcement >
+    - href: https://blogs.windows.com/windowsexperience/
+      html: Get the update >
       image: 
-        src: https://docs.microsoft.com//media/common/i_deploy.svg
-      title: Windows 10, version 1809 designated for broad deployment
-    - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
-      html: Find out more >
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
+      title: Windows 10, version 1903 rollout begins
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Read about the latest enhancements > 
       image: 
         src: https://docs.microsoft.com/media/common/i_whats-new.svg
-      title: Improvements to the Windows 10 update experience are coming
-    - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
-      html: Learn about our approach >
+      title: What’s new in Windows Update for Business
+    - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+      html: Get an overview > 
       image: 
         src: https://docs.microsoft.com/media/common/i_investigate.svg
-      title: How do we measure and improve the quality of Windows?
+      title: What’s new for businesses and IT pros in Windows 10
     - href: https://docs.microsoft.com/windows/windows-10/release-information
       html: Visit the Windows 10 release information page >
       image: 
@@ -50,6 +50,27 @@ sections:
     text: "
       
       
+      
+      
+      
+      
+      
+      
                          MessageDate
                          Windows 10, version 1903 rollout begins
                          The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback.                          		May 21, 2019 
                          10:00 AM PT
                          What’s new in Windows Update for Business
                          We are enhancing and expanding the capabilities of Windows Update for Business to make the move to the cloud even easier. From simplified branch readiness options to better control over deadlines and reboots, read about the enhancements to Windows Update for Business as a part of Windows 10, version 1903.                           		May 21, 2019 
                          10:00 AM PT
                          What’s new for businesses and IT pros in Windows 10
                          Explore the newest capabilities for businesses and IT in the latest feature update in the areas of intelligent security, simplified updates, flexible management, and enhanced productivity.                           		May 21, 2019 
                          10:00 AM PT
                          Reminder: Install the latest SSU for a smoother update experience 
                          We strongly recommend that you install the latest servicing stack update (SSU) before installing any Windows update; especially as an SSU may be a prerequisite for some updates. If you have difficulty installing Windows updates, verify that you have installed the latest SSU package for your version of Windows and then try installing the update again. Links to the latest SSU are always provided in the “How to get this update” section of each update KB article (e.g., KB4494441).  For more information about SSUs, see our Servicing stack updates guidance.
                          		May 14, 2019 
                          10:00 AM PT
                          Take action: Update Remote Desktop Services on older versions of Windows
                          Today, we released fixes for a critical wormable, remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services—formerly known as Terminal Services. This vulnerability affects Windows 7, Windows Server 2008 R2, and earlier versions of Windows nearing end of support. It does not affect Windows 8, Windows Server 2012, or newer operating systems. While we have not observed attacks exploiting this vulnerability, affected systems should be patched with priority. Here is what you need to know:
                           
                          
+Call to action:
+
                            
+
                          • 	If you are running a supported version of Windows and have automatic updates enabled, you are automatically protected and do not need to take any action. 
                            • 
+
                          • 	If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply them to your Windows 7, Windows Server 2008 R2, and Windows Server 2008 devices as soon as possible.
                            • 
+
                          
+Given the potential impact to customers and their businesses, we have also released security updates for Windows XP and Windows Server 2003, even though these operating systems have reached end of support (except by custom support agreements). While we recommend that you upgrade to the current version of Windows to benefit from the latest security protections, these updates are available from the Microsoft Update Catalog only. For more information, see KB4500705.
+ 
                          
+                          		May 14, 2019 
                          10:00 AM PT
                          Reminder: Windows 10  update servicing cadence
                          This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence: 
                          
+ 
                            
+
                          • 	April 9, 2019 was the regular Update Tuesday release for all versions of Windows.
                            •  
+
                          • 	May 1, 2019 was an \"optional,\" out of band non-security update (OOB) for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
                            • 
+
                          • 	May 3, 2019 was the \"optional\" Windows 10, version 1809 \"C\" release for April. This update contained important Japanese era packages for commercial customers to preview. It was released later than expected and mistakenly targeted as \"required\" (instead of \"optional\") for consumers, which pushed the update out to customers and required a reboot. Within 24 hours of receiving customer reports, we corrected the targeting logic and mitigated the issue.
                            • 
+ 
                          
+ For more information about the Windows 10  update servicing cadence, please see the Window IT Pro blog.
                          
+                          		May 10, 2019 
                          10:00 AM PT
                          
       
                          Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support
                          A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update.                          		April 19, 2019 
                          10:00 AM PT
                          
       
                          The benefits of Windows 10 Dynamic Update
                          Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. 

                          
 
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 961279662e..d407ef1215 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -21,7 +21,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
-           "**/*.gif"
+          "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",
@@ -32,24 +32,24 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-	  "uhfHeaderId": "MSDocsHeader-WindowsIT", 
-	  "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
-	  "ms.technology": "windows",
-	  "ms.topic": "article",
-	  "feedback_system": "GitHub",
-	  "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-          "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-	  "ms.author": "justinha",
-	  "_op_documentIdPathDepotMapping": {
-			"./": {
-			  "depot_name": "MSDN.security",
-                          "folder_relative_path_in_docset": "./"
-			}
-		}
+      "uhfHeaderId": "MSDocsHeader-WindowsIT",
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "ms.technology": "windows",
+      "ms.topic": "article",
+      "feedback_system": "GitHub",
+      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "ms.author": "justinha",
+      "_op_documentIdPathDepotMapping": {
+        "./": {
+          "depot_name": "MSDN.security",
+          "folder_relative_path_in_docset": "./"
+        }
+      }
     },
     "fileMetadata": {},
     "template": [],
     "dest": "security",
-    "markdownEngineName": "dfm"
+    "markdownEngineName": "markdig"
   }
 }
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 2743a5eb64..36a6c863ed 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/18/2017
+ms.reviewer: 
 ---
 
 # Access Control Overview
@@ -105,7 +106,7 @@ When you need to change the permissions on a file, you can run Windows Explorer,
 **Note**  
 Another kind of permissions, called share permissions, is set on the Sharing tab of a folder's **Properties** page or by using the Shared Folder Wizard. For more information see [Share and NTFS Permissions on a File Server](https://technet.microsoft.com/library/cc754178.aspx).
 
- 
+ 
 
 ### Ownership of objects
 
@@ -136,9 +137,9 @@ For more information about auditing, see [Security Auditing Overview](/windows/d
 -   For more information about access control and authorization, see [Access Control and Authorization Overview](https://technet.microsoft.com/library/jj134043(v=ws.11).aspx).
 
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index f9fd22c432..9b684b3be6 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Active Directory Accounts
@@ -60,7 +61,7 @@ This topic describes the following:
 
 Default local accounts are built-in accounts that are created automatically when a Windows Server domain controller is installed and the domain is created. These default local accounts have counterparts in Active Directory. These accounts also have domain-wide access and are completely separate from the default local user accounts for a member or standalone server.
 
-You can assign rights and permissions to default local accounts on a particular domain controller, and only on that domain controller. These accounts are local to the domain. After the default local accounts are installed, they are stored in the Users container in Active Directory Users and Computers. It is a best practice to keep the default local accounts in the User container and not attempt to move these accounts, for example, to a different organizational unit (OU).
+You can assign rights and permissions to default local accounts on a particular domain controller, and only on that domain controller. These accounts are local to the domain. After the default local accounts are installed, they are stored in the Users container in Active Directory Users and Computers. It is a best practice to keep the default local accounts in the User container and not attempt to move these accounts, for example, to a different organizational unit (OU).
 
 The default local accounts in the Users container include: Administrator, Guest, and KRBTGT. The HelpAssistant account is installed when a Remote Assistance session is established. The following sections describe the default local accounts and their use in Active Directory.
 
@@ -72,7 +73,7 @@ Primarily, default local accounts do the following:
 
 -   Audit the actions that are carried out on a user account.
 
-In Active Directory, default local accounts are used by administrators to manage domain and member servers directly and from dedicated administrative workstations. Active Directory accounts provide access to network resources. Active Directory User accounts and Computer accounts can represent a physical entity, such as a computer or person, or act as dedicated service accounts for some applications.
+In Active Directory, default local accounts are used by administrators to manage domain and member servers directly and from dedicated administrative workstations. Active Directory accounts provide access to network resources. Active Directory User accounts and Computer accounts can represent a physical entity, such as a computer or person, or act as dedicated service accounts for some applications.
 
 Each default local account is automatically assigned to a security group that is preconfigured with the appropriate rights and permissions to perform specific tasks. Active Directory security groups collect user accounts, computer accounts, and other groups into manageable units. For more information, see [Active Directory Security Groups](active-directory-security-groups.md).
 
@@ -105,10 +106,10 @@ The Administrator account can also be disabled when it is not required. Renaming
 
 On a domain controller, the Administrator account becomes the Domain Admin account. The Domain Admin account is used to sign in to the domain controller and this account requires a strong password. The Domain Admin account gives you access to domain resources.
 
-**Note**  
+**Note**  
 When the domain controller is initially installed, you can sign in and use Server Manager to set up a local Administrator account, with the rights and permissions you want to assign. For example, you can use a local Administrator account to manage the operating system when you first install it. By using this approach, you can set up the operating system without getting locked out. Generally, you do not need to use the account after installation. You can only create local user accounts on the domain controller, before Active Directory Domain Services is installed, and not afterwards.
 
- 
+
 
 When Active Directory is installed on the first domain controller in the domain, the Administrator account is created for Active Directory. The Administrator account is the most powerful account in the domain. It is given domain-wide access and administrative rights to administer the computer and the domain, and it has the most extensive rights and permissions over the domain. The person who installs Active Directory Domain Services on the computer creates the password for this account during the installation.
 
@@ -163,7 +164,7 @@ When Active Directory is installed on the first domain controller in the domain,
 
                          
 
                          
 
- 
+
 
 ## Guest account
 
@@ -245,7 +246,7 @@ For details about the Guest account attributes, see the following table.
 
 
 
- 
+
 
 ## HelpAssistant account (installed with a Remote Assistance session)
 
@@ -316,7 +317,7 @@ For details about the HelpAssistant account attributes, see the following table.
 
 
 
- 
+
 
 ## KRBTGT account
 
@@ -333,9 +334,9 @@ A strong password is assigned to the KRBTGT account automatically. Be sure that
 
 On occasion, the KRBTGT account password requires a reset, for example, when an attempt to change the password on the KRBTGT account fails. In order to resolve this issue, you reset the KRBTGT user account password twice by using Active Directory Users and Computers. You must reset the password twice because the KRBTGT account stores only two of the most recent passwords in the password history. By resetting the password twice, you effectively clear all passwords from the password history.
 
-Resetting the password requires you either to be a member of the Domain Admins group, or to have been delegated with the appropriate authority. In addition, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
+Resetting the password requires you either to be a member of the Domain Admins group, or to have been delegated with the appropriate authority. In addition, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
 
-After you reset the KRBTGT password, ensure that event ID 6 in the (Kerberos) Key-Distribution-Center event source is written to the System event log.
+After you reset the KRBTGT password, ensure that event ID 6 in the (Kerberos) Key-Distribution-Center event source is written to the System event log.
 
 ### Security considerations
 
@@ -355,14 +356,14 @@ For all account types (users, computers, and services)
 
 Because it is impossible to predict the specific errors that will occur for any given user in a production operating environment, you must assume all computers and users will be affected.
 
-**Important**  
+**Important**  
 Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
 
 For information about how to help mitigate the risks associated with a potentially compromised KRBTGT account, see [KRBTGT Account Password Reset Scripts now available for customers](https://blogs.microsoft.com/cybertrust/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/).
 
 ### Read-only domain controllers and the KRBTGT account
 
-Windows Server 2008 introduced the read-only domain controller (RODC). The RODC is advertised as the Key Distribution Center (KDC) for the branch office. The RODC uses a different KRBTGT account and password than the KDC on a writable domain controller when it signs or encrypts ticket-granting ticket (TGT) requests. After an account is successfully authenticated, the RODC determines if a user's credentials or a computer's credentials can be replicated from the writable domain controller to the RODC by using the Password Replication Policy.
+Windows Server 2008 introduced the read-only domain controller (RODC). The RODC is advertised as the Key Distribution Center (KDC) for the branch office. The RODC uses a different KRBTGT account and password than the KDC on a writable domain controller when it signs or encrypts ticket-granting ticket (TGT) requests. After an account is successfully authenticated, the RODC determines if a user's credentials or a computer's credentials can be replicated from the writable domain controller to the RODC by using the Password Replication Policy.
 
 After the credentials are cached on the RODC, the RODC can accept that user's sign-in requests until the credentials change. When a TGT is signed with the KRBTGT account of the RODC, the RODC recognizes that it has a cached copy of the credentials. If another domain controller signs the TGT, the RODC forwards requests to a writable domain controller.
 
@@ -417,7 +418,7 @@ For details about the KRBTGT account attributes, see the following table.
 
 
 
- 
+
 
 ## Settings for default local accounts in Active Directory
 
@@ -453,7 +454,7 @@ Each default local account in Active Directory has a number of account settings
 
 
                          Store passwords using reversible encryption
                          
 
                          Provides support for applications that use protocols requiring knowledge of the plaintext form of the user’s password for authentication purposes.
                          
-
                          This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS).
                          
+
                          This option is required when using Challenge Handshake Authentication Protocol (CHAP) in Internet Authentication Services (IAS), and when using digest authentication in Internet Information Services (IIS).
                          
 
 
 
                          Account is disabled
                          
@@ -471,7 +472,7 @@ Each default local account in Active Directory has a number of account settings
 
 
 
                          Account is trusted for delegation
                          
-
                          Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.
                          
+
                          Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.
                          
 
 
 
                          Account is sensitive and cannot be delegated
                          
@@ -481,26 +482,25 @@ Each default local account in Active Directory has a number of account settings
 
                          Use DES encryption types for this account
                          
 
                          Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).
                          
 
                          
-Note  
-
                          DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see [Hunting down DES in order to securely deploy Kerberos](http://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx).
                          
+Note
                          DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see Hunting down DES in order to securely deploy Kerberos.
                          
 
                          
 
                          
- 
+
 
                          
 
 
 
                          Do not require Kerberos preauthentication
                          
-
                          Provides support for alternate implementations of the Kerberos protocol. Because preauthentication provides additional security, use caution when enabling this option. Note that domain controllers running Windows 2000 or Windows Server 2003 can use other mechanisms to synchronize time.
                          
+
                          Provides support for alternate implementations of the Kerberos protocol. Because preauthentication provides additional security, use caution when enabling this option. Note that domain controllers running Windows 2000 or Windows Server 2003 can use other mechanisms to synchronize time.
                          
 
 
 
 
- 
+
 
 ## Manage default local accounts in Active Directory
 
 
-After the default local accounts are installed, these accounts reside in the Users container in Active Directory Users and Computers. Default local accounts can be created, disabled, reset, and deleted by using the Active Directory Users and Computers Microsoft Management Console (MMC) and by using command-line tools.
+After the default local accounts are installed, these accounts reside in the Users container in Active Directory Users and Computers. Default local accounts can be created, disabled, reset, and deleted by using the Active Directory Users and Computers Microsoft Management Console (MMC) and by using command-line tools.
 
 You can use Active Directory Users and Computers to assign rights and permissions on a given local domain controller, and that domain controller only, to limit the ability of local users and groups to perform certain actions. A right authorizes a user to perform certain actions on a computer, such as backing up files and folders or shutting down a computer. In contrast, an access permission is a rule that is associated with an object, usually a file, folder, or printer, that regulates which users can have access to the object and in what manner.
 
@@ -553,19 +553,19 @@ Restrict Domain Admins accounts and other sensitive accounts to prevent them fro
 
 -   **Standard user account**. Grant standard user rights for standard user tasks, such as email, web browsing, and using line-of-business (LOB) applications. These accounts should not be granted administrator rights.
 
-**Important**  
+**Important**  
 Ensure that sensitive administrator accounts cannot access email or browse the Internet as described in the following section.
 
- 
+
 
 ### Create dedicated workstation hosts without Internet and email access
 
 Administrators need to manage job responsibilities that require sensitive administrator rights from a dedicated workstation because they do not have easy physical access to the servers. A workstation that is connected to the Internet and has email and web browsing access is regularly exposed to compromise through phishing, downloading, and other types of Internet attacks. Because of these threats, it is a best practice to set these administrators up by using workstations that are dedicated to administrative duties only, and not provide access to the Internet, including email and web browsing. For more information, see [Separate administrator accounts from user accounts](#task1-separate-admin-accounts).
 
-**Note**  
+**Note**  
 If the administrators in your environment can sign in locally to managed servers and perform all tasks without elevated rights or domain rights from their workstation, you can skip this task.
 
- 
+
 
 -   **Minimum**. Build dedicated administrative workstations and block Internet access on those workstations including web browsing and email. Use the following ways to block Internet access:
 
@@ -583,7 +583,7 @@ If the administrators in your environment can sign in locally to managed servers
 
 The following procedure describes how to block Internet access by creating a Group Policy Object (GPO) that configures an invalid proxy address on administrative workstations. These instructions apply only to computers running Internet Explorer and other Windows components that use these proxy settings.
 
-**Note**  
+**Note**  
 In this procedure, the workstations are dedicated to domain administrators. By simply modifying the administrator accounts to grant permission to administrators to sign in locally, you can create additional OUs to manage administrators that have fewer administrative rights to use the instructions described in the following procedure.
 
 **To install administrative workstations in a domain and block Internet and email access (minimum)**
@@ -620,10 +620,10 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
     4.  Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**.
 
-        **Important**  
+        **Important**  
         These instructions assume that the workstation is to be dedicated to domain administrators.
 
-         
+
 
     5.  Click **Add User or Group**, type **Administrators**, and > **OK**.
 
@@ -714,10 +714,10 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
 It is a best practice to restrict administrators from using sensitive administrator accounts to sign in to lower-trust servers and workstations. This restriction prevents administrators from inadvertently increasing the risk of credential theft by signing in to a lower-trust computer.
 
-**Important**  
+**Important**  
 Ensure that you either have local access to the domain controller or that you have built at least one dedicated administrative workstation.
 
- 
+
 
 Restrict logon access to lower-trust servers and workstations by using the following guidelines:
 
@@ -727,10 +727,10 @@ Restrict logon access to lower-trust servers and workstations by using the follo
 
 -   **Ideal**. Restrict server administrators from signing in to workstations, in addition to domain administrators.
 
-**Note**  
+**Note**  
 For this procedure, do not link accounts to the OU that contain workstations for administrators that perform administration duties only, and do not provide Internet or email access. For more information, see [Create dedicated workstation hosts for administrators](#task2-admin-workstations)
 
- 
+
 
 **To restrict domain administrators from workstations (minimum)**
 
@@ -760,19 +760,19 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
         ![Active Directory local accounts](images/adlocalaccounts-proc2-sample3.png)
 
-        **Note**  
+        **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
 
-         
+
 
     4.  Click **OK** to complete the configuration.
 
 8.  Configure the user rights to deny batch and service logon rights for domain administrators as follows:
 
-    **Note**  
+    **Note**  
     Completing this step might cause issues with administrator tasks that run as scheduled tasks or services with accounts in the Domain Admins group. The practice of using domain administrator accounts to run services and tasks on workstations creates a significant risk of credential theft attacks and therefore should be replaced with alternative means to run scheduled tasks or services.
 
-     
+
 
     1.  Double-click **Deny logon as a batch job**, and > **Define these policy settings**.
 
@@ -782,10 +782,10 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
         ![Active Directory local accounts](images/adlocalaccounts-proc2-sample4.png)
 
-        **Note**  
+        **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
 
-         
+
 
     4.  Double-click **Deny logon as a service**, and > **Define these policy settings**.
 
@@ -795,10 +795,10 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
         ![Active Directory local accounts](images/adlocalaccounts-proc2-sample5.png)
 
-        **Note**  
+        **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
 
-         
+
 
 9.  Link the GPO to the first Workstations OU.
 
@@ -818,10 +818,10 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
     However, do not create a link to the Administrative Workstation OU if it is created for administrative workstations that are dedicated to administration duties only, and that are without Internet or email access. For more information, see [Create dedicated workstation hosts for administrators](#task2-admin-workstations).
 
-    **Important**  
+    **Important**  
     If you later extend this solution, do not deny logon rights for the **Domain Users** group. The **Domain Users** group includes all user accounts in the domain, including Users, Domain Administrators, and Enterprise Administrators.
 
-     
+
 
 ### Disable the account delegation right for sensitive administrator accounts
 
diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 3b7f39ee7e..65e1e3a384 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Active Directory Security Groups
@@ -81,7 +82,7 @@ Groups are characterized by a scope that identifies the extent to which the grou
 **Note**  
 In addition to these three scopes, the default groups in the **Builtin** container have a group scope of Builtin Local. This group scope and group type cannot be changed.
 
- 
+ 
 
 The following table lists the three group scopes and more information about each scope for a security group.
 
@@ -142,7 +143,7 @@ The following table lists the three group scopes and more information about each
 
 
 
- 
+ 
 
 ### Special identity groups
 
@@ -188,357 +189,357 @@ The following tables provide descriptions of the default groups that are located
 
 
 
-
                          [Access Control Assistance Operators](#bkmk-acasstops)
                          
+
                          Access Control Assistance Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [Account Operators](#bkmk-accountoperators)
                          
+
                          Account Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Administrators](#bkmk-admins)
                          
+
                          Administrators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Allowed RODC Password Replication Group](#bkmk-allowedrodcpwdrepl)
                          
+
                          Allowed RODC Password Replication Group
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Backup Operators](#bkmk-backupoperators)
                          
+
                          Backup Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Certificate Service DCOM Access](#bkmk-certificateservicedcomaccess)
                          
+
                          Certificate Service DCOM Access
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Cert Publishers](#bkmk-certpublishers)
                          
+
                          Cert Publishers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Cloneable Domain Controllers](#bkmk-cloneabledomaincontrollers)
                          
+
                          Cloneable Domain Controllers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [Cryptographic Operators](#bkmk-cryptographicoperators)
                          
+
                          Cryptographic Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Device Owners](#bkmk-device-owners)
                          
+
                          Device Owners
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Distributed COM Users](#bkmk-distributedcomusers)
                          
+
                          Distributed COM Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [DnsUpdateProxy](#bkmk-dnsupdateproxy)
                          
+
                          DnsUpdateProxy
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [DnsAdmins](#bkmk-dnsadmins)
                          
+
                          DnsAdmins
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Domain Admins](#bkmk-domainadmins)
                          
+
                          Domain Admins
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Domain Computers](#bkmk-domaincomputers)
                          
+
                          Domain Computers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Domain Controllers](#bkmk-domaincontrollers)
                          
+
                          Domain Controllers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Domain Guests](#bkmk-domainguests)
                          
+
                          Domain Guests
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Domain Users](#bkmk-domainusers)
                          
+
                          Domain Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Enterprise Admins](#bkmk-entadmins)
                          
+
                          Enterprise Admins
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Enterprise Key Admins](#enterprise-key-admins)
                          
+
                          Enterprise Key Admins
                          
 
                          Yes
                          
 
                          
 
                          
 
                          
 
 
-
                          [Enterprise Read-only Domain Controllers](#bkmk-entrodc)
                          
+
                          Enterprise Read-only Domain Controllers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Event Log Readers](#bkmk-eventlogreaders)
                          
+
                          Event Log Readers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Group Policy Creator Owners](#bkmk-gpcreatorsowners)
                          
+
                          Group Policy Creator Owners
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Guests](#bkmk-guests)
                          
+
                          Guests
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Hyper-V Administrators](#bkmk-hypervadministrators)
                          
+
                          Hyper-V Administrators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [IIS_IUSRS](#bkmk-iis-iusrs)
                          
+
                          IIS_IUSRS
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)
                          
+
                          Incoming Forest Trust Builders
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Key Admins](#key-admins)
                          
+
                          Key Admins
                          
 
                          Yes
                          
 
                          
 
                          
 
                          
 
 
-
                          [Network Configuration Operators](#bkmk-networkcfgoperators)
                          
+
                          Network Configuration Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Performance Log Users](#bkmk-perflogusers)
                          
+
                          Performance Log Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Performance Monitor Users](#bkmk-perfmonitorusers)
                          
+
                          Performance Monitor Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)
                          
+
                          Pre–Windows 2000 Compatible Access
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Print Operators](#bkmk-printoperators)
                          
+
                          Print Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Protected Users](#bkmk-protectedusers)
                          
+
                          Protected Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
                          
 
 
-
                          [RAS and IAS Servers](#bkmk-rasandias)
                          
+
                          RAS and IAS Servers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [RDS Endpoint Servers](#bkmk-rdsendpointservers)
                          
+
                          RDS Endpoint Servers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [RDS Management Servers](#bkmk-rdsmanagementservers)
                          
+
                          RDS Management Servers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)
                          
+
                          RDS Remote Access Servers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [Read-only Domain Controllers](#bkmk-rodc)
                          
+
                          Read-only Domain Controllers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Remote Desktop Users](#bkmk-remotedesktopusers)
                          
+
                          Remote Desktop Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Remote Management Users](#bkmk-remotemanagementusers)
                          
+
                          Remote Management Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          
 
 
-
                          [Replicator](#bkmk-replicator)
                          
+
                          Replicator
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Schema Admins](#bkmk-schemaadmins)
                          
+
                          Schema Admins
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Server Operators](#bkmk-serveroperators)
                          
+
                          Server Operators
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Storage Replica Administrators](#storage-replica-administrators)
                          
+
                          Storage Replica Administrators
                          
 
                          Yes
                          
 
                          
 
                          
 
                          
 
 
-
                          [System Managed Accounts Group](#system-managed-accounts-group)
                          
+
                          System Managed Accounts Group
                          
 
                          Yes
                          
 
                          
 
                          
 
                          
 
 
-
                          [Terminal Server License Servers](#bkmk-terminalserverlic)
                          
+
                          Terminal Server License Servers
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Users](#bkmk-users)
                          
+
                          Users
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [Windows Authorization Access Group](#bkmk-winauthaccess)
                          
+
                          Windows Authorization Access Group
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
                          Yes
                          
 
 
-
                          [WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)
                          
+
                          WinRMRemoteWMIUsers_
                          
 
                          
 
                          Yes
                          
 
                          Yes
                          
@@ -547,7 +548,7 @@ The following tables provide descriptions of the default groups that are located
 
 
 
- 
+ 
 
 ### Access Control Assistance Operators
 
@@ -609,7 +610,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Account Operators
 
@@ -622,7 +623,7 @@ The Account Operators group applies to versions of the Windows Server operating
 **Note**  
 By default, this built-in group has no members, and it can create and manage users and groups in the domain, including its own membership and that of the Server Operators group. This group is considered a service administrator group because it can modify Server Operators, which in turn can modify domain controller settings. As a best practice, leave the membership of this group empty, and do not use it for any delegated administration. This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group has not changed since Windows Server 2008.
 
@@ -672,12 +673,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
 
 
 
 
- 
+ 
 
 ### Administrators
 
@@ -690,7 +691,7 @@ The Administrators group has built-in capabilities that give its members full co
 
 Membership can be modified by members of the following groups: the default service Administrators, Domain Admins in the domain, or Enterprise Admins. This group has the special privilege to take ownership of any object in the directory or any resource on a domain controller. This account is considered a service administrator group because its members have full access to the domain controllers in the domain.
 
- 
+ 
 
 This security group includes the following changes since Windows Server 2008:
 
@@ -744,38 +745,38 @@ This security group includes the following changes since Windows Server 2008:
 
 
 
                          Default User Rights
                          
-
                          [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
                          
-
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
-
                          [Allow log on through Remote Desktop Services](/windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services): SeRemoteInteractiveLogonRight
                          
-
                          [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
-
                          [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege
                          
-
                          [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
                          
-
                          [Create a pagefile](/windows/device-security/security-policy-settings/create-a-pagefile): SeCreatePagefilePrivilege
                          
-
                          [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                          
-
                          [Create symbolic links](/windows/device-security/security-policy-settings/create-symbolic-links): SeCreateSymbolicLinkPrivilege
                          
-
                          [Debug programs](/windows/device-security/security-policy-settings/debug-programs): SeDebugPrivilege
                          
-
                          [Enable computer and user accounts to be trusted for delegation](/windows/device-security/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation): SeEnableDelegationPrivilege
                          
-
                          [Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege
                          
-
                          [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                          
-
                          [Increase scheduling priority](/windows/device-security/security-policy-settings/increase-scheduling-priority): SeIncreaseBasePriorityPrivilege
                          
-
                          [Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege
                          
-
                          [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight
                          
-
                          [Manage auditing and security log](/windows/device-security/security-policy-settings/manage-auditing-and-security-log): SeSecurityPrivilege
                          
-
                          [Modify firmware environment values](/windows/device-security/security-policy-settings/modify-firmware-environment-values): SeSystemEnvironmentPrivilege
                          
-
                          [Perform volume maintenance tasks](/windows/device-security/security-policy-settings/perform-volume-maintenance-tasks): SeManageVolumePrivilege
                          
-
                          [Profile system performance](/windows/device-security/security-policy-settings/profile-system-performance): SeSystemProfilePrivilege
                          
-
                          [Profile single process](/windows/device-security/security-policy-settings/profile-single-process): SeProfileSingleProcessPrivilege
                          
-
                          [Remove computer from docking station](/windows/device-security/security-policy-settings/remove-computer-from-docking-station): SeUndockPrivilege
                          
-
                          [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
                          
-
                          [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege
                          
-
                          [Take ownership of files or other objects](/windows/device-security/security-policy-settings/take-ownership-of-files-or-other-objects): SeTakeOwnershipPrivilege
                          
+
                          Adjust memory quotas for a process: SeIncreaseQuotaPrivilege
                          
+
                          Access this computer from the network: SeNetworkLogonRight
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
+
                          Allow log on through Remote Desktop Services: SeRemoteInteractiveLogonRight
                          
+
                          Back up files and directories: SeBackupPrivilege
                          
+
                          Bypass traverse checking: SeChangeNotifyPrivilege
                          
+
                          Change the system time: SeSystemTimePrivilege
                          
+
                          Change the time zone: SeTimeZonePrivilege
                          
+
                          Create a pagefile: SeCreatePagefilePrivilege
                          
+
                          Create global objects: SeCreateGlobalPrivilege
                          
+
                          Create symbolic links: SeCreateSymbolicLinkPrivilege
                          
+
                          Debug programs: SeDebugPrivilege
                          
+
                          Enable computer and user accounts to be trusted for delegation: SeEnableDelegationPrivilege
                          
+
                          Force shutdown from a remote system: SeRemoteShutdownPrivilege
                          
+
                          Impersonate a client after authentication: SeImpersonatePrivilege
                          
+
                          Increase scheduling priority: SeIncreaseBasePriorityPrivilege
                          
+
                          Load and unload device drivers: SeLoadDriverPrivilege
                          
+
                          Log on as a batch job: SeBatchLogonRight
                          
+
                          Manage auditing and security log: SeSecurityPrivilege
                          
+
                          Modify firmware environment values: SeSystemEnvironmentPrivilege
                          
+
                          Perform volume maintenance tasks: SeManageVolumePrivilege
                          
+
                          Profile system performance: SeSystemProfilePrivilege
                          
+
                          Profile single process: SeProfileSingleProcessPrivilege
                          
+
                          Remove computer from docking station: SeUndockPrivilege
                          
+
                          Restore files and directories: SeRestorePrivilege
                          
+
                          Shut down the system: SeShutdownPrivilege
                          
+
                          Take ownership of files or other objects: SeTakeOwnershipPrivilege
                          
 
 
 
 
- 
+ 
 
 ### Allowed RODC Password Replication Group
 
@@ -836,7 +837,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Backup Operators
 
@@ -892,16 +893,16 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
-
                          [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege
                          
-
                          [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight
                          
-
                          [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
                          
-
                          [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
+
                          Back up files and directories: SeBackupPrivilege
                          
+
                          Log on as a batch job: SeBatchLogonRight
                          
+
                          Restore files and directories: SeRestorePrivilege
                          
+
                          Shut down the system: SeShutdownPrivilege
                          
 
 
 
 
- 
+ 
 
 ### Certificate Service DCOM Access
 
@@ -962,7 +963,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Cert Publishers
 
@@ -1002,7 +1003,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1023,7 +1024,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Cloneable Domain Controllers
 
@@ -1084,7 +1085,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### Cryptographic Operators
 
@@ -1145,7 +1146,7 @@ This security group was introduced in Windows Vista Service Pack 1, and it h
 
 
 
- 
+ 
 
 ### Denied RODC Password Replication Group
 
@@ -1183,14 +1184,14 @@ This security group includes the following changes since Windows Server 2008:
 
 
 
                          Default members
                          
-
                          [Cert Publishers](#bkmk-certpublishers)
                          
-
                          [Domain Admins](#bkmk-domainadmins)
                          
-
                          [Domain Controllers](#bkmk-domaincontrollers)
                          
-
                          [Enterprise Admins](#bkmk-entadmins)
                          
+
                          Cert Publishers
                          
+
                          Domain Admins
                          
+
                          Domain Controllers
                          
+
                          Enterprise Admins
                          
 
                          Group Policy Creator Owners
                          
 
                          krbtgt
                          
-
                          [Read-only Domain Controllers](#bkmk-rodc)
                          
-
                          [Schema Admins](#bkmk-schemaadmins)
                          
+
                          Read-only Domain Controllers
                          
+
                          Schema Admins
                          
 
 
 
                          Default member of
                          
@@ -1268,16 +1269,16 @@ The Device Owners group applies to versions of the Windows Server operating syst
 
 
 
                          Default User Rights
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
-
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
-
                          [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
+
                          Access this computer from the network: SeNetworkLogonRight
                          
+
                          Bypass traverse checking: SeChangeNotifyPrivilege
                          
+
                          Change the time zone: SeTimeZonePrivilege
                          
 
 
 
 
 
- 
+ 
 
 ### Distributed COM Users
 
@@ -1338,7 +1339,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### DnsUpdateProxy
 
@@ -1401,7 +1402,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### DnsAdmins
 
@@ -1462,7 +1463,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Domain Admins
 
@@ -1504,8 +1505,8 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Administrators](#bkmk-admins)
                          
-
                          [Denied RODC Password ReplicationGroup](#bkmk-deniedrodcpwdrepl)
                          
+
                          Administrators
                          
+
                          Denied RODC Password ReplicationGroup
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1521,13 +1522,13 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Administrators](#bkmk-admins)
                          
-
                          See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          See Administrators
                          
+
                          See Denied RODC Password Replication Group
                          
 
 
 
 
- 
+ 
 
 ### Domain Computers
 
@@ -1588,7 +1589,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Domain Controllers
 
@@ -1628,7 +1629,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1649,7 +1650,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Domain Guests
 
@@ -1689,7 +1690,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Guests](#bkmk-guests)
                          
+
                          Guests
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1705,12 +1706,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Guests](#bkmk-guests)
                          
+
                          See Guests
                          
 
 
 
 
- 
+ 
 
 ### Domain Users
 
@@ -1753,7 +1754,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Users](#bkmk-users)
                          
+
                          Users
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1769,12 +1770,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Users](#bkmk-users)
                          
+
                          See Users
                          
 
 
 
 
- 
+ 
 
 ### Enterprise Admins
 
@@ -1816,8 +1817,8 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Administrators](#bkmk-admins)
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Administrators
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -1833,8 +1834,8 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Administrators](#bkmk-admins)
                          
-
                          See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          See Administrators
                          
+
                          See Denied RODC Password Replication Group
                          
 
 
 
@@ -1857,7 +1858,7 @@ The Enterprise Key Admins group was introduced in Windows Server 2016.
 | Safe to delegate management of this group to non-Service admins? | No |
 | Default User Rights | None |
 
- 
+ 
 ### Enterprise Read-Only Domain Controllers
 
 Members of this group are Read-Only Domain Controllers in the enterprise. Except for account passwords, a Read-only domain controller holds all the Active Directory objects and attributes that a writable domain controller holds. However, changes cannot be made to the database that is stored on the Read-only domain controller. Changes must be made on a writable domain controller and then replicated to the Read-only domain controller.
@@ -1921,7 +1922,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Event Log Readers
 
@@ -1982,7 +1983,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Group Policy Creators Owners
 
@@ -2024,7 +2025,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -2040,12 +2041,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          See Denied RODC Password Replication Group
                          
 
 
 
 
- 
+ 
 
 ### Guests
 
@@ -2060,7 +2061,7 @@ A Guest account is a default member of the Guests security group. People who do
 
 The Guest account does not require a password. You can set rights and permissions for the Guest account as in any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to sign in to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.
 
- 
+ 
 
 The Guests group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
@@ -2096,7 +2097,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Domain Guests](#bkmk-domainguests)
                          
+
                          Domain Guests
                          
 
                          Guest
                          
 
 
@@ -2118,7 +2119,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Hyper-V Administrators
 
@@ -2127,7 +2128,7 @@ Members of the Hyper-V Administrators group have complete and unrestricted acces
 **Note**  
 Prior to Windows Server 2012, access to features in Hyper-V was controlled in part by membership in the Administrators group.
 
- 
+ 
 
 This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
 
@@ -2182,7 +2183,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### IIS\_IUSRS
 
@@ -2243,7 +2244,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Incoming Forest Trust Builders
 
@@ -2254,7 +2255,7 @@ To make this determination, the Windows security system computes a trust path be
 **Note**  
 This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
- 
+ 
 
 For more information, see [How Domain and Forest Trusts Work: Domain and Forest Trusts](https://technet.microsoft.com/library/f5c70774-25cd-4481-8b7a-3d65c86e69b1).
 
@@ -2263,7 +2264,7 @@ The Incoming Forest Trust Builders group applies to versions of the Windows Serv
 **Note**  
 This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group has not changed since Windows Server 2008.
 
@@ -2361,14 +2362,14 @@ Members of the Network Configuration Operators group can have the following admi
 **Note**  
 This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
- 
+ 
 
 The Network Configuration Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
 **Note**  
 This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group has not changed since Windows Server 2008.
 
@@ -2423,7 +2424,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Performance Log Users
 
@@ -2436,7 +2437,7 @@ Members of the Performance Log Users group can manage performance counters, logs
     **Warning**  
     If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
 
-     
+     
 
 -   Cannot use the Windows Kernel Trace event provider in Data Collector Sets.
 
@@ -2445,14 +2446,14 @@ For members of the Performance Log Users group to initiate data logging or modif
 **Note**  
 This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
- 
+ 
 
 The Performance Log Users group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
 **Note**  
 This account cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group has not changed since Windows Server 2008.
 
@@ -2502,12 +2503,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight
                          
+
                          Log on as a batch job: SeBatchLogonRight
                          
 
 
 
 
- 
+ 
 
 ### Performance Monitor Users
 
@@ -2526,12 +2527,12 @@ Specifically, members of this security group:
     **Warning**  
     You cannot configure a Data Collector Set to run as a member of the Performance Monitor Users group.
 
-     
+     
 
 **Note**  
 This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 The Performance Monitor Users group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
@@ -2588,7 +2589,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Pre–Windows 2000 Compatible Access
 
@@ -2597,7 +2598,7 @@ Members of the Pre–Windows 2000 Compatible Access group have Read access for
 **Warning**  
 This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
- 
+ 
 
 The Pre–Windows 2000 Compatible Access group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
@@ -2649,13 +2650,13 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
+
                          Access this computer from the network: SeNetworkLogonRight
                          
+
                          Bypass traverse checking: SeChangeNotifyPrivilege
                          
 
 
 
 
- 
+ 
 
 ### Print Operators
 
@@ -2713,14 +2714,14 @@ This security group has not changed since Windows Server 2008. However, in Windo
 
 
 
                          Default User Rights
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
-
                          [Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege
                          
-
                          [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
+
                          Load and unload device drivers: SeLoadDriverPrivilege
                          
+
                          Shut down the system: SeShutdownPrivilege
                          
 
 
 
 
- 
+ 
 
 ### Protected Users
 
@@ -2797,7 +2798,7 @@ The following table specifies the properties of the Protected Users group.
 
 
 
- 
+ 
 
 ### RAS and IAS Servers
 
@@ -2858,7 +2859,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### RDS Endpoint Servers
 
@@ -2919,7 +2920,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### RDS Management Servers
 
@@ -2978,7 +2979,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### RDS Remote Access Servers
 
@@ -3039,7 +3040,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### Remote Desktop Users
 
@@ -3100,7 +3101,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Read-Only Domain Controllers
 
@@ -3152,7 +3153,7 @@ This security group was introduced in Windows Server 2008, and it has not chang
 
 
 
                          Default member of
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -3168,12 +3169,12 @@ This security group was introduced in Windows Server 2008, and it has not chang
 
 
 
                          Default User Rights
                          
-
                          See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          See Denied RODC Password Replication Group
                          
 
 
 
 
- 
+ 
 
 ### Remote Management Users
 
@@ -3236,7 +3237,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 
 
- 
+ 
 
 ### Replicator
 
@@ -3303,7 +3304,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### Schema Admins
 
@@ -3349,7 +3350,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default member of
                          
-
                          [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          Denied RODC Password Replication Group
                          
 
 
 
                          Protected by ADMINSDHOLDER?
                          
@@ -3365,12 +3366,12 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          See [Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)
                          
+
                          See Denied RODC Password Replication Group
                          
 
 
 
 
- 
+ 
 
 ### Server Operators
 
@@ -3428,13 +3429,13 @@ This security group has not changed since Windows Server 2008.
 
 
 
                          Default User Rights
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
-
                          [Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege
                          
-
                          [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege
                          
-
                          [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
                          
-
                          [Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege
                          
-
                          [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): Restore files and directories SeRestorePrivilege
                          
-
                          [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege
                          
+
                          Allow log on locally: SeInteractiveLogonRight
                          
+
                          Back up files and directories: SeBackupPrivilege
                          
+
                          Change the system time: SeSystemTimePrivilege
                          
+
                          Change the time zone: SeTimeZonePrivilege
                          
+
                          Force shutdown from a remote system: SeRemoteShutdownPrivilege
                          
+
                          Restore files and directories: Restore files and directories SeRestorePrivilege
                          
+
                          Shut down the system: SeShutdownPrivilege
                          
 
 
 
@@ -3491,7 +3492,7 @@ The Terminal Server License Servers group applies to versions of the Windows Ser
 **Note**  
 This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group only applies to Windows Server 2003 and Windows Server 2008 because Terminal Services was replaced by Remote Desktop Services in Windows Server 2008 R2.
 
@@ -3546,7 +3547,7 @@ This security group only applies to Windows Server 2003 and Windows Server 200
 
 
 
- 
+ 
 
 ### Users
 
@@ -3589,7 +3590,7 @@ This security group includes the following changes since Windows Server 2008:
 
 
                          Default members
                          
 
                          Authenticated Users
                          
-
                          [Domain Users](#bkmk-domainusers)
                          
+
                          Domain Users
                          
 
                          INTERACTIVE
                          
 
 
@@ -3615,7 +3616,7 @@ This security group includes the following changes since Windows Server 2008:
 
 
 
- 
+ 
 
 ### Windows Authorization Access Group
 
@@ -3626,7 +3627,7 @@ The Windows Authorization Access group applies to versions of the Windows Server
 **Note**  
 This group cannot be renamed, deleted, or moved.
 
- 
+ 
 
 This security group has not changed since Windows Server 2008.
 
@@ -3681,7 +3682,7 @@ This security group has not changed since Windows Server 2008.
 
 
 
- 
+ 
 
 ### WinRMRemoteWMIUsers\_
 
@@ -3706,7 +3707,7 @@ In Windows Server 2012, the Access Denied Assistance functionality adds the Aut
 **Note**  
 The WinRMRemoteWMIUsers\_ group allows running Windows PowerShell commands remotely whereas the [Remote Management Users](#bkmk-remotemanagementusers) group is generally used to allow users to manage servers by using the Server Manager console.
 
- 
+ 
 
 This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
 
diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md
index ee4a831edc..86cb99ce3b 100644
--- a/windows/security/identity-protection/access-control/dynamic-access-control.md
+++ b/windows/security/identity-protection/access-control/dynamic-access-control.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Dynamic Access Control Overview
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 2fefc6e157..f7a788e6f8 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 02/28/2019
+ms.reviewer: 
 ---
 
 # Local Accounts
@@ -95,12 +96,12 @@ In this case, Group Policy can be used to enable secure settings that can contro
 **Note**  
 Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic.
 
- 
+ 
 
 **Important**  
 Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled.
 
- 
+ 
 
 ### Guest account
 
@@ -120,15 +121,15 @@ In addition, the guest user in the Guest account should not be able to view the
 ### DefaultAccount
 
 The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. 
-The DMSA is a well-known user account type. 
+The DSMA is a well-known user account type. 
 It is a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. 
-The DMSA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. 
+The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. 
 
-The DMSA has a well-known RID of 503. The security identifier (SID) of the DMSA will thus have a well-known SID in the following format: S-1-5-21--503 
+The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21--503 
 
-The DMSA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. 
+The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. 
 
-The DMSA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM).
+The DSMA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM).
 
 #### How Windows uses the DefaultAccount
 From a permission perspective, the DefaultAccount is a standard user account. 
@@ -204,7 +205,7 @@ Each of these approaches is described in the following sections.
 **Note**  
 These approaches do not apply if all administrative local accounts are disabled.
 
- 
+ 
 
 ### Enforce local account restrictions for remote access
 
@@ -240,7 +241,7 @@ The following table shows the Group Policy and registry settings that are used t
 
 
                          1
                          
 
                          Policy name
                          
-
                          [User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)
                          
+
                          User Account Control: Run all administrators in Admin Approval Mode
                          
 
 
 
                          
@@ -255,7 +256,7 @@ The following table shows the Group Policy and registry settings that are used t
 
 
                          
 
                          Policy name
                          
-
                          [User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)
                          
+
                          User Account Control: Run all administrators in Admin Approval Mode
                          
 
 
 
                          
@@ -288,7 +289,7 @@ The following table shows the Group Policy and registry settings that are used t
 
 >[!NOTE]
 >You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. 
- 
+ 
 
 **To enforce local account restrictions for remote access**
 
@@ -363,7 +364,7 @@ Denying local accounts the ability to perform network logons can help prevent a
 **Note**  
 In order to perform this procedure, you must first identify the name of the local, default Administrator account, which might not be the default user name "Administrator", and any other accounts that are members of the local Administrators group.
 
- 
+ 
 
 The following table shows the Group Policy settings that are used to deny network logon for all local Administrator accounts.
 
@@ -387,7 +388,7 @@ The following table shows the Group Policy settings that are used to deny networ
 
 
                          1
                          
 
                          Policy name
                          
-
                          [Deny access to this computer from the network](/windows/device-security/security-policy-settings/deny-access-to-this-computer-from-the-network)
                          
+
                          Deny access to this computer from the network
                          
 
 
 
                          
@@ -403,7 +404,7 @@ The following table shows the Group Policy settings that are used to deny networ
 
 
                          
 
                          Policy name
                          
-
                          [Deny log on through Remote Desktop Services](/windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services)
                          
+
                          Deny log on through Remote Desktop Services
                          
 
 
 
                          
@@ -414,7 +415,7 @@ The following table shows the Group Policy settings that are used to deny networ
 
 
 
- 
+ 
 
 **To deny network logon to all local administrator accounts**
 
diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md
index 38c26d9546..0b346118ef 100644
--- a/windows/security/identity-protection/access-control/microsoft-accounts.md
+++ b/windows/security/identity-protection/access-control/microsoft-accounts.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/13/2017
+ms.reviewer: 
 ---
 
 # Microsoft Accounts
@@ -22,7 +23,7 @@ ms.date: 10/13/2017
 
 This topic for the IT professional explains how a Microsoft account works to enhance security and privacy for users, and how you can manage this consumer account type in your organization.
 
-Microsoft sites, services, and properties, as well as computers running Windows 10, can use a Microsoft account as a mean of identifying a user. Microsoft account was previously called Windows Live ID. It has user-defined secrets, and consists of a unique email address and a password.
+Microsoft sites, services, and properties, as well as computers running Windows 10, can use a Microsoft account as a means of identifying a user. Microsoft account was previously called Windows Live ID. It has user-defined secrets, and consists of a unique email address and a password.
 
 When a user signs in with a Microsoft account, the device is connected to cloud services. Many of the user's settings, preferences, and apps can be shared across devices.
 
diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md
index f0034aa645..576e8b4fd0 100644
--- a/windows/security/identity-protection/access-control/security-identifiers.md
+++ b/windows/security/identity-protection/access-control/security-identifiers.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Security identifiers
diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md
index 8442ef86cb..bc865d734c 100644
--- a/windows/security/identity-protection/access-control/security-principals.md
+++ b/windows/security/identity-protection/access-control/security-principals.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Security Principals
@@ -148,4 +149,4 @@ For descriptions and settings information about the Special Identities group, se
 
 ## See also
 
-- [Access Control Overview](access-control.md)
\ No newline at end of file
+- [Access Control Overview](access-control.md)
diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md
index 1569d03c49..cd289738ae 100644
--- a/windows/security/identity-protection/access-control/service-accounts.md
+++ b/windows/security/identity-protection/access-control/service-accounts.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Service Accounts
@@ -83,7 +84,7 @@ A managed service account is dependent on encryption types supported by Kerberos
 **Note**  
 Introduced in Windows Server 2008 R2, the Data Encryption Standard (DES) is disabled by default. For more information about supported encryption types, see [Changes in Kerberos Authentication](https://technet.microsoft.com/library/dd560670(WS.10).aspx).
 
- 
+ 
 
 Group managed service accounts are not applicable in Windows operating systems prior to Windows Server 2012.
 
@@ -114,4 +115,4 @@ The following table provides links to additional resources that are related to s
 |---------------|-------------|
 | **Product evaluation** | [What's New for Managed Service Accounts](https://technet.microsoft.com/library/hh831451(v=ws.11).aspx)
                          [Getting Started with Group Managed Service Accounts](https://technet.microsoft.com/library/jj128431(v=ws.11).aspx) |
 | **Deployment** | [Windows Server 2012: Group Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) |
-| **Related technologies** | [Security Principals](security-principals.md)
                          [What's new in Active Directory Domain Services](https://technet.microsoft.com/library/mt163897.aspx) |
\ No newline at end of file
+| **Related technologies** | [Security Principals](security-principals.md)
                          [What's new in Active Directory Domain Services](https://technet.microsoft.com/library/mt163897.aspx) |
diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md
index 86165f1bf1..8713d91370 100644
--- a/windows/security/identity-protection/access-control/special-identities.md
+++ b/windows/security/identity-protection/access-control/special-identities.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Special Identities
@@ -34,364 +35,153 @@ Although the special identity groups can be assigned rights and permissions to r
 
 For information about security groups and group scope, see [Active Directory Security Groups](active-directory-security-groups.md).
 
-The special identity groups are described in the following tables.
+The special identity groups are described in the following tables:
 
--   [Anonymous Logon](#bkmk-anonymouslogon)
+-   [Anonymous Logon](#anonymous-logon)
 
--   [Authenticated User](#bkmk-authenticateduser)
+-   [Authenticated User](#authenticated-users)
 
--   [Batch](#bkmk-batch)
+-   [Batch](#batch)
 
--   [Creator Group](#bkmk-creatorgroup)
+-   [Creator Group](#creator-group)
 
--   [Creator Owner](#bkmk-creatorowner)
+-   [Creator Owner](#creator-owner)
 
--   [Dialup](#bkmk-dialup)
+-   [Dialup](#dialup)
 
--   [Digest Authentication](#bkmk-digestauth)
+-   [Digest Authentication](#digest-authentication)
 
--   [Enterprise Domain Controllers](#bkmk-entdcs)
+-   [Enterprise Domain Controllers](#enterprise-domain-controllers)
 
--   [Everyone](#bkmk-everyone)
+-   [Everyone](#everyone)
 
--   [Interactive](#bkmk-interactive)
+-   [Interactive](#interactive)
 
--   [Local Service](#bkmk-localservice)
+-   [Local Service](#local-service)
 
--   [LocalSystem](#bkmk-localsystem)
+-   [LocalSystem](#localsystem)
 
--   [Network](#bkmk-network)
+-   [Network](#network)
 
--   [Network Service](#bkmk-networkservice)
+-   [Network Service](#network-service)
 
--   [NTLM Authentication](#bkmk-ntlmauth)
+-   [NTLM Authentication](#ntlm-authentication)
 
--   [Other Organization](#bkmk-otherorganization)
+-   [Other Organization](#other-organization)
 
--   [Principal Self](#bkmk-principalself)
+-   [Principal Self](#principal-self)
 
--   [Remote Interactive Logon](#bkmk-remoteinteractivelogon)
+-   [Remote Interactive Logon](#remote-interactive-logon)
 
--   [Restricted](#bkmk-restrictedcode)
+-   [Restricted](#restricted)
 
--   [SChannel Authentication](#bkmk-schannelauth)
+-   [SChannel Authentication](#schannel-authentication)
 
--   [Service](#bkmk-service)
+-   [Service](#service)
 
--   [Terminal Server User](#bkmk-terminalserveruser)
+-   [Terminal Server User](#terminal-server-user)
 
--   [This Organization](#bkmk-thisorg)
+-   [This Organization](#this-organization)
 
--   [Window Manager\\Window Manager Group](#bkmk-windowmanager)
+-   [Window Manager\\Window Manager Group](#window-manager-window-manager-group)
 
-## Anonymous Logon
+## Anonymous Logon
 
 
 Any user who accesses the system through an anonymous logon has the Anonymous Logon identity. This identity allows anonymous access to resources, such as a web page that is published on corporate servers. The Anonymous Logon group is not a member of the Everyone group by default.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-7
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-7 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights|None|
 
- 
-
-## Authenticated Users
+## Authenticated Users
 
 
 Any user who accesses the system through a sign-in process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-11
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-11 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                            [Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege
                            [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege|
 
- 
-
-## Batch
+## Batch
 
 
 Any user or process that accesses the system as a batch job (or through the batch queue) has the Batch identity. This identity allows batch jobs to run scheduled tasks, such as a nightly cleanup job that deletes temporary files. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-3
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-3 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| none|
 
- 
-
-## Creator Group
+## Creator Group
 
 
 The person who created the file or the directory is a member of this special identity group. Windows Server operating systems use this identity to automatically grant access permissions to the creator of a file or directory.
 
 A placeholder security identifier (SID) is created in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s current owner. The primary group is used only by the Portable Operating System Interface for UNIX (POSIX) subsystem.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-3-1
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-3-1 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| none|
 
- 
-
-## Creator Owner
+## Creator Owner
 
 
 The person who created the file or the directory is a member of this special identity group. Windows Server operating systems use this identity to automatically grant access permissions to the creator of a file or directory. A placeholder SID is created in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the object’s current owner.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-3-0
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-3-0 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| none|
 
- 
-
-## Dialup
+## Dialup
 
 
 Any user who accesses the system through a dial-up connection has the Dial-Up identity. This identity distinguishes dial-up users from other types of authenticated users.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-1
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-1 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| none| 
 
- 
-
-## Digest Authentication
+## Digest Authentication
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-64-21
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-64-21 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| none| 
 
- 
-
-## Enterprise Domain Controllers
+## Enterprise Domain Controllers
 
 
 This group includes all domain controllers in an Active Directory forest. Domain controllers with enterprise-wide roles and responsibilities have the Enterprise Domain Controllers identity. This identity allows them to perform certain tasks in the enterprise by using transitive trusts. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-9
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights Assignment
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-9 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                            [Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight|
 
- 
-
-## Everyone
+## Everyone
 
 
 All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to system resources. Whenever a user logs on to the network, the user is automatically added to the Everyone group.
@@ -400,615 +190,184 @@ On computers running Windows 2000 and earlier, the Everyone group included the
 
 Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-1-0
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                          
-
                          [Act as part of the operating system](/windows/device-security/security-policy-settings/act-as-part-of-the-operating-system): SeTcbPrivilege
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-1-0 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
                           [Act as part of the operating system](/windows/device-security/security-policy-settings/act-as-part-of-the-operating-system): SeTcbPrivilege
                           [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege|
 
- 
-
-## Interactive
+## Interactive
 
 
 Any user who is logged on to the local system has the Interactive identity. This identity allows only local users to access a resource. Whenever a user accesses a given resource on the computer to which they are currently logged on, the user is automatically added to the Interactive group. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-4
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-4 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None|
 
- 
-
-## Local Service
+## Local Service
 
 
 The Local Service account is similar to an Authenticated User account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with anonymous credentials. The name of the account is NT AUTHORITY\\LocalService. This account does not have a password.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-19
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default user rights
                          [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
-
                          [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemtimePrivilege
                          
-
                          [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
                          
-
                          [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                          
-
                          [Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
                          
-
                          [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                          
-
                          [Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-19 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights|  [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege 
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                           [Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemtimePrivilege
                           [Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
                           [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                           [Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
                          [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                           [Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
                          |
 
- 
-
-## LocalSystem
+## LocalSystem
 
 
 This is a service account that is used by the operating system. The LocalSystem account is a powerful account that has full access to the system and acts as the computer on the network. If a service logs on to the LocalSystem account on a domain controller, that service has access to the entire domain. Some services are configured by default to log on to the LocalSystem account. Do not change the default service setting. The name of the account is LocalSystem. This account does not have a password.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-18
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
 
- 
-
-## Network
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-18 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights|None|
 
+## Network
 
 This group implicitly includes all users who are logged on through a network connection. Any user who accesses the system through a network has the Network identity. This identity allows only remote users to access a resource. Whenever a user accesses a given resource over the network, the user is automatically added to the Network group. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-2
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-2 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights|None|
 
- 
-
-## Network Service
+## Network Service
 
 
 The Network Service account is similar to an Authenticated User account. The Network Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Network Service account access network resources by using the credentials of the computer account. The name of the account is NT AUTHORITY\\NetworkService. This account does not have a password.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-20
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
                          
-
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
-
                          [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                          
-
                          [Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
                          
-
                          [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                          
-
                          [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
                          
-
                          [Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-20 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
                           [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                           [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                           [Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
                           [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                           [Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
                           [Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
                          |
 
- 
-
-## NTLM Authentication
+## NTLM Authentication
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-64-10
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-64-10 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None|
 
- 
-
-## Other Organization
+## Other Organization
 
 
 This group implicitly includes all users who are logged on to the system through a dial-up connection. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-1000
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-1000 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## Principal Self
+## Principal Self
 
 
 This identify is a placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal that is represented by the object.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-10
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-10 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## Remote Interactive Logon
+## Remote Interactive Logon
 
 
 This identity represents all users who are currently logged on to a computer by using a Remote Desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-14
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-14|
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## Restricted
+## Restricted
 
 
 Users and computers with restricted capabilities have the Restricted identity. This identity group is used by a process that is running in a restricted security context, such as running an application with the RunAs service. When code runs at the Restricted security level, the Restricted SID is added to the user’s access token.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-12
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-12 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## SChannel Authentication
+## SChannel Authentication
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-64-14
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-64-14 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## Service
+## Service
 
 
 Any service that accesses the system has the Service identity. This identity group includes all security principals that are signed in as a service. This identity grants access to processes that are being run by Windows Server services. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-6
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                          
-
                          [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                          
 
- 
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-6 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
                           [Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
                          |
 
-## Terminal Server User
+## Terminal Server User
 
 
 Any user accessing the system through Terminal Services has the Terminal Server User identity. This identity allows users to access Terminal Server applications and to perform other necessary tasks with Terminal Server services. Membership is controlled by the operating system.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-13
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-13 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None |
 
- 
-
-## This Organization
+## This Organization
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          S-1-5-15
                          Object Class
                          Foreign Security Principal
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          None
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | S-1-5-15 |
+|Object Class|  Foreign Security Principal|
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| None | 
 
- 
+## Window Manager\\Window Manager Group
 
-## Window Manager\\Window Manager Group
-
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          



                          AttributeValue
                          Well-Known SID/RID
                          Object Class
                          Default Location in Active Directory
                          cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
                          Default User Rights
                          [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                          
-
                          [Increase a process working set](/windows/device-security/security-policy-settings/increase-a-process-working-set): SeIncreaseWorkingSetPrivilege
                          
+| **Attribute** | **Value** |
+|  :--: | :--: | 
+| Well-Known SID/RID | |
+|Object Class| |
+|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\|
+|Default User Rights| [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
                           [Increase a process working set](/windows/device-security/security-policy-settings/increase-a-process-working-set): SeIncreaseWorkingSetPrivilege
                          |
 
 ## See also
 
@@ -1016,4 +375,4 @@ Any user accessing the system through Terminal Services has the Terminal Server
 
 - [Security Principals](security-principals.md)
 
-- [Access Control Overview](access-control.md)
\ No newline at end of file
+- [Access Control Overview](access-control.md)
diff --git a/windows/security/identity-protection/change-history-for-access-protection.md b/windows/security/identity-protection/change-history-for-access-protection.md
index b2b7f6daf9..5244518021 100644
--- a/windows/security/identity-protection/change-history-for-access-protection.md
+++ b/windows/security/identity-protection/change-history-for-access-protection.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 08/11/2017
+ms.reviewer: 
 ---
 
 # Change history for access protection
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index b6fa386ae3..daccf69649 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -2,14 +2,15 @@
 title: Configure S/MIME for Windows 10 and Windows 10 Mobile (Windows 10)
 description: In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
+ms.reviewer: 
 keywords: encrypt, digital signature
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 39d4a423a8..93d0011f35 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 ## Additional mitigations
@@ -74,7 +75,7 @@ Run the following command:
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
 
-> [!NOTE]  
+> [!NOTE]
 > You must restart the device after enrolling the machine authentication certificate.
  
 ##### How a certificate issuance policy can be used for access control
@@ -125,7 +126,7 @@ Authentication policies have the following requirements:
 11. Click **OK** to create the authentication policy.
 12. Close Active Directory Administrative Center.
 
-> [!NOTE]  
+> [!NOTE]
 > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
 
 ##### Discovering authentication failures due to authentication policies
@@ -326,7 +327,7 @@ write-host "There are no issuance policies which are not mapped to groups"
     }
 }
 ```
-> [!NOTE]  
+> [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
 #### Link an issuance policy to a group
@@ -608,11 +609,5 @@ write-host $tmp -Foreground Red
 }
 ```
 
-> [!NOTE]  
+> [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
-
-## See also
-
-**Deep Dive into Windows Defender Credential Guard: Related videos**
-
-[Protecting privileged users with Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index b3c0ba0502..bb9bbc4a97 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -1,4 +1,4 @@
----
+---
 title: Considerations when using Windows Defender Credential Guard (Windows 10)
 description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows 10.
 ms.prod: w10
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/31/2017
+ms.reviewer: 
 ---
 
 # Considerations when using Windows Defender Credential Guard
@@ -21,9 +22,6 @@ ms.date: 08/31/2017
 -   Windows 10
 -   Windows Server 2016
 
-Prefer video? See [Credentials Protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474)
-in the **Deep Dive into Windows Defender Credential Guard** video series.
-
 Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
 
 Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported.
@@ -98,6 +96,6 @@ When data protected with user DPAPI is unusable, then the user loses access to a
 
 ## See also
 
-**Deep Dive into Windows Defender Credential Guard: Related videos**
+**Related videos**
 
-[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474)
+[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index a588960870..400ce3d5d2 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 # How Windows Defender Credential Guard works
@@ -34,14 +35,8 @@ Here's a high-level overview on how the LSA is isolated by using virtualization-
 
 ![Windows Defender Credential Guard overview](images/credguard.png)  
 
-
                          
-
 ## See also
 
-**Deep Dive into Windows Defender Credential Guard: Related videos**
+**Related videos**
 
-[Credential Theft and Lateral Traversal](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474)
-
-[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474)
-
-[Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
+[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index d999f556ba..1a19c1ea01 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 #  Windows Defender Credential Guard: Known issues 
@@ -89,21 +90,21 @@ See the following article on Citrix support for Secure Boot:
 
 Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
 
--	For Windows Defender Credential Guard on Windows 10 with McAfee Encryption products, see:
-[Support for Windows Defender Device Guard and Windows Defender Credential Guard on Windows 10 with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
+- For Windows Defender Credential Guard on Windows 10 with McAfee Encryption products, see:
+  [Support for Windows Defender Device Guard and Windows Defender Credential Guard on Windows 10 with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
 
--	For Windows Defender Credential Guard on Windows 10 with Check Point Endpoint Security Client, see:
-[Check Point Endpoint Security Client support for Microsoft Windows 10 Windows Defender Credential Guard and Windows Defender Device Guard features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
+- For Windows Defender Credential Guard on Windows 10 with Check Point Endpoint Security Client, see:
+  [Check Point Endpoint Security Client support for Microsoft Windows 10 Windows Defender Credential Guard and Windows Defender Device Guard features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
 
--	For Windows Defender Credential Guard on Windows 10 with VMWare Workstation
-[Windows 10 host fails when running VMWare Workstation when Windows Defender Credential Guard is enabled](https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361)
+- For Windows Defender Credential Guard on Windows 10 with VMWare Workstation
+  [Windows 10 host fails when running VMWare Workstation when Windows Defender Credential Guard is enabled](https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361)
 
--	For Windows Defender Credential Guard on Windows 10 with specific versions of the Lenovo ThinkPad
-[ThinkPad support for Windows Defender Device Guard and Windows Defender Credential Guard in Microsoft Windows 10 – ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
+- For Windows Defender Credential Guard on Windows 10 with specific versions of the Lenovo ThinkPad
+  [ThinkPad support for Windows Defender Device Guard and Windows Defender Credential Guard in Microsoft Windows 10 – ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
 
--	For Windows Defender Credential Guard on Windows 10 with Symantec Endpoint Protection
-[Windows 10 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
+- For Windows Defender Credential Guard on Windows 10 with Symantec Endpoint Protection
+  [Windows 10 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
 
- This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
+  This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
 
- Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
\ No newline at end of file
+  Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index b315be80ea..3fe994764f 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -1,4 +1,4 @@
----
+---
 title: Manage Windows Defender Credential Guard (Windows 10)
 description: Deploying and managing Windows Defender Credential Guard using Group Policy, the registry, or the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool.
 ms.prod: w10
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 03/01/2019
+ms.reviewer: 
 ---
 
 # Manage Windows Defender Credential Guard
@@ -20,6 +21,7 @@ ms.date: 03/01/2019
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
+-   Windows Server 2019
 
 
 ## Enable Windows Defender Credential Guard
@@ -62,9 +64,9 @@ Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows
 If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security.
 You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM).
 > [!NOTE]
-If you enable Windows Defender Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.
+> If you enable Windows Defender Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.
 
- 
+ 
 **Add the virtualization-based security features by using Programs and Features**
 
 1.  Open the Programs and Features control panel.
@@ -112,6 +114,9 @@ You can also enable Windows Defender Credential Guard by using the [Windows Defe
 ```
 DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot
 ```
+> [!IMPORTANT]
+> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. 
+> This is a known issue.
 
 ### Review Windows Defender Credential Guard performance
 
@@ -132,10 +137,12 @@ You can also check that Windows Defender Credential Guard is running by using th
 ```
 DG_Readiness_Tool_v3.5.ps1 -Ready
 ```
+> [!IMPORTANT]
+> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. 
+> This is a known issue.
 
 > [!NOTE]
-
-For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
+> For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
 
 -   We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible.
 
@@ -154,35 +161,38 @@ For client machines that are running Windows 10 1703, LsaIso.exe is running when
 
 To disable Windows Defender Credential Guard, you can use the following set of procedures or [the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). If Credential Guard was enabled with UEFI Lock then you must use the following procedure as the settings are persisted in EFI (firmware) variables and it will require physical presence at the machine to press a function key to accept the change. If Credential Guard was enabled without UEFI Lock then you can turn it off by using Group Policy.
 
-1.  If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**).
-2.  Delete the following registry settings:
-    - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags
-    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity
-    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures
+1. If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**).
+2. Delete the following registry settings:
+   - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags
+   - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags
+3. If you also wish to disable virtualization-based security delete the following registry settings:
+   - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity
+   - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures
+     > [!IMPORTANT]
+     > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
 
-    > [!IMPORTANT]
-    > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
+4. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
 
-3.  Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
+   ``` syntax
+   mountvol X: /s
+   copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
+   bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
+   bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
+   mountvol X: /d
+   ```
 
-    ``` syntax
-    mountvol X: /s
-    copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
-    bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
-    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
-    bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
-    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
-    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
-    bcdedit /set hypervisorlaunchtype off
-    mountvol X: /d
-    ```
-
-2.  Restart the PC.
-3.  Accept the prompt to disable Windows Defender Credential Guard.
-4.  Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.
+5. Restart the PC.
+6. Accept the prompt to disable Windows Defender Credential Guard.
+7. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.
 
 > [!NOTE]
-> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings:
+
+    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+    bcdedit /set vsmlaunchtype off
 
 > [!NOTE]
 > Credential Guard and Device Guard are not currently supported when using Azure IaaS VMs. These options will be made available with future Gen 2 VMs.
@@ -197,6 +207,9 @@ You can also disable Windows Defender Credential Guard by using the [Windows Def
 ```
 DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot
 ```
+> [!IMPORTANT]
+> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. 
+> This is a known issue.
 
 #### Disable Windows Defender Credential Guard for a virtual machine
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index a83bbf8af8..2e1a83d9b7 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -1,4 +1,4 @@
----
+---
 title: Windows Defender Credential Guard protection limits (Windows 10)
 description: Scenarios not protected by Windows Defender Credential Guard in Windows 10.
 ms.prod: w10
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 # Windows Defender Credential Guard protection limits
@@ -99,7 +100,7 @@ Run the following command:
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
 
-> [!NOTE]  
+> [!NOTE]
 > You must restart the device after enrolling the machine authentication certificate.
  
 ##### How a certificate issuance policy can be used for access control
@@ -150,7 +151,7 @@ Authentication policies have the following requirements:
 11. Click **OK** to create the authentication policy.
 12. Close Active Directory Administrative Center.
 
-> [!NOTE]  
+> [!NOTE]
 > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
 
 ##### Discovering authentication failures due to authentication policies
@@ -355,7 +356,7 @@ write-host "There are no issuance policies which are not mapped to groups"
     }
 }
 ```
-> [!NOTE]  
+> [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
 #### Link an issuance policy to a group
@@ -637,7 +638,7 @@ write-host $tmp -Foreground Red
 }
 ```
 
-> [!NOTE]  
+> [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
 
 ## See also
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 0277d8dcf5..b3ceb19440 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -1,4 +1,4 @@
----
+---
 title: Windows Defender Credential Guard protection limits (Windows 10)
 description: Scenarios not protected by Windows Defender Credential Guard in Windows 10.
 ms.prod: w10
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 # Windows Defender Credential Guard protection limits
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index efceecd400..8c3d26bfae 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 01/12/2018
+ms.reviewer: 
 ---
 
 # Windows Defender Credential Guard: Requirements
@@ -107,11 +108,11 @@ The following tables describe baseline protections, plus protections for improve
 
 ### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4
 
-| Protections for Improved Security          | Description                                        |
-|---------------------------------------------|----------------------------------------------------|
-| Hardware: **IOMMU** (input/output memory management unit)  |  **Requirement**: VT-D or AMD Vi IOMMU **Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). |
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
                          • BIOS password or stronger authentication must be supported.
                          • In the BIOS configuration, BIOS authentication must be set.
                          • There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
                          • In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. | **Security benefits**:
                          • BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
                          • Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
-| Firmware: **Secure MOR, revision 2 implementation**  |  **Requirement**: Secure MOR, revision 2 implementation | **Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). |
+|             Protections for Improved Security             |                                                                                                                                                                                                                                                                                                               Description                                                                                                                                                                                                                                                                                                                |
+|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Hardware: **IOMMU** (input/output memory management unit) |                                                                                                                                                                               **Requirement**: VT-D or AMD Vi IOMMU **Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables).                                                                                                                                                                               |
+| Firmware: **Securing Boot Configuration and Management**  | **Requirements**:
                          • BIOS password or stronger authentication must be supported.
                          • In the BIOS configuration, BIOS authentication must be set.
                          • There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
                          • In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. |
+|    Firmware: **Secure MOR, revision 2 implementation**    |                                                                                                                                                                                                                                                                                          **Requirement**: Secure MOR, revision 2 implementation                                                                                                                                                                                                                                                                                          |
 
 
                          
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index f6c5fda88e..0b6d13f777 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -7,12 +7,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.reviewer: 
 ---
 
 # Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
@@ -208,7 +209,7 @@ write-host "There are no issuance policies which are not mapped to groups"
     }
 }
 ```
-> [!NOTE]  
+> [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
 ## Link an issuance policy to a group
@@ -490,5 +491,5 @@ write-host $tmp -Foreground Red
 }
 ```
 
-> [!NOTE]  
-> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
\ No newline at end of file
+> [!NOTE]
+> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 54db450ede..bdcdac0346 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -2,14 +2,15 @@
 title: Protect derived domain credentials with Windows Defender Credential Guard (Windows 10)
 description: Introduced in Windows 10 Enterprise, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
 ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -22,8 +23,6 @@ ms.date: 08/17/2017
 -   Windows 10
 -   Windows Server 2016
 
-Prefer video? See [Credential Theft and Lateral Traversal](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474) in the Deep Dive into Windows Defender Credential Guard video series.
-
 Introduced in Windows 10 Enterprise and Windows Server 2016, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
 
 By enabling Windows Defender Credential Guard, the following features and solutions are provided:
@@ -44,10 +43,3 @@ By enabling Windows Defender Credential Guard, the following features and soluti
 - [What's New in Kerberos Authentication for Windows Server 2012](https://technet.microsoft.com/library/hh831747.aspx)
 - [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/library/dd378897.aspx)
 - [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview)
- 
-
-## See also
-
-**Deep Dive into Windows Defender Credential Guard: Related videos**
-
-[Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
\ No newline at end of file
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index aa7b5c3ba4..6747177c1d 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -4,8 +4,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 description: Enterprise certificate pinning is a Windows feature for remembering, or “pinning” a root, issuing certificate authority, or end entity certificate to a given domain name.  
 audience: ITPro
-author: MikeStephens-MS
-ms.author: mstephens
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -15,17 +15,18 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
 ---
 
 # Enterprise Certificate Pinning
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 Enterprise certificate pinning is a Windows feature for remembering, or “pinning,” a root issuing certificate authority or end entity certificate to a given domain name. 
 Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.
 
->[!NOTE] 
+>[!NOTE]
 > External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
 
 Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site’s server authentication certificate chain matches a restricted set of certificates. 
@@ -68,7 +69,6 @@ Each PinRule element contains a sequence of one or more Site elements and a sequ
   
 
 
-
 ```
 
 #### PinRules Element
@@ -111,7 +111,7 @@ The **Site** element can have the following attributes.
 |-----------|-------------|----------|
 | **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows: 
                          - If the DNS name has a leading "*" it is removed. 
                          - Non-ASCII DNS name are converted to ASCII Puny Code. 
                          - Upper case ASCII characters are converted to lower case. 
                          If the normalized name has a leading ".", then, wildcard left hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
 | **AllSubdomains** | By default, wildcard left hand label matching is restricted to a single left hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.
                          For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
-    
+
 ### Create a Pin Rules Certificate Trust List
 
 The command line utility, **Certutil.exe**, includes the **generatePinRulesCTL** argument to parse the XML file and generate the encoded certificate trust list (CTL) that you add to your reference Windows 10 version 1703 computer and subsequently deploy. 
@@ -184,27 +184,27 @@ Now you need to configure a Group Policy object to include the applied certifica
 
 Sign-in to the reference computer using domain administrator equivalent credentials.
 
-1.	Start the **Group Policy Management Console** (gpmc.msc)
-2.	In the navigation pane, expand the forest node and then expand the domain node.
-3.	Expand the node that has contains your Active Directory’s domain name
-4.	Select the **Group Policy objects** node.  Right-click the **Group Policy objects** node and click **New**.
-5.	In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
-6.	In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
-7.	In the **Group Policy Management Editor**, in the navigation pane, expand the **Preferences** node under **Computer Configuration**. Expand **Windows Settings**.
-8.	Right-click the **Registry** node and click **New**.
-9.	In the **New Registry Properties** dialog box, select **Update** from the **Action** list.  Select **HKEY_LOCAL_MACHINE** from the **Hive** list.
-10.	For the **Key Path**, click **…** to launch the **Registry Item Browser**.  Navigate to the following registry key and select the **PinRules** registry value name:
+1.  Start the **Group Policy Management Console** (gpmc.msc)
+2.  In the navigation pane, expand the forest node and then expand the domain node.
+3.  Expand the node that has contains your Active Directory’s domain name
+4.  Select the **Group Policy objects** node.  Right-click the **Group Policy objects** node and click **New**.
+5.  In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
+6.  In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
+7.  In the **Group Policy Management Editor**, in the navigation pane, expand the **Preferences** node under **Computer Configuration**. Expand **Windows Settings**.
+8.  Right-click the **Registry** node and click **New**.
+9.  In the **New Registry Properties** dialog box, select **Update** from the **Action** list.  Select **HKEY_LOCAL_MACHINE** from the **Hive** list.
+10. For the **Key Path**, click **…** to launch the **Registry Item Browser**.  Navigate to the following registry key and select the **PinRules** registry value name:
 
     HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config  
 
     Click **Select** to close the **Registry Item Browser**.
-    
-11.	The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Click **OK** to save your settings and close the dialog box.
+
+11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Click **OK** to save your settings and close the dialog box.
 
     ![PinRules Properties](images/enterprise-certificate-pinning-pinrules-properties.png)
-    
+
 12. Close the **Group Policy Management Editor** to save your settings.
-13.	Link the **Enterprise Certificate Pinning Rules** Group Policy object to apply to computers that run Windows 10, version 1703 in your enterprise. When these domain-joined computers apply Group Policy, the registry information configured in the Group Policy object is applied to the computer.
+13. Link the **Enterprise Certificate Pinning Rules** Group Policy object to apply to computers that run Windows 10, version 1703 in your enterprise. When these domain-joined computers apply Group Policy, the registry information configured in the Group Policy object is applied to the computer.
 
 ## Additional Pin Rules Logging
 
diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
index 768730bf01..b6f34703f8 100644
--- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
+++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: aabhathipsay
-ms.author: aathipsa
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 02/15/2019
+ms.reviewer: 
 ---
 # WebAuthn APIs for password-less authentication on Windows 10 
 
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index f1d2d6408b..3923238254 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 03/20/2018
+ms.reviewer: 
 ---
 # Multifactor Unlock
 
@@ -252,7 +253,7 @@ Contains numeric value ranging from 0 to 100 to represent the wireless network's
 80
 ```
  
-### Sample Trusted Signal Congfigurations
+### Sample Trusted Signal Configurations
 
 These examples are wrapped for readability.  Once properly formatted, the entire XML contents must be a single line.
 
@@ -272,7 +273,7 @@ This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer,
 
 #### Example 2
 This example configures an IpConfig signal type using a dnsSuffix element and a bluetooth signal for phones.  This configuration is wrapped for reading.  Once properly formatted, the entire XML contents must be a single line.  This example implies that either the ipconfig **or** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
->[!NOTE] 
+>[!NOTE]
 >Separate each rule element using a comma.
 
 ```
@@ -339,15 +340,15 @@ The Group Policy object contains the policy settings needed to trigger Windows H
 5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
 6. In the navigation pane, expand **Policies** under **Computer Configuration**.
 7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
                          
-![Group Policy Editor](images/multifactorUnlock/gpme.png)
+   ![Group Policy Editor](images/multifactorUnlock/gpme.png)
 8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.
                          
-![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
+   ![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
 9. Configure first and second unlock factors using the information in the [Configure Unlock Factors](#configuring-unlock-factors) section.
 10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in the [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider) section.
 11. Click **Ok** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
 
- ## Troubleshooting
-Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
+    ## Troubleshooting
+    Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
 
 ### Events
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index ebb6eed030..15e3791181 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments
 
@@ -24,21 +25,21 @@ ms.date: 08/20/2018
 
 ## How many is adequate
 
-How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 includes the KDC AS Requests performance counter.  You can use these counters to determine how much of a domain controllers load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged.
+How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 includes the KDC AS Requests performance counter.  You can use these counters to determine how much of a domain controller's load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged.
 
 Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys.  This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers.  Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 domain controller.
   
-Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on".   To illustrate the "piling on" concept, consider the following scenario.
+Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on".   To illustrate the "piling on" concept, consider the following scenario:
  
-Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment.  The Kerberos AS requests load would look something like the following.
+Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment.  The Kerberos AS requests load would look something like the following:
 
 ![dc-chart1](images/plan/dc-chart1.png)
 
-The environment changes.  The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment.   Given all other factors stay constant, the authentication would now look like the following.
+The environment changes.  The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment.   Given all other factors stay constant, the authentication would now look like the following:
 
 ![dc-chart2](images/plan/dc-chart2.png)
 
-The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication.  However, it is also handling 10 percent of the password authentication. Why?  This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication.  The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients.  Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded.  What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients.
+The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication.  However, it is also handling 10 percent of the password authentication. Why?  This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication.  The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients.  Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded.  What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients?
 
 ![dc-chart3](images/plan/dc-chart3.png)
 
@@ -63,7 +64,7 @@ The preceding was an example to show why it's unrealistic to have a "one-size-fi
 
 ## Determining total AS Request load
 
-Each organization needs to have an baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this.
+Each organization needs to have a baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this.
   
 Pick a site where you plan to upgrade the clients to Windows Hello for Business public key trust.  Pick a time when authentication traffic is most significant--Monday morning is great time as everyone is returning to the office.  Enable the performance counter on *all* the domain controllers in that site.  Collect KDC AS Requests performance counters for two hours:
 * A half-hour before you expect initial authentication (sign-ins and unlocks) to be significant
@@ -75,29 +76,29 @@ For example, if employees are scheduled to come into the office at 9:00am.  Your
 > [!NOTE]
 > To capture all the authentication traffic.  Ensure that all computers are powered down to get the most accurate authentication information (computers and services authenticate at first power up--you need to consider this authentication in your evaluation).
 
-Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller.  Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experience the highest amount of authentication.
+Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller.  Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experiencing the highest amount of authentication.
  
-Add the number of authentications for each domain controller for the median time.  You now have the total authentication for the site during a peak time.  Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication.  Multiple the quotient by 10 to convert the distribution to a percentage.  To validate your math, all the distributions should equal 100 percent.
+Add the number of authentications for each domain controller for the median time.  You now have the total authentication for the site during a peak time.  Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication.  Multiply the quotient by 10 to convert the distribution to a percentage.  To validate your math, all the distributions should equal 100 percent.
 
-Review the distribution of authentication.  Hopefully, none of these are above 70 percent.  It's always good to reserve some capacity for the unexpected.  Also, the primary purposes of a domain controller is to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business.
+Review the distribution of authentication.  Hopefully, none of these are above 70 percent.  It's always good to reserve some capacity for the unexpected.  Also, the primary purposes of a domain controller are to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business.
   
 ## Monitoring Authentication
-Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments.  Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016.  This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients.  This gives you a baseline for your environment to where you can form a statement such as 
+Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments.  Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016.  This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients.  This gives you a baseline for your environment from which you can form a statement such as 
 
 ```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."```
 
-Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller.  Armed with information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
+Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller.  Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
   
 Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 domain controllers. If there is only one Windows Server 2016 domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible.
 
-Increasing the number of number of domain controllers distributes the volume of authentication, but doesn't change it.  Therefore, as you add more domain controllers, the burden of authentication for which each domain controller is responsible decrease. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on.
+Increasing the number of domain controllers distributes the volume of authentication, but doesn't change it.  Therefore, as you add more domain controllers, the burden of authentication, for which each domain controller is responsible, decreases. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on.
 
 ## Strategy
 The simplest strategy you can employ is to upgrade one domain controller and monitor the single domain controller as you continue to phase in new Windows Hello for Business key-trust clients until it reaches a 70 or 80 percent threshold.
   
-Then, upgrade a second domain controller.  Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers.  Once those reach your environments designated capacity, then upgrade another domain controller.
+Then, upgrade a second domain controller.  Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers.  Once those reach your environment's designated capacity, you can upgrade another domain controller.
   
 Repeat until your deployment for that site is complete.  Now, monitor authentication across all your domain controllers like you did the very first time.  Determine the distribution of authentication for each domain controller.  Identify the percentage of distribution for which it is responsible.  If a single domain controller is responsible for 70 percent of more of the authentication, you may want to consider adding a domain controller to reduce the distribution of authentication volume.
   
-However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario.  Instead, manually distribute the authentication to different domain controllers among all the services or applications.  Alternatively, try simply using the domain name rather than a specific domain controller.  Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application.
+However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically-configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario.  Instead, manually distribute the authentication to different domain controllers among all the services or applications.  Alternatively, try simply using the domain name rather than a specific domain controller.  Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
index 097b826fd6..f0642dac90 100644
--- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
+++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
@@ -2,13 +2,14 @@
 title: Windows Hello and password changes (Windows 10)
 description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello.
 ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -50,4 +51,4 @@ Suppose instead that you sign in on **Device B** and change your password for yo
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
\ No newline at end of file
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index d82576afc9..8e27516437 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -2,14 +2,15 @@
 title: Windows Hello biometrics in the enterprise (Windows 10)
 description: Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
 ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc
+ms.reviewer: 
 keywords: Windows Hello, enterprise biometrics
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -29,7 +30,7 @@ Windows Hello is the biometric authentication feature that helps strengthen auth
 
 Because we realize your employees are going to want to use this new technology in your enterprise, we’ve been actively working with the device manufacturers to create strict design and performance recommendations that help to ensure that you can more confidently introduce Windows Hello biometrics into your organization.
 
-##How does Windows Hello work?
+## How does Windows Hello work?
 Windows Hello lets your employees use fingerprint or facial recognition as an alternative method to unlocking a device. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello credentials.
 
 The Windows Hello authenticator works to authenticate and allow employees onto your enterprise network. Authentication doesn’t roam among devices, isn’t shared with a server, and can’t easily be extracted from a device. If multiple employees share a device, each employee will use his or her own biometric data on the device.
@@ -87,9 +88,9 @@ To allow facial recognition, you must have devices with integrated special infra
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index ee43db38e2..3d74e8a3b3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
@@ -346,14 +347,14 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
 
 Sign-in the AD FS server with domain administrator equivalent credentials. 
 
-1.	Open a **Windows PowerShell** prompt.
-2.	Type the following command   
+1. Open a **Windows PowerShell** prompt.
+2. Type the following command   
   
-    ```PowerShell
-    Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication
-    ```
->[!NOTE]
-> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
+   ```PowerShell
+   Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplate WHFBEnrollmentAgent -WindowsHelloCertificateTemplate WHFBAuthentication
+   ```
+   >[!NOTE]
+   > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
 ### Enrollment Agent Certificate Enrollment
 
@@ -381,7 +382,7 @@ $deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
 $deSCP.CommitChanges()
 ```
 
->[!NOTE] 
+>[!NOTE]
 > You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
 >
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
index 561df3ca7b..ec2e495b92 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure or Deploy Multifactor Authentication Services
 
@@ -23,7 +24,7 @@ ms.date: 08/19/2018
 -   Certificate trust
 
 
-On-premises deployments must use the On-premises Azure MFA Server using the AD FS adapter model  Optionally, you can use a third-party MFA server that provides an AD FS Multifactor authentication adapter.  
+On-premises deployments must use an on-premises MFA Server that provides an AD FS Multifactor authentication adapter. It can be an Azure Multi-Factor Authentication Server or a third-party MFA solution.
 
 >[!TIP]
 >Please make sure you've read [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) before proceeding any further.
@@ -80,7 +81,7 @@ The following services are required:
 
 Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
 
-#### Configure the IIS Server’s Certificate
+#### Configure the IIS Server Certificate
 
 The TLS protocol protects all the communication to and from the MFA server. To enable this protection, you must configure the default web site to use the previously enrolled server authentication certificate.
 
@@ -171,9 +172,9 @@ To do this, please follow the instructions mentioned in the previous [Install th
 
 Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
 
-#### Configure the IIS Server’s Certificate
+#### Set the IIS Server Certificate
 
-To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server’s-certificate) section.
+To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server-certificate) section.
 
 #### Create WebServices SDK user account
 
@@ -411,11 +412,11 @@ Sign in the User Portal server with _local administrator_ equivalent credentials
 ### Edit MFA User Portal config file
 
 Sign in the User Portal server with _local administrator_ equivalent credentials.
-1.	Open Windows Explorer and browse to C:\inetpub\wwwroot\MultiFactorAuth (or appropriate directory based on the virtual directory name) and edit the **web.config** file.
-2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
-3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
-4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
-5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from **“http://localhost:4898/PfWsSdk.asmx”** to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **web.config** file after changes have been made.
+1. Open Windows Explorer and browse to C:\inetpub\wwwroot\MultiFactorAuth (or appropriate directory based on the virtual directory name) and edit the **web.config** file.
+2. Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5. Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from **“** to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. ). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **web.config** file after changes have been made.
 
 ### Create a DNS entry for the User Portal web site
 
@@ -496,11 +497,11 @@ Follow [Install a standalone instance of the AD FS adapter by using the Web Serv
 ### Edit the MFA AD FS Adapter config file on all ADFS Servers
 
 Sign in the primary AD FS server with _local administrator_ equivalent credentials.
-1.	Open Windows Explorer and browse to **C:\inetpub\wwwroot\MultiFactorAuth** (or appropriate directory based on the virtual directory name) and edit the **MultiFactorAuthenticationAdfsAdapter.config** file.
-2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
-3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
-4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
-5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from “http://localhost:4898/PfWsSdk.asmx” to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **MultiFactorAuthenticationAdfsAdapter.config** file after changes have been made.
+1. Open Windows Explorer and browse to **C:\inetpub\wwwroot\MultiFactorAuth** (or appropriate directory based on the virtual directory name) and edit the **MultiFactorAuthenticationAdfsAdapter.config** file.
+2. Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5. Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from “ to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. ). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **MultiFactorAuthenticationAdfsAdapter.config** file after changes have been made.
 
 ### Edit the AD FS Adapter Windows PowerShell cmdlet
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 1ace62af4d..721eb7e74e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Configure Windows Hello for Business Policy settings
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index d0801276dd..a40b8d401e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate Active Directory prerequisites
 
@@ -66,7 +67,7 @@ Sign-in a domain controller or management workstation with domain administrator
 
 The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy and Certificate template permissions to this group to simplify the deployment by simply adding the users to the group.  This provides them the proper permissions to provision Windows Hello for Business and to enroll in the Windows Hello for Business authentication certificate.
 
-Sign-in a domain controller or management workstation with domain administrator equivalent credentials.
+Sign into a domain controller or management workstation with domain administrator equivalent credentials.
 
 1.	Open **Active Directory Users and Computers**.
 2.	Click **View** and click **Advanced Features**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index db3e667888..f173ae841e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate and Deploy Multifactor Authentication Services (MFA)
 
@@ -42,7 +43,7 @@ A lab or proof-of-concept environment does not need high-availability or scalabi
 Please follow [Download the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#download-the-azure-multi-factor-authentication-server) to download Azure MFA server. 
 
 >[!IMPORTANT]
->Make sure to validate the requirements for Azure MFA server, as outlined in [Install and Configure the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server) before proceeding. Do not use instllation instructions provided in the article.
+>Make sure to validate the requirements for Azure MFA server, as outlined in [Install and Configure the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server) before proceeding. Do not use installation instructions provided in the article.
 
 Once you have validated all the requirements, please proceed to [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md).
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 58043d111b..d2b77944ff 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate and Configure Public Key Infrastructure
 
@@ -64,7 +65,7 @@ By default, the Active Directory Certificate Authority provides and publishes th
 Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 1.	Open the **Certificate Authority** management console.
 2.	Right-click **Certificate Templates** and click **Manage**.
-3.	In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
+3.	In the **Certificate Templates Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
 4.	On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
 5.	On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
     **Note**If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
@@ -81,7 +82,7 @@ The Kerberos Authentication certificate template is the most current certificate
 Sign-in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
 1.	Open the **Certificate Authority** management console.
 2.	Right-click **Certificate Templates** and click **Manage**.
-3.	In the **Certificate Template Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
+3.	In the **Certificate Templates Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
 4.	Click the **Superseded Templates** tab. Click **Add**.
 5.	From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**.  Click **Add**.
 6.	From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.
@@ -98,7 +99,7 @@ Windows 10 clients use the https protocol when communicating with Active Directo
 Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 1.	Open the **Certificate Authority** management console.
 2.	Right-click **Certificate Templates** and click **Manage**.
-3.	In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and click **Duplicate Template**.
+3.	In the **Certificate Templates Console**, right-click the **Web Server** template in the details pane and click **Duplicate Template**.
 4.	On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
 5.	On the **General** tab, type **Internal Web Server** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
     **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the lab.
@@ -168,11 +169,11 @@ You want to confirm your domain controllers enroll the correct certificates and
 
 #### Use the Event Logs
 
-Windows Server 2012 and later include Certificate Lifecycle events to determine the lifecycles of certificates for both users and computers.  Using the Event Viewer, navigate to the **CertificateServices-Lifecycles-System** event log under **Application and Services/Microsoft/Windows**.
+Windows Server 2012 and later include Certificate Lifecycle events to determine the lifecycles of certificates for both users and computers.  Using the Event Viewer, navigate to the **CertificateServicesClient-Lifecycle-System** event log under **Application and Services/Microsoft/Windows**.
 
 Look for an event indicating a new certificate enrollment (autoenrollment).  The details of the event include the certificate template on which the certificate was issued.  The name of the certificate template used to issue the certificate should match the certificate template name included in the event.  The certificate thumbprint and EKUs for the certificate are also included in the event.  The EKU needed for proper Windows Hello for Business authentication is Kerberos Authentication, in addition to other EKUs provide by the certificate template. 
 
-Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServices-Lifecycles-System event.  The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
+Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServicesClient-Lifecycle-System event.  The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate.
 
 
 #### Certificate Manager
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index 4232360ba4..1195192b25 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # On Premises Certificate Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index a6eba5d4f0..da365a7f4e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/29/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business Deployment Guide
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index 5d554eda28..c0da6830ae 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # On Premises Key Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index d392da1bd0..fa0224fc1d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -2,14 +2,15 @@
 title: Windows Hello errors during PIN creation (Windows 10)
 description: When you set up Windows Hello in Windows 10, you may get an error during the Create a work PIN step.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
+ms.reviewer: 
 keywords: PIN, error, create a work PIN
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: troubleshooting
@@ -84,12 +85,12 @@ If the error occurs again, check the error code against the following table to s
 
 0x80090029
 TPM is not set up.
-Sign on with an administrator account. Click **Start**, type "tpm.msc", and select **tpm.msc Microsoft Common Console Document**. In the **Actions** pane, select **Prepare the TPM**. 
+Sign on with an administrator account. Click Start, type "tpm.msc", and select tpm.msc Microsoft Common Console Document. In the Actions pane, select Prepare the TPM. 
 
 
 0x80090031
 NTE_AUTHENTICATION_IGNORED
-Reboot the device. If the error occurs again after rebooting, [reset the TPM]( https://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](https://go.microsoft.com/fwlink/p/?LinkId=629650)
+Reboot the device. If the error occurs again after rebooting, reset the TPM or run Clear-TPM
 
 
 0x80090035
@@ -104,7 +105,7 @@ If the error occurs again, check the error code against the following table to s
 
 0x801C000E
 Registration quota reached
-
                          Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](https://go.microsoft.com/fwlink/p/?LinkId=626933).
                          
+
                          Unjoin some other device that is currently joined using the same account or increase the maximum number of devices per user.
                          
 
 
 0x801C000F
@@ -134,17 +135,17 @@ If the error occurs again, check the error code against the following table to s
 
 0x801C0016
 The federation provider configuration is empty
-Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the file is not empty.
+Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the file is not empty.
 
 
 0x801C0017
 ​The federation provider domain is empty
-Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the FPDOMAINNAME element is not empty.
+Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the FPDOMAINNAME element is not empty.
 
 
 0x801C0018
 The federation provider client configuration URL is empty
-Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the CLIENTCONFIG element contains a valid URL.
+Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the CLIENTCONFIG element contains a valid URL.
 
 
 0x801C03E9
@@ -168,13 +169,13 @@ If the error occurs again, check the error code against the following table to s
 
 
 0x801C03ED
-
                          Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed
                          
+
                          Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed
                          
 
                          -or-
                          
 
                          Token was not found in the Authorization header
                          
 
                          -or-
                          
 
                          Failed to read one or more objects
                          
 
                          -or-
                          The request sent to the server was invalid.
                          
-Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
+Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
 
 
 0x801C03EE
@@ -198,7 +199,7 @@ If the error occurs again, check the error code against the following table to s
 
 
 
- 
+ 
 ## Errors with unknown mitigation
 For errors listed in this table, contact Microsoft Support for assistance.
 
@@ -223,7 +224,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
 | 0x801C03F0  | ​There is no key registered for the user   |
 | 0x801C03F1  | ​There is no UPN in the token          |
 | ​0x801C044C | There is no core window for the current thread     |
- 
+ 
 
 ## Related topics
 
@@ -234,4 +235,4 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
\ No newline at end of file
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md
index 9de0743e58..d0a4a28eb0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-event-300.md
+++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md
@@ -2,14 +2,15 @@
 title: Event ID 300 - Windows Hello successfully created (Windows 10)
 description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD).
 ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04
+ms.reviewer: 
 keywords: ngc
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -27,13 +28,13 @@ This event is created when Windows Hello for Business is successfully created an
 
 ## Event details
 
-| **Product:** | Windows 10 operating system |     
-| --- | --- |                                                                                                                                
-| **ID:** | 300 |
-| **Source:**  | Microsoft Azure Device Registration Service |
-| **Version:** | 10  |
+| **Product:** |                                                                                                                                            Windows 10 operating system                                                                                                                                            |
+|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   **ID:**    |                                                                                                                                                        300                                                                                                                                                        |
+| **Source:**  |                                                                                                                                    Microsoft Azure Device Registration Service                                                                                                                                    |
+| **Version:** |                                                                                                                                                        10                                                                                                                                                         |
 | **Message:** | The NGC key was successfully registered. Key ID: {4476694e-8e3b-4ef8-8487-be21f95e6f07}. UPN:test@contoso.com. Attestation: ATT\_SOFT. Client request ID: . Server request ID: db2da6bd-3d70-4b9b-b26b-444f669902da.
                          Server response: {"kid":"4476694e-8e3b-4ef8-8487-be21f95e6f07","upn":"test@contoso.com"} |
- 
+ 
 ## Resolve
 
 This is a normal condition. No further action is required.
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index 1dabe3c95d..116bff8b92 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -7,15 +7,16 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
-# Windows Hello for Business Frequently Ask Questions
+# Windows Hello for Business Frequently Asked Questions
 
 **Applies to**
 -   Windows 10
@@ -27,7 +28,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
 Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication.  Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business.  New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs.  Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. 
 
 ## Can I deploy Windows Hello for Business using System Center Configuration Manager?
-Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no long be supported after November 2018.
+Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018.
 
 ## How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
 The maximum number of supported enrollments on a single Windows 10 computer is 10.  That enables 10 users to each enroll their face and up to 10 fingerprints.  While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available.
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index d33adb5e38..cc796078e6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -2,14 +2,15 @@
 title: Windows Hello for Business Features
 description: Windows Hello for Business Features 
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
+ms.reviewer: 
 keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, PIN Reset, Dynamic Lock, Multifactor Unlock, Forgot PIN, Privileged credentials
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -128,15 +129,15 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
 
 1. Sign-in to [Azure Portal](https://portal.azure.com) using a tenant administrator account. 
 2. You need your tenant ID to complete the following task.  You can discovery your tenant ID viewing the **Properties** of your Azure Active Directory from the Azure Portal.  You can also use the following command in a command Window on any Azure AD joined or hybrid Azure AD joined computer.
                          
-```
-dsregcmd /status | findstr -snip "tenantid"
-```
+   ```
+   dsregcmd /status | findstr -snip "tenantid"
+   ```
 3. Navigate to the Microsoft Intune blade. Click **Device configuration**. Click **Profiles**. Click **Create profile**.
 4. Type **Use PIN Recovery** in the **Name** field. Select **Windows 10 and later** from the **Platform** list.  Select **Custom** from the **Profile type** list.
 5. In the **Custom OMA-URI Settings** blade, Click **Add**.
 6. In the **Add Row** blade, type **PIN Reset Settings** in the **Name** field. In the **OMA-URI** field, type **./Device/Vendor/MSFT/PassportForWork/*tenant ID*/Policies/EnablePinRecovery** where *tenant ID* is your Azure Active Directory tenant ID from step 2.
 7. Select **Boolean** from the **Data type** list and select **True** from the **Value** list.
-8. Click **OK** to save the row configuration. Click **OK** to close the **Custom OMA-URI Settings blade.  Click **Create** to save the profile.
+8. Click **OK** to save the row configuration. Click **OK** to close the Custom OMA-URI Settings blade.  Click **Create to save the profile.
  
 ##### Assign the PIN Reset Device configuration profile using Microsoft Intune
 1. Sign-in to [Azure Portal](https://portal.azure.com) using a tenant administrator account. 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
index febe2008ee..cabdfe9676 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business and Authentication
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md
index 530d0923a7..c4ffbeb3a0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business and Device Registration
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 23eed38ace..0492d0e9fc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -6,17 +6,18 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business Provisioning
 
-**Applies to:**
+Applies to:
 -   Windows 10
 
 Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication.  Provisioning experience vary based on:
@@ -60,14 +61,16 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 ## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment
 ![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed ennvironment](images/howitworks/prov-haadj-keytrust-managed.png)
 
-| Phase  | Description  |
-| :----: | :----------- |
-| A|The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
-|B | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).|
-|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits.|
-|D | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.|
+
+| Phase | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+|:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   A   | The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
+|   B   | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).                                                                                                                                                                                                                                                                         |
+|   C   | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits.                                                                                                                                                                                                                                                                                                                                                         |
+|   D   | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
+
 > [!IMPORTANT]
-> The newly provisionied user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
+> The newly provisioned user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
 
 
 
@@ -76,52 +79,58 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 ## Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment
 ![Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](images/howitworks/prov-haadj-certtrust-managed.png)
 
-| Phase  | Description  |
-| :----: | :----------- |
-| A|The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
-|B | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).|
-|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application, which represents the end of user key registration.|
-|D | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.|
-|E | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, certificate enrollment is deferred until Phase F completes.  The application is informed of the deferment and exits to the user's desktop.  The automatic certificate enrollment client triggers the Azure AD Web Account Manager plug-in to retry the certificate enrollment at 24, 85, 145, 205, 265, and 480 minutes after phase C successfully completes.  The user must remain signed in for automatic certificate enrollment to trigger certificate enrollment.  If the user signs out, automatic certificate enrollment is triggered approximately 30 minutes after the user's next sign in.
                           After validating the public key, the registration authority signs the certificate request using its enrollment agent certificate.|
-|G |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
-|H | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.|    
-|F | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.|
+
+| Phase | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|:-----:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   A   | The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application.                                                     |
+|   B   | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).                                                                                                                                                                                                                                                                                                                             |
+|   C   | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application, which represents the end of user key registration.                                                                                                                                                                                                                                                                                                                                                                                                                               |
+|   D   | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.                                                                                                                                                                                                                                                                                           |
+|   E   | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, certificate enrollment is deferred until Phase F completes.  The application is informed of the deferment and exits to the user's desktop.  The automatic certificate enrollment client triggers the Azure AD Web Account Manager plug-in to retry the certificate enrollment at 24, 85, 145, 205, 265, and 480 minutes after phase C successfully completes.  The user must remain signed in for automatic certificate enrollment to trigger certificate enrollment.  If the user signs out, automatic certificate enrollment is triggered approximately 30 minutes after the user's next sign in.
                           After validating the public key, the registration authority signs the certificate request using its enrollment agent certificate. |
+|   G   | The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+|   H   | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+|   F   | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
+
 > [!IMPORTANT]
-> The newly provisionied user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
+> The newly provisioned user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
 
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment
 ![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](images/howitworks/prov-haadj-instant-certtrust-managed.png)
 
-| Phase  | Description  |
-| :----: | :----------- |
-| A|The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
-|B | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).|
-|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID and a key receipt to the application, which represents the end of user key registration.|
-|D | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the key receipt and certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.|
-|E | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, it then validates the key receipt to confirm the key was securely registered with Azure.
                          After validating the key receipt or public key, the registration authority signs the certificate request using its enrollment agent certificate.|
-|F |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
-|G | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.|    
+
+| Phase | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+|:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   A   | The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services provides the second factor of authentication.  If the user has performed Azure MFA within the last 10 minutes, such as when registering the device from the out-of-box-experience (OOBE), then they are not prompted for MFA because the current MFA remains valid.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
+|   B   | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).                                                                                                                                                                                                                                                                         |
+|   C   | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID and a key receipt to the application, which represents the end of user key registration.                                                                                                                                                                                                                                                                                                                                                         |
+|   D   | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the key receipt and certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.                                                                                                                                                                                                                       |
+|   E   | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, it then validates the key receipt to confirm the key was securely registered with Azure.
                          After validating the key receipt or public key, the registration authority signs the certificate request using its enrollment agent certificate.                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+|   F   | The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
+|   G   | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+
 > [!IMPORTANT]
-> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
+> Synchronous certificate enrollment does not depend on Azure AD Connect to synchronize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not shown in this flow.
 
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment
-![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Fedeerated environment](images/howitworks/prov-haadj-instant-certtrust-federated.png)
+![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](images/howitworks/prov-haadj-instant-certtrust-federated.png)
+
+
+| Phase | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|:-----:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   A   | The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                            In a federated environment, the plug-in sends the token request to the on-premises STS, such as Active Directory Federation Services.  The on-premises STS authenticates the user and determines if the user should perform another factor of authentication.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services (or a third party MFA service) provides the second factor of authentication.
                           The on-premises STS server issues a enterprise token on successful MFA.  The application sends the token to Azure Active Directory.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
+|   B   | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
+|   C   | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID and a key receipt to the application, which represents the end of user key registration.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
+|   D   | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the key receipt and certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.                                                                                                                                                                                                                                                                                                                                                                                                                                           |
+|   E   | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, it then validates the key receipt to confirm the key was securely registered with Azure.
                          After validating the key receipt or public key, the registration authority signs the certificate request using its enrollment agent certificate.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+|   F   | The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+|   G   | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
 
-| Phase  | Description  |
-| :----: | :----------- |
-| A|The provisioning application hosted in the Cloud Experience Host (CXH) starts provisioning by requesting an access token for the Azure Device Registration Service (ADRS). The application makes the request using the Azure Active Directory Web Account Manager plug-in.
                            In a federated environment, the plug-in sends the token request to the on-premises STS, such as Active Directory Federation Services.  The on-premises STS authenticates the user and determines if the user should perform another factor of authentication.
                          Users must provide two factors of authentication.  In this phase, the user has already provided one factor of authentication, typically user name and password.  Azure MFA services (or a third party MFA service) provides the second factor of authentication.
                           The on-premises STS server issues a enterprise token on successful MFA.  The application sends the token to Azure Active Directory.
                          Azure Active Directory validates the access token request and the MFA claim associated with it, creates an ADRS access token, and returns it to the application. |
-|B | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor.  If the application detects a biometric sensor, it gives the user the choice to enroll biometrics.  After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics).  The user provides and confirms their PIN.  Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data.  This is the user key (ukpub/ukpriv).|
-|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID and a key receipt to the application, which represents the end of user key registration.|
-|D | The certificate request portion of provisioning begins after the application receives a successful response from key registration.  The application creates a PKCS#10 certificate request.  The key used in the certificate request is the same key that was securely provisioned.
                           The application sends the key receipt and certificate request, which includes the public key, to the certificate registration authority hosted on the Active Directory Federation Services (AD FS) farm.
                            After receiving the certificate request, the certificate registration authority queries Active Directory for the msDS-KeyCredentailsLink for a list of registered public keys.|
-|E | The registration authority validates the public key in the certificate request matches a registered key for the user.
                            If the public key in the certificate is not found in the list of registered public keys, it then validates the key receipt to confirm the key was securely registered with Azure.
                          After validating the key receipt or public key, the registration authority signs the certificate request using its enrollment agent certificate.|
-|F |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
-|G | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.| 
 > [!IMPORTANT]
-> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
+> Synchronous certificate enrollment does not depend on Azure AD Connect to synchronize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not shown in this flow.
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Domain joined provisioning in an On-premises Key Trust deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
index 4ef877a48b..ca78d68e98 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Technical Deep Dive
 
@@ -43,6 +44,6 @@ Provision can occur automatically through the out-of-box-experience (OOBE) on Az
 
 ## Authentication
 
-Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment.  With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN.  PIN is the most common gesture and is avaiable on most computers and devices.  Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.  The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device.  It is user provided entropy when performing operations that use the private portion of the credential.
+Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment.  With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN.  PIN is the most common gesture and is available on most computers and devices.  Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.  The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device.  It is user provided entropy when performing operations that use the private portion of the credential.
 
 [How Windows Hello for Business authentication works](hello-how-it-works-authentication.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index d12e00c028..fe8e1659ff 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -6,24 +6,26 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 10/08/2018
+ms.reviewer: 
 ---
 # Technology and Terms
 
 **Applies to:**
--   Windows 10
+- Windows 10
 
 - [Attestation Identity Keys](#attestation-identity-keys)
 - [Azure AD Joined](#azure-ad-joined)
 - [Azure AD Registered](#azure-ad-registered)
 - [Certificate Trust](#certificate-trust)
 - [Cloud Deployment](#cloud-deployment)
+- [Cloud Experience Host](#cloud-experience-host)
 - [Deployment Type](#deployment-type)
 - [Endorsement Key](#endorsement-key)
 - [Federated Environment](#federated-environment)
@@ -33,13 +35,13 @@ ms.date: 10/08/2018
 - [Key Trust](#key-trust)
 - [Managed Environment](#managed-environment)
 - [On-premises Deployment](#on-premises-deployment)
-- [Pass-through Authentication](#passthrough-authentication)
-- [Password Hash Synchronization](#password-hash-synchronization)
+- [Pass-through Authentication](#pass-through-authentication)
+- [Password Hash Synchronization](#password-hash-sync)
 - [Primary Refresh Token](#primary-refresh-token) 
 - [Storage Root Key](#storage-root-key)
 - [Trust Type](#trust-type)
 - [Trusted Platform Module](#trusted-platform-module)
-
                          
+  
                          
 
 ## Attestation Identity Keys
 Because the endorsement certificate is unique for each device and does not change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows 10 issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
@@ -99,6 +101,17 @@ The Windows Hello for Business Cloud deployment is exclusively for organizations
 [Azure AD Joined](#azure-ad-joined), [Azure AD Registered](#azure-ad-registered), [Deployment Type](#deployment-type), [Join Type](#join-type)
 
 [Return to Top](hello-how-it-works-technology.md)
+## Cloud Experience Host
+In Windows 10, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. 
+
+### Related topics
+[Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification), [Managed Windows Hello in Organization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-manage-in-organization)
+
+### More information
+- [Windows Hello for Business and Device Registration](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration)
+
+[Return to Top](hello-how-it-works-technology.md)
+
 ## Deployment Type
 Windows Hello for Business has three deployment models to accommodate the needs of different organizations.  The three deployment models include:
 - Cloud
@@ -200,9 +213,9 @@ The key trust model uses the user's Windows Hello for Business identity to authe
 Managed environments are for non-federated environments where Azure Active Directory manages the authentication using technologies such as Password Hash Synchronization and Pass-through Authentication rather than a federation service such as Active Directory Federation Services. 
 
 ### Related topics
-[Federated Environment](#federated-environment), [Pass-through authentication](#pass-through-authentication), [Password Hash Synchronization](#password-hash-synchronization)
+[Federated Environment](#federated-environment), [Pass-through authentication](#pass-through-authentication), [Password Hash Synchronization](#password-hash-sync)
 
-[Return to Top](#Technology-and-Terms)
+[Return to Top](#technology-and-terms)
 ## On-premises Deployment 
 The Windows Hello for Business on-premises deployment is for organizations that exclusively have on-premises resources that are accessed using Active Directory identities.  On-premises deployments support domain joined devices.  The on-premises deployment model supports two authentication trust types, key trust and certificate trust.
 
@@ -217,13 +230,13 @@ The Windows Hello for Business on-premises deployment is for organizations that
 Provides a simple password validation for Azure AD authentication services using a software agent running on one or more on-premises servers to validate the users directly with your on-premises Active Directory. With pass-through authentication (PTA), you synchronize on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Allows your users to sign in to both on-premises and Office 365 resources and applications using their on-premises account and password. This configuration validates users' passwords directly against your on-premises Active Directory without sending password hashes to Office 365. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and logon hours would use this authentication method. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network.
 
 ### Related topics
-[Federated Environment](#federated-environment), [Managed Environment](#managed-environment), [Password Hash Synchronization](#password-hash-synchronization)
+[Federated Environment](#federated-environment), [Managed Environment](#managed-environment), [Password Hash Synchronization](#password-hash-sync)
 
 
 ### More information
 - [Choosing the right authentication method for your Azure Active Directory hybrid identity solution](https://docs.microsoft.com/azure/security/azure-ad-choose-authn)
 
-[Return to Top](#hello-how-it-works-technology.md)
+[Return to Top](hello-how-it-works-technology.md)
 ## Password Hash Sync
 The simplest way to enable authentication for on-premises directory objects in Azure AD. With password hash sync (PHS), you synchronize your on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Hashes of user passwords are synchronized from your on-premises Active Directory to Azure AD so that the users have the same password on-premises and in the cloud. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD so that your users can always use the same password for cloud resources and on-premises resources. The passwords are never sent to Azure AD or stored in Azure AD in clear text. Some premium features of Azure AD, such as Identity Protection, require PHS regardless of which authentication method is selected. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network.
 
@@ -241,7 +254,7 @@ The PRT is initially obtained during Windows Logon (user sign-in/unlock) in a si
 
 The PRT is needed for SSO. Without it, the user will be prompted for credentials when accessing applications every time. Please also note that the PRT contains information about the device. This means that if you have any [device-based conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-policy-connected-applications) policy set on an application, without the PRT, access will be denied.
 
-[Return to Top](#Technology-and-Terms)
+[Return to Top](#technology-and-terms)
 ## Storage Root Key
 The storage root key (SRK) is also an asymmetric key pair (RSA with a minimum of 2048 bits length). The SRK has a major role and is used to protect TPM keys, so that these keys cannot be used without the TPM. The SRK key is created when the ownership of the TPM is taken.
 
@@ -272,9 +285,9 @@ A TPM implements controls that meet the specification described by the Trusted C
 - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
 - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-Windows�10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948).
+Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948).
 
-Windows�10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows�10 supports only TPM 2.0. 
+Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. 
 
 TPM 2.0 provides a major revision to the capabilities over TPM 1.2:
 
@@ -304,18 +317,3 @@ In a simplified manner, the TPM is a passive component with limited resources. I
 
 [Return to Top](hello-how-it-works-technology.md)
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-    
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 97783034ca..2b3da46104 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 05/05/2018
+ms.reviewer: 
 ---
 # How Windows Hello for Business works
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index bf17a84426..fbb7791800 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business
 
@@ -113,16 +114,16 @@ You need to host your new certificate revocation list of a web server so Azure A
 1. From **Windows Administrative Tools**, Open **Internet Information Services (IIS) Manager**.
 2. Expand the navigation pane to show **Default Web Site**.  Select and then right-click **Default Web site** and click **Add Virtual Directory...**.
 3. In the **Add Virtual Directory** dialog box, type **cdp** in **alias**.  For physical path, type or browse for the physical file location where you will host the certificate revocation list.  For this example, the path **c:\cdp** is used. Click **OK**.
-![Add Virtual Directory](images/aadj/iis-add-virtual-directory.png) 
-> [!NOTE]
-> Make note of this path as you will use it later to configure share and file permissions.
+   ![Add Virtual Directory](images/aadj/iis-add-virtual-directory.png) 
+   > [!NOTE]
+   > Make note of this path as you will use it later to configure share and file permissions.
 
 4. Select **CDP** under **Default Web Site** in the navigation pane.  Double-click **Directory Browsing** in the content pane.  Click **Enable** in the details pane.
 5. Select **CDP** under **Default Web Site** in the navigation pane.  Double-click **Configuration Editor**.
 6. In the **Section** list, navigate to **system.webServer/security/requestFiltering**.
-![IIS Configuration Editor requestFiltering](images/aadj/iis-config-editor-requestFiltering.png)   
-In the list of named value-pairs in the content pane, configure **allowDoubleEscapting** to **True**.  Click **Apply** in the actions pane.
-![IIS Configuration Editor double escaping](images/aadj/iis-config-editor-allowDoubleEscaping.png)
+   ![IIS Configuration Editor requestFiltering](images/aadj/iis-config-editor-requestFiltering.png)   
+   In the list of named value-pairs in the content pane, configure **allowDoubleEscapting** to **True**.  Click **Apply** in the actions pane.
+   ![IIS Configuration Editor double escaping](images/aadj/iis-config-editor-allowDoubleEscaping.png)
 7. Close **Internet Information Services (IIS) Manager**. 
 
 #### Create a DNS resource record for the CRL distribution point URL 
@@ -141,7 +142,7 @@ These procedures configure NTFS and share permissions on the web server to allow
 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
 2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.
-3. Select **Share this folder**. Type **cdp$** in **Share name:**. Click **Permissions**.
+3. Select **Share this folder**. Type **cdp$** in **Share name**. Click **Permissions**.
 ![cdp sharing](images/aadj/cdp-sharing.png)
 4. In the **Permissions for cdp$** dialog box, click **Add**.
 5. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, click **Object Types**.  In the **Object Types** dialog box, select **Computers**, and then click **OK**.
@@ -179,12 +180,12 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**. 
 2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
 3. Click **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**. Type **http://crl.[domainname]/cdp/** in **location**.  For example, *http://crl.corp.contoso.com/cdp/* or *http://crl.contoso.com/cdp/* (do not forget the trailing forward slash). 
-![CDP New Location dialog box](images/aadj/cdp-extension-new-location.png)
+4. On the **Extensions** tab, click **Add**. Type http://crl.[domainname]/cdp/ in **location**.  For example, ** or ** (do not forget the trailing forward slash). 
+   ![CDP New Location dialog box](images/aadj/cdp-extension-new-location.png)
 5. Select **\** from the **Variable** list and click **Insert**.  Select **\** from the **Variable** list and click **Insert**.  Select **\** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
 7. Select the CDP you just created.
-![CDP complete http](images/aadj/cdp-extension-complete-http.png)
+   ![CDP complete http](images/aadj/cdp-extension-complete-http.png)
 8. Select **Include in CRLs.  Clients use this to find Delta CRL locations**.
 9. Select **Include in the CDP extension of issued certificates**.
 10. Click **Apply** save your selections.  Click **No** when ask to restart the service.
@@ -197,11 +198,11 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**. 
 2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
 3. Click **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\** (do not forget the trailing backwards slash).
+4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash).
 5. Select **\** from the **Variable** list and click **Insert**.  Select **\** from the **Variable** list and click **Insert**.  Select **\** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
 7. Select the CDP you just created.
-![CDP publishing location](images/aadj/cdp-extension-complete-unc.png)
+   ![CDP publishing location](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.
 10. Click **Apply** save your selections.  Click **Yes** when ask to restart the service.  Click **OK** to close the properties dialog box.
@@ -217,8 +218,8 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 
 Validate your new CRL distribution point is working. 
 
-1. Open a web browser.  Navigate to **http://crl.[yourdomain].com/cdp**.  You should see two files created from publishing your new CRL.
-![Validate the new CRL](images/aadj/validate-cdp-using-browser.png)
+1. Open a web browser.  Navigate to http://crl.[yourdomain].com/cdp.  You should see two files created from publishing your new CRL.
+   ![Validate the new CRL](images/aadj/validate-cdp-using-browser.png)
 
 ### Reissue domain controller certificates
 
@@ -280,10 +281,10 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted
 1. Sign-in to the [Microsoft Azure Portal](https://portal.azure.com) and select **Microsoft Intune**.
 2. Click **Device configuration**.  In the **Device Configuration** blade, click **Create profile**.
 ![Intune Create Profile](images/aadj/intune-create-device-config-profile.png)
-3. In the **Create profle** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Click **Configure**.
+3. In the **Create profile** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Click **Configure**.
 4. In the **Trusted Certificate** blade, use the folder icon to browse for the location of the enterprise root certificate file you created in step 8 of [Export Enterprise Root certificate](#export-enterprise-root-certificate).  Click **OK**.  Click **Create**.
 ![Intune Trusted Certificate Profile](images/aadj/intune-create-trusted-certificate-profile.png)
-5. In the **Enterprise Root Certificate** blade, click **Assignmnets**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Click **Save**.
+5. In the **Enterprise Root Certificate** blade, click **Assignments**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Click **Save**.
 ![Intune Profile assignment](images/aadj/intune-device-config-enterprise-root-assignment.png)
 6. Sign out of the Microsoft Azure Portal.
 
@@ -296,25 +297,25 @@ Sign-in a workstation with access equivalent to a _domain user_.
 3. Click **device enrollment**.
 4. Click **Windows enrollment**
 5. Under **Windows enrollment**, click **Windows Hello for Business**.
-![Create Intune Windows Hello for Business Policy](images/aadj/IntuneWHFBPolicy-00.png)
+   ![Create Intune Windows Hello for Business Policy](images/aadj/IntuneWHFBPolicy-00.png)
 6. Under **Priority**, click **Default**. 
 7. Under **All users and all devices**, click **Settings**.
 8. Select **Enabled** from the **Configure Windows Hello for Business** list.
 9. Select **Required** next to **Use a Trusted Platform Module (TPM)**.  By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software based keys.
 10. Type the desired **Minimum PIN length** and **Maximum PIN length**.
-> [!IMPORTANT]
-> The default minimum PIN length for Windows Hello for Business on Windows 10 is 6.  Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN.  If you do not have a desired PIN length, set the minimum PIN length to 6.
+    > [!IMPORTANT]
+    > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6.  Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN.  If you do not have a desired PIN length, set the minimum PIN length to 6.
 
 ![Intune Windows Hello for Business policy settings](images/aadj/IntuneWHFBPolicy-01.png)
 
 11. Select the appropriate configuration for the following settings.
-  * **Lowercase letters in PIN**
-  * **Uppercase letters in PIN**
-  * **Special characters in PIN**
-  * **PIN expiration (days)**
-  * **Remember PIN history**
-> [!NOTE]
-> The Windows Hello for Business PIN is not a symmetric key (a password).  A copy of the current PIN is not stored locally or on a server like in the case of passwords.  Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs.  Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN.  If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
+   * **Lowercase letters in PIN**
+   * **Uppercase letters in PIN**
+   * **Special characters in PIN**
+   * **PIN expiration (days)**
+   * **Remember PIN history**
+     > [!NOTE]
+     > The Windows Hello for Business PIN is not a symmetric key (a password).  A copy of the current PIN is not stored locally or on a server like in the case of passwords.  Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs.  Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN.  If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
 
 12. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device.  To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**.
 13. Select **No** to **Allow phone sign-in**.  This feature has been deprecated.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index b571ee817f..4baae2e5a4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Using Certificates for AADJ On-premises Single-sign On
 
@@ -69,8 +70,8 @@ To include the on-premises distinguished name in the certificate's subject, Azur
 ### Verify AAD Connect version
 Sign-in to computer running Azure AD Connect with access equivalent to _local administrator_.
 
-1. Open **Syncrhonization Services** from the **Azure AD Connect** folder.
-2. In the **Syncrhonization Service Manager**, click **Help** and then click **About**.
+1. Open **Synchronization Services** from the **Azure AD Connect** folder.
+2. In the **Synchronization Service Manager**, click **Help** and then click **About**.
 3. If the version number is not **1.1.819** or later, then upgrade Azure AD Connect to the latest version.
 
 ### Verify the onPremisesDistinguishedName attribute is synchronized
@@ -78,9 +79,9 @@ The easiest way to verify the onPremisesDistingushedNamne attribute is synchroni
 
 1. Open a web browser and navigate to https://graphexplorer.azurewebsites.net/
 2. Click **Login** and provide Azure credentials
-3. In the Azure AD Graph Explorer URL, type **https://graph.windows.net/myorganization/users/[userid], where **[userid]** is the user principal name of user in Azure Active Directory.  Click **Go**
+3. In the Azure AD Graph Explorer URL, type https://graph.windows.net/myorganization/users/[userid], where **[userid] is the user principal name of user in Azure Active Directory.  Click **Go**
 4. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute.  Ensure the attribute has a value and the value is accurate for the given user.
-![Azure AD Connect On-Prem DN Attribute](images/aadjcert/aadconnectonpremdn.png)
+   ![Azure AD Connect On-Prem DN Attribute](images/aadjcert/aadconnectonpremdn.png)
 
 ## Prepare the Network Device Enrollment Services (NDES) Service Account
 
@@ -172,14 +173,14 @@ You must prepare the public key infrastructure and the issuing certificate autho
 When deploying certificates using Microsoft Intune, you have the option of providing the validity period in the SCEP certificate profile rather than relying on the validity period in the certificate template.  If you need to issue the same certificate with different validity periods, it may be advantageous to use the SCEP profile, given the limited number of certificates a single NDES server can issue.
 
 > [!NOTE]
-> Skip this step if you do not want to enable Microsoft Intune to specify the validity period of the certificate.  Without this configuiration, the certificate request uses the validity period configured in the certificate template.
+> Skip this step if you do not want to enable Microsoft Intune to specify the validity period of the certificate.  Without this configuration, the certificate request uses the validity period configured in the certificate template.
 
 Sign-in to the issuing certificate authority with access equivalent to _local administrator_.
 
 1. Open and elevated command prompt.  Type the command
-```
-certutil -setreg Policy\EditFlags +EDITF_ATTRIBUTEENDDATE
-```
+   ```
+   certutil -setreg Policy\EditFlags +EDITF_ATTRIBUTEENDDATE
+   ```
 2. Restart the **Active Directory Certificate Services** service. 
 
 ### Create an NDES-Intune authentication certificate template
@@ -222,7 +223,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
 > [!Important]
-> Ensure you publish the **AADJ WHFB Authentication** certificate templates to the certificate authority that Microsoft Intune uses by way of the NDES servers. The NDES configuration asks you to choose a certificate authority from which it requests certificates.  You need to publish that cerificate templates to that issuing certificate authority.  The **NDES-Intune Authentication** certificate is directly enrolled and can be published to any certificate authority.
+> Ensure you publish the **AADJ WHFB Authentication** certificate templates to the certificate authority that Microsoft Intune uses by way of the NDES servers. The NDES configuration asks you to choose a certificate authority from which it requests certificates.  You need to publish that certificate templates to that issuing certificate authority.  The **NDES-Intune Authentication** certificate is directly enrolled and can be published to any certificate authority.
 
 Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
 
@@ -251,27 +252,27 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
 1. Open **Server Manager** on the NDES server.
 2. Click **Manage**.  Click **Add Roles and Features**. 
 3. In the **Add Roles and Features Wizard**, on the **Before you begin** page, click **Next**.  Select **Role-based or feature-based installation** on the **Select installation type** page.  Click **Next**.  Click **Select a server from the server pool**.  Select the local server from the **Server Pool** list.  Click **Next**.
-![Server Manager destination server](images/aadjCert/servermanager-destination-server-ndes.png)
+   ![Server Manager destination server](images/aadjCert/servermanager-destination-server-ndes.png)
 4. On the **Select server roles** page, select **Active Directory Certificate Services** from the **Roles** list.  
-![Server Manager AD CS Role](images/aadjCert/servermanager-adcs-role.png)
-Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Click **Next**.
-![Server Manager Add Features](images/aadjcert/serverManager-adcs-add-features.png)
+   ![Server Manager AD CS Role](images/aadjCert/servermanager-adcs-role.png)
+   Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Click **Next**.
+   ![Server Manager Add Features](images/aadjcert/serverManager-adcs-add-features.png)
 5. On the **Features** page, expand **.NET Framework 3.5 Features**.  Select **HTTP Activation**.  Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Expand **.NET Framework 4.5 Features**.  Expand **WCF Services**.  Select **HTTP Activation**.  Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Click **Next**.
-![Server Manager Feature HTTP Activation](images/aadjcert/servermanager-adcs-http-activation.png)
+   ![Server Manager Feature HTTP Activation](images/aadjcert/servermanager-adcs-http-activation.png)
 6. On the **Select role services** page, clear the **Certificate Authority** check box. Select the **Network Device Enrollment Service**.  Click **Add Features** on the **Add Roles and Features Wizard** dialog box. Click **Next**.
-![Server Manager ADCS NDES Role](images/aadjcert/servermanager-adcs-ndes-role-checked.png)
+   ![Server Manager ADCS NDES Role](images/aadjcert/servermanager-adcs-ndes-role-checked.png)
 7. Click **Next** on the **Web Server Role (IIS)** page.
 8. On the **Select role services** page for the Web Serve role, Select the following additional services if they are not already selected and then click **Next**.
-  * **Web Server > Security > Request Filtering**
-  * **Web Server > Application Development > ASP.NET 3.5**.
-  * **Web Server > Application Development > ASP.NET 4.5**.   .
-  * **Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility**
-  * **Management Tools > IIS 6 Management Compatibility > IIS 6 WMI Compatibility**
-![Server Manager Web Server Role](images/aadjcert/servermanager-adcs-webserver-role.png)
+   * **Web Server > Security > Request Filtering**
+   * **Web Server > Application Development > ASP.NET 3.5**.
+   * **Web Server > Application Development > ASP.NET 4.5**.   .
+   * **Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility**
+   * **Management Tools > IIS 6 Management Compatibility > IIS 6 WMI Compatibility**
+   ![Server Manager Web Server Role](images/aadjcert/servermanager-adcs-webserver-role.png)
 9. Click **Install**. When the installation completes, continue with the next procedure.  **Do not click Close**.
-> [!Important]
-> The .NET Framework 3.5 is not included in the typical installation.  If the server is connected to the Internet, the installation attempts to get the files using Windows Update.  If the server is not connected to the Internet, you need to **Specify an alternate source path** such as \:\\Sources\SxS\
-![.NET Side by Side](images/aadjcert/dotNet35sidebyside.png)
+   > [!Important]
+   > The .NET Framework 3.5 is not included in the typical installation.  If the server is connected to the Internet, the installation attempts to get the files using Windows Update.  If the server is not connected to the Internet, you need to **Specify an alternate source path** such as \:\\Sources\SxS\
+   ![.NET Side by Side](images/aadjcert/dotNet35sidebyside.png)
 
 ### Configure the NDES service account
 This task adds the NDES service account to the local IIS_USRS group.  The task also configures the NDES service account for Kerberos authentication and delegation
@@ -373,7 +374,7 @@ where **registryValueName** is one of the three value names from the above table
 5. Close the command prompt.
 
 > [!IMPORTANT]
-> Use the **name** of the certificate template; not the **display name**.  The certificate template name does not include spaces.  You can view the certificate names by looking at the **General** tab of the certificate template's properties in the **Certifcates Templates** management console (certtmpl.msc).
+> Use the **name** of the certificate template; not the **display name**.  The certificate template name does not include spaces.  You can view the certificate names by looking at the **General** tab of the certificate template's properties in the **Certificates Templates** management console (certtmpl.msc).
 
 ### Create a Web Application Proxy for the internal NDES URL.
 Certificate enrollment for Azure AD joined devices occurs over the Internet.  As a result, the internal NDES URLs must be accessible externally. You can do this easily and securely using Azure Active Directory Application Proxy.  Azure AD Application Proxy provides single sign-on and secure remote access for web applications hosted on-premises, such as Network Device Enrollment Services.
@@ -391,18 +392,18 @@ Sign-in a workstation with access equivalent to a _domain user_.
 2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, Click **Azure Active Directory**.
 3. Under **MANAGE**, click **Application proxy**.
 4. Click **Download connector service**.  Click **Accept terms & Download**.  Save the file (AADApplicationProxyConnectorInstaller.exe) in a location accessible by others on the domain.
-![Azure Application Proxy Connectors](images/aadjcert/azureconsole-applicationproxy-connectors-empty.png)
+   ![Azure Application Proxy Connectors](images/aadjcert/azureconsole-applicationproxy-connectors-empty.png)
 5. Sign-in the computer that will run the connector with access equivalent to a _domain user_.
-> [!IMPORTANT]
-> Install a minimum of two Azure Active Directory Proxy connectors for each NDES Application Proxy.  Strategtically locate Azure AD application proxy connectors throughout your organization to ensure maximum availablity.  Remember, devices running the connector must be able to communicate with Azure and the on-premises NDES servers.
+   > [!IMPORTANT]
+   > Install a minimum of two Azure Active Directory Proxy connectors for each NDES Application Proxy.  Strategtically locate Azure AD application proxy connectors throughout your organization to ensure maximum availablity.  Remember, devices running the connector must be able to communicate with Azure and the on-premises NDES servers.
 
 6. Start **AADApplicationProxyConnectorInstaller.exe**.
 7. Read the license terms and then select **I agree to the license terms and conditions**.  Click **Install**.
-![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-01.png)
+   ![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-01.png)
 8. Sign-in to Microsoft Azure with access equivalent to **Global Administrator**.
-![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-02.png)
+   ![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-02.png)
 9. When the installation completes. Read the information regarding outbound proxy servers.  Click **Close**.
-![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-03.png)
+   ![Azure Application Proxy Connector](images/aadjcert/azureappproxyconnectorinstall-03.png)
 10. Repeat steps 5 - 10 for each device that will run the Azure AD Application Proxy connector for Windows Hello for Business certificate deployments.
 
 #### Create a Connector Group
@@ -425,16 +426,16 @@ Sign-in a workstation with access equivalent to a _domain user_.
 3. Under **MANAGE**, click **Application proxy**.
 4. Click **Configure an app**.
 5. Under **Basic Settings** next to **Name**, type **WHFB NDES 01**.  Choose a name that correlates this Azure AD Application Proxy setting with the on-premises NDES server.  Each NDES server must have its own Azure AD Application Proxy as two NDES servers cannot share the same internal URL.
-6. Next to **Internal Url**, type the internal fully qualified DNS name of the NDES server associated with this Azure AD Application Proxy.  For example, https://ndes.corp.mstepdemo.net).  This must match the internal DNS name of the NDES server and ensure you prefix the Url with **https**.
+6. Next to **Internal Url**, type the internal, fully qualified DNS name of the NDES server associated with this Azure AD Application Proxy.  For example, https://ndes.corp.mstepdemo.net).  You need to match the primary host name (AD Computer Account name) of the NDES server, and prefix the URL with **https**.
 7. Under **Internal Url**, select **https://** from the first list.  In the text box next to **https://**, type the hostname you want to use as your external hostname for the Azure AD Application Proxy.  In the list next to the hostname you typed, select a DNS suffix you want to use externally for the Azure AD Application Proxy.  It is recommended to use the default, -[tenantName].msapproxy.net where **[tenantName]** is your current Azure Active Directory tenant name (-mstephendemo.msappproxy.net).
-![Azure NDES Application Proxy Configuration](images/aadjcert/azureconsole-appproxyconfig.png)
+   ![Azure NDES Application Proxy Configuration](images/aadjcert/azureconsole-appproxyconfig.png)
 8. Select **Passthrough** from the **Pre Authentication** list.
 9. Select **NDES WHFB Connectors** from the **Connector Group** list.
 10. Under **Additional Settings**, select **Default** from **Backend Application Timeout**.  Under the **Translate URLLs In** section, select **Yes** next to **Headers** and select **No** next to **Application Body**.
 11. Click **Add**.
 12. Sign-out of the Azure Portal.
-> [!IMPORTANT]
-> Write down the internal and external URLs.  You will need this information when you enroll the NDES-Intune Authentication certificate.
+    > [!IMPORTANT]
+    > Write down the internal and external URLs.  You will need this information when you enroll the NDES-Intune Authentication certificate.
 
 
 ### Enroll the NDES-Intune Authentication certificate
@@ -547,39 +548,39 @@ Sign-in the NDES server with access equivalent to _domain administrator_.
 1. Copy the Intune Certificate Connector Setup (NDESConnectorSetup.exe) downloaded in the previous task locally to the NDES server.
 2. Run **NDESConnectorSetup.exe** as an administrator. If the setup shows a dialog that reads **Microsoft Intune NDES Connector requires HTTP Activation**, ensure you started the application as an administrator, then check HTTP Activation is enabled on the NDES server.
 3. On the **Microsoft Intune** page, click **Next**. 
-![Intune Connector Install 01](images/aadjcert/intunecertconnectorinstall-01.png)
+   ![Intune Connector Install 01](images/aadjcert/intunecertconnectorinstall-01.png)
 4. Read the **End User License Agreement**.  Click **Next** to accept the agreement and to proceed with the installation.
 5. On the **Destination Folder** page, click **Next**.
 6. On the **Installation Options** page, select **SCEP and PFX Profile Distribution** and click **Next**.
-![Intune Connector Install 03](images/aadjcert/intunecertconnectorinstall-03.png)
+   ![Intune Connector Install 03](images/aadjcert/intunecertconnectorinstall-03.png)
 7. On the **Client certificate for Microsoft Intune** page, Click **Select**.  Select the certificate previously enrolled for the NDES server. Click **Next**. 
-![Intune Connector Install 05](images/aadjcert/intunecertconnectorinstall-05.png)
-> [!NOTE]
-> The **Client certificate for Microsoft Intune** page does not update after selecting the client authentication certificate.  However, the application rembers the selection and shows it in the next page.
+   ![Intune Connector Install 05](images/aadjcert/intunecertconnectorinstall-05.png)
+   > [!NOTE]
+   > The **Client certificate for Microsoft Intune** page does not update after selecting the client authentication certificate.  However, the application rembers the selection and shows it in the next page.
 
 8. On the **Client certificate for the NDES Policy Module** page, verify the certificate information and then click **Next**.
 9. ON the **Ready to install Microsoft Intune Connector** page. Click **Install**.
-![Intune Connector Install 06](images/aadjcert/intunecertconnectorinstall-06.png)
-> [!NOTE]
-> You can review the results of the install using the **SetupMsi.log** file located in the **C:\\NDESConnectorSetupMsi** folder
+   ![Intune Connector Install 06](images/aadjcert/intunecertconnectorinstall-06.png)
+   > [!NOTE]
+   > You can review the results of the install using the **SetupMsi.log** file located in the **C:\\NDESConnectorSetupMsi** folder
 
 10. When the installation completes, select **Launch Intune Connector** and click Finish. Proceed to the Configure the Intune Certificate Connector task. 
-![Intune Connector install 07](images/aadjcert/intunecertconnectorinstall-07.png)
+    ![Intune Connector install 07](images/aadjcert/intunecertconnectorinstall-07.png)
 
 ### Configure the Intune Certificate Connector
 Sign-in the NDES server with access equivalent to _domain administrator_.
 
 1. The **NDES Connector** user interface should be open from the last task.
-> [!NOTE]
-> If the **NDES Connector** user interface is not open, you can start it from **\\NDESConnectorUI\NDESConnectorUI.exe**.
+   > [!NOTE]
+   > If the **NDES Connector** user interface is not open, you can start it from **\\NDESConnectorUI\NDESConnectorUI.exe**.
 
 2. If your organization uses a proxy server and the proxy is needed for the NDES server to access the Internet, select **Use proxy server**, and then enter the proxy server name, port, and credentials to connect.  Click **Apply**
-![Intune Certificate Connector Configuration 01](images/aadjcert/intunecertconnectorconfig-01.png)
+   ![Intune Certificate Connector Configuration 01](images/aadjcert/intunecertconnectorconfig-01.png)
 
 3. Click **Sign-in**.  Type credentials for your Intune administrator, or tenant administrator that has the **Global Administrator** directory role.
-![Intune Certificate Connector Configuration 02](images/aadjcert/intunecertconnectorconfig-02.png)
-> [!IMPORTANT]
-> The user account must have a valid Intune licenese asssigned.  If the user account does not have a valid Intune license, the sign-in fails.
+   ![Intune Certificate Connector Configuration 02](images/aadjcert/intunecertconnectorconfig-02.png)
+   > [!IMPORTANT]
+   > The user account must have a valid Intune licenese asssigned.  If the user account does not have a valid Intune license, the sign-in fails.
 
 4. Optionally, you can configure the NDES Connector for certificate revocation. If you want to do this, continue to the next task. Otherwise, Click **Close**, restart the **Intune Connector Service** and the **World Wide Web Publishing Service**, and skip the next task. 
 
@@ -642,14 +643,14 @@ Sign-in a workstation with access equivalent to a _domain user_.
 2. Select **All Services**.  Type **Intune** to filter the list of services.  Click **Microsoft Intune**.
 3. Select **Device Configuration**, and then click **Profiles**.
 4. Select **Create Profile**.
-![Intune Device Configuration Create Profile](images/aadjcert/intunedeviceconfigurationcreateprofile.png)
+   ![Intune Device Configuration Create Profile](images/aadjcert/intunedeviceconfigurationcreateprofile.png)
 5. Next to **Name**, type **WHFB Certificate Enrollment**.
 6. Next to **Description**, provide a description meaningful for your environment.
 7. Select **Windows 10 and later** from the **Platform** list.
 8. Select **SCEP certificate** from the **Profile** list.
-![WHFB Scep Profile Blade](images/aadjcert/intunewhfbscepprofile-00.png)
+   ![WHFB Scep Profile Blade](images/aadjcert/intunewhfbscepprofile-00.png)
 9. The **SCEP Certificate** blade should open. Configure **Certificate validity period** to match your organization.
-> [!IMPORTANT]
+   > [!IMPORTANT]
     > Remember that you need to configure your certificate authority to allow Microsoft Intune to configure certificate validity.
 
 10. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
@@ -657,10 +658,10 @@ Sign-in a workstation with access equivalent to a _domain user_.
 12. Next to **Custom**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name.  The **Key usage** that maps to that registry value name is **Digital Signature**.
 14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority.
-![WHFB SCEP certificate profile Trusted Certificate selection](images/aadjcert/intunewhfbscepprofile-01.png)
-15. Under **Extended key usage**, type **Smart Card Logon** under **Name. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**.  Click **Add**.
+    ![WHFB SCEP certificate profile Trusted Certificate selection](images/aadjcert/intunewhfbscepprofile-01.png)
+15. Under **Extended key usage**, type **Smart Card Logon** under Name. Type **1.3.6.1.4.1.311.20.2.2 under **Object identifier**.  Click **Add**.
 16. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**.
-![WHFB SCEP certificate Profile EKUs](images/aadjcert/intunewhfbscepprofile-03.png)
+    ![WHFB SCEP certificate Profile EKUs](images/aadjcert/intunewhfbscepprofile-03.png)
 17. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**.  For example, https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll.  Click **Add**.  Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests amongst the URLs listed in the SCEP certificate profile.
 18. Click **OK**.
 19. Click **Create**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index fbd5a696c5..aec91cdd20 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Azure AD Join Single Sign-on Deployment Guides
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 2e3ac6b145..0a8ef8fa68 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business Certificate Trust New Installation
 
@@ -28,7 +29,7 @@ Windows Hello for Business involves configuring distributed technologies that ma
 * [Active Directory](#active-directory)
 * [Public Key Infrastructure](#public-key-infrastructure)
 * [Azure Active Directory](#azure-active-directory)
-* [Multi-factor Authentication Services](#multi-factor-authentication-services)
+* [Multifactor Authentication Services](#multifactor-authentication-services)
 
 
 New installations are considerably more involved than existing implementations because you are building the entire infrastructure.  Microsoft recommends you review the new installation baseline to validate your existing environment has all the needed configurations to support your hybrid certificate trust Windows Hello for Business deployment.  If your environment meets these needs, you can read the [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) section to prepare your Windows Hello for Business deployment by configuring Azure device registration.
@@ -80,7 +81,7 @@ If you do have an existing public key infrastructure, please review [Certificati
 ### Section Review ###
 
 > [!div class="checklist"]
-> *  Miniumum Windows Server 2012 Certificate Authority.
+> *  Minimum Windows Server 2012 Certificate Authority.
 > *  Enterprise Certificate Authority.
 > *  Functioning public key infrastructure.
   
@@ -103,11 +104,11 @@ Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.co
 
 ### Azure Multi-Factor Authentication (MFA) Cloud ###
 > [!IMPORTANT]
-As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
+> As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
 > * Azure Multi-Factor Authentication
 > * Azure Active Directory Premium
 > * Enterprise Mobility + Security
->
+> 
 > If you have one of these subscriptions or licenses, skip the Azure MFA Adapter section. 
 
 #### Azure MFA Provider #### 
@@ -128,7 +129,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 > * Review the overview and uses of Azure Multifactor Authentication.
 > * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
 > * Create an Azure Multifactor Authentication Provider, if necessary.
-> * Configure Azure Multufactor Authentiation features and settings.
+> * Configure Azure Multifactor Authentication features and settings.
 > * Understand the different User States and their effect on Azure Multifactor Authentication.
 > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server 2016 Active Directory Federation Services, if necessary.
 
@@ -141,7 +142,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. New Installation Baseline (*You are here*)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index bab9bcf458..4dc8b49caf 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/18/2018
+ms.reviewer: 
 ---
 # Configure Device Registration for Hybrid Windows Hello for Business
 
@@ -22,19 +23,19 @@ ms.date: 08/18/2018
 -  Hybrid deployment
 -  Certificate trust
 
- 
+
 Your environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.  
-  
+
 > [!IMPORTANT]
 > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. 
 
-Use this three phased approach for configuring device registration.
+Use this three-phased approach for configuring device registration.
 1. [Configure devices to register in Azure](#configure-azure-for-device-registration)
-2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-syncrhonization)
+2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-synchronization)
 3. [Configure AD FS to use cloud devices](#configure-ad-fs-to-use-azure-registered-devices)
 
 > [!NOTE]
-> Before proceeding, you should familiarize yourself with device regisration concepts such as:
+> Before proceeding, you should familiarize yourself with device registration concepts such as:
 > * Azure AD registered devices
 > * Azure AD joined devices
 > * Hybrid Azure AD joined devices
@@ -75,11 +76,11 @@ Manually updating Active Directory uses the command-line utility **adprep.exe**
 
 Sign-in to the domain controller hosting the schema master operational role using enterprise administrator equivalent credentials.
 
-1.	Open an elevated command prompt.
-2.	Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
-3.	To update the schema, type ```adprep /forestprep```.
-4.	Read the Adprep Warning.  Type the letter **C*** and press **Enter** to update the schema.
-5.	Close the Command Prompt and sign-out.
+1.  Open an elevated command prompt.
+2.  Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
+3.  To update the schema, type ```adprep /forestprep```.
+4.  Read the Adprep Warning.  Type the letter **C*** and press **Enter** to update the schema.
+5.  Close the Command Prompt and sign-out.
 
 > [!NOTE]
 > If you installed Azure AD Connect prior to upgrading the schema, you will need to re-run the Azure AD Connect installation and refresh the on-premises AD schema to ensure the synchronization rule for msDS-KeyCredentialLink is configured.
@@ -100,7 +101,7 @@ Federation server proxies are computers that run AD FS software that have been c
 Use the [Setting of a Federation Proxy](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment.
 
 ### Deploy Azure AD Connect
-Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
 
 When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).  Select the **Federation with AD FS** option on the **User sign-in** page.  At the **AD FS Farm** page, select the use an existing option and click **Next**.  
 
@@ -115,12 +116,12 @@ If your AD FS farm is not already configured for Device Authentication (you can
 1.  Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**.
 
 ![Device Registration](images/hybridct/device2.png)
-  
-2.  On your AD FS primary server, ensure you are logged in as AD DS user with enterprise administrator privileges and open an elevated Windows PowerShell prompt.  Then, run the following commands:  
-    
-    `Import-module activedirectory`  
-	`PS C:\> Initialize-ADDeviceRegistration -ServiceAccountName "" ` 
-3.  On the pop-up window click **Yes**.
+
+2. On your AD FS primary server, ensure you are logged in as AD DS user with enterprise administrator privileges and open an elevated Windows PowerShell prompt.  Then, run the following commands:  
+
+   `Import-module activedirectory`  
+   `PS C:\> Initialize-ADDeviceRegistration -ServiceAccountName "" ` 
+3. On the pop-up window click **Yes**.
 
 > [!NOTE]
 > If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$"
@@ -136,15 +137,15 @@ The above PSH creates the following objects:
 
 ![Device Registration](images/hybridct/device4.png)  
 
-4.  Once this is done, you will see a successful completion message.
+4. Once this is done, you will see a successful completion message.
 
 ![Device Registration](images/hybridct/device5.png) 
 
 ### Create Service Connection Point (SCP) in Active Directory  
 If you plan to use Windows 10 domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS  
 1.  Open Windows PowerShell and execute the following:
-    
-	`PS C:>Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1" ` 
+
+    `PS C:>Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1" ` 
 
 > [!NOTE]
 > If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server.  This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep
@@ -153,16 +154,16 @@ If you plan to use Windows 10 domain join (with automatic registration to Azure
 
 2. Provide your Azure AD global administrator credentials  
 
-	`PS C:>$aadAdminCred = Get-Credential`
+    `PS C:>$aadAdminCred = Get-Credential`
 
 ![Device Registration](images/hybridct/device7.png) 
 
-3.  Run the following PowerShell command 
+3. Run the following PowerShell command 
 
-    `PS C:>Initialize-ADSyncDomainJoinedComputerSync -AdConnectorAccount [AD connector account name] -AzureADCredentials $aadAdminCred ` 
+   `PS C:>Initialize-ADSyncDomainJoinedComputerSync -AdConnectorAccount [AD connector account name] -AzureADCredentials $aadAdminCred ` 
 
 Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory.
-  
+
 The above commands enable Windows 10 clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS.  
 
 ### Prepare AD for Device Write Back   
@@ -210,7 +211,7 @@ If you are already issuing an ImmutableID claim (e.g., alternate login ID) you n
 * `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`
 
 In the following sections, you find information about:
- 
+
 - The values each claim should have
 - How a definition would look like in AD FS
 
@@ -255,7 +256,7 @@ The definition helps you to verify whether the values are present or if you need
         query = ";objectguid;{0}", 
         param = c2.Value
     );
- 
+
 #### Issue objectSID of the computer account on-premises
 
 **`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
@@ -288,7 +289,7 @@ The definition helps you to verify whether the values are present or if you need
         Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", 
         Value = "User"
     );
-    
+
     @RuleName = "Capture UPN when AccountType is User and issue the IssuerID"
     c1:[
         Type == "http://schemas.xmlsoap.org/claims/UPN"
@@ -306,7 +307,7 @@ The definition helps you to verify whether the values are present or if you need
         "http://${domain}/adfs/services/trust/"
         )
     );
-    
+
     @RuleName = "Issue issuerID for domain-joined computers"
     c:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -353,10 +354,10 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain]
 
 The following script helps you with the creation of the issuance transform rules described above.
 
-	$multipleVerifiedDomainNames = $false
+    $multipleVerifiedDomainNames = $false
     $immutableIDAlreadyIssuedforUsers = $false
     $oneOfVerifiedDomainNames = 'example.com'   # Replace example.com with one of your verified domains
-    
+
     $rule1 = '@RuleName = "Issue account type for domain-joined computers"
     c:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -412,7 +413,7 @@ The following script helps you with the creation of the issuance transform rules
         Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", 
         Value = "User"
     );
-    
+
     @RuleName = "Capture UPN when AccountType is User and issue the IssuerID"
     c1:[
         Type == "http://schemas.xmlsoap.org/claims/UPN"
@@ -430,7 +431,7 @@ The following script helps you with the creation of the issuance transform rules
         "http://${domain}/adfs/services/trust/"
         )
     );
-    
+
     @RuleName = "Issue issuerID for domain-joined computers"
     c:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -464,13 +465,13 @@ The following script helps you with the creation of the issuance transform rules
     );'
     }
 
-	$existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules 
+    $existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules 
 
-	$updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5
+    $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5
 
-	$crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules 
+    $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules 
 
-	Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString 
+    Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString 
 
 #### Remarks 
 
@@ -479,8 +480,10 @@ The following script helps you with the creation of the issuance transform rules
 - If you have multiple verified domain names (as shown in the Azure AD portal or via the Get-MsolDomains cmdlet), set the value of **$multipleVerifiedDomainNames** in the script to **$true**. Also make sure that you remove any existing issuerid claim that might have been created by Azure AD Connect or via other means. Here is an example for this rule:
 
 
-        c:[Type == "http://schemas.xmlsoap.org/claims/UPN"]
-        => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?.+)",  "http://${domain}/adfs/services/trust/")); 
+~~~
+    c:[Type == "http://schemas.xmlsoap.org/claims/UPN"]
+    => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?.+)",  "http://${domain}/adfs/services/trust/")); 
+~~~
 
 - If you have already issued an **ImmutableID** claim  for user accounts, set the value of **$immutableIDAlreadyIssuedforUsers** in the script to **$true**.
 
@@ -492,29 +495,29 @@ Using an elevated PowerShell command window, configure AD FS policy by executing
 #### Check your configuration  
 For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work
 
-- object of type ms-DS-DeviceContainer at CN=RegisteredDevices,DC=<domain>  		
-	- read access to the AD FS service account   
-	- read/write access to the Azure AD Connect sync AD connector account
+- object of type ms-DS-DeviceContainer at CN=RegisteredDevices,DC=<domain>        
+    - read access to the AD FS service account   
+    - read/write access to the Azure AD Connect sync AD connector account
 - Container CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=<domain>
 - Container Device Registration Service DKM under the above container
 
 ![Device Registration](images/hybridct/device8.png) 
- 
+
 - object of type serviceConnectionpoint at CN=<guid>, CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=<domain>  
   - read/write access to the specified AD connector account name on the new object 
 - object of type msDS-DeviceRegistrationServiceContainer at CN=Device Registration Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=<domain>
 - object of type msDS-DeviceRegistrationService in the above container
 
->[!div class="nextstepaction"]
-[Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
+> [!div class="nextstepaction"]
+> [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
 
-

                          
+
                          
 
 
                          
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. Configure Azure Device Registration (*You are here*)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 6b4a465a9c..36316a2a44 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -1,5 +1,5 @@
 ---
-title: Hybrid Windows Hello for Business Prerequistes (Windows Hello for Business)
+title: Hybrid Windows Hello for Business Prerequisites (Windows Hello for Business)
 description: Prerequisites for Hybrid Windows Hello for Business Deployments
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Hybrid Windows Hello for Business Prerequisites
 
@@ -27,10 +28,10 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infrastructure)
+* [Public Key Infrastructure](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
-* [MultiFactor Authentication](#multifactor-authentication)
+* [Multifactor Authentication](#multifactor-authentication)
 * [Device Registration](#device-registration)
   
 ## Directories ##
@@ -57,7 +58,7 @@ Review these requirements and those from the Windows Hello for Business planning
 ## Public Key Infrastructure ##
 The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
  
-Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  When using Group Policy, hybrid certificate trust deployment use the Windows Server 2016 Active Directory Federation Server (AS FS) as a certificate registration authority.
+Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority.
 
 The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012.
 
@@ -96,7 +97,7 @@ The AD FS farm used with Windows Hello for Business must be Windows Server 2016
 ## Multifactor Authentication ##
 Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords.  The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication.
 
-Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
+Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service, or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
 
 ### Section Review 
 > [!div class="checklist"]
@@ -119,7 +120,7 @@ Hybrid certificate trust deployments need the device write back feature.  Authen
 
                          
 
 ### Next Steps ###
-Follow the Windows Hello for Business hybrid certificate trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**.  
+Follow the Windows Hello for Business hybrid certificate trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.  
 
 If your environment is already federated, but does not include Azure device registration, choose **Configure Azure Device Registration**. 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index f8613819f5..f372681839 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 09/08/2017
+ms.reviewer: 
 ---
 # Hybrid Azure AD joined Certificate Trust Deployment
 
@@ -37,10 +38,10 @@ This baseline provides detailed procedures to move your environment from an on-p
 ## Federated Baseline ##
 The federated baseline helps organizations that have completed their federation with Azure Active Directory and Office 365 and enables them to introduce Windows Hello for Business into their hybrid environment.  This baseline exclusively focuses on the procedures needed to add Azure Device Registration and Windows Hello for Business to an existing hybrid deployment.
 
-Regardless of the baseline you choose, you’re next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
+Regardless of the baseline you choose, your next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
 
 > [!div class="nextstepaction"]
-> [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+> [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 
 

                          
 
@@ -48,7 +49,7 @@ Regardless of the baseline you choose, you’re next step is to familiarize your
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. Overview (*You are here*)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index e295b98d48..4e0e71aa57 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -7,18 +7,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Hybrid Windows Hello for Business Provisioning
 
 **Applies to**
--   Windows10, version 1703 or later
+-   Windows 10, version 1703 or later
 -   Hybrid deployment
 -   Certificate trust
 
@@ -53,19 +54,19 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
-
+> 
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
-
+> 
 > [!NOTE]
-> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning.  With this update, users no longer need to wait for Azure AD Connect to sync their  public key on-premises.  Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. The update needs to be installed on the federation servers.
+> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning.  With this update, users no longer need to wait for Azure AD Connect to sync their  public key on-premises.  Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completing the provisioning. The update needs to be installed on the federation servers.
   
 After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate.  Windows send the certificate request to the AD FS server for certificate enrollment.
   
 The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
 
-The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority.  The registration authority returns the certificate to Windows where it then installs the certificate in the current users certificate store.  Once this process completes, the Windows Hello for Business provisioning workflow informs the user  they can use their PIN to sign-in through the Windows Action Center.
+The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority.  The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store.  Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.
 
 

                          
 
@@ -73,9 +74,9 @@ The certificate authority validates the certificate was signed by the registrati
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
-6. Sign-in and Provision(*You are here*) 
+6. Sign-in and Provision (*You are here*) 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index 005677d027..e47893d235 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configuring Windows Hello for Business: Active Directory
 
@@ -63,10 +64,10 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 > [!div class="checklist"]
 > * Create the KeyCredential Admins Security group (optional)
 > * Create the Windows Hello for Business Users group
-
->[!div class="step-by-step"]
-[< Configure Windows Hello for Business](hello-hybrid-cert-whfb-settings.md)
-[Configure Azure AD Connect >](hello-hybrid-cert-whfb-settings-dir-sync.md)
+> 
+> [!div class="step-by-step"]
+> [< Configure Windows Hello for Business](hello-hybrid-cert-whfb-settings.md)
+> [Configure Azure AD Connect >](hello-hybrid-cert-whfb-settings-dir-sync.md)
 
 

                          
 
@@ -74,7 +75,7 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: Active Directory (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 5784150435..d3ab610a58 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Configure Windows Hello for Business: Active Directory Federation Services
 
@@ -61,11 +62,11 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 > [!div class="checklist"]
 > * Configure the registration authority
 > * Update group memberships for the AD FS service account
-
-
->[!div class="step-by-step"]
-[< Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
-[Configure policy settings >](hello-hybrid-cert-whfb-settings-policy.md)
+> 
+> 
+> [!div class="step-by-step"]
+> [< Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
+> [Configure policy settings >](hello-hybrid-cert-whfb-settings-policy.md)
 
 

                          
 
@@ -73,7 +74,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: AD FS (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 9333aeef18..cc29823ac9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 10/23/2017
+ms.reviewer: 
 ---
 # Configure Hybrid Windows Hello for Business: Directory Synchronization
 
@@ -55,8 +56,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 1. Open **Active Directory Users and Computers**.
 2. Click the **Users** container in the navigation pane.
->[!IMPORTANT]
-> If you already have a Windows Server 2016 domain controller in your domain, use the Keyadmins group in the next step, otherwise use the KeyCredential admins group you previously created.
+   >[!IMPORTANT]
+   > If you already have a Windows Server 2016 domain controller in your domain, use the Keyadmins group in the next step, otherwise use the KeyCredential admins group you previously created.
 
 3. Right-click either the **KeyAdmins** or **KeyCredential Admins** in the details pane and click **Properties**.
 4. Click the **Members** tab and click **Add**
@@ -68,10 +69,10 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 > [!div class="checklist"]
 > * Configure Permissions for Key Synchronization
 > * Configure group membership for Azure AD Connect
-
->[!div class="step-by-step"]
-[< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md)
-[Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
+> 
+> [!div class="step-by-step"]
+> [< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md)
+> [Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
 
 

                          
 
@@ -79,7 +80,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: Directory Synchronization (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 59da54619d..6e3126b3c7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 
 # Configure Hybrid Windows Hello for Business: Public Key Infrastructure
@@ -191,11 +192,11 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 > * Mark the certificate template as Windows Hello for Business sign-in template
 > * Publish Certificate templates to certificate authorities
 > * Unpublish superseded certificate templates
-
-
+> 
+> 
 > [!div class="step-by-step"]
-[< Configure Azure AD Connect](hello-hybrid-cert-whfb-settings-dir-sync.md)
-[Configure AD FS >](hello-hybrid-cert-whfb-settings-adfs.md)
+> [< Configure Azure AD Connect](hello-hybrid-cert-whfb-settings-dir-sync.md)
+> [Configure AD FS >](hello-hybrid-cert-whfb-settings-adfs.md)
 
 

                          
 
@@ -203,7 +204,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: PKI (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index 621cb9ab0b..bb1beb3d0b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Hybrid Windows Hello for Business: Group Policy
 
@@ -186,10 +187,10 @@ Users must receive the Windows Hello for Business group policy settings and have
 > * Enable the Use certificate for on-premises authentication policy setting.
 > * Enable user automatic certificate enrollment.
 > * Add users or groups to the Windows Hello for Business group
-
-
+> 
+> 
 > [!div class="nextstepaction"]
-[Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
+> [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
 
 

                          
 
@@ -197,7 +198,7 @@ Users must receive the Windows Hello for Business group policy settings and have
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business policy settings (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index 3d78b7a719..7d1b384963 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Windows Hello for Business
 
@@ -23,7 +24,7 @@ ms.date: 08/19/2018
 -   Certificate trust
 
  
-You're environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  
+Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  
 > [!IMPORTANT]
 > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment.  
 
@@ -36,7 +37,7 @@ The configuration for Windows Hello for Business is grouped in four categories.
 For the most efficient deployment, configure these technologies in order beginning with the Active Directory configuration
 
 > [!div class="step-by-step"]
-[Configure Active Directory >](hello-hybrid-cert-whfb-settings-ad.md)
+> [Configure Active Directory >](hello-hybrid-cert-whfb-settings-ad.md)
 
 

                          
 
@@ -44,7 +45,7 @@ For the most efficient deployment, configure these technologies in order beginni
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index d9874f88c3..b826287e64 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business Key Trust New Installation
 
@@ -80,7 +81,7 @@ If you do not have an existing public key infrastructure, please review [Certifi
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
 > * Install the root certificate authority certificate for your organization in the user's trusted root certificate store.
-> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url.
+> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based URL.
 
 ### Section Review ###
 
@@ -110,11 +111,11 @@ Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.co
 
 ### Azure Multi-Factor Authentication (MFA) Cloud ###
 > [!IMPORTANT]
-As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
+> As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
 > * Azure Multi-Factor Authentication
 > * Azure Active Directory Premium
 > * Enterprise Mobility + Security
->
+> 
 > If you have one of these subscriptions or licenses, skip the Azure MFA Adapter section. 
 
 #### Azure MFA Provider #### 
@@ -124,7 +125,7 @@ If your organization uses Azure MFA on a per-consumption model (no licenses), th
 Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings.  Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
 
 #### Azure MFA User States ####
-After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states.  User states determine how you enable Azure MFA for your users.
+After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users.
 
 ### Azure MFA via ADFS ###
 Alternatively, you can configure Windows Server 2016 Active Directory Federation Services (AD FS) to provide additional multi-factor authentication. To configure, read the [Configure AD FS 2016 and Azure MFA](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa) section.
@@ -135,7 +136,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 > * Review the overview and uses of Azure Multifactor Authentication.
 > * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
 > * Create an Azure Multifactor Authentication Provider, if necessary.
-> * Configure Azure Multifactor Authentiation features and settings.
+> * Configure Azure Multifactor Authentication features and settings.
 > * Understand the different User States and their effect on Azure Multifactor Authentication.
 > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary.
 
@@ -148,7 +149,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-key-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. New Installation Baseline (*You are here*)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index 9a49d7ab15..f2c6123b17 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Device Registration for Hybrid key trust Windows Hello for Business
 
@@ -38,7 +39,7 @@ Begin configuring device registration to support Hybrid Windows Hello for Busine
 
 To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-setup/)  
 
-Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page.  In the **Configuration steps** section, identify you configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.
+Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page.  In the **Configuration steps** section, identify your configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.
 
 
 

                          
@@ -47,7 +48,7 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. Configure Azure Device Registration (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 2c4dc3093c..874528d09a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -1,19 +1,20 @@
 ---
 title: Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
-description: Azure Directory Syncrhonization for Hybrid Certificate Key Deployment (Windows Hello for Business)
-keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, syncrhonization, AADConnect
+description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business)
+keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
 
@@ -26,7 +27,7 @@ ms.date: 08/19/2018
 You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.    
 
 ## Deploy Azure AD Connect
-Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
 
 
 > [!NOTE]
@@ -38,7 +39,7 @@ Next, you need to synchronizes the on-premises Active Directory with Azure Activ
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-key-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. Configure Directory Synchronization (*You are here*)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index f59a78c750..07bcd4e0ba 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Hybrid Key trust Windows Hello for Business Prerequisites
 
@@ -27,7 +28,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infastructure)
+* [Public Key Infrastructure](#public-key-infastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
 * [MultiFactor Authentication](#multifactor-authentication)
@@ -58,7 +59,18 @@ The Windows Hello for Business deployment depends on an enterprise public key in
 
 Key trust deployments do not need client issued certificates for on-premises authentication.  Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object.
 
-The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012.
+The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below.
+
+* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
+* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name).
+* The certificate Key Usage section must contain Digital Signature and Key Encipherment.
+* Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
+* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1).
+* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.  
+* The certificate template must have an extension that has the BMP data value "DomainController".
+* The domain controller certificate must be installed in the local computer's certificate store.
+
+ 
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
@@ -85,7 +97,7 @@ Organizations using older directory synchronization technology, such as DirSync
 
                          
 
 ## Federation with Azure ##
-You can deploy Windows Hello for Business key trust in non-federated and federated environments.  For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication).  For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later. 
+You can deploy Windows Hello for Business key trust in non-federated and federated environments.  For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication).  For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) beginning with Windows Server 2012 R2. 
 
 ### Section Review ###
 > [!div class="checklist"]
@@ -97,7 +109,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat
 ## Multifactor Authentication ##
 Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords.  The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication.
 
-Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multi-factor authentication into AD FS.
+Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication (MFA) service or they can use multifactor authentication provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD.
 
 ### Section Review 
 > [!div class="checklist"]
@@ -118,9 +130,9 @@ Organizations wanting to deploy hybrid key trust need their domain joined device
 
                          
 
 ### Next Steps ###
-Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**.  
+Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.  
 
-For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Syncrhonization**. 
+For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Synchronization**. 
 
 For federated and non-federated environments, start with **Configure Windows Hello for Business settings**.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index 303b6ce403..66a1dfd080 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Hybrid Azure AD joined Key Trust Deployment
 
@@ -34,10 +35,10 @@ The new deployment baseline helps organizations who are moving to Azure and Offi
  
 This baseline provides detailed procedures to move your environment from an on-premises only environment to a hybrid environment using Windows Hello for Business to authenticate to Azure Active Directory and to your on-premises Active Directory using a single Windows sign-in.
  
-You’re next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
+Your next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
 
 > [!div class="nextstepaction"]
-> [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+> [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 
 

                          
 
@@ -45,7 +46,7 @@ You’re next step is to familiarize yourself with the prerequisites needed for
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. Overview (*You are here*)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index b4bdf83a77..07a435da9d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -7,18 +7,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Hybrid Windows Hello for Business Provisioning
 
 **Applies to**
--   Windows10, version 1703 or later
+-   Windows�10, version 1703 or later
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
index ce9f57fac1..4ecd43dee9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Configuring Hybrid key trust Windows Hello for Business: Active Directory
 
@@ -47,10 +48,10 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 
 > [!div class="checklist"]
 > * Create the Windows Hello for Business Users group
-
->[!div class="step-by-step"]
-[< Configure Windows Hello for Business](hello-hybrid-key-whfb-settings.md)
-[Configure Azure AD Connect >](hello-hybrid-key-whfb-settings-dir-sync.md)
+> 
+> [!div class="step-by-step"]
+> [< Configure Windows Hello for Business](hello-hybrid-key-whfb-settings.md)
+> [Configure Azure AD Connect >](hello-hybrid-key-whfb-settings-dir-sync.md)
 
 

                          
 
@@ -58,7 +59,7 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 3f6e263084..e1e56d33f9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Hybrid Windows Hello for Business: Directory Synchronization
 
@@ -22,12 +23,13 @@ ms.date: 08/19/2018
 -   Hybrid deployment
 -   Key trust
 
-
 ## Directory Synchronization
 
 In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure.  Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.  
 
 ### Group Memberships for the Azure AD Connect Service Account
+>[!IMPORTANT]
+> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. For more detail see [Configure Hybrid Windows Hello for Business: Directory Synchronization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync).
 
 The KeyAdmins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory.  
 
@@ -47,15 +49,13 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 >[!div class="step-by-step"]
 [< Configure Active Directory](hello-hybrid-key-whfb-settings-ad.md)
-[Configure PKI >](hello-hybrid-key-whfb-settings-pki.md)
-
-

                          
+[Configure PKI >](hello-hybrid-key-whfb-settings-pki.md)  
 
 
                          
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index 080aa64f0a..0c6d6de655 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 
 # Configure Hybrid Windows Hello for Business: Public Key Infrastructure
@@ -112,11 +113,11 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 > * Configure superseded domain controller certificate templates
 > * Publish Certificate templates to certificate authorities
 > * Unpublish superseded certificate templates
-
-
+> 
+> 
 > [!div class="step-by-step"]
-[< Configure Azure AD Connect](hello-hybrid-key-whfb-settings-dir-sync.md)
-[Configure policy settings >](hello-hybrid-key-whfb-settings-policy.md)
+> [< Configure Azure AD Connect](hello-hybrid-key-whfb-settings-dir-sync.md)
+> [Configure policy settings >](hello-hybrid-key-whfb-settings-policy.md)
 
 

                          
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 92f7ec3365..161f924588 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Configure Hybrid Windows Hello for Business: Group Policy
 
@@ -66,6 +67,9 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 2.	In the navigation pane, expand the domain and expand the node that has your Active Directory domain name.  Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO�**
 3.	In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**.
 
+>[!IMPORTANT]
+>If you don't find options in GPO, you have to load the [PolicyDefinitions folder](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra). 
+
 ### Windows Hello for Business Group Policy
 
 The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
@@ -157,10 +161,10 @@ Users must receive the Windows Hello for Business group policy settings and have
 > * Create Windows Hello for Business Group Policy object.
 > * Enable the Use Windows Hello for Business policy setting.
 > * Add users or groups to the Windows Hello for Business group
-
-
+> 
+> 
 > [!div class="nextstepaction"]
-[Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
+> [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
 
 

                          
 
@@ -168,7 +172,7 @@ Users must receive the Windows Hello for Business group policy settings and have
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index 5aaee3a860..db581c1ffb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Hybrid Windows Hello for Business key trust settings
 
@@ -37,7 +38,7 @@ The configuration for Windows Hello for Business is grouped in four categories.
 For the most efficient deployment, configure these technologies in order beginning with the Active Directory configuration
 
 > [!div class="step-by-step"]
-[Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md)
+> [Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md)
 
 

                          
 
@@ -45,7 +46,7 @@ For the most efficient deployment, configure these technologies in order beginni
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index f537c8de17..83bb883504 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -2,14 +2,15 @@
 title: Windows Hello for Business (Windows 10)
 description: Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. 
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
+ms.reviewer: 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -72,3 +73,6 @@ The table shows the minimum requirements for each deployment.
 | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) |
 | AD FS with Azure MFA Server, or
                          AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or
                          AD FS with 3rd Party MFA Adapter |
 | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
+
+>[!IMPORTANT]
+> For Windows Hello for Business deployment, if you have several domains, at least one Windows Server Domain Controller 2016 is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index d85cdee4d5..13cf3b5a0e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
index b6a8469679..fd1a237822 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure or Deploy Multifactor Authentication Services
 
@@ -411,11 +412,11 @@ Sign in the User Portal server with _local administrator_ equivalent credentials
 ### Edit MFA User Portal config file
 
 Sign in the User Portal server with _local administrator_ equivalent credentials.
-1.	Open Windows Explorer and browse to C:\inetpub\wwwroot\MultiFactorAuth (or appropriate directory based on the virtual directory name) and edit the **web.config** file.
-2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
-3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
-4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
-5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from **“http://localhost:4898/PfWsSdk.asmx”** to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **web.config** file after changes have been made.
+1. Open Windows Explorer and browse to C:\inetpub\wwwroot\MultiFactorAuth (or appropriate directory based on the virtual directory name) and edit the **web.config** file.
+2. Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5. Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from **“** to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. ). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **web.config** file after changes have been made.
 
 ### Create a DNS entry for the User Portal web site
 
@@ -496,11 +497,11 @@ Follow [Install a standalone instance of the AD FS adapter by using the Web Serv
 ### Edit the MFA AD FS Adapter config file on all ADFS Servers
 
 Sign in the primary AD FS server with _local administrator_ equivalent credentials.
-1.	Open Windows Explorer and browse to **C:\inetpub\wwwroot\MultiFactorAuth** (or appropriate directory based on the virtual directory name) and edit the **MultiFactorAuthenticationAdfsAdapter.config** file.
-2.	Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
-3.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
-4.	Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
-5.	Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from “http://localhost:4898/PfWsSdk.asmx” to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. https://computer1.domain.local/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **MultiFactorAuthenticationAdfsAdapter.config** file after changes have been made.
+1. Open Windows Explorer and browse to **C:\inetpub\wwwroot\MultiFactorAuth** (or appropriate directory based on the virtual directory name) and edit the **MultiFactorAuthenticationAdfsAdapter.config** file.
+2. Locate the **USE_WEB_SERVICE_SDK** key and change the value from **false** to **true**. 
+3. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_USERNAME** key and set the value to the username of the Web Service SDK account in the **PhoneFactor Admins** security group. Use a qualified username, like domain\username or machine\username. 
+4. Locate the **WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD** key and set the value to the password of the Web Service SDK account in the **PhoneFactor Admins** security group.
+5. Locate the **pfup_pfwssdk_PfWsSdk** setting and change the value from “ to the URL of the Web Service SDK that is running on the Azure Multi-Factor Authentication Server (e.g. ). Since SSL is used for this connection, refer to the Web Service SDK by server name, not IP address, since the SSL certificate was issued for the server name. If the server name does not resolve to an IP address from the Internet-facing server, add an entry to the hosts file on that server to map the name of the Azure Multi-Factor Authentication Server to its IP address. Save the **MultiFactorAuthenticationAdfsAdapter.config** file after changes have been made.
 
 ### Edit the AD FS Adapter Windows PowerShell cmdlet
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 44acd1c65e..810cd02d3e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Configure Windows Hello for Business Policy settings
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 50b9fe1ad7..e2a3e69554 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -9,12 +9,13 @@ ms.pagetype: security, mobile
 author: DaniHalfin
 audience: ITPro
 author: mikestephens-MS
-ms.author: mapalko
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate Active Directory prerequisites
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 0ac3dd3359..732aada2b0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate and Deploy Multifactor Authentication Services (MFA)
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index f7184f34a3..00329dad82 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Validate and Configure Public Key Infrastructure
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 56c4b7a2a8..e9c7937ed9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -2,14 +2,15 @@
 title: Manage Windows Hello in your organization (Windows 10)
 description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
 ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8
+ms.reviewer: 
 keywords: identity, PIN, biometric, Hello
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -30,7 +31,7 @@ You can create a Group Policy or mobile device management (MDM) policy that will
 >Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
 >
 >Use **PIN Complexity** policy settings to manage PINs for Windows Hello for Business.
- 
+ 
 ## Group Policy settings for Windows Hello for Business
 
 The following table lists the Group Policy settings that you can configure for Windows Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**.
@@ -113,7 +114,7 @@ The following table lists the Group Policy settings that you can configure for W
 History
 
 
                          Not configured: Previous PINs are not stored.
                          
-
                          Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.
                          
+
                          Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.
                          
 
                          Disabled: Previous PINs are not stored.
                          
 
                          Note  Current PIN is included in PIN history.
                          
 
                           
                          
@@ -136,7 +137,7 @@ The following table lists the Group Policy settings that you can configure for W
 
 
 
->Phone Sign-in
+>Phone Sign-in
 
 
                          Use Phone Sign-in
                          
 
@@ -293,9 +294,9 @@ The following table lists the MDM policy settings that you can configure for Win
 
 
 
->[!NOTE]  
+>[!NOTE]
 > If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
- 
+ 
 
 ## How to use Windows Hello for Business with Azure Active Directory
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 58614660a4..d7b76ad3f5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,5 +1,6 @@
 ---
 title: Windows Hello for Business (Windows 10)
+ms.reviewer: 
 description: An overview of Windows Hello for Business 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -7,8 +8,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: conceptual
@@ -97,7 +98,7 @@ Windows Hello for Business can use either keys (hardware or software) or certifi
 
 ## Learn more
 
-[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/830/Implementing-Windows-Hello-for-Business-at-Microsoft)
+[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft)
 
 [Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 1700566e52..97ceac8319 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: conceptual
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Planning a Windows Hello for Business Deployment
 
@@ -77,7 +78,7 @@ A deployment's trust type defines how each Windows Hello for Business client aut
   
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
-The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers.  Users can authenticate using their certificate to any Windows Server 2008 R2 or later domain controller.
+The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
 
 #### Device registration
 
@@ -101,7 +102,6 @@ Cloud only and hybrid deployments provide many choices for multi-factor authenti
 >    * Azure Active Directory Premium
 >    * Enterprise Mobility Suite
 >    * Enterprise Cloud Suite
->* A per-user and per-authentication consumption-based model that is billed monthly against Azure monetary commitment (Read [Multi-Factor Authentication Pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) for more information)
 
 #### Directory synchronization
 
@@ -136,7 +136,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in
 
 ### Cloud
 
-Some deployment combinations require an Azure account and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
+Some deployment combinations require an Azure account, and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
 
 ## Planning a Deployment
 
@@ -150,16 +150,16 @@ Choose the deployment model based on the resources your users access.  Use the f
 
 If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet.
 
-If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
+If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users' access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
 
 If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet.
->[!NOTE]
->If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results.  
->```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords```
->* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
->* If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
->    * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
- >   * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
+> [!NOTE]
+> If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results.  
+> ```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords```
+> * If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then your environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
+> * If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
+>   * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
+>     * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
 
 ### Trust type
 
@@ -197,7 +197,7 @@ If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in
 
 If box **1a** on your planning worksheet reads **hybrid**, then write **Azure AD Connect** in box **1e** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**.  This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication.  The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credential remain on the on-premises network.
+If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**.  This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication.  The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credentials remain on the on-premises network.
 
 ### Multifactor Authentication
 
@@ -247,14 +247,14 @@ If you use modern management for both domain and non-domain joined devices, writ
 Windows Hello for Business is a feature exclusive to Windows 10.   Some deployments and features are available using earlier versions of Windows 10.  Others need the latest versions.
 
 If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet.  Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
->[!NOTE] 
+>[!NOTE]
 >Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings.  Use modern management to adjust policy settings to match the business needs of your organization.
 
 Write **1511 or later** in box **3a** on your planning worksheet if any of the following are true. 
 * Box **2a** on your planning worksheet read **modern management**. 
     * Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
 * Box **1a** on your planning worksheet reads **hybrid**, box **1b** reads **key trust**, and box **2a** reads **GP**.
-    *Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
+    Optionally, you may write **1511 or later* in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
 
 Write **1703 or later** in box **3a** on your planning worksheet if any of the following are true.
 * Box **1a** on your planning worksheet reads **on-premises**.  
@@ -274,7 +274,7 @@ Public key infrastructure prerequisites already exist in your planning worksheet
 
 If box **1a** on your planning worksheet reads **cloud only**, ignore the public key infrastructure section of your planning worksheet.  Cloud only deployments do not use a public key infrastructure.
 
-If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet.
+If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet. Key trust doesn't require any change in public key infrastructure, skip this part and go to **Cloud** section.
 
 The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices.  Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates.  Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
index 8d50174792..1cf24cc40f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -2,14 +2,15 @@
 title: Prepare people to use Windows Hello (Windows 10)
 description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
 ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B
+ms.reviewer: 
 keywords: identity, PIN, biometric, Hello
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index 4eedd3d8c6..7dfea19a30 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
+ms.reviewer: 
 ---
 # Windows Hello for Business Videos
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 388993c2d8..49bac59449 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -2,14 +2,15 @@
 title: Why a PIN is better than a password (Windows 10)
 description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password .
 ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212
+ms.reviewer: 
 keywords: pin, security, password, hello
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -43,7 +44,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
 
 The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
 
-User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
+User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
 
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
index 376a238c8e..d827e5a5e9 100644
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: aabhathipsay
-ms.author: aathipsa
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 11/14/2018
+ms.reviewer: 
 ---
 # What is a Microsoft-compatible security key? 
 > [!Warning]
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index cb2349d9bd..284982d26b 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: mapalko
-ms.author: mapalko
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 08/20/2018
+ms.reviewer: 
 ---
 # Password-less Strategy
 
@@ -117,7 +118,7 @@ You will want to balance testing in a lab with providing results to management q
 
 ## The Process
 
-The journey to password-less is to take each work persona through each password-less step. In the begging, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow.  The process looks something like 
+The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow.  The process looks something like 
 
 1. Password-less replacement offering (Step 1) 
    1. Identify test users that represent the targeted work persona.
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md
index 1ed55612fa..b9cdc2e5ae 100644
--- a/windows/security/identity-protection/hello-for-business/reset-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 audience: ITPro
-author: aabhathipsay
-ms.author: aathipsa
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 11/14/2018
+ms.reviewer: 
 ---
 # How to reset a Microsoft-compatible security key? 
 > [!Warning]
@@ -36,4 +37,4 @@ Follow the instructions in the Settings app and look for specific instructions b
 
 >[!NOTE]
 >The steps to reset your security key may vary based on the security key manufacturer.
                          
->If your security key is not listed here, please reach out to your security key manufacturer for reset instructions.
\ No newline at end of file
+>If your security key is not listed here, please reach out to your security key manufacturer for reset instructions.
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 929535ee97..3eb38638f5 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: DaniHalfin
+author: dulcemontemayor
 ms.localizationpriority: high
-ms.author: daniha
+ms.author: dolmont
 ms.date: 10/16/2017
+ms.reviewer: 
+manager: dansimp
 ms.topic: article
 ---
 # How Windows Hello for Business works
diff --git a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
index 07bb80474c..a181ec72c9 100644
--- a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
@@ -2,14 +2,15 @@
 title: Install digital certificates on Windows 10 Mobile (Windows 10)
 description: Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information.
 ms.assetid: FF7B1BE9-41F4-44B0-A442-249B650CEE25
+ms.reviewer: 
 keywords: S/MIME, PFX, SCEP
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -30,7 +31,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 -   For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
 
 
->[!WARNING]  
+>[!WARNING]
 >In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
 
 ## Install certificates using Microsoft Edge
@@ -44,9 +45,10 @@ The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx
 ## Install certificates using mobile device management (MDM)
 
 Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
+
 >[!WARNING]
 >Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
- 
+ 
 **Process of installing certificates using MDM**
 
 1.  The MDM server generates the initial cert enroll request including challenge password, SCEP server URL, and other enrollment related parameters.
@@ -63,13 +65,12 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
     >- A certificate is successfully received from the server
     >- The server returns an error
     >- The number of retries reaches the preconfigured limit
-     
+     
 8.  The cert is installed in the device. Browser, Wi-Fi, VPN, email, and other first party applications have access to this certificate.
 
     >[!NOTE]
     >If MDM requested private key stored in Trusted Process Module (TPM) (configured during enrollment request), the private key will be saved in TPM. Note that SCEP enrolled cert protected by TPM isn’t guarded by a PIN. However, if the certificate is imported to the Windows Hello for Business Key Storage Provider (KSP), it is guarded by the Hello PIN.
-     
+     
 ## Related topics
 
-[Configure S/MIME](configure-s-mime.md)
- 
\ No newline at end of file
+[Configure S/MIME](configure-s-mime.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index ccafee06af..df25b0e70c 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 01/12/2018
+ms.reviewer: 
 ---
 #  Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
 
@@ -51,16 +52,18 @@ Use the following table to compare different Remote Desktop connection security
 
                          
 
                          
 
-|**Feature** | **Remote Desktop** | **Windows Defender Remote Credential Guard** | **Restricted Admin mode** |
-|---|---|---|---|
-| **Protection benefits**  | Credentials on the server are not protected from Pass-the-Hash attacks.  |User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server|
-| **Version support** | The remote computer can run any Windows operating system|Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**.|The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. 

                          For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx).
-|**Helps prevent**                        |      N/A         |
                          •  Pass-the-Hash
                            •  
                          • Use of a credential after disconnection 
                          |
                          •  Pass-the-Hash
                            •  
                          • Use of domain identity during connection 
                          |
-|**Credentials supported from the remote desktop client device**|
                          • **Signed on** credentials 
                          •  **Supplied** credentials
                          •  **Saved** credentials 
                          |
                          •  **Signed on** credentials only | 
                            • **Signed on** credentials
                            • **Supplied** credentials
                            • **Saved** credentials
                            
-|**Access**|**Users allowed**, that is, members of Remote Desktop Users group of remote host.|**Users allowed**, that is, members of Remote Desktop Users of remote host.|**Administrators only**, that is, only members of Administrators group of remote host.
-|**Network identity**|Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. |Remote Desktop session **connects to other resources as remote host’s identity**.|
-|**Multi-hop**|From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**.|Not allowed for user as the session is running as a local host account|
-|**Supported authentication** |Any negotiable protocol.| Kerberos only.|Any negotiable protocol|
+
+|                                                       **Feature**                                                        |                                                           **Remote Desktop**                                                           |                                      **Windows Defender Remote Credential Guard**                                      |                                                                                                                                             **Restricted Admin mode**                                                                                                                                             |
+|--------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                                                 **Protection benefits**                                                  |                                Credentials on the server are not protected from Pass-the-Hash attacks.                                 |  User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing   |                                                                                  User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server                                                                                   |
+|                                                   **Version support**                                                    |                                        The remote computer can run any Windows operating system                                        | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. 

                            For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). |
+| **Helps prevent**                        |                                  N/A                                       |                   
                            •  Pass-the-Hash
                              •  
                            • Use of a credential after disconnection 
                                               |                                                                                                                
                            •  Pass-the-Hash
                              •  
                            • Use of domain identity during connection 
                                                                                                                                            |
+|                             **Credentials supported from the remote desktop client device**                              | 
                            • Signed on credentials 
                            •  Supplied credentials
                            •  Saved credentials 
                             |                                  
                            •  Signed on credentials only                                  |                                                                                        
                              • Signed on credentials
                              • Supplied credentials
                              • Saved credentials
                                                                                                                       |
+|                                                        **Access**                                                        |                           **Users allowed**, that is, members of Remote Desktop Users group of remote host.                            |                      **Users allowed**, that is, members of Remote Desktop Users of remote host.                       |                                                                                                              **Administrators only**, that is, only members of Administrators group of remote host.                                                                                                               |
+|                                                   **Network identity**                                                   |                               Remote Desktop session **connects to other resources as signed-in user**.                                |                       Remote Desktop session **connects to other resources as signed-in user**.                        |                                                                                                                 Remote Desktop session **connects to other resources as remote host’s identity**.                                                                                                                 |
+|                                                      **Multi-hop**                                                       |                        From the remote desktop, **you can connect through Remote Desktop to another computer**                         |                From the remote desktop, you **can connect through Remote Desktop to another computer**.                |                                                                                                                      Not allowed for user as the session is running as a local host account                                                                                                                       |
+|                                               **Supported authentication**                                               |                                                        Any negotiable protocol.                                                        |                                                     Kerberos only.                                                     |                                                                                                                                              Any negotiable protocol                                                                                                                                              |
+
 
                              
 
 For further technical information, see [Remote Desktop Protocol](https://msdn.microsoft.com/library/aa383015(v=vs.85).aspx)
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index afcbf6f6a8..695c7d15b9 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card and Remote Desktop Services
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index 89bbf2b1b7..10a0b0a26c 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -1,4 +1,4 @@
----
+---
 title: Smart Card Architecture (Windows 10)
 description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
 ms.prod: w10
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Architecture
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index 62c98ae6fb..2bf4650d4b 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Certificate Propagation Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index e529dc00ea..cd06dda9a5 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -1,4 +1,4 @@
----
+---
 title: Certificate Requirements and Enumeration (Windows 10)
 description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
 ms.prod: w10
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Certificate Requirements and Enumeration
@@ -33,7 +34,7 @@ When a smart card is inserted, the following steps are performed.
 
 4.  The name of the container is retrieved by using the PP\_CONTAINER parameter with CryptGetProvParam.
 
-5.  Using the context acquired in Step 3, the CSP is queried for the PP\_USER\_CERTSTORE parameter (added in Windows Vista). For more information, see [Smart Card Architecture](smart-card-architecture.md). If the operation is successful, the name of a certificate store is returned, and the program flow skips to Step 8.
+5.  Using the context acquired in Step 3, the CSP is queried for the PP\_USER\_CERTSTORE parameter (added in Windows Vista). For more information, see [Smart Card Architecture](smart-card-architecture.md). If the operation is successful, the name of a certificate store is returned, and the program flow skips to Step 8.
 
 6.  If the operation in Step 5 fails, the default container context from Step 3 is queried for the AT\_KEYEXCHANGE key.
 
@@ -53,7 +54,7 @@ When a smart card is inserted, the following steps are performed.
 
     Any certificate that meets these requirements is displayed to the user with the certificate's UPN (or e-mail address or subject, depending on the presence of the certificate extensions).
 
-    > **Note**  These requirements are the same as those in Windows Server 2003, but they are performed before the user enters the PIN. You can override many of them by using Group Policy settings.
+    > **Note**  These requirements are the same as those in Windows Server 2003, but they are performed before the user enters the PIN. You can override many of them by using Group Policy settings.
 
 9.  The process then chooses a certificate, and the PIN is entered.
 
@@ -63,7 +64,7 @@ When a smart card is inserted, the following steps are performed.
 
 ## About Certificate support for compatibility
 
-Although versions of Windows earlier than Windows Vista include support for smart cards, the types of certificates that smart cards can contain are limited. The limitations are:
+Although versions of Windows earlier than Windows Vista include support for smart cards, the types of certificates that smart cards can contain are limited. The limitations are:
 
 -   Each certificate must have a user principal name (UPN) and the smart card sign-in object identifier (also known as OID) in the enhanced key usage (EKU) attribute field. There is a Group Policy setting, Allow ECC certificates to be used for logon and authentication, to make the EKU optional.
 
@@ -94,45 +95,45 @@ The following diagram illustrates how smart card sign-in works in the supported
 
 Following are the steps that are performed during a smart card sign-in:
 
-1.  Winlogon requests the sign-in UI credential information.
+1. Winlogon requests the sign-in UI credential information.
 
-2.  Asynchronously, smart card resource manager starts, and the smart card credential provider does the following:
+2. Asynchronously, smart card resource manager starts, and the smart card credential provider does the following:
 
-    1.  Gets credential information (a list of known credentials, or if no credentials exist, the smart card reader information that Windows detected).
+   1.  Gets credential information (a list of known credentials, or if no credentials exist, the smart card reader information that Windows detected).
 
-    2.  Gets a list of smart card readers (by using the WinSCard API) and the list of smart cards inserted in each of them.
+   2.  Gets a list of smart card readers (by using the WinSCard API) and the list of smart cards inserted in each of them.
 
-    3.  Enumerates each card to verify that a sign-in certificate that is controlled by Group Policy is present. If the certificate is present, the smart card credential provider copies it into a temporary, secure cache on the computer or terminal.
+   3.  Enumerates each card to verify that a sign-in certificate that is controlled by Group Policy is present. If the certificate is present, the smart card credential provider copies it into a temporary, secure cache on the computer or terminal.
 
-    > **Note**  Smartcard cache entries are created for certificates with a subject name or with a subject key identifier. If the certificate has a subject name, it is stored with an index that is based on the subject name and certificate issuer. If another certificate with the same subject name and certificate issuer is used, it will replace the existing cached entry. A change in this behavior after Windows Vista, allows for the condition when the certificate does not have a subject name, the cache is created with an index that is based on the subject key identifier and certificate issuer. If another certificate has the same the subject key identifier and certificate issuer, the cache entry is replaced. When certificates have neither a subject name nor subject key identifier, a cached entry is not created.
+   > **Note**  Smartcard cache entries are created for certificates with a subject name or with a subject key identifier. If the certificate has a subject name, it is stored with an index that is based on the subject name and certificate issuer. If another certificate with the same subject name and certificate issuer is used, it will replace the existing cached entry. A change in this behavior after Windows Vista, allows for the condition when the certificate does not have a subject name, the cache is created with an index that is based on the subject key identifier and certificate issuer. If another certificate has the same the subject key identifier and certificate issuer, the cache entry is replaced. When certificates have neither a subject name nor subject key identifier, a cached entry is not created.
 
-    4.  Notifies the sign-in UI that it has new credentials.
+   4. Notifies the sign-in UI that it has new credentials.
 
-3.  The sign-in UI requests the new credentials from the smart card credential provider. As a response, the smart card credential provider provides each sign-in certificate to the sign-in UI, and corresponding sign-in tiles are displayed. The user selects a smart card-based sign-in certificate tile, and Windows displays a PIN dialog box.
+3. The sign-in UI requests the new credentials from the smart card credential provider. As a response, the smart card credential provider provides each sign-in certificate to the sign-in UI, and corresponding sign-in tiles are displayed. The user selects a smart card-based sign-in certificate tile, and Windows displays a PIN dialog box.
 
-4.  The user enters the PIN, and then presses ENTER. The smart card credential provider encrypts the PIN.
+4. The user enters the PIN, and then presses ENTER. The smart card credential provider encrypts the PIN.
 
-5.  The credential provider that resides in the LogonUI system collects the PIN. As part of packaging credentials in the smart card credential provider, the data is packaged in a KERB\_CERTIFICATE\_LOGON structure. The main contents of the KERB\_CERTIFICATE\_LOGON structure are the smart card PIN, CSP data (such as reader name and container name), user name, and domain name. User name is required if the sign-in domain is not in the same forest because it enables a certificate to be mapped to multiple user accounts.
+5. The credential provider that resides in the LogonUI system collects the PIN. As part of packaging credentials in the smart card credential provider, the data is packaged in a KERB\_CERTIFICATE\_LOGON structure. The main contents of the KERB\_CERTIFICATE\_LOGON structure are the smart card PIN, CSP data (such as reader name and container name), user name, and domain name. User name is required if the sign-in domain is not in the same forest because it enables a certificate to be mapped to multiple user accounts.
 
-6.  The credential provider wraps the data (such as the encrypted PIN, container name, reader name, and card key specification) and sends it back to LogonUI.
+6. The credential provider wraps the data (such as the encrypted PIN, container name, reader name, and card key specification) and sends it back to LogonUI.
 
-7.  Winlogon presents the data from LogonUI to the LSA with the user information in LSALogonUser.
+7. Winlogon presents the data from LogonUI to the LSA with the user information in LSALogonUser.
 
-8.  LSA calls the Kerberos authentication package (Kerberos SSP) to create a Kerberos authentication service request (KRB\_AS\_REQ), which containing a preauthenticator (as specified in RFC 4556: [Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)](http://www.ietf.org/rfc/rfc4556.txt)).
+8. LSA calls the Kerberos authentication package (Kerberos SSP) to create a Kerberos authentication service request (KRB\_AS\_REQ), which containing a preauthenticator (as specified in RFC 4556: [Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)](http://www.ietf.org/rfc/rfc4556.txt)).
 
-    If the authentication is performed by using a certificate that uses a digital signature, the preauthentication data consists of the user's public certificate and the certificate that is digitally signed with the corresponding private key.
                              If the authentication is performed by using a certificate that uses key encipherment, the preauthentication data consists of the user's public certificate and the certificate that is encrypted with the corresponding private key.
+   If the authentication is performed by using a certificate that uses a digital signature, the preauthentication data consists of the user's public certificate and the certificate that is digitally signed with the corresponding private key.
                              If the authentication is performed by using a certificate that uses key encipherment, the preauthentication data consists of the user's public certificate and the certificate that is encrypted with the corresponding private key.
 
-9.  To sign the request digitally (as per RFC 4556), a call is made to the corresponding CSP for a private key operation. Because the private key in this case is stored in a smart card, the smart card subsystem is called, and the necessary operation is completed. The result is sent back to the Kerberos security support provider (SSP).
+9. To sign the request digitally (as per RFC 4556), a call is made to the corresponding CSP for a private key operation. Because the private key in this case is stored in a smart card, the smart card subsystem is called, and the necessary operation is completed. The result is sent back to the Kerberos security support provider (SSP).
 
-10.  The Kerberos SSP sends an authentication request for a ticket-granting-ticket (TGT) (per RFC 4556) to the Key Distribution Center (KDC) service that runs on a domain controller.
+10. The Kerberos SSP sends an authentication request for a ticket-granting-ticket (TGT) (per RFC 4556) to the Key Distribution Center (KDC) service that runs on a domain controller.
 
-11.  The KDC finds the user's account object in Active Directory Domain Services (AD DS), as detailed in [Client certificate requirements and mappings](#client-certificate-requirements-and-mappings), and uses the user's certificate to verify the signature.
+11. The KDC finds the user's account object in Active Directory Domain Services (AD DS), as detailed in [Client certificate requirements and mappings](#client-certificate-requirements-and-mappings), and uses the user's certificate to verify the signature.
 
-12.  The KDC validates the user's certificate (time, path, and revocation status) to ensure that the certificate is from a trusted source. The KDC uses CryptoAPI to build a certification path from the user's certificate to a root certification authority (CA) certificate that resides in the root store on the domain controller. The KDC then uses CryptoAPI to verify the digital signature on the signed authenticator that was included in the preauthentication data fields. The domain controller verifies the signature and uses the public key from the user's certificate to prove that the request originated from the owner of the private key that corresponds to the public key. The KDC also verifies that the issuer is trusted and appears in the NTAUTH certificate store.
+12. The KDC validates the user's certificate (time, path, and revocation status) to ensure that the certificate is from a trusted source. The KDC uses CryptoAPI to build a certification path from the user's certificate to a root certification authority (CA) certificate that resides in the root store on the domain controller. The KDC then uses CryptoAPI to verify the digital signature on the signed authenticator that was included in the preauthentication data fields. The domain controller verifies the signature and uses the public key from the user's certificate to prove that the request originated from the owner of the private key that corresponds to the public key. The KDC also verifies that the issuer is trusted and appears in the NTAUTH certificate store.
 
-13.  The KDC service retrieves user account information from AD DS. The KDC constructs a TGT, which is based on the user account information that it retrieves from AD DS. The TGT’s authorization data fields include the user's security identifier (SID), the SIDs for universal and global domain groups to which the user belongs, and (in a multidomain environment) the SIDs for any universal groups of which the user is a member.
+13. The KDC service retrieves user account information from AD DS. The KDC constructs a TGT, which is based on the user account information that it retrieves from AD DS. The TGT’s authorization data fields include the user's security identifier (SID), the SIDs for universal and global domain groups to which the user belongs, and (in a multidomain environment) the SIDs for any universal groups of which the user is a member.
 
-14.  The domain controller returns the TGT to the client as part of the KRB\_AS\_REP response.
+14. The domain controller returns the TGT to the client as part of the KRB\_AS\_REP response.
 
     > **Note**  The KRB\_AS\_REP packet consists of:
     >- Privilege attribute certificate (PAC)
@@ -143,21 +144,21 @@ Following are the steps that are performed during a smart card sign-in:
 
     TGT is encrypted with the master key of the KDC, and the session key is encrypted with a temporary key. This temporary key is derived based on RFC 4556. Using CryptoAPI, the temporary key is decrypted. As part of the decryption process, if the private key is on a smart card, a call is made to the smart card subsystem by using the specified CSP to extract the certificate corresponding to the user's public key. (Programmatic calls for the certificate include CryptAcquireContext, CryptSetProvParam with the PIN, CryptgetUserKey, and CryptGetKeyParam.) After the temporary key is obtained, the Kerberos SSP decrypts the session key.
 
-15.  The client validates the reply from the KDC (time, path, and revocation status). It first verifies the KDC's signature by the construction of a certification path from the KDC's certificate to a trusted root CA, and then it uses the KDC's public key to verify the reply signature.
+15. The client validates the reply from the KDC (time, path, and revocation status). It first verifies the KDC's signature by the construction of a certification path from the KDC's certificate to a trusted root CA, and then it uses the KDC's public key to verify the reply signature.
 
-16.  Now that a TGT has been obtained, the client obtains a service ticket, which is used to sign in to the local computer.
+16. Now that a TGT has been obtained, the client obtains a service ticket, which is used to sign in to the local computer.
 
-17.  With success, LSA stores the tickets and returns a success message to LSALogonUser. After this success message is issued, user profile for the device is selected and set, Group Policy refresh is instantiated, and other actions are performed.
+17. With success, LSA stores the tickets and returns a success message to LSALogonUser. After this success message is issued, user profile for the device is selected and set, Group Policy refresh is instantiated, and other actions are performed.
 
-18.  After the user profile is loaded, the Certification Propagation Service (CertPropSvc) detects this event, reads the certificates from the smart card (including the root certificates), and then populates them into the user's certificate store (MYSTORE).
+18. After the user profile is loaded, the Certification Propagation Service (CertPropSvc) detects this event, reads the certificates from the smart card (including the root certificates), and then populates them into the user's certificate store (MYSTORE).
 
-19.  CSP to smart card resource manager communication happens on the LRPC Channel.
+19. CSP to smart card resource manager communication happens on the LRPC Channel.
 
-20.  On successful authentication, certificates are propagated to the user's store asynchronously by the Certificate Propagation Service (CertPropSvc).
+20. On successful authentication, certificates are propagated to the user's store asynchronously by the Certificate Propagation Service (CertPropSvc).
 
-21.  When the card is removed, certificates in the temporary secure cache store are removed. The Certificates are no longer available for sign-in, but they remain in the user's certificate store.
+21. When the card is removed, certificates in the temporary secure cache store are removed. The Certificates are no longer available for sign-in, but they remain in the user's certificate store.
 
-> **Note**  A SID is created for each user or group at the time a user account or a group account is created within the local security accounts database or within AD DS. The SID never changes, even if the user or group account is renamed.
+> **Note**  A SID is created for each user or group at the time a user account or a group account is created within the local security accounts database or within AD DS. The SID never changes, even if the user or group account is renamed.
 
 For more information about the Kerberos protocol, see [Microsoft Kerberos](https://msdn.microsoft.com/library/windows/desktop/aa378747(v=vs.85).aspx).
 
@@ -183,18 +184,19 @@ Certificate requirements are listed by versions of the Windows operating system.
 
 The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider.
 
-| **Component**     | **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista**          | **Requirements for Windows XP**  |
-|--------------------------------------|--------------------------------|------|
-| CRL distribution point location      | Not required              | The location must be specified, online, and available, for example:
                              \[1\]CRL Distribution Point
                              Distribution Point Name:
                              Full Name:
                              URL=http://server1.contoso.com/CertEnroll/caname.crl                   |
-| Key usage         | Digital signature         | Digital signature                |
-| Basic constraints | Not required              | \[Subject Type=End Entity, Path Length Constraint=None\] (Optional)    |
-| Enhanced key usage (EKU)             | The smart card sign-in object identifier is not required.

                              **Note**  If an EKU is present, it must contain the smart card sign-in EKU. Certificates with no EKU can be used for sign-in. | -   Client Authentication (1.3.6.1.5.5.7.3.2)
                              The client authentication object identifier is required only if a certificate is used for SSL authentication.

                              - Smart Card Sign-in (1.3.6.1.4.1.311.20.2.2)   |
-| Subject alternative name             | E-mail ID is not required for smart card sign-in.               | Other Name: Principal Name=(UPN), for example:
                              UPN=user1@contoso.com
                              The UPN OtherName object identifier is 1.3.6.1.4.1.311.20.2.3.
                              The UPN OtherName value must be an ASN1-encoded UTF8 string.                |
-| Subject           | Not required              | Distinguished name of user. This field is a mandatory extension, but the population of this field is optional.                  |
-| Key exchange (AT\_KEYEXCHANGE field) | Not required for smart card sign-in certificates if a Group Policy setting is enabled. (By default, Group Policy settings are not enabled.) | Not required  |
-| CRL               | Not required              | Not required  |
-| UPN               | Not required              | Not required  |
-| Notes             | You can enable any certificate to be visible for the smart card credential provider.                  | There are two predefined types of private keys. These keys are Signature Only (AT\_SIGNATURE) and Key Exchange (AT\_KEYEXCHANGE). Smart card sign-in certificates must have a Key Exchange (AT\_KEYEXCHANGE) private key type. |
+
+|            **Component**             |                                                                **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista**                                                                 |                                                                                                **Requirements for Windows XP**                                                                                                 |
+|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   CRL distribution point location    |                                                                                               Not required                                                                                               |             The location must be specified, online, and available, for example:
                              \[1\]CRL Distribution Point
                              Distribution Point Name:
                              Full Name:
                              URL=             |
+|              Key usage               |                                                                                            Digital signature                                                                                             |                                                                                                       Digital signature                                                                                                        |
+|          Basic constraints           |                                                                                               Not required                                                                                               |                                                                              \[Subject Type=End Entity, Path Length Constraint=None\] (Optional)                                                                               |
+|       Enhanced key usage (EKU)       | The smart card sign-in object identifier is not required.

                              **Note**  If an EKU is present, it must contain the smart card sign-in EKU. Certificates with no EKU can be used for sign-in. |      -   Client Authentication (1.3.6.1.5.5.7.3.2)
                              The client authentication object identifier is required only if a certificate is used for SSL authentication.

                              - Smart Card Sign-in (1.3.6.1.4.1.311.20.2.2)       |
+|       Subject alternative name       |                                                                            E-mail ID is not required for smart card sign-in.                                                                             |           Other Name: Principal Name=(UPN), for example:
                              UPN=user1@contoso.com
                              The UPN OtherName object identifier is 1.3.6.1.4.1.311.20.2.3.
                              The UPN OtherName value must be an ASN1-encoded UTF8 string.            |
+|               Subject                |                                                                                               Not required                                                                                               |                                                         Distinguished name of user. This field is a mandatory extension, but the population of this field is optional.                                                         |
+| Key exchange (AT\_KEYEXCHANGE field) |                               Not required for smart card sign-in certificates if a Group Policy setting is enabled. (By default, Group Policy settings are not enabled.)                                |                                                                                                          Not required                                                                                                          |
+|                 CRL                  |                                                                                               Not required                                                                                               |                                                                                                          Not required                                                                                                          |
+|                 UPN                  |                                                                                               Not required                                                                                               |                                                                                                          Not required                                                                                                          |
+|                Notes                 |                                                           You can enable any certificate to be visible for the smart card credential provider.                                                           | There are two predefined types of private keys. These keys are Signature Only (AT\_SIGNATURE) and Key Exchange (AT\_KEYEXCHANGE). Smart card sign-in certificates must have a Key Exchange (AT\_KEYEXCHANGE) private key type. |
 
 ### Client certificate mappings
 
@@ -268,7 +270,7 @@ For example, if Certificate1 has CN=CNName1, Certificate2 has CN=User1, and Cert
 
 ## Smart card sign-in across forests
 
-For account mapping to work across forests, particularly in cases where there is not enough information available on the certificate, the user might enter a hint in the form of a user name, such as *domain\\user*, or a fully qualified UPN such as *user@contoso.com*.
+For account mapping to work across forests, particularly in cases where there is not enough information available on the certificate, the user might enter a hint in the form of a user name, such as *domain\\user*, or a fully qualified UPN such as user@contoso.com.
 
 > **Note**  For the hint field to appear during smart card sign-in, the **Allow user name hint** Group Policy setting (**X509HintsNeeded** registry key) must be enabled on the client.
 
@@ -284,19 +286,19 @@ Windows client computers attempt to request the OCSP responses and use them in t
 
 For sign-in to work in a smart card-based domain, the smart card certificate must meet the following conditions:
 
--   The KDC root certificate on the smart card must have an HTTP CRL distribution point listed in its certificate.
+- The KDC root certificate on the smart card must have an HTTP CRL distribution point listed in its certificate.
 
--   The smart card sign-in certificate must have the HTTP CRL distribution point listed in its certificate.
+- The smart card sign-in certificate must have the HTTP CRL distribution point listed in its certificate.
 
--   The CRL distribution point must have a valid CRL published and a delta CRL, if applicable, even if the CRL distribution point is empty.
+- The CRL distribution point must have a valid CRL published and a delta CRL, if applicable, even if the CRL distribution point is empty.
 
--   The smart card certificate must contain one of the following:
+- The smart card certificate must contain one of the following:
 
-    -   A subject field that contains the DNS domain name in the distinguished name. If it does not, resolution to an appropriate domain fails, so Remote Desktop Services and the domain sign-in with the smart card fail.
+  - A subject field that contains the DNS domain name in the distinguished name. If it does not, resolution to an appropriate domain fails, so Remote Desktop Services and the domain sign-in with the smart card fail.
 
-    -   A UPN where the domain name resolves to the actual domain. For example, if the domain name is Engineering.Corp.Contoso, the UPN is username@engineering.corp.contoso.com. If any part of the domain name is omitted, the Kerberos client cannot find the appropriate domain.
+  - A UPN where the domain name resolves to the actual domain. For example, if the domain name is Engineering.Corp.Contoso, the UPN is username@engineering.corp.contoso.com. If any part of the domain name is omitted, the Kerberos client cannot find the appropriate domain.
 
-Although the HTTP CRL distribution points are on by default in Windows Server 2008, subsequent versions of the Windows Server operating system do not include HTTP CRL distribution points. To allow smart card sign-in to a domain in these versions, do the following:
+Although the HTTP CRL distribution points are on by default in Windows Server 2008, subsequent versions of the Windows Server operating system do not include HTTP CRL distribution points. To allow smart card sign-in to a domain in these versions, do the following:
 
 1.  Enable HTTP CRL distribution points on the CA.
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 8c99bb0570..9013c10df6 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -1,4 +1,4 @@
----
+---
 title: Smart Cards Debugging Information (Windows 10)
 description: This topic explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
 ms.prod: w10
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Cards Debugging Information
@@ -61,9 +62,9 @@ Windows software trace preprocessor (WPP) simplifies tracing the operation of th
 
 Using WPP, use one of the following commands to enable tracing:
 
--   **tracelog.exe -kd -rt -start** <*FriendlyName*> **-guid \#**<*GUID*> **-f .\\**<*LogFileName*>**.etl -flags** <*flags*> **-ft 1**
+- **tracelog.exe -kd -rt -start** <*FriendlyName*> **-guid \#**<*GUID*> **-f .\\**<*LogFileName*>**.etl -flags** <*flags*> **-ft 1**
 
--   **logman start** <*FriendlyName*> **-ets -p {**<*GUID*>**} -**<*Flags*> **-ft 1 -rt -o .\\**<*LogFileName*>***.etl -mode 0x00080000**
+- **logman start** <*FriendlyName*> **-ets -p {**<*GUID*>**} -**<*Flags*> **-ft 1 -rt -o .\\**<*LogFileName*>**.etl -mode 0x00080000*
 
 You can use the parameters in the following table.
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index facd8ddf40..cb5e74736a 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -1,4 +1,4 @@
----
+---
 title: Smart Card Events (Windows 10)
 description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
 ms.prod: w10
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Events
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index bb6e5da969..dd70a1c7c6 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Group Policy and Registry Settings
@@ -94,7 +95,7 @@ This policy setting allows certificates without an enhanced key usage (EKU) set
 
 > **Note**  Enhanced key usage certificate attribute is also known as extended key usage.
 
-In versions of Windows prior to Windows Vista, smart card certificates that are used to sign in require an EKU extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
+In versions of Windows prior to Windows Vista, smart card certificates that are used to sign in require an EKU extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
 
 When this policy setting is enabled, certificates with the following attributes can also be used to sign in with a smart card:
 
@@ -126,7 +127,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E
 
 ### Allow Integrated Unblock screen to be displayed at the time of logon
 
-This policy setting lets you determine whether the integrated unblock feature is available in the sign-in user interface (UI). The feature was introduced as a standard feature in the Credential Security Support Provider in Windows Vista.
+This policy setting lets you determine whether the integrated unblock feature is available in the sign-in user interface (UI). The feature was introduced as a standard feature in the Credential Security Support Provider in Windows Vista.
 
 When this setting is enabled, the integrated unblock feature is available. When this setting is disabled or not configured, the feature is not available.
 
@@ -152,7 +153,7 @@ This policy setting lets you allow signature key-based certificates to be enumer
 
 This policy setting permits those certificates that are expired or not yet valid to be displayed for sign-in.
 
-Prior to Windows Vista, certificates were required to contain a valid time and to not expire. To be used, the certificate must be accepted by the domain controller. This policy setting only controls which certificates are displayed on the client computer.
+Prior to Windows Vista, certificates were required to contain a valid time and to not expire. To be used, the certificate must be accepted by the domain controller. This policy setting only controls which certificates are displayed on the client computer.
 
 When this setting is enabled, certificates are listed on the sign-in screen whether they have an invalid time or their time validity has expired. When this setting is disabled or not configured, certificates that are expired or not yet valid are not listed on the sign-in screen.
 
@@ -217,7 +218,7 @@ This policy setting is applied to the computer after the [Allow time invalid cer
 | Registry key      | FilterDuplicateCerts          |
 | Default values    | No changes per operating system versions
                              Disabled and not configured are equivalent                  |
 | Policy management | Restart requirement: None
                              Sign off requirement: None
                              Policy conflicts: None  |
-| Notes and resources                  | If there are two or more of the same certificates on a smart card and this policy setting is enabled, the certificate that is used to sign in to computers running Windows 2000, Windows XP, or Windows Server 2003 will be displayed. Otherwise, the certificate with the most distant expiration time will be displayed. |
+| Notes and resources                  | If there are two or more of the same certificates on a smart card and this policy setting is enabled, the certificate that is used to sign in to computers running Windows 2000, Windows XP, or Windows Server 2003 will be displayed. Otherwise, the certificate with the most distant expiration time will be displayed. |
 
 ### Force the reading of all certificates from the smart card
 
@@ -354,8 +355,8 @@ The following smart card-related Group Policy settings are located in Computer C
 
 | Group Policy Setting and Registry Key    |  Default   | Description   |
 |------------------------------------------|------------|---------------|
-| Interactive logon: Require smart card

                              scforceoption          |  Disabled        | This security policy setting requires users to sign in to a computer by using a smart card.

                              **Enabled**  Users can only sign in to the computer by using a smart card.
                              **Disabled**  Users can sign in to the computer by using any method.         |
-| Interactive logon: Smart card removal behavior

                              scremoveoption | This policy setting is not defined, which means that the system treats it as **No Action**. | This setting determines what happens when the smart card for a signed-in user is removed from the smart card reader. The options are:
                              **No Action**
                              **Lock Workstation**: The workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
                              **Force Logoff**: The user is automatically signed out when the smart card is removed.
                              **Disconnect if a Remote Desktop Services session**: Removal of the smart card disconnects the session without signing out the user. This allows the user to reinsert the smart card and resume the session later, or at another computer that is equipped with a smart card reader, without having to sign in again. If the session is local, this policy setting functions identically to the **Lock Workstation** option.

                              **Note**  Remote Desktop Services was called Terminal Services in previous versions of Windows Server.  |
+| Interactive logon: Require smart card

                              scforceoption          |  Disabled        | This security policy setting requires users to sign in to a computer by using a smart card.

                              **Enabled**  Users can only sign in to the computer by using a smart card.
                              **Disabled**  Users can sign in to the computer by using any method.         |
+| Interactive logon: Smart card removal behavior

                              scremoveoption | This policy setting is not defined, which means that the system treats it as **No Action**. | This setting determines what happens when the smart card for a signed-in user is removed from the smart card reader. The options are:
                              **No Action**
                              **Lock Workstation**: The workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
                              **Force Logoff**: The user is automatically signed out when the smart card is removed.
                              **Disconnect if a Remote Desktop Services session**: Removal of the smart card disconnects the session without signing out the user. This allows the user to reinsert the smart card and resume the session later, or at another computer that is equipped with a smart card reader, without having to sign in again. If the session is local, this policy setting functions identically to the **Lock Workstation** option.

                              **Note**  Remote Desktop Services was called Terminal Services in previous versions of Windows Server.  |
 
 From the Local Security Policy Editor (secpol.msc), you can edit and apply system policies to manage credential delegation for local or domain computers.
 
@@ -367,11 +368,12 @@ Registry keys are located in HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Contro
 
 **Credential delegation policy settings**
 
-| Group Policy Setting and Registry Key  | Default   | Description |
-|----------------------------------------|-----------|-------------|
-| **Allow Delegating Fresh Credentials**

                              AllowFreshCredentials     | Not Configured | This policy setting applies: 
                              When server authentication was achieved through a trusted X509 certificate or Kerberos protocol.
                              To applications that use the CredSSP component (for example, Remote Desktop Services).

                              **Enabled**: You can specify the servers where the user's fresh credentials can be delegated. 
                              **Not Configured**: After proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Services running on any computer.
                              **Disabled**: Delegation of fresh credentials to any computer is not permitted.

                              **Note**  This policy setting can be set to one or more service principal names (SPNs). The SPN represents the target server where the user credentials can be delegated. A single wildcard character is permitted when specifying the SPN, for example:
                              Use *TERMSRV/\** for Remote Desktop Session Host (RD Session Host) running on any computer. 
                              Use *TERMSRV/host.humanresources.fabrikam.com* for RD Session Host running on the host.humanresources.fabrikam.com computer.
                              Use *TERMSRV/\*.humanresources.fabrikam.com* for RD Session Host running on all computers in .humanresources.fabrikam.com  |
-| **Allow Delegating Fresh Credentials with NTLM-only Server Authentication**

                              AllowFreshCredentialsWhenNTLMOnly | Not Configured | This policy setting applies:
                              When server authentication was achieved by using NTLM.
                              To applications that use the CredSSP component (for example, Remote Desktop).

                              **Enabled**: You can specify the servers where the user's fresh credentials can be delegated.
                              **Not Configured**: After proper mutual authentication, delegation of fresh credentials is permitted to RD Session Host running on any computer (TERMSRV/\*).
                              **Disabled**: Delegation of fresh credentials is not permitted to any computer.

                              **Note**  This policy setting can be set to one or more SPNs. The SPN represents the target server where the user credentials can be delegated. A single wildcard character (\*) is permitted when specifying the SPN.
                              See the **Allow Delegating Fresh Credentials** policy setting description for examples.             |
-| **Deny Delegating Fresh Credentials**

                              DenyFreshCredentials | Not Configured | This policy setting applies to applications that use the CredSSP component (for example, Remote Desktop).

                              **Enabled**: You can specify the servers where the user's fresh credentials cannot be delegated.
                              **Disabled** or **Not Configured**: A server is not specified.

                              **Note**  This policy setting can be set to one or more SPNs. The SPN represents the target server where the user credentials cannot be delegated. A single wildcard character (\*) is permitted when specifying the SPN.
                              See the **Allow Delegating Fresh Credentials** policy setting description for examples.          |
+
+|                                        Group Policy Setting and Registry Key                                         |    Default     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
+|----------------------------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                         **Allow Delegating Fresh Credentials**

                              AllowFreshCredentials                          | Not Configured | This policy setting applies: 
                              When server authentication was achieved through a trusted X509 certificate or Kerberos protocol.
                              To applications that use the CredSSP component (for example, Remote Desktop Services).

                              **Enabled**: You can specify the servers where the user's fresh credentials can be delegated. 
                              **Not Configured**: After proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Services running on any computer.
                              **Disabled**: Delegation of fresh credentials to any computer is not permitted.

                              **Note**  This policy setting can be set to one or more service principal names (SPNs). The SPN represents the target server where the user credentials can be delegated. A single wildcard character is permitted when specifying the SPN, for example:
                              Use \*TERMSRV/\*\* for Remote Desktop Session Host (RD Session Host) running on any computer. 
                              Use *TERMSRV/host.humanresources.fabrikam.com* for RD Session Host running on the host.humanresources.fabrikam.com computer.
                              Use *TERMSRV/\*.humanresources.fabrikam.com* for RD Session Host running on all computers in .humanresources.fabrikam.com |
+| **Allow Delegating Fresh Credentials with NTLM-only Server Authentication**

                              AllowFreshCredentialsWhenNTLMOnly | Not Configured |                                                                                                                                                                            This policy setting applies:
                              When server authentication was achieved by using NTLM.
                              To applications that use the CredSSP component (for example, Remote Desktop).

                              **Enabled**: You can specify the servers where the user's fresh credentials can be delegated.
                              **Not Configured**: After proper mutual authentication, delegation of fresh credentials is permitted to RD Session Host running on any computer (TERMSRV/\*).
                              **Disabled**: Delegation of fresh credentials is not permitted to any computer.

                              **Note**  This policy setting can be set to one or more SPNs. The SPN represents the target server where the user credentials can be delegated. A single wildcard character (\*) is permitted when specifying the SPN.
                              See the **Allow Delegating Fresh Credentials** policy setting description for examples.                                                                                                                                                                            |
+|                          **Deny Delegating Fresh Credentials**

                              DenyFreshCredentials                           | Not Configured |                                                                                                                                                                                                                                                                                                 This policy setting applies to applications that use the CredSSP component (for example, Remote Desktop).

                              **Enabled**: You can specify the servers where the user's fresh credentials cannot be delegated.
                              **Disabled** or **Not Configured**: A server is not specified.

                              **Note**  This policy setting can be set to one or more SPNs. The SPN represents the target server where the user credentials cannot be delegated. A single wildcard character (\*) is permitted when specifying the SPN.
                              See the **Allow Delegating Fresh Credentials** policy setting description for examples.                                                                                                                                                                                                                                                                                                 |
 
 If you are using Remote Desktop Services with smart card logon, you cannot delegate default and saved credentials. The registry keys in the following table, which are located at HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Credssp\\PolicyDefaults, and the corresponding Group Policy settings are ignored.
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index ea407b1937..08f350db77 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # How Smart Card Sign-in Works in Windows
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index 34b355d1cd..6f0f59e3d1 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Removal Policy Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index 634ec44834..da07ec19a4 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Cards for Windows Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index 5b0a21f2f9..63d129266c 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Tools and Settings
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index bf3020f5bd..747e68618a 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Smart Card Technical Reference
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index f478817d07..32d9213cda 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -2,13 +2,14 @@
 title: How User Account Control works (Windows 10)
 description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
 ms.assetid: 9f921779-0fd3-4206-b0e4-05a19883ee59
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -146,7 +147,7 @@ To better understand each component, review the table below:
 
                              Application Information service
                              
 
 
-
                              A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.
                              
+
                              A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.
                              
 
 
 
@@ -209,7 +210,7 @@ To better understand each component, review the table below:
 
                              If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
                              
 
                              • 
 
                            • 
-
                              If the secure desktop is not enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.
                              
+
                              If the secure desktop is not enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.
                              
 
                              • 
 
                            
 
@@ -243,7 +244,7 @@ To better understand each component, review the table below:
 
                            Installer detection
                            
 
 
-
                            Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.
                            
+
                            Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.
                            
 
 
 
@@ -268,17 +269,17 @@ To better understand each component, review the table below:
 
 
 
- 
-The slider will never turn UAC completely off. If you set it to **Never notify**, it will:
+ 
+The slider will never turn UAC completely off. If you set it to Never notify, it will:
 
 -   Keep the UAC service running.
 -   Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
 -   Automatically deny all elevation requests for standard users.
 
->**Important:**  In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
- 
->**Warning:**  Universal Windows apps will not work when UAC is disabled.
- 
+> **Important:**  In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
+> 
+> **Warning:**  Universal Windows apps will not work when UAC is disabled.
+ 
 ### Virtualization
 
 Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you do not need to replace the majority of apps when UAC is turned on.
@@ -318,6 +319,6 @@ Before a 32-bit process is created, the following attributes are checked to dete
 -   Key attributes in the resource script data are linked in the executable file.
 -   There are targeted sequences of bytes within the executable file.
 
->**Note:**  The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
- 
->**Note:**  The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
+> **Note:**  The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
+> 
+> **Note:**  The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index 9f3048c408..35ae0d0d3d 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # User Account Control Group Policy and registry key settings
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 786f8d9b6e..ad92df7445 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -2,14 +2,15 @@
 title: User Account Control (Windows 10)
 description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
 ms.assetid: 43ac4926-076f-4df2-84af-471ee7d20c38
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -20,7 +21,7 @@ ms.date: 07/27/2017
 # User Account Control
 
 **Applies to**
-- Windows 10
+- Windows 10
 - Windows Server 2016
 
 User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
@@ -37,11 +38,12 @@ Admin Approval Mode in UAC helps prevent malware from silently installing withou
 
 
 ## In this section
+
 | Topic | Description |
 | - | - |
 | [How User Account Control works](how-user-account-control-works.md) | User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. |
 | [User Account Control security policy settings](user-account-control-security-policy-settings.md) | You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. |
 | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC. |
- 
- 
- 
+
+
+
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index 3964a0f292..a6bec76e99 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -2,13 +2,14 @@
 title: User Account Control security policy settings (Windows 10)
 description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
 ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 766f4cf4a7..34667eb1f8 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 65c4b4ded6..d7653b982e 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index 46c153bf96..fd93a5fd19 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Get Started with Virtual Smart Cards: Walkthrough Guide
@@ -57,65 +58,65 @@ On your domain server, you need to create a template for the certificate that yo
 
 ### To create the certificate template
 
-1.  On your server, open the Microsoft Management Console (MMC). One way to do this is to type **mmc.exe** from the **Start** menu, right-click **mmc.exe**, and click **Run as administrator**.
+1. On your server, open the Microsoft Management Console (MMC). One way to do this is to type **mmc.exe** from the **Start** menu, right-click **mmc.exe**, and click **Run as administrator**.
 
-2.  Click **File**, and then click **Add/Remove Snap-in**.
+2. Click **File**, and then click **Add/Remove Snap-in**.
 
-    ![Add or remove snap-in](images/vsc-02-mmc-add-snap-in.png)
+   ![Add or remove snap-in](images/vsc-02-mmc-add-snap-in.png)
 
-3.  In the available snap-ins list, click **Certificate Templates**, and then click **Add**.
+3. In the available snap-ins list, click **Certificate Templates**, and then click **Add**.
 
-    ![Add Certificate Templates snap-in](images/vsc-03-add-certificate-templates-snap-in.png)
+   ![Add Certificate Templates snap-in](images/vsc-03-add-certificate-templates-snap-in.png)
 
-4.  Certificate Templates is now located under **Console Root** in the MMC. Double-click it to view all the available certificate templates.
+4. Certificate Templates is now located under **Console Root** in the MMC. Double-click it to view all the available certificate templates.
 
-5.  Right-click the **Smartcard Logon** template, and click **Duplicate Template**.
+5. Right-click the **Smartcard Logon** template, and click **Duplicate Template**.
 
-    ![Duplicating the Smartcard Logon template](images/vsc-04-right-click-smartcard-logon-template.png)
+   ![Duplicating the Smartcard Logon template](images/vsc-04-right-click-smartcard-logon-template.png)
 
-6.  On the **Compatibility** tab, under **Certification Authority**, review the selection, and change it if needed.
+6. On the **Compatibility** tab, under **Certification Authority**, review the selection, and change it if needed.
 
-    ![Compatibility tab, certification authority setting](images/vsc-05-certificate-template-compatibility.png)
+   ![Compatibility tab, certification authority setting](images/vsc-05-certificate-template-compatibility.png)
 
-7.  On the **General** tab:
+7. On the **General** tab:
 
-    1.  Specify a name, such as **TPM Virtual Smart Card Logon**.
+   1.  Specify a name, such as **TPM Virtual Smart Card Logon**.
 
-    2.  Set the validity period to the desired value.
+   2.  Set the validity period to the desired value.
 
-8.  On the **Request Handling** tab:
+8. On the **Request Handling** tab:
 
-    1.  Set the **Purpose** to **Signature and smartcard logon**.
+   1.  Set the **Purpose** to **Signature and smartcard logon**.
 
-    2.  Click **Prompt the user during enrollment**.
+   2.  Click **Prompt the user during enrollment**.
 
-9.  On the **Cryptography** tab:
+9. On the **Cryptography** tab:
 
-    1.  Set the minimum key size to 2048.
+   1.  Set the minimum key size to 2048.
 
-    2.  Click **Requests must use one of the following providers**, and then select **Microsoft Base Smart Card Crypto Provider**.
+   2.  Click **Requests must use one of the following providers**, and then select **Microsoft Base Smart Card Crypto Provider**.
 
-10.  On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated users** group, and then select **Enroll** permissions for them.
+10. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated users** group, and then select **Enroll** permissions for them.
 
-11.  Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
+11. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
 
-12.  Select **File**, then click **Add/Remove Snap-in** to add the Certification Authority snap-in to your MMC console. When asked which computer you want to manage, select the computer on which the CA is located, probably **Local Computer**.
+12. Select **File**, then click **Add/Remove Snap-in** to add the Certification Authority snap-in to your MMC console. When asked which computer you want to manage, select the computer on which the CA is located, probably **Local Computer**.
 
     ![Add Certification Authority snap-in](images/vsc-06-add-certification-authority-snap-in.png)
 
-13.  In the left pane of the MMC, expand **Certification Authority (Local)**, and then expand your CA within the Certification Authority list.
+13. In the left pane of the MMC, expand **Certification Authority (Local)**, and then expand your CA within the Certification Authority list.
 
-14.  Right-click **Certificate Templates**, click **New**, and then click **Certificate Template to Issue**.
+14. Right-click **Certificate Templates**, click **New**, and then click **Certificate Template to Issue**.
 
     ![Right-click menu for Certificate Templates](images/vsc-07-right-click-certificate-templates.png)
 
-15.  From the list, select the new template that you just created (**TPM Virtual Smart Card Logon**), and then click **OK**.
+15. From the list, select the new template that you just created (**TPM Virtual Smart Card Logon**), and then click **OK**.
 
     > **Note**  It can take some time for your template to replicate to all servers and become available in this list.
 
     ![Selecting a certificate template](images/vsc-08-enable-certificate-template.png)
 
-16.  After the template replicates, in the MMC, right-click in the Certification Authority list, click **All Tasks**, and then click **Stop Service**. Then, right-click the name of the CA again, click **All Tasks**, and then click **Start Service**.
+16. After the template replicates, in the MMC, right-click in the Certification Authority list, click **All Tasks**, and then click **Stop Service**. Then, right-click the name of the CA again, click **All Tasks**, and then click **Start Service**.
 
     ![Stopping and starting the service](images/vsc-09-stop-service-start-service.png)
 
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index e95e0215c2..b81fc4b4cd 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 10/13/2017
+ms.reviewer: 
 ---
 
 # Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 55a77a6140..f2ce999ee5 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Tpmvscmgr
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index a770e703ca..42f77aef08 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/19/2017
+ms.reviewer: 
 ---
 
 # Understanding and Evaluating Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 9e9a8627c3..bdf8fb184c 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/13/2017
+ms.reviewer: 
 ---
 
 # Use Virtual Smart Cards
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 7b30f32d4d..73746dfff2 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -5,10 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: shortpatti
-ms.author: pashort
+author: dulcemontemayor
+ms.author: dolmont
 ms.localizationpriority: medium
 ms.date: 02/08/2018
+ms.reviewer: 
+manager: dansimp
 ---
 
 # How to configure Diffie Hellman protocol over IKEv2 VPN connections
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index b5fede2f00..7b32119ae3 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -5,8 +5,11 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
+author: dulcemontemayor
 ms.date: 04/19/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # How to use single sign on (SSO) over VPN and Wi-Fi connections
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index ecd0f4cbd7..7bb106781a 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN authentication options
@@ -59,4 +62,4 @@ The following image shows the field for EAP XML in a Microsoft Intune VPN profil
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index a57b762d3a..178333b713 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN auto-triggered profile options
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 69944937b7..4e6d182cfc 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -5,9 +5,9 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: shortpatti
-ms.author: pashort
-manager: elizapo
+author: dulcemontemayor
+ms.author: dolmont
+manager: dansimp
 ms.reviewer: 
 ms.localizationpriority: medium
 ms.date: 03/21/2019
@@ -111,4 +111,4 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.m
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index 240ea4403e..cb033205df 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN connection types
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 2703ed270a..d5c7cfca83 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -4,9 +4,12 @@ description: Use this guide to configure VPN deployment for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # Windows 10 VPN technical guide
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index 42d8fb786f..e4f509397e 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN name resolution
@@ -80,4 +83,4 @@ The fields in **Add or edit DNS rule** in the Intune profile correspond to the X
 - [VPN and conditional access](vpn-conditional-access.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 3051e37b8b..a234d017d0 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -2,12 +2,14 @@
 title: VPN profile options (Windows 10)
 description: Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect.
 ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523
+ms.reviewer: 
+manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: shortpatti
-ms.author: pashort
+author: dulcemontemayor
+ms.author: dolmont
 ms.localizationpriority: medium
 ms.date: 05/17/2018
 ---
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index d39cb4249c..e9652fe89a 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN routing decisions
@@ -66,4 +69,4 @@ Next, in **Corporate Boundaries**, you add the routes that should use the VPN co
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index cd409e2b48..250ee154a5 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -5,9 +5,12 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: jdeckerms
+author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ---
 
 # VPN security features
@@ -85,4 +88,4 @@ The following image shows the interface to configure traffic rules in a VPN Prof
 - [VPN and conditional access](vpn-conditional-access.md)
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 13fc6ad9e2..701083c55c 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -2,13 +2,14 @@
 title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
 description: Provides a summary of the Windows 10 credential theft mitigation guide.
 ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
-ms.author: daniha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -30,7 +31,7 @@ This guide explains how credential theft attacks occur and the strategies and co
 - Respond to suspicious activity
 - Recover from a breach
 
-![Security stages](images\security-stages.png)
+![Security stages](images/security-stages.png)
 
 ## Attacks that steal credentials
 
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index fb5a32c9ae..d08c6e889a 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -2,13 +2,14 @@
 title: BCD settings and BitLocker (Windows 10)
 description: This topic for IT professionals describes the BCD settings that are used by BitLocker.
 ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index 15a2f305ae..144180cd40 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -2,13 +2,14 @@
 title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -38,9 +39,9 @@ For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-sett
 
 The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The manage-bde command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the C: drive to AD DS, you would use the following command from an elevated command prompt: **manage-bde -protectors -adbackup C:**.
 
-> [!IMPORTANT]  
+> [!IMPORTANT]
 > Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
- 
+ 
 ## Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
 
 Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says "Success," the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it is also possible that the log entry could be spoofed.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index c9ba5464a6..8029b9b1b9 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -2,13 +2,14 @@
 title: BitLocker basic deployment (Windows 10)
 description: This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -30,7 +31,7 @@ BitLocker provides full volume encryption (FVE) for operating system volumes, as
 In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes.
 
 > **Note:**  For more info about using this tool, see [Bdehdcfg](https://technet.microsoft.com/library/ee732026.aspx) in the Command-Line Reference.
- 
+ 
 BitLocker encryption can be done using the following methods:
 
 -   BitLocker control panel
@@ -91,7 +92,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t
 
 
 
- 
+ 
 Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken.
 Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive.
 
@@ -105,7 +106,7 @@ When the recovery key has been properly stored, the BitLocker Drive Encryption W
 It is recommended that drives with little to no data utilize the **used disk space only** encryption option and that drives with data or an operating system utilize the **encrypt entire drive** option.
 
 > **Note:**  Deleted files appear as free space to the file system, which is not encrypted by **used disk space only**. Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools.
- 
+ 
 Selecting an encryption type and choosing **Next** will give the user the option of running a BitLocker system check (selected by default) which will ensure that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows.
 
 After completing the system check (if selected), the BitLocker Drive Encryption Wizard will restart the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel.
@@ -370,13 +371,13 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
 
 
 
- 
+ 
 Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
-A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the `Get-BitLocker` volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information.
-Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
+A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLocker volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information.
+Occasionally, all protectors may not be shown when using Get-BitLockerVolume due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
 
 > **Note:**  In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID.
- 
+ 
 `Get-BitLockerVolume C: | fl`
 
 If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
@@ -391,7 +392,7 @@ Using this information, we can then remove the key protector for a specific volu
 Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}"
 ```
 > **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
- 
+ 
 ### Operating system volume
 
 Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell.
@@ -419,7 +420,7 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 The ADAccountOrGroup protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and be unlocked to any member computer of the cluster.
 
 >**Warning:**  The SID-based protector requires the use of an additional protector (such as TPM, PIN, recovery key, etc.) when used on operating system volumes.
- 
+ 
 To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
 ``` syntax
@@ -431,16 +432,16 @@ For users who wish to use the SID for the account or group, the first step is to
 get-aduser -filter {samaccountname -eq "administrator"}
 ```
 > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
- 
+> 
 > **Tip:**  In addition to the Windows PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features.
- 
+ 
 In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
 
 ``` syntax
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup ""
 ```
 > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
- 
+ 
 ##  Checking BitLocker status
 
 To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section.
@@ -455,7 +456,7 @@ Checking BitLocker status with the control panel is the most common method used
 | **Off**| BitLocker is not enabled for the volume |
 | **Suspended** | BitLocker is suspended and not actively protecting the volume |
 | **Waiting for Activation**| BitLocker is enabled with a clear protector key and requires further action to be fully protected|
- 
+ 
 If a drive is pre-provisioned with BitLocker, a status of "Waiting for Activation" displays with a yellow exclamation icon on volume E. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not in a protected state and needs to have a secure key added to the volume before the drive is fully protected. Administrators can use the control panel, manage-bde tool, or WMI APIs to add an appropriate key protector. Once complete, the control panel will update to reflect the new status.
 Using the control panel, administrators can choose **Turn on BitLocker** to start the BitLocker Drive Encryption wizard and add a protector, like PIN for an operating system volume (or password if no TPM exists), or a password or smart card protector to a data volume.
 The drive security window displays prior to changing the volume status. Selecting **Activate BitLocker** will complete the encryption process.
@@ -472,7 +473,7 @@ To check the status of a volume using manage-bde, use the following command:
 manage-bde -status 
 ```
 > **Note:**  If no volume letter is associated with the -status command, all volumes on the computer display their status.
- 
+ 
 ### Checking BitLocker status with Windows PowerShell
 
 Windows PowerShell commands offer another way to query BitLocker status for volumes. Like manage-bde, Windows PowerShell includes the advantage of being able to check the status of a volume on a remote computer.
@@ -529,9 +530,9 @@ Disable-BitLocker -MountPoint E:,F:,G:
 ```
 ## See also
 
-- [Prepare your organization for BitLocker: Planning and p\\olicies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
+- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [BitLocker recovery guide](bitlocker-recovery-guide-plan.md)
 - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
 - [BitLocker overview](bitlocker-overview.md)
- 
- 
+ 
+ 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index 8f4bf8f1e5..2af7ccc7a9 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -2,13 +2,14 @@
 title: BitLocker Countermeasures (Windows 10)
 description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key.
 ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -30,7 +31,7 @@ BitLocker helps mitigate unauthorized data access on lost or stolen computers be
 
 - **Encrypting volumes on your computer.** For example, you can turn on BitLocker for your operating system volume, or a volume on a fixed or removable data drive (such as a USB flash drive, SD card, and so on). Turning on BitLocker for your operating system volume encrypts all system files on the volume, including the paging files and hibernation files. The only exception is for the System partition, which includes the Windows Boot Manager and minimal boot collateral required for decryption of the operating system volume after the key is unsealed.
 - **Ensuring the integrity of early boot components and boot configuration data.** On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
- 
+ 
 The next sections provide more details about how Windows protects against various attacks on the BitLocker encryption keys in Windows 10, Windows 8.1, and Windows 8.
 
 For more information about how to enable the best overall security configuration for devices beginning with Windows 10 version 1803, see [Standards for a highly secure Windows 10 device](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-highly-secure). 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
index 4dddbd05fe..5431485c7f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
@@ -2,13 +2,14 @@
 title: BitLocker frequently asked questions (FAQ) (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 2cb23707fe..8c9c724383 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
+ms.reviewer: 
 ---
 
 # Overview of BitLocker Device Encryption in Windows 10
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
index 8ffbf8ec53..26bf69d169 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
@@ -2,13 +2,14 @@
 title: BitLocker frequently asked questions (FAQ) (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 0b3297ec31..2a808c73fa 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -2,13 +2,14 @@
 title: BitLocker Group Policy settings (Windows 10)
 description: This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -19,14 +20,14 @@ ms.date: 04/17/2019
 # BitLocker Group Policy settings
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 
 To control what drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use Group Policy administrative templates or local computer policy settings. How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed.
 
->**Note:**  A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see [Trusted Platform Module Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings).
- 
+>**Note:**  A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see [Trusted Platform Module Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings).
+
 BitLocker Group Policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**.
 Most of the BitLocker Group Policy settings are applied when BitLocker is initially turned on for a drive. If a computer is not compliant with existing Group Policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state. When a drive is out of compliance with Group Policy settings (for example, if a Group Policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives), no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance.
 
@@ -47,7 +48,7 @@ The following policy settings can be used to determine how a BitLocker-protected
 -   [Disable new DMA devices when this computer is locked](#disable-new-dma-devices-when-this-computer-is-locked)
 -   [Disallow standard users from changing the PIN or password](#bkmk-dpinchange)
 -   [Configure use of passwords for operating system drives](#bkmk-ospw)
--   [Require additional authentication at startup (Windows Server 2008 and Windows Vista)](#bkmk-unlockpol4)
+-   [Require additional authentication at startup (Windows Server 2008 and Windows Vista)](#bkmk-unlockpol4)
 -   [Configure use of smart cards on fixed data drives](#bkmk-unlockpol5)
 -   [Configure use of passwords on fixed data drives](#bkmk-unlockpol6)
 -   [Configure use of smart cards on removable data drives](#bkmk-unlockpol7)
@@ -74,8 +75,8 @@ The following policy settings determine the encryption methods and encryption ty
 The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
 
 -   [Choose how BitLocker-protected operating system drives can be recovered](#bkmk-rec1)
--   [Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)](#bkmk-rec2)
--   [Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)](#bkmk-rec3)
+-   [Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)](#bkmk-rec2)
+-   [Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)](#bkmk-rec3)
 -   [Choose default folder for recovery password](#bkmk-rec4)
 -   [Choose how BitLocker-protected fixed drives can be recovered](#bkmk-rec6)
 -   [Choose how BitLocker-protected removable drives can be recovered](#bkmk-rec7)
@@ -87,7 +88,7 @@ The following policies are used to support customized deployment scenarios in yo
 -   [Provide the unique identifiers for your organization](#bkmk-depopt1)
 -   [Prevent memory overwrite on restart](#bkmk-depopt2)
 -   [Configure TPM platform validation profile for BIOS-based firmware configurations](#bkmk-tpmbios)
--   [Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)](#bkmk-depopt3)
+-   [Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)](#bkmk-depopt3)
 -   [Configure TPM platform validation profile for native UEFI firmware configurations](#bkmk-tpmvaluefi)
 -   [Reset platform validation data after BitLocker recovery](#bkmk-resetrec)
 -   [Use enhanced Boot Configuration Data validation profile](#bkmk-enbcd)
@@ -122,7 +123,7 @@ This policy setting allows users on devices that are compliant with Modern Stand
 
 
 
                            Conflicts
                            
-
                            This setting overrides the Require startup PIN with TPM option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware.
+
                            This setting overrides the Require startup PIN with TPM option of the Require additional authentication at startup policy on compliant hardware.
 
 
                            
 
@@ -132,12 +133,12 @@ This policy setting allows users on devices that are compliant with Modern Stand
 
 
 
                            When disabled or not configured
                            
-
                            The options of the [Require additional authentication at startup](#bkmk-unlockpol1) policy apply.
                            
+
                            The options of the Require additional authentication at startup policy apply.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 The preboot authentication option Require startup PIN with TPM of the [Require additional authentication at startup](#bkmk-unlockpol1) policy is often enabled to help ensure security for older devices that do not support Modern Standby.
 But visually impaired users have no audible way to know when to enter a PIN.
@@ -184,13 +185,13 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock
 
 
 
- 
-**Reference**
+
+Reference
 
 To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock.
 
->**Note:**  For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or cannot connect to the domain controller at startup.
- 
+>**Note:**  For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or cannot connect to the domain controller at startup.
+
 For more information about Network Unlock, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
 
 ### Require additional authentication at startup
@@ -209,7 +210,7 @@ This policy setting is used to control which unlock options are available for op
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -235,8 +236,8 @@ This policy setting is used to control which unlock options are available for op
 
 
 
- 
-**Reference**
+
+Reference
 
 If you want to use BitLocker on a computer without a TPM, select **Allow BitLocker without a compatible TPM**. In this mode, a password or USB drive is required for startup. The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. If the USB drive is lost or unavailable, BitLocker recovery is required to access the drive.
 
@@ -244,7 +245,7 @@ On a computer with a compatible TPM, additional authentication methods can be us
 
 -   only the TPM
 -   insertion of a USB flash drive containing the startup key
--   the entry of a 4-digit to 20-digit personal identification number (PIN)
+-   the entry of a 4-digit to 20-digit personal identification number (PIN)
 -   a combination of the PIN and the USB flash drive
 
 There are four options for TPM-enabled computers or devices:
@@ -286,7 +287,7 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -310,14 +311,14 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth
 
 
 
- 
+
 
 **Reference**
 
 Enhanced startup PINs permit the use of characters (including uppercase and lowercase letters, symbols, numbers, and spaces). This policy setting is applied when you turn on BitLocker.
 
->**Important:**  Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
- 
+>**Important:**  Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
+
 ### Configure minimum PIN length for startup
 
 This policy setting is used to set a minimum PIN length when you use an unlock method that includes a PIN.
@@ -330,11 +331,11 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 
 
 
                            Policy description
                            
-
                            With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.
                            
+
                            With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.
                            
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -354,15 +355,15 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 
 
 
                            When disabled or not configured
                            
-
                            Users can configure a startup PIN of any length between 6 and 20 digits.
                            
+
                            Users can configure a startup PIN of any length between 6 and 20 digits.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
-The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
+The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
 
 Originally, BitLocker allowed from 4 to 20 characters for a PIN.
 Windows Hello has its own PIN for logon, which can be 4 to 127 characters.
@@ -441,7 +442,7 @@ This policy setting allows you to configure whether standard users are allowed t
 
 
 
- 
+
 
 **Reference**
 
@@ -477,11 +478,10 @@ This policy controls how non-TPM based systems utilize the password protector. U
 
                            Conflicts
                            
 
                            Passwords cannot be used if FIPS-compliance is enabled.
                            
 
                            
-Note  
-
                            The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.
                            
+Note
                            The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.
                            
 
                            
 
                            
- 
+
 
                            
 
 
@@ -494,14 +494,14 @@ This policy controls how non-TPM based systems utilize the password protector. U
 
 
 
- 
+
 
 **Reference**
 
 If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\** must be also enabled.
 
->**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
- 
+>**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
+
 When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to **Allow complexity**, a connection to a domain controller is attempted to validate that the complexity adheres to the rules set by the policy. If no domain controllers are found, the password will be accepted regardless of actual password complexity, and the drive will be encrypted by using that password as a protector. When set to **Do not allow complexity**, there is no password complexity validation.
 Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the **Minimum password length** box.
 
@@ -511,9 +511,9 @@ When this policy setting is enabled, you can set the option **Configure password
 -   Do not allow password complexity
 -   Require password complexity
 
-### Require additional authentication at startup (Windows Server 2008 and Windows Vista)
+### Require additional authentication at startup (Windows Server 2008 and Windows Vista)
 
-This policy setting is used to control what unlock options are available for computers running Windows Server 2008 or Windows Vista.
+This policy setting is used to control what unlock options are available for computers running Windows Server 2008 or Windows Vista.
 
 @@ -523,15 +523,15 @@ This policy setting is used to control what unlock options are available for com
 
-
+
-
+
-
+
@@ -551,10 +551,10 @@ This policy setting is used to control what unlock options are available for com
 
                            
 

 
                            
 
                            Policy description
                            With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.
                            With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.
                            		
 
                            
 
                            
 
                            Introduced
                            Windows Server 2008 and Windows Vista
                            Windows Server 2008 and Windows Vista
                            		
 
                            
 
                            
 
                            Drive type
                            Operating system drives (Windows Server 2008 and Windows Vista)
                            Operating system drives (Windows Server 2008 and Windows Vista)
                            		
 
                            
 
                            
 
                            Policy path
                            
                             
 
                            
- 
-**Reference**
 
-On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN.
+Reference
+
+On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN.
 
 A USB drive that contains a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material that is on this USB drive.
 
@@ -591,7 +591,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -619,11 +619,11 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 
 
 
- 
-**Reference**
 
->**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive.
- 
+Reference
+
+>**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive.
+
 ### Configure use of passwords on fixed data drives
 
 This policy setting is used to require, allow, or deny the use of passwords with fixed data drives.
@@ -640,7 +640,7 @@ This policy setting is used to require, allow, or deny the use of passwords with
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -668,8 +668,8 @@ This policy setting is used to require, allow, or deny the use of passwords with
 
 
 
- 
-**Reference**
+
+Reference
 
 When set to **Require complexity**, a connection to a domain controller is necessary to validate the complexity of the password when BitLocker is enabled.
 
@@ -679,15 +679,15 @@ When set to **Do not allow complexity**, no password complexity validation is pe
 
 Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the **Minimum password length** box.
 
->**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
- 
+>**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
+
 For the complexity requirement setting to be effective, the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Password must meet complexity requirements** must also be enabled.
 This policy setting is configured on a per-computer basis. This means that it applies to local user accounts and domain user accounts. Because the password filter that is used to validate password complexity is located on the domain controllers, local user accounts cannot access the password filter because they are not authenticated for domain access. When this policy setting is enabled, if you sign in with a local user account, and you attempt to encrypt a drive or change a password on an existing BitLocker-protected drive, an "Access denied" error message is displayed. In this situation, the password key protector cannot be added to the drive.
 
 Enabling this policy setting requires that connectivity to a domain be established before adding a password key protector to a BitLocker-protected drive. Users who work remotely and have periods of time in which they cannot connect to the domain should be made aware of this requirement so that they can schedule a time when they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive.
 
->**Important:**  Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled.
- 
+>**Important:**  Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled.
+
 ### Configure use of smart cards on removable data drives
 
 This policy setting is used to require, allow, or deny the use of smart cards with removable data drives.
@@ -704,7 +704,7 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -732,11 +732,11 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
 
 
 
- 
-**Reference**
 
->**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
- 
+Reference
+
+>**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
+
 ### Configure use of passwords on removable data drives
 
 This policy setting is used to require, allow, or deny the use of passwords with removable data drives.
@@ -753,7 +753,7 @@ This policy setting is used to require, allow, or deny the use of passwords with
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -781,14 +781,14 @@ This policy setting is used to require, allow, or deny the use of passwords with
 
 
 
- 
-**Reference**
+
+Reference
 
 If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** must also be enabled.
 
->**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
- 
+>**Note:**  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
+
 Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the **Minimum password length** box.
 
 When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password.
@@ -797,8 +797,8 @@ When set to **Allow complexity**, a connection to a domain controller will be at
 
 When set to **Do not allow complexity**, no password complexity validation will be done.
 
->**Note:**  Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled.
- 
+>**Note:**  Passwords cannot be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** specifies whether FIPS compliance is enabled.
+
 For information about this setting, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://technet.microsoft.com/library/jj852211.aspx).
 
 ### Validate smart card certificate usage rule compliance
@@ -817,7 +817,7 @@ This policy setting is used to determine what certificate to use with BitLocker.
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -841,8 +841,8 @@ This policy setting is used to determine what certificate to use with BitLocker.
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -850,8 +850,8 @@ The object identifier is specified in the enhanced key usage (EKU) of a certific
 
 The default object identifier is 1.3.6.1.4.1.311.67.1.1.
 
->**Note:**  BitLocker does not require that a certificate have an EKU attribute; however, if one is configured for the certificate, it must be set to an object identifier that matches the object identifier configured for BitLocker.
- 
+>**Note:**  BitLocker does not require that a certificate have an EKU attribute; however, if one is configured for the certificate, it must be set to an object identifier that matches the object identifier configured for BitLocker.
+
 ### Enable use of BitLocker authentication requiring preboot keyboard input on slates
 
 This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability.
@@ -892,8 +892,8 @@ This policy setting allows users to enable authentication options that require u
 
 
 
- 
-**Reference**
+
+Reference
 
 The Windows touch keyboard (such as used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password.
 
@@ -923,7 +923,7 @@ This policy setting is used to require encryption of fixed drives prior to grant
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -947,8 +947,8 @@ This policy setting is used to require encryption of fixed drives prior to grant
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -978,7 +978,7 @@ This policy setting is used to require that removable drives are encrypted prior
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1002,13 +1002,13 @@ This policy setting is used to require that removable drives are encrypted prior
 
 
 
- 
-**Reference**
+
+Reference
 
 If the **Deny write access to devices configured in another organization** option is selected, only drives with identification fields that match the computer's identification fields are given Write access. When a removable data drive is accessed, it is checked for a valid identification field and allowed identification fields. These fields are defined by the **Provide the unique identifiers for your organization** policy setting.
 
->**Note:**  You can override this policy setting with the policy settings under **User Configuration\\Administrative Templates\\System\\Removable Storage Access**. If the **Removable Disks: Deny write access** policy setting is enabled, this policy setting will be ignored.
- 
+>**Note:**  You can override this policy setting with the policy settings under **User Configuration\\Administrative Templates\\System\\Removable Storage Access**. If the **Removable Disks: Deny write access** policy setting is enabled, this policy setting will be ignored.
+
 Conflict considerations include:
 
 1.  Use of BitLocker with the TPM plus a startup key or with the TPM plus a PIN and startup key must be disallowed if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.
@@ -1031,7 +1031,7 @@ This policy setting is used to prevent users from turning BitLocker on or off on
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1059,8 +1059,8 @@ This policy setting is used to prevent users from turning BitLocker on or off on
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1068,8 +1068,8 @@ For information about suspending BitLocker protection, see [BitLocker Basic Depl
 
 The options for choosing property settings that control how users can configure BitLocker are:
 
--   **Allow users to apply BitLocker protection on removable data drives**   Enables the user to run the BitLocker Setup Wizard on a removable data drive.
--   **Allow users to suspend and decrypt BitLocker on removable data drives**   Enables the user to remove BitLocker from the drive or to suspend the encryption while performing maintenance.
+-   **Allow users to apply BitLocker protection on removable data drives**   Enables the user to run the BitLocker Setup Wizard on a removable data drive.
+-   **Allow users to suspend and decrypt BitLocker on removable data drives**   Enables the user to remove BitLocker from the drive or to suspend the encryption while performing maintenance.
 
 ### Choose drive encryption method and cipher strength
 
@@ -1111,8 +1111,8 @@ This policy setting is used to control the encryption method and cipher strength
 
 
 
- 
-**Reference**
+
+Reference
 
 The values of this policy determine the strength of the cipher that BitLocker uses for encryption.
 Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128).
@@ -1123,8 +1123,8 @@ For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the d
 
 Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored.
 
->**Warning:**  This policy does not apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning.
- 
+>**Warning:**  This policy does not apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning.
+
 When this policy setting is disabled or not configured, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method that is specified in the setup script.
 
 ### Configure use of hardware-based encryption for fixed data drives
@@ -1172,15 +1172,15 @@ This policy controls how BitLocker reacts to systems that are equipped with encr
 
 
 
- 
-**Reference**
 
->**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
- 
+Reference
+
+>**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
+
 The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID), for example:
 
--   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
--   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
+-   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
+-   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
 
 ### Configure use of hardware-based encryption for operating system drives
 
@@ -1226,17 +1226,17 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper
 
 
 
- 
-**Reference**
+
+Reference
 
 If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
 
->**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
- 
+>**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
+
 The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID), for example:
 
--   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
--   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
+-   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
+-   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
 
 ### Configure use of hardware-based encryption for removable data drives
 
@@ -1282,17 +1282,17 @@ This policy controls how BitLocker reacts to encrypted drives when they are used
 
 
 
- 
-**Reference**
+
+Reference
 
 If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
 
->**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
- 
+>**Note:**  The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
+
 The encryption algorithm that is used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm that is configured on the drive to encrypt the drive. The **Restrict encryption algorithms and cipher suites allowed for hardware-based encryption** option of this setting enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm that is set for the drive is not available, BitLocker disables the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID), for example:
 
--   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
--   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
+-   Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode OID: 2.16.840.1.101.3.4.1.2
+-   AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42
 
 ### Enforce drive encryption type on fixed data drives
 
@@ -1334,13 +1334,13 @@ This policy controls whether fixed data drives utilize Used Space Only encryptio
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
->**Note:**  This policy is ignored when you are shrinking or expanding a volume and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
- 
+>**Note:**  This policy is ignored when you are shrinking or expanding a volume and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
+
 For more information about the tool to manage BitLocker, see [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx).
 
 ### Enforce drive encryption type on operating system drives
@@ -1383,13 +1383,13 @@ This policy controls whether operating system drives utilize Full encryption or
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
->**Note:**  This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
- 
+>**Note:**  This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
+
 For more information about the tool to manage BitLocker, see [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx).
 
 ### Enforce drive encryption type on removable data drives
@@ -1432,13 +1432,13 @@ This policy controls whether fixed data drives utilize Full encryption or Used S
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
 
->**Note:**  This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full Encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
- 
+>**Note:**  This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full Encryption. The user could wipe the free space on a Used Space Only drive by using the following command: **manage-bde -w**. If the volume is shrunk, no action is taken for the new free space.
+
 For more information about the tool to manage BitLocker, see [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx).
 
 ### Choose how BitLocker-protected operating system drives can be recovered
@@ -1457,7 +1457,7 @@ This policy setting is used to configure recovery methods for operating system d
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1478,12 +1478,12 @@ This policy setting is used to configure recovery methods for operating system d
 
 
 
                            When disabled or not configured
                            
-
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
+
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1496,15 +1496,15 @@ In **Configure user storage of BitLocker recovery information**, select whether
 Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for
 the drive are determined by the policy setting.
 
-In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select **Store recovery password and key packages**, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select **Store recovery password only**, only the recovery password is stored in AD DS.
+In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select **Store recovery password and key packages**, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you select **Store recovery password only**, only the recovery password is stored in AD DS.
 
-Select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+Select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
 
->**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** check box is selected, a recovery password is automatically generated.
- 
-### Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
+>**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** check box is selected, a recovery password is automatically generated.
 
-This policy setting is used to configure recovery methods for BitLocker-protected drives on computers running Windows Server 2008 or Windows Vista.
+### Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
+
+This policy setting is used to configure recovery methods for BitLocker-protected drives on computers running Windows Server 2008 or Windows Vista.
 
 @@ -1518,11 +1518,11 @@ This policy setting is used to configure recovery methods for BitLocker-protecte
 
-
+
-
+
@@ -1530,7 +1530,7 @@ This policy setting is used to configure recovery methods for BitLocker-protecte
 
-
+
@@ -1542,23 +1542,23 @@ This policy setting is used to configure recovery methods for BitLocker-protecte
 
                            
 

 
                            
 
                            Introduced
                            Windows Server 2008 and Windows Vista
                            Windows Server 2008 and Windows Vista
                            		
 
                            
 
                            
 
                            Drive type
                            Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista
                            Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista
                            		
 
                            
 
                            
 
                            Policy path
                            
 
                            
 
                            Conflicts
                            This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the Do not allow option for both user recovery options, you must enable the Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) policy setting to prevent a policy error.
                            This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the Do not allow option for both user recovery options, you must enable the Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) policy setting to prevent a policy error.
                            		
 
                            
 
                            
 
                            When enabled
                            
                             
 
                            
- 
-**Reference**
 
-This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.
+Reference
 
-Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. Users can type a 48-digit numerical recovery password, or they can insert a USB drive that contains a 256-bit recovery key.
+This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.
 
-Saving the recovery password to a USB drive stores the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving it to a folder stores the 48-digit recovery password as a text file. Printing it sends the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password prevents users from printing or saving recovery information to a folder.
+Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. Users can type a 48-digit numerical recovery password, or they can insert a USB drive that contains a 256-bit recovery key.
 
->**Important:**  If TPM initialization is performed during the BitLocker setup, TPM owner information is saved or printed with the BitLocker recovery information.
-The 48-digit recovery password is not available in FIPS-compliance mode.
- 
->**Important:**  To prevent data loss, you must have a way to recover BitLocker encryption keys. If you do not allow both recovery options, you must enable the backup of BitLocker recovery information to AD DS. Otherwise, a policy error occurs.
- 
-### Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
+Saving the recovery password to a USB drive stores the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving it to a folder stores the 48-digit recovery password as a text file. Printing it sends the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password prevents users from printing or saving recovery information to a folder.
 
-This policy setting is used to configure the storage of BitLocker recovery information in AD DS. This provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information.
+> **Important:**  If TPM initialization is performed during the BitLocker setup, TPM owner information is saved or printed with the BitLocker recovery information.
+> The 48-digit recovery password is not available in FIPS-compliance mode.
+> 
+> **Important:**  To prevent data loss, you must have a way to recover BitLocker encryption keys. If you do not allow both recovery options, you must enable the backup of BitLocker recovery information to AD DS. Otherwise, a policy error occurs.
+
+### Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
+
+This policy setting is used to configure the storage of BitLocker recovery information in AD DS. This provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information.
 
 @@ -1568,15 +1568,15 @@ This policy setting is used to configure the storage of BitLocker recovery infor
 
-
+
-
+
-
+
@@ -1588,28 +1588,28 @@ This policy setting is used to configure the storage of BitLocker recovery infor
 
-
+
-
+
                            
 

 
                            
 
                            Policy description
                            With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.
                            With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.
                            		
 
                            
 
                            
 
                            Introduced
                            Windows Server 2008 and Windows Vista
                            Windows Server 2008 and Windows Vista
                            		
 
                            
 
                            
 
                            Drive type
                            Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.
                            Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.
                            		
 
                            
 
                            
 
                            Policy path
                            
 
                            
 
                            When enabled
                            BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.
                            BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.
                            		
 
                            
 
                            
 
                            When disabled or not configured
                            BitLocker recovery information is not backed up to AD DS.
                            BitLocker recovery information is not backed up to AD DS.
                            		
 
                            
                             
 
                            
- 
-**Reference**
 
-This policy is only applicable to computers running Windows Server 2008 or Windows Vista.
+Reference
+
+This policy is only applicable to computers running Windows Server 2008 or Windows Vista.
 
 This policy setting is applied when you turn on BitLocker.
 
 BitLocker recovery information includes the recovery password and unique identifier data. You can also include a package that contains an encryption key for a BitLocker-protected drive. This key package is secured by one or more recovery passwords, and it can help perform specialized recovery when the disk is damaged or corrupted.
 
-If you select **Require BitLocker backup to AD DS**, BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible.
+If you select **Require BitLocker backup to AD DS**, BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible.
 
 A recovery password is a 48-digit number that unlocks access to a BitLocker-protected drive. A key package contains a drive’s BitLocker encryption key, which is secured by one or more recovery passwords. Key packages may help perform specialized recovery when the disk is damaged or corrupted.
 
-If the **Require BitLocker backup to AD DS** option is not selected, AD DS backup is attempted, but network or other backup failures do not prevent the BitLocker setup. The Backup process is not automatically retried, and the recovery password might not be stored in AD DS during BitLocker setup.
+If the **Require BitLocker backup to AD DS** option is not selected, AD DS backup is attempted, but network or other backup failures do not prevent the BitLocker setup. The Backup process is not automatically retried, and the recovery password might not be stored in AD DS during BitLocker setup.
 TPM initialization might be needed during the BitLocker setup. Enable the **Turn on TPM backup to Active Directory Domain Services** policy setting in **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services** to ensure that TPM information is also backed up.
 
 For more information about this setting, see [TPM Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings).
@@ -1630,7 +1630,7 @@ This policy setting is used to configure the default folder for recovery passwor
 
 
 
                            Introduced
                            
-
                            Windows Vista
                            
+
                            Windows Vista
                            
 
 
 
                            Drive type
                            
@@ -1646,21 +1646,21 @@ This policy setting is used to configure the default folder for recovery passwor
 
 
 
                            When enabled
                            
-
                            You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer's top-level folder view.
                            
+
                            You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer's top-level folder view.
                            
 
 
 
                            When disabled or not configured
                            
-
                            The BitLocker Setup Wizard displays the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.
                            
+
                            The BitLocker Setup Wizard displays the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
->**Note:**  This policy setting does not prevent the user from saving the recovery password in another folder.
- 
+>**Note:**  This policy setting does not prevent the user from saving the recovery password in another folder.
+
 ### Choose how BitLocker-protected fixed drives can be recovered
 
 This policy setting is used to configure recovery methods for fixed data drives.
@@ -1677,7 +1677,7 @@ This policy setting is used to configure recovery methods for fixed data drives.
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1698,30 +1698,30 @@ This policy setting is used to configure recovery methods for fixed data drives.
 
 
 
                            When disabled or not configured
                            
-
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
+
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
 The **Allow data recovery agent** check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from **Public Key Policies**, which is located in the Group Policy Management Console (GPMC) or in the Local Group Policy Editor.
 
-In **Configure user storage of BitLocker recovery information**, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
+In **Configure user storage of BitLocker recovery information**, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
 
 Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting.
 
-In **Save BitLocker recovery information to Active Directory Doman Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS.
-Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS.
+In **Save BitLocker recovery information to Active Directory Doman Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS.
+Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS.
 
 For more information about the BitLocker repair tool, see [Repair-bde](https://technet.microsoft.com/library/ff829851.aspx).
 
-Select the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+Select the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+
+>**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box is selected, a recovery password is automatically generated.
 
->**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box is selected, a recovery password is automatically generated.
- 
 ### Choose how BitLocker-protected removable drives can be recovered
 
 This policy setting is used to configure recovery methods for removable data drives.
@@ -1738,7 +1738,7 @@ This policy setting is used to configure recovery methods for removable data dri
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1759,12 +1759,12 @@ This policy setting is used to configure recovery methods for removable data dri
 
 
 
                            When disabled or not configured
                            
-
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
+
                            The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
                            
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker.
 
@@ -1774,12 +1774,12 @@ In **Configure user storage of BitLocker recovery information**, select whether
 
 Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting.
 
-In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for removable data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. If you select **Backup recovery password only**, only the recovery password is stored in AD DS.
+In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for removable data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. If you select **Backup recovery password only**, only the recovery password is stored in AD DS.
 
-Select the **Do not enable BitLocker until recovery information is stored in AD DS for removable data drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+Select the **Do not enable BitLocker until recovery information is stored in AD DS for removable data drives** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+
+>**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box is selected, a recovery password is automatically generated.
 
->**Note:**  If the **Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives** check box is selected, a recovery password is automatically generated.
- 
 ### Configure the pre-boot recovery message and URL
 
 This policy setting is used to configure the entire recovery message and to replace the existing URL that is displayed on the pre-boot recovery screen when the operating system drive is locked.
@@ -1796,7 +1796,7 @@ This policy setting is used to configure the entire recovery message and to repl
 
 
 
                            Introduced
                            
-
                            Windows 10
                            
+
                            Windows 10
                            
 
 
 
                            Drive type
                            
@@ -1820,8 +1820,8 @@ This policy setting is used to configure the entire recovery message and to repl
 
 
 
- 
-**Reference**
+
+Reference
 
 Enabling the **Configure the pre-boot recovery message and URL** policy setting allows you to customize the default recovery screen message and URL to assist customers in recovering their key.
 
@@ -1831,10 +1831,10 @@ Once you enable the setting you have three options:
 -   If you select the **Use custom recovery message** option, type the custom message in the **Custom recovery message option** text box. The message that you type in the **Custom recovery message option** text box will be displayed on the pre-boot recovery screen. If a recovery URL is available, include it in the message.
 -   If you select the **Use custom recovery URL** option, type the custom message URL in the **Custom recovery URL option** text box. The URL that you type in the **Custom recovery URL option** text box replaces the default URL in the default recovery message, which will be displayed on the pre-boot recovery screen.
 
->**Important:**  Not all characters and languages are supported in the pre-boot environment. We strongly recommended that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen.
- 
->**Important:**  Because you can alter the BCDEdit commands manually before you have set Group Policy settings, you cannot return the policy setting to the default setting by selecting the **Not Configured** option after you have configured this policy setting. To return to the default pre-boot recovery screen leave the policy setting enabled and select the **Use default message** options from the **Choose an option for the pre-boot recovery message** drop-down list box.
- 
+> **Important:**  Not all characters and languages are supported in the pre-boot environment. We strongly recommended that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen.
+> 
+> **Important:**  Because you can alter the BCDEdit commands manually before you have set Group Policy settings, you cannot return the policy setting to the default setting by selecting the **Not Configured** option after you have configured this policy setting. To return to the default pre-boot recovery screen leave the policy setting enabled and select the **Use default message** options from the **Choose an option for the pre-boot recovery message** drop-down list box.
+
 ### Allow Secure Boot for integrity validation
 
 This policy controls how BitLocker-enabled system volumes are handled in conjunction with the Secure Boot feature. Enabling this feature forces Secure Boot validation during the boot process and verifies Boot Configuration Data (BCD) settings according to the Secure Boot policy.
@@ -1863,8 +1863,8 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
 
 
 
                            Conflicts
                            
-
                            If you enable **Allow Secure Boot for integrity validation**, make sure the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.
                            
-
                            For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.
                            
+
                            If you enable Allow Secure Boot for integrity validation, make sure the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.
                            
+
                            For more information about PCR 7, see Platform Configuration Register (PCR) in this topic.
                            
 
 
 
                            When enabled or not configured
                            
@@ -1876,14 +1876,14 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
 
 
 
- 
-**Reference**
+
+Reference
 
 Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
 When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
 
->**Warning:**  Enabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
- 
+>**Warning:**  Enabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
+
 ### Provide the unique identifiers for your organization
 
 This policy setting is used to establish an identifier that is applied to all drives that are encrypted in your organization.
@@ -1900,7 +1900,7 @@ This policy setting is used to establish an identifier that is applied to all dr
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -1924,8 +1924,8 @@ This policy setting is used to establish an identifier that is applied to all dr
 
 
 
- 
-**Reference**
+
+Reference
 
 These identifiers are stored as the identification field and the allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool.
 
@@ -1939,7 +1939,7 @@ You can configure the identification fields on existing drives by using the [Man
 
 When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an outside organization.
 
-Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value up to 260 characters.
+Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value up to 260 characters.
 
 ### Prevent memory overwrite on restart
 
@@ -1957,7 +1957,7 @@ This policy setting is used to control whether the computer's memory will be ove
 
 
 
                            Introduced
                            
-
                            Windows Vista
                            
+
                            Windows Vista
                            
 
 
 
                            Drive type
                            
@@ -1981,8 +1981,8 @@ This policy setting is used to control whether the computer's memory will be ove
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material that is used to encrypt data. This policy setting applies only when BitLocker protection is enabled.
 
@@ -1998,7 +1998,7 @@ This policy setting determines what values the TPM measures when it validates ea
 
 
 
                            Policy description
                            
-
                            With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
                            
+
                            With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
                            
 
 
 
                            Introduced
                            
@@ -2026,30 +2026,30 @@ This policy setting determines what values the TPM measures when it validates ea
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
 
->**Important:**  This Group Policy setting only applies to computers with BIOS configurations or to computers with UEFI firmware with the CSM enabled. Computers that use a native UEFI firmware configuration store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for native UEFI firmware configurations** Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware.
- 
-A platform validation profile consists of a set of PCR indices that range from 0 to 23. The default platform validation profile secures the encryption key against changes to the following:
+>**Important:**  This Group Policy setting only applies to computers with BIOS configurations or to computers with UEFI firmware with the CSM enabled. Computers that use a native UEFI firmware configuration store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for native UEFI firmware configurations** Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware.
+
+A platform validation profile consists of a set of PCR indices that range from 0 to 23. The default platform validation profile secures the encryption key against changes to the following:
 
 -   Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0)
--   Option ROM Code (PCR 2)
+-   Option ROM Code (PCR 2)
 -   Master Boot Record (MBR) Code (PCR 4)
 -   NTFS Boot Sector (PCR 8)
 -   NTFS Boot Block (PCR 9)
 -   Boot Manager (PCR 10)
 -   BitLocker Access Control (PCR 11)
 
->**Note:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker’s sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
- 
+>**Note:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker’s sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
+
 The following list identifies all of the PCRs available:
 
 -   PCR 0: Core root-of-trust for measurement, BIOS, and Platform extensions
 -   PCR 1: Platform and motherboard configuration and data.
--   PCR 2: Option ROM code
+-   PCR 2: Option ROM code
 -   PCR 3: Option ROM data and configuration
 -   PCR 4: Master Boot Record (MBR) code
 -   PCR 5: Master Boot Record (MBR) partition table
@@ -2061,9 +2061,9 @@ The following list identifies all of the PCRs available:
 -   PCR 11: BitLocker access control
 -   PCR 12-23: Reserved for future use
 
-### Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
+### Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
 
-This policy setting determines what values the TPM measures when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server 2008, or Windows 7.
+This policy setting determines what values the TPM measures when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server 2008, or Windows 7.
 
 @@ -2073,11 +2073,11 @@ This policy setting determines what values the TPM measures when it validates ea
 
-
+
-
+
@@ -2101,28 +2101,28 @@ This policy setting determines what values the TPM measures when it validates ea
 
                            
 

 
                            
 
                            Policy description
                            With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
                            With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
                            		
 
                            
 
                            
 
                            Introduced
                            Windows Server 2008 and Windows Vista
                            Windows Server 2008 and Windows Vista
                            		
 
                            
 
                            
 
                            Drive type
                            
                             
 
                            
- 
-**Reference**
+
+Reference
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
 
-A platform validation profile consists of a set of PCR indices that range from 0 to 23. The default platform validation profile secures the encryption key against changes to the following:
+A platform validation profile consists of a set of PCR indices that range from 0 to 23. The default platform validation profile secures the encryption key against changes to the following:
 
 -   Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0)
--   Option ROM Code (PCR 2)
+-   Option ROM Code (PCR 2)
 -   Master Boot Record (MBR) Code (PCR 4)
 -   NTFS Boot Sector (PCR 8)
 -   NTFS Boot Block (PCR 9)
 -   Boot Manager (PCR 10)
 -   BitLocker Access Control (PCR 11)
 
->**Note:**  The default TPM validation profile PCR settings for computers that use an Extensible Firmware Interface (EFI) are the PCRs 0, 2, 4, and 11 only.
- 
+>**Note:**  The default TPM validation profile PCR settings for computers that use an Extensible Firmware Interface (EFI) are the PCRs 0, 2, 4, and 11 only.
+
 The following list identifies all of the PCRs available:
 
 -   PCR 0: Core root-of-trust for measurement, EFI boot and run-time services, EFI drivers embedded in system ROM, ACPI static tables, embedded SMM code, and BIOS code
 -   PCR 1: Platform and motherboard configuration and data. Hand-off tables and EFI variables that affect system configuration
--   PCR 2: Option ROM code
+-   PCR 2: Option ROM code
 -   PCR 3: Option ROM data and configuration
 -   PCR 4: Master Boot Record (MBR) code or code from other boot devices
 -   PCR 5: Master Boot Record (MBR) partition table. Various EFI variables and the GPT table
@@ -2132,10 +2132,10 @@ The following list identifies all of the PCRs available:
 -   PCR 9: NTFS boot block
 -   PCR 10: Boot manager
 -   PCR 11: BitLocker access control
--   PCR 12 - 23: Reserved for future use
+-   PCR 12 - 23: Reserved for future use
+
+>**Warning:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
 
->**Warning:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
- 
 ### Configure TPM platform validation profile for native UEFI firmware configurations
 
 This policy setting determines what values the TPM measures when it validates early boot components before unlocking an operating system drive on a computer with native UEFI firmware configurations.
@@ -2148,7 +2148,7 @@ This policy setting determines what values the TPM measures when it validates ea
 
 
 
                            Policy description
                            
-
                            With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.
                            
+
                            With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.
                            
 
 
 
                            Introduced
                            
@@ -2166,7 +2166,7 @@ This policy setting determines what values the TPM measures when it validates ea
 
                            Conflicts
                            
 
                            Setting this policy with PCR 7 omitted, overrides the Allow Secure Boot for integrity validation Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.
                            
 
                            If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.
                            
-
                            For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.
                            
+
                            For more information about PCR 7, see Platform Configuration Register (PCR) in this topic.
                            
 
 
 
                            When enabled
                            
@@ -2178,20 +2178,20 @@ This policy setting determines what values the TPM measures when it validates ea
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
 
->**Important:**  This Group Policy setting only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Support Module (CSM) enabled store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for BIOS-based firmware configurations** Group Policy setting to configure the TPM PCR profile for computers with BIOS configurations or for computers with UEFI firmware with a CSM enabled.
- 
-A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access control (PCR 11).
+>**Important:**  This Group Policy setting only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Support Module (CSM) enabled store different values in the Platform Configuration Registers (PCRs). Use the **Configure TPM platform validation profile for BIOS-based firmware configurations** Group Policy setting to configure the TPM PCR profile for computers with BIOS configurations or for computers with UEFI firmware with a CSM enabled.
+
+A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access control (PCR 11).
 
 The following list identifies all of the PCRs available:
 
 -   PCR 0: Core System Firmware executable code
 -   PCR 1: Core System Firmware data
--   PCR 2: Extended or pluggable executable code
+-   PCR 2: Extended or pluggable executable code
 -   PCR 3: Extended or pluggable firmware data
 -   PCR 4: Boot Manager
 -   PCR 5: GPT/Partition Table
@@ -2207,13 +2207,13 @@ The following list identifies all of the PCRs available:
 -   PCR 12: Data events and highly volatile events
 -   PCR 13: Boot Module Details
 -   PCR 14: Boot Authorities
--   PCR 15 – 23: Reserved for future use
+-   PCR 15 – 23: Reserved for future use
+
+>**Warning:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
 
->**Warning:**  Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
- 
 ### Reset platform validation data after BitLocker recovery
 
-This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery. A platform validation data profile consists of the values in a set of Platform Configuration Register (PCR) indices that range from 0 to 23.
+This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery. A platform validation data profile consists of the values in a set of Platform Configuration Register (PCR) indices that range from 0 to 23.
 
 @@ -2255,14 +2255,14 @@ This policy setting determines if you want platform validation data to refresh w
 
                            
 

 
 
                            
- 
-**Reference**
+
+Reference
 
 For more information about the recovery process, see the [BitLocker recovery guide](bitlocker-recovery-guide-plan.md).
 
 ### Use enhanced Boot Configuration Data validation profile
 
-This policy setting determines specific Boot Configuration Data (BCD) settings to verify during platform validation. A platform validation uses the data in the platform validation profile, which consists of a set of Platform Configuration Register (PCR) indices that range from 0 to 23.
+This policy setting determines specific Boot Configuration Data (BCD) settings to verify during platform validation. A platform validation uses the data in the platform validation profile, which consists of a set of Platform Configuration Register (PCR) indices that range from 0 to 23.
 
 @@ -2296,7 +2296,7 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t
 
-
+
@@ -2304,11 +2304,11 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t
 
                            
 

 
                            
 
                            When disabled
                            The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.
                            The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.
                            		
 
                            
 
                            
 
                            When not configured
                            
                             
 
                            
- 
-**Reference**
 
->**Note:**  The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or the exclusion list.
- 
+Reference
+
+>**Note:**  The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or the exclusion list.
+
 ### Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
 
 This policy setting is used to control whether access to drives is allowed by using the BitLocker To Go Reader, and if the application is installed on the drive.
@@ -2325,7 +2325,7 @@ This policy setting is used to control whether access to drives is allowed by us
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -2349,12 +2349,12 @@ This policy setting is used to control whether access to drives is allowed by us
 
 
 
- 
-**Reference**
 
->**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
- 
-When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted fixed drives** check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user is prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.
+Reference
+
+>**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
+
+When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted fixed drives** check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user is prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.
 
 ### Allow access to BitLocker-protected removable data drives from earlier versions of Windows
 
@@ -2372,7 +2372,7 @@ This policy setting controls access to removable data drives that are using the
 
 
 
                            Introduced
                            
-
                            Windows Server 2008 R2 and Windows 7
                            
+
                            Windows Server 2008 R2 and Windows 7
                            
 
 
 
                            Drive type
                            
@@ -2396,12 +2396,12 @@ This policy setting controls access to removable data drives that are using the
 
 
 
- 
-**Reference**
 
->**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
- 
-When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted removable drives** check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user will be prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the removable drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the removable drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed.
+Reference
+
+>**Note:**  This policy setting does not apply to drives that are formatted with the NTFS file system.
+
+When this policy setting is enabled, select the **Do not install BitLocker To Go Reader on FAT formatted removable drives** check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the **Provide unique identifiers for your organization** policy setting, the user will be prompted to update BitLocker, and BitLocker To Go Reader is deleted from the drive. In this situation, for the removable drive to be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the removable drive to enable users to unlock the drive on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed.
 
 ## FIPS setting
 
@@ -2419,7 +2419,7 @@ You can configure the Federal Information Processing Standard (FIPS) setting for
 
 
 
                            Introduced
                            
-
                            Windows Server 2003 with SP1
                            
+
                            Windows Server 2003 with SP1
                            
 
 
 
                            Drive type
                            
@@ -2435,7 +2435,7 @@ You can configure the Federal Information Processing Standard (FIPS) setting for
 
 
 
                            When enabled
                            
-
                            Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup izard to create a recovery password.
                            
+
                            Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup izard to create a recovery password.
                            
 
 
 
                            When disabled or not configured
                            
@@ -2443,12 +2443,12 @@ You can configure the Federal Information Processing Standard (FIPS) setting for
 
 
 
- 
-**Reference**
+
+Reference
 
 This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords, so recovery keys should be used instead.
 
-You can save the optional recovery key to a USB drive. Because recovery passwords cannot be saved to AD DS when FIPS is enabled, an error is caused if AD DS backup is required by Group Policy.
+You can save the optional recovery key to a USB drive. Because recovery passwords cannot be saved to AD DS when FIPS is enabled, an error is caused if AD DS backup is required by Group Policy.
 
 You can edit the FIPS setting by using the Security Policy Editor (Secpol.msc) or by editing the Windows registry. You must be an administrator to perform these procedures.
 
@@ -2467,7 +2467,7 @@ You can use disable the following Group Policy settings, which are located in **
 
 ## About the Platform Configuration Register (PCR)
 
-A platform validation profile consists of a set of PCR indices that range from 0 to 23. The scope of the values can be specific to the version of the operating system.
+A platform validation profile consists of a set of PCR indices that range from 0 to 23. The scope of the values can be specific to the version of the operating system.
 
 Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker’s sensitivity to platform modifications (malicious or authorized) is increased or decreased depending on inclusion or exclusion (respectively) of the PCRs.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 8f9df7aad6..70ba14d6a6 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -2,13 +2,14 @@
 title: BitLocker How to deploy on Windows Server 2012 and later
 description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later
 ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index ed0dece280..a5e58c1e6b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -2,13 +2,14 @@
 title: BitLocker How to enable Network Unlock (Windows 10)
 description: This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
 ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -57,7 +58,7 @@ The network stack must be enabled to use the Network Unlock feature. Equipment m
 >**Note:**  To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled.
 
 For Network Unlock to work reliably on computers running Windows 8 and later, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock will fail.
- 
+ 
 The Network Unlock server component installs on supported versions of Windows Server 2012 and later as a Windows feature using Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement.
 
 Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service needs to be running on the server.
@@ -243,7 +244,7 @@ The following steps describe how to enable the Group Policy setting that is a re
 The following steps describe how to deploy the required Group Policy setting:
 
 >**Note:**  The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012.
- 
+ 
 1.  Copy the .cer file created for Network Unlock to the domain controller.
 2.  On the domain controller, launch Group Policy Management Console (gpmc.msc).
 3.  Create a new Group Policy Object or modify an existing object to enable the **Allow network unlock at startup** setting.
@@ -256,8 +257,8 @@ The following steps describe how to deploy the required Group Policy setting:
 >**Note:**  Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer.
 
 5. Reboot the clients after deploying the group policy.
->**Note:** The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store.
- 
+   >**Note:** The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store.
+ 
 ### Subnet policy configuration files on WDS Server (Optional)
 
 By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which subnet(s) Network Unlock clients can use to unlock.
@@ -275,7 +276,7 @@ The subnet policy configuration file must use a “\[SUBNETS\]” section to ide
     Following the \[SUBNETS\] section, there can be sections for each Network Unlock certificate, identified by the certificate thumbprint formatted without any spaces, which define subnets clients can be unlocked from with that certificate.
 
     >**Note:**  When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint the subnet configuration will fail because the thumbprint will not be recognized as valid.
-     
+     
     Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnet is listed in a certificate section, then only those subnets listed are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section.
     Subnet lists are created by putting the name of a subnet from the \[SUBNETS\] section on its own line below the certificate section header. Then, the server will only unlock clients with this certificate on the subnet(s) specified as in the list. For troubleshooting, a subnet can be quickly excluded without deleting it from the section by simply commenting it out with a prepended semi-colon.
     [‎2158a767e1c14e88e27a4c0aee111d2de2eafe60]
@@ -292,7 +293,7 @@ To disallow the use of a certificate altogether, its subnet list may contain the
 To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors the **Allow Network Unlock at startup** Group Policy setting should be disabled. When this policy setting is updated to disabled on client computers any Network Unlock key protectors on the computer will be deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain.
 
 >**Note:**  Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server.
- 
+ 
 ## Update Network Unlock certificates
 
 To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller.
@@ -301,19 +302,19 @@ To update the certificates used by Network Unlock, administrators need to import
 
 Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue will be the root cause of the failure. Items to verify include:
 
--   Verify client hardware is UEFI-based and is on firmware version is 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode.
--   All required roles and services are installed and started
--   Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer.
--   Group policy for Network Unlock is enabled and linked to the appropriate domains.
--   Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities.
--   Verify the clients were rebooted after applying the policy.
--   Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:
+- Verify client hardware is UEFI-based and is on firmware version is 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode.
+- All required roles and services are installed and started
+- Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer.
+- Group policy for Network Unlock is enabled and linked to the appropriate domains.
+- Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities.
+- Verify the clients were rebooted after applying the policy.
+- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:
 
-    ``` syntax
-    manage-bde –protectors –get C:
-    ```
->**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock
- 
+  ``` syntax
+  manage-bde –protectors –get C:
+  ```
+  >**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock
+ 
 Files to gather when troubleshooting BitLocker Network Unlock include:
 
 1.  The Windows event logs. Specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
index 52925ce212..fa1f49ee5d 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
@@ -2,13 +2,14 @@
 title: BitLocker Key Management FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -57,9 +58,9 @@ For older hardware, where a PIN may be needed, it’s recommended to enable [enh
 
 BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
 
-> [!IMPORTANT]  
+> [!IMPORTANT]
 > Store the recovery information in AD DS, along with your Microsoft Account, or another safe location.
- 
+ 
 ## Can the USB flash drive that is used as the startup key also be used to store the recovery key?
 
 While this is technically possible, it is not a best practice to use one USB flash drive to store both keys. If the USB flash drive that contains your startup key is lost or stolen, you also lose access to your recovery key. In addition, inserting this key would cause your computer to automatically boot from the recovery key even if TPM-measured files have changed, which circumvents the TPM's system integrity check.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 1325357065..fb326e7977 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019 
+ms.reviewer: 
 ---
 
 # BitLocker Management for Enterprises
@@ -45,7 +46,7 @@ For Windows PCs and Windows Phones that enroll using **Connect to work or school
 
 ##  Managing servers
 
-Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#a-href-idbkmk-blcmdletsabitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC. 
+Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC. 
 
 The Minimal Server Interface is a prerequisite for some of the BitLocker administration tools. On a [Server Core](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-core) installation, you must add the necessary GUI components first. The steps to add shell components to Server Core are described in [Using Features on Demand with Updated Systems and Patched Images](https://blogs.technet.microsoft.com/server_core/2012/11/05/using-features-on-demand-with-updated-systems-and-patched-images/) and [How to update local source media to add roles and features](https://blogs.technet.microsoft.com/joscon/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features/).  
 
@@ -134,6 +135,6 @@ PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpace
 
 **Powershell**
 
-[BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#a-href-idbkmk-blcmdletsabitlocker-cmdlets-for-windows-powershell) 
+[BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell) 
 
 [Surface Pro Specifications](https://www.microsoft.com/surface/support/surface-pro-specs)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
index 9710cd5603..0405362524 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
+ms.reviewer: 
 ---
 
 # BitLocker Network Unlock FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
index 96f2cf4b98..dd0439236b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
@@ -2,13 +2,14 @@
 title: BitLocker overview and requirements FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -39,9 +40,9 @@ Yes, BitLocker supports multifactor authentication for operating system drives.
 
 For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
 
-> [!NOTE]  
+> [!NOTE]
 > Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it is cannot be protected by BitLocker.
- 
+ 
 ## Why are two partitions required? Why does the system drive have to be so large?
 
 Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive.
@@ -72,4 +73,4 @@ To turn on, turn off, or change configurations of BitLocker on operating system
 
 ## What is the recommended boot order for computers that are going to be BitLocker-protected?
 
-You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such ach as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked. 
\ No newline at end of file
+You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such ach as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked. 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 42574c9514..138a9d5422 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -2,12 +2,14 @@
 title: BitLocker (Windows 10)
 description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
 ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2
+ms.reviewer: 
+ms.author: dolmont
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
+author: dulcemontemayor
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 43aa2cefe9..f21beec5e9 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -2,13 +2,14 @@
 title: BitLocker recovery guide (Windows 10)
 description: This topic for IT professionals describes how to recover BitLocker keys from AD DS.
 ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -63,7 +64,7 @@ The following list provides examples of specific events that will cause BitLocke
 -   Modifying the Platform Configuration Registers (PCRs) used by the TPM validation profile. For example, including **PCR\[1\]** would result in BitLocker measuring most changes to BIOS settings, causing BitLocker to enter recovery mode even when non-boot critical BIOS settings change.
 
     >**Note:**  Some computers have BIOS settings that skip measurements to certain PCRs, such as **PCR\[2\]**. Changing this setting in the BIOS would cause BitLocker to enter recovery mode because the PCR measurement will be different.
-     
+     
 -   Moving the BitLocker-protected drive into a new computer.
 -   Upgrading the motherboard to a new one with a new TPM.
 -   Losing the USB flash drive containing the startup key when startup key authentication has been enabled.
@@ -72,20 +73,20 @@ The following list provides examples of specific events that will cause BitLocke
 -   Changing the usage authorization for the storage root key of the TPM to a non-zero value.
 
     >**Note:**  The BitLocker TPM initialization process sets the usage authorization value to zero, so another user or process must explicitly have changed this value.
-     
+     
 -   Disabling the code integrity check or enabling test signing on Windows Boot Manager (Bootmgr).
 -   Pressing the F8 or F10 key during the boot process.
 -   Adding or removing add-in cards (such as video or network cards), or upgrading firmware on add-in cards.
 -   Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive.
 
 >**Note:**  Before you begin recovery, we recommend that you determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker will reseal the encryption key to the current values of the measured components.
- 
+ 
 For planned scenarios, such as a known hardware or firmware upgrades, you can avoid initiating recovery by temporarily suspending BitLocker protection. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key.
 
 >**Note:**  If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool.
 
 If software maintenance requires the computer be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
- 
+ 
 Recovery has been described within the context of unplanned or undesired behavior, but you can also cause recovery as an intended production scenario, in order to manage access control. For example, when you redeploy desktop or laptop computers to other departments or employees in your enterprise, you can force BitLocker into recovery before the computer is given to a new user.
 
 ## Testing recovery
@@ -106,7 +107,7 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
     `manage-bde. -ComputerName  -forcerecovery `
 
 > **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user. When using Modern Standby devices (such as Surface devices), the `-forcerecovery` option is not recommended because BitLocker will have to be unlocked and disabled manually from the WinRE environment before the OS can boot up again. For more information, see [BitLocker Troubleshooting: Continuous reboot loop with BitLocker recovery on a slate device](https://social.technet.microsoft.com/wiki/contents/articles/18671.bitlocker-troubleshooting-continuous-reboot-loop-with-bitlocker-recovery-on-a-slate-device.aspx).
- 
+ 
 ## Planning your recovery process
 
 When planning the BitLocker recovery process, first consult your organization's current best practices for recovering sensitive information. For example: How does your enterprise handle lost Windows passwords? How does your organization perform smart card PIN resets? You can use these best practices and related resources (people and tools) to help formulate a BitLocker recovery model.
@@ -142,7 +143,7 @@ In each of these policies, select **Save BitLocker recovery information to Activ
 DS** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information for the drive to AD DS succeeds.
 
 >**Note:**  If the PCs are part of a workgroup, users should be advised to save their BitLocker recovery password with their Microsoft Account online. Having an online copy of your BitLocker recovery password is recommended to help ensure that you do not lose access to your data in the event that recovery is required.
- 
+ 
 The BitLocker Recovery Password Viewer for Active Directory Users and Computers tool allows domain administrators to view BitLocker recovery passwords for specific computer objects in Active Directory.
 
 You can use the following list as a template for creating your own recovery process for recovery password retrieval. This sample process uses the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool.
@@ -182,7 +183,7 @@ Before you give the user the recovery password, you should gather any informatio
 Because the recovery password is 48 digits long the user may need to record the password by writing it down or typing it on a different computer. If you are using MBAM, the recovery password will be regenerated after it is recovered from the MBAM database to avoid the security risks associated with an uncontrolled password.
 
 >**Note:**  Because the 48-digit recovery password is long and contains a combination of digits, the user might mishear or mistype the password. The boot-time recovery console uses built-in checksum numbers to detect input errors in each 6-digit block of the 48-digit recovery password, and offers the user the opportunity to correct such errors.
- 
+ 
 ### Post-recovery analysis
 
 When a volume is unlocked using a recovery password, an event is written to the event log and the platform validation measurements are reset in the TPM to match the current configuration. Unlocking the volume means that the encryption key has been released and is ready for on-the-fly encryption
@@ -217,11 +218,11 @@ After you have identified what caused recovery, you can reset BitLocker protecti
 The details of this reset can vary according to the root cause of the recovery. If you cannot determine the root cause, or if malicious software or a rootkit might have infected the computer, Helpdesk should apply best-practice virus policies to react appropriately.
 
 >**Note:**  You can perform a BitLocker validation profile reset by suspending and resuming BitLocker.
- 
--   [Unknown PIN](#bkmk-unknownpin)
--   [Lost startup key](#bkmk-loststartup)
--   [Changes to boot files](#bkmk-changebootknown)
-### Unknown PIN
+ 
+- [Unknown PIN](#bkmk-unknownpin)
+- [Lost startup key](#bkmk-loststartup)
+- [Changes to boot files](#bkmk-changebootknown)
+  ### Unknown PIN
 
 If a user has forgotten the PIN, you must reset the PIN while you are logged on to the computer in order to prevent BitLocker from initiating recovery each time the computer is restarted.
 
@@ -261,7 +262,7 @@ Besides the 48-digit BitLocker recovery password, other types of recovery inform
 If the recovery methods discussed earlier in this document do not unlock the volume, you can use the BitLocker Repair tool to decrypt the volume at the block level. The tool uses the BitLocker key package to help recover encrypted data from severely damaged drives. You can then use this recovered data to salvage encrypted data, even after the correct recovery password has failed to unlock the damaged volume. We recommend that you still save the recovery password. A key package cannot be used without the corresponding recovery password.
 
 >**Note:**  You must use the BitLocker Repair tool **repair-bde** to use the BitLocker key package.
- 
+ 
 The BitLocker key package is not saved by default. To save the package along with the recovery password in AD DS you must select the **Backup recovery password and key package** option in the Group Policy settings that control the recovery method. You can also export the key package from a working volume. For more details on how to export key packages, see [Retrieving the BitLocker Key Package](#bkmk-appendixc).
 
 ## Resetting recovery passwords
@@ -300,7 +301,7 @@ You can reset the recovery password in two ways:
     Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692}
     ```
     >**Warning:**  You must include the braces in the ID string.
-     
+     
 **To run the sample recovery password script**
 
 1.  Save the following sample script in a VBScript file. For example: ResetPassword.vbs.
@@ -308,10 +309,10 @@ You can reset the recovery password in two ways:
 
     **cscript ResetPassword.vbs**
 
->**Important:**  This sample script is configured to work only for the C volume. You must customize the script to match the volume where you want to test password reset.
- 
+> **Important:**  This sample script is configured to work only for the C volume. You must customize the script to match the volume where you want to test password reset.
+> 
 > **Note:**  To manage a remote computer, you can specify the remote computer name rather than the local computer name.
- 
+ 
 You can use the following sample script to create a VBScript file to reset the recovery passwords.
 
 ``` syntax
@@ -731,5 +732,5 @@ End Function
 ## See also
 
 -   [BitLocker overview](bitlocker-overview.md)
- 
- 
+ 
+ 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
index 2a2971042f..a12e4c3b02 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
@@ -2,13 +2,14 @@
 title: BitLocker Security FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -38,6 +39,6 @@ BitLocker on operating system drives in its basic configuration (with a TPM but
 
 Most operating systems use a shared memory space and rely on the operating system to manage physical memory. A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer. Additionally, the tools and skills necessary to attack hardware are often more expensive, and usually are not as available as the ones used to attack software. And because each TPM is unique to the computer that contains it, attacking multiple TPM computers would be difficult and time-consuming.
 
-> [!NOTE]  
+> [!NOTE]
 > Configuring BitLocker with an additional factor of authentication provides even more protection against TPM hardware attacks.
- 
+ 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index eb1afcd6a5..347a0003b8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -2,12 +2,14 @@
 title: BitLocker To Go FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
+ms.author: dolmont
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
+author: dulcemontemayor
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
index 4b09766a7c..de4112e3d5 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
+ms.reviewer: 
 ---
 
 # BitLocker Upgrading FAQ
@@ -39,6 +40,6 @@ Users need to suspend BitLocker for Non-Microsoft software updates, such as:
 - TPM firmware updates
 - Non-Microsoft application updates that modify boot components
 
-> [!NOTE]  
+> [!NOTE]
 > If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
- 
+ 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index 31674e2c0e..30fea18843 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -2,13 +2,14 @@
 title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10)
 description: This topic for the IT professional describes how to use tools to manage BitLocker.
 ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -60,7 +61,7 @@ manage-bde -on C:
 ```
 
 >**Note:**  After the encryption is completed, the USB startup key must be inserted before the operating system can be started.
- 
+ 
 An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command:
 
 ``` syntax
@@ -98,7 +99,7 @@ You may experience a problem that damages an area of a hard disk on which BitLoc
 The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS.
 
 >**Tip:**  If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume.
- 
+ 
 The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. You should use Repair-bde if the following conditions are true:
 
 1.  You have encrypted the drive by using BitLocker Drive Encryption.
@@ -106,7 +107,7 @@ The Repair-bde command-line tool is intended for use when the operating system d
 3.  You do not have a copy of the data that is contained on the encrypted drive.
 
 >**Note:**  Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.
- 
+ 
 The following limitations exist for Repair-bde:
 
 -   The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process.
@@ -244,14 +245,14 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
 
 
 
- 
+ 
 Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
-A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the `Get-BitLockerVolume` cmdlet.
-The `Get-BitLockerVolume` cmdlet output gives information on the volume type, protectors, protection status and other details.
+A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLockerVolume cmdlet.
+The Get-BitLockerVolume cmdlet output gives information on the volume type, protectors, protection status and other details.
 
 >**Tip:**  Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors.
 `Get-BitLockerVolume C: | fl`
- 
+ 
 If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you could use the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
 
 A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below:
@@ -270,7 +271,7 @@ Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}"
 ```
 
 >**Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
- 
+ 
 ### Using the BitLocker Windows PowerShell cmdlets with operating system volumes
 
 Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them in BitLocker Windows PowerShell.
@@ -302,7 +303,7 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover to and be unlocked by any member computer of the cluster.
 
 >**Warning:**  The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes
- 
+ 
 To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
 ``` syntax
@@ -312,13 +313,13 @@ Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Adminis
 For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command:
 
 >**Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
- 
+ 
 ``` syntax
 get-aduser -filter {samaccountname -eq "administrator"}
 ```
 
 >**Tip:**  In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features.
- 
+ 
 The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account:
 
 ``` syntax
@@ -326,7 +327,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-
 ```
 
 >**Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
- 
+ 
 ## More information
 
 - [BitLocker overview](bitlocker-overview.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index 56d19b8cbc..0e544985b8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -2,13 +2,14 @@
 title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10)
 description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer.
 ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
index 48020eea3e..8c25c57e76 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
@@ -2,13 +2,14 @@
 title: Using BitLocker with other programs FAQ (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -77,9 +78,9 @@ Limited BitLocker functionality is available in Safe Mode. BitLocker-protected d
 
 Both fixed and removable data drives can be locked by using the Manage-bde command-line tool and the –lock command.
 
-> [!NOTE]  
+> [!NOTE]
 > Ensure all data is saved to the drive before locking it. Once locked, the drive will become inaccessible.
- 
+ 
 The syntax of this command is:
 
 manage-bde driveletter -lock
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 72fd992131..2f53662c16 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -2,13 +2,14 @@
 title: Prepare your organization for BitLocker Planning and policies (Windows 10)
 description: This topic for the IT professional explains how can you plan your BitLocker deployment.
 ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -71,7 +72,7 @@ On computers that do not have a TPM version 1.2 or higher, you can still use Bi
 | Startup key | An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or in conjunction with a TPM for added security.|
 | Recovery password | A 48-digit number used to unlock a volume when it is in recovery mode. Numbers can often be typed on a regular keyboard, if the numbers on the normal keyboard are not responding you can always use the function keys (F1-F10) to input the numbers.|
 | Recovery key| An encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume.|
- 
+ 
 ### BitLocker authentication methods
 
 | Authentication method | Requires user interaction | Description |
@@ -81,7 +82,7 @@ On computers that do not have a TPM version 1.2 or higher, you can still use Bi
 | TPM + Network key | No | The TPM successfully validates early boot components, and a valid encrypted network key has been provided from the WDS server. This authentication method provides automatic unlock of operating system volumes at system reboot while still maintaining multifactor authentication. |
 | TPM + startup key| Yes| The TPM successfully validates early boot components, and a USB flash drive containing the startup key has been inserted.|
 | Startup key only | Yes| The user is prompted to insert the USB flash drive that holds the recovery key and/or startup key and reboot the computer.|
- 
+ 
 **Will you support computers without TPM version 1.2 or higher?**
 
 Determine whether you will support computers that do not have a TPM version 1.2 or higher in your environment. If you choose to support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This requires additional support processes similar to multifactor authentication.
@@ -184,7 +185,7 @@ The following recovery data is saved for each computer object:
 Functionality introduced in Windows Server 2012 R2 and Windows 8.1, allows BitLocker to be fully functional in FIPS mode.
 
 >**Note:**  The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. federal government. The FIPS 140 standard defines approved cryptographic algorithms. The FIPS 140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS 140 standard. An implementation of a cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that has not been submitted cannot be considered FIPS-compliant even if the implementation produces identical data as a validated implementation of the same algorithm. 
- 
+ 
 Prior to these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](https://support.microsoft.com/kb/947249).
 
 But on computers running these supported systems with BitLocker enabled:
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index 22ebe4babb..e19f192e4c 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -2,13 +2,14 @@
 title: Protecting cluster shared volumes and storage area networks with BitLocker (Windows 10)
 description: This topic for IT pros describes how to protect CSVs and SANs with BitLocker.
 ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -32,14 +33,14 @@ BitLocker can protect both physical disk resources and cluster shared volumes ve
 BitLocker on volumes within a cluster are managed based on how the cluster service "views" the volume to be protected. The volume can be a physical disk resource such as a logical unit number (LUN) on a storage area network (SAN) or network attached storage (NAS).
 
 >**Important**  SANs used with BitLocker must have obtained Windows Hardware Certification. For more info, see [Windows Hardware Lab Kit](https://msdn.microsoft.com/library/windows/hardware/dn930814.aspx).
- 
+ 
 Alternatively, the volume can be a cluster-shared volume, a shared namespace, within the cluster. Windows Server 2012 expanded the CSV architecture, now known as CSV2.0, to enable support for BitLocker. When using BitLocker with volumes designated for a cluster, the volume will need to turn on 
 BitLocker before its addition to the storage pool within cluster or put the resource into maintenance mode before BitLocker operations will complete.
 
 Windows PowerShell or the manage-bde command line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points do not require the use of a drive letter. Volumes that lack drive letters do not appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources is not available in the Control Panel item.
 
 >**Note:**  Mount points can be used to support remote mount points on SMB based network shares. This type of share is not supported for BitLocker encryption.
- 
+ 
 For thinly provisioned storage, such as a Dynamic Virtual Hard Disk (VHD), BitLocker runs in Used Disk Space Only encryption mode. You cannot use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on these types of volumes. This is blocked in order to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space.
 
 ### Active Directory-based protector
@@ -56,7 +57,7 @@ You can also use an Active Directory Domain Services (AD DS) protector for prote
 4.  Registry-based auto-unlock key
 
 >**Note:**  A Windows Server 2012 or later domain controller is required for this feature to work properly.
- 
+ 
 ### Turning on BitLocker before adding disks to a cluster using Windows PowerShell
 
 BitLocker encryption is available for disks before or after addition to a cluster storage pool. The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource does not require suspending the resource to complete the operation. To turn on BitLocker for a disk before adding it to a cluster, do the following:
@@ -76,7 +77,7 @@ BitLocker encryption is available for disks before or after addition to a cluste
     ```
 
     >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
-     
+     
 5.  Repeat the preceding steps for each disk in the cluster.
 6.  Add the volume(s) to the cluster.
 
@@ -109,7 +110,7 @@ When the cluster service owns a disk resource already, it needs to be set into m
     Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
     ```
     >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
-     
+     
 6.  Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode:
 
     ``` syntax
@@ -190,7 +191,7 @@ The following table contains information about both Physical Disk Resources (i.e
 
 
                            Manage-bde Pause/Resume
                            
 
                            Blocked
                            
-
                            Blocked**
                            
+
                            Blocked
                            
 
                            Blocked
                            
 
                            Allowed
                            
 
@@ -259,9 +260,9 @@ The following table contains information about both Physical Disk Resources (i.e
 
 
 
- 
->**Note:**  Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
- 
+ 
+>                            Note:**  Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
+ 
 In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process.
 
 ### Other considerations when using BitLocker on CSV2.0
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index 700a3d2672..cf637532f1 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -2,11 +2,14 @@
 title: Encrypted Hard Drive (Windows 10)
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.reviewer: 
+manager: dansimp
+ms.author: dolmont
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: brianlic-msft
+author: dulcemontemayor
 ms.date: 04/02/2019
 ---
 
@@ -38,9 +41,9 @@ Encrypted Hard Drives are supported natively in the operating system through the
 -   **API**: API support for applications to manage Encrypted Hard Drives independently of BitLocker Drive Encryption (BDE)
 -   **BitLocker support**: Integration with the BitLocker Control Panel provides a seamless BitLocker end user experience.
 
->[!WARNING]  
+>[!WARNING]
 >Self-Encrypting Hard Drives and Encrypted Hard Drives for Windows are not the same type of device. Encrypted Hard Drives for Windows require compliance for specific TCG protocols as well as IEEE 1667 compliance; Self-Encrypting Hard Drives do not have these requirements. It is important to confirm the device type is an Encrypted Hard Drive for Windows when planning for deployment.
- 
+ 
 If you are a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](https://msdn.microsoft.com/library/windows/hardware/dn653989.aspx).
 
 ## System Requirements
@@ -60,9 +63,9 @@ For an Encrypted Hard Drive used as a **startup drive**:
 -   The computer must have the Compatibility Support Module (CSM) disabled in UEFI.
 -   The computer must always boot natively from UEFI.
 
->[!WARNING]  
+>[!WARNING]
 >All Encrypted Hard Drives must be attached to non-RAID controllers to function properly.
- 
+ 
 ## Technical overview
 
 Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering significantly improved performance. In versions of Windows earlier than Windows Server 2012, BitLocker required a two-step process to complete read/write requests. In Windows Server 2012, Windows 8, or later, Encrypted Hard Drives offload the cryptographic operations to the drive controller for much greater efficiency. When the operating system identifies an Encrypted Hard Drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. This media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk.
@@ -80,9 +83,9 @@ Configuration of Encrypted Hard Drives as startup drives is done using the same
 
 There are three related Group Policy settings that help you manage how BitLocker uses hardware-based envryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: 
 
-- [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hdefxdaconfigure-use-of-hardware-based-encryption-for-fixed-data-drives)  
-- [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hderddaconfigure-use-of-hardware-based-encryption-for-removable-data-drives)
-- [Configure use of hardware-based encryption for operating system drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hdeosdaconfigure-use-of-hardware-based-encryption-for-operating-system-drives)
+- [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#bkmk-hdefxd)  
+- [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives)
+- [Configure use of hardware-based encryption for operating system drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives)
 
 ## Encrypted Hard Drive Architecture
 
@@ -104,4 +107,4 @@ Many Encrypted Hard Drive devices come pre-configured for use. If reconfiguratio
 1.  Open Disk Management (diskmgmt.msc)
 2.  Initialize the disk and select the appropriate partition style (MBR or GPT)
 3.  Create one or more volumes on the disk.
-4.  Use the BitLocker setup wizard to enable BitLocker on the volume.
+4.  Use the BitLocker setup wizard to enable BitLocker on the volume.
\ No newline at end of file
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index bfded5408a..53bf9b0641 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -5,13 +5,14 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: aadake
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/26/2019
+ms.reviewer: 
 ---
 
 # Kernel DMA Protection for Thunderbolt™ 3 
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 072e16abfe..2090fe9ea8 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -7,12 +7,14 @@ ms.mktglfcycl: Explore
 ms.pagetype: security
 ms.sitesec: library
 ms.localizationpriority: medium
-author: justinha
+author: dulcemontemayor
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/16/2018
+ms.reviewer: 
+ms.author: dolmont
 ---
 
 # Secure the Windows 10 boot process
diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 2ad21a5ff0..090906ffce 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -2,12 +2,13 @@
 title: Back up the TPM recovery information to AD DS (Windows 10)
 description: This topic for the IT professional describes backup of Trusted Platform Module (TPM) information.
 ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -30,4 +31,4 @@ With Windows 10, versions 1511 and 1507, you can back up a computer’s Trusted
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
-- [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) 
\ No newline at end of file
+- [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) 
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 5f8805bb4e..39e3573cd8 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -2,12 +2,13 @@
 title: Change the TPM owner password (Windows 10)
 description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index 6800a86d9a..a0d1ffbf6e 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -2,13 +2,14 @@
 title: How Windows uses the TPM
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it to enhance security.
 ms.assetid: 0f7e779c-bd25-42a8-b8c1-69dfb54d0c7f
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -162,4 +163,4 @@ The TPM adds hardware-based security benefits to Windows 10. When installed on h
 
 
                            
 
-Although some of the aforementioned features have additional hardware requirements (e.g., virtualization support), the TPM is a cornerstone of Windows 10 security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more and more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/iotcore).  IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
\ No newline at end of file
+Although some of the aforementioned features have additional hardware requirements (e.g., virtualization support), the TPM is a cornerstone of Windows 10 security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more and more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/iotcore).  IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 5296588ad5..8e25014ef9 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -2,12 +2,13 @@
 title: Troubleshoot the TPM (Windows 10)
 description: This topic for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM).
 ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -130,17 +131,17 @@ If you want to stop using the services that are provided by the TPM, you can use
 
 **To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
 
-1.  Open the TPM MMC (tpm.msc).
+1. Open the TPM MMC (tpm.msc).
 
-2.  In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
+2. In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
 
-3.  In the **Turn off the TPM security hardware** dialog box, select a method to enter your owner password and turning off the TPM:
+3. In the **Turn off the TPM security hardware** dialog box, select a method to enter your owner password and turning off the TPM:
 
-  -   If you saved your TPM owner password on a removable storage device, insert it, and then click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, click **Browse** to locate the .tpm file that is saved on your removable storage device, click **Open**, and then click **Turn TPM Off**.
+   -   If you saved your TPM owner password on a removable storage device, insert it, and then click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, click **Browse** to locate the .tpm file that is saved on your removable storage device, click **Open**, and then click **Turn TPM Off**.
 
-  -   If you do not have the removable storage device with your saved TPM owner password, click **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then click **Turn TPM Off**.
+   -   If you do not have the removable storage device with your saved TPM owner password, click **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then click **Turn TPM Off**.
 
-  -   If you did not save your TPM owner password or no longer know it, click **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
+   -   If you did not save your TPM owner password or no longer know it, click **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
   
 ## Use the TPM cmdlets
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index ce4f195e2f..5a388b1fc3 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -2,11 +2,13 @@
 title: Manage TPM commands (Windows 10)
 description: This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765
+ms.reviewer: 
+ms.author: dolmont
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
+author: dulcemontemayor
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index 8508fd4dae..05dbc34f16 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -2,11 +2,13 @@
 title: Manage TPM lockout (Windows 10)
 description: This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b
+ms.reviewer: 
+ms.author: dolmont
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
+author: dulcemontemayor
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -48,18 +50,18 @@ The following procedure explains the steps to reset the TPM lockout by using the
 
 **To reset the TPM lockout**
 
-1.  Open the TPM MMC (tpm.msc).
+1. Open the TPM MMC (tpm.msc).
 
-2.  In the **Action** pane, click **Reset TPM Lockout** to start the Reset TPM Lockout Wizard.
+2. In the **Action** pane, click **Reset TPM Lockout** to start the Reset TPM Lockout Wizard.
 
-3.  Choose one of the following methods to enter the TPM owner password:
+3. Choose one of the following methods to enter the TPM owner password:
 
-  -   If you saved your TPM owner password to a .tpm file, click **I have the owner password file**, and then type the path to the file, or click **Browse** to navigate to the file location.
+   -   If you saved your TPM owner password to a .tpm file, click **I have the owner password file**, and then type the path to the file, or click **Browse** to navigate to the file location.
 
-  -   If you want to manually enter your TPM owner password, click **I want to enter the owner password**, and then type the password in the text box provided.
+   -   If you want to manually enter your TPM owner password, click **I want to enter the owner password**, and then type the password in the text box provided.
 
-    > [!NOTE]
-    > If you enabled BitLocker and your TPM at the same time, and you printed your BitLocker recovery password when you turned on BitLocker, your TPM owner password may have printed with it.
+   > [!NOTE]
+   > If you enabled BitLocker and your TPM at the same time, and you printed your BitLocker recovery password when you turned on BitLocker, your TPM owner password may have printed with it.
 
 ## Use Group Policy to manage TPM lockout settings
 
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index f715eb932d..a251c95b5e 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -2,12 +2,13 @@
 title: Understanding PCR banks on TPM 2.0 devices (Windows 10)
 description: This topic for the IT professional provides background about what happens when you switch PCR banks on TPM 2.0 devices. 
 ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index e826eb601c..3d930a2334 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -2,12 +2,13 @@
 title: TPM fundamentals (Windows 10)
 description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index c7ef09ffc6..c808dfe356 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -2,13 +2,14 @@
 title: TPM recommendations (Windows 10)
 description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
 ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 2892caba58..1478ec896f 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -2,13 +2,14 @@
 title: Trusted Platform Module Technology Overview (Windows 10)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 ms.assetid: face8932-b034-4319-86ac-db1163d46538
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms-author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -88,11 +89,11 @@ Some things that you can check on the device are:
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
 - [Details on the TPM standard](https://www.microsoft.com/en-us/research/project/the-trusted-platform-module-tpm/) (has links to features using TPM)
-- [TPM Base Services Portal](https://docs.microsoft.com/windows/desktop/TBS/tpm-base-services-portal)
-- [TPM Base Services API](https://docs.microsoft.com/windows/desktop/api/_tbs/)
+- [TPM Base Services Portal](https://docs.microsoft.com/en-us/windows/desktop/TBS/tpm-base-services-portal)
+- [TPM Base Services API](https://docs.microsoft.com/en-us/windows/desktop/api/_tbs/)
 - [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule)
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
-- [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/blog/device-provisioning-identity-attestation-with-tpm/)
-- [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/)
+- [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/en-us/blog/device-provisioning-identity-attestation-with-tpm/)
+- [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/en-us/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/)
 - [Windows 10: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
-- [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx)
\ No newline at end of file
+- [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 6b661fde27..1fc294342f 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -2,12 +2,13 @@
 title: TPM Group Policy settings (Windows 10)
 description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -122,9 +123,9 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t
 
 > [!IMPORTANT]
 > Setting this policy will take effect only if:  
--   The TPM was originally prepared using a version of Windows after Windows 10 Version 1607
--   The system has a TPM 2.0. 
-
+> -   The TPM was originally prepared using a version of Windows after Windows 10 Version 1607
+> -   The system has a TPM 2.0. 
+> 
 > [!NOTE]
 > Enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only ways for the disabled setting of this policy to take effect on a system where it was once enabled are to either:
 > -  Disable it from group policy
@@ -146,4 +147,4 @@ If you don't want users to see the recommendation to update TPM firmware, you ca
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) 
 - [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
index 91a5e57e1f..3558bdf368 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/11/2018
+ms.reviewer: 
 ---
 
 # Trusted Platform Module
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index a30bed2776..f8bb770494 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -8,13 +8,14 @@ ms.pagetype: security
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.reviewer: 
 ---
 
 # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index 137f60c277..d251a04493 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -6,13 +6,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.reviewer: 
 ---
 
 # How to collect Windows Information Protection (WIP) audit event logs
@@ -163,16 +164,41 @@ Use Windows Event Forwarding to collect and aggregate your WIP audit events. You
 
 2.	In the console tree under **Application and Services Logs\Microsoft\Windows**, click **EDP-Audit-Regular** and **EDP-Audit-TCB**.
 
+## Collect WIP audit logs using Azure Monitor
+You can collect audit logs using Azure Monitor. See [Windows event log data sources in Azure Monitor.](https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs)
 
+**To view the WIP events in Azure Monitor**
+1.  Use an existing or create a new Log Analytics workspace.
 
+2.  In **Log Analytics** > **Advanced Settings**, select **Data**. In Windows Event Logs, add logs to receive:
 
+    ```
+    Microsoft-Windows-EDP-Application-Learning/Admin
+    Microsoft-Windows-EDP-Audit-TCB/Admin
+    ```
+    >[!NOTE]
+    >If using Windows Events Logs, the event log names can be found under Properties of the event in the Events folder (Application and Services Logs\Microsoft\Windows, click EDP-Audit-Regular and EDP-Audit-TCB).
 
+3.  Download Microsoft [Monitoring Agent](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows#install-the-agent-using-dsc-in-azure-automation).
 
+4.  To get MSI for Intune installation as stated in the Azure Monitor article, extract: MMASetup-.exe /c /t:
+Install Microsoft Monitoring Agent to WIP devices using Workspace ID and Primary key. More information on Workspace ID and Primary key can be found in **Log Analytics** > **Advanced Settings**.
 
+5.  To deploy MSI via Intune, in installation parameters add: /q /norestart NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID= OPINSIGHTS_WORKSPACE_KEY= AcceptEndUserLicenseAgreement=1
 
+>[!NOTE]
+>Replace  &  received from step 5. In installation parameters, don't place  &  in quotes ("" or '').
 
+6. After the agent is deployed, data will be received within approximately 10 minutes.
 
+7. To search for logs, go to **Log Analytics workspace** > **Logs**, and type **Event** in search.
 
+***Example***
+```
+Event | where EventLog == "Microsoft-Windows-EDP-Audit-TCB/Admin"
+```
 
-
-
+## Additional resources
+-   [How to deploy app via Intune](https://docs.microsoft.com/intune/apps-add)
+-   [How to create Log workspace](https://docs.microsoft.com/azure/azure-monitor/learn/quick-create-workspace)
+-   [How to use Microsoft Monitoring Agents for Windows](https://docs.microsoft.com/azure/azure-monitor/platform/agents-overview)
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 4b46dd2dc1..7bde4e34bf 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
+ms.reviewer: 
 ---
 
 # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
@@ -89,7 +90,7 @@ It's possible that you might revoke data from an unenrolled device only to later
 
    To start Robocopy in S mode, open Task Manager. Click **File** > **Run new task**, type the command, and click **Create this task with administrative privileges**.
    
-   ![Robocopy in S mode](images\robocopy-s-mode.png)
+   ![Robocopy in S mode](images/robocopy-s-mode.png)
 
    If the employee performed a clean installation and there is no user profile, you need to recover the keys from the System Volume folder in each drive. Type: 
     
@@ -149,4 +150,4 @@ After signing in, the necessary WIP key info is automatically downloaded and emp
 
 
 >[!Note]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to this article](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to this article](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index b96fe95c7b..aeca37426f 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.reviewer: 
 ---
 
 # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune
@@ -75,4 +76,4 @@ After you’ve created your VPN policy, you'll need to deploy it to the same gro
     ![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png)
 
 >[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 2a82682a3c..fef2b942c2 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -5,13 +5,14 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/29/2019
+ms.date: 05/13/2019
+ms.reviewer: 
 ---
 
 # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
@@ -21,7 +22,7 @@ ms.date: 04/29/2019
 -   Windows 10, version 1607 and later
 -   Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop)
 
-Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune only manages the apps on a user's personal device.
+Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
 
 ## Differences between MDM and MAM for WIP
 
@@ -39,7 +40,7 @@ You can create an app protection policy in Intune either with device enrollment
 
 ## Prerequisites
 
-Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. 
+Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. 
 
 ## Configure the MDM or MAM provider
 
@@ -96,9 +97,9 @@ Select **Store apps**, type the app product name and publisher, and click **OK**
 - **Publisher**: `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
 - **Product Name**: `Microsoft.MicrosoftPowerBIForWindows`
 
-![Add Store app](images\add-a-protected-store-app.png)
+![Add Store app](images/add-a-protected-store-app.png)
 
-To add multiple Store apps, click the elipsis **…**. 
+To add multiple Store apps, click the ellipsis **…**. 
 
 If you don't know the Store app publisher or product name, you can find them by following these steps.
 
@@ -187,7 +188,7 @@ To add **Desktop apps**, complete the following fields, based on what results yo
     
 
 
-To add another Desktop app, click the elipsis **…**. After you’ve entered the info into the fields, click **OK**.
+To add another Desktop app, click the ellipsis **…**. After you’ve entered the info into the fields, click **OK**.
 
 ![Microsoft Intune management console: Adding Desktop app info](images/wip-azure-add-desktop-apps.png)
  
@@ -403,7 +404,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor
    ![Add protected domains](images/add-protected-domains.png)
 
 ## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include policy that defines your enterprise network locations. 
+After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include your enterprise network locations. 
 
 There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
 
@@ -562,56 +563,50 @@ After you create and deploy your WIP policy to your employees, Windows begins to
     ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate](images/wip-azure-advanced-settings-efsdra.png)
 
 ## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
+After you've decided where your protected apps can access enterprise data on your network, you can choose optional settings.
 
-**To set your optional settings**
-
-1.	Choose to set any or all optional settings:
-
-    ![Microsoft Intune, Choose if you want to include any of the optional settings](images/wip-azure-advanced-settings-optional.png)
-    
-    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
+![Advanced optional settings ](images/wip-azure-advanced-settings-optional.png)
+   
+**Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
         
-        - **On.** Turns on the feature and provides the additional protection.
+- **On.** Turns on the feature and provides the additional protection.
         
-        - **Off, or not configured.** Doesn't enable this feature.
+- **Off, or not configured.** Doesn't enable this feature.
     
-    - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+**Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
     
-        - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
+- **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
         
-        - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
+- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
         
-    - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
+**Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
     
-        - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
+- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
         
-        - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option.
+- **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. 
         
-    - **Use Azure RMS for WIP.** Determines whether to use Azure Rights Management encryption with Windows Information Protection.
+**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). 
     
-        - **On.** Starts using Azure Rights Management encryption with WIP. By turning this option on, you can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. For more info about setting up Azure Rights management and using a template ID with WIP, see the [Choose to set up Azure Rights Management with WIP](#choose-to-set-up-azure-rights-management-with-wip) section of this topic.
+- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. 
         
-        - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
-
-    - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
-    
-        - **On.** Starts Windows Search Indexer to index encrypted files.
-    
-        - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
-
-## Choose to set up Azure Rights Management with WIP
-WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.
-
-To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
-
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive.
-
->[!IMPORTANT]
->Curly braces -- {} -- are required around the RMS Template ID.
+  If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that all users can access.
+        
+- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
 
 >[!NOTE]
->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic.
+>Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
+
+**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
+    
+- **On.** Starts Windows Search Indexer to index encrypted files.
+    
+- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
+
+## Encrypted file extensions
+
+You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. 
+
+![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png)
 
 ## Related topics
 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
index 6edf443eb3..bd212a95e3 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
@@ -2,26 +2,27 @@
 title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
 description: Configuration Manager (version 1606 or later) helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
+ms.reviewer: 
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/30/2019
+ms.date: 05/13/2019
 ---
 
 # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
 **Applies to:**
 
-- Windows 10, version 1607 and later
-- Windows 10 Mobile, version 1607 and later
+- Windows 10, version 1607 and later
+- Windows 10 Mobile, version 1607 and later
 - System Center Configuration Manager
 
 System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
@@ -73,107 +74,107 @@ For this example, we’re going to add Microsoft OneNote, a store app, to the **
 
 **To add a store app**
 
-1.	From the **App rules** area, click **Add**.
-    
+1.  From the **App rules** area, click **Add**.
+
     The **Add app rule** box appears.
 
     ![Create Configuration Item wizard, add a universal store app](images/wip-sccm-adduniversalapp.png)
 
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
+2.  Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
 
-3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+3.  Click **Allow** from the **Windows Information Protection mode** drop-down list.
 
     Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
 
-4.	Pick **Store App** from the **Rule template** drop-down list.
+4.  Pick **Store App** from the **Rule template** drop-down list.
 
     The box changes to show the store app rule options.
 
-5.	Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
+5.  Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
 
 If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
 
 **To find the Publisher and Product Name values for Store apps without installing them**
 
-1.	Go to the [Microsoft Store for Business](https://businessstore.microsoft.com/store) website, and find your app. For example, Microsoft OneNote.
+1. Go to the [Microsoft Store for Business](https://businessstore.microsoft.com/store) website, and find your app. For example, Microsoft OneNote.
 
-    >[!NOTE]
+   > [!NOTE]
+   > 
+   > If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
 
-    >If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
+2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
 
-2.	Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
+3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
 
-3.	In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
+   The API runs and opens a text editor with the app details.
 
-    The API runs and opens a text editor with the app details.
+   ``` json
+       {
+       "packageIdentityName": "Microsoft.Office.OneNote",
+       "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+       }
+   ```
 
-    ``` json
-        {
-        "packageIdentityName": "Microsoft.Office.OneNote",
-        "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
-        }
-    ```
+4. Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
 
-4.  Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >[!IMPORTANT]
-    >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
                            For example:
                            
-    ```json
-        {
-            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-        }
-    ```
+   > [!IMPORTANT]
+   > The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
                            For example:
                            
+   > ```json
+   >     {
+   >         "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+   >     }
+   > ```
 
 **To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
-1.	If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
+1. If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
 
-    >[!NOTE]
-    >Your PC and phone must be on the same wireless network.
+   >[!NOTE]
+   >Your PC and phone must be on the same wireless network.
 
-2.	On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
+2. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
 
-3.	On the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
+3. On the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
 
-4.	Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
+4. Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
 
-5.	In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
+5. In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
 
-6.	On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
+6. On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
 
-7.	Start the app for which you're looking for the publisher and product name values.
+7. Start the app for which you're looking for the publisher and product name values.
 
-8.	Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
+8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
 
-    >[!IMPORTANT]
-    >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
-    >For example:
                            
-    ```json
-        {
-            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-        }
-    ```
+   > [!IMPORTANT]
+   > The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
+   > For example:
                            
+   > ```json
+   >     {
+   >         "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+   >     }
+   > ```
 
 ### Add a desktop app rule to your policy
 For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list.
 
 **To add a desktop app to your policy**
-1.	From the **App rules** area, click **Add**.
-    
+1.  From the **App rules** area, click **Add**.
+
     The **Add app rule** box appears.
 
     ![Create Configuration Item wizard, add a classic desktop app](images/wip-sccm-adddesktopapp.png)
 
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
+2.  Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
 
-3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+3.  Click **Allow** from the **Windows Information Protection mode** drop-down list.
 
     Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
 
-4.	Pick **Desktop App** from the **Rule template** drop-down list.
+4.  Pick **Desktop App** from the **Rule template** drop-down list.
 
     The box changes to show the desktop app rule options.
 
-5.	Pick the options you want to include for the app rule (see table), and then click **OK**.
+5.  Pick the options you want to include for the app rule (see table), and then click **OK**.
 
     
@@ -230,13 +231,13 @@ Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the
 For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content.
 
 **To create an app rule and xml file using the AppLocker tool**
-1.	Open the Local Security Policy snap-in (SecPol.msc).
-    
-2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
+1.  Open the Local Security Policy snap-in (SecPol.msc).
+
+2.  In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
 
     ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
 
-3.	Right-click in the right-hand pane, and then click **Create New Rule**.
+3.  Right-click in the right-hand pane, and then click **Create New Rule**.
 
     The **Create Packaged app Rules** wizard appears.
 
@@ -248,7 +249,7 @@ For this example, we’re going to add an AppLocker XML file to the **App Rules*
 
     ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png)
 
-6.	On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
+6.  On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
 
     ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png)
 
@@ -264,13 +265,13 @@ For this example, we’re going to add an AppLocker XML file to the **App Rules*
 
     ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png)
 
-10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
+10. In the left pane, right-click on **AppLocker**, and then click **Export policy**.
 
     The **Export policy** box opens, letting you export and save your new policy as XML.
 
     ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
 
-11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
+11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
 
     The policy is saved and you’ll see a message that says 1 rule was exported from the policy.
 
@@ -292,24 +293,24 @@ For this example, we’re going to add an AppLocker XML file to the **App Rules*
                 
-	
+    
     ```
 12. After you’ve created your XML file, you need to import it by using System Center Configuration Manager.
 
 **To import your Applocker policy file app rule using System Center Configuration Manager**
-1.	From the **App rules** area, click **Add**.
-    
+1.  From the **App rules** area, click **Add**.
+
     The **Add app rule** box appears.
 
     ![Create Configuration Item wizard, add an AppLocker policy](images/wip-sccm-addapplockerfile.png)
 
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
+2.  Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
 
-3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+3.  Click **Allow** from the **Windows Information Protection mode** drop-down list.
 
     Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
 
-4.	Pick the **AppLocker policy file** from the **Rule template** drop-down list.
+4.  Pick the **AppLocker policy file** from the **Rule template** drop-down list.
 
     The box changes to let you import your AppLocker XML policy file.
 
@@ -322,17 +323,17 @@ If you're running into compatibility issues where your app is incompatible with
 
 **To exempt a store app, a desktop app, or an AppLocker policy file app rule**
 
-1.	From the **App rules** area, click **Add**.
-    
+1.  From the **App rules** area, click **Add**.
+
     The **Add app rule** box appears.
 
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
+2.  Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
 
-3.	Click **Exempt** from the **Windows Information Protection mode** drop-down list.
+3.  Click **Exempt** from the **Windows Information Protection mode** drop-down list.
 
     Be aware that when you exempt apps, they’re allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic.
 
-4.	Fill out the rest of the app rule info, based on the type of rule you’re adding:
+4.  Fill out the rest of the app rule info, based on the type of rule you’re adding:
 
     - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic.
 
@@ -340,7 +341,7 @@ If you're running into compatibility issues where your app is incompatible with
 
     - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps.
 
-5.	Click **OK**.
+5.  Click **OK**.
 
 ## Manage the WIP-protection level for your enterprise data
 After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode.
@@ -385,74 +386,72 @@ There are no default locations included with WIP, you must add each of your netw
 
     The **Add or edit corporate network definition** box appears.
 
-2.	Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
+2. Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
 
-    ![Add or edit corporate network definition box, Add your enterprise network locations](images/wip-sccm-add-network-domain.png)
-    
-    
                            
         
                            
             
         
                            
-        
-            
-            
-            
-        
-        
-            
-            
-            
-        
-        
-            
-            
-            
-        
-        
-            
-            
-            
-        
-        
-            
-            
-                       
-        
-        
-            
-            
-            
-        
-        
-            
-            
-            
-        
-        
-            
-            
-            
-                   
-    
                            Network location typeFormatDescription
                            Enterprise Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
                            contoso.visualstudio.com,contoso.internalproxy2.com
                            Without proxy: contoso.sharepoint.com|contoso.visualstudio.com
                            		Specify the cloud resources to be treated as corporate and protected by WIP.
                            For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.
                            If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.
                            Important
                            In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
                            Enterprise Network Domain Names (Required)corp.contoso.com,region.contoso.comSpecify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.
                            This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.
                            If you have multiple resources, you must separate them using the "," delimiter.
                            Proxy serversproxy.contoso.com:80;proxy2.contoso.com:443Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

                            This list shouldn’t include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

                            If you have multiple resources, you must separate them using the ";" delimiter.
                            Internal proxy serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

                            This list shouldn’t include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

                            If you have multiple resources, you must separate them using the ";" delimiter.
                            Enterprise IPv4 Range (Required)**Starting IPv4 Address:** 3.4.0.1
                            **Ending IPv4 Address:** 3.4.255.254
                            **Custom URI:** 3.4.0.1-3.4.255.254,
                            10.0.0.1-10.255.255.254                            		Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
                            If you have multiple ranges, you must separate them using the "," delimiter.
                            Enterprise IPv6 Range**Starting IPv6 Address:** 2a01:110::
                            **Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
                            **Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
                            fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff                            		Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
                            If you have multiple ranges, you must separate them using the "," delimiter.
                            Neutral Resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.
                            These locations are considered enterprise or personal, based on the context of the connection before the redirection.
                            If you have multiple resources, you must separate them using the "," delimiter.
                            
+   ![Add or edit corporate network definition box, Add your enterprise network locations](images/wip-sccm-add-network-domain.png)
 
-3.	Add as many locations as you need, and then click **OK**.
+   
+       
+           
+           
+           
+       
+       
+           
+           
+           
+       
+       
+           
+           
+           
+       
+       
+           
+           
+           
+       
+       
+           
+           
+           
                            
+       
+           
+           
+           
+       
+       
+           
+           
+           
+       
+       
+           
+           
+           
+       
                            Network location typeFormatDescription
                            Enterprise Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
                            contoso.visualstudio.com,contoso.internalproxy2.com
                            Without proxy: contoso.sharepoint.com|contoso.visualstudio.com
                            		Specify the cloud resources to be treated as corporate and protected by WIP.
                            For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.
                            If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.
                            Important
                            In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
                            Enterprise Network Domain Names (Required)corp.contoso.com,region.contoso.comSpecify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.
                            This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.
                            If you have multiple resources, you must separate them using the "," delimiter.
                            Proxy serversproxy.contoso.com:80;proxy2.contoso.com:443Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

                            This list shouldn’t include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

                            If you have multiple resources, you must separate them using the ";" delimiter.
                            Internal proxy serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

                            This list shouldn’t include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

                            If you have multiple resources, you must separate them using the ";" delimiter.                            		    
                            Enterprise IPv4 Range (Required)Starting IPv4 Address: 3.4.0.1
                            Ending IPv4 Address: 3.4.255.254
                            Custom URI: 3.4.0.1-3.4.255.254,
                            10.0.0.1-10.255.255.254                            		Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
                            If you have multiple ranges, you must separate them using the "," delimiter.
                            Enterprise IPv6 RangeStarting IPv6 Address: 2a01:110::
                            Ending IPv6 Address: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
                            Custom URI: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
                            fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff                            		Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
                            If you have multiple ranges, you must separate them using the "," delimiter.
                            Neutral Resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.
                            These locations are considered enterprise or personal, based on the context of the connection before the redirection.
                            If you have multiple resources, you must separate them using the "," delimiter.
                            
 
-    The **Add or edit corporate network definition** box closes.
+3. Add as many locations as you need, and then click **OK**.
 
-4.	Decide if you want to Windows to look for additional network settings and if you want to show the WIP icon on your corporate files while in File Explorer.
+   The **Add or edit corporate network definition** box closes.
 
-    ![Create Configuration Item wizard, Add whether to search for additional network settings](images/wip-sccm-optsettings.png)
+4. Decide if you want to Windows to look for additional network settings and if you want to show the WIP icon on your corporate files while in File Explorer.
 
-    - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. Not configured is the default option.
+   ![Create Configuration Item wizard, Add whether to search for additional network settings](images/wip-sccm-optsettings.png)
 
-    - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
+   - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. Not configured is the default option.
 
-    - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
+   - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
 
-5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
-    
-    ![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate](images/wip-sccm-dra.png)
+   - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
 
-    After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
-    
-    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
+
+   ![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate](images/wip-sccm-dra.png)
+
+   After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
+
+   For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
 
 ## Choose your optional WIP-related settings
 After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
@@ -460,27 +459,27 @@ After you've decided where your protected apps can access enterprise data on you
 ![Create Configuration Item wizard, Choose any additional, optional settings](images/wip-sccm-additionalsettings.png)
 
 **To set your optional settings**
-1.	Choose to set any or all of the optional settings:
+1.  Choose to set any or all of the optional settings:
 
     - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
-	
+
         - **Yes (recommended).** Turns on the feature and provides the additional protection.
-	
+
         - **No, or not configured.**  Doesn't enable this feature.
 
     - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
 
-	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
+        - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
 
-	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
+        - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
 
-    - **Revoke local encryption keys during the unerollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+    - **Revoke local encryption keys during the unenrollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
 
         - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-        
+
         - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
 
-    - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Choose to set up Azure Rights Management with WIP](create-wip-policy-using-intune-azure.md#choose-to-set-up-azure-rights-management-with-wip). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell).
+    - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Create a WIP policy using Intune](create-wip-policy-using-intune-azure.md). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell). If you don’t specify a template, WIP uses a key from a default RMS template that everyone in the tenant will have access to.
 
 2. After you pick all of the settings you want to include, click **Summary**.
 
@@ -491,7 +490,7 @@ After you've finished configuring your policy, you can review all of your info o
 - Click the **Summary** button to review your policy choices, and then click **Next** to finish and to save your policy.
 
     ![Create Configuration Item wizard, Summary screen for all of your policy choices](images/wip-sccm-summaryscreen.png)
- 
+
     A progress bar appears, showing you progress for your policy. After it's done, click **Close** to return to the **Configuration Items** page.
 
 ## Deploy the WIP policy
@@ -506,4 +505,4 @@ After you’ve created your WIP policy, you'll need to deploy it to your organiz
 
 - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
 
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
\ No newline at end of file
+- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 84fcae9939..cb68d68e93 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
+ms.reviewer: 
 ---
 
 # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 600663b95b..441e6d2b75 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -2,14 +2,15 @@
 title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) (Windows 10)
 description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
 ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f
+ms.reviewer: 
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -70,7 +71,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
 
 - Microsoft Remote Desktop
 
->[!NOTE] 
+>[!NOTE]
 >Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
 
 ## List of WIP-work only apps from Microsoft
@@ -81,28 +82,28 @@ Microsoft still has apps that are unenlightened, but which have been tested and
 ## Adding enlightened Microsoft apps to the allowed apps list
 You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and System Center Configuration Manager.
 
-|Product name |App info |
-|-------------|---------|
-|Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.MicrosoftEdge
                            **App Type:** Universal app |
-|Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.People
                            **App Type:** Universal app |
-|Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.Word
                            **App Type:** Universal app |
-|Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.Excel
                            **App Type:** Universal app |
-|PowerPoint Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.PowerPoint
                            **App Type:** Universal app |
-|OneNote |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.OneNote
                            **App Type:** Universal app |
-|Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** microsoft.windowscommunicationsapps
                            **App Type:** Universal app |
-|Office 365 ProPlus and Office 2019 Professional Plus |Office 365 ProPlus and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for WIP.
                            We don't recommend setting up Office by using individual paths or publisher rules.|
-|Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Windows.Photos
                            **App Type:** Universal app |
-|Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.ZuneMusic
                            **App Type:** Universal app |
-|Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.ZuneVideo
                            **App Type:** Universal app |
-|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Messaging
                            **App Type:** Universal app |
-|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** iexplore.exe
                            **App Type:** Desktop app |
-|OneDrive Sync Client|**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** onedrive.exe
                            **App Type:** Desktop app|
-|OneDrive app|**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Microsoftskydrive
                            **Product Version:**Product version: 17.21.0.0 (and later)
                            **App Type:** Universal app |
-|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** notepad.exe
                            **App Type:** Desktop app |
-|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** mspaint.exe
                            **App Type:** Desktop app |
-|Microsoft Remote Desktop |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** mstsc.exe
                            **App Type:** Desktop app |
-|Microsoft MAPI Repair Tool |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** fixmapi.exe
                            **App Type:** Desktop app |
 
+|                     Product name                     |                                                                                                                                                                                                                        App info                                                                                                                                                                                                                        |
+|------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                    Microsoft Edge                    |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.MicrosoftEdge
                            **App Type:** Universal app                                                                                                                                      |
+|                   Microsoft People                   |                                                                                                                                         **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.People
                            **App Type:** Universal app                                                                                                                                         |
+|                     Word Mobile                      |                                                                                                                                      **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.Word
                            **App Type:** Universal app                                                                                                                                       |
+|                     Excel Mobile                     |                                                                                                                                      **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.Excel
                            **App Type:** Universal app                                                                                                                                      |
+|                  PowerPoint Mobile                   |                                                                                                                                   **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.PowerPoint
                            **App Type:** Universal app                                                                                                                                    |
+|                       OneNote                        |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Office.OneNote
                            **App Type:** Universal app                                                                                                                                     |
+|              Outlook Mail and Calendar               |                                                                                                                               **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** microsoft.windowscommunicationsapps
                            **App Type:** Universal app                                                                                                                                |
+| Office 365 ProPlus and Office 2019 Professional Plus | Office 365 ProPlus and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for WIP.
                            We don't recommend setting up Office by using individual paths or publisher rules. |
+|                   Microsoft Photos                   |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Windows.Photos
                            **App Type:** Universal app                                                                                                                                     |
+|                     Groove Music                     |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.ZuneMusic
                            **App Type:** Universal app                                                                                                                                        |
+|                Microsoft Movies & TV                 |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.ZuneVideo
                            **App Type:** Universal app                                                                                                                                        |
+|                 Microsoft Messaging                  |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Messaging
                            **App Type:** Universal app                                                                                                                                        |
+|                         IE11                         |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** iexplore.exe
                            **App Type:** Desktop app                                                                                                                                                          |
+|                 OneDrive Sync Client                 |                                                                                                                                                         **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** onedrive.exe
                            **App Type:** Desktop app                                                                                                                                                          |
+|                     OneDrive app                     |                                                                                              **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Product Name:** Microsoft.Microsoftskydrive
                            Product Version:Product version: 17.21.0.0 (and later)
                            **App Type:** Universal app                                                                                              |
+|                       Notepad                        |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** notepad.exe
                            **App Type:** Desktop app                                                                                                                                                          |
+|                   Microsoft Paint                    |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** mspaint.exe
                            **App Type:** Desktop app                                                                                                                                                          |
+|               Microsoft Remote Desktop               |                                                                                                                                                           **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** mstsc.exe
                            **App Type:** Desktop app                                                                                                                                                           |
+|              Microsoft MAPI Repair Tool              |                                                                                                                                                          **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
                            **Binary Name:** fixmapi.exe
                            **App Type:** Desktop app                                                                                                                                                          |
 
 >[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index 437815bd4a..78620f0447 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -2,14 +2,15 @@
 title: General guidance and best practices for Windows Information Protection (WIP) (Windows 10)
 description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).
 ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0
+ms.reviewer: 
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
index 02d2fe3e81..8205436cc7 100644
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/30/2019
+ms.reviewer: 
 ---
 
 # How Windows Information Protection (WIP) protects a file that has a sensitivity label 
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png
index cd8e0d0388..785925efdf 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png
new file mode 100644
index 0000000000..8ec000d2a7
Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png differ
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index f3d8fb9489..e9ee801003 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -6,21 +6,22 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/05/2019
+ms.reviewer: 
 ms.localizationpriority: medium
 ---
 
 # Limitations while using Windows Information Protection (WIP)
 
 **Applies to:**
--   Windows 10, version 1607 and later
--   Windows 10 Mobile, version 1607 and later
+-   Windows 10, version 1607 and later
+-   Windows 10 Mobile, version 1607 and later
 
 This table provides info about the most common problems you might encounter while running WIP in your organization.
 
@@ -32,7 +33,7 @@ This table provides info about the most common problems you might encounter whil
     
     
         Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.
-        If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.

                            If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
+        If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.

                            If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
         Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

                            We strongly recommend educating employees about how to limit or eliminate the need for this decryption.
     
     
@@ -48,7 +49,7 @@ This table provides info about the most common problems you might encounter whil
     
         Cortana can potentially allow data leakage if it’s on the allowed apps list.
         If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.
-        We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.
+        We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.
     
     
         WIP is designed for use by a single user per device.
@@ -73,7 +74,7 @@ This table provides info about the most common problems you might encounter whil
     
         Redirected folders with Client Side Caching are not compatible with WIP.
         Apps might encounter access errors while attempting to read a cached, offline file.
-        Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

                            Note
                            For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045).
+        Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

                            Note
                            For more info about Work Folders and Offline Files, see the blog, Work Folders and Offline Files support for Windows Information Protection. If you're having trouble opening files offline while using Offline Files and WIP, see the support article, Can't open files offline when you use Offline Files and Windows Information Protection.
     
     
         An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.
@@ -81,17 +82,17 @@ This table provides info about the most common problems you might encounter whil
         Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.
     
     
-        You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.
-        A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal.
+        You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.
+        A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal.
         Open File Explorer and change the file ownership to Personal before you upload.
     
     
         ActiveX controls should be used with caution.
         Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.
-        We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.

                            For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).
+        We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.

                            For more info, see Out-of-date ActiveX control blocking.
     
     
-         Resilient File System (ReFS) isn't currently supported with WIP.
+         Resilient File System (ReFS) isn't currently supported with WIP.
         Trying to save or transfer WIP files to ReFS will fail.
         Format drive for NTFS, or use a different drive.
     
@@ -114,7 +115,7 @@ This table provides info about the most common problems you might encounter whil
             
                          
         
         WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using System Center Configuration Manager.
-        Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

                          If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection).
+        Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

                          If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection.
         
     
     
@@ -125,8 +126,7 @@ This table provides info about the most common problems you might encounter whil
         
     
     
-        By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can't access it.  
-        
+        By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can't access it.
                                  
         Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. 
         
         If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 4c8459fac2..36a6fbf255 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
+ms.reviewer: 
 ---
 
 # Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
@@ -35,4 +36,4 @@ This list provides all of the tasks and settings that are required for the opera
 
 
 >[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
index b577d9e9e5..9fe48f688d 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
@@ -2,13 +2,14 @@
 title: Create a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
 description: System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -29,4 +30,4 @@ System Center Configuration Manager helps you create and deploy your enterprise
 |------|------------|
 |[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |System Center Configuration Manager helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
 |[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
-|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
\ No newline at end of file
+|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index 3af1d9b274..29087982ee 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -2,13 +2,14 @@
 title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10)
 description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
+ms.reviewer: 
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 626c296a9d..246227f7c4 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -2,14 +2,15 @@
 title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
 ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
+ms.reviewer: 
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index 46b7344b5f..0852a6c1be 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -7,13 +7,14 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: justinha
-ms.author: justinha
+author: dulcemontemayor
+ms.author: dolmont
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/25/2019
+ms.reviewer: 
 ---
 
 # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
@@ -53,4 +54,4 @@ We recommended adding these URLs if you use the Neutral Resources network settin
 
                            
     
                          • login.microsoftonline.com
                            • 
     
                          • login.windows.net
                            • 
-
                          
\ No newline at end of file
+
                        diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 6f698cb26c..08af5d2456 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -2,14 +2,15 @@ title: Testing scenarios for Windows Information Protection (WIP) (Windows 10) description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company. ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2 +ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dulcemontemayor +ms.author: dolmont manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -20,8 +21,8 @@ ms.date: 03/05/2019 # Testing scenarios for Windows Information Protection (WIP) **Applies to:** -- Windows 10, version 1607 and later -- Windows 10 Mobile, version 1607 and later +- Windows 10, version 1607 and later +- Windows 10 Mobile, version 1607 and later We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company. @@ -47,7 +48,7 @@ You can try any of the processes included in these scenarios, but you should foc
                        1. Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
                        2. Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work.
                          Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
                          3. -
                        3. Select the same file, click File ownership from the drop down menu, and then click Personal.
                          Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
                          4. +
                        4. Select the same file, click File ownership from the drop down menu, and then click Personal.
                          Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
                        @@ -55,21 +56,20 @@ You can try any of the processes included in these scenarios, but you should foc Create work documents in enterprise-allowed apps. For desktop:

                          -
                        • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
                          Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

                          Important
                          Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

                          For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.
                          • +
                        • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
                          Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

                          Important
                          Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

                          For more info about your Enterprise Identity and adding apps to your allowed apps list, see either Create a Windows Information Protection (WIP) policy using Microsoft Intune or Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager, based on your deployment system.
                        For mobile:

                        1. Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location.
                          Make sure the document is encrypted, by locating the Briefcase icon next to the file name.
                        2. Open the same document and attempt to save it to a non-work-related location.
                          WIP should stop you from saving the file to this location.
                          3. -
                        3. Open the same document one last time, make a change to the contents, and then save it again using the Personal option.
                          Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
                          4. +
                        4. Open the same document one last time, make a change to the contents, and then save it again using the Personal option.
                          Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
                        - - +
                        Block enterprise data from non-enterprise apps.
                          -
                        1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
                          The app shouldn't be able to access the file.
                          2. +
                        2. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
                          The app shouldn't be able to access the file.
                        3. Try double-clicking or tapping on the work-encrypted file.
                          If your default app association is an app not on your allowed apps list, you should get an Access Denied error message.
                        @@ -78,8 +78,8 @@ You can try any of the processes included in these scenarios, but you should foc Copy and paste from enterprise apps to non-enterprise apps.
                          -
                        1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
                          You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
                          2. -
                        2. Click Keep at work.
                          The content isn't pasted into the non-enterprise app.
                          3. +
                        3. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
                          You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
                          4. +
                        4. Click Keep at work.
                          The content isn't pasted into the non-enterprise app.
                        5. Repeat Step 1, but this time click Change to personal, and try to paste the content again.
                          The content is pasted into the non-enterprise app.
                        6. Try copying and pasting content between apps on your allowed apps list.
                          The content should copy and paste between apps without any warning messages.
                        @@ -89,8 +89,8 @@ You can try any of the processes included in these scenarios, but you should foc Drag and drop from enterprise apps to non-enterprise apps.
                          -
                        1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
                          You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
                          2. -
                        2. Click Keep at work.
                          The content isn't dropped into the non-enterprise app.
                          3. +
                        3. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
                          You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
                          4. +
                        4. Click Keep at work.
                          The content isn't dropped into the non-enterprise app.
                        5. Repeat Step 1, but this time click Change to personal, and try to drop the content again.
                          The content is dropped into the non-enterprise app.
                        6. Try dragging and dropping content between apps on your allowed apps list.
                          The content should move between the apps without any warning messages.
                        @@ -100,8 +100,8 @@ You can try any of the processes included in these scenarios, but you should foc Share between enterprise apps and non-enterprise apps.
                          -
                        1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
                          You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
                          2. -
                        2. Click Keep at work.
                          The content isn't shared into Facebook.
                          3. +
                        3. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
                          You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
                          4. +
                        4. Click Keep at work.
                          The content isn't shared into Facebook.
                        5. Repeat Step 1, but this time click Change to personal, and try to share the content again.
                          The content is shared into Facebook.
                        6. Try sharing content between apps on your allowed apps list.
                          The content should share between the apps without any warning messages.
                        @@ -113,7 +113,7 @@ You can try any of the processes included in these scenarios, but you should foc
                        1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
                          Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
                        2. Open File Explorer and make sure your modified files are appearing with a Lock icon.
                          3. -
                        3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

                          Note
                          Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.

                          A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
                          4. +
                        4. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

                          Note
                          Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.

                          A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
                        @@ -132,7 +132,7 @@ You can try any of the processes included in these scenarios, but you should foc
                        1. Download a file from a protected file share, making sure the file is encrypted by locating the Briefcase icon next to the file name.
                        2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
                          3. -
                        3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
                          The app shouldn't be able to access the file share.
                          4. +
                        4. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
                          The app shouldn't be able to access the file share.
                        @@ -141,8 +141,8 @@ You can try any of the processes included in these scenarios, but you should foc
                        1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
                          2. -
                        2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
                          Both browsers should respect the enterprise and personal boundary.
                          3. -
                        3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
                          IE11 shouldn't be able to access the sites.

                          Note
                          Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
                          4. +
                        4. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
                          Both browsers should respect the enterprise and personal boundary.
                          5. +
                        5. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
                          IE11 shouldn't be able to access the sites.

                          Note
                          Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
                        @@ -150,9 +150,9 @@ You can try any of the processes included in these scenarios, but you should foc Verify your Virtual Private Network (VPN) can be auto-triggered.
                          -
                        1. Set up your VPN network to start based on the WIPModeID setting.
                          For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md) topic.
                          2. +
                        2. Set up your VPN network to start based on the WIPModeID setting.
                          For specific info about how to do this, see the Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune topic.
                        3. Start an app from your allowed apps list.
                          The VPN network should automatically start.
                          4. -
                        4. Disconnect from your network and then start an app that isn't on your allowed apps list.
                          The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
                          5. +
                        5. Disconnect from your network and then start an app that isn't on your allowed apps list.
                          The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
                        @@ -160,7 +160,7 @@ You can try any of the processes included in these scenarios, but you should foc Unenroll client devices from WIP.
                          -
                        • Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
                          The device should be removed and all of the enterprise content for that managed account should be gone.

                          Important
                          On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
                          • +
                        • Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
                          The device should be removed and all of the enterprise content for that managed account should be gone.

                          Important
                          On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
                        @@ -168,11 +168,11 @@ You can try any of the processes included in these scenarios, but you should foc Verify that app content is protected when a Windows 10 Mobile phone is locked.
                          -
                        • Check that protected app data doesn't appear on the Lock screen of a Windows 10 Mobile phone.
                          • +
                        • Check that protected app data doesn't appear on the Lock screen of a Windows 10 Mobile phone.
                        >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 4f4a47aff3..7a321fae6b 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -7,13 +7,14 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dulcemontemayor +ms.author: dolmont manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.reviewer: --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 13b9c07410..dc97c95d0d 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -7,13 +7,14 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dulcemontemayor +ms.author: dolmont manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.reviewer: --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index bb80483994..c65af63ce9 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -3,14 +3,15 @@ title: # Fine-tune Windows Information Policy (WIP) with WIP Learning description: How to access the WIP Learning report to monitor and apply Windows Information Protection in your company. ms.assetid: 53db29d2-d99d-4db6-b494-90e2b4872ca2 +ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP Learning ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dulcemontemayor +ms.author: dolmont manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7c749be104..19cc428023 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -1,10 +1,10 @@ # [Threat protection](index.md) -## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) +## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) -### [Overview](windows-defender-atp/overview.md) -#### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md) -##### [Hardware-based isolation](windows-defender-atp/overview-hardware-based-isolation.md) +### [Overview](microsoft-defender-atp/overview.md) +#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) +##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md) ###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md) ####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) ###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) @@ -15,104 +15,107 @@ ##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) ##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) #### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md) -##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md) +#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md) +##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md) -##### [Incidents queue](windows-defender-atp/incidents-queue.md) -###### [View and organize the Incidents queue](windows-defender-atp/view-incidents-queue.md) -###### [Manage incidents](windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md) -###### [Investigate incidents](windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md) +##### [Incidents queue](microsoft-defender-atp/incidents-queue.md) +###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md) +###### [Manage incidents](microsoft-defender-atp/manage-incidents.md) +###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md) ##### Alerts queue -###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) -###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md) -###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md) -###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md) -###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md) -###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md) -###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md) -###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md) +###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) +###### [Manage alerts](microsoft-defender-atp/manage-alerts.md) +###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md) +###### [Investigate files](microsoft-defender-atp/investigate-files.md) +###### [Investigate machines](microsoft-defender-atp/investigate-machines.md) +###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md) +###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md) +###### [Investigate a user account](microsoft-defender-atp/investigate-user.md) ##### Machines list -###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md) -###### [Manage machine group and tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md) -###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) -###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) -####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) -####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) -####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) -####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) +###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) +###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) +###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline) +####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) +####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) +####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) +####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) -##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md) -###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md) -####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) -####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) -####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) -####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) -####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) -####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +##### [Take response actions](microsoft-defender-atp/response-actions.md) +###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md) +####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) +####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) +####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) +####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) +####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) +####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) +####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) -###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) -####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) -####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) -####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) -####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) -####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) -####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) +###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md) +####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) +####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) +####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) +####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) +####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) +####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) +####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) +####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) +####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) +###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md) +#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) -#### [Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md) -##### [Learn about the automated investigation and remediation dashboard](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md) +#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) +##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) -#### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md) -#### [Threat analytics](windows-defender-atp/threat-analytics.md) +#### [Secure score](microsoft-defender-atp/overview-secure-score.md) +#### [Threat analytics](microsoft-defender-atp/threat-analytics.md) -#### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md) -##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) -###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md) -###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) -##### [Custom detections](windows-defender-atp/overview-custom-detections.md) -###### [Create custom detections rules](windows-defender-atp/custom-detection-rules.md) +#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md) +##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) +###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) +###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) +##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md) +###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) -#### [Management and APIs](windows-defender-atp/management-apis.md) -##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -##### [Windows Defender ATP APIs](windows-defender-atp/apis-intro.md) -##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md) +#### [Management and APIs](microsoft-defender-atp/management-apis.md) +##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) +##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) +##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md) -#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md) -##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md) -##### [Microsoft Cloud App Security integration overview](windows-defender-atp/microsoft-cloud-app-security-integration.md) -##### [Information protection in Windows overview](windows-defender-atp/information-protection-in-windows-overview.md) +#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md) +##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) +##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) +##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md) +###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) -#### [Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md) +#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) -#### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md) +#### [Portal overview](microsoft-defender-atp/portal-overview.md) -### [Get started](windows-defender-atp/get-started.md) -#### [What's new in Windows Defender ATP](windows-defender-atp/whats-new-in-windows-defender-atp.md) -#### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) -#### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md) -#### [Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md) -#### [Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md) -#### [Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md) +### [Get started](microsoft-defender-atp/get-started.md) +#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) +#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md) +#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md) +#### [Preview features](microsoft-defender-atp/preview.md) +#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) +#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md) -#### [Evaluate Windows Defender ATP](windows-defender-atp/evaluate-atp.md) +#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md) #####Evaluate attack surface reduction ###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) ###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md) @@ -123,10 +126,10 @@ ###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) -#### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md) +#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) -### [Configure and manage capabilities](windows-defender-atp/onboard.md) -#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md) +### [Configure and manage capabilities](microsoft-defender-atp/onboard.md) +#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md) #####Hardware-based isolation ###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) ###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md) @@ -213,208 +216,209 @@ ###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -#### [Configure Secure score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md) +#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) #### Management and API support -##### [Onboard machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md) -###### [Onboard previous versions of Windows](windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md) -###### [Onboard Windows 10 machines](windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md) -####### [Onboard machines using Group Policy](windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md) -####### [Onboard machines using System Center Configuration Manager](windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) -####### [Onboard machines using Mobile Device Management tools](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) -######## [Onboard machines using Microsoft Intune](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune) -####### [Onboard machines using a local script](windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md) -####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) -###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md) -###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) -###### [Onboard machines without Internet access](windows-defender-atp/onboard-offline-machines.md) -###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md) -###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md) -###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) -####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) +##### [Onboard machines](microsoft-defender-atp/onboard-configure.md) +###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md) +###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md) +####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md) +####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md) +####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md) +######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) +####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md) +####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md) +###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) +###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md) +###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md) +###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md) +###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md) +###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md) +###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md) +####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) -##### [Windows Defender ATP API](windows-defender-atp/use-apis.md) -###### [Get started with Windows Defender ATP APIs](windows-defender-atp/apis-intro.md) -####### [Hello World](windows-defender-atp/api-hello-world.md) -####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md) -####### [Get access with user context](windows-defender-atp/exposed-apis-create-app-nativeapp.md) -###### [APIs](windows-defender-atp/exposed-apis-list.md) +##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md) +###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md) +###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) +####### [Hello World](microsoft-defender-atp/api-hello-world.md) +####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md) +####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md) +###### [APIs](microsoft-defender-atp/exposed-apis-list.md) -####### [Advanced Hunting](windows-defender-atp/run-advanced-query-api.md) +####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md) -####### [Alert](windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md) -######## [List alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Create alert](windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md) -######## [Update Alert](windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md) -######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) -######## [Get alert related domains information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md) -######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) -######## [Get alert related IPs information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) -######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) -######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) +####### [Alert](microsoft-defender-atp/alerts.md) +######## [List alerts](microsoft-defender-atp/get-alerts.md) +######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md) +######## [Update Alert](microsoft-defender-atp/update-alert.md) +######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md) +######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md) +######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md) +######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md) +######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md) +######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md) -####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md) -######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md) -######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md) -######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) -######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Add or Remove machine tags](windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) -######## [Find machines by IP](windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) +####### [Machine](microsoft-defender-atp/machine.md) +######## [List machines](microsoft-defender-atp/get-machines.md) +######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) +######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) +######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) +######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) -####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md) -######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) -######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md) -######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md) -######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) -######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md) -######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md) -######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md) -######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) -######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md) -######## [Offboard machine](windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md) -######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md) -######## [Initiate investigation (preview)](windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md) +####### [Machine Action](microsoft-defender-atp/machineaction.md) +######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md) +######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md) +######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md) +######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md) +######## [Isolate machine](microsoft-defender-atp/isolate-machine.md) +######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md) +######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md) +######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md) +######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md) +######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md) +######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md) +######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md) -####### [Indicators](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md) -######## [Submit Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md) -######## [List Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) -######## [Delete Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) +####### [Indicators](microsoft-defender-atp/ti-indicator.md) +######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md) +######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md) +######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md) ####### Domain -######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md) -######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md) -######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md) +######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) +######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) +######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) +######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) -####### [File](windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md) -######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md) -######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md) -######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md) +####### [File](microsoft-defender-atp/files.md) +######## [Get file information](microsoft-defender-atp/get-file-information.md) +######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md) +######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md) +######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md) ####### IP -######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md) -######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md) -######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md) +######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) +######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) +######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) +######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) -####### [User](windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md) -######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) -######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md) +####### [User](microsoft-defender-atp/user.md) +######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) +######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) ###### How to use APIs - Samples ####### Advanced Hunting API -######## [Schedule advanced Hunting using Microsoft Flow](windows-defender-atp/run-advanced-query-sample-ms-flow.md) -######## [Advanced Hunting using PowerShell](windows-defender-atp/run-advanced-query-sample-powershell.md) -######## [Advanced Hunting using Python](windows-defender-atp/run-advanced-query-sample-python.md) -######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md) +######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md) +######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md) +######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md) +######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md) ####### Multiple APIs -######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md) +######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md) +####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md) #####Windows updates (KB) info -###### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md) #####Common Vulnerabilities and Exposures (CVE) to KB map -###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) +###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) ##### API for custom alerts (Deprecated) -###### [Enable the custom threat intelligence application (Deprecated)](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Use the threat intelligence API to create custom alerts (Deprecated)](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Create custom threat intelligence alerts (Deprecated)](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -###### [PowerShell code examples (Deprecated)](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -###### [Python code examples (Deprecated)](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -###### [Experiment with custom threat intelligence alerts (Deprecated)](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot custom threat intelligence issues (Deprecated)](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) +###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) +###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) +###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) +###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) +###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) -##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) -###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md) -###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md) -###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md) -###### [Windows Defender ATP SIEM alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md) -###### [Pull alerts using SIEM REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md) +##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md) +###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) +###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md) +###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md) +###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md) +###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) +###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) ##### Reporting -###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) -###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md) -###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md) +###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) +###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) +###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) ##### Interoperability -###### [Partner applications](windows-defender-atp/partner-applications.md) +###### [Partner applications](microsoft-defender-atp/partner-applications.md) ##### Role-based access control -###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) -####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md) -####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md) -######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md) +###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +####### [Create and manage roles](microsoft-defender-atp/user-roles.md) +####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) +######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) -##### [Configure managed security service provider (MSSP) support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md) +##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md) -#### [Configure and manage Microsoft Threat Experts capabilities](windows-defender-atp/configure-microsoft-threat-experts.md) +#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) #### Configure Microsoft threat protection integration -##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md) -##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md) -##### [Configure information protection in Windows](windows-defender-atp/information-protection-in-windows-config.md) +##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md) +##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md) +##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) -#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md) +#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md) ##### General -###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md) -###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md) -###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) -###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md) -###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md) +###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) +###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) +###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md) +###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md) +###### [Configure advanced features](microsoft-defender-atp/advanced-features.md) ##### Permissions -###### [Use basic permissions to access the portal](windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md) -###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) -####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md) -####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md) -######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md) +###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md) +###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +####### [Create and manage roles](microsoft-defender-atp/user-roles.md) +####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) +######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) ##### APIs -###### [Enable Threat intel (Deprecated)](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md) +###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) #####Rules -###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md) -###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -###### [Manage indicators](windows-defender-atp/manage-indicators.md) -###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) -###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) +###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md) +###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md) +###### [Manage indicators](microsoft-defender-atp/manage-indicators.md) +###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md) +###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md) #####Machine management -###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md) -###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md) +###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) +###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) -##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md) +##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) -### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md) +### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md) ####Troubleshoot sensor state -##### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md) -##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) -##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) -##### [Misconfigured machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) -##### [Review sensor events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md) +##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md) +##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md) +##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines) +##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines) +##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md) -#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md) -##### [Check service health](windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md) +##### [Check service health](microsoft-defender-atp/service-status.md) ####Troubleshoot attack surface reduction ##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md) @@ -1029,11 +1033,11 @@ ##### [Security Compliance Toolkit](windows-security-configuration-framework/security-compliance-toolkit-10.md) ##### [Get support](windows-security-configuration-framework/get-support-for-security-baselines.md) #### [Windows security configuration framework](windows-security-configuration-framework/windows-security-configuration-framework.md) -##### [Level 5 enterprise security](windows-security-configuration-framework/level-5-enterprise-security.md) -##### [Level 4 enterprise high security](windows-security-configuration-framework/level-4-enterprise-high-security.md) -##### [Level 3 enterprise VIP security](windows-security-configuration-framework/level-3-enterprise-vip-security.md) -##### [Level 2 enterprise dev/ops workstation](windows-security-configuration-framework/level-2-enterprise-devops-security.md) -##### [Level 1 enterprise administrator workstation](windows-security-configuration-framework/level-1-enterprise-administrator-security.md) +##### [Level 1 enterprise basic security](windows-security-configuration-framework/level-1-enterprise-basic-security.md) +##### [Level 2 enterprise enhanced security](windows-security-configuration-framework/level-2-enterprise-enhanced-security.md) +##### [Level 3 enterprise high security](windows-security-configuration-framework/level-3-enterprise-high-security.md) +##### [Level 4 enterprise dev/ops workstation](windows-security-configuration-framework/level-4-enterprise-devops-security.md) +##### [Level 5 enterprise administrator workstation](windows-security-configuration-framework/level-5-enterprise-administrator-security.md) ### [MBSA removal and alternatives](mbsa-removal-and-guidance.md) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 842cb0b7bb..1a252befcc 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -2,12 +2,14 @@ title: Advanced security audit policy settings (Windows 10) description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -57,11 +59,13 @@ The security audit policy settings in this category can be used to monitor chang Detailed Tracking security policy settings and audit events can be used to monitor the activities of individual applications and users on that computer, and to understand how a computer is being used. This category includes the following subcategories: -- [Audit DPAPI Activity](audit-dpapi-activity.md) -- [Audit PNP activity](audit-pnp-activity.md) -- [Audit Process Creation](audit-process-creation.md) -- [Audit Process Termination](audit-process-termination.md) -- [Audit RPC Events](audit-rpc-events.md) +- [Audit DPAPI Activity](audit-dpapi-activity.md) +- [Audit PNP activity](audit-pnp-activity.md) +- [Audit Process Creation](audit-process-creation.md) +- [Audit Process Termination](audit-process-termination.md) +- [Audit RPC Events](audit-rpc-events.md) +- [Audit Credential Validation](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-credential-validation) + > **Note:** For more information, see [Security Monitoring](https://blogs.technet.microsoft.com/nathangau/2018/01/25/security-monitoring-a-possible-new-way-to-detect-privilege-escalation/) ## DS Access @@ -90,7 +94,7 @@ Logon/Logoff security policy settings and audit events allow you to track attemp ## Object Access -Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate object Aaccess auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses. +Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate Object Access auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses. Proving that these audit policies are in effect to an external auditor is more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see [Global Object Access Auditing](#global-object-access-auditing). @@ -149,7 +153,7 @@ Resource SACLs are also useful for diagnostic scenarios. For example, setting th > **Note:**  If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy. -  + This category includes the following subcategories: - [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md) - [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md index 6935b85eb1..a493220c28 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md @@ -2,12 +2,14 @@ title: Advanced security auditing FAQ (Windows 10) description: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. ms.assetid: 80f8f187-0916-43c2-a7e8-ea712b115a06 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -83,7 +85,7 @@ The rules that govern how Group Policy settings are applied propagate to the sub | - | - | - | -| | Detailed File Share Auditing | Success | Failure | Success | | Process Creation Auditing | Disabled | Success | Disabled | -| Logon Auditing | Success | Failure | Failure | +| Logon Auditing | Failure | Success | Failure | ## What is the difference between an object DACL and an object SACL? diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 4d960b6b9a..021751d479 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -2,12 +2,14 @@ title: Advanced security audit policies (Windows 10) description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently. ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index 454c14422b..ff4abced1d 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dolmont --- # Appendix A: Security monitoring recommendations for many audit events diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 6622f7fc55..b63008134d 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -2,12 +2,14 @@ title: Apply a basic audit policy on a file or folder (Windows 10) description: You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 9cb1d5053c..bc27706761 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -2,12 +2,15 @@ title: Audit Account Lockout (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out. ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 10fcf365b8..5f12787bad 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -2,12 +2,15 @@ title: Audit Application Generated (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs). ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 54f30393c1..243a0a2793 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -2,12 +2,15 @@ title: Audit Application Group Management (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed. ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 46038a5e5c..92ddf75cc3 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -2,12 +2,15 @@ title: Audit Audit Policy Change (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy. ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 9c4f4f01b9..c5948e2a98 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -2,12 +2,15 @@ title: Audit Authentication Policy Change (Windows 10) description: This topic for the IT professional describes this Advanced Security Audit policy setting, Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy. ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index d2a34b5e82..9cd3235fed 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -2,12 +2,15 @@ title: Audit Authorization Policy Change (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy. ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 7248f8b951..90c6830590 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -2,12 +2,15 @@ title: Audit Central Access Policy Staging (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy. ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 109237d268..6a92ec70fa 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -2,12 +2,15 @@ title: Audit Certification Services (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (ADÂ CS) operations are performed. ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 9ba95826d4..6bd25fe17e 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -2,12 +2,15 @@ title: Audit Computer Account Management (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted. ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 1053fc3b3e..afdc02bc12 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -2,12 +2,15 @@ title: Audit Credential Validation (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request. ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index c20e709c3f..b7b19c64be 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -2,12 +2,15 @@ title: Audit Detailed Directory Service Replication (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Detailed Directory Service Replication, which determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers. ms.assetid: 1b89c8f5-bce7-4b20-8701-42585c7ab993 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 512ffb1d82..45f0d84812 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -2,12 +2,15 @@ title: Audit Detailed File Share (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder. ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index f0d54b7e51..0fdac3e3ab 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -2,12 +2,15 @@ title: Audit Directory Service Access (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (ADÂ DS) object is accessed. ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index a668880442..46fde5296b 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -2,12 +2,15 @@ title: Audit Directory Service Changes (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (ADÂ DS). ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 41ced142b1..207691696b 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -2,12 +2,15 @@ title: Audit Directory Service Replication (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends. ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 88a2692952..ef75ae3395 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -2,12 +2,15 @@ title: Audit Distribution Group Management (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks. ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index 86b22ef36d..850ee6ccd6 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -2,12 +2,15 @@ title: Audit DPAPI Activity (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI). ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 6664fafb8d..bcd5e1c94a 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -2,12 +2,15 @@ title: Audit File Share (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File Share, which determines whether the operating system generates audit events when a file share is accessed. ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 57d6cee236..dce5c61456 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -2,12 +2,15 @@ title: Audit File System (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects. ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 611e14619a..ddc64a5ebd 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -2,12 +2,15 @@ title: Audit Filtering Platform Connection (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform. ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index 3aeb8b5e37..8d5152fbd3 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -2,12 +2,15 @@ title: Audit Filtering Platform Packet Drop (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform. ms.assetid: 95457601-68d1-4385-af20-87916ddab906 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index bcfe72948a..1a4f6057a4 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -2,12 +2,15 @@ title: Audit Filtering Platform Policy Change (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions. ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index c503247f64..6f3d57854c 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -2,12 +2,15 @@ title: Audit Group Membership (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Group Membership, which enables you to audit group memberships when they are enumerated on the client PC. ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index 032486cabe..39286372c6 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -2,12 +2,15 @@ title: Audit Handle Manipulation (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed. ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 1fb88b5fd4..bb31873f01 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -2,12 +2,15 @@ title: Audit IPsec Driver (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver. ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index e9388ef13f..1f64ccddd8 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -2,12 +2,15 @@ title: Audit IPsec Extended Mode (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index 1a34ba32f3..ffb510a3d0 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -2,12 +2,15 @@ title: Audit IPsec Main Mode (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 40aabcd719..e775a3c861 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -2,12 +2,15 @@ title: Audit IPsec Quick Mode (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index fa45372c3e..c0b06e1fe1 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -2,12 +2,15 @@ title: Audit Kerberos Authentication Service (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 555286d0f5..34189b1f84 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -2,12 +2,15 @@ title: Audit Kerberos Service Ticket Operations (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Service Ticket Operations, which determines whether the operating system generates security audit events for Kerberos service ticket requests. ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index 4ee34b9790..e8e980b574 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -2,12 +2,15 @@ title: Audit Kernel Object (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores. ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index 521a5e8e0f..ad99e15524 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -2,12 +2,15 @@ title: Audit Logoff (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated. ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index 4b4cc2f5de..6b4a018bc0 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -2,12 +2,15 @@ title: Audit Logon (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer. ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index f3bb9e035a..168b3092df 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -2,12 +2,15 @@ title: Audit MPSSVC Rule-Level Policy Change (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe). ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 5f50082169..b54295726e 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -2,12 +2,15 @@ title: Audit Network Policy Server (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock). ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 9f0a2a2a2f..198fafbb9a 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -2,12 +2,15 @@ title: Audit Non Sensitive Privilege Use (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. ms.assetid: 8fd74783-1059-443e-aa86-566d78606627 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 8a13f5aac2..132ef45445 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -2,12 +2,15 @@ title: Audit Other Account Logon Events (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index 2118e8090b..a0c84a45db 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -2,12 +2,15 @@ title: Audit Other Account Management Events (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events. ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index 1be1e370f1..e8c3a4a9ab 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -2,12 +2,15 @@ title: Audit Other Logon/Logoff Events (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events. ms.assetid: 76d987cd-1917-4907-a739-dd642609a458 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 199192018a..2b34a59026 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -2,12 +2,15 @@ title: Audit Other Object Access Events (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects. ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 05/29/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 08d287a0cb..b0dd87d7af 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -2,12 +2,15 @@ title: Audit Other Policy Change Events (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Policy Change Events, which determines whether the operating system generates audit events for security policy changes that are not otherwise audited in the Policy Change category. ms.assetid: 8618502e-c21c-41cc-8a49-3dc1eb359e60 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index 45be00eab8..e9a27ea9ef 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -2,12 +2,15 @@ title: Audit Other Privilege Use Events (Windows 10) description: This security policy setting is not used. ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index e70d6e2681..d7c450d16a 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -2,12 +2,15 @@ title: Audit Other System Events (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other System Events, which determines whether the operating system audits various system events. ms.assetid: 2401e4cc-d94e-41ec-82a7-e10914295f8b +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 51f7778df1..52fc369770 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -2,12 +2,15 @@ title: Audit PNP Activity (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit PNP Activity, which determines when plug and play detects an external device. ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 39e53664c4..a2306f7577 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -2,12 +2,15 @@ title: Audit Process Creation (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts). ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index d1a88331d5..98610489a7 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -2,12 +2,15 @@ title: Audit Process Termination (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process. ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 7454355c57..6f804cc917 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -2,12 +2,15 @@ title: Audit Registry (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects. ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 3e4c82578c..c069248b22 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -2,12 +2,15 @@ title: Audit Removable Storage (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive. ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 584b5fb9ff..6581dc9ecb 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -2,12 +2,15 @@ title: Audit RPC Events (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made. ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 57071fda29..621886f3cf 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -2,12 +2,15 @@ title: Audit SAM (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects. ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 66dbdee966..92ca9f0cc3 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -2,12 +2,15 @@ title: Audit Security Group Management (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 02/28/2019 --- diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 127b34b44a..bddc7c3b72 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -2,12 +2,15 @@ title: Audit Security State Change (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system. ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 778abbd8c0..ee05761add 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -2,12 +2,15 @@ title: Audit Security System Extension (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions. ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index 0320c9d421..148208ccb0 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -2,12 +2,15 @@ title: Audit Sensitive Privilege Use (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used. ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index bfd47e55e9..82e41e77a1 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -2,12 +2,15 @@ title: Audit Special Logon (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances. ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index a244a43880..780b2f6b5a 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -2,12 +2,15 @@ title: Audit System Integrity (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit System Integrity, which determines whether the operating system audits events that violate the integrity of the security subsystem. ms.assetid: 942a9a7f-fa31-4067-88c7-f73978bf2034 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 3315c7f053..c63b155800 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -2,12 +2,15 @@ title: Audit User Account Management (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed. ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 988736426a..3f7727d40f 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -2,12 +2,15 @@ title: Audit User/Device Claims (Windows 10) description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims. ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486 +ms.reviewer: +manager: dansimp +ms.author: dolmont ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 7f78b5f46d..d09135ef91 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -2,12 +2,14 @@ title: Audit account logon events (Windows 10) description: Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -45,9 +47,9 @@ You can configure this security setting by opening the appropriate policy under | 681 | Logon failure. A domain account logon was attempted. This event is not generated in Windows XP or in the Windows Server 2003 family. | | 682 | A user has reconnected to a disconnected terminal server session. | | 683 | A user disconnected a terminal server session without logging off. | -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index ac22b4c4fe..a9c1e83493 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -2,12 +2,14 @@ title: Audit account management (Windows 10) description: Determines whether to audit each event of account management on a device. ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 04/19/2017 # Audit account management **Applies to** -- Windows 10 +- Windows 10 Determines whether to audit each event of account management on a device. @@ -40,54 +42,55 @@ set this value to **No auditing**, in the **Properties** dialog box for this pol You can configure this security setting by opening the appropriate policy under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. -| Account management events | Description | -| - | - | -| 624 | A user account was created.| -| 627 | A user password was changed.| -| 628 | A user password was set. | -| 630 | A user account was deleted.| -| 631 | A global group was created. | -| 632 | A member was added to a global group.| -| 633 | A member was removed from a global group.| -| 634 | A global group was deleted. | -| 635 | A new local group was created.| -| 636 | A member was added to a local group.| -| 637 | A member was removed from a local group.| -| 638 | A local group was deleted. | -| 639 | A local group account was changed.| -| 641 | A global group account was changed.| -| 642 | A user account was changed. | -| 643 | A domain policy was modified. | -| 644 | A user account was auto locked. | -| 645 | A computer account was created. | -| 646 | A computer account was changed. | -| 647 | A computer account was deleted. | -| 648 | A local security group with security disabled was created.
                        **Note:** SECURITY_DISABLED in the formal name means that this group cannot be used to grant permissions in access checks. | | -| 649 | A local security group with security disabled was changed. | -| 650 | A member was added to a security-disabled local security group. | -| 651 | A member was removed from a security-disabled local security group. | -| 652 | A security-disabled local group was deleted. | -| 653 | A security-disabled global group was created. | -| 645 | A security-disabled global group was changed. | -| 655 | A member was added to a security-disabled global group. | -| 656 | A member was removed from a security-disabled global group. | -| 657 | A security-disabled global group was deleted. | -| 658 | A security-enabled universal group was created. | -| 659 | A security-enabled universal group was changed. | -| 660 | A member was added to a security-enabled universal group. | -| 661 | A member was removed from a security-enabled universal group. | -| 662 | A security-enabled universal group was deleted. | -| 663 | A security-disabled universal group was created. | -| 664 | A security-disabled universal group was changed. | -| 665 | A member was added to a security-disabled universal group. | -| 666 | A member was removed from a security-disabled universal group. | -| 667 | A security-disabled universal group was deleted. | -| 668 | A group type was changed. | -| 684 | Set the security descriptor of members of administrative groups. | -| 685 | Set the security descriptor of members of administrative groups.
                        **Note:**  Every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise, and schema administrators) and applies a fixed security descriptor on them. This event is logged.| -  + +| Account management events | Description | +|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 624 | A user account was created. | +| 627 | A user password was changed. | +| 628 | A user password was set. | +| 630 | A user account was deleted. | +| 631 | A global group was created. | +| 632 | A member was added to a global group. | +| 633 | A member was removed from a global group. | +| 634 | A global group was deleted. | +| 635 | A new local group was created. | +| 636 | A member was added to a local group. | +| 637 | A member was removed from a local group. | +| 638 | A local group was deleted. | +| 639 | A local group account was changed. | +| 641 | A global group account was changed. | +| 642 | A user account was changed. | +| 643 | A domain policy was modified. | +| 644 | A user account was auto locked. | +| 645 | A computer account was created. | +| 646 | A computer account was changed. | +| 647 | A computer account was deleted. | +| 648 | A local security group with security disabled was created.
                        **Note:** SECURITY_DISABLED in the formal name means that this group cannot be used to grant permissions in access checks. | +| 649 | A local security group with security disabled was changed. | +| 650 | A member was added to a security-disabled local security group. | +| 651 | A member was removed from a security-disabled local security group. | +| 652 | A security-disabled local group was deleted. | +| 653 | A security-disabled global group was created. | +| 645 | A security-disabled global group was changed. | +| 655 | A member was added to a security-disabled global group. | +| 656 | A member was removed from a security-disabled global group. | +| 657 | A security-disabled global group was deleted. | +| 658 | A security-enabled universal group was created. | +| 659 | A security-enabled universal group was changed. | +| 660 | A member was added to a security-enabled universal group. | +| 661 | A member was removed from a security-enabled universal group. | +| 662 | A security-enabled universal group was deleted. | +| 663 | A security-disabled universal group was created. | +| 664 | A security-disabled universal group was changed. | +| 665 | A member was added to a security-disabled universal group. | +| 666 | A member was removed from a security-disabled universal group. | +| 667 | A security-disabled universal group was deleted. | +| 668 | A group type was changed. | +| 684 | Set the security descriptor of members of administrative groups. | +| 685 | Set the security descriptor of members of administrative groups.
                        **Note:** Every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise, and schema administrators) and applies a fixed security descriptor on them. This event is logged. | + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index 0de79e98e7..a1744341ec 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -2,12 +2,14 @@ title: Audit directory service access (Windows 10) description: Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ By default, this value is set to no auditing in the Default Domain Controller Gr If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an Active Directory object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an Active Directory object that has a SACL specified. To set this value to **No auditing,** in the **Properties** dialog box for this policy setting, select the **Define these policy settings** check box and clear the **Success** and **Failure** check boxes. > **Note:**  You can set a SACL on an Active Directory object by using the **Security** tab in that object's **Properties** dialog box. This is the same as Audit object access, except that it applies only to Active Directory objects and not to file system and registry objects. -  + **Default:** - Success on domain controllers. @@ -41,9 +43,9 @@ There is only one directory service access event, which is identical to the Obje | Directory service access events | Description | |---------------------------------|----------------------------------------| | 566 | A generic object operation took place. | -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 2bcf48cc8b..01df735d39 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -2,12 +2,14 @@ title: Audit logon events (Windows 10) description: Determines whether to audit each instance of a user logging on to or logging off from a device. ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -63,7 +65,7 @@ You can configure this security setting by opening the appropriate policy under | 552 | A user successfully logged on to a computer using explicit credentials while already logged on as a different user. | | 682 | A user has reconnected to a disconnected terminal server session. | | 683 | A user disconnected a terminal server session without logging off. | -  + When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type. @@ -78,9 +80,9 @@ When event 528 is logged, a logon type is also listed in the event log. The foll | 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.| | 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop.| | 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.| -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index ec41b532a0..26e2122845 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -2,12 +2,14 @@ title: Audit object access (Windows 10) description: Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 04/19/2017 # Audit object access **Applies to** -- Windows 10 +- Windows 10 Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. @@ -26,60 +28,61 @@ If you define this policy setting, you can specify whether to audit successes, a To set this value to **No auditing**, in the **Properties** dialog box for this policy setting, select the Define these policy settings check box and clear the **Success** and **Failure** check boxes. -> **Note:**  You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box. -  +> **Note:** You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box. + **Default:** No auditing. ## Configure this audit setting You can configure this security setting by opening the appropriate policy under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. -| Object access events | Description | -| - | - | -| 560 | Access was granted to an already existing object.| -| 562 | A handle to an object was closed. | -| 563 | An attempt was made to open an object with the intent to delete it.
                        **Note: **  This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile().|| -| 564 | A protected object was deleted. | -| 565 | Access was granted to an already existing object type.| -| 567 | A permission associated with a handle was used.
                        **Note: **  A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used.| -| 568 | An attempt was made to create a hard link to a file that is being audited. | -| 569 | The resource manager in Authorization Manager attempted to create a client context.| -| 570 | A client attempted to access an object.
                        **Note:**  An event will be generated for every attempted operation on the object.| -| 571 | The client context was deleted by the Authorization Manager application. | -| 572 | The administrator manager initialized the application. | -| 772 | The certificate manager denied a pending certificate request.| -| 773 | Certificate Services received a resubmitted certificate request.| -| 774 | Certificate Services revoked a certificate.| -| 775 | Certificate Services received a request to publish the certificate revocation list (CRL).| -| 776 | Certificate Services published the certificate revocation list (CRL). | -| 777 | A certificate request extension was made. | -| 778 | One or more certificate request attributes changed.| -| 779 | Certificate Services received a request to shutdown.| -| 780 | Certificate Services backup started. | -| 781 | Certificate Services backup completed | -| 782 | Certificate Services restore started. | -| 783 | Certificate Services restore completed.| -| 784 | Certificate Services started. | -| 785 | Certificate Services stopped. | -| 786 | The security permissions for Certificate Services changed.| -| 787 | Certificate Services retrieved an archived key. | -| 788 | Certificate Services imported a certificate into its database.| -| 789 | The audit filter for Certificate Services changed. | -| 790 | Certificate Services received a certificate request.| -| 791 | Certificate Services approved a certificate request and issued a certificate.| -| 792 | Certificate Services denied a certificate request. | -| 793 | Certificate Services set the status of a certificate request to pending.| -| 794 | The certificate manager settings for Certificate Services changed. | -| 795 | A configuration entry changed in Certificate Services. | -| 796 | A property of Certificate Services changed. | -| 797 | Certificate Services archived a key. | -| 798 | Certificate Services imported and archived a key.| -| 799 | Certificate Services published the CA certificate to Active Directory.| -| 800 | One or more rows have been deleted from the certificate database. | -| 801 | Role separation enabled. | + +| Object access events | Description | +|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 560 | Access was granted to an already existing object. | +| 562 | A handle to an object was closed. | +| 563 | An attempt was made to open an object with the intent to delete it.
                        \*\*Note: \*\* This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile(). | +| 564 | A protected object was deleted. | +| 565 | Access was granted to an already existing object type. | +| 567 | A permission associated with a handle was used.
                        \*\*Note: \*\* A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | +| 568 | An attempt was made to create a hard link to a file that is being audited. | +| 569 | The resource manager in Authorization Manager attempted to create a client context. | +| 570 | A client attempted to access an object.
                        **Note:** An event will be generated for every attempted operation on the object. | +| 571 | The client context was deleted by the Authorization Manager application. | +| 572 | The administrator manager initialized the application. | +| 772 | The certificate manager denied a pending certificate request. | +| 773 | Certificate Services received a resubmitted certificate request. | +| 774 | Certificate Services revoked a certificate. | +| 775 | Certificate Services received a request to publish the certificate revocation list (CRL). | +| 776 | Certificate Services published the certificate revocation list (CRL). | +| 777 | A certificate request extension was made. | +| 778 | One or more certificate request attributes changed. | +| 779 | Certificate Services received a request to shutdown. | +| 780 | Certificate Services backup started. | +| 781 | Certificate Services backup completed | +| 782 | Certificate Services restore started. | +| 783 | Certificate Services restore completed. | +| 784 | Certificate Services started. | +| 785 | Certificate Services stopped. | +| 786 | The security permissions for Certificate Services changed. | +| 787 | Certificate Services retrieved an archived key. | +| 788 | Certificate Services imported a certificate into its database. | +| 789 | The audit filter for Certificate Services changed. | +| 790 | Certificate Services received a certificate request. | +| 791 | Certificate Services approved a certificate request and issued a certificate. | +| 792 | Certificate Services denied a certificate request. | +| 793 | Certificate Services set the status of a certificate request to pending. | +| 794 | The certificate manager settings for Certificate Services changed. | +| 795 | A configuration entry changed in Certificate Services. | +| 796 | A property of Certificate Services changed. | +| 797 | Certificate Services archived a key. | +| 798 | Certificate Services imported and archived a key. | +| 799 | Certificate Services published the CA certificate to Active Directory. | +| 800 | One or more rows have been deleted from the certificate database. | +| 801 | Role separation enabled. | ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index 129ea370a0..391acd4cfb 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -2,12 +2,14 @@ title: Audit policy change (Windows 10) description: Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -58,9 +60,9 @@ You can configure this security setting under Computer Configuration\\Windows Se | 770 | Trusted forest information was deleted.
                        **Note:**  This event message is generated when forest trust information is updated and one or more entries are added. One event message is generated per added, deleted, or modified entry. If multiple entries are added, deleted, or modified in a single update of the forest trust information, all the generated event messages have a single unique identifier called an operation ID. This allows you to determine that the multiple generated event messages are the result of a single operation. Not all parameters are valid for each entry type. For example, parameters such as DNS name, NetBIOS name and SID are not valid for an entry of type "TopLevelName".| | 771 | Trusted forest information was modified.
                        **Note:**  This event message is generated when forest trust information is updated and one or more entries are added. One event message is generated per added, deleted, or modified entry. If multiple entries are added, deleted, or modified in a single update of the forest trust information, all the generated event messages have a single unique identifier called an operation ID. This allows you to determine that the multiple generated event messages are the result of a single operation. Not all parameters are valid for each entry type. For example, parameters such as DNS name, NetBIOS name and SID are not valid for an entry of type "TopLevelName".| | 805 | The event log service read the security log configuration for a session. -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 7980a4d633..3482f78df0 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -2,12 +2,14 @@ title: Audit privilege use (Windows 10) description: Determines whether to audit each instance of a user exercising a user right. ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -47,9 +49,9 @@ You can configure this security setting under Computer Configuration\\Windows Se | 576 | Specified privileges were added to a user's access token.
                        **Note:**  This event is generated when the user logs on.| | 577 | A user attempted to perform a privileged system service operation. | | 578 | Privileges were used on an already open handle to a protected object. | -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index 6c5869c87d..cb8dcae793 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -2,12 +2,14 @@ title: Audit process tracking (Windows 10) description: Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -45,9 +47,9 @@ You can configure this security setting under Computer Configuration\\Windows Se | 600 | A process was assigned a primary token.| | 601 | A user attempted to install a service. | | 602 | A scheduler job was created. | -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index efc11bd08e..378ea7a13f 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -2,12 +2,14 @@ title: Audit system events (Windows 10) description: Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 9a3ba69bf5..ce8988ec09 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -2,12 +2,14 @@ title: Basic security audit policies (Windows 10) description: Before you implement auditing, you must decide on an auditing policy. ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -44,5 +46,5 @@ If you choose to audit access to objects as part of your audit policy, you must | [Apply a basic audit policy on a file or folder](apply-a-basic-audit-policy-on-a-file-or-folder.md) | You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. | | [View the security event log](view-the-security-event-log.md) | The security log records each event as defined by the audit policies you set on each object.| | [Basic security audit policy settings](basic-security-audit-policy-settings.md) | Basic security audit policy settings are found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.| -  -  + + diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 2a98ef92e3..a630363f60 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -2,12 +2,14 @@ title: Basic security audit policy settings (Windows 10) description: Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -35,9 +37,9 @@ Basic security audit policy settings are found under Computer Configuration\\Win | [Audit privilege use](basic-audit-privilege-use.md) | Determines whether to audit each instance of a user exercising a user right. | | [Audit process tracking](basic-audit-process-tracking.md) | Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.| | [Audit system events](basic-audit-system-events.md) | Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. | -  + ## Related topics - [Basic security audit policy settings](basic-security-audit-policy-settings.md) -  -  + + diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index b3ca1eb32d..19df234c28 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -2,12 +2,14 @@ title: Create a basic audit policy for an event category (Windows 10) description: By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3 +ms.reviewer: +ms.author: dolmont ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index 8ae8a12264..c9d45258d5 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dolmont --- # 1100(S): The event logging service has shut down. diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 4508e8029a..9a91340db1 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dolmont --- # 1102(S): The audit log was cleared. diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 36c41f9d28..7828382017 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dulcemontemayor ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dolmont --- # 1104(S): The security log is now full. diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index 9b170d57a8..cd3b89cac3 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 1105(S): Event log automatic backup. diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 937b44bb97..148ab10880 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 1108(S): The event logging service encountered an error while processing an incoming event published from %1. diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index cff87d7dea..22a7d07d71 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4608(S): Windows is starting up. diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index b774388a33..c9be68814f 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4610(S): An authentication package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index 4683b8e287..d245a30f27 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4611(S): A trusted logon process has been registered with the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 4a380aceb6..163c584492 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 5d049126d3..8dd6e72adc 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4614(S): A notification package has been loaded by the Security Account Manager. diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 2f460fcef2..be8925c8ba 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4615(S): Invalid use of LPC port. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 8079480ca1..8681a67e8f 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4616(S): The system time was changed. diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index 6f99221add..9dcc575df1 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4618(S): A monitored security event pattern has occurred. diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index b0b851608d..f3365acf99 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4621(S): Administrator recovered system from CrashOnAuditFail. diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index 392f672814..e425430b75 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4622(S): A security package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 4b806cfc45..f3c3ed088b 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4624(S): An account was successfully logged on. diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 2c05bde4a6..08fcff8219 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4625(F): An account failed to log on. @@ -76,7 +79,6 @@ This event generates on domain controllers, member servers, and workstations. 0 - ``` ***Required Server Roles:*** None. @@ -164,7 +166,7 @@ This event generates on domain controllers, member servers, and workstations. | 0xC0000072 | User logon to account disabled by administrator | | 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. | | 0XC0000133 | Clocks between DC and other computer too far out of sync | -| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine | +| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine | | 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. | | 0XC0000192 | An attempt was made to logon, but the N**etlogon** service was not started. | | 0xC0000193 | User logon with expired account | @@ -176,7 +178,7 @@ This event generates on domain controllers, member servers, and workstations. | 0x0 | Status OK. | > Table: Windows logon status codes. - +> > **Note**  To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK. More information: diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index d8a85f95bc..d0474f5941 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4626(S): User/Device claims information. @@ -72,7 +75,6 @@ This event generates on the computer to which the logon was performed (target co - - ``` ***Required Server Roles:*** None. @@ -155,7 +157,7 @@ This event generates on the computer to which the logon was performed (target co - “dadmin” – claim value. -**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value**.** For computer accounts this field has device claims listed. +**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value. For computer accounts this field has device claims listed. ## Security Monitoring Recommendations diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 43df6798b8..37bc83b16f 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4627(S): Group membership information. diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 8e486213ed..c7fd725041 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 11/20/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4634(S): An account was logged off. diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index fb96f3f25e..3cb68ae77c 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4647(S): User initiated logoff. diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index a8a8518c4c..97bb3eda59 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4648(S): A logon was attempted using explicit credentials. diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 9214d1fc97..0c3b10dff5 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4649(S): A replay attack was detected. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 68f1286e56..918d665121 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4656(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index cf9a1f22b9..f27a05c4d3 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4657(S): A registry value was modified. diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index b8befe0926..1569c43d0f 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4658(S): The handle to an object was closed. diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 1eef286432..7c03634e8e 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4660(S): An object was deleted. diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index f51210b9c3..13513c1eb8 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4661(S, F): A handle to an object was requested. @@ -71,7 +74,6 @@ This event generates only if Success auditing is enabled for the [Audit Handle M {bf967a90-0de6-11d0-a285-00aa003049e2} %%5400 {ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501} - ``` ***Required Server Roles:*** For an Active Directory object, the domain controller role is required. For a SAM object, there is no required role. @@ -133,15 +135,15 @@ This event generates only if Success auditing is enabled for the [Audit Handle M - SAM\_SERVER - distinguished name of the accessed object. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Handle ID** \[Type = Pointer\]: hexadecimal value of a handle to **Object Name**. This field can help you correlate this event with other events that might contain the same Handle ID, for example, “[4662](event-4662.md): An operation was performed on an object.” This parameter might not be captured in the event, and in that case appears as “0x0”. diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index bc4d1b5050..31fd7fd716 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4662(S, F): An operation was performed on an object. @@ -71,7 +74,6 @@ You will get one 4662 for each operation type which was performed. - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -125,15 +127,15 @@ You will get one 4662 for each operation type which was performed. - **Object Name** \[Type = UnicodeString\]: distinguished name of the object that was accessed. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Handle ID** \[Type = Pointer\]: hexadecimal value of a handle to **Object Name**. This field can help you correlate this event with other events that might contain the same Handle ID, for example, “[4661](event-4661.md): A handle to an object was requested.” This parameter might not be captured in the event, and in that case appears as “0x0”. diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index 534366322f..44da729457 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4663(S): An attempt was made to access an object. diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index af4feb6149..6f60cce3a7 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4664(S): An attempt was made to create a hard link. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 008b34039d..95a2dfe34f 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4670(S): Permissions on an object were changed. @@ -67,7 +70,6 @@ Before this event can generate, certain ACEs might need to be set in the object C:\\Windows\\System32\\dllhost.exe - ``` ***Required Server Roles:*** None. @@ -141,11 +143,11 @@ Before this event can generate, certain ACEs might need to be set in the object - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: @@ -268,9 +270,9 @@ For file system and registry objects, the following recommendations apply. -- If you have a pre-defined list of restricted substrings or words in process names (for example, “**mimikatz**” or “**cain.exe**”), check for these substrings in “**Process Name**.” +- If you have a pre-defined list of restricted substrings or words in process names (for example, “**mimikatz**” or “**cain.exe**”), check for these substrings in “**Process Name**.” -- If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.** +- If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.** -- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers**.** For example, you could monitor the **ntds.dit** file on domain controllers. +- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers. For example, you could monitor the **ntds.dit** file on domain controllers. diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index eb364f29f6..3e81e5f2f6 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4671(-): An application attempted to access a blocked ordinal through the TBS. diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index baac7dff4d..1641acbc10 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 12/20/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4672(S): Special privileges assigned to new logon. @@ -19,7 +22,7 @@ ms.date: 12/20/2018 Event 4672 illustration
                        -***Subcategory:*** [Audit Special Logon](audit-special-logon.md) +Subcategory: Audit Special Logon ***Event Description:*** @@ -84,7 +87,6 @@ You typically will see many of these events in the event log, because every logo SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeEnableDelegationPrivilege SeImpersonatePrivilege - ``` ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index a37fc4fdc7..1caa24d32d 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4673(S, F): A privileged service was called. @@ -64,7 +67,6 @@ Failure event generates when service call attempt fails. C:\\Windows\\System32\\lsass.exe - ``` ***Required Server Roles:*** None. @@ -131,42 +133,42 @@ Failure event generates when service call attempt fails. - **Privileges** \[Type = UnicodeString\]: the list of user privileges which were requested. The possible privileges depend on the subcategory, either **Audit Non Sensitive Privilege Use** or **Audit Sensitive Privilege Use**, as shown in the following two tables: -| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | -|-----------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Audit Non Sensitive Privilege Use | **SeChangeNotifyPrivilege:
                        **Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                        With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | -| Audit Non Sensitive Privilege Use | **SeCreateGlobalPrivilege:
                        **Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | -| Audit Non Sensitive Privilege Use | **SeCreatePagefilePrivilege:
                        **Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | -| Audit Non Sensitive Privilege Use | **SeCreatePermanentPrivilege:
                        **Create permanent shared objects | Required to create a permanent object.
                        This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | -| Audit Non Sensitive Privilege Use | **SeCreateSymbolicLinkPrivilege:
                        **Create symbolic links | Required to create a symbolic link. | -| Audit Non Sensitive Privilege Use | **SeIncreaseBasePriorityPrivilege:
                        **Increase scheduling priority | Required to increase the base priority of a process.
                        With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | -| Audit Non Sensitive Privilege Use | **SeIncreaseQuotaPrivilege:
                        **Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                        With this privilege, the user can change the maximum memory that can be consumed by a process. | -| Audit Non Sensitive Privilege Use | **SeIncreaseWorkingSetPrivilege:
                        **Increase a process working set | Required to allocate more memory for applications that run in the context of users. | -| Audit Non Sensitive Privilege Use | **SeLockMemoryPrivilege:
                        **Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | -| Audit Non Sensitive Privilege Use | **SeMachineAccountPrivilege:
                        **Add workstations to domain | With this privilege, the user can create a computer account.
                        This privilege is valid only on domain controllers. | -| Audit Non Sensitive Privilege Use | **SeManageVolumePrivilege:
                        **Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | -| Audit Non Sensitive Privilege Use | **SeProfileSingleProcessPrivilege:
                        **Profile single process | Required to gather profiling information for a single process.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | -| Audit Non Sensitive Privilege Use | **SeRelabelPrivilege:
                        **Modify an object label | Required to modify the mandatory integrity level of an object. | -| Audit Non Sensitive Privilege Use | **SeRemoteShutdownPrivilege:
                        **Force shutdown from a remote system | Required to shut down a system using a network request. | -| Audit Non Sensitive Privilege Use | **SeShutdownPrivilege:
                        **Shut down the system | Required to shut down a local system. | -| Audit Non Sensitive Privilege Use | **SeSyncAgentPrivilege:
                        **Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                        With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | -| Audit Non Sensitive Privilege Use | **SeSystemProfilePrivilege:
                        **Profile system performance | Required to gather profiling information for the entire system.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | -| Audit Non Sensitive Privilege Use | **SeSystemtimePrivilege:
                        **Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs.
                        If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | -| Audit Non Sensitive Privilege Use | **SeTimeZonePrivilege:
                        **Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | -| Audit Non Sensitive Privilege Use | **SeTrustedCredManAccessPrivilege:
                        **Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | -| Audit Non Sensitive Privilege Use | **SeUndockPrivilege:
                        **Remove computer from docking station | Required to undock a laptop.
                        With this privilege, the user can undock a portable computer from its docking station without logging on. | +| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | +|-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege:
                        Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                        With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | +| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege:
                        Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | +| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege:
                        Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | +| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege:
                        Create permanent shared objects | Required to create a permanent object.
                        This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | +| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege:
                        Create symbolic links | Required to create a symbolic link. | +| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege:
                        Increase scheduling priority | Required to increase the base priority of a process.
                        With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | +| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege:
                        Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                        With this privilege, the user can change the maximum memory that can be consumed by a process. | +| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege:
                        Increase a process working set | Required to allocate more memory for applications that run in the context of users. | +| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege:
                        Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | +| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege:
                        Add workstations to domain | With this privilege, the user can create a computer account.
                        This privilege is valid only on domain controllers. | +| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege:
                        Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | +| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege:
                        Profile single process | Required to gather profiling information for a single process.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | +| Audit Non Sensitive Privilege Use | SeRelabelPrivilege:
                        Modify an object label | Required to modify the mandatory integrity level of an object. | +| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege:
                        Force shutdown from a remote system | Required to shut down a system using a network request. | +| Audit Non Sensitive Privilege Use | SeShutdownPrivilege:
                        Shut down the system | Required to shut down a local system. | +| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege:
                        Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                        With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | +| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege:
                        Profile system performance | Required to gather profiling information for the entire system.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | +| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege:
                        Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs.
                        If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | +| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege:
                        Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | +| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege:
                        Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | +| Audit Non Sensitive Privilege Use | SeUndockPrivilege:
                        Remove computer from docking station | Required to undock a laptop.
                        With this privilege, the user can undock a portable computer from its docking station without logging on. | -| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | -|-------------------------------|-----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Audit Sensitive Privilege Use | **SeAssignPrimaryTokenPrivilege:
                        **Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | -| Audit Sensitive Privilege Use | **SeAuditPrivilege:
                        **Generate security audits | With this privilege, the user can add entries to the security log. | -| Audit Sensitive Privilege Use | **SeCreateTokenPrivilege:
                        **Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | -| Audit Sensitive Privilege Use | **SeDebugPrivilege:
                        **Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. | -| Audit Sensitive Privilege Use | **SeImpersonatePrivilege:
                        **Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | -| Audit Sensitive Privilege Use | **SeLoadDriverPrivilege:
                        **Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | -| Audit Sensitive Privilege Use | **SeLockMemoryPrivilege:
                        **Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | -| Audit Sensitive Privilege Use | **SeSystemEnvironmentPrivilege:
                        **Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | -| Audit Sensitive Privilege Use | **SeTcbPrivilege:
                        **Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | -| Audit Sensitive Privilege Use | **SeEnableDelegationPrivilege:
                        **Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. | +| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | +|-------------------------------|------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege:
                        Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | +| Audit Sensitive Privilege Use | SeAuditPrivilege:
                        Generate security audits | With this privilege, the user can add entries to the security log. | +| Audit Sensitive Privilege Use | SeCreateTokenPrivilege:
                        Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | +| Audit Sensitive Privilege Use | SeDebugPrivilege:
                        Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. | +| Audit Sensitive Privilege Use | SeImpersonatePrivilege:
                        Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | +| Audit Sensitive Privilege Use | SeLoadDriverPrivilege:
                        Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | +| Audit Sensitive Privilege Use | SeLockMemoryPrivilege:
                        Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | +| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege:
                        Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | +| Audit Sensitive Privilege Use | SeTcbPrivilege:
                        Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | +| Audit Sensitive Privilege Use | SeEnableDelegationPrivilege:
                        Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. | ## Security Monitoring Recommendations diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index a7403d9250..b4146f681a 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4674(S, F): An operation was attempted on a privileged object. @@ -67,7 +70,6 @@ Failure event generates when operation attempt fails. C:\\Windows\\System32\\lsass.exe - ``` ***Required Server Roles:*** None. @@ -153,44 +155,44 @@ Failure event generates when operation attempt fails. - **Privileges** \[Type = UnicodeString\]: the list of user privileges which were requested. The possible privileges depend on the subcategory, either **Audit Non Sensitive Privilege Use** or **Audit Sensitive Privilege Use**, as shown in the following two tables: -| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | -|-----------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Audit Non Sensitive Privilege Use | **SeChangeNotifyPrivilege:
                        **Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                        With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | -| Audit Non Sensitive Privilege Use | **SeCreateGlobalPrivilege:
                        **Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | -| Audit Non Sensitive Privilege Use | **SeCreatePagefilePrivilege:
                        **Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | -| Audit Non Sensitive Privilege Use | **SeCreatePermanentPrivilege:
                        **Create permanent shared objects | Required to create a permanent object.
                        This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | -| Audit Non Sensitive Privilege Use | **SeCreateSymbolicLinkPrivilege:
                        **Create symbolic links | Required to create a symbolic link. | -| Audit Non Sensitive Privilege Use | **SeIncreaseBasePriorityPrivilege:
                        **Increase scheduling priority | Required to increase the base priority of a process.
                        With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | -| Audit Non Sensitive Privilege Use | **SeIncreaseQuotaPrivilege:
                        **Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                        With this privilege, the user can change the maximum memory that can be consumed by a process. | -| Audit Non Sensitive Privilege Use | **SeIncreaseWorkingSetPrivilege:
                        **Increase a process working set | Required to allocate more memory for applications that run in the context of users. | -| Audit Non Sensitive Privilege Use | **SeLockMemoryPrivilege:
                        **Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | -| Audit Non Sensitive Privilege Use | **SeMachineAccountPrivilege:
                        **Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. | -| Audit Non Sensitive Privilege Use | **SeManageVolumePrivilege:
                        **Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | -| Audit Non Sensitive Privilege Use | **SeProfileSingleProcessPrivilege:
                        **Profile single process | Required to gather profiling information for a single process.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | -| Audit Non Sensitive Privilege Use | **SeRelabelPrivilege:
                        **Modify an object label | Required to modify the mandatory integrity level of an object. | -| Audit Non Sensitive Privilege Use | **SeRemoteShutdownPrivilege:
                        **Force shutdown from a remote system | Required to shut down a system using a network request. | -| Audit Non Sensitive Privilege Use | **SeShutdownPrivilege:
                        **Shut down the system | Required to shut down a local system. | -| Audit Non Sensitive Privilege Use | **SeSyncAgentPrivilege:
                        **Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                        With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | -| Audit Non Sensitive Privilege Use | **SeSystemProfilePrivilege:
                        **Profile system performance | Required to gather profiling information for the entire system.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | -| Audit Non Sensitive Privilege Use | **SeSystemtimePrivilege:
                        **Change the system time | Required to modify the system time.
                        With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | -| Audit Non Sensitive Privilege Use | **SeTimeZonePrivilege:
                        **Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | -| Audit Non Sensitive Privilege Use | **SeTrustedCredManAccessPrivilege:
                        **Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | -| Audit Non Sensitive Privilege Use | **SeUndockPrivilege:
                        **Remove computer from docking station | Required to undock a laptop.
                        With this privilege, the user can undock a portable computer from its docking station without logging on. | +| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | +|-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege:
                        Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                        With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | +| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege:
                        Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | +| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege:
                        Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | +| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege:
                        Create permanent shared objects | Required to create a permanent object.
                        This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | +| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege:
                        Create symbolic links | Required to create a symbolic link. | +| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege:
                        Increase scheduling priority | Required to increase the base priority of a process.
                        With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | +| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege:
                        Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                        With this privilege, the user can change the maximum memory that can be consumed by a process. | +| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege:
                        Increase a process working set | Required to allocate more memory for applications that run in the context of users. | +| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege:
                        Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | +| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege:
                        Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. | +| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege:
                        Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | +| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege:
                        Profile single process | Required to gather profiling information for a single process.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | +| Audit Non Sensitive Privilege Use | SeRelabelPrivilege:
                        Modify an object label | Required to modify the mandatory integrity level of an object. | +| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege:
                        Force shutdown from a remote system | Required to shut down a system using a network request. | +| Audit Non Sensitive Privilege Use | SeShutdownPrivilege:
                        Shut down the system | Required to shut down a local system. | +| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege:
                        Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                        With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | +| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege:
                        Profile system performance | Required to gather profiling information for the entire system.
                        With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | +| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege:
                        Change the system time | Required to modify the system time.
                        With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | +| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege:
                        Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | +| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege:
                        Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | +| Audit Non Sensitive Privilege Use | SeUndockPrivilege:
                        Remove computer from docking station | Required to undock a laptop.
                        With this privilege, the user can undock a portable computer from its docking station without logging on. | -| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | -|-------------------------------|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Audit Sensitive Privilege Use | **SeAssignPrimaryTokenPrivilege:
                        **Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process.
                        With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | -| Audit Sensitive Privilege Use | **SeAuditPrivilege:
                        **Generate security audits | With this privilege, the user can add entries to the security log. | -| Audit Sensitive Privilege Use | **SeBackupPrivilege:
                        **Back up files and directories | - Required to perform backup operations.
                        With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL.
                        The following access rights are granted if this privilege is held:
                        READ\_CONTROL
                        ACCESS\_SYSTEM\_SECURITY
                        FILE\_GENERIC\_READ
                        FILE\_TRAVERSE | -| Audit Sensitive Privilege Use | **SeCreateTokenPrivilege:
                        **Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.
                        When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | -| Audit Sensitive Privilege Use | **SeDebugPrivilege:
                        **Debug programs | Required to debug and adjust the memory of a process owned by another account.
                        With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right.
                        This user right provides complete access to sensitive and critical operating system components. | -| Audit Sensitive Privilege Use | **SeImpersonatePrivilege:
                        **Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | -| Audit Sensitive Privilege Use | **SeLoadDriverPrivilege:
                        **Load and unload device drivers | Required to load or unload a device driver.
                        With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | -| Audit Sensitive Privilege Use | **SeLockMemoryPrivilege:
                        **Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | -| Audit Sensitive Privilege Use | **SeRestorePrivilege:
                        **Restore files and directories | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held:
                        WRITE\_DAC
                        WRITE\_OWNER
                        ACCESS\_SYSTEM\_SECURITY
                        FILE\_GENERIC\_WRITE
                        FILE\_ADD\_FILE
                        FILE\_ADD\_SUBDIRECTORY
                        DELETE
                        With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. | -| Audit Sensitive Privilege Use | **SeSecurityPrivilege:
                        **Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log.
                        With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log. | -| Audit Sensitive Privilege Use | **SeSystemEnvironmentPrivilege:
                        **Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | -| Audit Sensitive Privilege Use | **SeTakeOwnershipPrivilege:
                        **Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object.
                        With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. | +| **Subcategory of event** | **Privilege Name:
                        User Right Group Policy Name** | **Description** | +|-------------------------------|-----------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege:
                        Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process.
                        With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | +| Audit Sensitive Privilege Use | SeAuditPrivilege:
                        Generate security audits | With this privilege, the user can add entries to the security log. | +| Audit Sensitive Privilege Use | SeBackupPrivilege:
                        Back up files and directories | - Required to perform backup operations.
                        With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL.
                        The following access rights are granted if this privilege is held:
                        READ\_CONTROL
                        ACCESS\_SYSTEM\_SECURITY
                        FILE\_GENERIC\_READ
                        FILE\_TRAVERSE | +| Audit Sensitive Privilege Use | SeCreateTokenPrivilege:
                        Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.
                        When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | +| Audit Sensitive Privilege Use | SeDebugPrivilege:
                        Debug programs | Required to debug and adjust the memory of a process owned by another account.
                        With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right.
                        This user right provides complete access to sensitive and critical operating system components. | +| Audit Sensitive Privilege Use | SeImpersonatePrivilege:
                        Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | +| Audit Sensitive Privilege Use | SeLoadDriverPrivilege:
                        Load and unload device drivers | Required to load or unload a device driver.
                        With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | +| Audit Sensitive Privilege Use | SeLockMemoryPrivilege:
                        Lock pages in memory | Required to lock physical pages in memory.
                        With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | +| Audit Sensitive Privilege Use | SeRestorePrivilege:
                        Restore files and directories | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held:
                        WRITE\_DAC
                        WRITE\_OWNER
                        ACCESS\_SYSTEM\_SECURITY
                        FILE\_GENERIC\_WRITE
                        FILE\_ADD\_FILE
                        FILE\_ADD\_SUBDIRECTORY
                        DELETE
                        With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. | +| Audit Sensitive Privilege Use | SeSecurityPrivilege:
                        Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log.
                        With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log. | +| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege:
                        Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | +| Audit Sensitive Privilege Use | SeTakeOwnershipPrivilege:
                        Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object.
                        With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. | ## Security Monitoring Recommendations diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index 8b6c45689b..20ed1e1911 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4675(S): SIDs were filtered. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 013d9b7aef..8e1fe42fab 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4688(S): A new process has been created. @@ -66,7 +69,6 @@ This event generates every time a new process starts. S-1-16-8192 - ``` ***Required Server Roles:*** None. @@ -196,19 +198,19 @@ For 4688(S): A new process has been created. | **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions. | Monitor the target **Computer:** (or other target device) for actions performed by the **“Creator Subject\\Security ID”** or **“Target Subject\\Security ID”** that you are concerned about. | | **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor **“Creator Subject\\Security ID”** or **“Target Subject\\Security ID”** for names that don’t comply with naming conventions. | -- If you have a pre-defined “**New** **Process Name**” or **“Creator Process Name**” for the process reported in this event, monitor all events with “**New** **Process Name**” or **“Creator Process Name**” not equal to your defined value. +- If you have a pre-defined “**New** **Process Name**” or **“Creator Process Name**” for the process reported in this event, monitor all events with “**New** **Process Name**” or **“Creator Process Name**” not equal to your defined value. -- You can monitor to see if “**New** **Process Name**” or **“Creator Process Name**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**). +- You can monitor to see if “**New** **Process Name**” or **“Creator Process Name**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**). -- If you have a pre-defined list of restricted substrings or words in process names (for example “**mimikatz**” or “**cain.exe**”), check for these substrings in “**New** **Process Name**” or **“Creator Process Name**.” +- If you have a pre-defined list of restricted substrings or words in process names (for example “**mimikatz**” or “**cain.exe**”), check for these substrings in “**New** **Process Name**” or **“Creator Process Name**.” -- It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**. +- It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol**.** Typically this means that UAC is disabled for this account for some reason. +- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. Typically this means that UAC is disabled for this account for some reason. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol**.** This means that a user ran a program using administrative privileges. +- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. This means that a user ran a program using administrative privileges. -- You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. +- You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. -- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the “**Mandatory Label**” in this event. +- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the “**Mandatory Label**” in this event. diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index cb7fd77b72..cf6f0fce07 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4689(S): A process has exited. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 5959189ef0..be4ce4de7c 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4690(S): An attempt was made to duplicate a handle to an object. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index e0ba6fb4f2..001cce1266 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4691(S): Indirect access to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index 77e4da1228..15199dbda5 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4692(S, F): Backup of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index bc0733db9c..72c5473fe1 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4693(S, F): Recovery of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index 69a89c89cb..9d96a529ac 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4694(S, F): Protection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index d29cf80e5f..675ba33601 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4695(S, F): Unprotection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index ee53883c2f..cc31b9e54f 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4696(S): A primary token was assigned to process. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 86c985d030..72efcaeaae 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4697(S): A service was installed in the system. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index f47bfb676a..2742b717ce 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4698(S): A scheduled task was created. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index fbe8720d38..280aad111e 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4699(S): A scheduled task was deleted. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 02a1cd7a54..a53997c7b8 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4700(S): A scheduled task was enabled. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index 6482686719..d1991b0941 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4701(S): A scheduled task was disabled. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 1cd62dc082..01ef0250a8 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4702(S): A scheduled task was updated. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 3fbaa67128..a04ae9c4c5 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4703(S): A user right was adjusted. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 3904837027..f9b06a7a3b 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4704(S): A user right was assigned. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index c5e09ceddf..d009b73786 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4705(S): A user right was removed. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 4b8feef3f1..c566c246bf 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4706(S): A new trust was created to a domain. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 3f8f230754..f998718c41 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4707(S): A trust to a domain was removed. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index f6501093b7..a4809630b7 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4713(S): Kerberos policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index cc78c83197..c81891ffc9 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4714(S): Encrypted data recovery policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 0b6e732faf..38d46d5ace 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4715(S): The audit policy (SACL) on an object was changed. @@ -59,7 +62,6 @@ This event is always logged regardless of the "Audit Policy Change" sub-category D:(A;;DCSWRPDTRC;;;BA)(A;;DCSWRPDTRC;;;SY)S:NO\_ACCESS\_CONTROL - ``` ***Required Server Roles:*** None. @@ -99,11 +101,11 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - **New Security Descriptor** \[Type = UnicodeString\]**:** new Security Descriptor Definition Language (SDDL) value for the audit policy. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 6187a558da..505106fe5e 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/04/2019 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4716(S): Trusted domain information was modified. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index f1833293fe..f04223bd5b 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4717(S): System security access was granted to an account. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index ea94079bdc..a86f9f5168 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4718(S): System security access was removed from an account. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 43b26f9c62..4498dfe0fc 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4719(S): System audit policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 06cde0c498..fffcee9e09 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4720(S): A user account was created. @@ -79,7 +82,6 @@ This event generates on domain controllers, member servers, and workstations. %%1793 - ``` ***Required Server Roles:*** None. @@ -130,27 +132,27 @@ This event generates on domain controllers, member servers, and workstations. **Attributes:** -- **SAM Account Name** \[Type = UnicodeString\]: logon name for account used to support clients and servers from previous versions of Windows (pre-Windows 2000 logon name). The value of **sAMAccountName** attribute of new user object. For example: ksmith. For local account this field contains the name of new user account. +- **SAM Account Name** \[Type = UnicodeString\]: logon name for account used to support clients and servers from previous versions of Windows (pre-Windows 2000 logon name). The value of **sAMAccountName** attribute of new user object. For example: ksmith. For local account this field contains the name of new user account. -- **Display Name** \[Type = UnicodeString\]: the value of **displayName** attribute of new user object. It is a name displayed in the address book for a particular account .This is usually the combination of the user's first name, middle initial, and last name. For example, Ken Smith. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. Local accounts contain **Full Name** attribute in this field, but for new local accounts this field typically has value “**<value not set>**”. +- **Display Name** \[Type = UnicodeString\]: the value of **displayName** attribute of new user object. It is a name displayed in the address book for a particular account .This is usually the combination of the user's first name, middle initial, and last name. For example, Ken Smith. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. Local accounts contain **Full Name** attribute in this field, but for new local accounts this field typically has value “**<value not set>**”. -- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. This parameter contains the value of **userPrincipalName** attribute of new user object. For example, ksmith@contoso.local. For local users this field is not applicable and has value “**-**“. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. +- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. This parameter contains the value of **userPrincipalName** attribute of new user object. For example, ksmith@contoso.local. For local users this field is not applicable and has value “**-**“. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. -- **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. This parameter contains the value of **homeDirectory** attribute of new user object. For new local accounts this field typically has value “**<value not set>**”. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. This parameter contains the value of **homeDirectory** attribute of new user object. For new local accounts this field typically has value “**<value not set>**”. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. -- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form “DRIVE\_LETTER:”. For example – “H:”. This parameter contains the value of **homeDrive** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. +- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form “DRIVE\_LETTER:”. For example – “H:”. This parameter contains the value of **homeDrive** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. -- **Script Path** \[Type = UnicodeString\]**:** specifies the path of the account’s logon script. This parameter contains the value of **scriptPath** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. +- **Script Path** \[Type = UnicodeString\]**:** specifies the path of the account’s logon script. This parameter contains the value of **scriptPath** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. -- **Profile Path** \[Type = UnicodeString\]: specifies a path to the account's profile. This value can be a null string, a local absolute path, or a UNC path. This parameter contains the value of **profilePath** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. +- **Profile Path** \[Type = UnicodeString\]: specifies a path to the account's profile. This value can be a null string, a local absolute path, or a UNC path. This parameter contains the value of **profilePath** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For new local accounts this field typically has value “**<value not set>**”. -- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a user object. This parameter contains the value of **userWorkstations** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For local users this field is not applicable and typically has value “**<value not set>**”. +- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a user object. This parameter contains the value of **userWorkstations** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For local users this field is not applicable and typically has value “**<value not set>**”. -- **Password Last Set** \[Type = UnicodeString\]**:** last time the account’s password was modified. For manually created user account, using Active Directory Users and Computers snap-in, this field typically has value “**<never>”**. This parameter contains the value of **pwdLastSet** attribute of new user object. +- **Password Last Set** \[Type = UnicodeString\]**:** last time the account’s password was modified. For manually created user account, using Active Directory Users and Computers snap-in, this field typically has value “**<never>”**. This parameter contains the value of **pwdLastSet** attribute of new user object. -- **Account Expires** \[Type = UnicodeString\]: the date when the account expires. This parameter contains the value of **accountExpires** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For manually created local and domain user accounts this field typically has value “**<never>**”. +- **Account Expires** \[Type = UnicodeString\]: the date when the account expires. This parameter contains the value of **accountExpires** attribute of new user object. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. For manually created local and domain user accounts this field typically has value “**<never>**”. -- **Primary Group ID** \[Type = UnicodeString\]: Relative Identifier (RID) of user’s object primary group. +- **Primary Group ID** \[Type = UnicodeString\]: Relative Identifier (RID) of user’s object primary group. > **Note**  **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. @@ -226,7 +228,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT | DONT\_REQ\_PREAUTH | 0x400000 | 4194304 | This account does not require Kerberos pre-authentication for logging on.
                        Can be set using “Do not require Kerberos preauthentication” checkbox. | 'Don't Require Preauth' - Disabled
                        'Don't Require Preauth' - Enabled | | PASSWORD\_EXPIRED | 0x800000 | 8388608 | The user's password has expired. | Changes of this flag do not show in 4720 events. | | TRUSTED\_TO\_AUTH\_FOR\_DELEGATION | 0x1000000 | 16777216 | The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.
                        If you enable Kerberos protocol transition delegation or disable this type of delegation in Delegation tab you will get this flag changed. | 'Trusted To Authenticate For Delegation' - Disabled
                        'Trusted To Authenticate For Delegation' - Enabled | -| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000  | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | +| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000 | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | For new, manually created, domain or local user accounts typical flags are: @@ -276,7 +278,7 @@ For 4720(S): A user account was created. | **Allowed To Delegate To** is not - | Typically this field is **-** for new user accounts. Other values might indicate an anomaly and should be monitored. | | **Old UAC Value** is not 0x0 | Typically this field is **0x0** for new user accounts. Other values might indicate an anomaly and should be monitored. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | -| **Logon Hours** value other than **<value not set>** or** “All”** | This should always be **<value not set>** for new domain user accounts, and **“All”** for new local user accounts. | +| **Logon Hours** value other than **<value not set>** or** “All”** | This should always be **<value not set>** for new domain user accounts, and **“All”** for new local user accounts. | - Consider whether to track the following user account control flags: diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 2ffb8b34b5..2029ba7eae 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4722(S): A user account was enabled. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index e88c3d903f..4622d802a2 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4723(S, F): An attempt was made to change an account's password. diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index 30fa06cd49..3d9bbc1a0d 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4724(S, F): An attempt was made to reset an account's password. diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index d9ba921f61..e1103b365e 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4725(S): A user account was disabled. diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 4f06fa9db3..5d48cc9ae6 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4726(S): A user account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index 46fab06fe0..5fcdcba641 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4731(S): A security-enabled local group was created. diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index e54aefcacd..511b73b62c 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4732(S): A member was added to a security-enabled local group. @@ -67,7 +70,6 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - - ``` ***Required Server Roles:*** None. @@ -107,15 +109,15 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if new member is a domain account. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName **Group:** diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 5777c86a8c..e7b90640ec 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4733(S): A member was removed from a security-enabled local group. @@ -67,7 +70,6 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - - ``` ***Required Server Roles:*** None. @@ -107,15 +109,15 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if removed member is a domain account. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName **Group:** diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index c2983b6206..5e439c5e46 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4734(S): A security-enabled local group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index 13641daa1a..07ff8c48cf 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4735(S): A security-enabled local group was changed. @@ -71,7 +74,6 @@ From 4735 event you can get information about changes of **sAMAccountName** and - - ``` ***Required Server Roles:*** None. @@ -109,7 +111,7 @@ From 4735 event you can get information about changes of **sAMAccountName** and - **Security ID** \[Type = SID\]**:** SID of changed group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. > **Note**  Sometimes you can see the **Group\\Security ID** field contains an old group name in Event Viewer (as you can see in the event example). That happens because Event Viewer caches names for SIDs that it has already resolved for the current session. - +> > **Note**  **Security ID** field has the same value as new group name (**Changed Attributes>SAM Account Name**). That is happens because event is generated after name was changed and SID resolves to the new name. It is always better to use SID instead of group names for queries or filtering of events, because you will know for sure that this the right object you are looking for or want to monitor. - **Group Name** \[Type = UnicodeString\]**:** the name of the group that was changed. For example: ServiceDesk diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index d5d82e4672..8597d956a6 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4738(S): A user account was changed. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index cf13afb5d6..9d9732a82c 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4739(S): Domain Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 5b75d39f07..95cdfe7ee6 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4740(S): A user account was locked out. diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 644d25ee98..ef907d69b0 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4741(S): A computer account was created. @@ -81,7 +84,6 @@ This event generates only on domain controllers. HOST/Win81.contoso.local RestrictedKrbHost/Win81.contoso.local HOST/WIN81 RestrictedKrbHost/WIN81 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -228,27 +230,27 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT | DONT\_REQ\_PREAUTH | 0x400000 | 4194304 | This account does not require Kerberos pre-authentication for logging on.
                        Can be set using “Do not require Kerberos preauthentication” checkbox. | 'Don't Require Preauth' - Disabled
                        'Don't Require Preauth' - Enabled | | PASSWORD\_EXPIRED | 0x800000 | 8388608 | The user's password has expired. | Changes of this flag do not show in 4741 events. | | TRUSTED\_TO\_AUTH\_FOR\_DELEGATION | 0x1000000 | 16777216 | The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.
                        If you enable Kerberos protocol transition delegation or disable this type of delegation in Delegation tab you will get this flag changed. | 'Trusted To Authenticate For Delegation' - Disabled
                        'Trusted To Authenticate For Delegation' - Enabled | -| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000  | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | +| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000 | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | > Table 7. User’s or Computer’s account UAC flags. -- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see **<value changed, but not displayed>** in this field in “[4742](event-4742.md)(S): A computer account was changed.” This parameter might not be captured in the event, and in that case appears as “-”. +- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see **<value changed, but not displayed>** in this field in “[4742](event-4742.md)(S): A computer account was changed.” This parameter might not be captured in the event, and in that case appears as “-”. -- **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. This parameter contains the value of **sIDHistory** attribute of new computer object. This parameter might not be captured in the event, and in that case appears as “-”. +- **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. This parameter contains the value of **sIDHistory** attribute of new computer object. This parameter might not be captured in the event, and in that case appears as “-”. -- **Logon Hours** \[Type = UnicodeString\]: hours that the account is allowed to logon to the domain. The value of **logonHours** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. You will see **<value not set>** value for new created computer accounts in event 4741. +- **Logon Hours** \[Type = UnicodeString\]: hours that the account is allowed to logon to the domain. The value of **logonHours** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. You will see **<value not set>** value for new created computer accounts in event 4741. -- **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value “**-**“. +- **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value “**-**“. -- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation**:** +- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation: - HOST/Win81.contoso.local + HOST/Win81.contoso.local - RestrictedKrbHost/Win81.contoso.local + RestrictedKrbHost/Win81.contoso.local - HOST/WIN81 + HOST/WIN81 - RestrictedKrbHost/WIN81 + RestrictedKrbHost/WIN81 **Additional Information:** diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 9786485ce5..22ae105d96 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4742(S): A computer account was changed. @@ -92,7 +95,6 @@ You might see this event without any changes inside, that is, where all **Change - - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -239,17 +241,17 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. If the SPN list of a computer account changed, you will see the new SPN list in **Service Principal Names** field (note that you will see the new list instead of changes). If the value of **servicePrincipalName** attribute of computer object was changed, you will see the new value here. +- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. If the SPN list of a computer account changed, you will see the new SPN list in **Service Principal Names** field (note that you will see the new list instead of changes). If the value of **servicePrincipalName** attribute of computer object was changed, you will see the new value here. - Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots**:** + Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots: - HOST/Win81.contoso.local + HOST/Win81.contoso.local - RestrictedKrbHost/Win81.contoso.local + RestrictedKrbHost/Win81.contoso.local - HOST/WIN81 + HOST/WIN81 - RestrictedKrbHost/WIN81 + RestrictedKrbHost/WIN81 TERMSRV/Win81.contoso.local diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 4fed97ce70..3fc25787d1 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4743(S): A computer account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index 8a1d247664..cb2cbe96a6 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4749(S): A security-disabled global group was created. diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 950304d0ac..7d5ba9d12e 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4750(S): A security-disabled global group was changed. @@ -71,7 +74,6 @@ From 4750 event you can get information about changes of **sAMAccountName** and - - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -107,7 +109,7 @@ From 4750 event you can get information about changes of **sAMAccountName** and - **Security ID** \[Type = SID\]**:** SID of changed group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. > **Note**  Sometimes you can see the **Group\\Security ID** field contains an old group name in Event Viewer (as you can see in the event example). That happens because Event Viewer caches names for SIDs that it has already resolved for the current session. - +> > **Note**  **Security ID** field has the same value as new group name (**Changed Attributes>SAM Account Name**). That is happens because event is generated after name was changed and SID resolves to the new name. It is always better to use SID instead of group names for queries or filtering of events, because you will know for sure that this the right object you are looking for or want to monitor. - **Group Name** \[Type = UnicodeString\]**:** the name of the group that was changed. For example: ServiceDesk @@ -125,7 +127,7 @@ From 4750 event you can get information about changes of **sAMAccountName** and **Changed Attributes:** > **Note**  If attribute was not changed it will have “-“ value. - +> > **Note**  You might see a 4750 event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the Description of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4750 event will generate, but all attributes will be “-“. - **SAM Account Name** \[Type = UnicodeString\]: This is a new name of changed group used to support clients and servers from previous versions of Windows (pre-Windows 2000 logon name). If the value of **sAMAccountName** attribute of group object was changed, you will see the new value here. For example: ServiceDesk. diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index d927083a15..3d070ae403 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4751(S): A member was added to a security-disabled global group. @@ -67,7 +70,6 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou - - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -111,15 +113,15 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou - **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName **Group:** diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 199438a1d9..63d0425219 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4752(S): A member was removed from a security-disabled global group. @@ -65,7 +68,6 @@ For every removed member you will get separate 4752 event. - - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -103,15 +105,15 @@ For every removed member you will get separate 4752 event. - **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName **Group:** diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index d4923509bb..0eef2ab038 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4753(S): A security-disabled global group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index cecc86b9e7..28f41dff94 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4764(S): A group’s type was changed. diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index ac6d94888e..c5310d9f72 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4765(S): SID History was added to an account. diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index 044a240197..d8dab9d004 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4766(F): An attempt to add SID History to an account failed. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index 0518658323..e5f3f71068 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4767(S): A user account was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 1b51cf8491..41c866e704 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4768(S, F): A Kerberos authentication ticket (TGT) was requested. @@ -71,7 +74,6 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “ 564DFAEE99C71D62ABC553E695BD8DBC46669413 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -183,7 +185,7 @@ The most common values: | 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. | > Table 2. Kerberos ticket flags. - +> > **Note**  [KILE](https://msdn.microsoft.com/library/cc233855.aspx) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels. - **Result Code** \[Type = HexInt32\]**:** hexadecimal result code of TGT issue operation. The “Table 3. TGT/TGS issue error codes.” contains the list of the most common error codes for this event. @@ -253,7 +255,7 @@ The most common values: - **Ticket Encryption Type** \[Type = HexInt32\]: the cryptographic suite that was used for issued TGT. - + ## Table 4. Kerberos encryption types diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index 4387af7e0b..199a11849a 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4769(S, F): A Kerberos service ticket was requested. @@ -80,29 +83,29 @@ You will typically see many Failure events with **Failure Code** “**0x20**”, **Account Information:** -- **Account Name** \[Type = UnicodeString\]**:** the user name of the account that requested the ticket in the User Principal Name (UPN) syntax. Computer account name ends with **$** character in the user name part. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. +- **Account Name** \[Type = UnicodeString\]**:** the user name of the account that requested the ticket in the User Principal Name (UPN) syntax. Computer account name ends with **$** character in the user name part. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. - - User account example: dadmin@CONTOSO.LOCAL + - User account example: dadmin@CONTOSO.LOCAL - - Computer account example: WIN81$@CONTOSO.LOCAL + - Computer account example: WIN81$@CONTOSO.LOCAL - > **Note** Although this field is in the UPN format, this is not the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name. + > **Note** Although this field is in the UPN format, this is not the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name. - This parameter in this event is optional and can be empty in some cases. + This parameter in this event is optional and can be empty in some cases. -- **Account Domain** \[Type = UnicodeString\]**:** the name of the Kerberos Realm that **Account Name** belongs to. This can appear in a variety of formats, including the following: +- **Account Domain** \[Type = UnicodeString\]**:** the name of the Kerberos Realm that **Account Name** belongs to. This can appear in a variety of formats, including the following: - - Domain NETBIOS name example: CONTOSO + - Domain NETBIOS name example: CONTOSO - - Lowercase full domain name: contoso.local + - Lowercase full domain name: contoso.local - - Uppercase full domain name: CONTOSO.LOCAL + - Uppercase full domain name: CONTOSO.LOCAL - This parameter in this event is optional and can be empty in some cases. + This parameter in this event is optional and can be empty in some cases. -- **Logon GUID** \[Type = GUID\]: a GUID that can help you correlate this event (on a domain controller) with other events (on the target computer for which the TGS was issued) that can contain the same **Logon GUID**. These events are “[4624](event-4624.md): An account was successfully logged on”, “[4648](event-4648.md)(S): A logon was attempted using explicit credentials” and “[4964](event-4964.md)(S): Special groups have been assigned to a new logon.” +- **Logon GUID** \[Type = GUID\]: a GUID that can help you correlate this event (on a domain controller) with other events (on the target computer for which the TGS was issued) that can contain the same **Logon GUID**. These events are “[4624](event-4624.md): An account was successfully logged on”, “[4648](event-4648.md)(S): A logon was attempted using explicit credentials” and “[4964](event-4964.md)(S): Special groups have been assigned to a new logon.” - This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”. + This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”. > **Note**  **GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances. @@ -154,32 +157,32 @@ The most common values: - 0x60810010 - Forwardable, Forwarded, Renewable, Canonicalize, Renewable-ok -| Bit | Flag Name | Description | -|-------|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 0 | Reserved | - | -| 1 | Forwardable | (TGT only). Tells the ticket-granting service that it can issue a new TGT—based on the presented TGT—with a different network address based on the presented TGT. | -| 2 | Forwarded | Indicates either that a TGT has been forwarded or that a ticket was issued from a forwarded TGT. | -| 3 | Proxiable | (TGT only). Tells the ticket-granting service that it can issue tickets with a network address that differs from the one in the TGT. | -| 4 | Proxy | Indicates that the network address in the ticket is different from the one in the TGT used to obtain the ticket. | -| 5 | Allow-postdate | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension). | -| 6 | Postdated | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension). | -| 7 | Invalid | This flag indicates that a ticket is invalid, and it must be validated by the KDC before use. Application servers must reject tickets which have this flag set. | -| 8 | Renewable | Used in combination with the End Time and Renew Till fields to cause tickets with long life spans to be renewed at the KDC periodically. | -| 9 | Initial | Indicates that a ticket was issued using the authentication service (AS) exchange and not issued based on a TGT. | -| 10 | Pre-authent | Indicates that the client was authenticated by the KDC before a ticket was issued. This flag usually indicates the presence of an authenticator in the ticket. It can also flag the presence of credentials taken from a smart card logon. | -| 11 | Opt-hardware-auth | This flag was originally intended to indicate that hardware-supported authentication was used during pre-authentication. This flag is no longer recommended in the Kerberos V5 protocol. KDCs MUST NOT issue a ticket with this flag set. KDCs SHOULD NOT preserve this flag if it is set by another KDC. | -| 12 | Transited-policy-checked | KILE MUST NOT check for transited domains on servers or a KDC. Application servers MUST ignore the TRANSITED-POLICY-CHECKED flag. | -| 13 | Ok-as-delegate | The KDC MUST set the OK-AS-DELEGATE flag if the service account is trusted for delegation. | -| 14 | Request-anonymous | KILE not use this flag. | -| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the “canonicalize” KDC option for the AS-REQ or TGS-REQ. | -| 16-25 | Unused | - | -| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
                        the DISABLE-TRANSITED-CHECK option.
                        Should not be in use, because Transited-policy-checked flag is not supported by KILE. | -| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. | -| 28 | Enc-tkt-in-skey | No information. | -| 29 | Unused | - | -| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. | -| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. -## Table 4. Kerberos encryption types | +| Bit | Flag Name | Description | +|---------------------------------------|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 0 | Reserved | - | +| 1 | Forwardable | (TGT only). Tells the ticket-granting service that it can issue a new TGT—based on the presented TGT—with a different network address based on the presented TGT. | +| 2 | Forwarded | Indicates either that a TGT has been forwarded or that a ticket was issued from a forwarded TGT. | +| 3 | Proxiable | (TGT only). Tells the ticket-granting service that it can issue tickets with a network address that differs from the one in the TGT. | +| 4 | Proxy | Indicates that the network address in the ticket is different from the one in the TGT used to obtain the ticket. | +| 5 | Allow-postdate | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension). | +| 6 | Postdated | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension). | +| 7 | Invalid | This flag indicates that a ticket is invalid, and it must be validated by the KDC before use. Application servers must reject tickets which have this flag set. | +| 8 | Renewable | Used in combination with the End Time and Renew Till fields to cause tickets with long life spans to be renewed at the KDC periodically. | +| 9 | Initial | Indicates that a ticket was issued using the authentication service (AS) exchange and not issued based on a TGT. | +| 10 | Pre-authent | Indicates that the client was authenticated by the KDC before a ticket was issued. This flag usually indicates the presence of an authenticator in the ticket. It can also flag the presence of credentials taken from a smart card logon. | +| 11 | Opt-hardware-auth | This flag was originally intended to indicate that hardware-supported authentication was used during pre-authentication. This flag is no longer recommended in the Kerberos V5 protocol. KDCs MUST NOT issue a ticket with this flag set. KDCs SHOULD NOT preserve this flag if it is set by another KDC. | +| 12 | Transited-policy-checked | KILE MUST NOT check for transited domains on servers or a KDC. Application servers MUST ignore the TRANSITED-POLICY-CHECKED flag. | +| 13 | Ok-as-delegate | The KDC MUST set the OK-AS-DELEGATE flag if the service account is trusted for delegation. | +| 14 | Request-anonymous | KILE not use this flag. | +| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the “canonicalize” KDC option for the AS-REQ or TGS-REQ. | +| 16-25 | Unused | - | +| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
                        the DISABLE-TRANSITED-CHECK option.
                        Should not be in use, because Transited-policy-checked flag is not supported by KILE. | +| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. | +| 28 | Enc-tkt-in-skey | No information. | +| 29 | Unused | - | +| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. | +| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. | +| ## Table 4. Kerberos encryption types | | | - **Ticket Encryption Type**: \[Type = HexInt32\]: the cryptographic suite that was used for issued TGS. diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index 9a6b67f27e..0085dcf3ff 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4770(S): A Kerberos service ticket was renewed. @@ -61,7 +64,6 @@ This event generates only on domain controllers. 49964 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -74,23 +76,23 @@ This event generates only on domain controllers. **Account Information:** -- **Account Name** \[Type = UnicodeString\]**:** the User Principal Name (UPN) of the account that requested ticket renewal. Computer account name ends with **$** character in UPN. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. +- **Account Name** \[Type = UnicodeString\]**:** the User Principal Name (UPN) of the account that requested ticket renewal. Computer account name ends with **$** character in UPN. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. - - User account example: dadmin@CONTOSO.LOCAL + - User account example: dadmin@CONTOSO.LOCAL - - Computer account example: WIN81$@CONTOSO.LOCAL + - Computer account example: WIN81$@CONTOSO.LOCAL - This parameter in this event is optional and can be empty in some cases. + This parameter in this event is optional and can be empty in some cases. -- **Account Domain** \[Type = UnicodeString\]**:** the name of the Kerberos Realm that **Account Name** belongs to. This can appear in a variety of formats, including the following: +- **Account Domain** \[Type = UnicodeString\]**:** the name of the Kerberos Realm that **Account Name** belongs to. This can appear in a variety of formats, including the following: - - Domain NETBIOS name example: CONTOSO + - Domain NETBIOS name example: CONTOSO - - Lowercase full domain name: contoso.local + - Lowercase full domain name: contoso.local - - Uppercase full domain name: CONTOSO.LOCAL + - Uppercase full domain name: CONTOSO.LOCAL - This parameter in this event is optional and can be empty in some cases. + This parameter in this event is optional and can be empty in some cases. **Service Information:** diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index a8c9f97481..10876a5671 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4771(F): Kerberos pre-authentication failed. @@ -66,7 +69,6 @@ This event is not generated if “Do not require Kerberos preauthentication” o - ``` ***Required Server Roles:*** Active Directory domain controller. diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index cf2e1d5c17..1119135008 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4772(F): A Kerberos authentication ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index ed5f9bb1a0..7a307bbea1 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4773(F): A Kerberos service ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index e88f833a6c..df9ff558e3 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4774(S, F): An account was mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index e257e4610f..e444e1c1bd 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4775(F): An account could not be mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index 38e1f7b475..895d43226c 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4776(S, F): The computer attempted to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index ee412150ee..4cdf40b163 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4777(F): The domain controller failed to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index 7afcaa3760..92d5783c67 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4778(S): A session was reconnected to a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 6d83f5c8ab..a5a3de2a56 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4779(S): A session was disconnected from a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 89773e7c15..4a521896e8 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4780(S): The ACL was set on accounts which are members of administrators groups. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 1d71424cb3..042f226a20 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4781(S): The name of an account was changed. diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 4e508a89cd..571fdf3a93 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4782(S): The password hash of an account was accessed. diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index 51072c8c90..50099438ee 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4793(S): The Password Policy Checking API was called. diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 1047c9bc07..9ecf3cfcb7 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password. diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index e30de693a4..76e806ffcf 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4798(S): A user's local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 7b7e91aaf4..c9963afbb0 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4799(S): A security-enabled local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index a4541ae782..e661f5ed3d 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4800(S): The workstation was locked. diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 607f26fbdb..937d79b878 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4801(S): The workstation was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 0d1f115deb..41f5ba4f6e 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4802(S): The screen saver was invoked. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index f881297561..c50d78d76c 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4803(S): The screen saver was dismissed. diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index fee398f114..1efa9756ec 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4816(S): RPC detected an integrity violation while decrypting an incoming message. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 05046dac27..74ffbb09b0 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4817(S): Auditing settings on object were changed. @@ -62,7 +65,6 @@ Separate events will be generated for “Registry” and “File system” polic S:(AU;SA;RC;;;S-1-5-21-3457937927-2839227994-823803824-1104) - ``` ***Required Server Roles:*** None. @@ -127,11 +129,11 @@ Separate events will be generated for “Registry” and “File system” polic - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the Global Object Access Auditing policy. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 73099eb01b..1134b02c0b 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 2c1ffb5de8..c2de9d1e36 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4819(S): Central Access Policies on the machine have been changed. diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 6445cea21f..4e45693aaa 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4826(S): Boot Configuration Data loaded. diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index 0417800a87..e62c824d10 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4864(S): A namespace collision was detected. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index e05a7fd7bb..15e738f7be 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4865(S): A trusted forest information entry was added. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index b9a4f3ba8d..e0f05fbf3e 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4866(S): A trusted forest information entry was removed. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index bd74436a73..ae2bf03bb6 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4867(S): A trusted forest information entry was modified. diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index ad1d71cdae..c8b89b375c 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4902(S): The Per-user audit policy table was created. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 66aa826430..cfd3f1c0fe 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4904(S): An attempt was made to register a security event source. diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index 7af5c4b24e..bfc9d5bbb9 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4905(S): An attempt was made to unregister a security event source. diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index ab54b7b26d..7782a6571d 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4906(S): The CrashOnAuditFail value has changed. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 973763ef55..f74c140ce4 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4907(S): Auditing settings on object were changed. @@ -65,7 +68,6 @@ This event doesn't generate for Active Directory objects. C:\\Windows\\regedit.exe - ``` ***Required Server Roles:*** None. @@ -158,11 +160,11 @@ This event doesn't generate for Active Directory objects. - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: @@ -281,7 +283,7 @@ For 4907(S): Auditing settings on object were changed. -- If you have critical file or registry objects and you need to monitor all modifications (especially changes in SACL), monitor for specific “**Object\\Object Name”**. +- If you have critical file or registry objects and you need to monitor all modifications (especially changes in SACL), monitor for specific “**Object\\Object Name”**. -- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers**.** +- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers. diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index b43367180a..a832d5c983 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4908(S): Special Groups Logon table modified. diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index a5cac875fe..2acda55983 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4909(-): The local policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index caae02d594..8b90247c65 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4910(-): The group policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index e23d75e43c..cc73362f36 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4911(S): Resource attributes of the object were changed. @@ -65,7 +68,6 @@ Resource attributes for file or folder can be changed, for example, using Window C:\\Windows\\System32\\svchost.exe - ``` ***Required Server Roles:*** None. @@ -151,11 +153,11 @@ Resource attributes for file or folder can be changed, for example, using Window - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new resource attributes. See more information in **Resource Attributes\\Original Security Descriptor** field section for this event. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 9c8b90a244..06ffbee5b0 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4912(S): Per User Audit Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index dffc456a95..f8dcd9f29b 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4913(S): Central Access Policy on the object was changed. @@ -65,7 +68,6 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi C:\\Windows\\System32\\dllhost.exe - ``` ***Required Server Roles:*** None. @@ -155,11 +157,11 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new Central Policy ID (for the policy that has been applied to the object). See more information in **Central Policy ID\\Original Security Descriptor** field section for this event. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index 7277df2383..664b36c1ca 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4928(S, F): An Active Directory replica source naming context was established. @@ -59,7 +62,6 @@ Failure event generates if an error occurs (**Status Code** != 0). 0 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -77,15 +79,15 @@ Failure event generates if an error occurs (**Status Code** != 0). - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Source Address** \[Type = UnicodeString\]: DNS record of the server from which information or an update was received. diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index 89a6c4bdcd..b5a1ba430e 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4929(S, F): An Active Directory replica source naming context was removed. @@ -59,7 +62,6 @@ Failure event generates if an error occurs (**Status Code** != 0). 0 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -77,15 +79,15 @@ Failure event generates if an error occurs (**Status Code** != 0). - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Source Address** \[Type = UnicodeString\]: DNS record of the server from which the “remove” request was received. diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index c8673aa1f5..f7b993d3a9 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4930(S, F): An Active Directory replica source naming context was modified. @@ -61,7 +64,6 @@ It is not possible to understand what exactly was modified from this event. 0 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -79,15 +81,15 @@ It is not possible to understand what exactly was modified from this event. - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. Typically equals “**-**“ for this event. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Source Address** \[Type = UnicodeString\]: DNS record of computer from which the modification request was received. diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index e013a1f379..3f02d54421 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4931(S, F): An Active Directory replica destination naming context was modified. @@ -61,7 +64,6 @@ It is not possible to understand what exactly was modified from this event. 0 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -79,15 +81,15 @@ It is not possible to understand what exactly was modified from this event. - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Destination Address** \[Type = UnicodeString\]: DNS record of computer to which the modification request was sent. diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 259181c5fa..615a83328d 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4932(S): Synchronization of a replica of an Active Directory naming context has begun. @@ -57,7 +60,6 @@ This event generates every time synchronization of a replica of an Active Direct 20869 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -75,15 +77,15 @@ This event generates every time synchronization of a replica of an Active Direct - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Naming Context** \[Type = UnicodeString\]**:** naming context to replicate. diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index 544b20789b..b5fbe33942 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended. @@ -60,7 +63,6 @@ Failure event occurs when synchronization of a replica of an Active Directory na 1722 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -78,15 +80,15 @@ Failure event occurs when synchronization of a replica of an Active Directory na - **Source DRA** \[Type = UnicodeString\]: source directory replication agent distinguished name. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **Naming Context** \[Type = UnicodeString\]**:** naming context to replicate. diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index afc657cfe7..4a5890af24 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4934(S): Attributes of an Active Directory object were replicated. diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index a666ac4295..18964e5c16 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4935(F): Replication failure begins. diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 2541043735..214811e890 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4936(S): Replication failure ends. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 46e39eac12..8fb915289b 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4937(S): A lingering object was removed from a replica. diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index c3b5d2b822..ca2c97045e 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4944(S): The following policy was active when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index eba8ccd671..74d3f7c688 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4945(S): A rule was listed when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 21b7061a9b..4ff3dd9f1d 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4946(S): A change has been made to Windows Firewall exception list. A rule was added. diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index 3c43a64cd2..deffae0186 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified. diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 6ab7f16f7f..5c86cb55c9 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted. diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index af8020bcfa..983159d9e8 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4949(S): Windows Firewall settings were restored to the default values. diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index 86b013392c..eb6c3770c9 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4950(S): A Windows Firewall setting has changed. diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index d9e05e9505..ff8ed88bdb 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall. diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index 32dc73cc6e..dd7bb7d69d 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index 0835e66b51..0c705ce6cc 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4953(F): Windows Firewall ignored a rule because it could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index 743878ab0f..b58926388b 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied. diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index dbdb573ed5..6af6a50864 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4956(S): Windows Firewall has changed the active profile. diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index d9684e4ba7..396a5b587d 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4957(F): Windows Firewall did not apply the following rule. diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index bb6d247e38..14d3b2ad4b 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index ba05f4c402..e178696465 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4964(S): Special groups have been assigned to a new logon. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index e1671b024a..2a98d42db6 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 4985(S): The state of a transaction has changed. diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index f1183ce7ac..9dede9c866 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5024(S): The Windows Firewall Service has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index 43d42d9ad6..d6a60c5da2 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5025(S): The Windows Firewall Service has been stopped. diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 7a02f1c187..326fc606d7 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 51c3c3a7aa..8929b86d33 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index cee2e5f678..dcdda6a60f 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 4f42988a8c..37d3844e1f 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5030(F): The Windows Firewall Service failed to start. diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index 55ce54d4ee..e6bcd4a68c 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -1,12 +1,15 @@ --- title: 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network. (Windows 10) +ms.reviewer: +manager: dansimp +ms.author: dansimp description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp --- # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index 0a95f4b688..02b5e5768f 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index 9c05c9b919..834f4c95b8 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5033(S): The Windows Firewall Driver has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index d45008ad7a..c3f04488fa 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5034(S): The Windows Firewall Driver was stopped. diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index d7897db3b0..2815638be4 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5035(F): The Windows Firewall Driver failed to start. diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index 6f2c76bbc8..026d2c2985 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating. diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 90141b7968..15bd4ad7e1 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index b32498cbac..43677f0e97 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5039(-): A registry key was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index b979c83969..adfb677ffd 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5051(-): A file was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index 6022e87752..408ac0608b 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5056(S): A cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 55b26f70a7..483df27b13 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5057(F): A cryptographic primitive operation failed. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 4ad30887c5..508bb9d381 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5058(S, F): Key file operation. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index c66d058b7b..e3f73073f3 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index bc9429a8bc..54471b87c2 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 8723ff747f..271b5d582b 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 7a8d60d333..0d9e37b259 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index e506f106bb..1563a51f1b 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 69323aa545..1225d34816 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 1dee2151ae..55bc44dda3 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index 726f892d54..1560226341 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index ddcb18eaa4..afbbb47736 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 768e98e5ca..3722edd66c 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index df7796c8f1..317e12299b 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index 00f58219d3..e5fd12760a 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 82424142eb..a5708a86f6 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5136(S): A directory service object was modified. @@ -70,7 +73,6 @@ For a change operation you will typically see two 5136 events for one action, wi %%14675 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -114,15 +116,15 @@ For a change operation you will typically see two 5136 events for one action, wi - **DN** \[Type = UnicodeString\]: distinguished name of the object that was modified. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **GUID** \[Type = GUID\]**:** each Active Directory object has globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world. GUIDs are assigned to every object created by Active Directory. Each object's GUID is stored in its Object-GUID (**objectGUID**) property. @@ -236,5 +238,5 @@ For 5136(S): A directory service object was modified. - If you need to monitor modifications to specific Active Directory attributes, monitor for **LDAP Display Name** field with specific attribute name. -- It is better to monitor **Operation\\Type = Value Added** events, because you will see the new value of attribute. At the same time you can correlate to previous **Operation\\Type = Value Deleted** event with the same **Correlation ID** to see the previous value. +- It is better to monitor **Operation\\Type = Value Added** events, because you will see the new value of attribute. At the same time you can correlate to previous **Operation\\Type = Value Deleted** event with the same **Correlation ID** to see the previous value. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 4dd192ede6..8d1d729333 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5137(S): A directory service object was created. @@ -64,7 +67,6 @@ This event only generates if the parent object has a particular entry in its [SA computer - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -108,15 +110,15 @@ This event only generates if the parent object has a particular entry in its [SA - **DN** \[Type = UnicodeString\]: distinguished name of the object that was created. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **GUID** \[Type = GUID\]**:** each Active Directory object has globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world. GUIDs are assigned to every object created by Active Directory. Each object's GUID is stored in its Object-GUID (**objectGUID**) property. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 78b36ff6bd..75cebe45a7 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5138(S): A directory service object was undeleted. @@ -65,7 +68,6 @@ This event only generates if the container to which the Active Directory object user - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -109,15 +111,15 @@ This event only generates if the container to which the Active Directory object - **Old DN** \[Type = UnicodeString\]: Old distinguished name of undeleted object. It will points to [Active Directory Recycle Bin](https://technet.microsoft.com/library/dd392261(v=ws.10).aspx) folder, in case if it was restored from it. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **New DN** \[Type = UnicodeString\]: New distinguished name of undeleted object. The Active Directory container to which the object was restored. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index c7470c1266..fe3921db6f 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5139(S): A directory service object was moved. @@ -65,7 +68,6 @@ This event only generates if the destination object has a particular entry in it user - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -109,15 +111,15 @@ This event only generates if the destination object has a particular entry in it - **Old DN** \[Type = UnicodeString\]: Old distinguished name of moved object. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **New DN** \[Type = UnicodeString\]: New distinguished name of moved object. The Active Directory container to which the object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 41cb02b044..a4f705ba93 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5140(S, F): A network share object was accessed. @@ -64,7 +67,6 @@ This event generates once per session, when first access attempt was made. %%4416 - ``` ***Required Server Roles:*** None. @@ -143,13 +145,13 @@ For 5140(S, F): A network share object was accessed. > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). -- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event**.** For example, you could monitor share **C$** on domain controllers. +- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor share **C$** on domain controllers. -- Monitor this event if the **Network Information\\Source Address** is not from your internal IP range. +- Monitor this event if the **Network Information\\Source Address** is not from your internal IP range. -- Monitor this event if the **Network Information\\Source Address** should not be able to connect with the specific computer (**Computer:**). +- Monitor this event if the **Network Information\\Source Address** should not be able to connect with the specific computer (**Computer:**). -- If you need to monitor access attempts to local shares from a specific IP address (“**Network Information\\Source Address”)**, use this event. +- If you need to monitor access attempts to local shares from a specific IP address (“**Network Information\\Source Address”)**, use this event. -- If you need to monitor for specific Access Types (for example, ReadData or WriteData), for all or specific shares (“**Share Name**”), monitor this event for the “**Access Type**.” +- If you need to monitor for specific Access Types (for example, ReadData or WriteData), for all or specific shares (“**Share Name**”), monitor this event for the “**Access Type**.” diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 2fa6239fc2..221a5c56cf 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5141(S): A directory service object was deleted. @@ -65,7 +68,6 @@ This event only generates if the deleted object has a particular entry in its [S %%14679 - ``` ***Required Server Roles:*** Active Directory domain controller. @@ -109,15 +111,15 @@ This event only generates if the deleted object has a particular entry in its [S - **DN** \[Type = UnicodeString\]: distinguished name of the object that was deleted. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. - +> > An RDN is an attribute with an associated value in the form attribute=value; . These are examples of RDNs attributes: - +> > • DC - domainComponent - +> > • CN - commonName - +> > • OU - organizationalUnitName - +> > • O - organizationName - **GUID** \[Type = GUID\]**:** each Active Directory object has globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world. GUIDs are assigned to every object created by Active Directory. Each object's GUID is stored in its Object-GUID (**objectGUID**) property. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index a208af1049..858e4a608f 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5142(S): A network share object was added. @@ -57,7 +60,6 @@ This event generates every time network share object was added. C:\\Documents - ``` ***Required Server Roles:*** None. @@ -102,7 +104,7 @@ For 5142(S): A network share object was added. > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). -- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event**.** For example, you could monitor domain controllers. +- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event. For example, you could monitor domain controllers. -- We recommend checking “**Share Path**”, because it should not point to system directories, such as **C:\\Windows** or **C:\\**, or to critical local folders which contain private or high value information. +- We recommend checking “**Share Path**”, because it should not point to system directories, such as **C:\\Windows** or **C:\\**, or to critical local folders which contain private or high value information. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index dbddd02ca3..81e6052b16 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5143(S): A network share object was modified. @@ -66,7 +69,6 @@ This event generates every time network share object was modified. O:BAG:DAD:(D;;FA;;;S-1-5-21-3457937927-2839227994-823803824-1104)(A;OICI;FA;;;WD)(A;OICI;FA;;;BA) - ``` ***Required Server Roles:*** None. @@ -140,11 +142,11 @@ This event generates every time network share object was modified. - **New SD** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for network share security descriptor. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below: @@ -257,5 +259,5 @@ For 5143(S): A network share object was modified. > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). -- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event**.** For example, you could monitor all changes to the SYSVOL share on domain controllers. +- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor all changes to the SYSVOL share on domain controllers. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index c9da3d4b18..4c20a34092 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5144(S): A network share object was deleted. @@ -57,7 +60,6 @@ This event generates every time a network share object is deleted. C:\\Documents - ``` ***Required Server Roles:*** None. @@ -102,7 +104,7 @@ For 5144(S): A network share object was deleted. > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). -- If you have critical network shares for which you need to monitor all changes (especially, the deletion of that share), monitor for specific “**Share Information\\Share Name”.** +- If you have critical network shares for which you need to monitor all changes (especially, the deletion of that share), monitor for specific “**Share Information\\Share Name”.** -- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers**.** For example, you could monitor file shares on domain controllers. +- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers. For example, you could monitor file shares on domain controllers. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index ce6a43ab61..696faaadce 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. @@ -66,7 +69,6 @@ This event generates every time network share object (file or folder) was access %%1541: %%1801 D:(A;;FA;;;WD) %%4416: %%1801 D:(A;;FA;;;WD) %%4423: %%1801 D:(A;;FA;;;WD) - ``` ***Required Server Roles:*** None. @@ -176,11 +178,11 @@ REQUESTED\_ACCESS: RESULT ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS. - ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS: the Security Descriptor Definition Language (SDDL) value for Access Control Entry (ACE), which granted or denied access. > **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. - +> > Example: - +> > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) - +> > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. > See the list of possible values in the table below. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 602cf56f41..7206b6d8af 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 05/29/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 991095fcd1..59386a8ef4 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 05/29/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 79d3862213..4d84e4bb68 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 64981f1412..25faaeb212 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 1b251bea6d..e2b46de2c3 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index f2bb576647..8751b40002 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index b9c8ebee04..f66366168d 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index e8b202cf7b..934f310147 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index d83a403ec4..613f28d976 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index c2c38a5c86..76a8a34a2d 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index 48e4df3727..55dd4c04da 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index a1cf9746d1..998321eae5 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 5f00a2ae01..9889690df3 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 2d4b9b43dd..f888db6fb2 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index e267dac07b..1ed830b074 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index a66380e893..bb48a36562 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index 73cabba9b9..89dd2b5bf0 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index 3e6b8da62f..756db4ebbf 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5632(S, F): A request was made to authenticate to a wireless network. @@ -67,7 +70,6 @@ It typically generates when network adapter connects to new wireless network. 0x0 - ``` ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index 19604e4cc9..d85599c157 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5633(S, F): A request was made to authenticate to a wired network. @@ -61,7 +64,6 @@ It typically generates when network adapter connects to new wired network. 0x0 - ``` ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index be757a5bb8..2fae83e65f 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index cb9fcf14b6..43f79ed55d 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 17464081a1..5daae37ce0 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index bc95e8cd18..f5f0c81561 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 85812bc35a..7f0df8a521 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 37240250e1..c9a27526cd 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 1b9a06d330..e8dfb2d7cf 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index d3960785be..d018fdee5e 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 0da649b589..9f647bcec8 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 2fcb77675b..5002d2167c 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 3d31c4ea53..29629cb6a7 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index d342600472..0505b241b2 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index 395aec2969..ea59bc3fc7 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index 7aa27d026a..d70fac0adb 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 9f67036b36..396bf6af15 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6407(-): 1%. diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index ac60e54bc0..ffb33ccdee 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index e81d22b4dc..8f28ea3891 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6409(-): BranchCache: A service connection point object could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index 57f2ac326b..b13bbde8fc 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 6ca70bcf89..6e4c4af309 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6416(S): A new external device was recognized by the System. diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 54ca896a1b..e5c1d7fab1 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6419(S): A request was made to disable a device. diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index d46e2ecd33..37b3ec6aaf 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6420(S): A device was disabled. diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index acb4ed0392..4994eafbd7 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6421(S): A request was made to enable a device. diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index ec696c704a..5c4de3d822 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6422(S): A device was enabled. diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 75c0c89e97..67b96baef5 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6423(S): The installation of this device is forbidden by system policy. diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index d9f0466d51..4e21756137 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy. diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index f056c5bcbf..782e49e3bc 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -2,12 +2,14 @@ title: File System (Global Object Access Auditing) (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, File System (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the file system for an entire computer. ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index 7bfef9f9db..0762f04322 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -6,8 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: tedhardyMSFT +author: dansimp ms.date: 10/22/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # How to get a list of XML data name elements in EventData diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index 8ac19f8a63..6251ca7c4f 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -2,12 +2,14 @@ title: Monitor central access policy and rule definitions (Windows 10) description: This topic for the IT professional describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects. ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ Central access policies and rules determine access permissions for multiple file Use the following procedures to configure settings to monitor changes to central access policy and central access rule definitions and to verify the changes. These procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx). >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To configure settings to monitor changes to central access policy and rule definitions** 1. Sign in to your domain controller by using domain administrator credentials. diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index 05c48b5b7f..3504ca7a55 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -2,12 +2,14 @@ title: Monitor claim types (Windows 10) description: This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options. ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -28,7 +30,7 @@ Use the following procedures to configure settings to monitor changes to claim t Access Control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx). >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To configure settings to monitor changes to claim types** 1. Sign in to your domain controller by using domain administrator credential. diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index caebb3f391..943eff5d1e 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -2,12 +2,14 @@ title: Monitor resource attribute definitions (Windows 10) description: This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects. ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -28,7 +30,7 @@ For information about monitoring changes to the resource attributes that apply t Use the following procedures to configure settings to monitor changes to resource attribute definitions in AD DS and to verify the changes. These procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx). >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To configure settings to monitor changes to resource attributes** 1. Sign in to your domain controller by using domain administrator credentials. diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index a2936e96f6..75322ba7e9 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -2,12 +2,14 @@ title: Monitor the central access policies associated with files and folders (Windows 10) description: This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects. ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -29,7 +31,7 @@ For info about monitoring potential central access policy changes for an entire Use the following procedures to configure settings to monitor central access policies that are associated with files. These procedures assume that you have configured and deployed Dynamic Access Control in your network. For more information about how to configure and deploy Dynamic Access Control, see [Dynamic Access Control: Scenario Overview](https://technet.microsoft.com/library/hh831717.aspx). >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To configure settings to monitor central access policies associated with files or folders** 1. Sign in to your domain controller by using domain administrator credentials. @@ -64,7 +66,7 @@ After you configure settings to monitor changes to the central access policies t 3. Right-click the file or folder, click **Properties**, click the **Security** tab, and then click **Advanced**. 4. Click the **Central Policy** tab, click **Change**, and select a different central access policy (if one is available) or select **No Central Access Policy**, and then click **OK** twice. >**Note:**  You must select a setting that is different than your original setting to generate the audit event. -   + 5. In Server Manager, click **Tools**, and then click **Event Viewer**. 6. Expand **Windows Logs**, and then click **Security**. 7. Look for event 4913, which is generated when the central access policy that is associated with a file or folder is changed. This event includes the security identifiers (SIDs) of the old and new central access policies. diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index d53ec727de..48dacf418f 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -2,12 +2,14 @@ title: Monitor the central access policies that apply on a file server (Windows 10) description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index d7f19b5369..9e48a92f25 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -2,12 +2,14 @@ title: Monitor the resource attributes on files and folders (Windows 10) description: This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects. ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -31,7 +33,7 @@ If your organization has a carefully thought out authorization configuration for Use the following procedures to configure settings to monitor changes to resource attributes on files and folders. These procedures assume that have configured and deployed central access policies in your network. For more information about how to configure and deploy central access policies, see [Dynamic Access Control: Scenario Overview](https://technet.microsoft.com/library/hh831717.aspx) . >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To monitor changes to resource attributes on files** 1. Sign in to your domain controller by using domain administrator credentials. diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index bf24f2af21..b163b7b6f6 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -2,12 +2,14 @@ title: Monitor the use of removable storage devices (Windows 10) description: This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects. ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -27,7 +29,7 @@ If you configure this policy setting, an audit event is generated each time a us Use the following procedures to monitor the use of removable storage devices and to verify that the devices are being monitored. >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To configure settings to monitor removable storage devices** 1. Sign in to your domain controller by using domain administrator credentials. @@ -45,7 +47,7 @@ After you configure the settings to monitor removable storage devices, use the f 1. Sign in to the computer that hosts the resources that you want to monitor. Press the Windows key + R, and then type **cmd** to open a Command Prompt window. >**Note:**  If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. -   + 2. Type **gpupdate /force**, and press ENTER. 3. Connect a removable storage device to the targeted computer and attempt to copy a file that is protected with the Removable Storage Audit policy. 4. In Server Manager, click **Tools**, and then click **Event Viewer**. @@ -55,7 +57,7 @@ After you configure the settings to monitor removable storage devices, use the f Key information to look for includes the name and account domain of the user who attempted to access the file, the object that the user is attempting to access, resource attributes of the resource, and the type of access that was attempted. >**Note:**  We do not recommend that you enable this category on a file server that hosts file shares on a removable storage device. When Removable Storage Auditing is configured, any attempt to access the removable storage device will generate an audit event. -   + ### Related resource - [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index e47b57c140..1964224c17 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -2,12 +2,14 @@ title: Monitor user and device claims during sign-in (Windows 10) description: This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects. ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -27,7 +29,7 @@ Device claims are associated with the system that is used to access resources th Use the following procedures to monitor changes to user claims and device claims in the user’s sign-on token and to verify the changes. These procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx). >**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -  + **To monitor user and device claims in user logon token** 1. Sign in to your domain controller by using domain administrator credentials. diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index 903d0ff8b6..5a7b38d9c1 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -6,8 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: Mir0sh +author: dansimp ms.date: 04/19/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Other Events diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index 6413ce76ea..fb3c6e1a6f 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -2,12 +2,14 @@ title: Planning and deploying advanced security audit policies (Windows 10) description: This topic for the IT professional explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies. ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -104,7 +106,7 @@ An organization's domain and OU structure provide a fundamental starting point f In addition to your domain model, you should also find out whether your organization creates and maintains a systematic threat model. A good threat model can help you identify threats to key components in your infrastructure, so you can define and apply audit settings that enhance the organization's ability to identify and counter those threats. >**Important:**  Including auditing within your organization's security plan also makes it possible to budget your resources on the areas where auditing can achieve the most positive results. -  + For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](https://go.microsoft.com/fwlink/p/?LinkId=163432). ### Data and resources @@ -122,7 +124,7 @@ The following table provides an example of a resource analysis for an organizati | Payroll data| Corp-Finance-1| Accounting: Read/Write on Corp-Finance-1
                        Departmental Payroll Managers: Write only on Corp-Finance-1| High| Financial integrity and employee privacy| | Patient medical records| MedRec-2| Doctors and Nurses: Read/Write on Med/Rec-2
                        Lab Assistants: Write only on MedRec-2
                        Accounting: Read only on MedRec-2| High| Strict legal and regulatory standards| | Consumer health information| Web-Ext-1| Public Relations Web Content Creators: Read/Write on Web-Ext-1
                        Public: Read only on Web-Ext-1| Low| Public education and corporate image| -  + ### Users Many organizations find it useful to classify the types of users they have and base permissions on this classification. This same classification can help you identify which user activities should be the subject of security auditing and the amount of audit data they will generate. @@ -142,7 +144,7 @@ The following table illustrates an analysis of users on a network. Although our | Account administrators| User accounts and security groups| Account administrators have full privileges to create new user accounts, reset passwords, and modify security group memberships. We need a mechanism to monitor these changes. | | Members of the Finance OU| Financial records| Users in Finance have Read/Write access to critical financial records, but no ability to change permissions on these resources. These financial records are subject to government regulatory compliance requirements. | | External partners | Project Z| Employees of partner organizations have Read/Write access to certain project data and servers relating to Project Z, but not to other servers or data on the network.| -  + ### Computers Security and auditing requirements and audit event volume can vary considerably for different types of computers in an organization. These requirements can be based on: @@ -151,11 +153,11 @@ Security and auditing requirements and audit event volume can vary considerably - The important applications the computers run, such as Exchange Server, SQL Server, or Forefront Identity Manager. >**Note:**  If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](https://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](https://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](https://technet.microsoft.com/library/cc280386.aspx). -   + - The operating system versions. >**Note:**  The operating system version determines which auditing options are available and the volume of audit event data. -   + - The business value of the data. For example, a web server that is accessed by external users requires different audit settings than a root certification authority (CA) that is never exposed to the public Internet or even to regular users on the organization's network. @@ -168,7 +170,7 @@ The following table illustrates an analysis of computers in an organization. | File servers | Windows Server 2012| Separate resource OUs by department and (in some cases) by location| | Portable computers | Windows Vista and Windows 7| Separate portable computer OUs by department and (in some cases) by location| | Web servers | Windows Server 2008 R2 | WebSrv OU| -  + ### Regulatory requirements Many industries and locales have strict and specific requirements for network operations and how resources are protected. In the health care and financial industries, for example, there are strict guidelines for who has access to records and how they are used. Many countries have strict privacy rules. To identify regulatory requirements, work with your organization's legal department and other departments responsible for these requirements. Then consider the security configuration and auditing options that can be used to comply with and verify compliance with these regulations. @@ -195,7 +197,7 @@ following considerations for using Group Policy to apply security audit policy s >**Important:**  Whether you apply advanced audit policies by using Group Policy or by using logon scripts, do not use both the basic audit policy settings under **Local Policies\\Audit Policy** and the advanced settings under **Security Settings\\Advanced Audit Policy Configuration**. Using both basic and advanced audit policy settings can cause unexpected results in audit reporting. If you use **Advanced Audit Policy Configuration** settings or use logon scripts to apply advanced audit policies, be sure to enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored. -   + The following are examples of how audit policies can be applied to an organization's OU structure: @@ -232,7 +234,7 @@ Depending on your goals, different sets of audit settings may be of particular v - Network >**Important:**  Settings that are described in the Reference might also provide valuable information about activity audited by another setting. For example, the settings used to monitor user activity and network activity have obvious relevance to protecting your data resources. Likewise, attempts to compromise data resources have huge implications for overall network status, and potentially for how well you are managing the activities of users on the network. -  + ### Data and resource activity For many organizations, compromising the organization's data resources can cause tremendous financial losses, in addition to lost prestige and legal liability. If your organization has critical data resources that need to be @@ -244,14 +246,14 @@ protected against any breach, the following settings can provide extremely valua If success auditing is enabled, an audit entry is generated each time any account successfully accesses a file system object that has a matching SACL. If failure auditing is enabled, an audit entry is generated each time any user unsuccessfully attempts to access a file system object that has a matching SACL. The amount of audit data generated by the **Audit File System** policy setting can vary considerably, depending on the number of objects that have been configured to be monitored. >**Note:**  To audit user attempts to access all file system objects on a computer, use the Global Object Access Auditing settings [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md) or [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md). -   + - Object Access\\[Audit Handle Manipulation](audit-handle-manipulation.md). This policy setting determines whether the operating system generates audit events when a handle to an object is opened or closed. Only objects with configured SACLs generate these events, and only if the attempted handle operation matches the SACL. Event volume can be high, depending on how SACLs are configured. When used together with the **Audit File System** or **Audit Registry** policy settings, the **Audit Handle Manipulation** policy setting can provide an administrator with useful "reason for access" audit data that details the precise permissions on which the audit event is based. For example, if a file is configured as a Read-only resource but a user attempts to save changes to the file, the audit event will log not only the event, but also the permissions that were used (or attempted to be used) to save the file changes. - **Global Object Access Auditing**. A growing number of organizations are using security auditing to comply with regulatory requirements that govern data security and privacy. But demonstrating that strict controls are being enforced can be extremely difficult. To address this issue, the supported versions of Windows include two **Global Object Access Auditing** policy settings, one for the registry and one for the file system. When you configure these settings, they apply a global system access control SACL on all objects of that class on a system, which cannot be overridden or circumvented. >**Important:**  The **Global Object Access Auditing** policy settings must be configured and applied in conjunction with the **Audit File System** and **Audit Registry** audit policy settings in the **Object Access** category. -   + ### User activity The settings in the previous section relate to activity involving the files, folders, and network shares that are stored on a network, and the settings in this section focus on the users, including employees, partners, and customers, who may try to access those resources. @@ -265,7 +267,7 @@ In the majority of cases, these attempts will be legitimate and a network needs - Logon/Logoff\\[Audit Logoff](audit-logoff.md) and Logon/Logoff\\[Audit Logon](audit-logon.md). Logon and logoff events are essential to tracking user activity and detecting potential attacks. Logon events are related to the creation of logon sessions, and they occur on the computer that was accessed. For an interactive logon, events are generated on the computer that was logged on to. For network logon, such as accessing a shared resource, events are generated on the computer that hosts the resource that was accessed. Logoff events are generated when logon sessions are terminated. >**Note:**  There is no failure event for logoff activity because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record. Logoff events are not 100 percent reliable. For example, the computer can be turned off without a proper logoff and shutdown, and a logoff event is not generated. -   + - Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](https://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base. - Object Access\\[Audit Certification Services](audit-certification-services.md). This policy setting allows you to track and monitor a wide variety of activities on a computer that hosts Active Directory Certificate Services (AD CS) role services to ensure that only authorized users are performing or attempting to perform these tasks, and that only authorized or desired tasks are being performed. - Object Access\\[Audit File System](audit-file-system.md) and Object Access\\[Audit File Share](audit-file-share.md). These policy settings are described in the previous section. @@ -273,7 +275,7 @@ In the majority of cases, these attempts will be legitimate and a network needs - Object Access\\[Audit Registry](audit-registry.md). Monitoring for changes to the registry is one of the most critical means that an administrator has to ensure malicious users do not make changes to essential computer settings. Audit events are only generated for objects that have configured SACLs, and only if the type of access that is requested (such as Write, Read, or Modify) and the account making the request match the settings in the SACL. >**Important:**  On critical systems where all attempts to change registry settings need to be tracked, you can combine the **Audit Registry** policy setting with the **Global Object Access Auditing** policy settings to ensure that all attempts to modify registry settings on a computer are tracked. -   + - Object Access\\[Audit SAM](audit-sam.md). The Security Accounts Manager (SAM) is a database that is present on computers running Windows that stores user accounts and security descriptors for users on the local computer. Changes to user and group objects are tracked by the **Account Management** audit category. However, user accounts with the proper user rights could potentially alter the files where the account and password information is stored in the system, bypassing any **Account Management** events. - Privilege Use\\[Audit Sensitive Privilege Use](audit-sensitive-privilege-use.md). **Privilege Use** policy settings and audit events allow you to track the use of certain rights on one or more systems. If you configure this policy setting, an audit event is generated when sensitive rights requests are made. @@ -285,7 +287,7 @@ The following network activity policy settings allow you to monitor security-rel - Account Logon\\[Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md) and Account Logon\\[Audit Kerberos Service Ticket Operations](audit-kerberos-service-ticket-operations.md). Audit policy settings in the **Account Logon** category monitor activities that relate to the use of domain account credentials. These policy settings complement the policy settings in the **Logon/Logoff** category. The **Audit Kerberos Authentication Service** policy setting allows you to monitor the status of and potential threats to the Kerberos service. The Audit **Kerberos Service Ticket Operations** policy setting allows you to monitor the use of Kerberos service tickets. >**Note:**  **Account Logon** policy settings apply only to specific domain account activities, regardless of the computer that is accessed, whereas **Logon/Logoff** policy settings apply to the computer that hosts the resources being accessed. -   + - Account Logon\\[Audit Other Account Logon Events](audit-other-account-logon-events.md). This policy setting can be used to track a number of different network activities, including attempts to create Remote Desktop connections, wired network connections, and wireless connections. - **DS Access**. Policy settings in this category allow you to monitor the AD DS role services, which provide account data, validate logons, maintain network access permissions, and provide other services that are critical to the secure and proper functioning of a network. Therefore, auditing the rights to access and modify the configuration of a domain controller can help an organization maintain a secure and reliable network. In addition, one of the key tasks performed by AD DS is the replication of data between domain controllers. - Logon/Logoff\\[Audit IPsec Extended Mode](audit-ipsec-extended-mode.md), Logon/Logoff\\[Audit IPsec Main Mode](audit-ipsec-main-mode.md), and Logon/Logoff\\[Audit IPsec Quick Mode](audit-ipsec-quick-mode.md). Many networks support large numbers of external users, including remote employees and partners. Because these users are outside the organization's network boundaries, IPsec is often used to help protect communications over the Internet by enabling network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and protection against replay attacks. You can use these settings to ensure that IPsec services are functioning properly. diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index 358f59cf57..f11c4a64fd 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -2,12 +2,14 @@ title: Registry (Global Object Access Auditing) (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer. ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index 43965518d5..512168ee42 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -2,12 +2,14 @@ title: Security auditing (Windows 10) description: Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network. ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 04/19/2017 # Security auditing **Applies to** -- Windows 10 +- Windows 10 Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network. @@ -27,10 +29,11 @@ Topics in this section are for IT professionals and describes the security audit Security auditing is one of the most powerful tools that you can use to maintain the integrity of your system. As part of your overall security strategy, you should determine the level of auditing that is appropriate for your environment. Auditing should identify attacks (successful or not) that pose a threat to your network, and attacks against resources that you have determined to be valuable in your risk assessment. ## In this section + | Topic | Description | | - | - | |[Basic security audit policies](basic-security-audit-policies.md) |Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. | |[Advanced security audit policies](advanced-security-auditing.md) |Advanced security audit policy settings are found in **Security Settings\Advanced Audit Policy Configuration\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently. | -  -  -  + + + diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index 2440624637..919b779ce8 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -2,12 +2,14 @@ title: Using advanced security auditing options to monitor dynamic access control objects (Windows 10) description: This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012. ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -40,9 +42,9 @@ Domain administrators can create and deploy expression-based security audit poli | [Monitor the resource attributes on files and folders](monitor-the-resource-attributes-on-files-and-folders.md)| This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects. | | [Monitor the central access policies associated with files and folders](monitor-the-central-access-policies-associated-with-files-and-folders.md)| This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects. | | [Monitor claim types](monitor-claim-types.md) | This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.| -  + >**Important:**  This procedure can be configured on computers running any of the supported Windows operating systems. The other monitoring procedures can be configured only as part of a functioning dynamic access control deployment. -  + ## Related topics - [Security auditing](security-auditing-overview.md) diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index 7ba1c6a70e..7c25bfb2f8 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -2,12 +2,14 @@ title: View the security event log (Windows 10) description: The security log records each event as defined by the audit policies you set on each object. ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index 20f786b03b..92cdd0107e 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -2,12 +2,14 @@ title: Which editions of Windows support advanced audit policy configuration (Windows 10) description: This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies. ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index f5fea8b85c..99b2a8e507 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -2,13 +2,15 @@ title: Block untrusted fonts in an enterprise (Windows 10) description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4 +ms.reviewer: +manager: dansimp keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts ms.prod: w10 ms.mktglfcycl: deploy ms.pagetype: security ms.sitesec: library -author: justinha -ms.author: justinha +author: dulcemontemayor +ms.author: dolmont ms.date: 08/14/2017 ms.localizationpriority: medium --- @@ -67,9 +69,9 @@ Use Group Policy or the registry to turn this feature on, off, or to use audit m **To turn on and use the Blocking Untrusted Fonts feature through the registry** To turn this feature on, off, or to use audit mode: -1. Open the registry editor (regedit.exe) and go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\`. +1. Open the registry editor (regedit.exe) and go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\`. -2. If the **MitigationOptions** key isn't there, right-click and add a new **QWORD (64-bit) Value**, renaming it to **MitigationOptions**. +2. If the **MitigationOptions** key isn't there, right-click and add a new **QWORD (64-bit) Value**, renaming it to **MitigationOptions**. 3. Right click on the **MitigationOptions** key, and then click **Modify**. @@ -77,16 +79,16 @@ To turn this feature on, off, or to use audit mode: 4. Make sure the **Base** option is **Hexadecimal**, and then update the **Value data**, making sure you keep your existing value, like in the important note below: - - **To turn this feature on.** Type **1000000000000**. + - **To turn this feature on.** Type **1000000000000**. - - **To turn this feature off.** Type **2000000000000**. + - **To turn this feature off.** Type **2000000000000**. - - **To audit with this feature.** Type **3000000000000**. + - **To audit with this feature.** Type **3000000000000**. - >[!Important] - >Your existing **MitigationOptions** values should be saved during your update. For example, if the current value is *1000*, your updated value should be *1000000001000*.  + >[!Important] + >Your existing **MitigationOptions** values should be saved during your update. For example, if the current value is *1000*, your updated value should be *1000000001000*. -4. Restart your computer. +5. Restart your computer. ## View the event log After you turn this feature on, or start using Audit mode, you can look at your event logs for details. @@ -139,11 +141,11 @@ After you figure out the problematic fonts, you can try to fix your apps in 2 wa 2. Add any additional processes that need to be excluded here, and then turn the Blocking untrusted fonts feature on, using the steps in the [Turn on and use the Blocking Untrusted Fonts feature](#turn-on-and-use-the-blocking-untrusted-fonts-feature) section of this topic. -  + ## Related content - [Dropping the “Untrusted Font Blocking” setting](https://blogs.technet.microsoft.com/secguide/2017/06/15/dropping-the-untrusted-font-blocking-setting/) -  + diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index 1deaa652b8..7c5320ff0d 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -1,25 +1,26 @@ --- title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +ms.reviewer: +ms.author: dolmont description: This topic lists new and updated topics in the WWindows Defender ATP content set. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: justinha +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/11/2018 ms.localizationpriority: medium --- # Change history for threat protection -This topic lists new and updated topics in the [Windows Defender ATP](windows-defender-atp/windows-defender-advanced-threat-protection.md) documentation. +This topic lists new and updated topics in the [Microsoft Defender ATP](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) documentation. ## August 2018 New or changed topic | Description ---------------------|------------ -[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform. +[Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform. diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 1439390f50..1ea71b62ad 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -6,9 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -ms.author: justinha -author: justinha +ms.author: dansimp +author: dansimp ms.date: 02/22/2019 +ms.reviewer: +manager: dansimp --- # How to control USB devices and other removable media using Windows Defender ATP @@ -44,7 +46,7 @@ Protecting authorized removable storage with Windows Defender Antivirus requires - If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. ->[!NOTE] +>[!NOTE] >We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. - -**Use Group Policy to randomize scheduled scan start times:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Policies** then **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender** and configure the following setting: - - - Double-click **Randomize scheduled task times** and set the option to **Enabled**. Click **OK**. This adds a true randomization (it is still random if the disk image is replicated) of plus or minus 30 minutes (using all of the intervals) to the start of the scheduled scan and the Security intelligence update. For example, if the schedule start time was set at 2.30pm, then enabling this setting could cause one machine to scan and update at 2.33pm and another machine to scan and update at 2.14pm. - -**Use Configuration Manager to randomize scheduled scans:** - -See [How to create and deploy antimalware policies: Advanced settings]( https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#advanced-settings) for details on configuring System Center Configuration Manager (current branch). +The start time of the scan itself is still based on the scheduled scan policy – ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Windows Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan. See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans. @@ -195,54 +160,17 @@ See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for You can specify the type of scan that should be performed during a scheduled scan. Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active. -**Use Group Policy to specify the type of scheduled scan:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Policies** then **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender > Scan** and configure the following setting: +1. Expand the tree to **Windows components > Windows Defender > Scan** and configure the following setting: - Double-click **Specify the scan type to use for a scheduled scan** and set the option to **Enabled** and **Quick scan**. Click **OK**. -**Use Configuration Manager to specify the type of scheduled scan:** - -See [How to create and deploy antimalware policies: Scheduled scans settings]( https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) for details on configuring System Center Configuration Manager (current branch). - -See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans. - ### Prevent notifications Sometimes, Windows Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Windows Defender Antivirus user interface. -**Use Group Policy to hide notifications:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Policies** then **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender > Client Interface** and configure the following settings: +1. Expand the tree to **Windows components > Windows Defender > Client Interface** and configure the following settings: - Double-click **Suppress all notifications** and set the option to **Enabled**. Click **OK**. This prevents notifications from Windows Defender AV appearing in the action center on Windows 10 when scans or remediation is performed. - - Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users. - -**Use Configuration Manager to hide notifications:** - -1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) - -2. Go to the **Advanced** section and configure the following settings: - - 1. Set **Disable the client user interface** to **Yes**. This hides the entire Windows Defender AV user interface. - - 2. Set **Show notifications messages on the client computer...** to **Yes**. This hides notifications from appearing. - - 3. Click **OK**. - -3. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). ### Disable scans after an update @@ -251,62 +179,27 @@ This setting will prevent a scan from occurring after receiving an update. You c >[!IMPORTANT] >Running scans after an update will help ensure your VMs are protected with the latest Security intelligence updates. Disabling this option will reduce the protection level of your VMs and should only be used when first creating or deploying the base image. -**Use Group Policy to disable scans after an update:** - -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration**. - -3. Click **Policies** then **Administrative templates**. - -4. Expand the tree to **Windows components > Windows Defender > Signature Updates** and configure the following setting: +1. Expand the tree to **Windows components > Windows Defender > Signature Updates** and configure the following setting: - Double-click **Turn on scan after signature update** and set the option to **Disabled**. Click **OK**. This prevents a scan from running immediately after an update. -**Use Configuration Manager to disable scans after an update:** - -1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) - -2. Go to the **Scheduled scans** section and configure the following setting: - -3. Set **Check for the latest Security intelligence updates before running a scan** to **No**. This prevents a scan after an update. - -4. Click **OK**. - -5. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). - ### Scan VMs that have been offline -This setting will help ensure protection for a VM that has been offline for some time or has otherwise missed a scheduled scan. +1. Expand the tree to **Windows components > Windows Defender > Scan** and configure the following setting: -**Use Group Policy to enable a catch-up scan:** +1. Double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. Click **OK**. This forces a scan if the VM has missed two or more consecutive scheduled scans. -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration**. +### Enable headless UI mode + - Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users. -3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender > Scan** and configure the following setting: - -5. Double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. Click **OK**. This forces a scan if the VM has missed two or more consecutive scheduled scans. - -**Use Configuration Manager to disable scans after an update:** - -1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) - -2. Go to the **Scheduled scans** section and configure the following setting: - -3. Set **Force a scan of the selected scan type if client computer is offline during...** to **Yes**. This forces a scan if the VM has missed two or more consecutive scheduled scans. - -4. Click **OK**. - -5. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). ### Exclusions On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, you can refer to the exclusions that are applied on this page: - [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus) + ## Additional resources - [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( http://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s) diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md index 3d7368b36a..1fbf4b6b35 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: detect ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Detect and block potentially unwanted applications **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network. @@ -33,7 +35,7 @@ Typical PUA behavior includes: These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications. >[!TIP] ->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. +>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. ## How it works diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 787c9a85ad..4bbfd25108 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Enable cloud-delivered protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!NOTE] >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md index c937715d4a..33b7f2e9ab 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md @@ -9,21 +9,23 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Evaluate Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. >[!TIP] ->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work: +>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work: >- Cloud-delivered protection >- Fast learning (including Block at first sight) >- Potentially unwanted application blocking diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_page.png b/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_page.png new file mode 100644 index 0000000000..3a001d880d Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_page.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png index aa0d5c7caf..6463593a6c 100644 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png and b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_DownloadPackages.png b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_DownloadPackages.png new file mode 100644 index 0000000000..cc63efe4a4 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_DownloadPackages.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_IntuneAppUtil.png b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_IntuneAppUtil.png deleted file mode 100644 index 1bc70e06c0..0000000000 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_2_IntuneAppUtil.png and /dev/null differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png index f55eea0b2c..d043256187 100644 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md index 93ef8703d6..a5cbbeb7a7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- @@ -20,7 +22,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md index ce5dd02552..6d9853ffb9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage event-based forced updates **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. @@ -144,7 +146,7 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi 1. Double-click **Allow real-time definition updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**. 2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**. -> [!NOTE] +> [!NOTE] > "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index 9a77e63d64..546c3d3604 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage Windows Defender Antivirus updates and scans for endpoints that are out of date **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. @@ -181,4 +183,4 @@ See the following for more information and allowed parameters: - [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) - [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) - [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index 4f8774109a..48167c31af 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -5,20 +5,23 @@ keywords: updates, security baselines, schedule updates search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 +search.appverid: met150 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage the schedule for when protection updates should be downloaded and applied **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus lets you determine when it should look for and download updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index f05c21e0b5..ca65e8d570 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage the sources for Windows Defender Antivirus protection updates **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -83,27 +85,27 @@ The procedures in this article first describe how to set the order, and then how **Use Group Policy to manage the update location:** -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -3. In the **Group Policy Management Editor** go to **Computer configuration**. +2. In the **Group Policy Management Editor** go to **Computer configuration**. -4. Click **Policies** then **Administrative templates**. +3. Click **Policies** then **Administrative templates**. -5. Expand the tree to **Windows components > Windows Defender > Signature updates** and configure the following settings: +4. Expand the tree to **Windows components > Windows Defender > Signature updates** and configure the following settings: - 1. Double-click the **Define the order of sources for downloading definition updates** setting and set the option to **Enabled**. + 1. Double-click the **Define the order of sources for downloading definition updates** setting and set the option to **Enabled**. - 2. Enter the order of sources, separated by a single pipe, for example: `InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC`, as shown in the following screenshot. + 2. Enter the order of sources, separated by a single pipe, for example: `InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC`, as shown in the following screenshot. - ![Screenshot of group policy setting listing the order of sources](images/defender/wdav-order-update-sources.png) + ![Screenshot of group policy setting listing the order of sources](images/defender/wdav-order-update-sources.png) - 3. Click **OK**. This will set the order of protection update sources. + 3. Click **OK**. This will set the order of protection update sources. - 1. Double-click the **Define file shares for downloading definition updates** setting and set the option to **Enabled**. + 4. Double-click the **Define file shares for downloading definition updates** setting and set the option to **Enabled**. - 2. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://msdn.microsoft.com/library/gg465305.aspx) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates. + 5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://msdn.microsoft.com/library/gg465305.aspx) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates. - 3. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting. + 6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting. **Use Configuration Manager to manage the update location:** diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md index 99e2c737d9..e5efd9c691 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage Windows Defender Antivirus updates and apply baselines **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) There are two types of updates related to keeping Windows Defender Antivirus up to date: 1. Protection updates diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md index 93a9e45f84..342cc01fe5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Manage updates for mobile devices and virtual machines (VMs) **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md new file mode 100644 index 0000000000..c261037801 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -0,0 +1,118 @@ +--- +title: Installing Microsoft Defender ATP for Mac manually +ms.reviewer: +description: Describes how to install Microsoft Defender ATP for Mac manually, from the command line. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Manual deployment + +**Applies to:** + +[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + + ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png) + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721152 + -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + inflating: WindowsDefenderATPOnboarding.py + ``` + +## Application installation + +To complete this process, you must have admin privileges on the machine. + +1. Navigate to the downloaded wdav.pkg in Finder and open it. + + ![App install screenshot](images/MDATP_28_AppInstall.png) + +2. Select **Continue**, agree with the License terms, and enter the password when prompted. + + ![App install screenshot](images/MDATP_29_AppInstallLogin.png) + + > [!IMPORTANT] + > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + + ![App install screenshot](images/MDATP_30_SystemExtension.png) + +3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: + + ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) + +The installation will proceed. + +> [!NOTE] +> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. + +## Client configuration + +1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. + + The client machine is not associated with orgId. Note that the orgid is blank. + + ```bash + mavel-mojave:wdavconfig testuser$ mdatp --health orgId + ``` + +2. Install the configuration file on a client machine: + + ```bash + mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) + ``` + +3. Verify that the machine is now associated with orgId: + + ```bash + mavel-mojave:wdavconfig testuser$ mdatp --health orgId + E6875323-A6C0-4C60-87AD-114BBE7439B8 + ``` + +After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md new file mode 100644 index 0000000000..6f3b99dc46 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -0,0 +1,169 @@ +--- +title: Installing Microsoft Defender ATP for Mac with Microsoft Intune +ms.reviewer: +description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Microsoft Intune-based deployment + +**Applies to:** + +[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Microsoft Defender Security Center: + +1. In Microsoft Defender Security Center, go to **Settings** > **Device Management** > **Onboarding**. +2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. +5. Download **IntuneAppUtil** from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos). + + ![Windows Defender Security Center screenshot](images/MDATP_2_DownloadPackages.png) + +6. From a command prompt, verify that you have the three files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721688 + -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +7. Make IntuneAppUtil an executable: + + ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` + +8. Create the wdav.pkg.intunemac package from wdav.pkg: + + ```bash + mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" + Microsoft Intune Application Utility for Mac OS X + Version: 1.0.0.0 + Copyright 2018 Microsoft Corporation + + Creating intunemac file for /Users/test/Downloads/wdav.pkg + Composing the intunemac file output + Output written to ./wdav.pkg.intunemac. + + IntuneAppUtil successfully processed "wdav.pkg", + to deploy refer to the product documentation. + ``` + +## Client device setup + +You need no special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). + +1. You'll be asked to confirm device management. + +![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) + +Select **Open System Preferences**, locate **Management Profile** on the list and select **Approve...**. Your Management Profile would be displayed as **Verified**: + +![Management profile screenshot](images/MDATP_4_ManagementProfile.png) + +2. Select **Continue** and complete the enrollment. + +You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages. + +3. In Intune, open **Manage** > **Devices** > **All devices**. You'll see your device among those listed: + +![Add Devices screenshot](images/MDATP_5_allDevices.png) + +## Create System Configuration profiles + +1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**. +2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**. +3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. +4. Select **OK**. + + ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) + +5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +6. Repeat steps 1 through 5 for additional profiles. +7. Create a new profile one more time, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file. +8. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. + +Once the Intune changes are propagated to the enrolled devices, you'll see them listed under **Monitor** > **Device status**: + +![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) + +## Publish application + +1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. +2. Select **App type=Other/Line-of-business app**. +3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. +4. Select **Configure** and add the required information. +5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any arbitrary value. + + ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) + +6. Select **OK** and **Add**. + + ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) + +7. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**. + + ![Client apps screenshot](images/MDATP_10_ClientApps.png) + +8. Change **Assignment type** to **Required**. +9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. + + ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) + +10. After some time the application will be published to all enrolled devices. You'll see it listed on **Monitor** > **Device**, under **Device install status**: + + ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) + +## Verify client device state + +1. After the configuration profiles are deployed to your devices, open **System Preferences** > **Profiles** on your Mac device. + + ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) + ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) + +2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that we added in Intune.: + ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) + +3. You should also see the Microsoft Defender icon in the top-right corner: + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md new file mode 100644 index 0000000000..b7524656f9 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -0,0 +1,237 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +ms.reviewer: +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# JAMF-based deployment + +**Applies to:** + +[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > device Management > Onboarding**. +2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. + + ![Windows Defender Security Center screenshot](images/MDATP_2_DownloadPackages.png) + +5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721160 + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +## Create JAMF Policies + +You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices. + +### Configuration Profile + +The configuration profile contains a custom settings payload that includes: + +- Microsoft Defender ATP for Mac onboarding information +- Approved Kernel Extensions payload, to enable running the Microsoft kernel driver + +To set the onboarding information, add a property list file with the name, _jamf/WindowsDefenderATPOnboarding.plist_, as a custom setting. You can do this by navigating to **Computers**>**Configuration Profiles**, selecting **New**, then choosing **Custom Settings**>**Configure**. From there, you can upload the property list. + + >[!IMPORTANT] + > You must set the the Preference Domain as "com.microsoft.wdav.atp" + + ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) + +### Approved Kernel Extension + +To approve the kernel extension: + +1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. +2. Use **UBF8T346G9** for Team Id. + +![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) + +#### Configuration Profile's Scope + +Configure the appropriate scope to specify the devices that will receive the configuration profile. + +Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target. + +![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) + +Save the **Configuration Profile**. + +Use the **Logs** tab to monitor deployment status for each enrolled device. + +### Package + +1. Create a package in **Settings > Computer Management > Packages**. + + ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) + +2. Upload the package to the Distribution Point. +3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_. + +### Policy + +Your policy should contain a single package for Microsoft Defender. + +![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) + +Configure the appropriate scope to specify the computers that will receive this policy. + +After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled device. + +## Client device setup + +You'll need no special provisioning for a macOS computer, beyond the standard JAMF Enrollment. + +> [!NOTE] +> After a computer is enrolled, it will show up in the Computers inventory (All Computers). + +1. Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. + +![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) +![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) + +After a moment, the device's User Approved MDM status will change to **Yes**. + +![MDM status screenshot](images/MDATP_23_MDMStatus.png) + +You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages. + +## Deployment + +Enrolled client devices periodically poll the JAMF Server, and install new configuration profiles and policies as soon as they are detected. + +### Status on the server + +You can monitor deployment status in the **Logs** tab: + +- **Pending** means that the deployment is scheduled but has not yet happened +- **Completed** means that the deployment succeeded and is no longer scheduled + +![Status on server screenshot](images/MDATP_24_StatusOnServer.png) + +### Status on client device + +After the Configuration Profile is deployed, you'll see the profile for the device in **System Preferences** > **Profiles >**. + +![Status on client screenshot](images/MDATP_25_StatusOnClient.png) + +Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner. + +![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +You can monitor policy installation on a device by following the JAMF log file: + +```bash + mavel-mojave:~ testuser$ tail -f /var/log/jamf.log + Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. + Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... + Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV + Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. +``` + +You can also check the onboarding status: + +```bash +mavel-mojave:~ testuser$ mdatp --health +... +licensed : true +orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" +... +``` + +- **licensed**: This confirms that the device has an ATP license. + +- **orgid**: Your Microsoft Defender ATP org id; it will be the same for your organization. + +## Check onboarding status + +You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status: + +```bash +mdatp --health healthy +``` + +This script returns: +- 0 if Microsoft Defender ATP is registered with the Microsoft Defender ATP service +- 1 if the device is not yet onboarded +- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +This method is based on the script described in [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling). + +### Script + +Create a script in **Settings > Computer Management > Scripts**. + +This script removes Microsoft Defender ATP from the /Applications directory: + +```bash + echo "Is WDAV installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Uninstalling WDAV..." + rm -rf '/Applications/Microsoft Defender ATP.app' + + echo "Is WDAV still installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Done!" +``` + +![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) + +### Policy + +Your policy should contain a single script: + +![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) + +Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md new file mode 100644 index 0000000000..5bdebb3c04 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md @@ -0,0 +1,81 @@ +--- +title: Installing Microsoft Defender ATP for Mac with different MDM product +description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution. +keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: mavel +author: maximvelichko +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Deployment with a different MDM system + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +## Approach + +Your organization may use a Mobile Device Management (MDM) solution we do not officially support. +This does not mean you will be unable to deploy or run Microsoft Defender ATP for Mac. +However, we will not be able to provide support for deploying or managing Defender via these solutions. + +Microsoft Defender ATP for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features: + +- Deploying a macOS .pkg to managed machines. +- Deploying macOS system configuration profiles to managed machines. +- Running an arbitrary admin-configured tool/script on managed machines. + +The majority of modern MDM solutions include these features, however, they may call them differently. + +You can deploy Defender without the last requirement from the list above, however: + +- You won't be able to collect status in a centralized way +- If you decide to uninstall Defender, you'll need to logon to the client machine locally as an administrator + +## Deployment + +Most MDM solution use the same model for managing macOS machines, with similar terminology. +Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template. + +### Package + +Configure deployment of a [required application package](microsoft-defender-atp-mac-install-with-jamf.md#package), +with the installation package (wdav.pkg) downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages). + +Your MDM solution can allow you uploading of an arbitrary application package, or require you to wrap it into a custom package first. + +### License settings + +Setup [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile). +Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS. + +Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can extracted from an onboarding package downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages). +Your system may support an arbitrary property list in XML format. You can just upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case. +Alternatively, it may require you to convert the property list to a different format first. + +Note that your custom profile would have an id, name or domain attribute. You must use exactly "com.microsoft.wdav.atp". +MDM will use it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender will use this file for loading onboarding info. + +### KEXT + +Setup a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to whitelist kernel extensions provided by Microsoft. + +## Was it successful? + +Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md new file mode 100644 index 0000000000..3b68d01cfd --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -0,0 +1,129 @@ +--- +title: Microsoft Defender ATP for Mac Resources +ms.reviewer: +description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Resources + +**Applies to:** + +[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Collecting diagnostic information + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1. Increase logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp --log-level verbose + Creating connection to daemon + Connection established + Operation succeeded + ``` + +2. Reproduce the problem + +3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic --create + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4. Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp --log-level info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +## Logging installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. + +## Uninstalling + +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune. + +### Within the GUI + +- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. + +### From the command line + +- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` + +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp --config rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp --config cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp --config diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp --config sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp --scan --path [path]` | +|Protection |Do a quick scan |`mdatp --scan --quick` | +|Protection |Do a full scan |`mdatp --scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | +|Protection |Request a definition update |`mdatp --definition-update` | + +## Microsoft Defender ATP portal information + +In the Microsoft Defender ATP portal, you'll see two categories of information: + +- AV alerts, including: + - Severity + - Scan type + - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) + - File information (name, path, size, and hash) + - Threat information (name, type, and state) +- Device information, including: + - Machine identifier + - Tenant identifier + - App version + - Hostname + - OS type + - OS version + - Computer model + - Processor architecture + - Whether the device is a virtual machine + +## Known issues + +- Not fully optimized for performance or disk space yet. +- Full Microsoft Defender ATP integration is not available yet. +- Mac devices that switch networks may appear multiple times in the Microsoft Defender ATP portal. +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index cccde77573..b3ad2a2c8c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -1,5 +1,6 @@ --- title: Microsoft Defender ATP for Mac +ms.reviewer: description: Describes how to install and use Microsoft Defender ATP for Mac. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh @@ -8,8 +9,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: macapara -author: mjcaparas +ms.author: dansimp +author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -17,494 +18,84 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Microsoft Defender ATP for Mac +# Microsoft Defender Advanced Threat Protection for Mac >[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>This topic relates to the pre-release version of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +This topic describes how to install and use Microsoft Defender ATP for Mac. + +## What’s new in the public preview + +Since opening the limited preview, we've been working non-stop to enhance the product, by listening to customer feedback. We've reduced the time it takes for devices to appear in Microsoft Defender Security Center, immediately following deployment. We've improved threat handling, enhanced the user experience, and fixed bugs. Other updates to Microsoft Defender ATP for Mac include: + +- Enhanced accessibility +- Improved performance +- improved client product health monitoring +- Localization into 37 languages +- Improved anti-tampering protections +- Feedback and samples can now be submitted via the interface. +- Product health can be queried with JAMF or the command line. +- Admins can set their cloud preference for any location, not just for those in the US. + +## Installing and configuring + +There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. + +In general you'll need to take the following steps: + +- Ensure you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal +- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: + - Via the command line tool: + - [Manual deployment](microsoft-defender-atp-mac-install-manually.md) + - Via third party tools: + - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md) + - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) + - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md) + +Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal. + +### Prerequisites -## Prerequisites You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine. -You should also have access to Windows Defender Security Center. +You should also have access to Microsoft Defender Security Center. ### System Requirements + - macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) - Disk space during preview: 1GB Beta versions of macOS are not supported. > [!CAUTION] -> Running other third-party endpoint protection along with Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects. +> Running other third-party endpoint protection alongside Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects. After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them: | Service | Description | URL | -| -------------- |:------------------------------------:| --------------------------------------------------------------------:| -| ATP | Advanced threat protection service | `https://x.cp.wd.microsoft.com/`, `https://*.x.cp.wd.microsoft.com/` | +| -------------- | ------------------------------------ | -------------------------------------------------------------------- | +| ATP | Advanced threat protection service | [https://x.cp.wd.microsoft.com](https://x.cp.wd.microsoft.com), [https://cdn.x.cp.wd.microsoft.com](https://cdn.x.cp.wd.microsoft.com) | -To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://wu-cdn.x.cp.wd.microsoft.com/` in a browser, or run the following command in Terminal: +To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping]([https://cdn.x.cp.wd.microsoft.com/ping) in a browser. -``` - mavel-mojave:~ testuser$ curl 'https://x.cp.wd.microsoft.com/api/report' - OK +If you prefer the command line, you can also check the connection by running the following command in Terminal: + +```bash +testuser$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' ``` -We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. -SIP is a built-in macOS security feature that prevents low-level tampering with the OS. +The output from this command should look like this: -## Installation and configuration overview -There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. -In general you'll need to take the following steps: - - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - * [Microsoft Intune based deployment](#microsoft-intune-based-deployment) - * [JAMF based deployment](#jamf-based-deployment) - * [Manual deployment](#manual-deployment) +> `OK https://x.cp.wd.microsoft.com/api/report` +> +> `OK https://cdn.x.cp.wd.microsoft.com/ping` -## Microsoft Intune based deployment -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. -5. Download IntuneAppUtil from https://docs.microsoft.com/en-us/intune/lob-apps-macos. +We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default. - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) +## Resources -6. From a command prompt, verify that you have the three files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721688 - -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` -7. Make IntuneAppUtil an executable: - - ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` - -8. Create the wdav.pkg.intunemac package from wdav.pkg: - - ``` - mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" - Microsoft Intune Application Utility for Mac OS X - Version: 1.0.0.0 - Copyright 2018 Microsoft Corporation - - Creating intunemac file for /Users/test/Downloads/wdav.pkg - Composing the intunemac file output - Output written to ./wdav.pkg.intunemac. - - IntuneAppUtil successfully processed "wdav.pkg", - to deploy refer to the product documentation. - ``` - -### Client Machine Setup -You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). - -1. You'll be asked to confirm device management. - -![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) - -Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: - -![Management profile screenshot](images/MDATP_4_ManagementProfile.png) - -2. Select the **Continue** button and complete the enrollment. - -You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. - -3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: - -![Add Devices screenshot](images/MDATP_5_allDevices.png) - -### Create System Configuration profiles -1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. -2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. -3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. -4. Select **OK**. - - ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) - -5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. -7. Repeat these steps with the second profile. -8. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. -9. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. - -After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: - -![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) - -### Publish application - -1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. -2. Select **App type=Other/Line-of-business app**. -3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. -4. Select **Configure** and add the required information. -5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. - - ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) - -6. Select **OK** and **Add**. - - ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) - -7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. - - ![Client apps screenshot](images/MDATP_10_ClientApps.png) - -8. Change **Assignment type=Required**. -9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. - - ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) - -10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: - - ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) - -### Verify client machine state -1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. - - ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) - ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) - -2. Verify the three profiles listed there: - ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) - -3. The **Management Profile** should be the Intune system profile. -4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. -5. You should also see the Microsoft Defender icon in the top-right corner: - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## JAMF based deployment -### Prerequsites -You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. - - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721160 - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` - -### Create JAMF Policies -You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. - -#### Configuration Profile -The configuration profile contains one custom settings payload that includes: - -- Microsoft Defender ATP for Mac onboarding information -- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run - - -1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. - - >[!NOTE] - > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. - - ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) - -#### Approved Kernel Extension - -To approve the kernel extension: -1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. -2. Use **UBF8T346G9** for Team Id. - -![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) - -#### Configuration Profile's Scope -Configure the appropriate scope to specify the machines that will receive this configuration profile. - -Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. - -![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) - -Save the **Configuration Profile**. - -Use the **Logs** tab to monitor deployment status for each enrolled machine. - -#### Package -1. Create a package in **Settings > Computer Management > Packages**. - - ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) - -2. Upload wdav.pkg to the Distribution Point. -3. In the **filename** field, enter the name of the package. For example, wdav.pkg. - -#### Policy -Your policy should contain a single package for Microsoft Defender. - -![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) - -Configure the appropriate scope to specify the computers that will receive this policy. - -After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. - -### Client machine setup -You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. - -> [!NOTE] -> After a computer is enrolled, it will show up in the Computers inventory (All Computers). - -1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - -![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) -![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) - -After some time, the machine's User Approved MDM status will change to Yes. - -![MDM status screenshot](images/MDATP_23_MDMStatus.png) - -You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - -### Deployment -Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. - -#### Status on server -You can monitor the deployment status in the Logs tab: - - **Pending** means that the deployment is scheduled but has not yet happened - - **Completed** means that the deployment succeeded and is no longer scheduled - -![Status on server screenshot](images/MDATP_24_StatusOnServer.png) - - -#### Status on client machine -After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. - -![Status on client screenshot](images/MDATP_25_StatusOnClient.png) - -After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - -![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -You can monitor policy installation on a machine by following the JAMF's log file: - -``` -mavel-mojave:~ testuser$ tail -f /var/log/jamf.log -Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. -Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... -Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV -Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. -``` - -You can also check the onboarding status: -``` -mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py -uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 -orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -``` - -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. - -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. - -### Uninstalling Microsoft Defender ATP for Mac -#### Uninstalling with a script - -Create a script in **Settings > Computer Management > Scripts**. - -![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) - -For example, this script removes Microsoft Defender ATP from the /Applications directory: - -``` -echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender ATP.app' - -echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Done!" -``` - -#### Uninstalling with a policy -Your policy should contain a single script: - -![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) - -Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. - -### Check onboarding status - -You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: - -``` -sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' -``` - -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. - -## Manual deployment - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721152 - -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py - ``` - -### Application installation -To complete this process, you must have admin privileges on the machine. - -1. Navigate to the downloaded wdav.pkg in Finder and open it. - - ![App install screenshot](images/MDATP_28_AppInstall.png) - -2. Select **Continue**, agree with the License terms, and enter the password when prompted. - - ![App install screenshot](images/MDATP_29_AppInstallLogin.png) - - > [!IMPORTANT] - > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - - ![App install screenshot](images/MDATP_30_SystemExtension.png) - -3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: - - ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) - - -The installation will proceed. - -> [!NOTE] -> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. - -### Client configuration -1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. - - The client machine is not associated with orgId. Note that the orgid is blank. - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : - ``` -2. Install the configuration file on a client machine: - - ``` - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py - Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) - ``` - -3. Verify that the machine is now associated with orgId: - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 - ``` -After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## Uninstallation -### Removing Microsoft Defender ATP from Mac devices -To remove Microsoft Defender ATP from your macOS devices: - -- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. - -Or, from a command line: - -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` - -## Known issues -- Microsoft Defender ATP is not yet optimized for performance or disk space. -- Centrally managed uninstall using Intune is still in development. To uninstall (as a workaround) a manual uninstall action has to be completed on each client device). -- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only. -- Full Windows Defender ATP integration is not yet available -- Not localized yet -- There might be accessibility issues - -## Collecting diagnostic information -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ``` - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded -``` - - -### Installation issues -If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. +For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page. diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md index 8c12b9ff9d..f9457d3f21 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md @@ -1,7 +1,7 @@ # [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -## [Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md) +## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md) ## [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md new file mode 100644 index 0000000000..2023523f4a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -0,0 +1,58 @@ +--- +title: Prevent security settings changes with Tamper Protection +ms.reviewer: +manager: dansimp +description: Use tamper protection to prevent malicious apps from changing important security settings. +keywords: malware, defender, antivirus, tamper protection +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: dansimp +ms.author: dansimp +--- + +# Prevent security settings changes with tamper protection + +**Applies to:** + +- Windows 10 + +Tamper Protection helps prevent malicious apps from changing important security settings. These settings include: + +- Real-time protection +- Cloud-delivered protection +- IOfficeAntivirus (IOAV) +- Behavior monitoring +- Removing security intelligence updates + +With Tamper Protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: + +- Mobile device management (MDM) apps like Intune +- Enterprise configuration management apps like System Center Configuration Manager (SCCM) +- Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures +- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup) +- Group Policy +- Other Windows Management Instrumentation (WMI) apps + +The Tamper Protection setting doesn't affect how third party antivirus apps register with the Windows Security app. + +On computers running Windows 10 Enterprise E5, users can't change the Tamper Protection setting. + +Tamper Protection is set to **On** by default. If you set Tamper Protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & Threat Protection**. + +## Configure tamper protection + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. +3. Set **Tamper Protection** to **On** or **Off**. + +>[!NOTE] +>Tamper Protection blocks attempts to modify Windows Defender Antivirus settings through the registry. +> +>To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. +> +>Once you’ve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md index a156c5b1dd..583e4365b4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Prevent users from seeing or interacting with the Windows Defender Antivirus user interface **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans. @@ -35,7 +37,7 @@ With the setting set to **Disabled** or not configured: ![Scheenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png) >[!NOTE] ->Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Windows Defender Advanced Threat Protection notifications will still appear. You can also individually [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) +>Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning "Your system administrator has restricted access to this app.": @@ -80,4 +82,4 @@ You can prevent users from pausing scans. This can be helpful to ensure schedule - [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md) - [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md index 6e22b89713..41a8f3094f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Report on Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md index 1718727ee2..8c57a43727 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 11/16/2018 +ms.reviewer: +manager: dansimp --- # Restore quarantined files in Windows Defender AV **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender Antivirus quarantines suspicious files. If you are certain these files do not present a threat, you can restore them. diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md index ae3a67efe6..1c07b37c51 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Review Windows Defender Antivirus scan results **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results. @@ -79,4 +81,4 @@ Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**] ## Related topics - [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md index 15a9be7d17..33c3ad51b5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Configure and run on-demand Windows Defender Antivirus scans **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type. @@ -91,4 +93,4 @@ See the following for more information and allowed parameters: - [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md) - [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 9a451f585c..bf6852066d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 12/10/2018 +ms.reviewer: +manager: dansimp --- # Configure scheduled quick or full Windows Defender Antivirus scans **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!NOTE] > By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default. diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index 089226de14..11c42404cd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -9,20 +9,22 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Specify the cloud-delivered protection level **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager. ->[!NOTE] +>[!NOTE] >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index 85b5650e9c..81599231f8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Troubleshoot Windows Defender Antivirus reporting in Update Compliance **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 0bdced17c6..a4c209b5bd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/11/2018 +ms.reviewer: +manager: dansimp --- # Review event logs and error codes to troubleshoot issues with Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If you encounter a problem with Windows Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution. @@ -28,12 +30,12 @@ The tables list: - [Windows Defender Antivirus client error codes](#error-codes) - [Internal Windows Defender Antivirus client error codes (used by Microsoft during development and testing)](#internal-error-codes) ->[!TIP] ->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working: - ->- Cloud-delivered protection ->- Fast learning (including Block at first sight) ->- Potentially unwanted application blocking +> [!TIP] +> You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working: +> +> - Cloud-delivered protection +> - Fast learning (including Block at first sight) +> - Potentially unwanted application blocking ## Windows Defender Antivirus event IDs @@ -97,7 +99,7 @@ Description:
                      Scan Resources: <Resources (such as files/directories/BHO) that were scanned.>
                      -
                      User: <Domain>\\<User>
                      +
                      User: <Domain>\<User>
                      @@ -138,7 +140,7 @@ Description:
                    • Customer scan
                    -
                    User: <Domain>\\<User>
                    +
                    User: <Domain>\<User>
                    Scan Time: <The duration of a scan.>
                    @@ -182,7 +184,7 @@ Description:
                  • Customer scan
                  -
                  User: <Domain>\<User>
                  +
                  User: <Domain>&lt;User>
                  Scan Time: <The duration of a scan.>
                  @@ -226,7 +228,7 @@ Description:
                • Customer scan
                -
                User: <Domain>\\<User>
                +
                User: <Domain>\<User>
                @@ -269,7 +271,7 @@ Description:
              • Customer scan
              -
              User: <Domain>\\<User>
              +
              User: <Domain>\<User>
              @@ -312,7 +314,7 @@ Description:
            • Customer scan
            -
            User: <Domain>\\<User>
            +
            User: <Domain>\<User>
            Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
            Error Description: <Error description> @@ -401,7 +403,7 @@ For more information please see the following:
          Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC
          Status: <Status>
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Process Name: <Process in the PID>
          Signature Version: <Definition version>
          Engine Version: <Antimalware Engine version>
          @@ -435,7 +437,7 @@ Description: Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Name: <Threat name>
          ID: <Threat ID>
          Severity: <Severity>, for example:
            @@ -487,7 +489,7 @@ Description: Windows Defender Antivirus has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:
            -
            User: <Domain>\\<User>
            +
            User: <Domain>\<User>
            Name: <Threat name>
            ID: <Threat ID>
            Severity: <Severity>, for example:
              @@ -557,7 +559,7 @@ Windows Defender Antivirus has restored an item from quarantine. For more inform
            Category: <Category description>, for example, any threat or malware type.
            Path: <File path>
            -
            User: <Domain>\\<User>
            +
            User: <Domain>\<User>
            Signature Version: <Definition version>
            Engine Version: <Antimalware Engine version>
            @@ -601,7 +603,7 @@ Windows Defender Antivirus has encountered an error trying to restore an item fr
          Category: <Category description>, for example, any threat or malware type.
          Path: <File path>
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
          Error Description: <Error description> @@ -635,8 +637,7 @@ Message: Description: -Windows Defender Antivirus has deleted an item from quarantine. -For more information please see the following: +Windows Defender Antivirus has deleted an item from quarantine.
          For more information please see the following:
          Name: <Threat name>
          ID: <Threat ID>
          @@ -649,7 +650,7 @@ For more information please see the following:
          Category: <Category description>, for example, any threat or malware type.
          Path: <File path>
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Signature Version: <Definition version>
          Engine Version: <Antimalware Engine version>
          @@ -693,7 +694,7 @@ For more information please see the following:
          Category: <Category description>, for example, any threat or malware type.
          Path: <File path>
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
          Error Description: <Error description> @@ -730,7 +731,7 @@ Description: Windows Defender Antivirus has removed history of malware and other potentially unwanted software.
          Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          @@ -761,7 +762,7 @@ Description: Windows Defender Antivirus has encountered an error trying to remove history of malware and other potentially unwanted software.
          Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.
          -
          User: <Domain>\\<User>
          +
          User: <Domain>\<User>
          Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
          Error Description: <Error description> @@ -793,8 +794,7 @@ Message: Description: -Windows Defender Antivirus has detected a suspicious behavior. -For more information please see the following: +Windows Defender Antivirus has detected a suspicious behavior.
          For more information please see the following:
          Name: <Threat name>
          ID: <Threat ID>
          @@ -836,7 +836,7 @@ For more information please see the following:
        Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC
        Status: <Status>
        -
        User: <Domain>\\<User>
        +
        User: <Domain>\<User>
        Process Name: <Process in the PID>
        Signature ID: Enumeration matching severity.
        Signature Version: <Definition version>
        @@ -871,8 +871,7 @@ Message: Description: -Windows Defender Antivirus has detected malware or other potentially unwanted software. -For more information please see the following: +Windows Defender Antivirus has detected malware or other potentially unwanted software.
        For more information please see the following:
        Name: <Threat name>
        ID: <Threat ID>
        @@ -913,7 +912,7 @@ For more information please see the following:
      • Remote attestation
      Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC -
      User: <Domain>\\<User>
      +
      User: <Domain>\<User>
      Process Name: <Process in the PID>
      Signature Version: <Definition version>
      Engine Version: <Antimalware Engine version>
      @@ -953,8 +952,7 @@ Message: Description: -Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. -For more information please see the following: +Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software.
      For more information please see the following:
      Name: <Threat name>
      ID: <Threat ID>
      @@ -995,7 +993,7 @@ For more information please see the following:
    • Remote attestation
    Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC -
    User: <Domain>\\<User>
    +
    User: <Domain>\<User>
    Process Name: <Process in the PID>
    Action: <Action>, for example:
    • Clean: The resource was cleaned
      • @@ -1081,8 +1079,7 @@ Message: Description: -Windows Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software. -For more information please see the following: +Windows Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software.
      For more information please see the following:
      Name: <Threat name>
      ID: <Threat ID>
      @@ -1123,7 +1120,7 @@ For more information please see the following:
    • Remote attestation
    Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC
    -
    User: <Domain>\\<User>
    +
    User: <Domain>\<User>
    Process Name: <Process in the PID>
    Action: <Action>, for example:
    • Clean: The resource was cleaned
      • @@ -1177,8 +1174,7 @@ Message: Description: -Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. -For more information please see the following: +Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
      For more information please see the following:
      Name: <Threat name>
      ID: <Threat ID>
      @@ -1219,7 +1215,7 @@ For more information please see the following:
    • Remote attestation
    Antimalware Scan Interface (AMSI). Primarily used to protect scripts (PS, VBS), though it can be invoked by third parties as well. UAC
    -
    User: <Domain>\\<User>
    +
    User: <Domain>\<User>
    Process Name: <Process in the PID>
    Action: <Action>, for example:
    • Clean: The resource was cleaned
      • @@ -1285,7 +1281,7 @@ Verify that the user has permission to access the necessary resources. - + If this event persists:
      1. Run the scan again.
      2. If it fails in the same way, go to the Microsoft Support site, enter the error number in the Search box to look for the error code.
        3. @@ -1328,7 +1324,7 @@ Windows Defender Antivirus client is up and running in a healthy state. -
        Note This event will only be logged if the following policy is set: ThreatFileHashLogging unsigned.
        +
        Note This event will only be logged if the following policy is set: ThreatFileHashLogging unsigned.
        @@ -1417,10 +1413,10 @@ Antivirus client health report.
        Antispyware signature creation time: ?<Antispyware signature creation time>
        Last quick scan start time: ?<Last quick scan start time>
        Last quick scan end time: ?<Last quick scan end time>
        -
        Last quick scan source: <Last quick scan source> (0 = scan didn't run, 1 = user initiated, 2 = system initiated)
        +
        Last quick scan source: <Last quick scan source> (0 = scan didn't run, 1 = user initiated, 2 = system initiated)
        Last full scan start time: ?<Last full scan start time>
        Last full scan end time: ?<Last full scan end time>
        -
        Last full scan source: <Last full scan source> (0 = scan didn't run, 1 = user initiated, 2 = system initiated)
        +
        Last full scan source: <Last full scan source> (0 = scan didn't run, 1 = user initiated, 2 = system initiated)
        Product status: For internal troubleshooting @@ -1463,7 +1459,7 @@ Antivirus signature version has been updated.
    Update Type: <Update type>, either Full or Delta.
    -
    User: <Domain>\\<User>
    +
    User: <Domain>\<User>
    Current Engine Version: <Current engine version>
    Previous Engine Version: <Previous engine version>
    @@ -1530,7 +1526,7 @@ Windows Defender Antivirus has encountered an error trying to update signatures.
    Update Type: <Update type>, either Full or Delta.
    -
    User: <Domain>\\<User>
    +
    User: <Domain>\<User>
    Current Engine Version: <Current engine version>
    Previous Engine Version: <Previous engine version>
    Error Code: <Error code> @@ -1548,7 +1544,7 @@ User action: This error occurs when there is a problem updating definitions. To troubleshoot this event:
      -
    1. [Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.
      2. +
    2. Update definitions and force a rescan directly on the endpoint.
    3. Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.
    4. Contact Microsoft Technical Support.
      5. @@ -1584,7 +1580,7 @@ Windows Defender Antivirus engine version has been updated.
      Current Engine Version: <Current engine version>
      Previous Engine Version: <Previous engine version>
      Engine Type: <Engine type>, either antimalware engine or Network Inspection System engine.
      -
      User: <Domain>\\<User>
      +
      User: <Domain>\<User>
      @@ -1625,7 +1621,7 @@ Windows Defender Antivirus has encountered an error trying to update the engine.
      New Engine Version:
      Previous Engine Version: <Previous engine version>
      Engine Type: <Engine type>, either antimalware engine or Network Inspection System engine.
      -
      User: <Domain>\\<User>
      +
      User: <Domain>\<User>
      Error Code: <Error code> Result code associated with threat status. Standard HRESULT values.
      Error Description: <Error description> @@ -1641,7 +1637,7 @@ User action: The Windows Defender Antivirus client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update. To troubleshoot this event:
        -
      1. [Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.
        2. +
      2. Update definitions and force a rescan directly on the endpoint.
      3. Contact Microsoft Technical Support.
      @@ -2288,8 +2284,8 @@ Description of the error.
      User action: -You should restart the system then run a full scan because it's possible the system was not protected for some time. -The Windows Defender Antivirus client's real-time protection feature encountered an error because one of the services failed to start. +You should restart the system then run a full scan because it's possible the system was not protected for some time. +The Windows Defender Antivirus client's real-time protection feature encountered an error because one of the services failed to start. If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure. @@ -2847,8 +2843,7 @@ Run a full system scan. This error indicates that manual steps are required to complete threat removal. Resolution -Follow the manual remediation steps outlined in the Microsoft Malware Protection Encyclopedia. You can find a threat-specific link in the event history. - +Follow the manual remediation steps outlined in the Microsoft Malware Protection Encyclopedia. You can find a threat-specific link in the event history.
      Error code: 0x80508026 @@ -2906,14 +2901,12 @@ Run offline Windows Defender Antivirus. You can read about how to do this in the Error code: 0x80508031 Message -ERROR_MP_PLATFORM_OUTDATED - +ERROR_MP_PLATFORM_OUTDATED
       Possible reason This error indicates that Windows Defender Antivirus does not support the current version of the platform and requires a new version of the platform. Resolution -You can only use Windows Defender Antivirus in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection. - +You can only use Windows Defender Antivirus in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use System Center Endpoint Protection.
      diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index dcb8f76069..10f61826d3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Use Group Policy settings to configure and manage Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender Antivirus on your endpoints. @@ -149,4 +151,4 @@ Threats | Specify threats upon which default action should not be taken when det ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md index 566898708b..0a6c5dc31a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If you are using System Center Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender Antivirus scans. @@ -32,4 +34,4 @@ For Microsoft Intune, consult the [Microsoft Intune library](https://docs.micros ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 8e45003982..bd4a22592f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Use PowerShell cmdlets to configure and manage Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the [PowerShell hub on MSDN](https://msdn.microsoft.com/powershell/mt173057.aspx). @@ -55,4 +57,4 @@ Omit the `-online` parameter to get locally cached help. ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index c4f3239b0c..c0e86e1a2b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender Antivirus **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings. @@ -35,4 +37,4 @@ You can [configure which settings can be overridden locally with local policy o ## Related topics - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index 59ec895413..89ee31d9db 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -9,23 +9,25 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. To take advantage of the power and speed of these next-gen technologies, Windows Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. ->[!NOTE] +>[!NOTE] >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. With cloud-delivered protection, next-gen technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Windows Defender Antivirus in action: diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 449d118890..de8f61a435 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -9,36 +9,38 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Windows Defender Antivirus compatibility **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender Antivirus will automatically disable itself. You can then choose to enable an optional, limited protection feature, called [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md). -If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. +If you are also using Microsoft Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. -The following matrix illustrates the states that Windows Defender AV will enter when third-party antivirus products or Windows Defender ATP are also used. +The following matrix illustrates the states that Windows Defender AV will enter when third-party antivirus products or Microsoft Defender ATP are also used. -Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state --|-|-|- -Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode -Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode -Windows 10 | Windows Defender AV | Yes | Active mode -Windows 10 | Windows Defender AV | No | Active mode -Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode[[1](#fn1)] -Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode[[1](#fn1)] -Windows Server 2016 | Windows Defender AV | Yes | Active mode -Windows Server 2016 | Windows Defender AV | No | Active mode +| Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Windows Defender AV state | +|---------------------|---------------------------------------------------------------------|-------------------------------------------------|-----------------------------------| +| Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode | +| Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode | +| Windows 10 | Windows Defender AV | Yes | Active mode | +| Windows 10 | Windows Defender AV | No | Active mode | +| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode[[1](#fn1)] | +| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode[[1](#fn1)] | +| Windows Server 2016 | Windows Defender AV | Yes | Active mode | +| Windows Server 2016 | Windows Defender AV | No | Active mode | (1) On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [uninstall Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) to prevent problems caused by having multiple antivirus products installed on a machine. @@ -59,11 +61,11 @@ This table indicates the functionality and features that are available in each s State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Security intelligence updates](manage-updates-baselines-windows-defender-antivirus.md) :-|:-|:-:|:-:|:-:|:-:|:-: -Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] +Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Microsoft Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] -If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. @@ -72,7 +74,7 @@ In passive and automatic disabled mode, you can still [manage updates for Window If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode. >[!WARNING] ->You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Security app. +>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Microsoft Defender ATP, or the Windows Security app. > >This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. > diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index de41958e5e..3aae4bb7f2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Windows Defender Antivirus in Windows 10 and Windows Server 2016 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index f38d0b3823..dfac2bdc61 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Windows Defender Antivirus on Windows Server 2016 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index e860e58f69..612d28d2d8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Run and review the results of a Windows Defender Offline scan **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). @@ -136,4 +138,4 @@ Windows Defender Offline scan results will be listed in the [Scan history sectio ## Related topics - [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 4b78bafccb..35d9a97b4f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -9,25 +9,27 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 09/03/2018 +ms.reviewer: +manager: dansimp --- # Windows Defender Antivirus in the Windows Security app **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security. Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. -> [!IMPORTANT] +> [!IMPORTANT] > Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. -> [!WARNING] +> [!WARNING] > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. >It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. >This will significantly lower the protection of your device and could lead to malware infection. @@ -36,7 +38,7 @@ Settings that were previously part of the Windows Defender client and main Windo See the [Windows Security topic](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app. >[!NOTE] ->The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal that is used to review and manage [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md). +>The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md). **Review virus and threat protection settings in the Windows Security app:** diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 8b71416a15..ac99737410 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -13,10 +13,13 @@ ### [Types of devices](types-of-devices.md) ###Use WDAC with custom policies #### [Create an initial default policy](create-initial-default-policy.md) +#### [Create path-based rules](create-path-based-rules.md) #### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) +### [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) +### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md) ### [Deploy WDAC with a managed installer](use-windows-defender-application-control-with-managed-installer.md) ### [Deploy WDAC with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) ### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md new file mode 100644 index 0000000000..c33eca6f6f --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -0,0 +1,78 @@ +--- +title: Allow COM object registration in a Windows Defender Application Control policy (Windows 10) +description: You can allow COM object registration in a Windows Defender Application Control policy. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: mdsakibMSFT +ms.date: 05/21/2019 +--- + +# Allow COM object registration in a Windows Defender Application Control policy + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The [Microsoft Component Object Model (COM)](https://docs.microsoft.com/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects. + +### COM object configurability in WDAC policy + +Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. + +### Get COM object GUID + +Get GUID of application to allow in one of the following ways: +- Finding block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) and extracting GUID +- Creating audit policy (using New-CIPolicy –Audit), potentially with specific provider, and use info from block events to get GUID + +### Author policy setting to allow or deny COM object GUID + +Three elements: +- Provider: platform on which code is running (values are Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”) +- Key: GUID for the program you with to run, in the format Key="{33333333-4444-4444-1616-161616161616}" +- ValueName: needs to be set to "EnterpriseDefinedClsId" + +One attribute: +- Value: needs to be “true” for allow and “false” for deny + - Note that deny only works in base policies, not supplemental +- The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName) + +### Examples + +Example 1: Allows registration of all COM object GUIDs in any provider + +```xml + + + true + + +``` + +Example 2: Blocks a specific COM object from being registered via Internet Explorer (IE) + +```xml + + + false + + +``` + +Example 3: Allows a specific COM object to register in PowerShell + +```xml + + + true + + +``` + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 36a71fa984..3622d0e101 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -2,12 +2,14 @@ title: Add rules for packaged apps to existing AppLocker rule-set (Windows 10) description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md index 0064ab97ef..86c295cf9e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md @@ -2,12 +2,14 @@ title: Administer AppLocker (Windows 10) description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -25,14 +27,14 @@ This topic for IT professionals provides links to specific procedures to use whe AppLocker helps administrators control how users can access and use files, such as executable files, packaged apps, scripts, Windows Installer files, and DLLs. Using AppLocker, you can: -- Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file. -- Assign a rule to a security group or an individual user. -- Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run, except Registry Editor (regedit.exe). -- Use audit-only mode to deploy the policy and understand its impact before enforcing it. -- Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten. -- Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets. -> **Note**  For more info about enhanced capabilities of AppLocker to control Windows apps, see [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md). -  +- Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file. +- Assign a rule to a security group or an individual user. +- Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run, except Registry Editor (regedit.exe). +- Use audit-only mode to deploy the policy and understand its impact before enforcing it. +- Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten. +- Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets. + > **Note** For more info about enhanced capabilities of AppLocker to control Windows apps, see [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md). + ## In this section | Topic | Description | diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md index 4ba13f8b1e..d2d3584bf7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -2,12 +2,14 @@ title: AppLocker architecture and components (Windows 10) description: This topic for IT professional describes AppLocker’s basic architecture and its major components. ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md index 06715de66b..c12a1e59ac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md @@ -2,12 +2,14 @@ title: AppLocker functions (Windows 10) description: This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -47,11 +49,11 @@ AppLocker and SRP use the security level IDs to stipulate the access requirement | SAFER_LEVELID_CONSTRAINED | Supported | Not supported | | SAFER_LEVELID_UNTRUSTED | Supported | Not supported | | SAFER_LEVELID_DISALLOWED | Supported | Supported | -  + In addition, URL zone ID is not supported in AppLocker. ## Related topics - [AppLocker technical reference](applocker-technical-reference.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 758f313aac..37045a74e8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -2,12 +2,14 @@ title: AppLocker (Windows 10) description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -89,7 +91,7 @@ AppLocker rules can be created on domain controllers. AppLocker is included with enterprise-level editions of Windows. You can author AppLocker rules for a single computer or for a group of computers. For a single computer, you can author the rules by using the Local Security Policy editor (secpol.msc). For a group of computers, you can author the rules within a Group Policy Object by using the Group Policy Management Console (GPMC). > **Note:**  The GPMC is available in client computers running Windows only by installing the Remote Server Administration Tools. On computer running Windows Server, you must install the Group Policy Management feature. -  + ### Using AppLocker on Server Core AppLocker on Server Core installations is not supported. @@ -130,7 +132,7 @@ For reference in your security planning, the following table identifies the base | Security Policies | None required. AppLocker creates security policies. | | System Services required |Application Identity service (appidsvc) runs under LocalServiceAndNoImpersonation. | | Storage of credentials | None | -  + ## In this section | Topic | Description | diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index fd7f7cfe69..7758f45ec7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -2,12 +2,14 @@ title: AppLocker deployment guide (Windows 10) description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md index 71f08e91e5..a7258ab473 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -2,12 +2,14 @@ title: AppLocker design guide (Windows 10) description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -41,4 +43,4 @@ To understand if AppLocker is the correct application control solution for your   After careful design and detailed planning, the next step is to deploy AppLocker policies. [AppLocker Deployment Guide](applocker-policies-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies. -  \ No newline at end of file +  diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index b56b4d4a85..6e50eebbd2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -2,12 +2,14 @@ title: AppLocker policy use scenarios (Windows 10) description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index 33e5620624..e32e6bf896 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -2,12 +2,14 @@ title: AppLocker processes and interactions (Windows 10) description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md index 24cdcb9c69..c02fce9a90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md @@ -2,12 +2,14 @@ title: AppLocker settings (Windows 10) description: This topic for the IT professional lists the settings used by AppLocker. ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -34,7 +36,7 @@ The following table describes the settings and values used by AppLocker. | Network ports | Not applicable | | Service accounts | Not applicable | | Performance counters | Not applicable | -  + ## Related topics - [AppLocker technical reference](applocker-technical-reference.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md index edbe6eb6ac..f330084b0b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -2,12 +2,14 @@ title: AppLocker technical reference (Windows 10) description: This overview topic for IT professionals provides links to the topics in the technical reference. ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index f644b21ed5..ce69d9e064 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -2,12 +2,14 @@ title: Configure an AppLocker policy for audit only (Windows 10) description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 9f6c893a55..24f5aeb1ef 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -2,12 +2,14 @@ title: Configure an AppLocker policy for enforce rules (Windows 10) description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -24,7 +26,7 @@ ms.date: 09/21/2017 This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. >**Note:**  When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. -  + For info about how AppLocker policies are applied within a GPO structure, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md). You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index 812492d020..018d76dd6b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -2,12 +2,14 @@ title: Add exceptions for an AppLocker rule (Windows 10) description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index b7ce15ef26..52899e5621 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -2,12 +2,14 @@ title: Configure the AppLocker reference device (Windows 10) description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -33,13 +35,13 @@ An AppLocker reference device that is used for the development and deployment of The reference device does not need to be joined to a domain, but it must be able to import and export AppLocker policies in XML format. The reference computer must be running one of the supported editions of Windows as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). >**Warning:**  Do not use operating system snapshots when creating AppLocker rules. If you take a snapshot of the operating system, install an app, create AppLocker rules, and then revert to a clean snapshot and repeat the process for another app, there is a chance that duplicate rule GUIDs can be created. If duplicate GUIDs are present, AppLocker policies will not work as expected. -  + **To configure a reference device** 1. If the operating system is not already installed, install one of the supported editions of Windows on the device. >**Note:**  If you have the Group Policy Management Console (GPMC) installed on another device to test your implementation of AppLocker policies, you can export the policies to that device -   + 2. Configure the administrator account. To update local policies, you must be a member of the local Administrators group. To update domain policies, you must be a member of the Domain Admins group or have been delegated privileges to use Group Policy to update a Group Policy Object (GPO). @@ -52,5 +54,5 @@ The reference device does not need to be joined to a domain, but it must be able - After you configure the reference computer, you can create the AppLocker rule collections. You can build, import, or automatically generate the rules. For procedures to do this, see [Working with AppLocker rules](working-with-applocker-rules.md). - [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md index bcd9cb9112..fffa53c756 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -2,12 +2,14 @@ title: Configure the Application Identity service (Windows 10) description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561 +ms.reviewer: +ms.author: dansimp ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ This topic for IT professionals shows how to configure the Application Identity The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced. >**Important:**  When using Group Policy, you must configure it to start automatically in at least one Group Policy Object (GPO) that applies AppLocker rules. This is because AppLocker uses this service to verify the attributes of a file. -  + **To start the Application Identity service automatically using Group Policy** 1. On the **Start** screen, type **gpmc.msc** to open the Group Policy Management Console (GPMC). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 1120cc9526..d87b6b2d31 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -2,12 +2,14 @@ title: Create a rule for packaged apps (Windows 10) description: This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 43af6ad592..9248042379 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -2,12 +2,14 @@ title: Create a rule that uses a file hash condition (Windows 10) description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index 59e7c13e44..7d7608f7c8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -2,12 +2,14 @@ title: Create a rule that uses a path condition (Windows 10) description: This topic for IT professionals shows how to create an AppLocker rule with a path condition. ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ This topic for IT professionals shows how to create an AppLocker rule with a pat The path condition identifies an app by its location in the file system of the computer or on the network. >**Important:**  When creating a rule that uses a deny action, path conditions are less secure for preventing access to a file because a user could easily copy the file to a different location than what is specified in the rule. Because path rules correspond to locations within the file system, you should ensure that there are no subdirectories that are writable by non-administrators. For example, if you create a path rule for C:\\ with the allow action, any file within C:\\ will be allowed to run, including users' profiles. -  + For info about the path condition, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md). You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For information how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). @@ -41,7 +43,7 @@ You can perform this task by using the Group Policy Management Console for an Ap 6. Click **Browse Files** to locate the targeted folder for the app. >**Note:**  When you browse to a file or folder location, the wizard automatically converts absolute file paths to use AppLocker path variables. You may edit the path after browsing to specify an absolute path, or you may type the path directly into the **Path** box. To learn more about AppLocker path variables, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md). -   + 7. Click **Next**. 8. (Optional) On the **Exceptions** page, specify conditions by which to exclude files from being affected by the rule. Click **Next**. 9. On the **Name** page, either accept the automatically generated rule name or type a new rule name, and then click **Create**. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index edf05d2183..58609a7102 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -2,12 +2,14 @@ title: Create a rule that uses a publisher condition (Windows 10) description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md index 6622ef7891..8f20bf3c9a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -2,12 +2,14 @@ title: Create AppLocker default rules (Windows 10) description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ This topic for IT professionals describes the steps to create a standard set of AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed to run. >**Important:**  You can use the default rules as a template when creating your own rules to allow files within the Windows folders to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules. The default rules can be modified in the same way as other AppLocker rule types. -  + You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For information how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). **To create default rules** diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 7791c5c029..7afc539899 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -2,12 +2,14 @@ title: Create a list of apps deployed to each business group (Windows 10) description: This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -47,7 +49,7 @@ initially. Therefore, you should continue your evaluation until you can verify t >**Tip:**  If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker. You can create an inventory of Universal Windows apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console. -  + The following topics in the [AppLocker Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method: - [Automatically generating executable rules from a reference computer](https://go.microsoft.com/fwlink/p/?LinkId=160264) @@ -74,5 +76,5 @@ To do this, see the following topics: - [Select the types of rules to create](select-types-of-rules-to-create.md) - [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md index 4bef661ac5..859761b9b9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -2,12 +2,14 @@ title: Create Your AppLocker policies (Windows 10) description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md index b4be8e695e..6fb52b2843 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -2,12 +2,14 @@ title: Create Your AppLocker rules (Windows 10) description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. ms.assetid: b684a3a5-929c-4f70-8742-04088022f232 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -42,7 +44,7 @@ You can use a reference device to automatically create a set of default rules fo You can create rules and set the mode to **Audit only** for each installed app, test and update each rule as necessary, and then deploy the policies. Creating rules individually might be best when you are targeting a small number of applications within a business group. >**Note:**  AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see [Create AppLocker default rules](create-applocker-default-rules.md). -  + For information about performing this task, see: 1. [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index c7eb47499b..84e53cfb2d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -2,12 +2,14 @@ title: Delete an AppLocker rule (Windows 10) description: This topic for IT professionals describes the steps to delete an AppLocker rule. ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -46,10 +48,10 @@ When this procedure is performed on the local device, the AppLocker policy takes Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML file that contains the following contents: + + + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 2309668f9e..0fe96e42aa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -2,12 +2,14 @@ title: Deploy AppLocker policies by using the enforce rules setting (Windows 10) description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -45,7 +47,7 @@ You can edit an AppLocker policy by adding, changing, or removing rules. However Microsoft Desktop Optimization Pack. >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior. -  + For the procedure to update the GPO, see [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md). For the procedures to distribute policies for local PCs by using the Local Security Policy snap-in (secpol.msc), see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) and [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md). @@ -57,5 +59,5 @@ When a policy is deployed, it is important to monitor the actual implementation ## Additional resources - For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md). -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index d45405393e..dd81603afd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -2,12 +2,14 @@ title: Deploy the AppLocker policy into production (Windows 10) description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index d4599e1d65..2226a672dd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -2,12 +2,14 @@ title: Determine the Group Policy structure and rule enforcement (Windows 10) description: This overview topic describes the process to follow when you are planning to deploy AppLocker rules. ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -30,7 +32,7 @@ This overview topic describes the process to follow when you are planning to dep | [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) | This topic describes the AppLocker enforcement settings for rule collections. | | [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) | This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.| | [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md) | This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. | -  + When you are determining how many Group Policy Objects (GPOs) to create when you apply an AppLocker policy in your organization, you should consider the following: - Whether you are creating new GPOs or using existing GPOs diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index 70728d4e87..c8d4acc789 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -2,12 +2,14 @@ title: Determine which apps are digitally signed on a reference device (Windows 10) description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index b05be7369f..e1b0bef761 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -2,12 +2,14 @@ title: Determine your application control objectives (Windows 10) description: This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -46,7 +48,7 @@ Use the following table to develop your own objectives and determine which appli

      Scope

      SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

      -

      AppLocker policies apply only to the support versions of Windows listed in [Requirements to use AppLocker](requirements-to-use-applocker.md).

      +

      AppLocker policies apply only to the support versions of Windows listed in Requirements to use AppLocker.

      Policy creation

      @@ -161,5 +163,5 @@ Use the following table to develop your own objectives and determine which appli -  -For more general info, see [AppLocker](applocker-overview.md). + +For more general info, see AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 17e51bf270..c39d07f07a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -2,12 +2,14 @@ title: Display a custom URL message when users try to run a blocked app (Windows 10) description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85 +ms.reviewer: +ms.author: dansimp ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 86b55052a9..60741a87ed 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -2,12 +2,14 @@ title: DLL rules in AppLocker (Windows 10) description: This topic describes the file formats and available default rules for the DLL rule collection. ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -38,11 +40,11 @@ The following table lists the default rules that are available for the DLL rule | Everyone | Path: %windir%\*| | Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| | Everyone | Path: %programfiles%\*| -  ->**Important:**  If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps -  ->**Caution:**  When DLL rules are used, AppLocker must check each DLL that an app loads. Therefore, users may experience a reduction in performance if DLL rules are used. -  + +> **Important:** If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps +> +> **Caution:** When DLL rules are used, AppLocker must check each DLL that an app loads. Therefore, users may experience a reduction in performance if DLL rules are used. + ## Related topics -- [Understanding AppLocker default rules](understanding-applocker-default-rules.md) \ No newline at end of file +- [Understanding AppLocker default rules](understanding-applocker-default-rules.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index d48fe25d9b..415d381cc4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -2,11 +2,13 @@ title: Document the Group Policy structure and AppLocker rule enforcement (Windows 10) description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -107,7 +109,7 @@ The following table includes the sample data that was collected when you determi

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      Deny

      @@ -124,11 +126,11 @@ The following table includes the sample data that was collected when you determi -  + ## Next steps After you have determined the Group Policy structure and rule enforcement strategy for each business group's apps, the following tasks remain: - [Plan for AppLocker policy management](plan-for-applocker-policy-management.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 55df155aaa..1ea62b509f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -2,12 +2,14 @@ title: Document your app list (Windows 10) description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -85,7 +87,7 @@ The following table provides an example of how to list applications for each bus

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      @@ -96,10 +98,10 @@ The following table provides an example of how to list applications for each bus -  ->**Note:**  AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary. -  -**Event processing** + +>Note: AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary. + +Event processing As you create your list of apps, you need to consider how to manage the events that are generated by user access, or you need to deny running those apps to make your users as productive as possible. The following list is an example of what to consider and what to record: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index bd96fb0487..a748a0fb9d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -2,12 +2,14 @@ title: Document your AppLocker rules (Windows 10) description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -101,7 +103,7 @@ The following table details sample data for documenting rule type and rule condi

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      @@ -116,7 +118,7 @@ The following table details sample data for documenting rule type and rule condi -  + ## Next steps For each rule, determine whether to use the allow or deny option. Then, three tasks remain: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index c1cde0a5f2..08db847c8a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -2,12 +2,14 @@ title: Edit an AppLocker policy (Windows 10) description: This topic for IT professionals describes the steps required to modify an AppLocker policy. ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md index 79a93ebed6..8bf42722e6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -2,12 +2,14 @@ title: Edit AppLocker rules (Windows 10) description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -60,4 +62,4 @@ You can perform this task by using the Group Policy Management Console for an Ap - Click the **Path** tab to configure the path on the computer in which the rule should be enforced. - Click the **Exceptions** tab to create exceptions for specific files in a folder. - When you finish updating the rule, click **OK**. - \ No newline at end of file + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index 045b259154..1f45a8cb4d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -2,12 +2,14 @@ title: Enable the DLL rule collection (Windows 10) description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md index 4195b8d95c..e34cd10524 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -2,12 +2,14 @@ title: Enforce AppLocker rules (Windows 10) description: This topic for IT professionals describes how to enforce application control rules by using AppLocker. ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 34a87eba3b..09e13411bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -2,12 +2,14 @@ title: Executable rules in AppLocker (Windows 10) description: This topic describes the file formats and available default rules for the executable rule collection. ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -30,7 +32,7 @@ AppLocker defines executable rules as any files with the .exe and .com extension | Allow members of the local Administrators group access to run all executable files | (Default Rule) All files| BUILTIN\Administrators | Path: * | | Allow all users to run executable files in the Windows folder| (Default Rule) All files located in the Windows folder| Everyone| Path: %windir%\*| | Allow all users to run executable files in the Program Files folder | (Default Rule) All files located in the Program Files folder| Everyone | Path: %programfiles%\*| -  + ## Related topics - [Understanding AppLocker Default Rules](understanding-applocker-default-rules.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index a06cd80b04..579f6a1677 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -2,12 +2,14 @@ title: Export an AppLocker policy from a GPO (Windows 10) description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index df296dbc5b..1d42dabe51 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -2,12 +2,14 @@ title: Export an AppLocker policy to an XML file (Windows 10) description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -28,4 +30,4 @@ Membership in the local **Administrators** group, or equivalent, is the minimum 1. From the AppLocker console, right-click **AppLocker**, and then click **Export Policy**. 2. Browse to the location where you want to save the XML file. -3. In the **File name** box, type a file name for the XML file, and then click **Save**. \ No newline at end of file +3. In the **File name** box, type a file name for the XML file, and then click **Save**. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md index 70a0cb391f..6d259a430f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -2,12 +2,14 @@ title: How AppLocker works (Windows 10) description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index d28968fd6b..cd3f2ab32d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -2,12 +2,14 @@ title: Import an AppLocker policy from another computer (Windows 10) description: This topic for IT professionals describes how to import an AppLocker policy. ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -28,7 +30,7 @@ Before completing this procedure, you should have exported an AppLocker policy. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. >**Caution:**  Importing a policy will overwrite the existing policy on that computer. -  + **To import an AppLocker policy** 1. From the AppLocker console, right-click **AppLocker**, and then click **Import Policy**. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index 05c36921ed..07ffba8bd0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -2,12 +2,14 @@ title: Import an AppLocker policy into a GPO (Windows 10) description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -25,7 +27,7 @@ This topic for IT professionals describes the steps to import an AppLocker polic AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). >**Important:**  Follow your organization's standard procedures for updating GPOs. For info about specific steps to follow for AppLocker policies, see [Maintain AppLocker policies](maintain-applocker-policies.md). -  + To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission. **To import an AppLocker policy into a GPO** diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index fa2c8449ab..af959d3197 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -2,12 +2,14 @@ title: Maintain AppLocker policies (Windows 10) description: This topic describes how to maintain rules within AppLocker policies. ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 312c00c2bb..bd4497b964 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -2,12 +2,14 @@ title: Manage packaged apps with AppLocker (Windows 10) description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -29,7 +31,7 @@ Packaged apps, also known as Universal Windows apps, are based on a model that e With packaged apps, it is possible to control the entire app by using a single AppLocker rule. >**Note:**  AppLocker supports only publisher rules for packaged apps. All packaged apps must be signed by the software publisher because Windows does not support unsigned packaged apps. -  + Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, not all these components always share common attributes such as the software’s publisher name, product name, and product version. Therefore, AppLocker controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule. ### Comparing classic Windows apps and packaged apps @@ -52,7 +54,7 @@ For more info about packaged apps, see [Packaged apps and packaged app installer You can use two methods to create an inventory of packaged apps on a computer: the AppLocker console or the **Get-AppxPackage** Windows PowerShell cmdlet. >**Note:**  Not all packaged apps are listed in AppLocker’s application inventory wizard. Certain app packages are framework packages that are leveraged by other apps. By themselves, these packages cannot do anything, but blocking such packages can inadvertently cause failure for apps that you want to allow. Instead, you can create Allow or Deny rules for the packaged apps that use these framework packages. The AppLocker user interface deliberately filters out all the packages that are registered as framework packages. For info about how to create an inventory list, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md). -  + For info about how to use the **Get-AppxPackage** Windows PowerShell cmdlet, see the [AppLocker PowerShell Command Reference](https://technet.microsoft.com/library/hh847210.aspx). For info about creating rules for Packaged apps, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 1fdcdbd719..7ee34ff838 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -2,12 +2,14 @@ title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows 10) description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -41,4 +43,4 @@ Gets the local AppLocker policy, and then merges the policy with the existing Ap ``` syntax C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge -``` \ No newline at end of file +``` diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index ea87808e0d..0ccb16202c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -2,12 +2,14 @@ title: Merge AppLocker policies manually (Windows 10) description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -34,7 +36,7 @@ The AppLocker policy is saved in XML format, and the exported policy can be edit | Script rules | Script| | DLL rules | Dll| | Packaged apps and packaged app installers|Appx| -  + Rule enforcement is specified with the **EnforcementMode** element. The three enforcement modes in the XML correspond to the three enforcement modes in the AppLocker console, as shown in the following table: | XML enforcement mode |Enforcement mode in Group Policy | @@ -42,7 +44,7 @@ Rule enforcement is specified with the **EnforcementMode** element. The three en | NotConfigured | Not configured (rules are enforced)| | AuditOnly | Audit only| | Enabled | Enforce rules| -  + Each of the three condition types use specific elements. For XML examples of the different rule types, see Merge AppLocker policies manually. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index d1a7055787..72378b52ca 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -2,12 +2,14 @@ title: Monitor app usage with AppLocker (Windows 10) description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -60,7 +62,7 @@ For both event subscriptions and local events, you can use the **Get-AppLockerFi Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. >**Note:**  If the AppLocker logs are not on your local device, you will need permission to view the logs. If the output is saved to a file, you will need permission to read that file. -  + **To review AppLocker events with Get-AppLockerFileInformation** 1. At the command prompt, type **PowerShell**, and then press ENTER. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md index e972a285a0..50e84edb7a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -2,12 +2,14 @@ title: Optimize AppLocker performance (Windows 10) description: This topic for IT professionals describes how to optimize AppLocker policy enforcement. ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 619aa19efd..eb87d51320 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -2,12 +2,14 @@ title: Packaged apps and packaged app installer rules in AppLocker (Windows 10) description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps. ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index 6500f75fea..d0e2f069fe 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -2,12 +2,14 @@ title: Plan for AppLocker policy management (Windows 10) description: This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -80,7 +82,7 @@ As new apps are deployed or existing apps are updated by the software publisher, You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013). >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior. -  + **New version of a supported app** When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you are using publisher conditions and the version is not specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app has not altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version—the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied. @@ -211,7 +213,7 @@ The following table contains the added sample data that was collected when deter

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      Deny

      @@ -231,7 +233,7 @@ The following table contains the added sample data that was collected when deter -  + The following two tables illustrate examples of documenting considerations to maintain and manage AppLocker policies. **Event processing policy** @@ -274,8 +276,8 @@ The following table is an example of what to consider and record. -  -**Policy maintenance policy** + +Policy maintenance policy When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies. The following table is an example of what to consider and record. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index c0a1f26152..de3556a475 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -2,12 +2,14 @@ title: Refresh an AppLocker policy (Windows 10) description: This topic for IT professionals describes the steps to force an update for an AppLocker policy. ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index dd6ba10e90..b1187d6b13 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -2,12 +2,14 @@ title: Requirements for deploying AppLocker policies (Windows 10) description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -109,7 +111,7 @@ An AppLocker policy deployment plan is the result of investigating which applica - + @@ -128,8 +130,8 @@ An AppLocker policy deployment plan is the result of investigating which applica

      Internet Explorer 7

      C:\Program Files\Internet Explorer\

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      Deny

      -  -**Event processing policy** + +Event processing policy @@ -166,8 +168,8 @@ An AppLocker policy deployment plan is the result of investigating which applica
      -  -**Policy maintenance policy** + +Policy maintenance policy @@ -208,7 +210,7 @@ An AppLocker policy deployment plan is the result of investigating which applica
      -  + ### Supported operating systems AppLocker is supported only on certain operating systems. Some features are not available on all operating systems. For more information, see [Requirements to use AppLocker](requirements-to-use-applocker.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 97d032f8b6..edcc2be0d3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -2,12 +2,14 @@ title: Requirements to use AppLocker (Windows 10) description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -32,7 +34,7 @@ To use AppLocker, you need: - Devices running a supported operating system to enforce the AppLocker rules that you create. >**Note:**  You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md). -  + ## Operating system requirements The following table show the on which operating systems AppLocker features are supported. @@ -54,7 +56,7 @@ The following table show the on which operating systems AppLocker features are s | Windows 7 Ultimate| Yes| Yes| Executable
      Windows Installer
      Script
      DLL| Packaged app rules will not be enforced.| | Windows 7 Enterprise| Yes| Yes| Executable
      Windows Installer
      Script
      DLL| Packaged app rules will not be enforced.| | Windows 7 Professional| Yes| No| Executable
      Windows Installer
      Script
      DLL| No AppLocker rules are enforced.| -  + AppLocker is not supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature is not supported on the above operating systems. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index 0e48a6f472..a0a509e1ae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -2,12 +2,14 @@ title: Run the Automatically Generate Rules wizard (Windows 10) description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -29,20 +31,20 @@ You can perform this task by using the Group Policy Management Console for an Ap **To automatically generate rules** -1. Open the AppLocker console. -2. Right-click the appropriate rule type for which you want to automatically generate rules. You can automatically generate rules for executable, Windows Installer, script and packaged app rules. -3. Click **Automatically Generate Rules**. -4. On the **Folder and Permissions** page, click **Browse** to choose the folder to be analyzed. By default, this is the Program Files folder. -5. Click **Select** to choose the security group in which the default rules should be applied. By default, this is the **Everyone** group. -6. The wizard provides a name in the **Name to identify this set of rules** box based on the name of the folder that you have selected. Accept the provided name or type a different name, and then click **Next**. -7. On the **Rule Preferences** page, choose the conditions that you want the wizard to use while creating rules, and then click **Next**. For more info about rule conditions, see [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md). +1. Open the AppLocker console. +2. Right-click the appropriate rule type for which you want to automatically generate rules. You can automatically generate rules for executable, Windows Installer, script and packaged app rules. +3. Click **Automatically Generate Rules**. +4. On the **Folder and Permissions** page, click **Browse** to choose the folder to be analyzed. By default, this is the Program Files folder. +5. Click **Select** to choose the security group in which the default rules should be applied. By default, this is the **Everyone** group. +6. The wizard provides a name in the **Name to identify this set of rules** box based on the name of the folder that you have selected. Accept the provided name or type a different name, and then click **Next**. +7. On the **Rule Preferences** page, choose the conditions that you want the wizard to use while creating rules, and then click **Next**. For more info about rule conditions, see [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md). - >**Note:**  The **Reduce the number of rules created by grouping similar files** check box is selected by default. This helps you organize AppLocker rules and reduce the number of rules that you create by performing the following operations for the rule condition that you select: + >**Note:** The **Reduce the number of rules created by grouping similar files** check box is selected by default. This helps you organize AppLocker rules and reduce the number of rules that you create by performing the following operations for the rule condition that you select: - - One publisher condition is created for all files that have the same publisher and product name. - - One path condition is created for the folder that you select. For example, if you select *C:\\Program Files\\ProgramName\\* and the files in that folder are not signed, the wizard creates a rule for *%programfiles%\\ProgramName\\\**. - - One file hash condition is created that contains all of the file hashes. When rule grouping is disabled, the wizard creates a file hash rule for each file. -   -8. Review the files that were analyzed and the rules that will be automatically created. To make changes, click **Previous** to return to the page where you can change your selections. After reviewing the rules, click **Create**. + - One publisher condition is created for all files that have the same publisher and product name. + - One path condition is created for the folder that you select. For example, if you select *C:\\Program Files\\ProgramName\\* and the files in that folder are not signed, the wizard creates a rule for *%programfiles%\\ProgramName\\\**. + - One file hash condition is created that contains all of the file hashes. When rule grouping is disabled, the wizard creates a file hash rule for each file. + +8. Review the files that were analyzed and the rules that will be automatically created. To make changes, click **Previous** to return to the page where you can change your selections. After reviewing the rules, click **Create**. >**Note:**  If you are running the wizard to create your first rules for a GPO, you will be prompted to create the default rules, which allow critical system files to run, after completing the wizard. You may edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after replacing them with your custom rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 1649917882..068f4f5786 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -2,12 +2,14 @@ title: Script rules in AppLocker (Windows 10) description: This topic describes the file formats and available default rules for the script rule collection. ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -37,7 +39,7 @@ The following table lists the default rules that are available for the script ru | Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: *| | Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: %windir%\*| | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: %programfiles%\*| -  + ## Related topics - [Understanding AppLocker default rules](understanding-applocker-default-rules.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md index 9d73f8afef..2fbfbf63aa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -2,12 +2,14 @@ title: Security considerations for AppLocker (Windows 10) description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -43,13 +45,13 @@ You cannot use AppLocker (or Software Restriction Policies) to prevent code from AppLocker can only control VBScript, JScript, .bat files, .cmd files, and Windows PowerShell scripts. It does not control all interpreted code that runs within a host process, for example, Perl scripts and macros. Interpreted code is a form of executable code that runs within a host process. For example, Windows batch files (\*.bat) run within the context of the Windows Command Host (cmd.exe). To control interpreted code by using AppLocker, the host process must call AppLocker before it runs the interpreted code, and then enforce the decision returned by AppLocker. Not all host processes call into AppLocker and, therefore, AppLocker cannot control every kind of interpreted code, such as Microsoft Office macros. >**Important:**  You should configure the appropriate security settings of these host processes if you must allow them to run. For example, configure the security settings in Microsoft Office to ensure that only signed and trusted macros are loaded. -  + AppLocker rules either allow or prevent an application from launching. AppLocker does not control the behavior of applications after they are launched. Applications could contain flags passed to functions that signal AppLocker to circumvent the rules and allow another .exe or .dll to be loaded. In practice, an application that is allowed by AppLocker could use these flags to bypass AppLocker rules and launch child processes. You must thoroughly examine each application before allowing them to run by using AppLocker rules. >**Note:**  Two flags that illustrate this condition are `SANDBOX_INERT`, which can be passed to `CreateRestrictedToken`, and `LOAD_IGNORE_CODE_AUTHZ_LEVEL`, which can be passed to `LoadLibraryEx`. Both of these flags signal AppLocker to circumvent the rules and allow a child .exe or .dll to be loaded. You can block the Windows Subsystem for Linux by blocking LxssManager.dll. -  + ## Related topics - [AppLocker technical reference](applocker-technical-reference.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index fc03b4f081..74fe7bc8ec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -2,12 +2,14 @@ title: Select the types of rules to create (Windows 10) description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker. ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -57,7 +59,7 @@ A rule condition is criteria upon which an AppLocker rule is based and can only | Publisher | To use a publisher condition, the files must be digitally signed by the software publisher, or you must do so by using an internal certificate. Rules that are specified to the version level might have to be updated when a new version of the file is released.|For more info about this rule condition, see [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md). | Path| Any file can be assigned this rule condition; however, because path rules specify locations within the file system, any subdirectory will also be affected by the rule (unless explicitly exempted).| For more info about this rule condition, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md). | | File hash | Any file can be assigned this rule condition; however, the rule must be updated each time a new version of the file is released because the hash value is based in part upon the version.| For more info about this rule condition, see [Understanding the file hash rule condition in AppLocker](understanding-the-file-hash-rule-condition-in-applocker.md). | -  + In the Woodgrove Bank example, the line-of-business app for the Bank Tellers business group is signed and is located at C:\\Program Files\\Woodgrove\\Teller.exe. Therefore, the rule can be defined with a publisher condition. If the rule is defined to a specific version and above (for example, Teller.exe version 8.0 and above), then this will allow any updates to this app to occur without interruption of access to the users if the app's name and signed attributes stay the same. ### Determine how to allow system files to run diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index 5ffb4d98b5..dd5cb6b46d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -2,12 +2,14 @@ title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows 10) description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index ccbc705657..e1d63a2f9d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -2,12 +2,14 @@ title: Test and update an AppLocker policy (Windows 10) description: This topic discusses the steps required to test an AppLocker policy prior to deployment. ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index ac08014ac6..d3666a1e1e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -2,12 +2,14 @@ title: Tools to use with AppLocker (Windows 10) description: This topic for the IT professional describes the tools available to create and administer AppLocker policies. ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index e5fb93d221..38e080a194 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -2,12 +2,14 @@ title: Understand AppLocker enforcement settings (Windows 10) description: This topic describes the AppLocker enforcement settings for rule collections. ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -30,7 +32,7 @@ Rule enforcement is applied only to a collection of rules, not to individual rul | Not configured | By default, enforcement is not configured in a rule collection. If rules are present in the corresponding rule collection, they are enforced. If rule enforcement is configured in a higher-level linked Group Policy object (GPO), that enforcement value overrides the **Not configured** value.| | Enforce rules | Rules are enforced for the rule collection, and all rule events are audited.| | Audit only | Rule events are audited only. Use this value when planning and testing AppLocker rules.| -  + For the AppLocker policy to be enforced on a device, the Application Identity service must be running. For more info about the Application Identity service, see [Configure the Application Identity service](configure-the-application-identity-service.md). When AppLocker policies from various GPOs are merged, the enforcement modes are merged by using the standard Group Policy order of inheritance, which is local, domain, site, and organizational unit (OU). The Group Policy setting that was last written or applied by order of inheritance is used for the enforcement mode, and all rules from linked GPOs are applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 5ad969d5f9..29a92cb366 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -2,12 +2,14 @@ title: Understand AppLocker policy design decisions (Windows 10) description: This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment. ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 10/13/2017 # Understand AppLocker policy design decisions **Applies to** - - Windows 10 + - Windows 10 - Windows Server This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment. @@ -48,24 +50,24 @@ You might need to control a limited number of apps because they access sensitive | Control apps by business group and user | AppLocker policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). Individual AppLocker rules can be applied to individual users or to groups of users.| | Control apps by computer, not user | AppLocker is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your AppLocker planning. Otherwise, you will have to identify users, their computers, and their app access requirements.| |Understand app usage, but there is no need to control any apps yet | AppLocker policies can be set to audit app usage to help you track which apps are used in your organization. You can then use the AppLocker event log to create AppLocker policies.| -  ->**Important:**  The following list contains files or types of files that cannot be managed by AppLocker: -- AppLocker does not protect against running 16-bit DOS binaries in a NT Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or higher when there is already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it is a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the Executable rule collection for NTVDM.exe. +>**Important:** The following list contains files or types of files that cannot be managed by AppLocker: -- You cannot use AppLocker to prevent code from running outside the Win32 subsystem. In particular, this applies to the (POSIX) subsystem in Windows NT. If it is a requirement to prevent applications from running in the POSIX subsystem, you must disable the subsystem. +- AppLocker does not protect against running 16-bit DOS binaries in a NT Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or higher when there is already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it is a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the Executable rule collection for NTVDM.exe. + +- You cannot use AppLocker to prevent code from running outside the Win32 subsystem. In particular, this applies to the (POSIX) subsystem in Windows NT. If it is a requirement to prevent applications from running in the POSIX subsystem, you must disable the subsystem. - AppLocker can only control VBScript, JScript, .bat files, .cmd files and Windows PowerShell scripts. It does not control all interpreted code that runs within a host process, for example Perl scripts and macros. Interpreted code is a form of executable code that runs within a host process. For example, Windows batch files (\*.bat) run within the context of the Windows Command Host (cmd.exe). To use AppLocker to control interpreted code, the host process must call AppLocker before it runs the interpreted code, and then enforce the decision that is returned by AppLocker. Not all host processes call into AppLocker. Therefore, AppLocker cannot control every kind of interpreted code, for example Microsoft Office macros. - >**Important:**  You should configure the appropriate security settings of these host processes if you must allow them to run. For example, configure the security settings in Microsoft Office to ensure that only signed and trusted macros are loaded. -   + >**Important:** You should configure the appropriate security settings of these host processes if you must allow them to run. For example, configure the security settings in Microsoft Office to ensure that only signed and trusted macros are loaded. + - AppLocker rules allow or prevent an app from launching. AppLocker does not control the behavior of apps after they are launched. Applications could contain flags that are passed to functions that signal AppLocker to circumvent the rules and allow another .exe or .dll file to be loaded. In practice, an app that is allowed by AppLocker could use these flags to bypass AppLocker rules and launch child processes. You must follow a process that best suits your needs to thoroughly vet each app before allowing them to run using AppLocker rules. - + For more info, see [Security considerations for AppLocker](security-considerations-for-applocker.md). -  + ### Comparing Classic Windows applications and Universal Windows apps for AppLocker policy design decisions -AppLocker policies for Universal Windows apps can only be applied to apps that are installed on computers running Windows operating systems that support Microsoft Store apps. However, Classic Windows applications can be controlled in Windows Server 2008 R2 and Windows 7, in addition to those computers that support Universal Windows apps. The rules for Classic Windows applications and Universal Windows apps can be enforced together. The differences you should consider for Universal Windows apps are: +AppLocker policies for Universal Windows apps can only be applied to apps that are installed on computers running Windows operating systems that support Microsoft Store apps. However, Classic Windows applications can be controlled in Windows Server 2008 R2 and Windows 7, in addition to those computers that support Universal Windows apps. The rules for Classic Windows applications and Universal Windows apps can be enforced together. The differences you should consider for Universal Windows apps are: - All Universal Windows apps can be installed by a standard user, whereas a number of Classic Windows applications require administrative credentials to install. So in an environment where most of the users are standard users, you might not need numerous exe rules, but you might want more explicit policies for packaged apps. - Classic Windows applications can be written to change the system state if they run with administrative credentials. Most Universal Windows apps cannot change the system state because they run with limited permissions. When you design your AppLocker policies, it is important to understand whether an app that you are allowing can make system-wide changes. @@ -86,7 +88,7 @@ Most organizations have evolved app control policies and methods over time. With | Managed usage by group or OU | Using AppLocker requires a complete app control policy evaluation and implementation.| | Authorization Manager or other role-based access technologies | Using AppLocker requires a complete app control policy evaluation and implementation.| | Other | Using AppLocker requires a complete app control policy evaluation and implementation.| -  + ### Which Windows desktop and server operating systems are running in your organization? If your organization supports multiple Windows operating systems, app control policy planning becomes more complex. Your initial design decisions should consider the security and management priorities of applications that are installed on each version of the operating system. @@ -103,44 +105,43 @@ If your organization supports multiple Windows operating systems, app control po -

      Your organization's computers are running a combination of the following operating systems:

      +

      Your organization's computers are running a combination of the following operating systems:

        -

      • Windows 10

        • +

      • Windows 10

      • Windows 8

        • -

      • Windows 7

        • -

      • Windows Vista

        • -

      • Windows XP

        • +

      • Windows 7

        • +

      • Windows Vista

        • +

      • Windows XP

      • Windows Server 2012

        • -

      • Windows Server 2008 R2

        • -

      • Windows Server 2008

        • -

      • Windows Server 2003

        • +

      • Windows Server 2008 R2

        • +

      • Windows Server 2008

        • +

      • Windows Server 2003

      -

      AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).

      +

      AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see Requirements to use AppLocker.

      -Note   -

      If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

      +Note

      If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

      -  +

      AppLocker policies as applied through a GPO take precedence over SRP policies in the same or linked GPO. SRP policies can be created and maintained the same way.

      -

      Your organization's computers are running only the following operating systems:

      +

      Your organization's computers are running only the following operating systems:

        -

      • Windows 10

        • +

      • Windows 10

      • Windows 8.1

      • Windows 8

        • -

      • Windows 7

        • +

      • Windows 7

      • Windows Server 2012 R2

      • Windows Server 2012

        • -

      • Windows Server 2008 R2

        • +

      • Windows Server 2008 R2

      Use AppLocker to create your application control policies.

      -  + ### Are there specific groups in your organization that need customized application control policies? Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. @@ -149,7 +150,7 @@ Most business groups or departments have specific security requirements that per | - | - | | Yes | For each group, you need to create a list that includes their application control requirements. Although this may increase the planning time, it will most likely result in a more effective deployment.
      If your GPO structure is not currently configured so that you can apply different policies to specific groups, you can alternatively apply AppLocker rules in a GPO to specific user groups.| | No | AppLocker policies can be applied globally to applications that are installed on PCs running the supported versions of Windows as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.| -  + ### Does your IT department have resources to analyze application usage, and to design and manage the policies? The time and resources that are available to you to perform the research and analysis can affect the detail of your plan and processes for continuing policy management and maintenance. @@ -158,7 +159,7 @@ The time and resources that are available to you to perform the research and ana | - | - | | Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are as simply constructed as possible.| | No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. | -  + ### Does your organization have Help Desk support? Preventing your users from accessing known, deployed, or personal applications will initially cause an increase in end-user support. It will be necessary to address the various support issues in your organization so security policies are followed and business workflow is not hampered. @@ -168,7 +169,7 @@ Preventing your users from accessing known, deployed, or personal applications w | Yes | Involve the support department early in the planning phase because your users may inadvertently be blocked from using their applications, or they may seek exceptions to use specific applications. | | No | Invest time in developing online support processes and documentation before deployment. | -  + ### Do you know what applications require restrictive policies? Any successful application control policy implementation is based on your knowledge and understanding of app usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the apps that access that data. @@ -176,7 +177,7 @@ Any successful application control policy implementation is based on your knowle | - | - | | Yes | You should determine the application control priorities for a business group and then attempt to design the simplest scheme for their application control policies. | | No | You will have to perform an audit and requirements gathering project to discover the application usage. AppLocker provides the means to deploy policies in **Audit only** mode, and tools to view the event logs.| -  + ### How do you deploy or sanction applications (upgraded or new) in your organization? Implementing a successful application control policy is based on your knowledge and understanding of application usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the applications that access that data. Understanding the upgrade and deployment policy will help shape the construction of the application control policies. @@ -187,7 +188,7 @@ Implementing a successful application control policy is based on your knowledge | Strict written policy or guidelines to follow | You need to develop AppLocker rules that reflect those policies, and then test and maintain the rules. | | No process in place | You need to determine if you have the resources to develop an application control policy, and for which groups. | -  + ### Does your organization already have SRP deployed? Although SRP and AppLocker have the same goal, AppLocker is a major revision of SRP. @@ -196,7 +197,7 @@ Although SRP and AppLocker have the same goal, AppLocker is a major revision of | - | - | | Yes | You cannot use AppLocker to manage SRP settings, but you can use SRP to manage application control policies on computers running on any of the supported operating systems listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). In addition, if AppLocker and SRP settings are configured in the same GPO, only the AppLocker settings will be enforced on computers running those supported operating systems.

      **Note:** If you are using the Basic User security level as assigned in SRP, those permissions are not supported on computers running the supported operating systems.| | No | Policies that are configured for AppLocker can only be applied to computers running the supported operating systems, but SRP is also available on those operating systems. | -  + ### What are your organization's priorities when implementing application control policies? Some organizations will benefit from application control policies as shown by an increase in productivity or conformance, while others will be hindered in performing their duties. Prioritize these aspects for each group to allow you to evaluate the effectiveness of AppLocker. @@ -206,7 +207,7 @@ Some organizations will benefit from application control policies as shown by an | Productivity: The organization assures that tools work and required applications can be installed. | To meet innovation and productivity goals, some groups require the ability to install and run a variety of software from different sources, including software that they developed. Therefore, if innovation and productivity is a high priority, managing application control policies through an allowed list might be time consuming and an impediment to progress. | | Management: The organization is aware of and controls the apps it supports. | In some business groups, application usage can be managed from a central point of control. AppLocker policies can be built into a GPO for that purpose. This shifts the burden of app access to the IT department, but it also has the benefit of controlling the number of apps that can be run and controlling the versions of those apps| | Security: The organization must protect data in part by ensuring that only approved apps are used. | AppLocker can help protect data by allowing a defined set of users access to apps that access the data. If security is the top priority, the application control policies will be the most restrictive.| -  + ### How are apps currently accessed in your organization? AppLocker is very effective for organizations that have application restriction requirements if they have environments with a simple topography and application control policy goals that are straightforward. For example, AppLocker can benefit an environment where non-employees have access to computers that are connected to the organizational network, such as a school or library. Large organizations also benefit from AppLocker policy deployment when the goal is to achieve a detailed level of control on the desktop computers with a relatively small number of applications to manage, or when the applications are manageable with a small number of rules. @@ -216,17 +217,17 @@ AppLocker is very effective for organizations that have application restriction | Users run without administrative rights. | Apps are installed by using an installation deployment technology.| | AppLocker can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using AppLocker to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.
      **Note: **AppLocker can also be effective in helping create standardized desktops in organizations where users run as administrators. However, it is important to note that users with administrative credentials can add new rules to the local AppLocker policy.| Users must be able to install applications as needed. | Users currently have administrator access, and it would be difficult to change this.|Enforcing AppLocker rules is not suited for business groups that must be able to install apps as needed and without approval from the IT department. If one or more OUs in your organization has this requirement, you can choose not to enforce application rules in those OUs by using AppLocker or to implement the **Audit only** enforcement setting through AppLocker.| -  + ### Is the structure in Active Directory Domain Services based on the organization's hierarchy? -Designing application control policies based on an organizational structure that is already built into Active Directory Domain Services (AD DS) is easier than converting the existing structure to an organizational structure. +Designing application control policies based on an organizational structure that is already built into Active Directory Domain Services (AD DS) is easier than converting the existing structure to an organizational structure. Because the effectiveness of application control policies is dependent on the ability to update policies, consider what organizational work needs to be accomplished before deployment begins. | Possible answers | Design considerations | | - | - | -| Yes | AppLocker rules can be developed and implemented through Group Policy, based on your AD DS structure.| +| Yes | AppLocker rules can be developed and implemented through Group Policy, based on your AD DS structure.| | No | The IT department must create a scheme to identify how application control policies can be applied to the correct user or computer.| -  + ## Record your findings The next step in the process is to record and analyze your answers to the preceding questions. If AppLocker is the right solution for your goals, you can set your application control policy objectives and plan your AppLocker rules. This process culminates in creating your planning document. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index 578986beac..60372d5be9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -2,12 +2,14 @@ title: Understand AppLocker rules and enforcement setting inheritance in Group Policy (Windows 10) description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index 4b1ec580e1..cf93b27a4b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -2,12 +2,14 @@ title: Understand the AppLocker policy deployment process (Windows 10) description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index 3b54878e4f..6f06fb76e5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -2,12 +2,14 @@ title: Understanding AppLocker allow and deny actions on rules (Windows 10) description: This topic explains the differences between allow and deny actions on AppLocker rules. ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -38,9 +40,9 @@ Although you can use AppLocker to create a rule to allow all files to run and th | Publisher | A user could modify the properties of a file (for example, re-signing the file with a different certificate).| | File hash | A user could modify the hash for a file.| | Path | A user could move the denied file to a different location and run it from there.| -  + >**Important:**  If you choose to use the deny action on rules, you must ensure that you first create rules that allow the Windows system files to run. AppLocker enforces rules for allowed applications by default, so after one or more rules have been created for a rule collection (affecting the Windows system files), only the apps that are listed as being allowed will be permitted to run. Therefore, creating a single rule in a rule collection to deny a malicious file from running will also deny all other files on the computer from running. -  + ## Related topics - [How AppLocker works](how-applocker-works-techref.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index 725d456a08..aab40287b6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -2,12 +2,14 @@ title: Understanding AppLocker default rules (Windows 10) description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ This topic for IT professional describes the set of rules that can be used to en AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. >**Important:**  You can use the default rules as a template when creating your own rules. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules so that the system files in the Windows folders will be allowed to run. -  + If you require additional app security, you might need to modify the rules created from the built-in default rule collection. For example, the default rule to allow all users to run .exe files in the Windows folder is based on a path condition that allows all files within the Windows folder to run. The Windows folder contains a Temp subfolder to which the Users group is given the following permissions: @@ -45,8 +47,8 @@ These permissions settings are applied to this folder for app compatibility. How | [Script rules in AppLocker](script-rules-in-applocker.md) | This topic describes the file formats and available default rules for the script rule collection.| | [DLL rules in AppLocker](dll-rules-in-applocker.md) | This topic describes the file formats and available default rules for the DLL rule collection.| | [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) | This topic explains the AppLocker rule collection for packaged app installers and packaged apps.| -  + ## Related topics - [How AppLocker works](how-applocker-works-techref.md) -- [Create AppLocker default rules](create-applocker-default-rules.md) \ No newline at end of file +- [Create AppLocker default rules](create-applocker-default-rules.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index 40b6d2c8ea..fb7afc79b9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -2,12 +2,14 @@ title: Understanding AppLocker rule behavior (Windows 10) description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index 194a713b23..f2788d4bfc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -2,12 +2,14 @@ title: Understanding AppLocker rule collections (Windows 10) description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -34,7 +36,7 @@ An AppLocker rule collection is a set of rules that apply to one of five types: If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps. >**Important:**  Each app can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create app compatibility problems. As a result, the DLL rule collection is not enabled by default. -  + For info about how to enable the DLL rule collection, see [Enable the DLL rule collection](enable-the-dll-rule-collection.md). ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index 35682f8954..f937e73090 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -2,12 +2,14 @@ title: Understanding AppLocker rule condition types (Windows 10) description: This topic for the IT professional describes the three types of AppLocker rule conditions. ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index 92a2179fce..08aeb4091d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -2,12 +2,14 @@ title: Understanding AppLocker rule exceptions (Windows 10) description: This topic describes the result of applying AppLocker rule exceptions to rule collections. ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 72cf62e127..3bb3ba52c4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -2,12 +2,14 @@ title: Understanding the file hash rule condition in AppLocker (Windows 10) description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied. ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -28,7 +30,7 @@ File hash rules use a system-computed cryptographic hash of the identified file. | File hash condition advantages | File hash condition disadvantages | | - | - | | Because each file has a unique hash, a file hash condition applies to only one file. | Each time that the file is updated (such as a security update or upgrade), the file's hash will change. As a result, you must manually update file hash rules.| -  + For an overview of the three types of AppLocker rule conditions and explanations of the advantages and disadvantages of each, see [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md). ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index b1e10dc63f..0e59ec885b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -2,12 +2,14 @@ title: Understanding the path rule condition in AppLocker (Windows 10) description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied. ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 09/21/2017 # Understanding the path rule condition in AppLocker **Applies to** - - Windows 10 + - Windows 10 - Windows Server This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied. @@ -51,22 +53,23 @@ When creating a rule that uses a deny action, path conditions are less secure th -  + AppLocker does not enforce rules that specify paths with short names. You should always specify the full path to a file or folder when creating path rules so that the rule will be properly enforced. The asterisk (\*) wildcard character can be used within **Path** field. The asterisk (\*) character used by itself represents any path. When combined with any string value, the rule is limited to the path of the file and all the files under that path. For example, %ProgramFiles%\\Internet Explorer\\\* indicates that all files and subfolders within the Internet Explorer folder will be affected by the rule. AppLocker uses path variables for well-known directories in Windows. Path variables are not environment variables. The AppLocker engine can only interpret AppLocker path variables. The following table details these path variables. -| Windows directory or drive | AppLocker path variable | Windows environment variable | -| - | - | - | -| Windows | %WINDIR% | %SystemRoot% | -| System32 and sysWOW64 | %SYSTEM32%| %SystemDirectory%| -| Windows installation directory | %OSDRIVE%|%SystemDrive%| -| Program Files | %PROGRAMFILES%| %ProgramFiles% and %ProgramFiles(x86)%| -| Removable media (for example, CD or DVD) | %REMOVABLE%| | -| Removable storage device (for example, USB flash drive)| %HOT%||| -  + +| Windows directory or drive | AppLocker path variable | Windows environment variable | +|---------------------------------------------------------|-------------------------|----------------------------------------| +| Windows | %WINDIR% | %SystemRoot% | +| System32 and sysWOW64 | %SYSTEM32% | %SystemDirectory% | +| Windows installation directory | %OSDRIVE% | %SystemDrive% | +| Program Files | %PROGRAMFILES% | %ProgramFiles% and %ProgramFiles(x86)% | +| Removable media (for example, CD or DVD) | %REMOVABLE% | | +| Removable storage device (for example, USB flash drive) | %HOT% | | + For an overview of the three types of AppLocker rule conditions and explanations of the advantages and disadvantages of each, see [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md). ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 99c3ebe52a..52259c9248 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -2,12 +2,14 @@ title: Understanding the publisher rule condition in AppLocker (Windows 10) description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied. ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -53,7 +55,7 @@ of the publisher condition. -  + Wildcard characters can be used as values in the publisher rule fields according to the following specifications: - **Publisher** @@ -88,7 +90,7 @@ The following table describes how a publisher condition is applied. | **Publisher, product name, file name, and file version** | **And above**
      The specified version of the named file and any new releases for the product that are signed by the publisher.| | **Publisher, product name, file name, and file version**| **And below**
      The specified version of the named file and any older versions for the product that are signed by the publisher.| | **Custom** | You can edit the **Publisher**, **Product name**, **File name**, and **Version** fields to create a custom rule.| -  + For an overview of the three types of AppLocker rule conditions and explanations of the advantages and disadvantages of each, see [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md). ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 709e3beb0d..9c5076e4c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -1,14 +1,16 @@ - +ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6 +ms.reviewer: --- title: Use a reference device to create and maintain AppLocker policies (Windows 10) description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. -ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6 + +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -31,7 +33,7 @@ An AppLocker reference device is a baseline device you can use to configure poli An AppLocker reference device that is used to create and maintain AppLocker policies should contain the corresponding apps for each organizational unit (OU) to mimic your production environment. >**Important:**  The reference device must be running one of the supported editions of Windows. For information about operating system requirements for AppLocker, see [Requirements to use AppLocker](requirements-to-use-applocker.md). -  + You can perform AppLocker policy testing on the reference device by using the **Audit only** enforcement setting or Windows PowerShell cmdlets. You can also use the reference device as part of a testing configuration that includes policies that are created by using Software Restriction Policies. ## Step 1: Automatically generate rules on the reference device @@ -39,13 +41,13 @@ You can perform AppLocker policy testing on the reference device by using the ** With AppLocker, you can automatically generate rules for all files within a folder. AppLocker scans the specified folder and creates the condition types that you choose for each file in that folder. For the procedure to do this, see [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md). >**Note:**  If you run this wizard to create your first rules for a Group Policy Object (GPO), after you complete the wizard, you will be prompted to create the default rules, which allow critical system files to run. You can edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after you replace them with your custom rules. -  + ## Step 2: Create the default rules on the reference device AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You must run the default rules for each rule collection. For info about default rules and considerations for using them, see [Understanding AppLocker default rules](understanding-applocker-default-rules.md). For the procedure to create default rules, see [Create AppLocker default rules](create-applocker-default-rules.md). >**Important:**  You can use the default rules as a template when you create your own rules. This allows files within the Windows directory to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules. -  + ## Step 3: Modify rules and the rule collection on the reference device If AppLocker policies are currently running in your production environment, export the policies from the corresponding GPOs and save them to the reference device. For the procedure to do this, see [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md). If no AppLocker policies have been deployed, create the rules and develop the policies by using the following procedures: @@ -67,7 +69,7 @@ You should test each set of rules to ensure that they perform as intended. The * - [Discover the Effect of an AppLocker Policy](https://technet.microsoft.com/library/ee791823(WS.10).aspx) >**Caution:**  If you have set the enforcement setting on the rule collection to **Enforce rules** or you have not configured the rule collection, the policy will be implemented when the GPO is updated in the next step. If you have set the enforcement setting on the rule collection to **Audit only**, application access events are written to the AppLocker log, and the policy will not take effect. -  + ## Step 5: Export and import the policy into production When the AppLocker policy has been tested successfully, it can be imported into the GPO (or imported into individual computers that are not managed by Group Policy) and checked for its intended effectiveness. To do this, perform the following procedures: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index fdc15a6ef8..1f70ea7e87 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -2,12 +2,14 @@ title: Use AppLocker and Software Restriction Policies in the same domain (Windows 10) description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index a9409118af..0f4a4872cf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -2,12 +2,14 @@ title: Use the AppLocker Windows PowerShell cmdlets (Windows 10) description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index f675e2f425..6fa4d92a72 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -2,12 +2,14 @@ title: Using Event Viewer with AppLocker (Windows 10) description: This topic lists AppLocker events and describes how to use Event Viewer with AppLocker. ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -61,9 +63,9 @@ The following table contains information about the events that you can use to de | 8024 | Information| Packaged app installation audited.| Added in Windows Server 2012 and Windows 8.| | 8025 | Warning| Packaged app installation disabled.| Added in Windows Server 2012 and Windows 8.| | 8027 | Warning| No Packaged app rule configured.| Added in Windows Server 2012 and Windows 8.| -  + ## Related topics - [Tools to use with AppLocker](tools-to-use-with-applocker.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index 5a4bf9af3c..3583e3fd1b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -2,12 +2,14 @@ title: Use Software Restriction Policies and AppLocker policies (Windows 10) description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -32,7 +34,7 @@ You might want to deploy application control policies in Windows operating syste SRP and AppLocker use Group Policy for domain management. However, when policies are generated by SRP and AppLocker exist in the same domain, and they are applied through Group Policy, AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker. For info about how inheritance in Group Policy applies to AppLocker policies and policies generated by SRP, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md). >**Important:**  As a best practice, use separate Group Policy Objects to implement your SRP and AppLocker policies. To reduce troubleshooting issues, do not combine them in the same GPO. -  + The following scenario provides an example of how each type of policy would affect a bank teller software app, where the app is deployed on different Windows desktop operating systems and managed by the Tellers GPO. | Operating system | Tellers GPO with AppLocker policy | Tellers GPO with SRP | Tellers GPO with AppLocker policy and SRP | @@ -40,9 +42,9 @@ The following scenario provides an example of how each type of policy would affe | Windows 10, Windows 8.1, Windows 8,and Windows 7 | AppLocker policies in the GPO are applied, and they supersede any local AppLocker policies.| Local AppLocker policies supersede policies generated by SRP that are applied through the GPO. | AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.| | Windows Vista| AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP.AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| | Windows XP| AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| -  + >**Note:**  For info about supported versions and editions of the Windows operating system, see [Requirements to use AppLocker](requirements-to-use-applocker.md). -  + ## Test and validate SRPs and AppLocker policies that are deployed in the same environment Because SRPs and AppLocker policies function differently, they should not be implemented in the same GPO. This makes testing the result of the policy straightforward, which is critical to successfully controlling application usage in the organization. Configuring a testing and policy distribution system can help you understand the result of a policy. The effects of policies generated by SRP and AppLocker policies need to be tested separately and by using different tools. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index b77b1ee1c8..a3c525fbfa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -2,12 +2,14 @@ title: What Is AppLocker (Windows 10) description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,7 +20,7 @@ ms.date: 09/21/2017 # What Is AppLocker? **Applies to** - - Windows 10 + - Windows 10 - Windows Server This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. @@ -116,8 +118,8 @@ The following table compares AppLocker to Software Restriction Policies. -  -**Application control function differences** + +Application control function differences The following table compares the application control functions of Software Restriction Policies (SRP) and AppLocker. @@ -136,14 +138,13 @@ The following table compares the application control functions of Software Restr - - + @@ -175,7 +176,7 @@ The following table compares the application control functions of Software Restr - + @@ -185,9 +186,9 @@ The following table compares the application control functions of Software Restr

      Operating system scope

      SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

      AppLocker policies apply only to those supported operating system versions and editions listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). But these systems can also use SRP.

      +

      SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

      AppLocker policies apply only to those supported operating system versions and editions listed in Requirements to use AppLocker. But these systems can also use SRP.

      -Note   -

      Use different GPOs for SRP and AppLocker rules.

      +Note

      Use different GPOs for SRP and AppLocker rules.

      -  +

      Manage all software on the computer

      All software is managed in one rule set. By default, the policy for managing all software on a device disallows all software on the user's device, except software that is installed in the Windows folder, Program Files folder, or subfolders.

      All software is managed in one rule set. By default, the policy for managing all software on a device disallows all software on the user's device, except software that is installed in the Windows folder, Program Files folder, or subfolders.

      Unlike SRP, each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection will be allowed to run. This configuration makes it easier for administrators to determine what will occur when an AppLocker rule is applied.
      -  + ## Related topics - [AppLocker technical reference](applocker-technical-reference.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index 1e37f0531c..a853be9f44 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -2,12 +2,14 @@ title: Windows Installer rules in AppLocker (Windows 10) description: This topic describes the file formats and available default rules for the Windows Installer rule collection. ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9 +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -36,9 +38,9 @@ The purpose of this collection is to allow you to control the installation of fi | Allow members of the local Administrators group to run all Windows Installer files| (Default Rule) All Windows Installer files| BUILTIN\Administrators| Path: *| | Allow all users to run Windows Installer files that are digitally signed | (Default Rule) All digitally signed Windows Installer files| Everyone| Publisher: * (all signed files)| | Allow all users to run Windows Installer files that are located in the Windows Installer folder | (Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer| Everyone| Path: %windir%\Installer\*| -  + ## Related topics - [Understanding AppLocker default rules](understanding-applocker-default-rules.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index cf2294e550..8e77d3e330 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -2,12 +2,14 @@ title: Working with AppLocker policies (Windows 10) description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d +ms.reviewer: +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: mjcaparas manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index 83fd5dc5c5..c899126846 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -2,11 +2,14 @@ title: Working with AppLocker rules (Windows 10) description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9 +ms.reviewer: +manager: dansimp +ms.author: macapara ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: andreabichsel +author: mjcaparas ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 @@ -35,7 +38,7 @@ This topic for IT professionals describes AppLocker rule types and how to work w | [Enable the DLL rule collection](enable-the-dll-rule-collection.md) | This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.| | [Enforce AppLocker rules](enforce-applocker-rules.md) | This topic for IT professionals describes how to enforce application control rules by using AppLocker.| | [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md) | This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.| -  + The three AppLocker enforcement modes are described in the following table. The enforcement mode setting defined here can be overwritten by the setting derived from a linked Group Policy Object (GPO) with a higher precedence. | Enforcement mode | Description | @@ -56,7 +59,7 @@ The AppLocker console is organized into rule collections, which are executable f | Windows Installer files | .msi
      .msp
      .mst| | Packaged apps and packaged app installers | .appx| | DLL files | .dll
      .ocx| -  + >**Important:**  If you use DLL rules, you need to create an allow rule for each DLL that is used by all of the allowed apps. When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used. @@ -64,7 +67,7 @@ When DLL rules are used, AppLocker must check each DLL that an application loads The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections). EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file. -  + ## Rule conditions Rule conditions are criteria that help AppLocker identify the apps to which the rule applies. The three primary rule conditions are publisher, path, and file hash. @@ -77,14 +80,14 @@ Rule conditions are criteria that help AppLocker identify the apps to which the This condition identifies an app based on its digital signature and extended attributes when available. The digital signature contains info about the company that created the app (the publisher). Executable files, dlls, Windows installers, packaged apps and packaged app installers also have extended attributes, which are obtained from the binary resource. In case of executable files, dlls and Windows installers, these attributes contain the name of the product that the file is a part of, the original name of the file as supplied by the publisher, and the version number of the file. In case of packaged apps and packaged app installers, these extended attributes contain the name and the version of the app package. ->**Note:**  Rules created in the packaged apps and packaged app installers rule collection can only have publisher conditions since Windows does not support unsigned packaged apps and packaged app installers. -  ->**Note:**  Use a publisher rule condition when possible because they can survive app updates as well as a change in the location of files. -  +> **Note:** Rules created in the packaged apps and packaged app installers rule collection can only have publisher conditions since Windows does not support unsigned packaged apps and packaged app installers. +> +> **Note:** Use a publisher rule condition when possible because they can survive app updates as well as a change in the location of files. + When you select a reference file for a publisher condition, the wizard creates a rule that specifies the publisher, product, file name, and version number. You can make the rule more generic by moving the slider up or by using a wildcard character (\*) in the product, file name, or version number fields. >**Note:**  To enter custom values for any of the fields of a publisher rule condition in the Create Rules Wizard, you must select the **Use custom values** check box. When this check box is selected, you cannot use the slider. -  + The **File version** and **Package version** control whether a user can run a specific version, earlier versions, or later versions of the app. You can choose a version number and then configure the following options: - **Exactly.** The rule applies only to this version of the app @@ -121,9 +124,9 @@ The following table details these path variables. | Program Files| %PROGRAMFILES%| %ProgramFiles% and %ProgramFiles(x86)% | | Removable media (for example, a CD or DVD)| %REMOVABLE%| | | Removable storage device (for example, a USB flash drive)| %HOT% | | -  + >**Important:**  Because a path rule condition can be configured to include a large number of folders and files, path conditions should be carefully planned. For example, if an allow rule with a path condition includes a folder location that non-administrators are allowed to write data into, a user can copy unapproved files into that location and run the files. For this reason, it is a best practice to not create path conditions for standard user writable locations, such as a user profile. -  + ### File hash When you choose the file hash rule condition, the system computes a cryptographic hash of the identified file. The advantage of this rule condition is that because each file has a unique hash, a file hash rule condition applies to only one file. The disadvantage is that each time the file is updated (such as a security update or upgrade) the file's hash will change. As a result, you must manually update file hash rules. @@ -169,10 +172,10 @@ A rule can be configured to use allow or deny actions: - **Allow.** You can specify which files are allowed to run in your environment, and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule. - **Deny.** You can specify which files are *not* allowed to run in your environment, and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule. ->**Important:**  For a best practice, use allow actions with exceptions. You can use a combination of allow and deny actions but understand that deny actions override allow actions in all cases, and can be circumvented. -  ->**Important:**  If you join a computer running at least Windows Server 2012 or Windows 8 to a domain that already enforces AppLocker rules for executable files, users will not be able to run any packaged apps unless you also create rules for packaged apps. If you want to allow any packaged apps in your environment while continuing to control executable files, you should create the default rules for packaged apps and set the enforcement mode to Audit-only for the packaged apps rule collection. -  +> **Important:** For a best practice, use allow actions with exceptions. You can use a combination of allow and deny actions but understand that deny actions override allow actions in all cases, and can be circumvented. +> +> **Important:** If you join a computer running at least Windows Server 2012 or Windows 8 to a domain that already enforces AppLocker rules for executable files, users will not be able to run any packaged apps unless you also create rules for packaged apps. If you want to allow any packaged apps in your environment while continuing to control executable files, you should create the default rules for packaged apps and set the enforcement mode to Audit-only for the packaged apps rule collection. + ## Rule exceptions You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset. For example, the rule "Allow everyone to run Windows except Registry Editor" allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor. @@ -193,7 +196,7 @@ Membership in the local **Administrators** group, or equivalent, is the minimum 4. Click the **Advanced** tab, select the **Enable the DLL rule collection** check box, and then click **OK**. >**Important:**  Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed apps. -   + ## AppLocker wizards You can create rules by using two AppLocker wizards: diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index 740a8eab56..7342686647 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -2,12 +2,15 @@ title: Audit Windows Defender Application Control (WDAC) policies (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -24,31 +27,31 @@ Before you begin this process, you need to create a WDAC policy binary file. If **To audit a Windows Defender Application Control policy with local policy:** -1. Before you begin, find the *.bin policy file , for example, the DeviceGuardPolicy.bin. Copy the file to C:\\Windows\\System32\\CodeIntegrity. +1. Before you begin, find the *.bin policy file , for example, the DeviceGuardPolicy.bin. Copy the file to C:\\Windows\\System32\\CodeIntegrity. -2. On the computer you want to run in audit mode, open the Local Group Policy Editor by running **GPEdit.msc**. +2. On the computer you want to run in audit mode, open the Local Group Policy Editor by running **GPEdit.msc**. - > [!Note] + > [!Note] + > + > - The computer that you will run in audit mode must be clean of viruses or malware. Otherwise, in the process that you follow after auditing the system, you might unintentionally merge in a policy that allows viruses or malware to run. + > + > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor. - > - The computer that you will run in audit mode must be clean of viruses or malware. Otherwise, in the process that you follow after auditing the system, you might unintentionally merge in a policy that allows viruses or malware to run. - - > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor. - -3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1. +3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1. - > [!Note] - - > - You can copy the WDAC policies to a file share to which all computer accounts have access rather than copy them to every system. - - > - You might have noticed that the GPO setting references a .p7b file and this policy uses a .bin file. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped onto the computers running Windows 10. We recommend that you make your WDAC policy names friendly and allow the system to convert the policy names for you. By doing this, it ensures that the policies are easily distinguishable when viewed in a share or any other central repository. + > [!Note] + > + > - You can copy the WDAC policies to a file share to which all computer accounts have access rather than copy them to every system. + > + > - You might have noticed that the GPO setting references a .p7b file and this policy uses a .bin file. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped onto the computers running Windows 10. We recommend that you make your WDAC policy names friendly and allow the system to convert the policy names for you. By doing this, it ensures that the policies are easily distinguishable when viewed in a share or any other central repository. ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig22-deploycode.png) Figure 1. Deploy your Windows Defender Application Control policy -4. Restart the reference system for the WDAC policy to take effect. +4. Restart the reference system for the WDAC policy to take effect. -5. Use the system as you normally would, and monitor code integrity events in the event log. While in audit mode, any exception to the deployed WDAC policy will be logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log, as shown in Figure 2. +5. Use the system as you normally would, and monitor code integrity events in the event log. While in audit mode, any exception to the deployed WDAC policy will be logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log, as shown in Figure 2. ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png) @@ -66,32 +69,32 @@ Use the following procedure after you have been running a computer with a WDAC p -1. Review the audit information in the event log. From the WDAC policy exceptions that you see, make a list of any applications that should be allowed to run in your environment, and decide on the file rule level that should be used to trust these applications. +1. Review the audit information in the event log. From the WDAC policy exceptions that you see, make a list of any applications that should be allowed to run in your environment, and decide on the file rule level that should be used to trust these applications. - Although the Hash file rule level will catch all of these exceptions, it may not be the best way to trust all of them. For information about file rule levels, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md) in "Deploy Windows Defender Application Control: policy rules and file rules." + Although the Hash file rule level will catch all of these exceptions, it may not be the best way to trust all of them. For information about file rule levels, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md) in "Deploy Windows Defender Application Control: policy rules and file rules." - Your event log might also contain exceptions for applications that you eventually want your WDAC policy to block. If these appear, make a list of these also, for a later step in this procedure. + Your event log might also contain exceptions for applications that you eventually want your WDAC policy to block. If these appear, make a list of these also, for a later step in this procedure. -2. In an elevated Windows PowerShell session, initialize the variables that will be used. The example filename shown here is **DeviceGuardAuditPolicy.xml**: +2. In an elevated Windows PowerShell session, initialize the variables that will be used. The example filename shown here is **DeviceGuardAuditPolicy.xml**: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` + ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` -3. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. +3. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. - ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt` + ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt` - > [!Note] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy. + > [!NOTE] + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy. -4. Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following: +4. Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following: - - Any applications that were caught as exceptions, but should be allowed to run in your environment. These are applications that should be in the .xml file. Leave these as-is in the file. + - Any applications that were caught as exceptions, but should be allowed to run in your environment. These are applications that should be in the .xml file. Leave these as-is in the file. - - Any applications that actually should not be allowed to run in your environment. Edit these out of the .xml file. If they remain in the .xml file, and the information in the file is merged into your existing WDAC policy, the policy will treat the applications as trusted, and allow them to run. + - Any applications that actually should not be allowed to run in your environment. Edit these out of the .xml file. If they remain in the .xml file, and the information in the file is merged into your existing WDAC policy, the policy will treat the applications as trusted, and allow them to run. You can now use this file to update the existing WDAC policy that you ran in audit mode by merging the two policies. For instructions on how to merge this audit policy with the existing WDAC policy, see the next section, [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies). -> [!Note] -> You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies. \ No newline at end of file +> [!NOTE] +> You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index 54c89364d5..92c3c3aa47 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -2,12 +2,15 @@ title: Create a code signing cert for Windows Defender Application Control (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/28/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index b5d1cd4483..fece90650c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -2,12 +2,15 @@ title: Create an initial default policy (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -23,7 +26,7 @@ For this example, you must initiate variables to be used during the creation pro Then create the WDAC policy by scanning the system for installed applications. The policy file is converted to binary format when it gets created so that Windows can interpret it. -> [!Note] +> [!NOTE] > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. Each installed software application should be validated as trustworthy before you create a policy. @@ -35,39 +38,39 @@ You can remove or disable such software on the reference computer. To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order: -1. Initialize variables that you will use. The following example commands use **InitialScan.xml** and **DeviceGuardPolicy.bin** for the names of the files that will be created: +1. Initialize variables that you will use. The following example commands use **InitialScan.xml** and **DeviceGuardPolicy.bin** for the names of the files that will be created: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` + ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` - ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` + ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` -2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) to create a new WDAC policy by scanning the system for installed applications: +2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) to create a new WDAC policy by scanning the system for installed applications: - ```powershell - New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy –UserPEs 3> CIPolicyLog.txt - ``` + ```powershell + New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy –UserPEs 3> CIPolicyLog.txt + ``` - > [!Note] - - > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. - - > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md). + > [!Note] + > + > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. + > + > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md). + > + > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned. + > + > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. - > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned. - - > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format: -3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format: - - ```powershell - ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin - ``` + ```powershell + ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin + ``` After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (InitialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security. -> [!Note] +> [!NOTE] > We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md). We recommend that every WDAC policy be run in audit mode before being enforced. Doing so allows administrators to discover any issues with the policy without receiving error messages. For information about how to audit a WDAC policy, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md new file mode 100644 index 0000000000..105f6a46bb --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md @@ -0,0 +1,65 @@ +--- +title: Windows Defender Application Control path-based rules (Windows 10) +description: Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: mdsakibMSFT +ms.date: 05/17/2019 +--- + +# Create Windows Defender Application Control path-based rules + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. + +- New-CIPolicy parameters + - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) + + ```powershell + New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u + ``` + + Optionally, add -UserWriteablePaths to ignore user writeability + + - FilePathRule: create a rule where filepath string is directly set to value of \ + + ```powershell + New-CIPolicyRule -FilePathRule + ``` + + Useful for wildcards like C:\foo\\* + +- Usage follows the same flow as per-app rules: + + ```powershell + $rules = New-CIPolicyRule … + $rules += New-CIPolicyRule … + … + New-CIPolicyRule -f .\mypolicy.xml -u + ``` + +- Wildcards supported + - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) + - One or the other, not both at the same time + - Does not support wildcard in the middle (ex. C:\\*\foo.exe) + - Examples: + - %WINDIR%\\... + - %SYSTEM32%\\... + - %OSDRIVE%\\... + +- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: + + ```powershell + Set-RuleOption -o 18 .\policy.xml + ``` + diff --git a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md index f204088397..abaa31c6ff 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md @@ -2,12 +2,14 @@ title: Create your Windows Defender Application Control (WDAC) planning document (Windows 10) description: This planning topic for the IT professional summarizes the information you need to research and include in your WDAC planning document. ms.assetid: 41e49644-baf4-4514-b089-88adae2d624e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -86,8 +88,8 @@ You can use the following form to construct your own WDAC planning document. -  -**Rules** + +Rules @@ -128,8 +130,8 @@ You can use the following form to construct your own WDAC planning document.
      -  -**Event processing** + +Event processing @@ -158,8 +160,8 @@ You can use the following form to construct your own WDAC planning document.
      -  -**Policy maintenance** + +Policy maintenance @@ -189,7 +191,7 @@ You can use the following form to construct your own WDAC planning document.
      -  + ### Example of a WDAC planning document **Rules** @@ -270,7 +272,7 @@ You can use the following form to construct your own WDAC planning document.

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      Deny

      @@ -290,8 +292,8 @@ You can use the following form to construct your own WDAC planning document. -  -**Event processing** + +Event processing @@ -327,8 +329,8 @@ You can use the following form to construct your own WDAC planning document.
      -  -**Policy maintenance** + +Policy maintenance @@ -372,9 +374,9 @@ You can use the following form to construct your own WDAC planning document.
      -  + ### Additional resources - [Windows Defender Application Control](windows-defender-application-control.md) -  -  + + diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index b6683d45c4..98d3710250 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -2,12 +2,15 @@ title: Deploy catalog files to support Windows Defender Application Control (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/28/2018 --- @@ -42,7 +45,7 @@ To create a catalog file, you use a tool called **Package Inspector**. You must > [!NOTE] > Package inspector can monitor installations on any local drive. Specify the appropriate drive on the local computer. -   + 3. Copy the installation media to the local drive (typically drive C). By copying the installation media to the local drive, you ensure that Package Inspector detects and catalogs the actual installer. If you skip this step, the future WDAC policy may allow the application to run but not to be installed. @@ -111,31 +114,31 @@ To sign a catalog file you generated by using PackageInspector.exe, you need the To sign the existing catalog file, copy each of the following commands into an elevated Windows PowerShell session. -1. Initialize the variables that will be used. Replace the *$ExamplePath* and *$CatFileName* variables as needed: +1. Initialize the variables that will be used. Replace the *$ExamplePath* and *$CatFileName* variables as needed: - ` $ExamplePath=$env:userprofile+"\Desktop"` + ` $ExamplePath=$env:userprofile+"\Desktop"` - ` $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"` + ` $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"` -2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user’s personal store. +2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user’s personal store. -3. Sign the catalog file with Signtool.exe: +3. Sign the catalog file with Signtool.exe: - ` sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName` + ` sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName` - > **Note**  The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. + > **Note**  The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. + > + > **Note**  For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). + +4. Verify the catalog file digital signature. Right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. - > **Note**  For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). -   -4. Verify the catalog file digital signature. Right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. + ![Digital Signature list in file Properties](images/dg-fig12-verifysigning.png) - ![Digital Signature list in file Properties](images/dg-fig12-verifysigning.png) + Figure 1. Verify that the signing certificate exists - Figure 1. Verify that the signing certificate exists +5. Copy the catalog file to C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}. -5. Copy the catalog file to C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}. - - For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as System Center Configuration Manager. Doing this also simplifies the management of catalog versions. + For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as System Center Configuration Manager. Doing this also simplifies the management of catalog versions. ## Add a catalog signing certificate to a Windows Defender Application Control policy @@ -162,44 +165,44 @@ To simplify the management of catalog files, you can use Group Policy preference **To deploy a catalog file with Group Policy:** -1. From either a domain controller or a client computer that has Remote Server Administration Tools (RSAT) installed, open the Group Policy Management Console (GPMC) by running **GPMC.MSC** or by searching for Group Policy Management. +1. From either a domain controller or a client computer that has Remote Server Administration Tools (RSAT) installed, open the Group Policy Management Console (GPMC) by running **GPMC.MSC** or by searching for Group Policy Management. -2. Create a new GPO: right-click an OU, for example, the **DG Enabled PCs OU**, and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 2. +2. Create a new GPO: right-click an OU, for example, the **DG Enabled PCs OU**, and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 2. - > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate). + > [!NOTE] + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate). ![Group Policy Management, create a GPO](images/dg-fig13-createnewgpo.png) Figure 2. Create a new GPO -3. Give the new GPO a name, for example, **Contoso DG Catalog File GPO Test**, or any name you prefer. +3. Give the new GPO a name, for example, **Contoso DG Catalog File GPO Test**, or any name you prefer. -4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. +4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. -5. Within the selected GPO, navigate to Computer Configuration\\Preferences\\Windows Settings\\Files. Right-click **Files**, point to **New**, and then click **File**, as shown in Figure 3. +5. Within the selected GPO, navigate to Computer Configuration\\Preferences\\Windows Settings\\Files. Right-click **Files**, point to **New**, and then click **File**, as shown in Figure 3. - ![Group Policy Management Editor, New File](images/dg-fig14-createnewfile.png) + ![Group Policy Management Editor, New File](images/dg-fig14-createnewfile.png) - Figure 3. Create a new file + Figure 3. Create a new file -6. Configure the catalog file share. +6. Configure the catalog file share. - To use this setting to provide consistent deployment of your catalog file (in this example, LOBApp-Contoso.cat), the source file should be on a share that is accessible to the computer account of every deployed computer. This example uses a share (on a computer running Windows 10) called \\\\Contoso-Win10\\Share. The catalog file being deployed is copied to this share. + To use this setting to provide consistent deployment of your catalog file (in this example, LOBApp-Contoso.cat), the source file should be on a share that is accessible to the computer account of every deployed computer. This example uses a share (on a computer running Windows 10) called \\\\Contoso-Win10\\Share. The catalog file being deployed is copied to this share. -7. To keep versions consistent, in the **New File Properties** dialog box (Figure 4), select **Replace** from the **Action** list so that the newest version is always used. +7. To keep versions consistent, in the **New File Properties** dialog box (Figure 4), select **Replace** from the **Action** list so that the newest version is always used. - ![File Properties, Replace option](images/dg-fig15-setnewfileprops.png) + ![File Properties, Replace option](images/dg-fig15-setnewfileprops.png) - Figure 4. Set the new file properties + Figure 4. Set the new file properties -8. In the **Source file(s)** box, type the name of your accessible share, with the catalog file name included (for example, \\\\Contoso-Win10\\share\\LOBApp-Contoso.cat). +8. In the **Source file(s)** box, type the name of your accessible share, with the catalog file name included (for example, \\\\Contoso-Win10\\share\\LOBApp-Contoso.cat). -9. In the **Destination File** box, type a path and file name, for example: +9. In the **Destination File** box, type a path and file name, for example: - **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\LOBApp-Contoso.cat** + **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\LOBApp-Contoso.cat** - For the catalog file name, use the name of the catalog you are deploying. + For the catalog file name, use the name of the catalog you are deploying. 10. On the **Common** tab of the **New File Properties** dialog box, select the **Remove this item when it is no longer applied** option. Doing this ensures that the catalog file is removed from every system, in case you ever need to stop trusting this application. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md new file mode 100644 index 0000000000..6df51f6694 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -0,0 +1,79 @@ +--- +title: Deploy multiple Windows Defender Application Control Policies (Windows 10) +description: Windows Defender Application Control supports multiple code integrity policies for one device. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: mdsakibMSFT +ms.date: 05/17/2019 +--- + +# Deploy multiple Windows Defender Application Control Policies + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: + +1. Enforce and Audit Side-by-Side + - To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side-by-side with an existing enforcement-mode base policy +2. Multiple Base Policies + - Users can enforce two or more base policies simultaneously in order to allow simpler policy targeting for policies with different scope/intent + - If two base policies exist on a device, an application has to be allowed by both to run +3. Supplemental Policies + - Users can deploy one or more supplemental policies to expand a base policy + - A supplemental policy expands a single base policy, and multiple supplemental policies can expand the same base policy + - For supplemental policies, applications that are allowed by either the base policy or its supplemental policy/policies are allowed to run + +## How do Base and Supplemental Policies Interact? + +- Multiple base policies: intersection + - Only applications allowed by both policies run without generating block events +- Base + supplemental policy: union + - Files that are allowed by the base policy or the supplemental policy are not blocked + +Note that multiple policies will not work on pre-1903 systems. + +### Allow Multiple Policies + +In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in New-CIPolicy results in 1) random GUIDs being generated for the policy ID and 2) the policy type being specified as base. + +```powershell +New-CIPolicy -MultiplePolicyFormat -foo –bar +``` + +Optionally, you can choose to make the new base policy supplementable (allow supplemental policies). + +```powershell +Set-RuleOption -FilePath Enabled:Allow Supplemental Policies +``` + +For signed base policies that are being made supplementable, you need to ensure that supplemental signers are defined. Use the "Supplemental" switch in Add-SignerRule to provide supplemental signers. + +```powershell +Add-SignerRule -FilePath -CertificatePath [-Kernel] [-User] [-Update] [-Supplemental] [-Deny] [] +``` + +### Supplemental Policy Creation + +In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. +- "SupplementsBasePolicyID": guid of new supplemental policy +- "BasePolicyToSupplementPath": base policy that the supplemental policy applies to + +```powershell +Set-CIPolicyIdInfo [-FilePath] [-PolicyName ] [-SupplementsBasePolicyID ] [-BasePolicyToSupplementPath ] [-ResetPolicyID] [-PolicyId ] [] +``` + +Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and resets the policy guids back to a random guid. + +### Merging policies + +When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID , then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID . + diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 46f8a8a3c8..e4c776c47e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -2,12 +2,15 @@ title: Deploy Windows Defender Application Control (WDAC) policies by using Group Policy (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/28/2018 --- @@ -20,10 +23,10 @@ ms.date: 02/28/2018 WDAC policies can easily be deployed and managed with Group Policy. A Windows Defender Device Guard administrative template will be available in Windows Server 2016 that allows you to simplify deployment of Windows Defender Device Guard hardware-based security features and Windows Defender Application Control policies. The following procedure walks you through how to deploy a WDAC policy called **DeviceGuardPolicy.bin** to a test OU called *DG Enabled PCs* by using a GPO called **Contoso GPO Test**. -> [!NOTE] +> [!NOTE] > This walkthrough requires that you have previously created a WDAC policy and have a computer running Windows 10 on which to test a Group Policy deployment. For more information about how to create a WDAC policy, see [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md), earlier in this topic. -> [!NOTE] +> [!NOTE] > Signed WDAC policies can cause boot failures when deployed. We recommend that signed WDAC policies be thoroughly tested on each hardware platform before enterprise deployment. To deploy and manage a WDAC policy with Group Policy: @@ -49,12 +52,12 @@ To deploy and manage a WDAC policy with Group Policy: In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, with DeviceGuardPolicy.bin on the test computer, the example file path would be C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin. - > [!NOTE] + > [!NOTE] > This policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig26-enablecode.png) - > [!NOTE] + > [!NOTE] > You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the client computer running Windows 10. Make your WDAC policies friendly and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. 7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. Restarting the computer updates the WDAC policy. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 857ab2ea09..1f0c64f9c3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -2,12 +2,15 @@ title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp ms.date: 05/17/2018 --- @@ -24,11 +27,11 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( 3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. - ![Configure profile](images\wdac-intune-create-profile-name.png) + ![Configure profile](images/wdac-intune-create-profile-name.png) 4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - ![Configure WDAC](images\wdac-intune-wdac-settings.png) + ![Configure WDAC](images/wdac-intune-wdac-settings.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md index 188693edf8..79cdfd3512 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md @@ -2,12 +2,15 @@ title: Disable Windows Defender Application Control policies (Windows 10) description: This topic covers how to disable unsigned or signed WDAC policies. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -34,7 +37,7 @@ If the WDAC policy was deployed by using Group Policy, the GPO that is currently Signed policies protect Windows from administrative manipulation as well as malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps. -> [!Note] +> [!NOTE] > For reference, signed WDAC policies should be replaced and removed from the following locations: - <EFI System Partition>\\Microsoft\\Boot\\ diff --git a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md index a414320068..6a6df72992 100644 --- a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md +++ b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md @@ -2,12 +2,14 @@ title: Document your application control management processes (Windows 10) description: This planning topic describes the WDAC policy maintenance information to record for your design document. ms.assetid: 6397f789-0e36-4933-9f86-f3f6489cf1fb +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -27,8 +29,8 @@ This planning topic describes the Windows Defender Application Control (WDAC) po To complete this planning document, you should first complete the following steps: -3. [Select the types of rules to create](select-types-of-rules-to-create.md) -5. [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) +3. [Select the types of rules to create](select-types-of-rules-to-create.md) +4. [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) The three key areas to determine for WDAC policy management are: @@ -122,7 +124,7 @@ The following table contains the added sample data that was collected when deter

      Internet Explorer 7

      -

      C:\Program Files\Internet Explorer\

      +

      C:\Program Files\Internet Explorer</p>

      File is signed; create a publisher condition

      Deny

      @@ -142,7 +144,7 @@ The following table contains the added sample data that was collected when deter -  + The following two tables illustrate examples of documenting considerations to maintain and manage WDAC policies. **Event processing policy** @@ -185,8 +187,8 @@ The following table is an example of what to consider and record. -  -**Policy maintenance policy** + +Policy maintenance policy When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies. The following table is an example of what to consider and record. @@ -231,7 +233,7 @@ The following table is an example of what to consider and record.
      -  + ## Next steps After you determine your application control management strategy for each business group, [create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 3315c79715..275a1ff7ff 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -2,12 +2,15 @@ title: Enforce Windows Defender Application Control (WDAC) policies (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -20,21 +23,21 @@ ms.date: 05/03/2018 Every WDAC policy is created with audit mode enabled. After you have successfully deployed and tested a WDAC policy in audit mode and are ready to test the policy in enforced mode, complete the following steps in an elevated Windows PowerShell session: -> [!Note] +> [!NOTE] > Every WDAC policy should be tested in audit mode first. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md), earlier in this topic. -1. Initialize the variables that will be used: +1. Initialize the variables that will be used: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml" ` + ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml" ` - ` $EnforcedCIPolicy=$CIPolicyPath+"EnforcedPolicy.xml"` + ` $EnforcedCIPolicy=$CIPolicyPath+"EnforcedPolicy.xml"` - ` $CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"` + ` $CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"` - > [!Note] - > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables. + > [!NOTE] + > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables. 2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options. @@ -44,19 +47,19 @@ Every WDAC policy is created with audit mode enabled. After you have successfull ` Set-RuleOption -FilePath $InitialCIPolicy -Option 10` -3. Copy the initial file to maintain an original copy: +3. Copy the initial file to maintain an original copy: - ` copy $InitialCIPolicy $EnforcedCIPolicy` + ` copy $InitialCIPolicy $EnforcedCIPolicy` -4. Use Set-RuleOption to delete the audit mode rule option: +4. Use Set-RuleOption to delete the audit mode rule option: - ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete` + ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete` - > [!Note] - > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy. + > [!NOTE] + > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy. -5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary format: +5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary format: - ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin` + ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin` -Now that this policy is in enforced mode, you can deploy it to your test computers. Rename the policy to SIPolicy.p7b and copy it to C:\\Windows\\System32\\CodeIntegrity for testing, or deploy the policy through Group Policy by following the instructions in [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). You can also use other client management software to deploy and manage the policy. \ No newline at end of file +Now that this policy is in enforced mode, you can deploy it to your test computers. Rename the policy to SIPolicy.p7b and copy it to C:\\Windows\\System32\\CodeIntegrity for testing, or deploy the policy through Group Policy by following the instructions in [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). You can also use other client management software to deploy and manage the policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index 718fc4a51c..8fb9a6ccaf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -2,32 +2,35 @@ title: Manage packaged apps with Windows Defender Application Control (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 -ms.date: 05/03/2018 +author: dansimp +ms.date: 05/14/2019 --- -# Manage packaged apps with Windows Defender Application Control +# Manage Packaged Apps with Windows Defender Application Control **Applies to:** - Windows 10 - Windows Server 2016 -This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. +This topic for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. -## Understanding Packaged apps and Packaged app installers +## Understanding Packaged Apps and Packaged App Installers Packaged apps, also known as Universal Windows apps, are based on a model that ensures all the files within an app package share the same identity. With classic Windows apps, each file within the app could have a unique identity. With packaged apps, it is possible to control the entire app by using a single WDAC rule. -  + Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, these components don't always share common attributes such as the software’s publisher name, product name, and product version. Therefore, WDAC controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule. -### Comparing classic Windows apps and packaged apps +### Comparing classic Windows Apps and Packaged Apps WDAC policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server 2008 R2 or Windows 7. The rules for classic Windows apps and packaged apps can be enforced in tandem. The differences between packaged apps and classic Windows apps that you should consider include: @@ -38,13 +41,101 @@ WDAC policies for packaged apps can only be applied to apps installed on compute WDAC uses different rule collections to control packaged apps and classic Windows apps. You have the choice to control one type, the other type, or both. -## Using WDAC to manage packaged apps +## Using WDAC to Manage Packaged Apps Just as there are differences in managing each rule collection, you need to manage the packaged apps with the following strategy: -1. Gather information about which Packaged apps are running in your environment. +1. Gather information about which packaged apps are running in your environment. 2. Create WDAC rules for specific packaged apps based on your policy strategies. For more information, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md). 3. Continue to update the WDAC policies as new package apps are introduced into your environment. To do this, see [Merge WDAC policies](merge-windows-defender-application-control-policies.md). +## Blocking Packaged Apps + +You can now use `New-CIPolicyRule -Package $Package -Deny` to block packaged apps. + +### Blocking Packaged Apps Which Are Installed on the System + +Below are the list of steps you can follow to block one or more packaged apps in the case that the apps are on the system you are using the WDAC PowerShell cmdlets on: + +1. Get the app identifier for an installed package + + ```powershell + $package = Get-AppxPackage -name + ``` +2. Make a rule by using the New-CIPolicyRule cmdlet + + ```powershell + $Rule = New-CIPolicyRule -Package $package -deny + ``` +3. Repeat for other packages you want to block using $rule +=… + +4. Make a policy for just the blocks you created for packages + + ```powershell + New-CIpolicy -rules $rule -f .\policy.xml -u + ``` + +5. Merge with an existing policy that authorizes the other applications and system components required for your scenario. Here we use the sample Allow Windows policy + + ```powershell + Merge-CIPolicy -PolicyPaths .\policy.xml,C:\windows\Schemas\codeintegrity\examplepolicies\DefaultWindows_Audit.xml -o allowWindowsDenyPackages.xml + ``` + +6. Disable audit mode if needed + + ```powershell + Set-RuleOption -o 3 -Delete .\allowWindowsDenyPackages.xml + ``` + +7. Enable invalidate EAs on reboot + + ```powershell + Set-RuleOption -o 15 .\allowWindowsDenyPackages.xml + ``` + +8. Compile the policy + + ```powershell + ConvertFrom-CIPolicy .\AllowWindowsDenyPackages.xml C:\compiledpolicy.bin + ``` + +9. Install the policy without restarting + + ```powershell + Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = "C:\compiledpolicy.bin"} + ``` + ### Blocking Packaged Apps Which Are Not Installed on the System + +If the app you intend to block is not installed on the system you are using the WDAC PowerShell cmdlets on, then follow the steps below: + +1. Create a dummy rule using Steps 1-5 in the Blocking Packaged Apps Which Are Installed on the System section above + +2. Navigate to the app you want to block on the Store website + +3. Copy the GUID in the URL for the app + - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558 + - https://www.microsoft.com/en-us/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab +4. Use the GUID in the following REST query URL to retrieve the identifiers for the app + - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata + - The URL will return: + + ``` + { "packageFamilyName": "Microsoft.Todos_8wekyb3d8bbwe", + "packageIdentityName": "Microsoft.Todos", + "windowsPhoneLegacyId": "6088f001-776c-462e-984d-25b6399c6607", + "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" + } + ``` + +5. Use the value returned by the query URL for the packageFamilyName to replace the package name generated earlier in the dummy rule from Step 1. + +## Allowing Packaged Apps +The method for allowing specific packaged apps is similar to the method outlined above for blocking packaged apps, with the only difference being the parameter to the New-CIPolicyRule cmdlet. + +```powershell +$Rule = New-CIPolicyRule -Package $package -allow +``` + +Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 8e2c628037..a0a8076215 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -2,12 +2,15 @@ title: Merge Windows Defender Application Control (WDAC) policies (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -20,33 +23,33 @@ ms.date: 05/03/2018 Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. For example, after a WDAC policy is created and audited, you might want to merge audit events from another WDAC policy. -> [!NOTE] +> [!NOTE] > Because only one SiPolicy.p7b file can be active on a system, the last management authority to write the policy wins. If there was already a policy deployed by using Group Policy and then amanaged installer using System Center Configuration Manager (SCCM) targeted the same device, the SCCM policy would overwrite the SiPolicy.p7b file. To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session: -1. Initialize the variables that will be used: +1. Initialize the variables that will be used: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` + ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` - ` $AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` + ` $AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` - ` $MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"` + ` $MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"` - ` $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"` + ` $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"` - > [!Note] - > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly. + > [!NOTE] + > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly. -2. Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy) to merge two policies and create a new WDAC policy: +2. Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy) to merge two policies and create a new WDAC policy: - ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy` + ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy` -3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the merged WDAC policy to binary format: +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the merged WDAC policy to binary format: - ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin ` + ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin ` Now that you have created a new WDAC policy, you can deploy the policy binary to systems manually or by using Group Policy or Microsoft client management solutions. For information about how to deploy this new policy with Group Policy, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 34fbe7530e..1ecc5091b9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -5,8 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 04/09/2019 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Microsoft recommended block rules @@ -146,30 +149,30 @@ Pick the correct version of each .dll for the Windows release you plan to suppor - - - - + + + - --> - --> - --> - @@ -1499,4 +1502,3 @@ Pick the correct version of each .dll for the Windows release you plan to suppor ```
      - diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index de4380bc34..be74ddf1f0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -6,8 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/21/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Plan for Windows Defender Application Control policy management diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index b1018f5e79..fa2f7af6ec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -6,9 +6,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mdsakibMSFT -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 12/06/2018 +ms.reviewer: +manager: dansimp --- # Querying Application Control events centrally using Advanced hunting @@ -16,12 +18,12 @@ ms.date: 12/06/2018 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. While Event Viewer helps to see the impact on a single system, IT Pros want to gauge the impact across many systems. -In November 2018, we added functionality in Windows Defender Advanced Threat Protection (Windows Defender ATP) that makes it easy to view WDAC events centrally from all systems that are connected to Windows Defender ATP. +In November 2018, we added functionality in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that makes it easy to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. -Advanced hunting in Windows Defender ATP allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. +Advanced hunting in Microsoft Defender ATP allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. This capability is supported beginning with Windows version 1607. -Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Windows Defender ATP: +Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP: ``` MiscEvents diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 1a987c35e7..18aaf0b398 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -6,8 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 04/20/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Deploy Windows Defender Application Control policy rules and file rules @@ -23,8 +26,6 @@ Windows Defender Application Control (WDAC) provides control over a computer run A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). -> **Note**  Each computer can have only **one** WDAC policy at a time. Whichever way you deploy this policy, it is renamed to SIPolicy.p7b and copied to **C:\\Windows\\System32\\CodeIntegrity** and, for UEFI computers, **<EFI System Partition>\\Microsoft\\Boot**. Keep this in mind when you create your WDAC policies. - Optionally, WDAC can align with your software catalog as well as any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged or serviced, and managed. If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). @@ -45,7 +46,7 @@ To modify the policy rule options of an existing WDAC policy, use [Set-RuleOptio You can set several rule options within a WDAC policy. Table 2 describes each rule option. -> [!NOTE] +> [!NOTE] > We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. **Table 2. Windows Defender Application Control policy - policy rule options** @@ -103,4 +104,50 @@ To create the WDAC policy, they build a reference server on their standard hardw As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the WDAC policy so that the hash in the policy matches the hash of the updated internal application. -They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required). \ No newline at end of file +They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required). + +## Create path-based rules + +Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. + +- New-CIPolicy parameters + - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) + + ```powershell + New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u + ``` + + Optionally, add -UserWriteablePaths to ignore user writeability + + - FilePathRule: create a rule where filepath string is directly set to value of \ + + ```powershell + New-CIPolicyRule -FilePathRule + ``` + + Useful for wildcards like C:\foo\\* + +- Usage follows the same flow as per-app rules: + + ```powershell + $rules = New-CIPolicyRule … + $rules += New-CIPolicyRule … + … + New-CIPolicyRule -f .\mypolicy.xml -u + ``` + +- Wildcards supported + - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) + - One or the other, not both at the same time + - Does not support wildcard in the middle (ex. C:\\*\foo.exe) + - Examples: + - %WINDIR%\\... + - %SYSTEM32%\\... + - %OSDRIVE%\\... + +- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: + + ```powershell + Set-RuleOption -o 18 .\policy.xml + ``` + diff --git a/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md b/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md index 40b5506097..693cce1792 100644 --- a/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md +++ b/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md @@ -6,8 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/21/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Signing Windows Defender Application Control policies with SignTool.exe @@ -38,47 +41,47 @@ To sign a WDAC policy with SignTool.exe, you need the following components: If you do not have a code signing certificate, see the [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) section for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session: -1. Initialize the variables that will be used: +1. Initialize the variables that will be used: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` + ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` - ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` + ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` - > [!Note] + > [!NOTE] > This example uses the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md). If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information. -2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). -3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later. +3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later. -4. Navigate to your desktop as the working directory: +4. Navigate to your desktop as the working directory: - ` cd $env:USERPROFILE\Desktop ` + ` cd $env:USERPROFILE\Desktop ` -5. Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy: +5. Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy: - ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` + ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` - > [!Note] + > [!NOTE] > should be the full path to the certificate that you exported in step 3. - Also, adding update signers is crucial to being able to modify or disable this policy in the future. + Also, adding update signers is crucial to being able to modify or disable this policy in the future. -6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: +6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: - ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` + ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` -7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format: +7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format: - ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` + ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` -8. Sign the WDAC policy by using SignTool.exe: +8. Sign the WDAC policy by using SignTool.exe: - ` sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin` + ` sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin` - > [!Note] + > [!NOTE] > The *<Path to signtool.exe>* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy. -9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). +9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 2edd777efc..aacc7afb09 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -5,12 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/01/2018 +ms.reviewer: +ms.author: dansimp --- # Windows Defender Application Control deployment in different scenarios: types of devices diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 94c511c911..5f6b6c7849 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -2,12 +2,15 @@ title: Understand Windows Defender Application Control policy design decisions (Windows 10) description: Understand Windows Defender Application Control policy design decisions. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/08/2018 --- @@ -57,7 +60,7 @@ Most organizations have evolved app control policies and methods over time. With | Managed usage by group or OU | Using WDAC requires a complete app control policy evaluation and implementation.| | Authorization Manager or other role-based access technologies | Using WDAC requires a complete app control policy evaluation and implementation.| | Other | Using WDAC requires a complete app control policy evaluation and implementation.| -  + ### Are there specific groups in your organization that need customized application control policies? Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. @@ -66,7 +69,7 @@ Most business groups or departments have specific security requirements that per | - | - | | Yes | For each group, you need to create a list that includes their application control requirements. Although this may increase the planning time, it will most likely result in a more effective deployment.
      If your GPO structure is not currently configured so that you can apply different policies to specific groups, you can alternatively apply WDAC rules in a GPO to specific user groups.| | No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.| -  + ### Does your IT department have resources to analyze application usage, and to design and manage the policies? The time and resources that are available to you to perform the research and analysis can affect the detail of your plan and processes for continuing policy management and maintenance. @@ -75,7 +78,7 @@ The time and resources that are available to you to perform the research and ana | - | - | | Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are as simply constructed as possible.| | No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. | -  + ### Does your organization have Help Desk support? Preventing your users from accessing known, deployed, or personal applications will initially cause an increase in end-user support. It will be necessary to address the various support issues in your organization so security policies are followed and business workflow is not hampered. @@ -85,7 +88,7 @@ Preventing your users from accessing known, deployed, or personal applications w | Yes | Involve the support department early in the planning phase because your users may inadvertently be blocked from using their applications, or they may seek exceptions to use specific applications. | | No | Invest time in developing online support processes and documentation before deployment. | -  + ### Do you know what applications require restrictive policies? Any successful application control policy implementation is based on your knowledge and understanding of app usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the apps that access that data. @@ -93,7 +96,7 @@ Any successful application control policy implementation is based on your knowle | - | - | | Yes | You should determine the application control priorities for a business group and then attempt to design the simplest scheme for their application control policies. | | No | You will have to perform an audit and requirements gathering project to discover the application usage. WDAC provides the means to deploy policies in audit mode.| -  + ### How do you deploy or sanction applications (upgraded or new) in your organization? Implementing a successful application control policy is based on your knowledge and understanding of application usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the applications that access that data. Understanding the upgrade and deployment policy will help shape the construction of the application control policies. @@ -103,7 +106,7 @@ Implementing a successful application control policy is based on your knowledge | Ad hoc | You need to gather requirements from each group. Some groups might want unrestricted access or installation, while other groups might want strict controls.| | Strict written policy or guidelines to follow | You need to develop WDAC rules that reflect those policies, and then test and maintain the rules. | | No process in place | You need to determine if you have the resources to develop an application control policy, and for which groups. | -  + ### What are your organization's priorities when implementing application control policies? Some organizations will benefit from application control policies as shown by an increase in productivity or conformance, while others will be hindered in performing their duties. Prioritize these aspects for each group to allow you to evaluate the effectiveness of WDAC. @@ -113,7 +116,7 @@ Some organizations will benefit from application control policies as shown by an | Productivity: The organization assures that tools work and required applications can be installed. | To meet innovation and productivity goals, some groups require the ability to install and run a variety of software from different sources, including software that they developed. Therefore, if innovation and productivity is a high priority, managing application control policies through an allowed list might be time consuming and an impediment to progress. | | Management: The organization is aware of and controls the apps it supports. | In some business groups, application usage can be managed from a central point of control. WDAC policies can be built into a GPO for that purpose. This shifts the burden of app access to the IT department, but it also has the benefit of controlling the number of apps that can be run and controlling the versions of those apps| | Security: The organization must protect data in part by ensuring that only approved apps are used. | WDAC can help protect data by allowing a defined set of users access to apps that access the data. If security is the top priority, the application control policies will be the most restrictive.| -  + ### How are apps currently accessed in your organization? WDAC is very effective for organizations that have application restriction requirements if they have environments with a simple topography and application control policy goals that are straightforward. For example, WDAC can benefit an environment where non-employees have access to computers that are connected to the organizational network, such as a school or library. Large organizations also benefit from WDAC policy deployment when the goal is to achieve a detailed level of control on the desktop computers with a relatively small number of applications to manage, or when the applications are manageable with a small number of rules. @@ -123,7 +126,7 @@ WDAC is very effective for organizations that have application restriction requi | Users run without administrative rights. | Apps are installed by using an installation deployment technology.| | WDAC can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using WDAC to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.
      **Note: **WDAC can also be effective in helping create standardized desktops in organizations where users run as administrators. | Users must be able to install applications as needed. | Users currently have administrator access, and it would be difficult to change this.|Enforcing WDAC rules is not suited for business groups that must be able to install apps as needed and without approval from the IT department. If one or more OUs in your organization has this requirement, you can choose not to enforce application rules in those OUs by using WDAC or to implement the audit only enforcement setting.| -  + ### Is the structure in Active Directory Domain Services based on the organization's hierarchy? Designing application control policies based on an organizational structure that is already built into Active Directory Domain Services (AD DS) is easier than converting the existing structure to an organizational structure. @@ -133,7 +136,7 @@ Because the effectiveness of application control policies is dependent on the ab | - | - | | Yes | WDAC rules can be developed and implemented through Group Policy, based on your AD DS structure.| | No | The IT department must create a scheme to identify how application control policies can be applied to the correct user or computer.| -  + ## Record your findings The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index 4b6482ac05..597df3c8b3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -2,12 +2,15 @@ title: Use code signing to simplify application control for classic Windows applications (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -59,4 +62,4 @@ When you generate a WDAC policy, you are generating a binary-encoded XML documen We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command. -When the WDAC policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add additional protection against administrative users changing or removing the policy. \ No newline at end of file +When the WDAC policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add additional protection against administrative users changing or removing the policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index d50f975bc2..567c3db270 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -2,12 +2,15 @@ title: Use the Device Guard Signing Portal in the Microsoft Store for Business (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 02/19/2019 --- @@ -37,4 +40,4 @@ Before you get started, be sure to review these best practices: 4. After the files are uploaded, click **Sign** to sign the code integrity policy. 5. Click **Download** to download the signed code integrity policy. - When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. \ No newline at end of file + When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index 27aca349ba..e481ff08f8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -2,12 +2,15 @@ title: Use signed policies to protect Windows Defender Application Control against tampering (Windows 10) description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- @@ -40,47 +43,47 @@ To sign a WDAC policy with SignTool.exe, you need the following components: If you do not have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or WDAC policy, be sure to update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session: -1. Initialize the variables that will be used: +1. Initialize the variables that will be used: - ` $CIPolicyPath=$env:userprofile+"\Desktop\"` + ` $CIPolicyPath=$env:userprofile+"\Desktop\"` - ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` + ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` - ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` + ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` - > [!Note] + > [!NOTE] > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information. -2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). -3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later. +3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later. -4. Navigate to your desktop as the working directory: +4. Navigate to your desktop as the working directory: - ` cd $env:USERPROFILE\Desktop ` + ` cd $env:USERPROFILE\Desktop ` -5. Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy: +5. Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy: - ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` + ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` - > [!Note] + > [!NOTE] > *<Path to exported .cer certificate>* should be the full path to the certificate that you exported in step 3. - Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Disable signed Windows Defender Application Control policies within Windows](disable-windows-defender-application-control-policies.md#disable-signed-windows-defender-application-control-policies-within-windows). + Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Disable signed Windows Defender Application Control policies within Windows](disable-windows-defender-application-control-policies.md#disable-signed-windows-defender-application-control-policies-within-windows). -6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: +6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: - ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` + ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` -7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format: +7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format: - ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` + ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` -8. Sign the WDAC policy by using SignTool.exe: +8. Sign the WDAC policy by using SignTool.exe: - ` sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin` + ` sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin` - > [!Note] + > [!NOTE] > The *<Path to signtool.exe>* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy. -9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). +9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 5e919a7437..8919d6d670 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -2,12 +2,15 @@ title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index f126a1d3f3..18738ef4ec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -2,12 +2,15 @@ title: Windows Defender Application Control and .NET Hardening (Windows 10) description: Dynamic Code Security is an application control feature that can verify code loaded by .NET at runtime. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: morganbr +author: dansimp ms.date: 08/20/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index fb6831f17b..559852d48c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -4,8 +4,11 @@ description: Automatically authorize applications that Microsoft’s ISG recogni ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: mdsakibMSFT +author: dansimp ms.date: 06/14/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph @@ -94,4 +97,4 @@ Modern apps are not supported with the ISG heuristic and will need to be separat The ISG heuristic does not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. -In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. \ No newline at end of file +In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index 43d842fa8e..d4c6fd8591 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -5,8 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: mdsakibMSFT +author: dansimp ms.date: 06/13/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Deploy Managed Installer for Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index 0ebbc19cc4..38cfd605db 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -5,8 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/16/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Planning and getting started on the Windows Defender Application Control deployment process @@ -25,24 +28,24 @@ This topic provides a roadmap for planning and getting started on the Windows De 3. Review how much variety in software and hardware is needed by roles or departments. The following questions can help you clarify how many WDAC policies to create: - - How standardized is the hardware?
      This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment. + - How standardized is the hardware?
      This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment. - - What software does each department or role need? Should they be able to install and run other departments’ software?
      If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management. + - What software does each department or role need? Should they be able to install and run other departments’ software?
      If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management. - - Are there departments or roles where unique, restricted software is used?
      If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy. + - Are there departments or roles where unique, restricted software is used?
      If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy. - - Is there already a list of accepted applications?
      A list of accepted applications can be used to help create a baseline WDAC policy.
      As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser). + - Is there already a list of accepted applications?
      A list of accepted applications can be used to help create a baseline WDAC policy.
      As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser). - - As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts? - In day-to-day operations, your organization’s security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies. + - As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts? + In day-to-day operations, your organization’s security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies. - Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC. + Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC. - For operational scenarios that require elevated security, certain applications with known Code Integrity bypasses may represent a security risk if you whitelist them in your WDAC policies. Other applications where older versions of the application had vulnerabilities also represent a risk. Therefore, you may want to deny or block such applications from your WDAC policies. For applications with vulnerabilities, once the vulnerabilities are fixed you can create a rule that only allows the fixed or newer versions of that application. The decision to allow or block applications depends on the context and on how the reference system is being used. + For operational scenarios that require elevated security, certain applications with known Code Integrity bypasses may represent a security risk if you whitelist them in your WDAC policies. Other applications where older versions of the application had vulnerabilities also represent a risk. Therefore, you may want to deny or block such applications from your WDAC policies. For applications with vulnerabilities, once the vulnerabilities are fixed you can create a rule that only allows the fixed or newer versions of that application. The decision to allow or block applications depends on the context and on how the reference system is being used. - Security professionals collaborate with Microsoft continuously to help protect customers. With the help of their valuable reports, Microsoft has identified a list of known applications that an attacker could potentially use to bypass Windows Defender Application Control. Depending on the context, you may want to block these applications. To view this list of applications and for use case examples, such as disabling msbuild.exe, see [Microsoft recommended block rules](microsoft-recommended-block-rules.md). + Security professionals collaborate with Microsoft continuously to help protect customers. With the help of their valuable reports, Microsoft has identified a list of known applications that an attacker could potentially use to bypass Windows Defender Application Control. Depending on the context, you may want to block these applications. To view this list of applications and for use case examples, such as disabling msbuild.exe, see [Microsoft recommended block rules](microsoft-recommended-block-rules.md). -4. Identify LOB applications that are currently unsigned. Although requiring signed code (through WDAC) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. +4. Identify LOB applications that are currently unsigned. Although requiring signed code (through WDAC) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. ## Getting started on the deployment process diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 7fa8248d7c..44ff0aa926 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -5,12 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/20/2018 +ms.reviewer: +ms.author: dansimp --- # Windows Defender Application Control design guide @@ -30,6 +32,6 @@ This guide covers design and planning for Windows Defender Application Control ( | [Select the types of rules to create](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | | [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | | [Create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md) | This planning topic summarizes the information you need to research and include in your planning document. | -  + After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies. -  \ No newline at end of file + diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index b5c590602d..9617e485b3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -2,12 +2,15 @@ title: Windows Defender Application Control (WDAC) (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 01/08/2019 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md index 61c656fc0d..bc80b871c8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md @@ -5,8 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: jsuther1974 +author: dansimp ms.date: 05/03/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Windows Defender Device Guard with AppLocker @@ -15,7 +18,7 @@ Although [AppLocker](applocker/applocker-overview.md) is not considered a new Wi There are many scenarios in which WDAC would be used alongside AppLocker rules. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level. -> [!NOTE] +> [!NOTE] > One example of how Windows Defender Device Guard functionality can be enhanced by AppLocker is when you want to apply different policies for different users on the same device. For example, you may allow your IT support personnel to run additional apps that you do not allow for your end-users. You can accomplish this user-specific enforcement by using an AppLocker rule. AppLocker and Windows Defender Device Guard should run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 80dbb5a03b..f6904fc6f0 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -6,14 +6,16 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 10/17/2017 +ms.reviewer: +manager: dansimp --- # Configure Windows Defender Application Guard policy settings -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. @@ -27,11 +29,11 @@ These settings, located at **Computer Configuration\Administrative Templates\Net >You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. -|Policy name|Supported versions|Description| -|-----------|------------------|-----------| -|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| -|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | -|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| +| Policy name | Supported versions | Description | +|-------------------------------------------------|--------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. | +| Enterprise resource domains hosted in the cloud | At least Windows Server 2012, Windows 8, or Windows RT | A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | +| Domains categorized as both work and personal | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. | ## Application-specific settings These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 8be213c70e..8a0d017824 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -6,67 +6,100 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 03/28/2019 +ms.reviewer: +manager: dansimp --- # Frequently asked questions - Windows Defender Application Guard -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions -| | | -|---|----------------------------| -|**Q:** |Can I enable Application Guard on machines equipped with 4GB RAM?| -|**A:** |We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | -||HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | -||HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB.| -||HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB.| +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can I enable Application Guard on machines equipped with 4GB RAM? | +| **A:** | We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB. | +
      -| | | -|---|----------------------------| -|**Q:** |Can employees download documents from the Application Guard Edge session onto host devices?| -|**A:** |In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

      In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device.| + +| | | +|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can employees download documents from the Application Guard Edge session onto host devices? | +| **A:** | In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

      In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. | +
      -| | | -|---|----------------------------| -|**Q:** |Can employees copy and paste between the host device and the Application Guard Edge session?| -|**A:** |Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container.| + +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can employees copy and paste between the host device and the Application Guard Edge session? | +| **A:** | Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. | +
      -| | | -|---|----------------------------| -|**Q:** |Why don't employees see their Favorites in the Application Guard Edge session?| -|**A:** |To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device.| + +| | | +|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Why don't employees see their Favorites in the Application Guard Edge session? | +| **A:** | To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. | +
      -| | | -|---|----------------------------| -|**Q:** |Why aren’t employees able to see their Extensions in the Application Guard Edge session?| -|**A:** |Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this.| + +| | | +|--------|---------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Why aren’t employees able to see their Extensions in the Application Guard Edge session? | +| **A:** | Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. | +
      -| | | -|---|----------------------------| -|**Q:** |How do I configure WDAG to work with my network proxy (IP-Literal Addresses)?| -|**A:** |WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher.| + +| | | +|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? | +| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. | +
      -| | | -|---|----------------------------| -|**Q:** |I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?| -|**A:** |This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature.| + +| | | +|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Which Input Method Editors (IME) in 19H1 are not supported? | +| **A:** | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in WDAG.
      Vietnam Telex keyboard
      Vietnam number key-based keyboard
      Hindi phonetic keyboard
      Bangla phonetic keyboard
      Marathi phonetic keyboard
      Telugu phonetic keyboard
      Tamil phonetic keyboard
      Kannada phonetic keyboard
      Malayalam phonetic keyboard
      Gujarati phonetic keyboard
      Odia phonetic keyboard
      Punjabi phonetic keyboard | +
      -| | | -|---|----------------------------| -|**Q:** |What is the WDAGUtilityAccount local account?| -|**A:** |This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.| + +| | | +|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? | +| **A:** | This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature. | + +
      + + +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | What is the WDAGUtilityAccount local account? | +| **A:** | This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. | + +
      + + +| | | +|--------|-----------------------------------------------------------------------------------------------| +| **Q:** | How do I trust a subdomain in my site list? | +| **A:** | To trust a subdomain, you must precede your domain with two dots, for example: ..contoso.com. | +
      diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 7bbb3edc4c..3f889598d3 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -6,15 +6,17 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 02/19/2019 +ms.reviewer: +manager: dansimp --- # Prepare to install Windows Defender Application Guard **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 1cb8fce44c..fc5d4ec5eb 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -6,14 +6,16 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 11/09/2017 +ms.reviewer: +manager: dansimp --- # System requirements for Windows Defender Application Guard -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. @@ -36,6 +38,6 @@ Your environment needs the following software to run Windows Defender Applicatio |Software|Description| |--------|-----------| -|Operating system|Windows 10 Enterprise edition, version 1709 or higher
      Windows 10 Professional edition, version 1803 or higher
      Windows 10 Professional for Workstations edition, version 1803 or higher
      Windows 10 Professional Education edition version 1803 or higher
      Windows 10 Education edition, version 1903 or higher| +|Operating system|Windows 10 Enterprise edition, version 1709 or higher
      Windows 10 Professional edition, version 1803 or higher
      Windows 10 Professional for Workstations edition, version 1803 or higher
      Windows 10 Professional Education edition version 1803 or higher
      Windows 10 Education edition, version 1903 or higher
      Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. | |Browser|Microsoft Edge and Internet Explorer| |Management system
      (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

      **-OR-**

      [System Center Configuration Manager](https://docs.microsoft.com/sccm/)

      **-OR-**

      [Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

      **-OR-**

      Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index 092d966221..3792441270 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -6,15 +6,17 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 03/15/2019 +ms.reviewer: +manager: dansimp --- # Application Guard testing scenarios -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. @@ -46,46 +48,46 @@ How to install, set up, turn on, and configure Application Guard for Enterprise- ### Install, set up, and turn on Application Guard Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. -1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard). +1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard). -2. Restart the device and then start Microsoft Edge. +2. Restart the device and then start Microsoft Edge. -3. Set up the Network Isolation settings in Group Policy: +3. Set up the Network Isolation settings in Group Policy: - a. Click on the **Windows** icon, type _Group Policy_, and then click **Edit Group Policy**. + a. Click on the **Windows** icon, type _Group Policy_, and then click **Edit Group Policy**. - b. Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting. + b. Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting. - c. For the purposes of this scenario, type _.microsoft.com_ into the **Enterprise cloud resources** box. + c. For the purposes of this scenario, type _.microsoft.com_ into the **Enterprise cloud resources** box. - ![Group Policy editor with Enterprise cloud resources setting](images/appguard-gp-network-isolation.png) + ![Group Policy editor with Enterprise cloud resources setting](images/appguard-gp-network-isolation.png) - d. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting. + d. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting. - e. For the purposes of this scenario, type _bing.com_ into the **Neutral resources** box. + e. For the purposes of this scenario, type _bing.com_ into the **Neutral resources** box. - ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) + ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) -4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting. +4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting. -5. Click **Enabled**, choose Option **1**, and click **OK**. +5. Click **Enabled**, choose Option **1**, and click **OK**. - ![Group Policy editor with Turn On/Off setting](images/appguard-gp-turn-on.png) + ![Group Policy editor with Turn On/Off setting](images/appguard-gp-turn-on.png) - >[!NOTE] - >Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario. + >[!NOTE] + >Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario. -6. Start Microsoft Edge and type _www.microsoft.com_. +6. Start Microsoft Edge and type www.microsoft.com. After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you’ve marked as trusted and shows the site directly on the host PC instead of in Application Guard. ![Trusted website running on Microsoft Edge](images/appguard-turned-on-with-trusted-site.png) -7. In the same Microsoft Edge browser, type any URL that isn’t part of your trusted or neutral site lists. +7. In the same Microsoft Edge browser, type any URL that isn’t part of your trusted or neutral site lists. - After you submit the URL, Application Guard determines the URL is untrusted and redirects the request to the hardware-isolated environment. + After you submit the URL, Application Guard determines the URL is untrusted and redirects the request to the hardware-isolated environment. - ![Untrusted website running in Application Guard](images/appguard-visual-cues.png) + ![Untrusted website running in Application Guard](images/appguard-visual-cues.png) ### Customize Application Guard Application Guard lets you specify your configuration, allowing you to create the proper balance between isolation-based security and productivity for your employees. diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 41cf3d2bd0..4aadf6d205 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -6,15 +6,17 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha -ms.author: justinha +author: dansimp +ms.author: dansimp ms.date: 03/28/2019 +ms.reviewer: +manager: dansimp --- # Windows Defender Application Guard overview -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? @@ -37,55 +39,70 @@ Application Guard has been created to target several types of systems: ## Frequently Asked Questions -| | | -|---|----------------------------| -|**Q:** |Can I enable Application Guard on machines equipped with 4GB RAM?| -|**A:** |We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | -||HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | -||HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB.| -||HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB.| +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can I enable Application Guard on machines equipped with 4GB RAM? | +| **A:** | We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB. | +| | HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB. | +
      -| | | -|---|----------------------------| -|**Q:** |Can employees download documents from the Application Guard Edge session onto host devices?| -|**A:** |In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

      In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device.| + +| | | +|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can employees download documents from the Application Guard Edge session onto host devices? | +| **A:** | In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

      In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. | +
      -| | | -|---|----------------------------| -|**Q:** |Can employees copy and paste between the host device and the Application Guard Edge session?| -|**A:** |Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container.| + +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Can employees copy and paste between the host device and the Application Guard Edge session? | +| **A:** | Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. | +
      -| | | -|---|----------------------------| -|**Q:** |Why don't employees see their Favorites in the Application Guard Edge session?| -|**A:** |To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device.| + +| | | +|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Why don't employees see their Favorites in the Application Guard Edge session? | +| **A:** | To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. | +
      -| | | -|---|----------------------------| -|**Q:** |Why aren’t employees able to see their Extensions in the Application Guard Edge session?| -|**A:** |Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this.| + +| | | +|--------|---------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Why aren’t employees able to see their Extensions in the Application Guard Edge session? | +| **A:** | Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. | +
      -| | | -|---|----------------------------| -|**Q:** |How do I configure WDAG to work with my network proxy (IP-Literal Addresses)?| -|**A:** |WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher.| + +| | | +|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? | +| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. | +
      -| | | -|---|----------------------------| -|**Q:** |I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?| -|**A:** |This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature.| + +| | | +|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? | +| **A:** | This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature. | +
      -| | | -|---|----------------------------| -|**Q:** |What is the WDAGUtilityAccount local account?| -|**A:** |This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.| + +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | What is the WDAGUtilityAccount local account? | +| **A:** | This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. | +
      ## Related topics diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md deleted file mode 100644 index cbe44720d3..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Alerts queue in Windows Defender Security Center -description: View and manage the alerts surfaced in Windows Defender Security Center -keywords: -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 09/03/2018 ---- - -# Alerts queue in Windows Defender Security Center -Learn how you can view and manage the queue so that you can effectively investigate threats seen on entities such as machines, files, or user accounts. - - -## In this section -Topic | Description -:---|:--- -[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | Shows a list of alerts that were flagged in your network. -[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert. -[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts that are affecting your network, understand what they mean, and how to resolve them. -[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)| Investigate the details of a file associated with a specific alert, behaviour, or event. -[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)| Investigate the details of a machine associated with a specific alert, behaviour, or event. -[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between machines in your network and external internet protocol (IP) addresses. -[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your network have been communicating with a known malicious domain. -[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) | Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. - - diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4520b214d1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: Windows Defender ATP alert API fields -description: Understand how the alert API fields map to the values in Windows Defender Security Center -keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/16/2017 ---- - -# Windows Defender ATP SIEM alert API fields - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) - -Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center. - - -## Alert API fields and portal mapping -The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal. - - -The ArcSight field column contains the default mapping between the Windows Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the needs of your organization. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). - -Field numbers match the numbers in the images below. - -> [!div class="mx-tableFixed"] -| Portal label | SIEM field name | ArcSight field | Example value | Description | -|------------------|---------------------------|---------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1 | AlertTitle | name | A dll was unexpectedly loaded into a high integrity process without a UAC prompt | Value available for every alert. | -| 2 | Severity | deviceSeverity | Medium | Value available for every alert. | -| 3 | Category | deviceEventCategory | Privilege Escalation | Value available for every alert. | -| 4 | Source | sourceServiceName | WindowsDefenderATP | Windows Defender Antivirus or Windows Defender ATP. Value available for every alert. | -| 5 | MachineName | sourceHostName | liz-bean | Value available for every alert. | -| 6 | FileName | fileName | Robocopy.exe | Available for alerts associated with a file or process. | -| 7 | FilePath | filePath | C:\Windows\System32\Robocopy.exe | Available for alerts associated with a file or process. | -| 8 | UserDomain | sourceNtDomain | contoso | The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts. | -| 9 | UserName | sourceUserName | liz-bean | The user context running the activity, available for Windows Defender ATP behavioral based alerts. | -| 10 | Sha1 | fileHash | 5b4b3985339529be3151d331395f667e1d5b7f35 | Available for alerts associated with a file or process. | -| 11 | Md5 | deviceCustomString5 | 55394b85cb5edddff551f6f3faa9d8eb | Available for Windows Defender AV alerts. | -| 12 | Sha256 | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5 | Available for Windows Defender AV alerts. | -| 13 | ThreatName | eviceCustomString1 | Trojan:Win32/Skeeyah.A!bit | Available for Windows Defender AV alerts. | -| 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | -| 15 | Url | requestUrl | down.esales360.cn | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | -| 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | -| 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | -| 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every alert. | -| 19 | LinkToWDATP | flexString1 | `https://securitycenter.windows.com/alert/636210704265059241_673569822` | Value available for every alert. | -| 20 | AlertTime | deviceReceiptTime | 2017-05-07T01:56:59.3191352Z | The time the activity relevant to the alert occurred. Value available for every alert. | -| 21 | MachineDomain | sourceDnsDomain | contoso.com | Domain name not relevant for AAD joined machines. Value available for every alert. | -| 22 | Actor | deviceCustomString4 | | Available for alerts related to a known actor group. | -| 21+5 | ComputerDnsName | No mapping | liz-bean.contoso.com | The machine fully qualified domain name. Value available for every alert. | -| | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available. | -| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. | -| | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. | -| Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved. | -| | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. | -| | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Windows Defender ATP'. | -| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions. - - -![Image of alert with numbers](images/atp-alert-page.png) - -![Image of alert details pane with numbers](images/atp-siem-mapping13.png) - -![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) - -![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) - -![Image machine view](images/atp-mapping6.png) - -![Image browser URL](images/atp-mapping5.png) - -![Image actor alert](images/atp-mapping7.png) - - -## Related topics -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/apis-intro.md b/windows/security/threat-protection/windows-defender-atp/apis-intro.md deleted file mode 100644 index d05ecd0f1b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/apis-intro.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Windows Defender Advanced Threat Protection API overview -description: Learn how you can use APIs to automate workflows and innovate based on Windows Defender ATP capabilities -keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Windows Defender ATP API overview - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). - -In general, you’ll need to take the following steps to use the APIs: -- Create an AAD application -- Get an access token using this application -- Use the token to access Windows Defender ATP API - - -You can access Windows Defender ATP API with **Application Context** or **User Context**. - -- **Application Context: (Recommended)**
      - Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons. - - Steps that need to be taken to access Windows Defender ATP API with application context: - - 1. Create an AAD Web-Application. - 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. - 3. Create a key for this Application. - 4. Get token using the application with its key. - 5. Use the token to access Windows Defender ATP API - - For more information, see [Get access with application context](exposed-apis-create-app-webapp.md). - - -- **User Context:**
      - Used to perform actions in the API on behalf of a user. - - Steps that needs to be taken to access Windows Defender ATP API with application context: - 1. Create AAD Native-Application. - 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. - 3. Get token using the application with user credentials. - 4. Use the token to access Windows Defender ATP API - - For more information, see [Get access with user context](exposed-apis-create-app-nativeapp.md). - - -## Related topics -- [Windows Defender ATP APIs](exposed-apis-list.md) -- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md) -- [Access Windows Defender ATP with user context](exposed-apis-create-app-nativeapp.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md deleted file mode 100644 index bc87a4503f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Assign user access to Windows Defender Security Center -description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal. -keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/28/2018 ---- - -# Assign user access to Windows Defender Security Center - -**Applies to:** -- Azure Active Directory -- Office 365 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) - -Windows Defender ATP supports two ways to manage permissions: - -- **Basic permissions management**: Set permissions to either full access or read-only. -- **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md). - -> [!NOTE] ->If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch: - ->- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Windows Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Windows Defender ATP administrator role after switching to RBAC. Only users assigned to the Windows Defender ATP administrator role can manage permissions using RBAC. ->- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC. ->- After switching to RBAC, you will not be able to switch back to using basic permissions management. - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink) - -## Related topic -- [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md) -- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a86ee0b027..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Experience Windows Defender ATP through simulated attacks -description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches. -keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: lomayor -author: lomayor -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/20/2018 ---- - -# Experience Windows Defender ATP through simulated attacks - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) - ->[!TIP] ->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). ->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). - - -You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response. - -## Before you begin - -To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md). - -Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario. - -## Run a simulation - -1. In **Help** > **Simulations & tutorials**, select which of the available attack scenarios you would like to simulate: - - - **Scenario 1: Document drops backdoor** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control. - - - **Scenario 2: PowerShell script in fileless attack** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and machine learning detection of malicious memory activity. - - - **Scenario 3: Automated incident response** - triggers Automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity. - -2. Download and read the corresponding walkthrough document provided with your selected scenario. - -3. Download the simulation file or copy the simulation script by navigating to **Help** > **Simulations & tutorials**. You can choose to download the file or script on the test machine but it's not mandatory. - -4. Run the simulation file or script on the test machine as instructed in the walkthrough document. - ->[!NOTE] ->Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine. - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink) - - -## Related topics -- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) -- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md deleted file mode 100644 index d418764a45..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Configure HP ArcSight to pull Windows Defender ATP alerts -description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center -keywords: configure hp arcsight, security information and events management tools, arcsight -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/20/2018 ---- - -# Configure HP ArcSight to pull Windows Defender ATP alerts - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) - -You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Windows Defender ATP alerts. - -## Before you begin -Configuring the HP ArcSight Connector tool requires several configuration files for it to pull and parse alerts from your Azure Active Directory (AAD) application. - -This section guides you in getting the necessary information to set and use the required configuration files correctly. - -- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). - -- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values: - - OAuth 2.0 Token refresh URL - - OAuth 2.0 Client ID - - OAuth 2.0 Client secret - -- Have the following configuration files ready: - - WDATP-connector.properties - - WDATP-connector.jsonparser.properties - - You would have saved a .zip file which contains these two files when you chose HP ArcSight as the SIEM type you use in your organization. - -- Make sure you generate the following tokens and have them ready: - - Access token - - Refresh token - - You can generate these tokens from the **SIEM integration** setup section of the portal. - -## Install and configure HP ArcSight FlexConnector -The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). - -1. Install the latest 32-bit Windows FlexConnector installer. You can find this in the HPE Software center. The tool is typically installed in the following default location: `C:\Program Files\ArcSightFlexConnectors\current\bin`.

      You can choose where to save the tool, for example C:\\*folder_location*\current\bin where *folder_location* represents the installation location. - -2. Follow the installation wizard through the following tasks: - - Introduction - - Choose Install Folder - - Choose Install Set - - Choose Shortcut Folder - - Pre-Installation Summary - - Installing... - - You can keep the default values for each of these tasks or modify the selection to suit your requirements. - -3. Open File Explorer and locate the two configuration files you saved when you enabled the SIEM integration feature. Put the two files in the FlexConnector installation location, for example: - - - WDATP-connector.jsonparser.properties: C:\\*folder_location*\current\user\agent\flexagent\ - - - WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\ - - NOTE: - You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. - -4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. - -5. Select Type: **ArcSight FlexConnector REST** and click **Next**. - -6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank. - - - - - - - - - - - - - - - - - - - - - - - - -
      FieldValue
      Configuration FileType in the name of the client property file. The name must match the file provided in the .zip that you downloaded. - For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file.
      Events URLDepending on the location of your datacenter, select either the EU or the US URL:

      **For EU**: https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
      -
      **For US:** https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME

      **For UK**: https://wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
      Authentication TypeOAuth 2
      OAuth 2 Client Properties fileBrowse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.
      Refresh TokenYou can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.

      For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).

      **Get your refresh token using the restutil tool:**
      a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool.

      b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open.

      c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials.

      d. A refresh token is shown in the command prompt.

      e. Copy and paste it into the **Refresh Token** field. -
      -7. A browser window is opened by the connector. Login with your application credentials. After you log in, you'll be asked to give permission to your OAuth2 Client. You must give permission to your OAuth 2 Client so that the connector configuration can authenticate.

      -If the `redirect_uri` is a https URL, you'll be redirected to a URL on the local host. You'll see a page that requests for you to trust the certificate supplied by the connector running on the local host. You'll need to trust this certificate if the redirect_uri is a https.

      If however you specify a http URL for the redirect_uri, you do not need to provide consent in trusting the certificate. - -8. Continue with the connector setup by returning to the HP ArcSight Connector Setup window. - -9. Select the **ArcSight Manager (encrypted)** as the destination and click **Next**. - -10. Type in the destination IP/hostname in **Manager Hostname** and your credentials in the parameters form. All other values in the form should be retained with the default values. Click **Next**. - -11. Type in a name for the connector in the connector details form. All other values in the form are optional and can be left blank. Click **Next**. - -11. The ESM Manager import certificate window is shown. Select **Import the certificate to connector from destination** and click **Next**. The **Add connector Summary** window is displayed and the certificate is imported. - -12. Verify that the details in the **Add connector Summary** window is correct, then click **Next**. - -13. Select **Install as a service** and click **Next**. - -14. Type a name in the **Service Internal Name** field. All other values in the form can be retained with the default values or left blank . Click **Next**. - -13. Type in the service parameters and click **Next**. A window with the **Install Service Summary** is shown. Click **Next**. - -14. Finish the installation by selecting **Exit** and **Next**. - -## Install and configure the HP ArcSight console -1. Follow the installation wizard through the following tasks: - - Introduction - - License Agreement - - Special Notice - - Choose ArcSight installation directory - - Choose Shortcut Folder - - Pre-Installation Summary - -2. Click **Install**. After the installation completes, the ArcSight Console Configuration Wizard opens. - -3. Type localhost in **Manager Host Name** and 8443 in **Manager Port** then click **Next**. - -4. Select **Use direct connection**, then click **Next**. - -5. Select **Password Based Authentication**, then click **Next**. - -6. Select **This is a single user installation. (Recommended)**, then click **Next**. - -7. Click **Done** to quit the installer. - -8. Login to the HP ArcSight console. - -9. Navigate to **Active channel set** > **New Condition** > **Device** > **Device Product**. - -10. Set **Device Product = Windows Defender ATP**. When you've verified that events are flowing to the tool, stop the process again and go to Windows Services and start the ArcSight FlexConnector REST. - -You can now run queries in the HP ArcSight console. - -Windows Defender ATP alerts will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name. - - -## Troubleshooting HP ArcSight connection -**Problem:** Failed to refresh the token. You can find the log located in C:\\*folder_location*\current\logs where *folder_location* represents the location where you installed the tool. Open _agent.log_ and look for `ERROR/FATAL/WARN`. - -**Symptom:** You get the following error message: - -`Failed to refresh the token. Set reauthenticate to true: com.arcsight.common.al.e: Failed to refresh access token: status=HTTP/1.1 400 Bad Request FATAL EXCEPTION: Could not refresh the access token` - -**Solution:** -1. Stop the process by clicking Ctrl + C on the Connector window. Click **Y** when asked "Terminate batch job Y/N?". -2. Navigate to the folder where you stored the WDATP-connector.properties file and edit it to add the following value: -`reauthenticate=true`. - -3. Restart the connector by running the following command: `arcsight.bat connectors`. - - A browser window appears. Allow it to run, it should disappear, and the connector should now be running. - -> [!NOTE] -> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear. - -## Related topics -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md deleted file mode 100644 index cd5b2e9c98..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Onboard non-Windows machines to the Windows Defender ATP service -description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service. -keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Onboard non-Windows machines - -**Applies to:** - -- macOS -- Linux -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) - - - -Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. - -You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. - - - -## Onboarding non-Windows machines -You'll need to take the following steps to onboard non-Windows machines: -1. Select your preferred method of onboarding: - - - For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac). - - For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**. - - 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. - - 2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices. - - 3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page. - - 4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require. - - -2. Run a detection test by following the instructions of the third-party solution. - -## Offboard non-Windows machines - -1. Follow the third-party's documentation to disconnect the third-party solution from Windows Defender ATP. - -2. Remove permissions for the third-party solution in your Azure AD tenant. - 1. Sign in to the [Azure portal](https://portal.azure.com). - 2. Select **Azure Active Directory > Enterprise Applications**. - 3. Select the application you'd like to offboard. - 4. Select the **Delete** button. - - -## Related topics -- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) -- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) -- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) -- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md deleted file mode 100644 index dc4a53e6ea..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Onboard Windows 10 machines on Windows Defender ATP -description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor -keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 07/12/2018 ---- - -# Onboard Windows 10 machines - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - -Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization. - -The following deployment tools and methods are supported: - -- Group Policy -- System Center Configuration Manager -- Mobile Device Management (including Microsoft Intune) -- Local script - -## In this section -Topic | Description -:---|:--- -[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on machines. -[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines. -[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine. -[Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints. -[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines. - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 239c4d95db..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Pull alerts to your SIEM tools from Windows Defender Advanced Threat Protection -description: Learn how to use REST API and configure supported security information and events management tools to receive and pull alerts. -keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/16/2017 ---- - -# Pull alerts to your SIEM tools - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) - -## Pull alerts using security information and events management (SIEM) tools -Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. - - -Windows Defender ATP currently supports the following SIEM tools: - -- Splunk -- HP ArcSight - -To use either of these supported SIEM tools you'll need to: - -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- Configure the supported SIEM tool: - - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) - - [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) - -For more information on the list of fields exposed in the alerts API see, [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md). - - -## Pull Windows Defender ATP alerts using REST API -Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API. - -For more information, see [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md). - - -## In this section - -Topic | Description -:---|:--- -[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools. -[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts. -[Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts. -[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center. -[Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API. -[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md deleted file mode 100644 index baf0a25a95..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Configure Splunk to pull Windows Defender ATP alerts -description: Configure Splunk to receive and pull alerts from Windows Defender Security Center. -keywords: configure splunk, security information and events management tools, splunk -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/16/2017 ---- - -# Configure Splunk to pull Windows Defender ATP alerts - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) - -You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. - -## Before you begin - -- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk. -- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - -- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values: - - OAuth 2 Token refresh URL - - OAuth 2 Client ID - - OAuth 2 Client secret - -- Have the refresh token that you generated from the SIEM integration feature ready. - -## Configure Splunk - -1. Login in to Splunk. - -2. Click **Search & Reporting**, then **Settings** > **Data inputs**. - -3. Click **REST** under **Local inputs**. - - NOTE: - This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). - -4. Click **New**. - -5. Type the following values in the required fields, then click **Save**: - - NOTE: - All other values in the form are optional and can be left blank. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      FieldValue
      Endpoint URLDepending on the location of your datacenter, select any of the following URL:

      **For EU**: `https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts`

      **For US:**` https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts`

      **For UK:**` https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts` -
      HTTP MethodGET
      Authentication Typeoauth2
      OAuth 2 Access tokenUse the value that you generated when you enabled the SIEM integration feature.

      NOTE: The access token expires after an hour.
      OAuth 2 Refresh TokenUse the value that you generated when you enabled the **SIEM integration** feature.
      OAuth 2 Token Refresh URLUse the value from the details file you saved when you enabled the **SIEM integration** feature.
      OAuth 2 Client IDUse the value from the details file you saved when you enabled the **SIEM integration** feature.
      OAuth 2 Client SecretUse the value from the details file you saved when you enabled the **SIEM integration** feature.
      Response typeJson
      Response HandlerJSONArrayHandler
      Polling IntervalNumber of seconds that Splunk will ping the Windows Defender ATP machine. Accepted values are in seconds.
      Set sourcetypeManual
      Source type\_json
      - -After completing these configuration steps, you can go to the Splunk dashboard and run queries. - -## View alerts using Splunk solution explorer -Use the solution explorer to view alerts in Splunk. - -1. In Splunk, go to **Settings** > **Searchers, reports, and alerts**. - -2. Select **New**. - -3. Enter the following details: - - Destination app: Select Search & Reporting (search) - - Search name: Enter a name for the query - - Search: Enter a query, for example:
      - `source="rest://windows atp alerts"|spath|table*` - - Other values are optional and can be left with the default values. -4. Click **Save**. The query is saved in the list of searches. - -5. Find the query you saved in the list and click **Run**. The results are displayed based on your query. - - ->[!TIP] -> To mininimize alert duplications, you can use the following query: ->```source="rest://windows atp alerts" | spath | dedup _raw | table *``` - -## Related topics -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) -- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 8a393d5b81..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Update data retention settings for Windows Defender Advanced Threat Protection -description: Update data retention settings by selecting between 30 days to 180 days. -keywords: data, storage, settings, retention, update -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 04/24/2018 ---- -# Update data retention settings for Windows Defender ATP - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink) - -During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update the data retention settings. - -1. In the navigation pane, select **Settings** > **Data rention**. - -2. Select the data retention duration from the drop-down list. - - > [!NOTE] - > Other settings are not editable. - -3. Click **Save preferences**. - - -## Related topics -- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md) -- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) -- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md) -- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5050e3dcb1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Windows Defender Antivirus compatibility with Windows Defender ATP -description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used. -keywords: windows defender compatibility, defender, windows defender atp -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 04/24/2018 ---- - -# Windows Defender Antivirus compatibility with Windows Defender ATP - -**Applies to:** - - -- Windows Defender -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink) - -The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. - ->[!IMPORTANT] ->Windows Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. - -You must configure Security intelligence updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). - -If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. - -Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. - -The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options. - -For more information, see the [Windows Defender Antivirus and Windows Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). diff --git a/windows/security/threat-protection/windows-defender-atp/deprecate.md b/windows/security/threat-protection/windows-defender-atp/deprecate.md deleted file mode 100644 index fe73a4d416..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/deprecate.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -ms.date: 10/17/2018 ---- ->[!WARNING] - - -> This page documents a feature that will soon be deprecated. For the updated and supported version, see [Use the Windows Defender ATP APIs](use-apis.md). \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f49caf3929..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,350 +0,0 @@ ---- -title: Review events and errors using Event Viewer -description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service. -keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 05/21/2018 ---- - - -# Review events and errors using Event Viewer - -**Applies to:** - -- Event Viewer - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - -You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual machines. - -For example, if machines are not appearing in the **Machines list**, you might need to look for event IDs on the machines. You can then use this table to determine further troubleshooting steps. - -> [!NOTE] -> It can take several days for machines to begin reporting to the Windows Defender ATP service. - -**Open Event Viewer and find the Windows Defender ATP service event log:** - -1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**. - -2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to - open the log. - - a. You can also access the log by expanding **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE** and click on **Operational**. - - > [!NOTE] - > SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. - -3. Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Event IDMessageDescriptionAction
      1Windows Defender Advanced Threat Protection service started (Version ```variable```).Occurs during system start up, shut down, and during onbboarding.Normal operating notification; no action required.
      2Windows Defender Advanced Threat Protection service shutdown.Occurs when the machine is shut down or offboarded.Normal operating notification; no action required.
      3Windows Defender Advanced Threat Protection service failed to start. Failure code: ```variable```.Service did not start.Review other messages to determine possible cause and troubleshooting steps.
      4Windows Defender Advanced Threat Protection service contacted the server at ```variable```.Variable = URL of the Windows Defender ATP processing servers.
      -This URL will match that seen in the Firewall or network activity.      		Normal operating notification; no action required.
      5Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```.Variable = URL of the Windows Defender ATP processing servers.
      -The service could not contact the external processing servers at that URL.      		Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).
      6Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.The machine did not onboard correctly and will not be reporting to the portal.Onboarding must be run before starting the service.
      -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      7Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.Variable = detailed error description. The machine did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      8Windows Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```.**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues.

      **During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running. -       		**Onboarding:** No action required.

      **Offboarding:** Reboot the system.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      9Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.**During onboarding:** The machine did not onboard correctly and will not be reporting to the portal.

      **During offboarding:** Failed to change the service start type. The offboarding process continues.       		Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      10Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.The machine did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      11Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed.The machine onboarded correctly.Normal operating notification; no action required.
      -It may take several hours for the machine to appear in the portal.
      12Windows Defender Advanced Threat Protection failed to apply the default configuration.Service was unable to apply the default configuration.This error should resolve after a short period of time.
      13Windows Defender Advanced Threat Protection machine ID calculated: ```variable```.Normal operating process.Normal operating notification; no action required.
      15Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable```.Variable = URL of the Windows Defender ATP processing servers.
      -The service could not contact the external processing servers at that URL.      		Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).
      17Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```.An error occurred with the Windows telemetry service.[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).
      -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      18OOBE (Windows Welcome) is completed.Service will only start after any Windows updates have finished installing.Normal operating notification; no action required.
      19OOBE (Windows Welcome) has not yet completed.Service will only start after any Windows updates have finished installing.Normal operating notification; no action required.
      -If this error persists after a system restart, ensure all Windows updates have full installed.
      20Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable```.Internal error.If this error persists after a system restart, ensure all Windows updates have full installed.
      25Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.The machine did not onboard correctly. -It will report to the portal, however the service may not appear as registered in SCCM or the registry.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      26Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.The machine did not onboard correctly.
      -It will report to the portal, however the service may not appear as registered in SCCM or the registry.      		Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      27Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```.Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      -Ensure real-time antimalware protection is running properly.
      28Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```.An error occurred with the Windows telemetry service.[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
      -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      29Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 This event occurs when the system can't read the offboarding parameters.Ensure the machine has Internet access, then run the entire offboarding process again.
      30Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```.Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
      -Ensure real-time antimalware protection is running properly.
      31Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```.An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
      32Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1An error occurred during offboarding.Reboot the machine.
      33Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.A unique identifier is used to represent each machine that is reporting to the portal.
      -If the identifier does not persist, the same machine might appear twice in the portal.      		Check registry permissions on the machine to ensure the service can update the registry.
      34Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```.An error occurred with the Windows telemetry service.[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
      -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
      -See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
      35Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```.An error occurred with the Windows telemetry service during offboarding. The offboarding process continues. -Check for errors with the Windows diagnostic data service.
      36Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration succeeded. Completion code: ```variable```.Registering Windows Defender Advanced Threat Protection with the Connected User Experiences and Telemetry service completed successfully.Normal operating notification; no action required.
      37Windows Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.The machine has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.Normal operating notification; no action required.
      38Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.The machine is using a metered/paid network and will be contacting the server less frequently.Normal operating notification; no action required.
      39Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.The machine is not using a metered/paid connection and will contact the server as usual.Normal operating notification; no action required.
      40Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.The machine has low battery level and will contact the server less frequently.Normal operating notification; no action required.
      41Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.The machine doesn’t have low battery level and will contact the server as usual.Normal operating notification; no action required.
      42Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4Internal error. The service failed to start.If this error persists, contact Support.
      43Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5Internal error. The service failed to start.If this error persists, contact Support.
      44Offboarding of Windows Defender Advanced Threat Protection service completed.The service was offboarded.Normal operating notification; no action required.
      45Failed to register and to start the event trace session [%1]. Error code: %2An error occurred on service startup while creating ETW session. This caused service start-up failure.If this error persists, contact Support.
      46Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute.An error occurred on service startup while creating ETW session due to lack of resources. The service started and is running, but will not report any sensor event until the ETW session is started.Normal operating notification; no action required. The service will try to start the session every minute.
      47Successfully registered and started the event trace session - recovered after previous failed attempts.This event follows the previous event after successfully starting of the ETW session.Normal operating notification; no action required.
      48Failed to add a provider [%1] to event trace session [%2]. Error code: %3. This means that events from this provider will not be reported.Failed to add a provider to ETW session. As a result, the provider events aren’t reported.Check the error code. If the error persists contact Support.
      - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink) - -## Related topics -- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) -- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) -- [Troubleshoot Windows Defender ATP](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md deleted file mode 100644 index d26d9ddb56..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md +++ /dev/null @@ -1,245 +0,0 @@ ---- -title: Create an app to access Windows Defender ATP without a user -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 09/03/2018 ---- - -# Create an app to access Windows Defender ATP without a user - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - - -This page describes how to create an application to get programmatic access to Windows Defender ATP without a user. - -If you need programmatic access Windows Defender ATP on behalf of a user, see [Get access wtih user context](exposed-apis-create-app-nativeapp.md) - -If you are not sure which access you need, see [Get started](apis-intro.md). - -Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). - -In general, you’ll need to take the following steps to use the APIs: -- Create an AAD application -- Get an access token using this application -- Use the token to access Windows Defender ATP API - -This page explains how to create an AAD application, get an access token to Windows Defender ATP and validate the token. - -## Create an app - -1. Log on to [Azure](https://portal.azure.com) with user that has Global Administrator role. - -2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. - - ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) - -3. In the Create window, enter the following information then click **Create**. - - ![Image of Create application window](images/webapp-create.png) - - - **Name:** Choose your own name. - - **Application type:** Web app / API - - **Redirect URI:** `https://127.0.0.1` - - -4. Click **Settings** > **Required permissions** > **Add**. - - ![Image of new app in Azure](images/webapp-add-permission.png) - -5. Click **Select an API** > **WindowsDefenderATP**, then click **Select**. - - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - - ![Image of API access and API selection](images/webapp-add-permission-2.png) - -6. Click **Select permissions** > **Check the desired permissions** > **Select**. - - **Important note**: You need to select the relevant permissions. 'Run advanced queries' is only an example! - - For instance, - - - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission - - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - - ![Image of select permissions](images/webapp-select-permission.png) - -7. Click **Done** - - ![Image of add permissions completion](images/webapp-add-permission-end.png) - -8. Click **Grant permissions** - - In order to add the new selected permissions to the app, the Admin's tenant must press on the **Grant permissions** button. - - If in the future you will want to add more permission to the app, you will need to press on the **Grant permissions** button again so the changes will take effect. - - ![Image of Grant permissions](images/webapp-grant-permissions.png) - -9. Click **Keys**, type a key name and click **Save**. - - **Important**: After you save, **copy the key value**. You won't be able to retrieve after you leave! - - ![Image of create app key](images/webapp-create-key.png) - -10. Write down your application ID. - - ![Image of created app id](images/webapp-app-id1.png) - -11. **For Windows Defender ATP Partners only** - Set your application to be multi-tenanted - - This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant). - - This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data)​ - - Click **Properties** > **Yes** > **Save**. - - ![Image of multi tenant](images/webapp-edit-multitenant.png) - - - Application consent for your multi-tenant App: - - You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with Windows Defender ATP application on behalf of your customer. - - You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory. - - Consent link is of the form: - - ``` - https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true​ - ``` - - where 00000000-0000-0000-0000-000000000000​ should be replaced with your Azure application ID - - -- **Done!** You have successfully registered an application! -- See examples below for token acquisition and validation. - -## Get an access token examples: - -For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds) - -### Using PowerShell - -``` -# That code gets the App Context Token and save it to a file named "Latest-token.txt" under the current directory -# Paste below your Tenant ID, App ID and App Secret (App key). - -$tenantId = '' ### Paste your tenant ID here -$appId = '' ### Paste your app ID here -$appSecret = '' ### Paste your app key here - -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" -$authBody = [Ordered] @{ - resource = "$resourceAppIdUri" - client_id = "$appId" - client_secret = "$appSecret" - grant_type = 'client_credentials' -} -$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop -$token = $authResponse.access_token -Out-File -FilePath "./Latest-token.txt" -InputObject $token -return $token - -``` - -### Using C#: - ->The below code was tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8 - -- Create a new Console Application -- Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/) -- Add the below using - - ``` - using Microsoft.IdentityModel.Clients.ActiveDirectory; - ``` - -- Copy/Paste the below code in your application (do not forget to update the 3 variables: ```tenantId, appId, appSecret```) - - ``` - string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here - string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here - string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! - - const string authority = "https://login.windows.net"; - const string wdatpResourceId = "https://api.securitycenter.windows.com"; - - AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); - ClientCredential clientCredential = new ClientCredential(appId, appSecret); - AuthenticationResult authenticationResult = auth.AcquireTokenAsync(wdatpResourceId, clientCredential).GetAwaiter().GetResult(); - string token = authenticationResult.AccessToken; - ``` - - -### Using Python - -Refer to [Get token using Python](run-advanced-query-sample-python.md#get-token) - -### Using Curl - -> [!NOTE] -> The below procedure supposed Curl for Windows is already installed on your computer - -- Open a command window -- ​Set CLIENT_ID to your Azure application ID -- Set CLIENT_SECRET to your Azure application secret -- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Windows Defender ATP application -- Run the below command: - -``` -curl -i -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials" -d "client_id=%CLIENT_ID%" -d "scope=https://securitycenter.onmicrosoft.com/windowsatpservice​/.default" -d "client_secret=%CLIENT_SECRET%" "https://login.microsoftonline.com/%TENANT_ID​%/oauth2/v2.0/token" -k​ -``` - -You will get an answer of the form: - -``` -{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn aWReH7P0s0tjTBX8wGWqJUdDA"} -``` - -## Validate the token - -Sanity check to make sure you got a correct token: -- Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it -- Validate you get a 'roles' claim with the desired permissions -- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Windows Defender ATP's roles: - -![Image of token validation](images/webapp-decoded-token.png) - -## Use the token to access Windows Defender ATP API - -- Choose the API you want to use, for more information, see [Supported Windows Defender ATP APIs](exposed-apis-list.md) -- Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme) -- The Expiration time of the token is 1 hour (you can send more then one request with the same token) - -- Example of sending a request to get a list of alerts **using C#** - ``` - var httpClient = new HttpClient(); - - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); - - request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); - - var response = httpClient.SendAsync(request).GetAwaiter().GetResult(); - - // Do something useful with the response - ``` - -## Related topics -- [Supported Windows Defender ATP APIs](exposed-apis-list.md) -- [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md deleted file mode 100644 index d09e702dfd..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Get domain related alerts API -description: Retrieves a collection of alerts related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, alerts -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Get domain related alerts API -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Retrieves a collection of alerts related to a given domain address. - -## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) - -Permission type | Permission | Permission display name -:---|:---|:--- -Application | Alert.Read.All | 'Read all alerts' -Application | Alert.ReadWrite.All | 'Read and write all alerts' -Delegated (work or school account) | Alert.Read | 'Read alerts' -Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' - ->[!Note] -> When obtaining a token using user credentials: ->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information) ->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information) - -## HTTP request -``` -GET /api/domains/{domain}/alerts -``` - -## Request headers - -Header | Value -:---|:---|:--- -Authorization | String | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -[!include[Improve request performance](improverequestperformance-new.md)] - -``` -GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts -``` - -**Response** - -Here is an example of the response. - -``` -HTTP/1.1 200 OK -Content-type: application/json - -{ - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", - "value": [ - { - "id": "441688558380765161_2136280442", - "incidentId": 8633, - "assignedTo": "secop@contoso.com", - "severity": "Low", - "status": "InProgress", - "classification": "TruePositive", - "determination": "Malware", - "investigationState": "Running", - "category": "MalwareDownload", - "detectionSource": "WindowsDefenderAv", - "threatFamilyName": "Mikatz", - "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description", - "alertCreationTime": "2018-11-25T16:19:21.8409809Z", - "firstEventTime": "2018-11-25T16:17:50.0948658Z", - "lastEventTime": "2018-11-25T16:18:01.809871Z", - "resolvedTime": null, - "machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337" - }, - { - "id": "121688558380765161_2136280442", - "incidentId": 4123, - "assignedTo": "secop@contoso.com", - "severity": "Low", - "status": "InProgress", - "classification": "TruePositive", - "determination": "Malware", - "investigationState": "Running", - "category": "MalwareDownload", - "detectionSource": "WindowsDefenderAv", - "threatFamilyName": "Mikatz", - "title": "Windows Defender AV detected 'Mikatz', high-severity malware", - "description": "Some description", - "alertCreationTime": "2018-11-24T16:19:21.8409809Z", - "firstEventTime": "2018-11-24T16:17:50.0948658Z", - "lastEventTime": "2018-11-24T16:18:01.809871Z", - "resolvedTime": null, - "machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337" - } - ] -} -``` - diff --git a/windows/security/threat-protection/windows-defender-atp/get-started.md b/windows/security/threat-protection/windows-defender-atp/get-started.md deleted file mode 100644 index f3b11e8133..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-started.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Get started with Windows Defender Advanced Threat Protection -description: Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP. -keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 11/20/2018 ---- - -# Get started with Windows Defender Advanced Threat Protection -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->[!TIP] ->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). ->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). - -Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP. - -The following capabilities are available across multiple products that make up the Windows Defender ATP platform. - -**Threat & Vulnerability Management**
      -Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. - -**Attack surface reduction**
      -The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. - -**Next generation protection**
      -To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats. - -**Endpoint detection and response**
      -Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. - -**Auto investigation and remediation**
      -In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - -**Secure score**
      -Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network. - -**Microsoft Threat Experts**
      -Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. - -**Advanced hunting**
      -Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. - -**Management and APIs**
      -Integrate Windows Defender Advanced Threat Protection into your existing workflows. - -**Microsoft threat protection**
      -Bring the power of Microsoft Threat Protection to your organization. - -## In this section -Topic | Description -:---|:--- -[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. -[Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time. -[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. -[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP. -[Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC). -[Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out. -[Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. diff --git a/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png b/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png deleted file mode 100644 index 750bd6e459..0000000000 Binary files a/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png and /dev/null differ diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md deleted file mode 100644 index 1a769c409b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Incidents queue in Windows Defender ATP -description: -keywords: incidents, aggregate, investigations, queue, ttp -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Incidents in Windows Defender ATP -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - -When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations. - -Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. - - -## In this section - -Topic | Description -:---|:--- -[View and organize the Incidents queue](view-incidents-queue.md)| See the list of incidents and learn how to apply filters to limit the list and get a more focused view. -[Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions. -[Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)| See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident. - - diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md deleted file mode 100644 index a8696ec1d9..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Configure information protection in Windows -description: Learn how to expand the coverage of WIP to protect files based on their label, regardless of their origin. -keywords: information, protection, data, loss, prevention, wip, policy, scc, compliance, labels, dlp -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/05/2018 ---- - -# Configure information protection in Windows -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin. - ->[!TIP] -> Read our blog post about how [Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/). - -## Prerequisites -- Endpoints need to be on Windows 10, version 1809 or later -- You'll need the appropriate license to leverage the Windows Defender ATP and Azure Information Protection integration -- Your tenant needs to be onboarded to Azure Information Protection analytics, for more information see, [Configure a Log Analytics workspace for the reports](https://docs.microsoft.comazure/information-protection/reports-aip#configure-a-log-analytics-workspace-for-the-reports) - - -## Configuration steps -1. Define a WIP policy and assign it to the relevant devices. For more information, see [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). If WIP is already configured on the relevant devices, skip this step. -2. Define which labels need to get WIP protection in Office 365 Security and Compliance. - - 1. Go to: **Classifications > Labels**. - 2. Create a new label or edit an existing one. - 3. In the configuration wizard, go to 'Data loss prevention' tab and enable WIP. - - ![Image of Office 365 Security and Compliance sensitivity label](images/office-scc-label.png) - - 4. Repeat for every label that you want to get WIP applied to in Windows. - -After completing these steps Windows Defender ATP will automatically identify labeled documents stored on the device and enable WIP on them. - ->[!NOTE] ->- The Windows Defender ATP configuration is pulled every 15 minutes. Allow up to 30 minutes for the new policy to take effect and ensure that the endpoint is online. Otherwise, it will not receive the policy. ->- Data forwarded to Azure Information Protection is stored in the same location as your other Azure Information Protection data. - -## Related topic -- [Information protection in Windows overview](information-protection-in-windows-overview.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md deleted file mode 100644 index be963a981f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Information protection in Windows overview -description: Learn about how information protection works in Windows to identify and protect sensitive information -keywords: information, protection, dlp, wip, data, loss, prevention, protect -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Information protection in Windows overview -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -[!include[Prerelease information](prerelease.md)] - -Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. - - -Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. - ->[!TIP] -> Read our blog post about how [Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/). - - -Windows Defender ATP applies two methods to discover and protect data: -- **Data discovery** - Identify sensitive data on Windows devices at risk -- **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label - - -## Data discovery -Windows Defender ATP automatically discovers files with sensitivity labels on Windows devices when the feature is enabled. You can enable the Azure Information Protection integration feature from Windows Defender Security Center. For more information, see [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md#azure-information-protection). - - -![Image of settings page with Azure Information Protection](images/atp-settings-aip.png) - -After enabling the Azure Information Protection integration, data discovery signals are immediately forwarded to Azure Information Protection from the device. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically reports the signal to Azure Information Protection. - -The reported signals can be viewed on the Azure Information Protection - Data discovery dashboard. - -### Azure Information Protection - Data discovery dashboard -This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and Azure Information Protection. Data from Windows Defender ATP is marked with Location Type - Endpoint. - -![Image of Azure Information Protection - Data discovery](images/azure-data-discovery.png) - - -Notice the Device Risk column on the right, this device risk is derived directly from Windows Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Windows Defender ATP. - -Clicking the device risk level will redirect you to the device page in Windows Defender ATP, where you can get a comprehensive view of the device security status and its active alerts. - - ->[!NOTE] ->Windows Defender ATP does not currently report the Information Types. - -### Log Analytics -Data discovery based on Windows Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data. - -For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). - -Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic). - -To view Windows Defender ATP data, perform a query that contains: - - -``` -InformationProtectionLogs_CL -| where Workload_s == "Windows Defender" -``` - -**Prerequisites:** -- Customers must have a subscription for Azure Information Protection. -- Enable Azure Information Protection integration in Windows Defender Security Center: - - Go to **Settings** in Windows Defender Security Center, click on **Advanced Settings** under **General**. - - -## Data protection -For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office Security and Compliance (SCC). Windows Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them. - - -When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Windows Defender ATP is the Data loss prevention. You'll need to turn on the Data loss prevention and select Enable Windows end point protection (DLP for devices). - - -![Image of Office 365 Security and Compliance sensitivity label](images/office-scc-label.png) - -Once, the policy is set and published, Windows Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. - -This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin. - -For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md). - - -## Related topics -- [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 2b9d2d90f5..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,182 +0,0 @@ ---- -title: Investigate machines in the Windows Defender ATP Machines list -description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health. -keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 09/18/2018 ---- - -# Investigate machines in the Windows Defender ATP Machines list - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) - -## Investigate machines -Investigate the details of an alert raised on a specific machine to identify other behaviors or events that might be related to the alert or the potential scope of breach. - -You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas: - -- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) -- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) -- The [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) -- Any individual alert -- Any individual file details view -- Any IP address or domain details view - -When you investigate a specific machine, you'll see: -- Machine details, Logged on users, Machine risk, and Machine Reporting -- Alerts related to this machine -- Machine timeline - -![Image of machine view](images/atp-azure-atp-machine.png) - -The machine details, logged on users, machine risk, and machine reporting sections display various attributes about the machine. - -**Machine details**
      -The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package. - -For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). - - -**Logged on users**
      -Clicking on the logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days: - -- Interactive and remote interactive logins -- Network, batch, and system logins - -![Image of user details pane](images/atp-azure-atp-machine-user.png) - -You'll also see details such as logon types for each user account, the user group, and when the account logon occurred. - - For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). - -**Machine risk**
      -The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level can be determined using the number of active alerts or by a combination of multiple risks that may increase the risk assessment and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. It's also indicators of the active threats that machines could be exposed to. - -**Azure Advanced Threat Protection**
      -If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. - ->[!NOTE] ->You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). - -**Machine reporting**
      -Provides the last internal IP and external IP of the machine. It also shows when the machine was first and last seen reporting to the service. - -## Alerts related to this machine -The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts). - -![Image of alerts related to machine](images/atp-alerts-related-to-machine.png) - -This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. - -You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**. - -## Machine timeline -The **Machine timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. - -This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. - -![Image of machine timeline with events](images/atp-machines-timeline.png) - -Windows Defender ATP monitors and captures suspicious or anomalous behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine. - - -### Search for specific events -Use the search bar to look for specific timeline events. Harness the power of using the following defined search queries based on type:value pairs and event filter types to sift through the search results: - -- **Value** - Type in any search keyword to filter the timeline with the attribute you’re searching for. This search supports defined search queries based on type:value pairs.
      - You can use any of the following values:
      - - Hash: Sha1 or MD5 - - File name - - File extension - - Path - - Command line - - User - - IP - - URL - -- **Informational level** – Click the drop-down button to filter by the following levels: - - Detections mode: displays Windows ATP Alerts and detections - - Behaviors mode: displays "detections" and selected events of interest - - Verbose mode: displays all raw events without aggregation or filtering - -- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. - - Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. - - ->[!NOTE] -> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection). ->Firewall covers the following events: ->- [5025](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5025) - firewall service stopped ->- [5031](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5031) - application blocked from accepting incoming connections on the network ->- [5157](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5157) - blocked connection - - - - -- **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: - - Logon users - - System - - Network - - Local service - -The following example illustrates the use of type:value pair. The events were filtered by searching for the user jonathan.wolcott and network events as the event type: - -![Image of events filtered by user and event type](images/atp-machine-timeline-filter.png) - -The results in the timeline only show network communication events run in the defined user context. - -### Filter events from a specific date -Use the time-based slider to filter events from a specific date. By default, the machine timeline is set to display the events of the current day. - -Using the slider updates the listed alerts to the date that you select. Displayed events are filtered from that date and older. - -The slider is helpful when you're investigating a particular alert on a machine. You can navigate from the **Alerts view** and click on the machine associated with the alert to jump to the specific date when the alert was observed, enabling you to investigate the events that took place around the alert. - -### Export machine timeline events -You can also export detailed event data from the machine timeline to conduct offline analysis. You can choose to export the machine timeline for the current date or specify a date range. You can export up to seven days of data and specify the specific time between the two dates. - -![Image of export machine timeline events](images/atp-machine-timeline-export.png) - -### Navigate between pages -Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**. - -From the **Machines list**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line. - -From the list of events that are displayed in the timeline, you can examine the behaviors or events in to help identify indicators of interests such as files and IP addresses to help determine the scope of a breach. You can then use the information to respond to events and keep your system secure. - -![Image of machine timeline details pane](images/atp-machine-timeline-details-panel.png) - - -You can also use the [Artifact timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine. - -Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of meta data on the file or IP address. - -The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context. - - - - -## Related topics -- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) -- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) -- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) -- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) -- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) -- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9560bb473f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Validate licensing provisioning and complete Windows Defender ATP set up -description: Validating licensing provisioning, setting up initial preferences, and completing the user set up for Windows Defender Advanced Threat Protection portal. -keywords: license, licensing, account, set up, validating licensing, windows defender atp -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Validate licensing provisioning and complete set up for Windows Defender ATP - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink) - -## Check license state - -Checking for the license state and whether it got properly provisioned, can be done through the **Office 365 admin center** or through the **Microsoft Azure portal**. - - 1. In the **Office 365 admin center** navigate to **Billing** > **Subscriptions**. - - - On the screen you will see all the provisioned licenses and their current **Status**. - - ![Image of billing licenses](images\atp-billing-subscriptions.png) - - 2. To view your licenses go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products). - - ![Image of Azure Licensing page](images\atp-licensing-azure-portal.png) - -## Cloud Service Provider validation - -To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the **Office 365 admin center**. - -1. From the **Partner portal**, click on the **Administer services > Office 365**. - -2. Clicking on the **Partner portal** link will leverage the **Admin on behalf** option and will give you access to the customer **Office 365 admin center**. - - ![Image of O365 admin portal](images\atp-O365-admin-portal-customer.png) - -## Access Windows Defender Security Center for the first time - -When accessing [Windows Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created. - -1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product. - - ![Image of Set up your permissions for Windows Defender ATP](images\atp-setup-permissions-wdatp-portal.png) - - Once the authorization step is completed, the **Welcome** screen will be displayed. - -2. The **Welcome** screen will provide some details as to what is about to occur during the set up wizard. - - ![Image of Welcome screen for portal set up](images\welcome1.png) - - You will need to set up your preferences for Windows Defender Security Center. - -3. Set up preferences - - ![Image of geographic location in set up](images\setup-preferences.png) - - 1. **Select data storage location**
      When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United States, the European Union, or the United Kingdom. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. - - > [!WARNING] - > This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process. - - 2. **Select the data retention policy**
      Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process. - - > [!NOTE] - > This option can be changed at a later time. - - 3. **Select the size of your organization**
      You will need to indicate the size of your organization based on an estimate of the number of employees currently employed. - - > [!NOTE] - > The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization. - - 4. **Turn on preview features**
      Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**. - - You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available. - - - Toggle the setting between On and Off to choose **Preview features**. - - > [!NOTE] - > This option can be changed at a later time. - -4. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**. - - > [!NOTE] - > Some of these options can be changed at a later time in Windows Defender Security Center. - - ![Image of final preference set up](images\setup-preferences2.png) - -5. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete. - - ![Image of Windows Defender ATP cloud instance](images\creating-account.png) - -6. You are almost done. Before you can start using Windows Defender ATP you'll need to: - - - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) - - - Run detection test (optional) - - ![Image of Onboard machines and run detection test](images\atp-onboard-endpoints-run-detection-test.png) - - > [!IMPORTANT] - > If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification: - >![Image of setup imcomplete](images\atp-setup-incomplete.png) - -7. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time. - - ![Image of onboard machines](images\atp-onboard-endpoints-WDATP-portal.png) - -## Related topics -- [Onboard machines to the Windows Defender Advanced Threat Protection service](onboard-configure-windows-defender-advanced-threat-protection.md) -- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 61d6e8a22e..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Create and manage machine tags -description: Use machine tags to group machines to capture context and enable dynamic list creation as part of an incident -keywords: tags, machine tags, machine groups, groups, remediation, level, rules, aad group, role, assign, rank -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Create and manage machine tags -Add tags on machines to create a logical group affiliation. Machine group affiliation can represent geographic location, specific activity, importance level and others. - -You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or who can see information on a specific machine group or groups by assigning the machine group to a user group. For more information, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md). - -You can also use machine groups to assign specific remediation levels to apply during automated investigations. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - -In an investigation, you can filter the Machines list to just specific machine groups by using the Groups filter. - - -Machine tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. - -You can add tags on machines using the following ways: -- By setting a registry key value -- By using the portal - -## Add machine tagsby setting a registry key value -Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list. - ->[!NOTE] -> Applicable only on the following machines: ->- Windows 10, version 1709 or later ->- Windows Server, version 1803 or later ->- Windows Server 2016 ->- Windows Server 2012 R2 - -Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines. - -Use the following registry key entry to add a tag on a machine: - -- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\` -- Registry key value (string): Group - ->[!NOTE] ->The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report. - - -## Add machine tags using the portal -Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag. - -1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views: - - - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the machine name from the list of machines. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. - - You can also get to the alert page through the file and IP views. - -2. Open the **Actions** menu and select **Manage tags**. - - ![Image of taking action to manage tags on a machine](images/atp-manage-tags.png) - -3. Enter tags on the machine. To add more tags, click the + icon. -4. Click **Save and close**. - - ![Image of adding tags on a machine](images/atp-save-tag.png) - - Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** filter to see the relevant list of machines. - -### Manage machine tags -You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel. - -![Image of adding tags on a machine](images/atp-tag-management.png) - -## Add machine tags using APIs -For more information, see [Add or remove machine tags API](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md). - - - - diff --git a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md deleted file mode 100644 index 40687ef4f7..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Machine resource type -description: Retrieves top machines -keywords: apis, supported apis, get, machines -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Machine resource type -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - -# Methods -Method|Return Type |Description -:---|:---|:--- -[List machines](get-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List set of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the org. -[Get machine](get-machine-by-id-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Get a [machine](machine-windows-defender-advanced-threat-protection-new.md) by its identity. -[Get logged on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [User](user-windows-defender-advanced-threat-protection-new.md) that logged on to the [machine](machine-windows-defender-advanced-threat-protection-new.md). -[Get related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that were raised on the [machine](machine-windows-defender-advanced-threat-protection-new.md). -[Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Add or Remove tag to a specific machine. -[Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Find machines seen with IP. - -# Properties -Property | Type | Description -:---|:---|:--- -id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity. -computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name. -firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP. -lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP. -osPlatform | String | OS platform. -osVersion | String | OS Version. -lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md). -lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet. -agentVersion | String | Version of Windows Defender ATP agent. -osBuild | Nullable long | OS build number. -healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication" -rbacGroupId | Int | RBAC Group ID. -rbacGroupName | String | RBAC Group Name. -riskScore | Nullable Enum | Risk score as evaluated by Windows Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. -aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined). -machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md deleted file mode 100644 index aa6b9b537e..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: machineAction resource type -description: Retrieves top recent machineActions. -keywords: apis, supported apis, get, machineaction, recent -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# MachineAction resource type -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Method|Return Type |Description -:---|:---|:--- -[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities. -[Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get a single [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity. -[Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Collect investigation package from a [machine](machine-windows-defender-advanced-threat-protection-new.md). -[Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get URI for downloading the investigation package. -[Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Isolate [machine](machine-windows-defender-advanced-threat-protection-new.md) from network. -[Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Release [machine](machine-windows-defender-advanced-threat-protection-new.md) from Isolation. -[Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution. -[Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction. -[Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable). -[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Windows Defender ATP. - -# Properties -Property | Type | Description -:---|:---|:--- -id | Guid | Identity of the [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity. -type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution" -requestor | String | Identity of the person that executed the action. -requestorComment | String | Comment that was written when issuing the action. -status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled". -machineId | String | Id of the machine on which the action was executed. -creationDateTimeUtc | DateTimeOffset | The date and time when the action was created. -lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated. -relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5". - diff --git a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md b/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md deleted file mode 100644 index 3f4a20dcbc..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -ms.date: 08/28/2017 -author: zavidor ---- ->[!Note] -> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via Windows Defender ATP. diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md deleted file mode 100644 index c94234e9e1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: View and organize the Windows Defender ATP machines list -description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the list to enhance investigations. -keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 09/03/2018 ---- - -# View and organize the Windows Defender ATP Machines list - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink) - -The **Machines list** shows a list of the machines in your network where alerts were generated. By default, the queue displays machines with alerts seen in the last 30 days. - -At a glance you'll see information such as domain, risk level, OS platform, and other details. - - -There are several options you can choose from to customize the machines list view. -On the top navigation you can: -- Customize columns to add or remove columns -- Export the entire list in CSV format -- Select the items to show per page -- Navigate between pages -- Apply filters - - -Use the machine list in these main scenarios: - -- **During onboarding**
      - During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis. - - >[NOTE] - > Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is. -Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself. - -- **Day-to-day work**
      - The list enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts. Sorting machines by **Active alerts**, helps identify the most vulnerable machines and take action on them. - - -![Image of machines list with list of machines](images/machines-list.png) - -## Sort and filter the machine list -You can apply the following filters to limit the list of alerts and get a more focused view. - - -### Risk level -Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. - -### OS Platform -Limit the alerts queue view by selecting the OS platform that you're interested in investigating. - -### Health state -Filter the list to view specific machines grouped together by the following machine health states: - -- **Active** – Machines that are actively reporting sensor data to the service. -- **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to: - - No sensor data - - Impaired communications - - For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). -- **Inactive** – Machines that have completely stopped sending signals for more than 7 days. - - -### Security state -Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. - - -- **Well configured** - Machines have the Windows Defender security controls well configured. -- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. - -For more information, see [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md). - -### Tags -You can filter the list based on the grouping and tagging that you've added to individual machines. - - -## Related topics -- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - - diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md deleted file mode 100644 index afd1ba57b5..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Minimum requirements for Windows Defender ATP -description: Understand the licensing requirements and requirements for onboarding machines to the sercvie -keywords: minimum requirements, licensing, comparison table -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Minimum requirements for Windows Defender ATP - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -There are some minimum requirements for onboarding machines to the service. - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink) - - ->[!TIP] ->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). ->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). - -## Licensing requirements -Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - -- Windows 10 Enterprise E5 -- Windows 10 Education E5 -- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5 - -For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare). - -For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559). - -For more information about licensing requirements for Windows Defender ATP platform on Windows Server, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114). - - -## Related topic -- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) -- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index dc2b133c7a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Offboard machines from the Windows Defender ATP service -description: Onboard Windows 10 machines, servers, non-Windows machines from the Windows Defender ATP service -keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Offboard machines from the Windows Defender ATP service - -**Applies to:** -- macOS -- Linux -- Windows Server 2012 R2 -- Windows Server 2016 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink) - -Follow the corresponding instructions depending on your preferred deployment method. - -## Offboard Windows 10 machines - - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script) - - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy) - - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager) - - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools) - -## Offboard Servers - - [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers) - -## Offboard non-Windows machines - - [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines) - diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 59fad5bda4..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -title: Onboard machines to the Windows Defender ATP service -description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test. -keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Onboard machines to the Windows Defender ATP service - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -You need to turn on the sensor to give visibility within Windows Defender ATP. - -For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) - -## Licensing requirements -Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - - Windows 10 Enterprise E5 - - Windows 10 Education E5 - - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 - -For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). - -## Hardware and software requirements -### Supported Windows versions -- Windows 7 SP1 Enterprise -- Windows 7 SP1 Pro -- Windows 8.1 Enterprise -- Windows 8.1 Pro -- Windows 10, version 1607 or later - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Pro - - Windows 10 Pro Education -- Windows server - - Windows Server 2012 R2 - - Windows Server 2016 - - Windows Server 2016, version 1803 - - Windows Server 2019 - -Machines on your network must be running one of these editions. - -The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions. - -> [!NOTE] -> Machines that are running mobile versions of Windows are not supported. - - -### Other supported operating systems -- macOSX -- Linux - ->[!NOTE] ->You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. - - -### Network and data storage and configuration requirements -When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter. - -> [!NOTE] -> - You cannot change your data storage location after the first-time setup. -> - Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data. - - -### Diagnostic data settings -You must ensure that the diagnostic data service is enabled on all the machines in your organization. -By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them. - -**Use the command line to check the Windows 10 diagnostic data service startup type**: - -1. Open an elevated command-line prompt on the machine: - - a. Go to **Start** and type **cmd**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc qc diagtrack - ``` - -If the service is enabled, then the result should look like the following screenshot: - -![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) - -If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start. - - - -**Use the command line to set the Windows 10 diagnostic data service to automatically start:** - -1. Open an elevated command-line prompt on the endpoint: - - a. Go to **Start** and type **cmd**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc config diagtrack start=auto - ``` - -3. A success message is displayed. Verify the change by entering the following command, and press **Enter**: - - ```text - sc qc diagtrack - ``` - - - -#### Internet connectivity -Internet connectivity on machines is required either directly or through proxy. - -The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth. - -For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) . - -Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10. - - -## Windows Defender Antivirus configuration requirement -The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. - -You must configure Security intelligence updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). - -When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. - -If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md). - - -For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). - -## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled -If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard. - -If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy). - - -## In this section -Topic | Description -:---|:--- -[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. -[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP -[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. -[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. -[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. -[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md deleted file mode 100644 index 4599298025..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Overview of endpoint detection and response capabilities -description: Learn about the endpoint detection and response capabilities in Windows Defender ATP -keywords: -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Overview of endpoint detection and response - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Windows Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. - -When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats. - -Inspired by the "assume breach" mindset, Windows Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors. - -The response capabilities give you the power to promptly remediate threats by acting on the affected entities. - -## In this section - -Topic | Description -:---|:--- -[Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | Explore a high level overview of detections, highlighting where response actions are needed. -[Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts. -[Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | View and organize the machine alerts queue, and manage and investigate alerts. -[Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) | Investigate machines with generated alerts and search for specific events over time. -[Take response actions](response-actions-windows-defender-advanced-threat-protection.md) | Learn about the available response actions and apply them to machines and files. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md deleted file mode 100644 index d2421506b2..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/overview.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Overview of Windows Defender ATP -description: Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform -keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Overview of Windows Defender ATP capabilities -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. - ->[!TIP] ->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). ->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). - -## In this section - -Topic | Description -:---|:--- -[Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats. -[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. -[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers. -[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats. -[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. -[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place. -[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand. -[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) | Use a powerful search and query language to create custom queries and detection rules. -[Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows. -[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. -[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center. - - - - diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md deleted file mode 100644 index d94a65a540..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Windows Defender Advanced Threat Protection portal overview -description: Use Windows Defender Security Center to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches. -keywords: Windows Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Windows Defender Advanced Threat Protection portal overview - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) - -Enterprise security teams can use Windows Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches. - -You can use [Windows Defender Security Center](https://securitycenter.windows.com/) to: -- View, sort, and triage alerts from your endpoints -- Search for more information on observed indicators such as files and IP Addresses -- Change Windows Defender ATP settings, including time zone and review licensing information. - -## Windows Defender Security Center -When you open the portal, you’ll see the main areas of the application: - - ![Windows Defender Advanced Threat Protection portal](images/dashboard.png) - -- (1) Navigation pane -- (2) Main portal -- (3) Search, Community center, Time settings, Help and support, Feedback - -> [!NOTE] -> Malware related detections will only appear if your machines are using Windows Defender Antivirus as the default real-time protection antimalware product. - -You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. - -Area | Description -:---|:--- -(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Automated investigations**, **Machines list**, **Service health**, **Advanced hunting**, and **Settings**. -**Dashboards** | Access the Security operations, the Secure Score, or Threat analytics dashboard. -**Incidents** | View alerts that have been aggregated as incidents. -**Alerts** | View alerts generated from machines in your organizations. -**Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation. -**Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool. -**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. -**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. -**Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure Score dashboard. -**(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. -**(3) Community center, Time settings, Help and support, Feedback** | **Community center** -Access the Community center to learn, collaborate, and share experiences about the product.

      **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information.

      **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.

      **Feedback** - Access the feedback button to provide comments about the portal. - -## Windows Defender ATP icons -The following table provides information on the icons used all throughout the portal: - -Icon | Description -:---|:--- -![ATP logo icon](images\atp-logo-icon.png)| Windows Defender ATP logo -![Alert icon](images\alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks. -![Detection icon](images\detection-icon.png)| Detection – Indication of a malware threat detection. -![Active threat icon](images\active-threat-icon.png)| Active threat – Threats actively executing at the time of detection. -![Remediated icon](images\remediated-icon.png)| Remediated – Threat removed from the machine. -![Not remediated icon](images\not-remediated-icon.png)| Not remediated – Threat not removed from the machine. -![Thunderbolt icon](images\atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. -![Machine icon](images\atp-machine-icon.png)| Machine icon -![Windows Defender AV events icon](images\atp-windows-defender-av-events-icon.png)| Windows Defender Antivirus events -![Application Guard events icon](images\atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events -![Device Guard events icon](images\atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events -![Exploit Guard events icon](images\atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events -![SmartScreen events icon](images\atp-Smart-Screen-events-icon.png)| Windows Defender SmartScreen events -![Firewall events icon](images\atp-Firewall-events-icon.png)| Windows Firewall events -![Response action icon](images\atp-respond-action-icon.png)| Response action -![Process events icon](images\atp-process-event-icon.png)| Process events -![Network communication events icon](images\atp-network-communications-icon.png)| Network events -![File observed events icon](images\atp-file-observed-icon.png)| File events -![Registry events icon](images\atp-registry-event-icon.png)| Registry events -![Module load DLL events icon](images\atp-module-load-icon.png)| Load DLL events -![Other events icon](images\atp-Other-events-icon.png)| Other events -![Access token modification icon](images\atp-access-token-modification-icon.png)| Access token modification -![File creation icon](images\atp-file-creation-icon.png)| File creation -![Signer icon](images\atp-signer-icon.png)| Signer -![File path icon](images\atp-File-path-icon.png)| File path -![Command line icon](images\atp-command-line-icon.png)| Command line -![Unsigned file icon](images\atp-unsigned-file-icon.png)| Unsigned file -![Process tree icon](images\atp-process-tree.png)| Process tree -![Memory allocation icon](images\atp-memory-allocation-icon.png)| Memory allocation -![Process injection icon](images\atp-process-injection.png)| Process injection -![Powershell command run icon](images\atp-powershell-command-run-icon.png)| Powershell command run -![Community center icon](images\atp-community-center.png) | Community center -![Notifications icon](images\atp-notifications.png) | Notifications -![No threats found](images\no-threats-found.png) | Automated investigation - no threats found -![Failed icon](images\failed.png) | Automated investigation - failed -![Partially remediated icon](images\partially-investigated.png) | Automated investigation - partially investigated -![Termindated by system](images\terminated-by-system.png) | Automated investigation - terminated by system -![Pending icon](images\pending.png) | Automated investigation - pending -![Running icon](images\running.png) | Automated investigation - running -![Remediated icon](images\remediated.png) | Automated investigation - remediated -![Partially investigated icon](images\partially_remediated.png) | Automated investigation - partially remediated -![Threat insights icon](images\tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights -![Possible active alert icon](images\tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert -![Recommendation insights icon](images\tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights - -## Related topics -- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) -- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) -- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) -- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 469a59e63e..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Turn on the preview experience in Windows Defender ATP -description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features. -keywords: advanced features, settings, block file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- -# Turn on the preview experience in Windows Defender ATP - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) - -Turn on the preview experience setting to be among the first to try upcoming features. - -1. In the navigation pane, select **Settings** > **Advanced features**. - - ![Image of settings and preview experience](images/atp-preview-features.png) - - -2. Toggle the setting between **On** and **Off** and select **Save preferences**. - -## Related topics -- [Update general settings in Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md) -- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) -- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1556c307d3..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Windows Defender ATP preview features -description: Learn how to access Windows Defender Advanced Threat Protection preview features. -keywords: preview, preview experience, Windows Defender Advanced Threat Protection, features, updates -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Windows Defender ATP preview features - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - -The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities. - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) - - -Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. - -For more information on capabilities that are generally available, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp). - - - -## Turn on preview features -You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available. - -Turn on the preview experience setting to be among the first to try upcoming features. - -1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**. - -2. Toggle the setting between **On** and **Off** and select **Save preferences**. - -## Preview features -The following features are included in the preview release: - -- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt)
      A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. - - -- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization. - -- [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)
      -Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. -Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. - - >[!NOTE] - >Partially available from Windows 10, version 1809. - -- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
      Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. - - >[!NOTE] - >Available from Windows 10, version 1809 or later. - -- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
      Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - -- [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
      -Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink) - diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9d051a1e7e..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,252 +0,0 @@ ---- -title: Take response actions on a machine in Windows Defender ATP -description: Take response actions on a machine such as isolating machines, collecting an investigation package, managing tags, running av scan, and restricting app execution. -keywords: respond, isolate, isolate machine, collect investigation package, action center, restrict, manage tags, av scan, restrict app -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Take response actions on a machine - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) - -Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. - ->[!IMPORTANT] -> - These response actions are only available for machines on Windows 10, version 1703 or later. -> - For non-Windows platforms, response capabilities (such as Machine isolation) are dependent on the third-party capabilities. - -## Collect investigation package from machines -As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker. - ->[!IMPORTANT] -> This response action is available for machines on Windows 10, version 1703 or later. - -You can download the package (Zip file) and investigate the events that occurred on a machine. - -The package contains the following folders: - -| Folder | Description | -|:--------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine.

      NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” | -| Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). | -| Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

      - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

      - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

      ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

      - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

      - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. | -| Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list.

      - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files.

      - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. | -| Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. | -| Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. | -| Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy.

      NOTE: Open the event log file using Event viewer. | -| Services | Contains the services.txt file which lists services and their states. | -| Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement.

      Contains files for SMBInboundSessions and SMBOutboundSession.

      NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound). | -| Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system.

      This can help to track suspicious files that an attacker may have dropped on the system.

      NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system. | -| Users and Groups | Provides a list of files that each represent a group and its members. | -| CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. | - -1. Select the machine that you want to investigate. You can select or search for a machine from any of the following views: - - - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the heading of the machine name from the machines list. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. - -2. Open the **Actions** menu and select **Collect investigation package**. - - ![Image of collect investigation package action](images/atp-actions-collect-investigation-package.png) - -3. Type a comment and select **Yes, collect package** to take action on the machine. - - ![Image of notification to collect package](images/atp-notification-collect-package.png) - - The Action center shows the submission information: - - ![Image of investigation package in action center](images/atp-action-center-package-collection.png) - - - **Submission time** - Shows when the action was submitted. - - **Status** - Indicates if the package was successfully collected from the network. When the collection is complete, you can download the package. - -3. Select **Package available** to download the package.
      - When the package is available a new event will be added to the machine timeline.
      - You can download the package from the machine page, or the Action center. - - ![Image of investigation package from machine view](images/atp-machine-investigation-package.png) - - You can also search for historical packages in the machine timeline. - -## Run Windows Defender Antivirus scan on machines -As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine. - ->[!IMPORTANT] ->- This action is available for machines on Windows 10, version 1709 or later. ->- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). - - -1. Select the machine that you want to run the scan on. You can select or search for a machine from any of the following views: - - - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the machine name from the list of machines. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. -2. Open the **Actions** menu and select **Run antivirus scan**. - - ![Image of run antivirus scan](images/atp-actions-run-av.png) - -3. Select the scan type that you'd like to run. You can choose between a quick or a full scan. - - ![Image of notification to select quick scan or full scan and add comment](images/atp-av-scan-notification.png) - - -4. Type a comment and select **Yes, run scan** to start the scan.
      - - The Action center shows the scan information: - - ![Image of action center with antivirus scan](images/atp-av-scan-action-center.png) - - - **Submission time** - Shows when the action was submitted. - - **Status** - Indicates any pending actions or the results of completed actions. - -The machine timeline will include a new event, reflecting that a scan action was submitted on the machine. Windows Defender AV alerts will reflect any detections that surfaced during the scan. - -## Restrict app execution -In addition to the ability of containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running. - ->[!IMPORTANT] -> - This action is available for machines on Windows 10, version 1709 or later. -> - This feature is available if your organization uses Windows Defender Antivirus. -> - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing). - - -The action to restrict an application from running applies a code integrity policy that only allows running of files that are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised machines and performing further malicious activities. - ->[!NOTE] ->You’ll be able to reverse the restriction of applications from running at any time. - -1. Select the machine where you'd like to restrict an application from running from. You can select or search for a machine from any of the following views: - - - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the machine name from the list of machines. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. - -2. Open the **Actions** menu and select **Restrict app execution**. - - ![Image of restrict app execution action](images/atp-actions-restrict-app-execution.png) - -3. Type a comment and select **Yes, restict app execution** to take action on the file. - - ![Image of app restriction notification](images/atp-notification-restrict.png) - - The Action center shows the submission information: - ![Image of action center with app restriction](images/atp-action-center-app-restriction.png) - - - - **Submission time** - Shows when the action was submitted. - - **Status** - Indicates any pending actions or the results of completed actions. - -When the application execution restriction configuration is applied, a new event is reflected in the machine timeline. - - -**Notification on machine user**:
      -When an app is restricted, the following notification is displayed to inform the user that an app is being restricted from running: - -![Image of app restriction](images/atp-app-restriction.png) - -## Remove app restriction -Depending on the severity of the attack and the state of the machine, you can choose to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated. - -1. Select the machine where you restricted an application from running from. - -2. Open the **Actions** menu and select **Remove app restrictions**. - - ![Image of remove app restrictions](images/atp-actions-remove-app-restrictions.png) - -3. Type a comment and select **Yes, remove restriction** to take action on the application. The machine application restriction will no longer apply on the machine. - - -## Isolate machines from the network -Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement. - ->[!IMPORTANT] ->- Full isolation is available for machines on Windows 10, version 1703. ->- Selective isolation is available for machines on Windows 10, version 1709 or later. - - -This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine. - -On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity (a.k.a 'Selective Isolation'). - ->[!NOTE] ->You’ll be able to reconnect the machine back to the network at any time. - -1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views: - - - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the machine name from the list of machines. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. - -2. Open the **Actions** menu and select **Isolate machine**. - - ![Image of isolate machine](images/atp-actions-isolate-machine.png) - -3. Select the check-box if you'd like to enable Outlook and Skype communication while the machine is isolated (a.k.a. 'Selective Isolation'). - - ![Image of isolation confirmation](images/atp-confirm-isolate.png) - -4. Type a comment and select **Yes, isolate machine** to take action on the machine. - - >[!NOTE] - >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the machine is isolated. - - The Action center shows the submission information: - ![Image of machine isolation](images/atp-machine-isolation.png) - - - **Submission time** - Shows when the action was submitted. - - **Status** - Indicates any pending actions or the results of completed actions. Additional indications will be provided if you've enabled Outlook and Skype for Business communication. - -When the isolation configuration is applied, a new event is reflected in the machine timeline. - -**Notification on machine user**:
      -When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network: - -![Image of no network connection](images/atp-notification-isolate.png) - -## Release machine from isolation -Depending on the severity of the attack and the state of the machine you can choose to release the machine from isolation after you have verified that the compromised machine has been remediated. - -1. Select a machine that was previously isolated. - -2. Open the **Actions** menu and select **Release from isolation**. - - ![Image of release from isolation](images/atp-actions-release-from-isolation.png) - -3. Type a comment and select **Yes, release machine** to take action on the machine. The machine will be reconnected to the network. - - -## Check activity details in Action center -The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details: - -- Investigation package collection -- Antivirus scan -- App restriction -- Machine isolation - -All other related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed. - -![Image of action center with information](images/atp-action-center-with-info.png) - -## Related topic -- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/use-apis.md b/windows/security/threat-protection/windows-defender-atp/use-apis.md deleted file mode 100644 index 18e77632f4..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/use-apis.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Windows Defender ATP APIs -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Windows Defender ATP APIs - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -## In this section -Topic | Description -:---|:--- -[Windows Defender ATP API overview](apis-intro.md) | Learn how to access to Windows Defender ATP Public API and on which context. -[Supported Windows Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md). -How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md). diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 410ee5f85b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Use the custom threat intelligence API to create custom alerts -description: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts -keywords: threat intelligence, alert definitions, indicators of compromise -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Use the threat intelligence API to create custom alerts (Deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->[!TIP] ->This topic has been deprecated. See [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) for the updated content. - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) - -Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. - -You can use the code examples to guide you in creating calls to the custom threat intelligence API. - -## In this section - -Topic | Description -:---|:--- -[Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) | Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization. -[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through Windows Defender Security Center so that you can create custom threat intelligence (TI) using REST API. -[Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization. -[PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API. -[Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API. -[Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) | This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API. -[Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API. diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 268f112212..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Overview of Windows Defender Security Center -description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks. -keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Overview of Windows Defender Security Center - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) - -Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. - -Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network. - -Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization. - -Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown. - - -### In this section - -Topic | Description -:---|:--- -[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions. -[View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines. -[View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. -[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations. - - diff --git a/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md deleted file mode 100644 index 6bc2c21435..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: File resource type -description: Retrieves top recent alerts. -keywords: apis, graph api, supported apis, get, alerts, recent -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# User resource type -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Method|Return Type |Description -:---|:---|:--- -[List User related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List all the alerts that are associated with a [user](user-windows-defender-advanced-threat-protection-new.md). -[List User related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List all the machines that were logged on by a [user](user-windows-defender-advanced-threat-protection-new.md). - - diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md deleted file mode 100644 index 3c620a48d0..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Windows Defender Security Center -description: Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection. -keywords: windows, defender, security, center, defender, advanced, threat, protection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Windows Defender Security Center - -Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks. - -## In this section - -Topic | Description -:---|:--- -Get started | Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal. -[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues. -[Understand the portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal. -Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats. -API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Windows Defender Security Center. -Reporting | Create and build Power BI reports using Windows Defender ATP data. -Check service health and sensor state | Verify that the service is running and check the sensor state on machines. -[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features. -[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product. -[Troubleshoot service issues](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service. - diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 3392402f08..4104a10a84 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -9,23 +9,25 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 05/07/2019 +ms.reviewer: +manager: dansimp --- # Reduce attack surfaces with attack surface reduction rules **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. -To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. +To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 Security Center. These advanced capabilities aren't available with an E3 license or with Windows 10 Enterprise without subscription, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. Attack surface reduction rules target behaviors that malware and malicious apps typically use to infect computers, including: @@ -35,7 +37,7 @@ Attack surface reduction rules target behaviors that malware and malicious apps You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks similar to malware. By monitoring audit data and [adding exclusions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. -Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Windows Defender Security Center and in the Microsoft 365 securty center. +Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Microsoft Defender Security Center and in the Microsoft 365 securty center. For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md). @@ -179,7 +181,7 @@ This rule blocks the following file types from launching unless they either meet >[!NOTE] >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. ->[!IMPORTANT] +>[!IMPORTANT] >The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md index 4cc8fbd9f5..3e7dd85f9c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 10/15/2018 +ms.reviewer: +manager: dansimp --- # Use attack surface reduction rules in Windows 10 Enterprise E3 @@ -20,7 +22,7 @@ ms.date: 10/15/2018 - Windows 10 Enterprise E3 -Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. +Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. A limited subset of basic attack surface reduction rules can technically be used with Windows 10 Enterprise E3. They can be used without the benefits of reporting, monitoring, and analytics, which provide the ease of deployment and management capabilities necessary for enterprises. @@ -48,4 +50,4 @@ Topic | Description ---|--- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how attack surface reduction rules work, and what events would typically be created. [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage attack surface reduction rules in your network. -[Customize attack surface reduction rules](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by attack surface reduction rules and customize the notification that appears on a user's machine when a rule blocks an app or file. \ No newline at end of file +[Customize attack surface reduction rules](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by attack surface reduction rules and customize the notification that appears on a user's machine when a rule blocks an app or file. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 1c4e998102..dd9c960c79 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -1,6 +1,6 @@ --- -title: Test how Windows Defender ATP features work -description: Audit mode lets you use the event log to see how Windows Defender ATP would protect your devices if it were enabled +title: Test how Microsoft Defender ATP features work +description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it were enabled keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 04/02/2019 +ms.reviewer: +manager: dansimp --- @@ -19,7 +21,7 @@ ms.date: 04/02/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. @@ -29,7 +31,7 @@ While the features will not block or prevent apps, scripts, or files from being To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**. -You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 77098d4c10..00e0789bab 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -9,19 +9,21 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 11/29/2018 +ms.reviewer: +manager: dansimp --- # Protect important folders with controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. -Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. @@ -39,11 +41,18 @@ Controlled folder access is supported on Windows 10, version 1709 and later and Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md). -## Review controlled folder access events in the Windows Defender ATP Security Center +## Review controlled folder access events in the Microsoft Defender ATP Security Center -Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled. +You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled. + +Here is an example query + +``` +MiscEvents +| where ActionType in ('ControlledFolderAccessViolationAudited','ControlledFolderAccessViolationBlocked') +``` ## Review controlled folder access events in Windows Event Viewer diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 6dbb17c57d..4559d896b6 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 05/08/2019 +author: levinec +ms.author: ellevin +ms.date: 05/13/2019 +ms.reviewer: +manager: dansimp --- # Customize attack surface reduction rules **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,20 +33,18 @@ You can use Group Policy, PowerShell, and MDM CSPs to configure these settings. ## Exclude files and folders -You can exclude files and folders from being evaluated by all attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an attack surface reduction rule, the file will not be blocked from running. - -This could potentially allow unsafe files to run and infect your devices. +You can exclude files and folders from being evaluated by attack surface reduction rules. This means that even if an attack surface reduction rule detects that the file contains malicious behavior, the file will not be blocked from running. >[!WARNING] ->Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. -> ->If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). +>This could potentially allow unsafe files to run and infect your devices. Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. -You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. +An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource, but you cannot limit an exclusion to certain rules. + +An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). -Exclusions apply to all attack surface reduction rules. Rule description | GUID -|:-:|- @@ -76,9 +76,9 @@ See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) to 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. -### Use PowerShell to exclude files and folderss +### Use PowerShell to exclude files and folders -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index bf18867655..43cdc009e2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 05/07/2019 +author: levinec +ms.author: ellevin +ms.date: 05/13/2019 +ms.reviewer: +manager: dansimp --- # Customize controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. @@ -89,13 +91,14 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature. >[!IMPORTANT] ->By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. +>By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. >You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. -You can use the Windows Security app or Group Policy to add and remove apps that should be allowed to access protected folders. - When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. +An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. + + ### Use the Windows Defender Security app to allow specific apps 1. Open the Windows Security by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -106,7 +109,7 @@ When you add an app, you have to specify the app's location. Only the app in tha 4. Click **Add an allowed app** and follow the prompts to add apps. - ![Screenshot of the add an allowed app button](images/cfa-allow-app.png) + ![Screenshot of how to add an allowed app button](images/cfa-allow-app.png) ### Use Group Policy to allow specific apps @@ -120,7 +123,7 @@ When you add an app, you have to specify the app's location. Only the app in tha ### Use PowerShell to allow specific apps -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell @@ -132,7 +135,7 @@ When you add an app, you have to specify the app's location. Only the app in tha ```PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe" ``` -Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Security app. + Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Security app. ![Screenshot of a PowerShell window with the above cmdlet entered](images/cfa-allow-app-ps.png) @@ -150,4 +153,4 @@ See the [Windows Security](../windows-defender-security-center/windows-defender- ## Related topics - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) - [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) -- [Evaluate attack surface reduction rules](evaluate-windows-defender-exploit-guard.md) \ No newline at end of file +- [Evaluate attack surface reduction rules](evaluate-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index bde9222c86..c238e5c8c2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 03/26/2019 +ms.reviewer: +manager: dansimp --- # Customize exploit protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps. @@ -28,7 +30,7 @@ You configure these settings using the Windows Security app on an individual mac It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md). ->[!WARNING] +>[!WARNING] >Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](evaluate-exploit-protection.md) before deploying the configuration across a production environment or the rest of your network. ## Exploit protection mitigations @@ -110,27 +112,27 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**. 3. Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here: - - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section - - **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section - - **Use default** - The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation + - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section + - **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section + - **Use default** - The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation - >[!NOTE] - >You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting. + >[!NOTE] + >You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting. - Changing some settings may require a restart. + Changing some settings may require a restart. 4. Repeat this for all the system-level mitigations you want to configure. -3. Go to the **Program settings** section and choose the app you want to apply mitigations to: +5. Go to the **Program settings** section and choose the app you want to apply mitigations to: 1. If the app you want to configure is already listed, click it and then click **Edit** 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app: - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. -4. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. +6. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. -5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration. +7. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration. You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations. @@ -177,28 +179,28 @@ Where: - \: - The mitigation's cmdlet as defined in the [mitigation cmdlets table](#cmdlets-table) below, along with any suboptions (surrounded with spaces). Each mitigation is separated with a comma. - For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command: - - ```PowerShell -Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation -``` - - >[!IMPORTANT] - >Separate each mitigation option with commas. - - If you wanted to apply DEP at the system level, you'd use the following command: - - ```PowerShell -Set-Processmitigation -System -Enable DEP -``` - - To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app. - - If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example: + For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command: ```PowerShell -Set-Processmitigation -Name test.exe -Remove -Disable DEP -``` + Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation + ``` + + >[!IMPORTANT] + >Separate each mitigation option with commas. + + If you wanted to apply DEP at the system level, you'd use the following command: + + ```PowerShell + Set-Processmitigation -System -Enable DEP + ``` + + To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app. + + If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example: + + ```PowerShell + Set-Processmitigation -Name test.exe -Remove -Disable DEP + ``` You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md index 843e0e7f4c..0a5a679109 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md @@ -9,31 +9,33 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 08/08/2018 +ms.reviewer: +manager: dansimp --- # Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!IMPORTANT] ->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. +>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP. > >You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. -This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Windows Defender ATP. +This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Microsoft Defender ATP. -Exploit protection in Windows Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options. +Exploit protection in Microsoft Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options. EMET is a standalone product for earlier versions of Windows and provides some mitigation against older, known exploit techniques. After July 31, 2018, it will not be supported. -For more information about the individual features and mitigations available in Windows Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics: +For more information about the individual features and mitigations available in Microsoft Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics: - [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Configure and audit exploit protection mitigations](customize-exploit-protection.md) @@ -59,7 +61,7 @@ Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Requires use of EMET tool (EMET_CONF) System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]
      Not available Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]
      Not available -Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
      With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
      [Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Limited Windows event log monitoring +Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
      With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
      [Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
      Limited to EAF, EAF+, and anti-ROP mitigations ([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). @@ -99,7 +101,7 @@ Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] ->[!NOTE] +>[!NOTE] >The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process. > >See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 1a68651c4f..6240e524cc 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 04/29/2019 +author: levinec +ms.author: ellevin +ms.date: 05/13/2019 +ms.reviewer: +manager: dansimp --- # Enable attack surface reduction rules @@ -24,9 +26,9 @@ Each ASR rule contains three settings: * Block: Enable the ASR rule * Audit: Evaluate how the ASR rule would impact your organization if enabled -To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. +To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. -You can enable attack surface reduction rules by using any of the these methods: +You can enable attack surface reduction rules by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) @@ -51,7 +53,7 @@ You can exclude files and folders from being evaluated by most attack surface re >- Block process creations originating from PSExec and WMI commands >- Block JavaScript or VBScript from launching downloaded executable content -You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. +You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). @@ -117,12 +119,12 @@ Value: c:\path|e:\path|c:\Whitelisted.exe 3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. 4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section: - - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: - - Disable = 0 - - Block (enable ASR rule) = 1 - - Audit = 2 + - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: + - Disable = 0 + - Block (enable ASR rule) = 1 + - Audit = 2 - ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png) + ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png) 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. @@ -131,7 +133,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe >[!WARNING] >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: @@ -143,13 +145,13 @@ Value: c:\path|e:\path|c:\Whitelisted.exe ```PowerShell Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions AuditMode - ``` + ``` To turn off ASR rules, use the following cmdlet: ```PowerShell Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Disabled - ``` + ``` >[!IMPORTANT] >You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index d761ebfc85..0c1ff68ba4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -9,20 +9,22 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 04/29/2019 +author: levinec +ms.author: ellevin +ms.date: 05/13/2019 +ms.reviewer: +manager: dansimp --- # Enable controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019. -You can enable controlled folder access by using any of the these methods: +You can enable controlled folder access by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) @@ -59,9 +61,12 @@ For more information about disabling local list merging, see [Prevent or allow u ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) 1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. 1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. + ![Enable controlled folder access in Intune](images/enable-cfa-intune.png) + >[!NOTE] - >Wilcard is supported for applications, but not for folders. Subfolders are not protected. + >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. + 1. Click **OK** to save each open blade and click **Create**. 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. @@ -72,13 +77,13 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt ## SCCM 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. -1. Click **Home** > **Create Exploit Guard Policy**. -1. Enter a name and a description, click **Controlled folder access**, and click **Next**. -1. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**. +2. Click **Home** > **Create Exploit Guard Policy**. +3. Enter a name and a description, click **Controlled folder access**, and click **Next**. +4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**. >[!NOTE] - >Wilcard is supported for applications, but not for folders. Subfolders are not protected. -1. Review the settings and click **Next** to create the policy. -1. After the policy is created, click **Close**. + >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. +5. Review the settings and click **Next** to create the policy. +6. After the policy is created, click **Close**. ## Group Policy @@ -93,14 +98,14 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders. - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization. - ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) + ![Screenshot of group policy option with Enabled and then Enable selected in the drop-down](images/cfa-gp-enable.png) >[!IMPORTANT] >To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: @@ -116,4 +121,4 @@ Use `Disabled` to turn the feature off. - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) - [Customize controlled folder access](customize-controlled-folders-exploit-guard.md) -- [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md) +- [Evaluate Microsoft Defender ATP](evaluate-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index 58cb4ad00c..72894a0a5d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 04/22/2019 +author: levinec +ms.author: ellevin +ms.date: 05/09/2019 +ms.reviewer: +manager: dansimp --- # Enable exploit protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Exploit protection](exploit-protection-exploit-guard.md) helps protect against malware that uses exploits to infect devices and spread. It consists of a number of mitigations that can be applied to either the operating system or individual apps. @@ -26,7 +28,7 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. -You can enable each mitigation separately by using any of the these methods: +You can enable each mitigation separately by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 8df4d37da6..59240aa5f7 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -9,20 +9,23 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 04/22/2019 +author: levinec +ms.author: ellevin +ms.date: 05/13/2019 +ms.reviewer: +manager: dansimp --- # Enable network protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. -You can enable network protection by using any of the these methods: + +You can enable network protection by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) @@ -87,7 +90,7 @@ You can confirm network protection is enabled on a local computer by using Regis ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ``` @@ -100,7 +103,7 @@ You can enable the feature in audit mode using the following cmdlet: Set-MpPreference -EnableNetworkProtection AuditMode ``` -Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off. +Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 8648bcd508..3cd5fee197 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -4,20 +4,21 @@ description: This article explains the steps to opt in to using HVCI on Windows ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: justinha -author: justinha +ms.author: ellevin +author: levinec manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/01/2019 +ms.reviewer: --- # Enable virtualization-based protection of code integrity **Applies to** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. Some applications, including device drivers, may be incompatible with HVCI. @@ -60,7 +61,7 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP] 3. Double-click **Turn on Virtualization Based Security**. 4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**. - ![Enable HVCI using Group Policy](images\enable-hvci-gp.png) + ![Enable HVCI using Group Policy](images/enable-hvci-gp.png) 5. Click **Ok** to close the editor. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index 707aa20197..145da203d5 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: Justinha -ms.author: justinha +author: levinec +ms.author: ellevin ms.date: 04/02/2019 +ms.reviewer: +manager: dansimp --- # Evaluate attack surface reduction rules **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 958cc3e6d8..08d11df095 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 11/16/2018 +ms.reviewer: +manager: dansimp --- # Evaluate controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. @@ -47,7 +49,7 @@ You can also use Group Policy, Intune, MDM, or System Center Configuration Manag ## Review controlled folder access events in Windows Event Viewer -The following controlled folder access events appear in Windows Event Viewer. +The following controlled folder access events appear in Windows Event Viewer under Microsoft/Windows/Windows Defender/Operational folder. | Event ID | Description | | --- | --- | @@ -63,5 +65,5 @@ See [Protect important folders with controlled folder access](controlled-folders ## Related topics - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) -- [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md) +- [Evaluate Microsoft Defender ATP](evaluate-windows-defender-exploit-guard.md) - [Use audit mode](audit-windows-defender-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 6ae70924c7..46cce510fa 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 04/02/2019 +ms.reviewer: +manager: dansimp --- # Evaluate exploit protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Exploit protection](exploit-protection-exploit-guard.md) helps protect devices from malware that uses exploits to spread and infect other devices. It consists of a number of mitigations that can be applied to either the operating system or an individual app. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index 74605b559a..5015d0f283 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -9,20 +9,22 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic -ms.date: 04/02/2019 +author: levinec +ms.author: ellevin +ms.date: 05/10/2019 +ms.reviewer: +manager: dansimp --- # Evaluate network protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Network protection](network-protection-exploit-guard.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. -This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visted a malicious site or domain. +This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain. >[!TIP] @@ -34,7 +36,7 @@ You can enable network protection in audit mode to see which IP addresses and do You might want to do this to make sure it doesn't affect line-of-business apps or to get an idea of how often blocks occur. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md index ee57054634..7a23a23e04 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md @@ -1,4 +1,4 @@ ---- +--- title: Evaluate the impact of Windows Defender Exploit Guard description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 05/30/2018 +ms.reviewer: +manager: dansimp --- # Evaluate Windows Defender Exploit Guard @@ -41,9 +43,11 @@ You might also be interested in enabling the features in audit mode - which allo ## Related topics -Topic | Description ----|--- +| Topic | Description | +|-------|-------------| +| | | + - [Protect devices from exploits](exploit-protection-exploit-guard.md) - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) - [Protect your network](network-protection-exploit-guard.md) -- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) \ No newline at end of file +- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index c15f7d5f95..dcffecd121 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -1,4 +1,4 @@ ---- +ms.reviewer: title: Import custom views to see attack surface reduction events description: Use Windows Event Viewer to import individual views for each of the features. keywords: event view, exploit guard, audit, review, events @@ -10,8 +10,8 @@ ms.sitesec: library ms.pagetype: security ms.date: 04/16/2018 ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 03/26/2019 --- @@ -19,7 +19,7 @@ ms.date: 03/26/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow. @@ -27,7 +27,7 @@ Reviewing the events is also handy when you are evaluating the features, as you This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events. -You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md). +You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md). ## Use custom views to review attack surface reduction capabilities @@ -126,7 +126,6 @@ You can also manually navigate to the event area that corresponds to the feature - ``` ## List of attack surface reduction events @@ -140,7 +139,7 @@ You can access these events in Windows Event viewer: 2. Expand **Applications and Services Logs > Microsoft > Windows** and then go to the folder listed under **Provider/source** in the table below. 3. Double-click on the sub item to see events. Scroll through the events to find the one you are looking. - ![Animation showing using Event Viewer](images/event-viewer.gif) + ![Animation showing using Event Viewer](images/event-viewer.gif) Feature | Provider/source | Event ID | Description :-|:-|:-:|:- @@ -180,4 +179,6 @@ Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Contr Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode + + Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 72869c7925..c5ee205c10 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 04/02/2019 +ms.reviewer: +manager: dansimp --- # Protect devices from exploits **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. @@ -27,7 +29,7 @@ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md >[!TIP] >You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Exploit protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [enable exploit protection](enable-exploit-protection.md) on an individual machine, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once. @@ -40,7 +42,7 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http >[!IMPORTANT] >If you are currently using EMET you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. ->[!WARNING] +>[!WARNING] >Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network. ## Review exploit protection events in Windows Event Viewer @@ -79,11 +81,11 @@ Win32K | 260 | Untrusted Font ## Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard >[!IMPORTANT] ->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. +>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP. > >You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings. -This section compares exploit protection in Windows Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference. +This section compares exploit protection in Microsoft Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference. The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.   | Windows Defender Exploit Guard | EMET @@ -102,7 +104,7 @@ Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Requires use of EMET tool (EMET_CONF) System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]
      Not available Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]
      Not available -Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
      With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
      [Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Limited Windows event log monitoring +Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
      With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
      [Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
      Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
      [Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
      Limited to EAF, EAF+, and anti-ROP mitigations ([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). @@ -141,7 +143,7 @@ Validate handle usage | [!include[Check mark yes](images/svg/check-yes.svg)] | [ Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] ->[!NOTE] +>[!NOTE] >The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process. > >See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/graphics.md b/windows/security/threat-protection/windows-defender-exploit-guard/graphics.md index 2066795922..111bb99fc5 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/graphics.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/graphics.md @@ -1,7 +1,11 @@ --- ms.date: 09/18/2017 +ms.reviewer: +manager: dansimp +ms.author: ellevin +author: levinec --- Check mark no -Check mark yes \ No newline at end of file +Check mark yes diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index 1be2ff6cb2..c9851d72d1 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Import, export, and deploy exploit protection configurations **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md index aed6d58094..1e2192cfb7 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt +author: levinec +ms.author: ellevin ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Memory integrity **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 642d3a6e26..7bf07fbce8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: levinec +ms.author: ellevin ms.date: 04/30/2019 +ms.reviewer: +manager: dansimp --- # Protect your network **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. @@ -29,7 +31,7 @@ Network protection is supported beginning with Windows 10, version 1709. >[!TIP] >You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Network protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. @@ -43,29 +45,29 @@ Windows 10 version | Windows Defender Antivirus - | - Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled -## Review network protection events in the Windows Defender ATP Security Center +## Review network protection events in the Microsoft Defender ATP Security Center -Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled. +You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled. ## Review network protection events in Windows Event Viewer You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain: -1. [Copy the XML directly](event-views-exploit-guard.md). +1. [Copy the XML directly](event-views-exploit-guard.md). 2. Click **OK**. 3. This will create a custom view that filters to only show the following events related to network protection: - Event ID | Description --|- -5007 | Event when settings are changed -1125 | Event when network protection fires in audit mode -1126 | Event when network protection fires in block mode + Event ID | Description + -|- + 5007 | Event when settings are changed + 1125 | Event when network protection fires in audit mode + 1126 | Event when network protection fires in block mode - ## Related topics + ## Related topics Topic | Description ---|--- diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/prerelease.md b/windows/security/threat-protection/windows-defender-exploit-guard/prerelease.md index f22001f19d..6e993c8c0a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/prerelease.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/prerelease.md @@ -1,5 +1,9 @@ --- ms.date: 08/25/2017 +ms.reviewer: +manager: dansimp +ms.author: ellevin +author: levinec --- > [!IMPORTANT] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. \ No newline at end of file +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 514a74a4ea..15fd8b2886 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -5,19 +5,21 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/20/2017 +ms.reviewer: +ms.author: dansimp --- # Baseline protections and additional qualifications for virtualization-based protection of code integrity **Applies to** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 0eea5319db..373d0c8387 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 03/27/2019 +ms.reviewer: +manager: dansimp --- # Troubleshoot attack surface reduction rules **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as: @@ -76,7 +78,7 @@ To add an exclusion, see [Customize Attack surface reduction](customize-attack-s ## Report a false positive or false negative -Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md). +Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md). ## Collect diagnostic data for file submissions diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index 7820eac52f..6f2ca8462f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Troubleshoot exploit protection mitigations **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md index aac22be513..cfd19843a9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 03/27/2019 +ms.reviewer: +manager: dansimp --- # Troubleshoot network protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - IT administrators @@ -56,8 +58,8 @@ You can enable network protection in audit mode and then visit a website that we ``` 2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block). 3. [Review the network protection event logs](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**. -> ->If network protection is not blocking a connection that you are expecting it should block, enable the feature. + > + >If network protection is not blocking a connection that you are expecting it should block, enable the feature. ```powershell Set-MpPreference -EnableNetworkProtection Enabled @@ -65,7 +67,11 @@ Set-MpPreference -EnableNetworkProtection Enabled ## Report a false positive or false negative -If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md). +If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md). + +## Exclude website from network protection scope + +To whitelist the website that is being blocked (false positive), add its URL to the [list of trusted sites](https://blogs.msdn.microsoft.com/asiatech/2014/08/19/how-to-add-web-sites-to-trusted-sites-via-gpo-from-dc-installed-ie10-or-higher-ie-version/). Web resources from this list bypass the network protection check. ## Collect diagnostic data for file submissions diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 32055b2546..a60d5f5a24 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -9,16 +9,18 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 08/09/2018 +ms.reviewer: +manager: dansimp --- # Windows Defender Exploit Guard **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees. @@ -43,9 +45,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work. -Windows Defender EG can be managed and reported on in the Windows Security app as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies. +Windows Defender EG can be managed and reported on in the Windows Security app as part of the Microsoft Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies. -You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works. +You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works. ## Requirements @@ -55,14 +57,17 @@ This section covers requirements for each feature in Windows Defender EG. |--------|---------| | ![not supported](./images/ball_empty.png) | Not supported | | ![supported](./images/ball_50.png) | Supported | -| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| +| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Microsoft Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| -| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | -| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | -| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 with Enterprise E3 subscription | Windows 10 with Enterprise E5 subscription | +| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | :--------------------------------------: | +| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | + +>[!NOTE] +> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as the Enterprise E5 subscription. The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md index 92d6f70f01..4ca95e5608 100644 --- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md @@ -1,9 +1,9 @@ -# [The Windows Defender Security Center app](windows-defender-security-center.md) +# [The Microsoft Defender Security Center app](windows-defender-security-center.md) -## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md) -## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md) -## [Manage Windows Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md) +## [Customize the Microsoft Defender Security Center app for your organization](wdsc-customize-contact-information.md) +## [Hide Microsoft Defender Security Center app notifications](wdsc-hide-notifications.md) +## [Manage Microsoft Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md) ## [Virus and threat protection](wdsc-virus-threat-protection.md) ## [Account protection](wdsc-account-protection.md) ## [Firewall and network protection](wdsc-firewall-network-protection.md) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md index eb6433dadd..7dbb40b803 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- @@ -55,4 +57,4 @@ This can only be done in Group Policy. >[!NOTE] >If you hide all sections then the app will show a restricted interface, as in the following screenshot: > ->![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) \ No newline at end of file +>![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md index f8a95593d9..ca32f2c55a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- @@ -74,4 +76,4 @@ This can only be done in Group Policy. >[!NOTE] >If you hide all sections then the app will show a restricted interface, as in the following screenshot: > ->![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) \ No newline at end of file +>![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index 30cc2c355d..9692fa9046 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Customize the Windows Security app for your organization diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index 83258123af..2669eb3ab6 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- @@ -54,4 +56,4 @@ This can only be done in Group Policy. >[!NOTE] >If you hide all sections then the app will show a restricted interface, as in the following screenshot: > ->![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) \ No newline at end of file +>![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md index 5df35a849e..2acf81e5cf 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- # Device security diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md index cc7706945e..d785a3f420 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- @@ -53,4 +55,4 @@ This can only be done in Group Policy. >[!NOTE] >If you hide all sections then the app will show a restricted interface, as in the following screenshot: > ->![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) \ No newline at end of file +>![Windows Security app with all sections hidden by Group Policy](images/wdsc-all-hide.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md index 1aea2d2d26..141a5c002f 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index b936dc1dcb..9ae361f1fd 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Hide Windows Security app notifications @@ -84,4 +86,4 @@ This can only be done in Group Policy. 6. Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**. -7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). \ No newline at end of file +7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index f4ee73535b..4c160a092a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index f13658dab4..5431868198 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 04/30/2018 +ms.reviewer: +manager: dansimp --- # Manage Windows Security in Windows 10 in S mode @@ -36,7 +38,7 @@ The Windows Security interface is a little different in Windows 10 in S mode. Th For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode). -##Managing Windows Security settings with Intune +## Managing Windows Security settings with Intune In the enterprise, you can only manage security settings for devices running Windows 10 in S mode with Microsoft Intune or other mobile device management apps. Windows 10 in S mode prevents making changes via PowerShell scripts. diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 60a0d3278b..a12e0b136b 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -9,9 +9,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: dansimp +ms.author: dansimp ms.date: 10/02/2018 +ms.reviewer: +manager: dansimp --- @@ -37,7 +39,7 @@ In Windows 10, version 1803, the app has two new areas, **Account protection** a ![Screen shot of the Windows Security app showing that the device is protected and five icons for each of the features](images/security-center-home.png) >[!NOTE] ->The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). +>The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). You can't uninstall the Windows Security app, but you can do one of the following: @@ -93,7 +95,7 @@ You can find more information about each section, including options for configur > >Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). -> [!WARNING] +> [!WARNING] > If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. > >It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. @@ -106,7 +108,7 @@ It acts as a collector or single place to see the status and perform some config Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Security app. The Windows Security app itself will still run and show status for the other security features. -> [!IMPORTANT] +> [!IMPORTANT] > Individually disabling any of the services will not disable the other services or the Windows Security app. For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall. diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md index 660b1b518c..24b4c8ebd1 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md @@ -6,9 +6,12 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: jasongerend +author: dansimp ms.localizationpriority: medium ms.date: 1/26/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings **Applies to:** @@ -216,4 +219,4 @@ To better help you protect your organization, we recommend turning on and using - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md index ccc35c4967..12253adde3 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md @@ -6,9 +6,12 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha +author: mjcaparas ms.localizationpriority: medium ms.date: 07/27/2017 +ms.reviewer: +manager: dansimp +ms.author: mjcaparas --- # Windows Defender SmartScreen @@ -68,5 +71,5 @@ SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Even - [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) ->[!NOTE] +>[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md index f11f1ad904..f9fb884957 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md @@ -6,9 +6,12 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha +author: mjcaparas ms.localizationpriority: medium ms.date: 10/13/2017 +ms.reviewer: +manager: dansimp +ms.author: mjcaparas --- # Set up and use Windows Defender SmartScreen on individual devices @@ -30,29 +33,29 @@ Starting with Windows 10, version 1703 your employees can use Windows Security t 2. In the **App & browser control** screen, choose from the following options: - - In the **Check apps and files** area: + - In the **Check apps and files** area: - - **Block.** Stops employees from downloading and running unrecognized apps and files from the web. + - **Block.** Stops employees from downloading and running unrecognized apps and files from the web. - - **Warn.** Warns employees that the apps and files being downloaded from the web are potentially dangerous, but allows the action to continue. + - **Warn.** Warns employees that the apps and files being downloaded from the web are potentially dangerous, but allows the action to continue. - - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. + - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. - - In the **SmartScreen for Microsoft Edge** area: + - In the **SmartScreen for Microsoft Edge** area: - - **Block.** Stops employees from downloading and running unrecognized apps and files from the web, while using Microsoft Edge. + - **Block.** Stops employees from downloading and running unrecognized apps and files from the web, while using Microsoft Edge. - - **Warn.** Warns employees that sites and downloads are potentially dangerous, but allows the action to continue while running in Microsoft Edge. + - **Warn.** Warns employees that sites and downloads are potentially dangerous, but allows the action to continue while running in Microsoft Edge. - - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. + - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. - - In the **SmartScreen from Microsoft Store apps** area: + - In the **SmartScreen from Microsoft Store apps** area: - - **Warn.** Warns employees that the sites and downloads used by Microsoft Store apps are potentially dangerous, but allows the action to continue. + - **Warn.** Warns employees that the sites and downloads used by Microsoft Store apps are potentially dangerous, but allows the action to continue. - - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files. + - **Off.** Turns off SmartScreen, so an employee isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files. - ![Windows Security, SmartScreen controls](images/windows-defender-smartscreen-control.png) + ![Windows Security, SmartScreen controls](images/windows-defender-smartscreen-control.png) ## How SmartScreen works when an employee tries to run an app Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, SmartScreen can warn the employee or block the app from running entirely, depending on how you've configured the feature to run in your organization. @@ -77,4 +80,4 @@ You can configure Windows Defender SmartScreen to warn employees from going to a - [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md) >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 15efbf1a94..4cbc411cdd 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -2,13 +2,16 @@ title: Windows Defender System Guard How a hardware-based root of trust helps protect Windows 10 (Windows 10) description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp ms.date: 03/01/2019 --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md index 9f39c8f835..816c7d49b0 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md @@ -2,13 +2,16 @@ title: Windows Defender System Guard How a hardware-based root of trust helps protect Windows 10 (Windows 10) description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.reviewer: +manager: dansimp +ms.author: dansimp search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp ms.date: 03/01/2019 --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 73a279e7a5..ceb1488e72 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -7,8 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp ms.date: 03/01/2019 +ms.reviewer: +manager: dansimp +ms.author: dansimp --- # System Guard Secure Launch and SMM protection @@ -72,7 +75,8 @@ Any machine with System Guard enabled will automatically meet the following low- |SMM Page Tables| Must NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory).
      Must NOT contain any mappings to code sections within EfiRuntimeServicesCode.
      Must NOT have execute and write permissions for the same page
      Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType.
      BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry. | |Modern/Connected Standby|Platforms must support Modern/Connected Standby.| |TPM AUX Index|Platform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256)
      Platforms must set up a PS (Platform Supplier) index with:
      • Exactly the "TXT PS2" style Attributes on creation as follows:
        • AuthWrite
        • PolicyDelete
        • WriteLocked
        • WriteDefine
        • AuthRead
        • WriteDefine
        • NoDa
        • Written
        • PlatformCreate
      • A policy of exactly PolicyCommandCode(CC = TPM2_CC_UndefineSpaceSpecial) (SHA256 NameAlg and Policy)
      • Size of exactly 70 bytes
      • NameAlg = SHA256
      • In addition, it must have been initialized and locked (TPMA_NV_WRITTEN = 1, TPMA_NV_WRITELOCKED = 1) at time of OS launch.
      PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00 | -|AUX Policy|The required AUX policy must be as follows:
      • A = TPM2_PolicyLocality (Locality 3 & Locality 4)
      • B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial)
      • authPolicy = {A} OR {{A} AND {B}}
      • authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24
      | +|AUX Policy|The required AUX policy must be as follows:
      • A = TPM2_PolicyLocality (Locality 3 & Locality 4)
      • B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial)
      • authPolicy = \{A} OR {{A} AND \{B}}
      • authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24
      | +|TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with:
      • Handle: 0x01C101C0
      • Attributes:
        • TPMA_NV_POLICYWRITE
        • TPMA_NV_PPREAD
        • TPMA_NV_OWNERREAD
        • TPMA_NV_AUTHREAD
        • TPMA_NV_POLICYREAD
        • TPMA_NV_NO_DA
        • TPMA_NV_PLATFORMCREATE
        • TPMA_NV_POLICY_DELETE
      • A policy of:
        • A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey)
        • B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial)
        • authPolicy = \{A} OR {{A} AND \{B}}
        • Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c,0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1
      | |Platform firmware|Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch:
      • Intel® SINIT ACM must be carried in the OEM BIOS
      • Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
      | |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md index e0eb8aa2f0..d74524355b 100644 --- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md @@ -2,12 +2,14 @@ title: Add Production Devices to the Membership Group for a Zone (Windows 10) description: Add Production Devices to the Membership Group for a Zone ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -27,7 +29,7 @@ After you test the GPOs for your design on a small set of devices, you can deplo **Caution**   For GPOs that contain connection security rules that prevent unauthenticated connections, be sure to set the rules to request, not require, authentication during testing. After you deploy the GPO and confirm that all of your devices are successfully communicating by using authenticated IPsec, then you can modify the GPO to require authentication. Do not change the boundary zone GPO to require mode. -  + The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new devices that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude devices that must not receive the GPOs. Use device groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Devices that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md). @@ -79,9 +81,9 @@ From an elevated command prompt, type the following: gpresult /r /scope:computer ``` -  + -  + diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md index 48b1825121..c79ea27f4e 100644 --- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md @@ -2,12 +2,14 @@ title: Add Test Devices to the Membership Group for a Zone (Windows 10) description: Add Test Devices to the Membership Group for a Zone ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index bfcf709295..5c31e736a7 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -2,12 +2,14 @@ title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10) description: Appendix A Sample GPO Template Files for Settings Used in this Guide ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md index 4a86815d9b..b41fba1e87 100644 --- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md @@ -2,12 +2,14 @@ title: Assign Security Group Filters to the GPO (Windows 10) description: Assign Security Group Filters to the GPO ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 6a7263f0ca..7382a66a00 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -2,12 +2,14 @@ title: Basic Firewall Policy Design (Windows 10) description: Basic Firewall Policy Design ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md index 5959bbfda1..0b313e0d05 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md @@ -2,12 +2,14 @@ title: Boundary Zone GPOs (Windows 10) description: Boundary Zone GPOs ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md index db6b6132c2..05d8ac588f 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md @@ -2,12 +2,14 @@ title: Boundary Zone (Windows 10) description: Boundary Zone ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index 011ebb5486..accc64084b 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -2,12 +2,14 @@ title: Certificate-based Isolation Policy Design Example (Windows 10) description: Certificate-based Isolation Policy Design Example ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index 4e737e809f..3bd6236176 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Certificate-based Isolation Policy Design (Windows 10) description: Certificate-based Isolation Policy Design ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md index f2e2887ade..11af4131b4 100644 --- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md +++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md @@ -2,12 +2,14 @@ title: Change Rules from Request to Require Mode (Windows 10) description: Change Rules from Request to Require Mode ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md index 547555a30a..fa8377de0d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md @@ -2,12 +2,14 @@ title: Checklist Configuring Basic Firewall Settings (Windows 10) description: Checklist Configuring Basic Firewall Settings ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md index b9fa4a2a08..2163ee0015 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md @@ -2,12 +2,14 @@ title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10) description: Checklist Configuring Rules for an Isolated Server Zone ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md index e0d1dfffb0..bb381856b4 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md @@ -2,12 +2,14 @@ title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10) description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -42,5 +44,5 @@ The GPOs for isolated servers are similar to those for an isolated domain. This | Create a firewall rule that allows inbound network traffic only if it is authenticated from a user or device that is a member of the zone’s NAG.| [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)| | Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| | Add your test server to the membership group for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| -  + Do not change the rules for any of your zones to require authentication until all zones have been set up and thoroughly tested. diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md index d34f75d4fe..8d8d97e772 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md @@ -2,12 +2,14 @@ title: Checklist Configuring Rules for the Boundary Zone (Windows 10) description: Checklist Configuring Rules for the Boundary Zone ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md index e940d4f34e..5c265b66ef 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md @@ -2,12 +2,14 @@ title: Checklist Configuring Rules for the Encryption Zone (Windows 10) description: Checklist Configuring Rules for the Encryption Zone ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md index 002a46e88e..260980b98d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md @@ -2,12 +2,14 @@ title: Checklist Configuring Rules for the Isolated Domain (Windows 10) description: Checklist Configuring Rules for the Isolated Domain ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -38,6 +40,6 @@ The following checklists include tasks for configuring connection security rules | Link the GPO to the domain level of the AD DS organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| | Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| | Verify that the connection security rules are protecting network traffic to and from the test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| -  + Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly. diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md index c7f2c55c5c..151e5017f4 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md @@ -2,12 +2,14 @@ title: Checklist Creating Group Policy Objects (Windows 10) description: Checklist Creating Group Policy Objects ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -46,4 +48,4 @@ You can also use a membership group for one zone as an exclusion group for anoth | Create WMI filters to limit each GPO to only the devices that match the criteria in the filter.| [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md) | | If you are working on a GPO that was copied from another, modify the group memberships and WMI filters so that they are correct for the new zone or version of Windows for which this GPO is intended.|[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) | | Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md) | -| Before adding any rules or configuring the GPO, add a few test devices to the membership group, and make sure that the correct GPO is received and applied to each member of the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md) | \ No newline at end of file +| Before adding any rules or configuring the GPO, add a few test devices to the membership group, and make sure that the correct GPO is received and applied to each member of the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md) | diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md index 7542c518e3..9c392608a3 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md @@ -2,12 +2,14 @@ title: Checklist Creating Inbound Firewall Rules (Windows 10) description: Checklist Creating Inbound Firewall Rules ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md index 3d514a68af..10f025a062 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md @@ -2,12 +2,14 @@ title: Checklist Creating Outbound Firewall Rules (Windows 10) description: Checklist Creating Outbound Firewall Rules ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md index a22fc67423..02be1db95f 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md @@ -2,12 +2,14 @@ title: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone (Windows 10) description: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md index f160d1828b..6d74ea9356 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md @@ -2,12 +2,14 @@ title: Checklist Implementing a Basic Firewall Policy Design (Windows 10) description: Checklist Implementing a Basic Firewall Policy Design ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md index 018d2e9b31..4d6b02ef58 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10) description: Checklist Implementing a Certificate-based Isolation Policy Design ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md index ff503c5cbb..139618cb53 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Checklist Implementing a Domain Isolation Policy Design (Windows 10) description: Checklist Implementing a Domain Isolation Policy Design ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md index 995d06b05f..05aad0007e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10) description: Checklist Implementing a Standalone Server Isolation Policy Design ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md index 61cd9ed219..1537a9a193 100644 --- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md +++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md @@ -2,12 +2,14 @@ title: Configure Authentication Methods (Windows 10) description: Configure Authentication Methods ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -31,50 +33,50 @@ To complete these procedures, you must be a member of the Domain Administrators **To configure authentication methods** -1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security] (open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). +1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). -2. In the details pane on the main Windows Defender Firewall with Advanced Security page, click **Windows Defender Firewall Properties**. +2. In the details pane on the main Windows Defender Firewall with Advanced Security page, click **Windows Defender Firewall Properties**. -3. On the **IPsec Settings** tab, click **Customize**. +3. On the **IPsec Settings** tab, click **Customize**. -4. In the **Authentication Method** section, select the type of authentication that you want to use from among the following: +4. In the **Authentication Method** section, select the type of authentication that you want to use from among the following: - 1. **Default**. Selecting this option tells the computer to use the authentication method currently defined by the local administrator in Windows Defender Firewall or by Group Policy as the default. + 1. **Default**. Selecting this option tells the computer to use the authentication method currently defined by the local administrator in Windows Defender Firewall or by Group Policy as the default. - 2. **Computer and User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of both the computer and the currently logged-on user by using their domain credentials. + 2. **Computer and User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of both the computer and the currently logged-on user by using their domain credentials. - 3. **Computer (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows. + 3. **Computer (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows. - 4. **User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. + 4. **User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. - 5. **Computer certificate from this certification authority**. Selecting this option and entering the identification of a certification authority (CA) tells the computer to use and require authentication by using a certificate that is issued by the selected CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication enhanced key usage (EKU) typically provided in a Network Access Protection (NAP) infrastructure can be used for this rule. + 5. **Computer certificate from this certification authority**. Selecting this option and entering the identification of a certification authority (CA) tells the computer to use and require authentication by using a certificate that is issued by the selected CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication enhanced key usage (EKU) typically provided in a Network Access Protection (NAP) infrastructure can be used for this rule. - 6. **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**. + 6. **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**. - The first authentication method can be one of the following: + The first authentication method can be one of the following: - - **Computer (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows. + - **Computer (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows. - - **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. + - **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. - - **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by that CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used. + - **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by that CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used. - - **Preshared key (not recommended)**. Selecting this method and entering a preshared key tells the computer to authenticate by exchanging the preshared keys. If they match, then the authentication succeeds. This method is not recommended, and is included only for backward compatibility and testing purposes. + - **Preshared key (not recommended)**. Selecting this method and entering a preshared key tells the computer to authenticate by exchanging the preshared keys. If they match, then the authentication succeeds. This method is not recommended, and is included only for backward compatibility and testing purposes. - If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails. + If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails. - The second authentication method can be one of the following: + The second authentication method can be one of the following: - - **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. + - **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. - - **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. + - **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1. - - **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to specified users or user groups. + - **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to specified users or user groups. - - **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication EKU typically provided in a NAP infrastructure can be used for this rule. + - **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication EKU typically provided in a NAP infrastructure can be used for this rule. - If you select **Second authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails. + If you select **Second authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails. - >**Important:**  Make sure that you do not select the check boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails. + >**Important:** Make sure that you do not select the check boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails. -5. Click **OK** on each dialog box to save your changes and return to the Group Policy Management Editor. +5. Click **OK** on each dialog box to save your changes and return to the Group Policy Management Editor. diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md index 04385257bc..70452597e6 100644 --- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md @@ -2,12 +2,14 @@ title: Configure Data Protection (Quick Mode) Settings (Windows 10) description: Configure Data Protection (Quick Mode) Settings ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md index a7a53b7459..c16f30452b 100644 --- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md +++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md @@ -2,12 +2,14 @@ title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10) description: Configure Group Policy to Autoenroll and Deploy Certificates ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md index c9d55885a2..b8743e2e69 100644 --- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md @@ -2,12 +2,14 @@ title: Configure Key Exchange (Main Mode) Settings (Windows 10) description: Configure Key Exchange (Main Mode) Settings ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md index 4db16a7911..7fde7baa03 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md @@ -2,12 +2,14 @@ title: Configure the Rules to Require Encryption (Windows 10) description: Configure the Rules to Require Encryption ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -25,25 +27,25 @@ To complete this procedure, you must be a member of the Domain Administrators gr **To modify an authentication request rule to also require encryption** -1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). +1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). -2. In the navigation pane, click **Connection Security Rules**. +2. In the navigation pane, click **Connection Security Rules**. -3. In the details pane, double-click the connection security rule you want to modify. +3. In the details pane, double-click the connection security rule you want to modify. -4. On the **Name** page, rename the connection security rule, edit the description to reflect the new use for the rule, and then click **OK**. +4. On the **Name** page, rename the connection security rule, edit the description to reflect the new use for the rule, and then click **OK**. -5. In the navigation pane, right-click **Windows Defender Firewall – LDAP://CN={***guid***}**, and then click **Properties**. +5. In the navigation pane, right-click **Windows Defender Firewall – LDAP://CN={**guid**}**, and then click **Properties**. -6. Click the **IPsec Settings** tab. +6. Click the **IPsec Settings** tab. -7. Under **IPsec defaults**, click **Customize**. +7. Under **IPsec defaults**, click **Customize**. -8. Under **Data protection (Quick Mode)**, click **Advanced**, and then click **Customize**. +8. Under **Data protection (Quick Mode)**, click **Advanced**, and then click **Customize**. -9. Click **Require encryption for all connection security rules that use these settings**. +9. Click **Require encryption for all connection security rules that use these settings**. - This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client devices will use to connect to members of the encryption zone. The client devices receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client devices in that zone will not be able to connect to devices in this zone. + This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client devices will use to connect to members of the encryption zone. The client devices receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client devices in that zone will not be able to connect to devices in this zone. 10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md). diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md index c4b832463c..851b77b568 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md @@ -2,12 +2,14 @@ title: Configure the Windows Defender Firewall Log (Windows 10) description: Configure the Windows Defender Firewall Log ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md index b3e437f93d..5dae7a9636 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md @@ -2,12 +2,15 @@ title: Configure the Workstation Authentication Certificate Template (Windows 10) description: Configure the Workstation Authentication Certificate Template ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: Justinha +author: dansimp ms.date: 07/30/2018 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md index 2da66c7b37..e7e888bcdb 100644 --- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md +++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md @@ -2,12 +2,14 @@ title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows 10) description: Configure Windows Defender Firewall with Advanced Security to suppress notifications when a program is Bbocked ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md index 07f9ccdc3f..566425e4b8 100644 --- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md +++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md @@ -2,12 +2,14 @@ title: Confirm That Certificates Are Deployed Correctly (Windows 10) description: Confirm That Certificates Are Deployed Correctly ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: securit ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md index d0edca9291..e9c8024043 100644 --- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md +++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md @@ -2,12 +2,14 @@ title: Copy a GPO to Create a New GPO (Windows 10) description: Copy a GPO to Create a New GPO ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -29,23 +31,23 @@ To complete this procedure, you must be a member of the Domain Administrators gr **To make a copy of a GPO** -1. Open the Group Policy Management console. +1. Open the Group Policy Management console. -2. In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**. +2. In the navigation pane, expand **Forest:**YourForestName, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**. -3. In the details pane, right-click the GPO you want to copy, and then click **Copy**. +3. In the details pane, right-click the GPO you want to copy, and then click **Copy**. -4. In the navigation pane, right-click **Group Policy Objects** again, and then click **Paste**. +4. In the navigation pane, right-click **Group Policy Objects** again, and then click **Paste**. -5. In the **Copy GPO** dialog box, click **Preserve the existing permissions**, and then click **OK**. Selecting this option preserves any exception groups to which you denied Read and Apply GPO permissions, making the change simpler. +5. In the **Copy GPO** dialog box, click **Preserve the existing permissions**, and then click **OK**. Selecting this option preserves any exception groups to which you denied Read and Apply GPO permissions, making the change simpler. -6. After the copy is complete, click **OK**. The new GPO is named **Copy of** *original GPO name*. +6. After the copy is complete, click **OK**. The new GPO is named **Copy of** *original GPO name*. -7. To rename it, right-click the GPO, and then click **Rename**. +7. To rename it, right-click the GPO, and then click **Rename**. -8. Type the new name, and then press ENTER. +8. Type the new name, and then press ENTER. -9. You must change the security filters to apply the policy to the correct group of devices. To do this, click the **Scope** tab, and in the **Security Filtering** section, select the group that grants permissions to all members of the isolated domain, for example **CG\_DOMISO\_IsolatedDomain**, and then click **Remove**. +9. You must change the security filters to apply the policy to the correct group of devices. To do this, click the **Scope** tab, and in the **Security Filtering** section, select the group that grants permissions to all members of the isolated domain, for example **CG\_DOMISO\_IsolatedDomain**, and then click **Remove**. 10. In the confirmation dialog box, click **OK**. diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md index cae0e8377d..5e5b2b22d9 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md @@ -2,12 +2,14 @@ title: Create a Group Account in Active Directory (Windows 10) description: Create a Group Account in Active Directory ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md index 71d09a7ac9..b790f7d1ac 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md @@ -2,12 +2,14 @@ title: Create a Group Policy Object (Windows 10) description: Create a Group Policy Object ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -29,22 +31,22 @@ To complete this procedure, you must be a member of the Domain Administrators gr To create a new GPO -1. Open the Group Policy Management console. +1. Open the Group Policy Management console. -2. In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**. +2. In the navigation pane, expand **Forest:**YourForestName, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**. -3. Click **Action**, and then click **New**. +3. Click **Action**, and then click **New**. -4. In the **Name** text box, type the name for your new GPO. +4. In the **Name** text box, type the name for your new GPO. - >**Note:**  Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs. + >**Note:** Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs. -5. Leave **Source Starter GPO** set to **(none)**, and then click **OK**. +5. Leave **Source Starter GPO** set to **(none)**, and then click **OK**. -6. If your GPO will not contain any user settings, then you can improve performance by disabling the **User Configuration** section of the GPO. To do this, perform these steps: +6. If your GPO will not contain any user settings, then you can improve performance by disabling the **User Configuration** section of the GPO. To do this, perform these steps: - 1. In the navigation pane, click the new GPO. + 1. In the navigation pane, click the new GPO. - 2. In the details pane, click the **Details** tab. + 2. In the details pane, click the **Details** tab. - 3. Change the **GPO Status** to **User configuration settings disabled**. + 3. Change the **GPO Status** to **User configuration settings disabled**. diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md index 6811e14cb9..2f97c1e3a7 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md @@ -2,12 +2,14 @@ title: Create an Authentication Exemption List Rule (Windows 10) description: Create an Authentication Exemption List Rule ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -26,7 +28,7 @@ In almost any isolated server or isolated domain scenario, there are some device **Important**   Adding devices to the exemption list for a zone reduces security because it permits devices in the zone to send network traffic that is unprotected by IPsec to the devices on the list. As discussed in the Windows Defender Firewall with Advanced Security Design Guide, you must add only managed and trusted devices to the exemption list. -  + **Administrative credentials** To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs. diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md index e5a012b51d..2c12d1140a 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md @@ -2,12 +2,14 @@ title: Create an Authentication Request Rule (Windows 10) description: Create an Authentication Request Rule ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md index 03f453bff7..2c0470e6c8 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md @@ -2,12 +2,14 @@ title: Create an Inbound ICMP Rule (Windows 10) description: Create an Inbound ICMP Rule ms.assetid: 267b940a-79d9-4322-b53b-81901e357344 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md index 14a83fb6d4..2c3d3fccae 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md @@ -2,12 +2,14 @@ title: Create an Inbound Port Rule (Windows 10) description: Create an Inbound Port Rule ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -36,34 +38,34 @@ This topic describes how to create a standard port rule for a specified protocol **To create an inbound port rule** -1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security] (open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). +1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). -2. In the navigation pane, click **Inbound Rules**. +2. In the navigation pane, click **Inbound Rules**. -3. Click **Action**, and then click **New rule**. +3. Click **Action**, and then click **New rule**. -4. On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**. +4. On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**. - >**Note:**  Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules. + >**Note:** Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules. -5. On the **Program** page, click **All programs**, and then click **Next**. +5. On the **Program** page, click **All programs**, and then click **Next**. - >**Note:**  This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria. + >**Note:** This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria. -6. On the **Protocol and Ports** page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an incoming rule, you typically configure only the local port number. +6. On the **Protocol and Ports** page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an incoming rule, you typically configure only the local port number. - If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall. + If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall. - To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box. + To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box. - When you have configured the protocols and ports, click **Next**. + When you have configured the protocols and ports, click **Next**. -7. On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**. +7. On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**. -8. On the **Action** page, select **Allow the connection**, and then click **Next**. +8. On the **Action** page, select **Allow the connection**, and then click **Next**. -9. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**. +9. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**. - >**Note:**  If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type. + >**Note:** If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type. 10. On the **Name** page, type a name and description for your rule, and then click **Finish**. diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index 8eabd8aac7..401e8de3f6 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -2,12 +2,14 @@ title: Create an Inbound Program or Service Rule (Windows 10) description: Create an Inbound Program or Service Rule ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md index d364255db1..19ced05694 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md @@ -2,12 +2,14 @@ title: Create an Outbound Port Rule (Windows 10) description: Create an Outbound Port Rule ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index 67f89c2496..354ed24f32 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -2,12 +2,14 @@ title: Create an Outbound Program or Service Rule (Windows 10) description: Create an Outbound Program or Service Rule ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index 235a0c8da8..84b71ac1f8 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -2,12 +2,14 @@ title: Create Inbound Rules to Support RPC (Windows 10) description: Create Inbound Rules to Support RPC ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 59c112d9c6..9dc6366064 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -2,12 +2,14 @@ title: Create Windows Firewall rules in Intune (Windows 10) description: Explains how to create Windows Firewall rules in Intune ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: tewchen +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 47e73387a1..a4d7f249b4 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -2,12 +2,14 @@ title: Create WMI Filters for the GPO (Windows 10) description: Create WMI Filters for the GPO ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index a667cc8b9e..048a242e05 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -2,12 +2,14 @@ title: Designing a Windows Defender Firewall with Advanced Security Strategy (Windows 10) description: Designing a Windows Defender Firewall Strategy ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index 5358628f72..e5abd70033 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -2,12 +2,14 @@ title: Determining the Trusted State of Your Devices (Windows 10) description: Determining the Trusted State of Your Devices ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index e2c215097f..45577c869a 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -2,12 +2,14 @@ title: Documenting the Zones (Windows 10) description: Documenting the Zones ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index 4948d77abd..8179db1063 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -2,12 +2,14 @@ title: Domain Isolation Policy Design Example (Windows 10) description: Domain Isolation Policy Design Example ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index 4b4d4f339d..948932fb53 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Domain Isolation Policy Design (Windows 10) description: Domain Isolation Policy Design ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index 7dddf66e82..cf2ca2ed30 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -2,12 +2,14 @@ title: Enable Predefined Inbound Rules (Windows 10) description: Enable Predefined Inbound Rules ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index 7f97202ce9..17c9f0d4ee 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -2,12 +2,14 @@ title: Enable Predefined Outbound Rules (Windows 10) description: Enable Predefined Outbound Rules ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index 3a3de91310..1a2eab4b13 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -2,12 +2,14 @@ title: Encryption Zone GPOs (Windows 10) description: Encryption Zone GPOs ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index d4f2cd21b8..2330b6ee32 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -2,12 +2,14 @@ title: Encryption Zone (Windows 10) description: Encryption Zone ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -55,7 +57,7 @@ The GPO for devices that are running at least Windows Server 2008 should includ **Important**   Be sure to begin operations by using request in and request out behavior until you are sure that all the devices in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out. -   + - A registry policy that includes the following values: diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 85800c7ac0..8ac067b11e 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -2,12 +2,14 @@ title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows 10) description: Evaluating Windows Defender Firewall with Advanced Security Design Examples ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index f2e032d611..4293f9cc59 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -2,12 +2,14 @@ title: Exempt ICMP from Authentication (Windows 10) description: Exempt ICMP from Authentication ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index 54e493f96b..93dbefc241 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -2,12 +2,14 @@ title: Exemption List (Windows 10) description: Exemption List ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index 128c004e23..1af381ba0e 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -2,12 +2,14 @@ title: Firewall GPOs (Windows 10) description: Firewall GPOs ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index 18505427fb..fef8bc41e2 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -2,12 +2,14 @@ title: Firewall Policy Design Example (Windows 10) description: Firewall Policy Design Example ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 1bccaae7f0..5b0c733db4 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -2,12 +2,14 @@ title: Gathering Information about Your Active Directory Deployment (Windows 10) description: Gathering Information about Your Active Directory Deployment ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 5ba2d31a7e..34b00db3ac 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -2,12 +2,14 @@ title: Gathering Information about Your Current Network Infrastructure (Windows 10) description: Gathering Information about Your Current Network Infrastructure ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 68dd3b06a3..79f64faa4e 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -2,12 +2,14 @@ title: Gathering Information about Your Devices (Windows 10) description: Gathering Information about Your Devices ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 8e2fc69d81..7a20dd71a7 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -2,12 +2,14 @@ title: Gathering Other Relevant Information (Windows 10) description: Gathering Other Relevant Information ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index c5219ae6b0..89fc8ac3c0 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -2,12 +2,14 @@ title: Gathering the Information You Need (Windows 10) description: Gathering the Information You Need ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 6d8dc47e86..65e05e7876 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -2,12 +2,14 @@ title: GPO\_DOMISO\_Boundary (Windows 10) description: GPO\_DOMISO\_Boundary ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index c777247232..0820c4aacb 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -2,7 +2,9 @@ title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10) description: GPO\_DOMISO\_Encryption\_WS2008 ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446 -author: justinha +ms.reviewer: +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index 1ea46fff03..81e55a89ac 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -2,12 +2,14 @@ title: GPO\_DOMISO\_Firewall (Windows 10) description: GPO\_DOMISO\_Firewall ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index 9332c21b2f..4701b4565d 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -2,12 +2,14 @@ title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows 10) description: GPO\_DOMISO\_IsolatedDomain\_Clients ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index 10a3fb7190..6e5fc43ced 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -2,12 +2,14 @@ title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows 10) description: GPO\_DOMISO\_IsolatedDomain\_Servers ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index a19331420d..9bdbf322d4 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -2,12 +2,14 @@ title: Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals (Windows 10) description: Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -18,18 +20,20 @@ ms.date: 08/17/2017 # Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals **Applies to** -- Windows 10 +- Windows 10 - Windows Server 2016 Correctly identifying your Windows Defender Firewall with Advanced Security deployment goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall deployment goals presented in this guide that are relevant to your scenarios. The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall deployment goals: -| Deployment goal tasks | Reference links | -| --- | --- | -| Evaluate predefined Windows Defender Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined deployment goals:

      • [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)

      • [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)

      • [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)

      • [Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)
      -| Map one goal or a combination of the predefined deployment goals to an existing Windows Defender Firewall with Advanced Security design. |
      • [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
      -| Based on the status of your current infrastructure, document your deployment goals for your Windows Defender Firewall with Advanced Security design into a deployment plan. |
      • [Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)

      • [Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)
      + +| Deployment goal tasks | Reference links | +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Evaluate predefined Windows Defender Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined deployment goals:

      • [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)

      • [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)

      • [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)

      • [Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)
      | +| Map one goal or a combination of the predefined deployment goals to an existing Windows Defender Firewall with Advanced Security design. |
      • [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
      | +| Based on the status of your current infrastructure, document your deployment goals for your Windows Defender Firewall with Advanced Security design into a deployment plan. |
      • [Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)

      • [Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)
      | +
      **Next:** [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md) diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index 2e40134147..c56fd15494 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -2,12 +2,14 @@ title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows 10) description: Implementing Your Windows Defender Firewall with Advanced Security Design Plan ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index 6a095cdd8b..84999a6bd2 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -2,12 +2,14 @@ title: Isolated Domain GPOs (Windows 10) description: Isolated Domain GPOs ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index fe4dcddb97..7c2bb196ff 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -2,12 +2,14 @@ title: Isolated Domain (Windows 10) description: Isolated Domain ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index dbeb159610..e1cacdb8c6 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -6,12 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/13/2017 +ms.reviewer: +ms.author: dansimp --- # Isolating Microsoft Store Apps on Your Network diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index 2dde088e64..3b40dbd662 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -2,12 +2,14 @@ title: Link the GPO to the Domain (Windows 10) description: Link the GPO to the Domain ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 20fedfde68..8c6362f758 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -2,12 +2,14 @@ title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10) description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index 9cfe8cea6a..126a5f0dc2 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -2,12 +2,14 @@ title: Modify GPO Filters to Apply to a Different Zone or Version of Windows (Windows 10) description: Modify GPO Filters to Apply to a Different Zone or Version of Windows ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 2c6b03a173..e00e35ccff 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -2,12 +2,14 @@ title: Open the Group Policy Management Console to IP Security Policies (Windows 10) description: Open the Group Policy Management Console to IP Security Policies ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -25,8 +27,8 @@ Procedures in this guide that refer to GPOs for earlier versions of the Windows **To open a GPO to the IP Security Policies section** -1. Open the Group Policy Management console. +1. Open the Group Policy Management console. -2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**. +2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**. -3. In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, and then click **IP Security Policies on Active Directory (***YourDomainName***)**. \ No newline at end of file +3. In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, and then click **IP Security Policies on Active Directory (**YourDomainName**)**. diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index 6200a12ab9..8bea94a26f 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -2,12 +2,14 @@ title: Open the Group Policy Management Console to Windows Firewall with Advanced Security (Windows 10) description: Open the Group Policy Management Console to Windows Firewall with Advanced Security ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -25,8 +27,8 @@ Most of the procedures in this guide instruct you to use Group Policy settings f To open a GPO to Windows Firewall with Advanced Security -1. Open the Group Policy Management console. +1. Open the Group Policy Management console. -2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**. +2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**. -3. In the navigation pane of the Group Policy Management Editor, navigate to **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Windows Firewall with Advanced Security** > **Windows Firewall with Advanced Security - LDAP://cn={***GUID***},cn=…**. +3. In the navigation pane of the Group Policy Management Editor, navigate to **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Windows Firewall with Advanced Security** > **Windows Firewall with Advanced Security - LDAP://cn={**GUID**},cn=…**. diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index f637339ccf..9e395fc16f 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -2,12 +2,14 @@ title: Open the Group Policy Management Console to Windows Defender Firewall (Windows 10) description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance @@ -27,4 +29,4 @@ To open a GPO to Windows Defender Firewall: 2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**. -3. In the navigation pane of the Group Policy Object Editor, navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Network Connections** > **Windows Defender Firewall**. \ No newline at end of file +3. In the navigation pane of the Group Policy Object Editor, navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Network Connections** > **Windows Defender Firewall**. diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index 63089dc239..bba537328b 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -2,12 +2,14 @@ title: Open Windows Defender Firewall with Advanced Security (Windows 10) description: Open Windows Defender Firewall with Advanced Security ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 1162388c82..71ef3b2620 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -2,12 +2,14 @@ title: Planning Certificate-based Authentication (Windows 10) description: Planning Certificate-based Authentication ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index 7a2216d02b..f37a7ebdea 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -2,12 +2,14 @@ title: Planning Domain Isolation Zones (Windows 10) description: Planning Domain Isolation Zones ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index bcdf78631e..188f4f2556 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -2,12 +2,14 @@ title: Planning GPO Deployment (Windows 10) description: Planning GPO Deployment ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index ace81c47a8..991bdcec0d 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -2,12 +2,14 @@ title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10) description: Planning Group Policy Deployment for Your Isolation Zones ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 7125762949..0536c63506 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -2,12 +2,14 @@ title: Planning Isolation Groups for the Zones (Windows 10) description: Planning Isolation Groups for the Zones ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index f720623fc4..fb13446ed6 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -2,12 +2,14 @@ title: Planning Network Access Groups (Windows 10) description: Planning Network Access Groups ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index 9a42f48cf7..f1977f0234 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -2,12 +2,14 @@ title: Planning Server Isolation Zones (Windows 10) description: Planning Server Isolation Zones ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index d8c6149e88..f75466f965 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -2,12 +2,14 @@ title: Planning Settings for a Basic Firewall Policy (Windows 10) description: Planning Settings for a Basic Firewall Policy ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index 6ede27467b..78c49adcca 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -2,12 +2,14 @@ title: Planning the GPOs (Windows 10) description: Planning the GPOs ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index 0077d5fb03..8909c58454 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -2,12 +2,14 @@ title: Planning to Deploy Windows Defender Firewall with Advanced Security (Windows 10) description: Planning to Deploy Windows Defender Firewall with Advanced Security ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index 9c44ddea0e..b00682c8e7 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -2,12 +2,14 @@ title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows 10) description: Planning Your Windows Defender Firewall with Advanced Security Design ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index fbef5e28cb..2d37487be2 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -2,12 +2,14 @@ title: Procedures Used in This Guide (Windows 10) description: Procedures Used in This Guide ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 40ea379c43..46d4138780 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -2,12 +2,14 @@ title: Protect Devices from Unwanted Network Traffic (Windows 10) description: Protect Devices from Unwanted Network Traffic ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index b1ef08f124..d82a578afb 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -2,12 +2,14 @@ title: Require Encryption When Accessing Sensitive Network Resources (Windows 10) description: Require Encryption When Accessing Sensitive Network Resources ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index df49a18a2f..66ddfe63d9 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -2,12 +2,14 @@ title: Restrict Access to Only Specified Users or Devices (Windows 10) description: Restrict Access to Only Specified Users or Devices ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index f512c77601..015a1f0957 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -2,12 +2,14 @@ title: Restrict Access to Only Trusted Devices (Windows 10) description: Restrict Access to Only Trusted Devices ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index 79268f40a7..223595ed41 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -2,12 +2,14 @@ title: Restrict Server Access to Members of a Group Only (Windows 10) description: Restrict Server Access to Members of a Group Only ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 083d71d53f..9c6966b525 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -6,12 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/17/2017 +ms.reviewer: +ms.author: dansimp --- # Securing End-to-End IPsec connections by using IKEv2 @@ -130,10 +132,10 @@ New-NetIPsecRule -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet Make sure that you install the required certificates on the participating computers. ->**Note:**   -- For local devices, you can import the certificates manually if you have administrator access to the computer. For more info, see [Import or export certificates and private keys](https://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys). -- You need a root certificate and a computer certificate on all devices that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder. -- For remote devices, you can create a secure website to facilitate access to the script and certificates. +> **Note:** +> - For local devices, you can import the certificates manually if you have administrator access to the computer. For more info, see [Import or export certificates and private keys](https://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys). +> - You need a root certificate and a computer certificate on all devices that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder. +> - For remote devices, you can create a secure website to facilitate access to the script and certificates. ## Troubleshooting @@ -185,9 +187,9 @@ You might not find the exact answer for the issue, but you can find good hints. - [Windows Defender Firewall with Advanced Security](windows-firewall-with-advanced-security.md) -  + -  + diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index ec31b17097..a22b209144 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -2,12 +2,14 @@ title: Server Isolation GPOs (Windows 10) description: Server Isolation GPOs ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index acf3998fbf..f693d8a70b 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -2,12 +2,14 @@ title: Server Isolation Policy Design Example (Windows 10) description: Server Isolation Policy Design Example ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 3ebb85def1..8a3e3033be 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -2,12 +2,14 @@ title: Server Isolation Policy Design (Windows 10) description: Server Isolation Policy Design ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index fd7f843e54..0b72885c6e 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -2,12 +2,14 @@ title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows 10) description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index 845d5216c4..1a0ea617b9 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -6,12 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/17/2017 +ms.reviewer: +ms.author: dansimp --- # Understanding the Windows Defender Firewall with Advanced Security Design Process diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index 4ddc739f6f..7cbeb23689 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -2,12 +2,14 @@ title: Verify That Network Traffic Is Authenticated (Windows 10) description: Verify That Network Traffic Is Authenticated ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 76a58a391e..79ee3e58bd 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -6,12 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/17/2017 +ms.reviewer: +ms.author: dansimp --- # Windows Defender Firewall with Advanced Security Administration with Windows PowerShell diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index b999a2197b..05befcbc72 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -2,12 +2,14 @@ title: Windows Defender Firewall with Advanced Security Deployment Guide (Windows 10) description: Windows Defender Firewall with Advanced Security Deployment Guide ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index 3b8e40b263..70c8912478 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -2,12 +2,14 @@ title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10) description: Windows Defender Firewall with Advanced Security Design Guide ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51 +ms.reviewer: +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index fae8f19951..0bd3b08e43 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -6,12 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: justinha +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/13/2017 +ms.reviewer: +ms.author: dansimp --- # Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index a3f36f7725..f5a711db65 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -3,13 +3,14 @@ title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. ms.prod: w10 audience: ITPro -author: danihalfin -ms.author: daniha +author: dulcemontemayor +ms.author: dolmont manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium ms.date: 3/20/2019 +ms.reviewer: --- # Common Criteria Certifications diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 2766b15d05..9a3a439e54 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: sagaudre -author: justinha +ms.author: dolmont +author: dulcemontemayor manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 +ms.reviewer: --- # Windows security baselines diff --git a/windows/security/threat-protection/windows-security-configuration-framework/TOC.md b/windows/security/threat-protection/windows-security-configuration-framework/TOC.md index 8ea1c320ba..4d844ddf4c 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/TOC.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/TOC.md @@ -4,8 +4,8 @@ ### [Security Compliance Toolkit](security-compliance-toolkit-10.md) ### [Get support](get-support-for-security-baselines.md) ## [Windows security configuration framework](windows-security-configuration-framework.md) -### [Level 5 enterprise security](level-5-enterprise-security.md) -### [Level 4 enterprise high security](level-4-enterprise-high-security.md) -### [Level 3 enterprise VIP security](level-3-enterprise-vip-security.md) -### [Level 2 enterprise dev/ops workstation](level-2-enterprise-devops-security.md) -### [Level 1 enterprise administrator workstation](level-1-enterprise-administrator-security.md) +### [Level 1 enterprise basic security](level-1-enterprise-basic-security.md) +### [Level 2 enterprise enhanced security](level-2-enterprise-enhanced-security.md) +### [Level 3 enterprise high security](level-3-enterprise-high-security.md) +### [Level 4 enterprise dev/ops workstation](level-4-enterprise-devops-security.md) +### [Level 5 enterprise administrator workstation](level-5-enterprise-administrator-security.md) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index bdbc4a1115..f2f806c37f 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: sagaudre -author: justinha +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 +ms.reviewer: --- # Get Support @@ -80,16 +81,17 @@ Windows Server 2008 R2 |[SP1](https://technet.microsoft.com/library/gg236605.asp **Microsoft Products** -| Name | Details | Security Tools | -|---|---|---| -Internet Explorer 11 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)| -|Internet Explorer 10|[Technet](https://technet.microsoft.com/library/jj898540.aspx)|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | -|Internet Explorer 9|[Technet](https://technet.microsoft.com/library/hh539027.aspx)|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) -|Internet Explorer 8|[Technet](https://technet.microsoft.com/library/ee712766.aspx)|[SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) -|Exchange Server 2010|[Technet](https://technet.microsoft.com/library/hh913521.aspx)| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) -|Exchange Server 2007|[Technet](https://technet.microsoft.com/library/hh913520.aspx)| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) -|Microsoft Office 2010|[Technet](https://technet.microsoft.com/library/gg288965.aspx)| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) -|Microsoft Office 2007 SP2|[Technet](https://technet.microsoft.com/library/cc500475.aspx)| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) + +| Name | Details | Security Tools | +|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------| +| Internet Explorer 11 | [SecGuide](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Internet Explorer 10 | [Technet](https://technet.microsoft.com/library/jj898540.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Internet Explorer 9 | [Technet](https://technet.microsoft.com/library/hh539027.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Internet Explorer 8 | [Technet](https://technet.microsoft.com/library/ee712766.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Exchange Server 2010 | [Technet](https://technet.microsoft.com/library/hh913521.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Exchange Server 2007 | [Technet](https://technet.microsoft.com/library/hh913520.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Microsoft Office 2010 | [Technet](https://technet.microsoft.com/library/gg288965.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) | +| Microsoft Office 2007 SP2 | [Technet](https://technet.microsoft.com/library/cc500475.aspx) | [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
      diff --git a/windows/security/threat-protection/windows-security-configuration-framework/images/seccon-framework.png b/windows/security/threat-protection/windows-security-configuration-framework/images/seccon-framework.png index 06f66acf99..242f5dd9bc 100644 Binary files a/windows/security/threat-protection/windows-security-configuration-framework/images/seccon-framework.png and b/windows/security/threat-protection/windows-security-configuration-framework/images/seccon-framework.png differ diff --git a/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-classification.png b/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-classification.png deleted file mode 100644 index 75467f2098..0000000000 Binary files a/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-classification.png and /dev/null differ diff --git a/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-deployment-methodologies.png b/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-deployment-methodologies.png deleted file mode 100644 index 4f869474e2..0000000000 Binary files a/windows/security/threat-protection/windows-security-configuration-framework/images/security-control-deployment-methodologies.png and /dev/null differ diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md new file mode 100644 index 0000000000..5ff581cba2 --- /dev/null +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md @@ -0,0 +1,358 @@ +--- +title: Level 1 enterprise basic security configuration +description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 1 enterprise security configuration. +keywords: virtualization, security, malware +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.author: appcompatguy +author: appcompatguy +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 05/29/2019 +--- + +# Level 1 Enterprise Basic Security configuration + +**Applies to** + +- Windows 10 + +Level 1 is the minimum security configuration for an enterprise device. +Microsoft recommends the following configuration for level 1 devices. + +## Hardware + +Devices targeting Level 1 should support the following hardware features: + +- [Trusted Platform Module (TPM) 2.0](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-tpm) +- [Bitlocker Drive Encryption](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker) +- [UEFI Secure Boot](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot) +- Drivers and Firmware Distributed through Windows Update + +## Policies + +The policies in level 1 enforce a reasonable security level while minimizing the impact to users or to applications. +Microsoft recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and controls, noting that the timeline can generally be short given the limited potential impact of the security controls. + +### Security Template Policies + +| Feature | Policy Setting | Policy Value | Description | +|-------------------------|--------------------------------------------------------------------------------------------------|---------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Account Lockout | Account Lockout Duration | 15 | The number of minutes a locked-out account remains locked out before automatically becoming unlocked. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. | +| Account Lockout | Account Lockout Threshold | 10 | The number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. | +| Account Lockout | Reset account lockout conter after | 15 | The number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. | +| Password Policy | Enforce password history | 24 | The number of unique new passwords that must be associated with a user account before an old password can be reused. | +| Password Policy | Minimum password length | 14 | The least number of characters that a password for a user account may contain. | +| Password Policy | Password must meet complexity requirements | Enabled | Determines whether passwords must meet complexity requirements:
      1) Not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither check is case sensitive.
      The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is less than three characters long, this check is skipped. The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.
      2) Contain characters from three of the following categories:
      - Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
      - Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
      - Base 10 digits (0 through 9)
      -Non-alphanumeric characters (special characters):
      (~!@#$%^&*_-+=`\|\\(){}[]:;"'<>,.?/)
      Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting.
      - Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages. | +| Password Policy | Store passwords using reversible encryption | Disabled | Determines whether the operating system stores passwords using reversible encryption. | +| Security Options | Accounts: Limit local account use of blank passwords to console logon only | Enabled | This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. | +| Security Options | Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | Enabled | Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category level, and existing Group Policy may override the subcategory settings of new machines as they are joined to the domain or upgraded. To allow audit policy to be managed using subcategories without requiring a change to Group Policy, there is a new registry value in Windows Vista and later versions, SCENoApplyLegacyAuditPolicy, which prevents the application of category-level audit policy from Group Policy and from the Local Security Policy administrative tool. | +| Security Options | Domain member: Digitally encrypt or sign secure channel data (always) | Enabled | This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. This setting determines whether all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically, it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
      - Domain member: Digitally encrypt secure channel data (when possible)
      - Domain member: Digitally sign secure channel data (when possible) | +| Security Options | Domain member: Digitally encrypt secure channel data (when possible) | Enabled | This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise, only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption. | +| Security Options | Domain member: Digitally sign secure channel data (when possible) | Enabled | This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed, which ensures that it cannot be tampered with in transit. | +| Security Options | Domain member: Disable machine account password changes | Disabled | Determines whether a domain member periodically changes its computer account password. | +| Security Options | Domain member: Maximum machine account password age | 30 | Determines how often a domain member will attempt to change its computer account password | +| Security Options | Domain member: require strong (Windows 2000 or later) session key | Enabled | Determines whether 128-bit key strength is required for encrypted secure channel data | +| Security Options | Interactive logon: Machine inactivity limit | 900 | The number of seconds of inactivity before the session is locked | +| Security Options | Interactive logon: Smart card removal behavior | Lock Workstation | This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. If you click **Lock Workstation** in the **Properties** for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart cards with them, and still maintain protected sessions. For this setting to work beginning with Windows Vista, the Smart Card Removal Policy service must be started. | +| Security Options | Microsoft network client: Digitally sign communications (always) | Enabled | This security setting determines whether packet signing is required by the SMB client component. | +| Security Options | Microsoft network client: Send unencrypted password to third party SMB servers| Disabled | If this security setting is enabled, the Server Message Block (SMB) redirector can send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. | +| Security Options | Microsoft network server: Digitally sign communications (always) | Enabled | This security setting determines whether packet signing is required by the SMB server component. | +| Security Options | Network access: Allow anonymous SID/Name translation | Disabled | This security setting determines if an anonymous user can request security identifier (SID) attributes for another user. If this policy is enabled, a user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. | +| Security Options | Network access: Do not allow anonymous enumeration of SAM accounts | Enabled | This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. This security option allows additional restrictions to be placed on anonymous connections as follows: Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. | +| Security Options | Network access: Do not allow anonymous enumeration of SAM accounts and shares | Enabled | This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. | +| Security Options | Network access: Restrict anonymous access to Named Pipes and Shares | Enabled | When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
      - Network access: Named pipes that can be accessed anonymously
      - Network access: Shares that can be accessed anonymously | +| Security Options | Network access: Restrict clients allowed to make remote calls to SAM | O:BAG:BAD:(A;;RC;;;BA) | This policy setting allows you to restrict remote RPC connections to SAM. If not selected, the default security descriptor will be used. | +| Security Options | Network security: Allow LocalSystem NULL session fallback | Disabled | Allow NTLM to fall back to NULL session when used with LocalSystem | +| Security Options | Network security: Do not store LAN Manager hash value on next password change | Enabled | This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. | +| Security Options | Network security: LAN Manager authentication level | Send NTLMv2 response only. Refuse LM & NTLM | This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send NTLMv2 response only\\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). | +| Security Options | Network security: LDAP client signing requirements | Negotiate signing | This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: Negotiate signing: If Transport Layer Security/Secure Sockets Layer (TLS\\SSL) has not been started, the LDAP BIND request is initiated with the LDAP data signing option set in addition to the options specified by the caller. If TLS\\SSL has been started, the LDAP BIND request is initiated with the options that are specified by the caller. | +| Security Options | Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | Require NTLMv2 session security and Require 128-bit encryption | This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. | +| Security Options | Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | Require NTLMv2 session security and Require 128-bit encryption | This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. | +| Security Options | System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | Enabled | This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. Each type of object is created with a default DACL that specifies who can access the objects and what permissions are granted. If this policy is enabled, the default DACL is stronger, allowing users who are not administrators to read shared objects but not allowing these users to modify shared objects that they did not create. | +| Security Options | User Account Control: Admin approval mode for the built-in administrator | Enabled | The built-in Administrator account uses Admin Approval Mode - any operation that requires elevation of privilege will prompt to user to approve that operation | +| Security Options | User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | Prompt for consent on the secure desktop | When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. | +| Security Options | User Account Control: Detect application installations and prompt for elevation | Enabled | When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. | +| Security Options | User Account Control: Only elevate UIAccess applications that are installed in secure locations | Enabled | This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - …\\Program Files\\, including subfolders - …\\Windows\\system32\\ - …\\Program Files (x86)\\, including subfolders for 64-bit versions of Windows | +| Security Options | User Account Control: Run all Administrators in admin approval mode | Enabled | This policy must be enabled, and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. | +| Security Options | User Account Control: Virtualize file and registry write failures to per-user locations | Enabled | This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software. | +| User Rights Assignments | Access Credential Manager as a trusted caller | No One (blank) | This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.| +| User Rights Assignment | Access this computer from the network | Administrators; Remote Desktop Users | This user right determines which users and groups can connect to the computer over the network. Remote Desktop Services are not affected by this user right. | +| User Rights Assignments | Act as part of the operating system | No One (blank) | This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | +| User Rights Assignments | Allow log on locally | Administrators; Users | Determines which users can log on to the computer | +| User Rights Assignments | Back up files and directories | Administrators | Determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system | +| User Rights Assignments | Create a pagefile | Administrators | Determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file | +| User Rights Assignments | Create a token object | No One (blank) | Determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. | +| User Rights Assignments | Create global objects | Administrators; LOCAL SERVICE; NETWORK SERVICE; SERVICE | This security setting determines whether users can create global objects that are available to all sessions. | +| User Rights Assignments | Create permanent shared objects | No One (blank) | Determines which accounts can be used by processes to create a directory object using the object manager | +| User Rights Assignments | Debug programs | Administrators | Determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. | +| User Rights Assignment | Enable computer and user accounts to be trusted for delegation | No One (blank) | This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. | +| User Rights Assignments | Force shutdown from a remote system | Administrators | Determines which users can shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. | +| User Rights Assignment | Impersonate a client after authentication | Administrators, SERVICE, Local Service, Network Service | Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. | +| User Rights Assignments | Load and unload device drivers | Administrators | Determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | +| User Rights Assignment | Lock pages in memory | No One (blank) | Determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random-access memory (RAM). | +| User Rights Assignments | Manage auditing and security log | Administrators | Determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. | +| User Rights Assignments | Modify firmware environment variables | Administrators | Determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. | +| User Rights Assignment | Perform volume maintenance tasks | Administrators | This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. | +| User Rights Assignment | Profile single process | Administrators | This security setting determines which users can use performance monitoring tools to monitor the performance of non-system processes. | +| User Rights Assignments | Restore files and directories | Administrators | Determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object | +| User Rights Assignments | Take ownership of files or other objects | Administrators | Determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads | + +### Advanced Audit Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| Account Logon | Audit Credential Validation | Success and Failure | Audit events generated by validation tests on user account logon credentials. Occurs only on the computer that is authoritative for those credentials. | +| Account Management | Audit Security Group Management | Success | Audit events generated by changes to security groups, such as creating, changing or deleting security groups, adding or removing members, or changing group type. | +| Account Management | Audit User Account Management | Success and Failure | Audit changes to user accounts. Events include creating, changing, deleting user accounts; renaming, disabling, enabling, locking out, or unlocking accounts; setting or changing a user account’s password; adding a security identifier (SID) to the SID History of a user account; configuring the Directory Services Restore Mode password; changing permissions on administrative user accounts; backing up or restoring Credential Manager credentials | +| Detailed Tracking | Audit PNP Activity | Success | Audit when plug and play detects an external device | +| Detailed Tracking | Audit Process Creation | Success | Audit events generated when a process is created or starts; the name of the application or user that created the process is also audited | +| Logon/ Logoff | Audit Account Lockout | Failure | Audit events generated by a failed attempt to log on to an account that is locked out | +| Logon/ Logoff | Audit Group Membership | Success | Audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. | +| Logon/ Logoff | Audit Logon | Success and Failure | Audit events generated by user account logon attempts on the computer | +| Logon/ Logoff | Audit Other Logon / Logoff Events | Success and Failure | Audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting, such as Terminal Services session disconnections, new Terminal Services sessions locking and unlocking a workstation, invoking or dismissing a screen saver, detection of a Kerberos replay attack, or access to a wireless network granted to a user or computer account | +| Logon/ Logoff | Audit Special Logon | Success | Audit events generated by special logons such as the use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level, or a logon by a member of a Special Group (Special Groups enable you to audit events generated when a member of a certain group has logged on to your network) | +| Object Access | Audit Detailed File Share | Failure | Audit attempts to access files and folders on a shared folder; the Detailed File Share setting logs an event every time a file or folder is accessed | +| Object Access | Audit File Share | Success and Failure | Audit attempts to access a shared folder; an audit event is generated when an attempt is made to access a shared folder | +| Object Access | Audit Other Object Access Events | Success and Failure | Audit events generated by the management of task scheduler jobs or COM+ objects | +| Object Access | Audit Removable Storage | Success and Failure | Audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. | +| Policy Change | Audit Audit Policy Change | Success | Audit changes in the security audit policy settings | +| Policy Change | Audit Authentication Policy Change | Success | Audit events generated by changes to the authentication policy | +| Policy Change | Audit MPSSVC Rule-Level Policy Change | Success and Failure | Audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. | +| Policy Change | Audit Other Policy Change Events | Failure | Audit events generated by other security policy changes that are not audited in the policy change category, such as Trusted Platform Module (TPM) configuration changes, kernel-mode cryptographic self tests, cryptographic provider operations, cryptographic context operations or modifications, applied Central Access Policies (CAPs) changes, or boot Configuration Data (BCD) modifications | +| Privilege Use | Audit Sensitive Privilege Use | Success and Failure | Audit events generated when sensitive privileges (user rights) are used | +| System | Audit Other System Events | Success and Failure | Audit any of the following events: Startup and shutdown of the Windows Firewall service and driver, security policy processing by the Windows Firewall Service, cryptography key file and migration operations. | +| System | Audit Security State Change | Success | Audit events generated by changes in the security state of the computer such as startup and shutdown of the computer, change of system time, recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured. | +| System | Audit Security System Extension | Success | Audit events related to security system extensions or services | +| System | Audit System Integrity | Success and Failure | Audit events that violate the integrity of the security subsystem | + +### Windows Defender Firewall Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| Domain Profile / State | Firewall State | On | Enables the firewall when connected to the domain profile | +| Domain Profile / State | Inbound Connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the domain profile | +| Domain Profile / State | Outbound Connections | Allow | Outbound connections for which there is no rule blocking the connection will be allowed in the domain profile | +| Domain Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the domain profile | +| Domain Profile / Logging | Size Limit | 16384 | Sets the firewall log file size for a domain connection | +| Domain Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a domain connection | +| Domain Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a domain connection | +| Private Profile / State | Firewall State | On | Enables the firewall when connected to the private profile | +| Private Profile / State | Inbound Connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the private profile | +| Private Profile / State | Outbound Connections | Allow | Outbound connections for which there is no rule blocking the connection will be allowed in the private profile | +| Private Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the private profile | +| Private Profile / Logging | Size Limit | 16384 | Sets the firewall log file size for a private connection | +| Private Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a private connection | +| Private Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a private connection | +| Public Profile / State | Firewall State | On | Enables the firewall when connected to the public profile | +| Public Profile / State | Inbound Connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the public profile | +| Public Profile / State | Outbound Connections | Allow | Outbound connections for which there is no rule blocking the connection will be allowed in the public profile | +| Public Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the public profile | +| Public Profile / Settings | Apply local firewall rules | No | Users cannot create new firewall rules | +| Public Profile / Settings | Apply local connection security rules | No | Ensures local connection rules will not be merged with Group Policy settings in the domain | +| Public Profile / Logging | Size Limit | 16384 | Sets the firewall log file size for a public connection | +| Public Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a public connection | +| Public Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a public connection | + +### Computer Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| LAPS | Enable local admin password management | Enabled | Activates LAPS for the device | +| MS Security Guide | Apply UAC restrictions to local accounts on network logon | Enabled | Filters the user account token for built-in administrator accounts for network logons | +| MS Security Guide | Configure SMB v1 client driver | Disable driver (recommended) | Configure the startup mode for the kernel mode driver that implements client-side SMBv1 processing (MrxSmb10). This setting includes a dropdown that is activated when the Enabled radio button is selected and that controls the “Start” registry value in HKLM\\SYSTEM\\CurrentControlSet\\Services\\MrxSmb10. | +| MS Security Guide | Configure SMB v1 server | Disabled | Disable or enable server-side processing of the SMBv1 protocol | +| MS Security Guide | Enabled Structured Exception Handling Overwrite Protection (SEHOP)| Enabled | This feature is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. This protection mechanism is provided at run-time. Therefore, it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option. We recommend that Windows users who are running any of the above operating systems enable this feature to improve the security profile of their systems. | +| MS Security Guide | NetBT NodeType Configuration | P-node (recommended) | The NetBT NodeType setting determines what methods NetBT uses to register and resolve names:
      - A B-node computer uses broadcasts.
      - A P-node computer uses only point-to-point name queries to a name server (WINS).
      - An M-node computer broadcasts first, and then queries the name server.
      - An H-node computer queries the name server first, and then broadcasts.
      Resolution through LMHOSTS or DNS follows these methods. If the NodeType value is present, it overrides any DhcpNodeType value.
      If neither NodeType nor DhcpNodeType is present, the computer uses B-node if there are no WINS servers configured for the network, or H-node if there is at least one WINS server configured. | +| MS Security Guide | WDigest Authentication | Disabled | When the WDigest Authentication protocol is enabled, plain text passwords are stored in the Local Security Authority Subsystem Service (LSASS) exposing them to theft. WDigest is disabled by default in Windows 10. This setting ensures this is enforced. | +| MSS | MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing) | Highest Protection, source routing is completely disabled | Allowing source routed network traffic allows attackers to obscure their identity and location. | +| MSS | MSS: (DisableIPSourceRouting) IP source routing protection level (Protects against packet spoofing) | Highest Protection, source routing is completely disabled | Allowing source routed network traffic allows attackers to obscure their identity and location. | +| MSS | MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | Disabled | Allowing ICMP redirect of routes can lead to traffic not being routed properly. When disabled, this forces ICMP to be routed via shortest path first. | +| MSS | MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | Enabled | Prevents a denial-of-service (DoS) attack against a WINS server. The DoS consists of sending a NetBIOS Name Release Request to the server for each entry in the server's cache, causing a response delay in the normal operation of the server's WINS resolution capability. | +| Network / DNS Client | Turn off multicast name resolution | Enabled | Specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
      LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
      If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
      If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.| +| Network / Lanman Workstation | Enable insecure guest logons | Disabled | Determines if the SMB client will allow insecure guest logons to an SMB server | +| Network / Network Connections | Prohibit use of Internet Connection Sharing on your DNS domain network | Enabled | Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. | +| Network / Network Provider | Hardened UNC Paths | \\\\\*\\SYSVOL and \\\\\*\\NETLOGON RequireMutualAuthentication = 1, RequireIntegrity = 1 | This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. | +| Network / Windows Connection Manager | Prohibit connection to non-domain networks when connected to domain authenticated network | Enabled | This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time. | +| System / Credentials Delegation | Encryption Oracle Remediation | Force Updated Clients | Enryption Oracle Remediation | +| System / Credentials Delegation | Remote host allows delegation of non-exportable credentials | Enabled | When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. | +| System / Device Installation / Device Installation Restrictions | Prevent installation of devices that match any of these device IDs | [[[main setting]]] = Enabled
      Also apply to matching devices that are already installed = True
      1 = PCI\CC_0C0A | This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in a list that you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. | +| System / Device Installation / Device Installation Restrictions | Prevent installation of devices using drivers that match these device setup classes | [[[main setting]]] = Enabled
      Also apply to matching devices that are already installed = True
      1 = {d48179be-ec20-11d1-b6b8-00c04fa372a7} | This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. | +| System / Early Launch Antimalware | Boot-Start Driver Initialization Policy | Good, unknown and bad but critical | Allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
      - Good: The driver has been signed and has not been tampered with.
      - Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
      - Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
      - Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.
      If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.
      If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
      If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized. | +| System / Group Policy | Configure registry policy processing | Process even if the Group Policy objects have not changed = True
      Do not apply during periodic background processing = False | Determines when registry policies are updated.
      This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.
      If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
      The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
      The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. | +| System / Internet Communication Management / Internet Communication settings| Turn off Internet download for Web publishing and online ordering wizards | Enabled | This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry. | +| System / Kernel DMA Protection | Enumeration policy for external devices incompatible with Kernel DMA Protection | Block all | Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note: this policy does not apply to 1394, PCMCIA or ExpressCard devices. | +| System / Power Management / Sleep Settings | Require a password when a computer wakes (on battery) | Enabled | Specifies whether the user is prompted for a password when the system resumes from sleep | +| System / Power Management / Sleep Settings | Require a password when a computer wakes (plugged in) | Enabled | Specifies whether the user is prompted for a password when the system resumes from sleep | +| System / Remote Procedure Call | Restrict Unauthenticated RPC clients | Authenticated | Controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. | +| System / Service Control Manager Settings / Security Settings | Enable svchost.exe mitigation options | Enabled | Enables process mitigation options on svchost.exe processes.
      If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. This includes a policy requiring all binaries loaded in these processes to be signed by microsoft, as well as a policy disallowing dynamically-generated code.
      If you disable or do not configure this policy setting, these stricter security settings will not be applied. | +| Windows Components / App runtime | Allow Microsoft accounts to be optional | Enabled | Lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. | +| Windows Components / AutoPlay Policies | Disallow Autoplay for non-volume devices | Enabled | Disallows AutoPlay for MTP devices like cameras or phones. | +| Windows Components / AutoPlay Policies | Set the default behavior for AutoRun | Do not execute any autorun commands | Sets the default behavior for Autorun commands. | +| Windows Components / AutoPlay Policies | Turn off Autoplay | All Drives | Allows you to turn off the Autoplay feature. | +| Windows Components / Biometrics / Facial Features | Configure enhanced anti-spoofing | Enabled | Determines whether enhanced anti-spoofing is required for Windows Hello face authentication | +| Windows Components / BitLocker Drive Encryption | Disable new DMA devices when this computer is locked | Enabled | Allows you to block direct memory access (DMA) for all Thunderbolt hot pluggable PCI downstream ports until a user logs into Windows | +| Windows Components / BitLocker Drive Encryption / Operating System Drives | Allow enhanced PINs for startup | Enabled | Allows you to configure whether enhanced startup PINs are used with BitLocker | +| Windows Components / Event Log Service / Application | Specify the maximum log file size (KB) | 32768 | Specifies the maximum size of the log file in kilobytes. | +| Windows Components / Event Log Service / Security | Specify the maximum log file size (KB) | 196608 | Specifies the maximum size of the log file in kilobytes. | +| Windows Components / Event Log Service / System | Specify the maximum log file size (KB) | Enabled: 32768 | Specifies the maximum size of the log file in kilobytes. | +| Windows Components / File Explorer | Configure Windows Defender SmartScreen | [[[main setting]]] = Enabled
      Pick one of the following settings = Warn and prevent bypass | Configure whether to turn on Windows Defender SmartScreen to provide warning messages to help protect your employees from potential phishing scams and malicious software| +| Windows Components / Internet Explorer | Prevent managing SmartScreen Filter | On | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. | +| Windows Components / Internet Explorer | Specify use of ActiveX Installer Service for installation of ActiveX controls | Enabled | This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls. If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process. | +| Windows Components / Internet Explorer | Turn off the Security Settings Check feature | Disabled | This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. If you enable this policy setting, the feature is turned off. If you disable or do not configure this policy setting, the feature is turned on. | +| Windows Components / Internet Explorer / Internet Control Panel | Prevent ignoring certificate errors | Enabled | This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Allow software to run or install even if the signature is invalid | Disabled | This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Check for server certificate revocation | Enabled | Allows you to manage whether Internet Explorer will check revocation status of servers' certificates | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Check for signatures on downloaded programs | Enabled | This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn off encryption support | Use TLS 1.1 and TLS 1.2 | This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most preferred match. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page | Turn on certificate address mismatch warning | Enabled | This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Access data sources across domains | Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow cut copy or paste operations from the clipboard via script | Disable | This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow drag and drop or copy and paste files | Disable | This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow loading of XAML files | Disable | This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow only approved domains to use ActiveX controls without prompt | Enable | This policy setting controls whether the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow only approved domains to use the TDC ActiveX control | Enable | This policy setting controls whether the user can run the TDC ActiveX control on websites. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow scripting of Internet Explorer WebBrowser controls | Disable | This policy setting determines whether a page can control embedded WebBrowser controls via script. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow script-initiated windows without size or position constraints | Disable | This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow scriptlets | Disable | This policy setting allows you to manage whether the user can run scriptlets. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow updates to status bar via script | Disable | This policy setting allows you to manage whether script can update the status bar within the zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow VBScript to run in Internet Explorer | Disable | This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Automatic prompting for file downloads | Disable | This policy setting determines whether users will be prompted for non-user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Don't run antimalware programs against ActiveX controls | Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Download unsigned ActiveX controls | Disable | This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Enable dragging of content from different domains across windows | Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Enable dragging of content from different domains within a window | Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Include local path when user is uploading files to a server | Disable | This policy setting controls whether local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Initialize and script ActiveX controls not marked as safe | Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Launching applications and files in an IFRAME | Disable | This policy setting allows you to manage whether applications may be run, and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Logon options | Prompt for user name and password | This policy setting allows you to manage settings for logon options. Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Navigate windows and frames across different domains | Disable | This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Run .NET Framework-reliant components not signed with Authenticode | Disable | This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Run .NET Framework-reliant components signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Show security warning for potentially unsafe files | Prompt | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Cross-Site Scripting Filter | Enabled: Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Protected Mode | Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Use Pop-up Blocker | Enabled: Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Userdata persistence | Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Web sites in less privileged Web content zones can navigate into this zone | Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Initialize and script ActiveX controls not marked as safe | Enabled: Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Java permissions | Enabled: High Safety | Allows you to manage permissions for Java applets. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Don't run antimalware programs against ActiveX controls | Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-down Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Intranet Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Enable | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow active scripting | Disable | This policy setting allows you to manage whether script code on pages in the zone is run. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow binary and script behaviors | Disable | This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow cut copy or paste operations from the clipboard via script | Enabled: Disable | This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow drag and drop or copy and paste files | Disable | This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow file downloads | Disable | This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow loading of XAML files | Disable | This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow META REFRESH | Disable | This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow only approved domains to use ActiveX controls without prompt | Enable | This policy setting controls whether the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow only approved domains to use the TDC ActiveX control | Enable | This policy setting controls whether the user can run the TDC ActiveX control on websites. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow scripting of Internet Explorer WebBrowser controls | Disable | This policy setting determines whether a page can control embedded WebBrowser controls via script. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow script-initiated windows without size or position constraints | Enabled: Disable | This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow scriptlets | Disable | This policy setting allows you to manage whether the user can run scriptlets. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow updates to status bar via script | Disable | This policy setting allows you to manage whether script can update the status bar within the zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow VBScript to run in Internet Explorer | Disable | This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Automatic prompting for file downloads | Disable | This policy setting determines whether users will be prompted for non-user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Don't run antimalware programs against ActiveX controls | Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Download signed ActiveX controls | Disable | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Download unsigned ActiveX controls | Disable | This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Enable dragging of content from different domains across windows | Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Enable dragging of content from different domains within a window | Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Include local path when user is uploading files to a server | Disable | This policy setting controls whether local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Initialize and script ActiveX controls not marked as safe | Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Launching applications and files in an IFRAME | Disable | This policy setting allows you to manage whether applications may be run, and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Logon options | Anonymous logon | This policy setting allows you to manage settings for logon options. Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Navigate windows and frames across different domains | Enabled: Disable | This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run .NET Framework-reliant components not signed with Authenticode | Disable | This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run .NET Framework-reliant components signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run ActiveX controls and plugins | Enabled: Disable | This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Script ActiveX controls marked safe for scripting | Disable | This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Scripting of Java applets | Disable | This policy setting allows you to manage whether applets are exposed to scripts within the zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Show security warning for potentially unsafe files | Disable | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). If you disable this policy setting, these files do not open. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Cross-Site Scripting Filter | Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Protected Mode | Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Use Pop-up Blocker | Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Userdata persistence | Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Web sites in less privileged Web content zones can navigate into this zone | Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Don't run antimalware programs against ActiveX controls | Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Initialize and script ActiveX controls not marked as safe | Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Java permissions | High Safety | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. High Safety enables applets to run in their sandbox. | +| Windows Components / Internet Explorer / Security Features | Allow fallback to SSL 3.0 (Internet Explorer) | No sites | Allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. | +| Windows Components / Internet Explorer / Security Features / Add-on Management | Remove "Run this time" button for outdated ActiveX controls in Internet Explorer | Enabled | This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer. | +| Windows Components / Internet Explorer / Security Features / Add-on Management | Turn off blocking of outdated ActiveX controls for Internet Explorer | Disabled | This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. | +| Windows Components / Internet Explorer / Security Features / Consistent Mime Handling | Internet Explorer Processes | Enabled | Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files. | +| Windows Components / Internet Explorer / Security Features / Mime Sniffing Safety Feature | Internet Explorer Processes | Enabled | This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. | +| Windows Components / Internet Explorer / Security Features / MK Protocol Security Restriction | Internet Explorer Processes | Enabled | The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. | +| Windows Components / Internet Explorer / Security Features / Notification Bar | Internet Explorer Processes | Enabled | This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes. | +| Windows Components / Internet Explorer / Security Features / Protection from Zone Elevation | Internet Explorer Processes | Enabled | Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. | +| Windows Components / Internet Explorer / Security Features / Restrict ActiveX Install | Internet Explorer Processes | Enabled | This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes. | +| Windows Components / Internet Explorer / Security Features / Restrict File Download | Internet Explorer Processes | Enabled | This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes. | +| Windows Components / Internet Explorer / Security Features / Scripted Window Security Restrictions | Internet Explorer Processes | Enabled | Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. | +| Windows Components / Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Configures whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. If you enable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employees can choose whether to use Windows Defender SmartScreen. | +| Windows Components / Microsoft Edge | Prevent certificate error overrides | Enabled | Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors. If enabled, overriding certificate errors are not allowed. If disabled or not configured, overriding certificate errors are allowed. | +| Windows Components / Remote Desktop Services / Remote Desktop Connection Client | Do not allow passwords to be saved | Enabled | Controls whether passwords can be saved on this computer from Remote Desktop Connection. | +| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Always prompt for password upon connection | Enabled | This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. | +| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Require secure RPC communication | Enabled | Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. | +| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Set client connection encryption level | High Level | Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. | +| Windows Components / RSS Feeds | Prevent downloading of enclosures | Enabled | This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. if you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. | +| Windows Components / Search | Allow indexing of encrypted files | Disabled | This policy setting allows encrypted items to be indexed. if you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting the local setting configured through Control Panel will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled the index is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files. | +| Windows Components / Windows Defender Antivirus / MAPS | Join Microsoft MAPS | Advanced MAPS | Allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. | +| Windows Components / Windows Defender Antivirus | Turn off Windows Defender Antivirus | Disabled | Turns off Windows Defender Antivirus | +| Windows Components / Windows Defender Antivirus / MAPS | Send file samples when further analysis is required | Enabled: Send safe samples | Configures behavior of samples submission when opt-in for MAPS telemetry is set | +| Windows Components / Windows Defender Antivirus / Real-time Protection | Turn off real-time protection | Disabled | Turns off real-time protection prompts for known malware detection | +| Windows Components / Windows Defender Antivirus / Real-time Protection | Turn on behavior monitoring | Enabled | Allows you to configure behavior monitoring. | +| Windows Components / Windows Defender Antivirus / Scan | Scan removable drives | Enabled | Allows you to manage whether to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. | +| Windows Components / Windows Defender Antivirus / Scan | Specify the interval to run quick scans per day | 24 | Allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). | +| Windows Components / Windows Defender SmartScreen / Explorer | Configure Windows Defender SmartScreen | [[[main setting]]] = Enabled
      Pick one of the following settings = Warn and prevent bypass | Turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
      - Warn and prevent bypass
      - Warn
      If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings. | +| Windows Components / Windows Defender SmartScreen / Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. | +| Windows Components / Windows Ink Workspace | Allow Windows Ink Workspace | On, but disallow access above lock | Allow Windows Ink Workspace | +| Windows Components / Windows Installer | Allow user control over installs | Disabled | Permits users to change installation options that typically are available only to system administrators | +| Windows Components / Windows Installer | Always install with elevated privileges | Disabled | Directs Windows Installer to use elevated permissions when it installs any program on the system | +| Windows Components / Windows Logon Options | Sign-in last interactive user automatically after a system-initiated restart | Disabled | Controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system | +| Windows Components / Windows PowerShell | Turn on PowerShell Script Block Logging | Enabled | This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. | +| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Allow Basic authentication | Disabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. | +| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Allow unencrypted traffic | Disabled | Manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network | +| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Disallow Digest authentication | Enabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication. | +| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Allow Basic authentication | Disabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. | +| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Allow unencrypted traffic | Disabled | Manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. | +| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Disallow WinRM from storing RunAs credentials | Enabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. | + + +## Controls + +The controls enabled in level 1 enforce a reasonable security level while minimizing the impact to users and applications. + +| Feature | Config | Description | +|-----------------------------------|-------------------------------------|--------------------| +| [Local Admin Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899) | Deployed to all devices | Generates a unique local admin password to devices, mitigating many lateral traversal attacks. | +| [Windows Defender ATP EDR](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | Deployed to all devices | The Windows Defender ATP endpoint detection and response (EDR) provides actionable and near real-time detection of advanced attacks. EDR helps security analysts , and aggregates alerts with the same attack techniques or attributed to the same attacker into an an entity called an *incident*. An incident helps analysts prioritize alerts, collectively investigate the full scope of a breach, and respond to threats. Windows Defender ATP EDR is not expected to impact users or applications, and it can be deployed to all devices in a single step. | +| [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Enabled for all compatible hardware | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. There is a small risk to application compatibility, as [applications will break](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements#application-requirements) if they require NTLMv1, Kerberos DES encryption, Kerberos unconstrained delegation, or extracting the Keberos TGT. As such, Microsoft recommends deploying Credential Guard using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | +| [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/) | Default browser | Microsoft Edge in Windows 10 provides better security than Internet Explorer 11 (IE11). While you may still need to leverage IE11 for compatibility with some sites, Microsoft recommends configuring Microsoft Edge as the default browser, and building an Enterprise Mode Site List to redirect to IE11 only for those sites that require it. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Enterprise Mode Site List, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | +| [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) | Enabled on compatible hardware | Windows Defender Application Guard uses a hardware isolation approach. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated container, which is separate from the host operating system and enabled by Hyper-V. If the untrusted site turns out to be malicious, the isolated container protects the host PC, and the attacker can't get to your enterprise data. There is a small risk to application compatibility, as some applications may require interaction with the host PC but may not yet be on the list of trusted web sites for Application Guard. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Network Isolation Settings, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | +| [Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard) | Configure and enforce Network Protection | Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. It expands the scope of Windows Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). There is a risk to application compatibility, as a result of false positives in flagged sites. Microsoft recommends deploying using the Audit / Enforce Methodology. | + + +## Behaviors + +The behaviors recommended in level 1 enforce a reasonable security level while minimizing the impact to users or to applications. + +| Feature | Config | Description | +|---------|-------------------|-------------| +| OS security updates | Deploy Windows Quality Updates within 7 days of release | As the time between the release of a patch and an exploit based on the reverse engineering of that patch continues to shrink, a critical aspect of security hygiene is having an engineering process that quickly validates and deploys Quality Updates that address security vulnerabilities. | + diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md new file mode 100644 index 0000000000..55172a03e1 --- /dev/null +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md @@ -0,0 +1,131 @@ +--- +title: Level 2 enterprise enhanced security configuration +description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 2 enterprise security configuration. +keywords: virtualization, security, malware +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.author: appcompatguy +author: appcompatguy +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 05/29/2019 +--- + +# Level 2 enterprise enhanced security configuration + +**Applies to** + +- Windows 10 + +Level 2 is the security configuration recommended as a standard for devices where users access more sensitive information. These devices are a natural target in enterprises today. While targeting high levels of security, these recommendations do not assume a large staff of highly skilled security practitioners, and therefore should be accessible to most enterprise organizations. +A level 2 configuration should include all the configurations from level 1 and add the following security policies, controls, and organizational behaviors. + +## Hardware + +Devices targeting level 2 should support all level 1 features, and add the following hardware features: + +- [Virtualization and HVCI Enabled](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs) +- [Drivers and Apps HVCI-Ready](https://docs.microsoft.com/en-us/windows-hardware/test/hlk/testref/driver-compatibility-with-device-guard) +- [Windows Hello](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) +- [DMA I/O Protection](https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) + +## Policies + +The policies enforced in level 2 include all of the policies recommended for level 1 and adds the +below policies to implement more controls and a more sophisticated security +configuration than level 1. While they may have a slightly higher impact to +users or to applications, they enforce a level of security more commensurate +with the risks facing users with access to sensitive information. Microsoft +recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and +controls, with a moderate timeline that is anticipated to be slightly longer +than the process in level 1. + +### Security Template Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| Security Options | User Account Control: Behavior of the elevation prompt for standard users | Automatically deny elevation requests | This policy setting controls the behavior of the elevation prompt for standard users. Automatically deny elevation requests: When an operation requires elevation of privilege, an access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. | +| User Rights Assignments | Deny access to this computer from the network | NT AUTHORITY\\Local Account | Determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. | +| User Rights Assignments | Deny log on through Remote Desktop Services | NT AUTHORITY\\Local Account | Determines which users and groups are prohibited from logging on as a Remote Desktop Services client. | + +### Computer Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| Control Panel / Personalization | Prevent enabling lock screen camera | Enabled | Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default, users can enable invocation of an available camera on the lock screen. If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings and the camera cannot be invoked on the lock screen. | +| Network / WLAN Service / WLAN Settings | Allow Windows to automatically connect to suggested open hotspots to networks shared by contacts and to hotspots offering paid services | Disabled | This policy setting determines whether users can enable the following WLAN settings: "Connect to suggested open hotspots," "Connect to networks shared by my contacts," and "Enable paid services". | +| System / Device Guard | Turn on Virtualization Based Security | - [[[main setting]]] = Enabled
      - Virtualization Based Protection of Code Integrity = Enabled with UEFI lock
      - Credential Guard Configuration = Enabled with UEFI lock
      - Select Platform Security Level = Secure Boot
      - Secure Launch Configuration = Enabled
      - Require UEFI Memory Attributes Table = False | Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices. | +| System / Internet Communication Management / Internet Communication settings | Turn off downloading of print drivers over HTTP | Enabled | This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing non-inbox drivers need to be downloaded over HTTP. Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally. if you enable this policy setting, print drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HTTP. | +| System / Logon | Turn on convenience PIN sign-in | Disabled | This policy setting allows you to control whether a domain user can sign in using a convenience PIN. | +| System / Remote Assistance | Configure Solicited Remote Assistance | - [[[main setting]]] = Disabled
      - Maximum ticket time (value) = [[[delete]]]
      - Maximum ticket time (units) = [[[delete]]]
      - Method for sending email invitations = [[[delete]]]
      - Permit remote control of this computer = [[[delete]]] | This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. | +| Windows Components / App Privacy | Let Windows apps activate with voice while the system is locked | Force Deny | Specifies whether Windows apps can be activated by voice while the system is locked. If you choose the "User is in control" option, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. If you choose the "Force Allow" option, users can interact with applications using speech while the system is locked and employees in your organization cannot change it. If you choose the "Force Deny" option, users cannot interact with applications using speech while the system is locked and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. This policy is applied to Windows apps and Cortana. It takes precedence of the Allow Cortana above lock policy. This policy is applicable only when Allow voice activation policy is configured to allow applications to be activated with voice. | +| Windows Components / BitLocker Drive Encryption / Removable Data Drives | Deny write access to removable drives not protected by BitLocker | Enabled | This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed, it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. Note: This policy setting can be overridden by the policy settings under User Configuration\\Administrative Templates\\System\\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled, this policy setting will be ignored. | +| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. | +| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. | +| Windows Components / Internet Explorer | Prevent per-user installation of ActiveX controls | Enabled | This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. | +| Windows Components / Internet Explorer | Security Zones: Do not allow users to add/delete sites | Enabled | Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. | +| Windows Components / Internet Explorer | Security Zones: Do not allow users to change policies | Enabled | Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. | +| Windows Components / Internet Explorer | Security Zones: Use only machine settings | Enabled | Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level. If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer. | +| Windows Components / Internet Explorer | Turn off Crash Detection | Enabled | This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely, to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Download signed ActiveX controls | Disable | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. | +| Windows Components / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for files | Enabled | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from downloading the unverified files. If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process. | +| Windows Components / Windows Defender SmartScreen / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for sites | Enabled | Lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites | +| Windows Components / Remote Desktop Services / Remote Desktop | Do not allow drive redirection | Enabled | This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format \ on \. You can use this policy setting to override this behavior. if you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions and Clipboard file copy redirection is not allowed on computers running Windows Server 2003 Windows 8 and Windows XP. If you disable this policy setting client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. | +| Windows Components / Windows Defender Antivirus | Configure detection for potentially unwanted applications | Enabled: Audit | Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. | +| Windows Components / Windows Game Recording and Broadcasting | Enables or disables Windows Game Recording and Broadcasting | Disabled | This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed. | + +### User Policies + +| Feature | Policy Setting | Policy Value | Description | +|---------|----------------|--------------|-------------| +| Start Menu and Taskbar / Notifications | Turn off toast notifications on the lock screen | Enabled | Turns off toast notifications on the lock screen. | +| Windows Components / Cloud Content | Do not suggest third-party content in the Windows spotlight | Enabled | Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers | +| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. | + +### Services + +Microsoft recommends disabling the following services when their use is not required for a user to perform their work. + +| Type | Name | Description | +|------|------|-------------| +| Scheduled Task | XblGameSaveTask | Syncs save data for Xbox Live save-enabled games | +| Services | Xbox Accessory Management Service | Manages connected Xbox accessories | +| Services | Xbox Game Monitoring | Monitors Xbox games currently being played | +| Services | Xbox Live Auth Manager | Provides authentication and authorization services for interactive with Xbox Live | +| Services | Xbox Live Game Save | Syncs save data for Xbox live save enabled games | +| Services | Xbox Live Networking Service | Supports the Windows.Networking.XboxLive API | + +## Controls + +The controls enforced in level 2 implement more controls and a more sophisticated security +configuration than level 1. While they may have a slightly higher impact to +users or to applications, they enforce a level of security more commensurate +with the risks facing users with access to sensitive information. Microsoft +recommends using the Audit/Enforce methodology for controls with an Audit mode, +and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do not, with a moderate timeline that +is anticipated to be slightly longer than the process in level 1. + +| Feature Set | Feature | Description | +|-------------------------------------------------------------|-------------------------------------------------------|----------------| +| [Windows Hello for Business](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification) | Configure and enforce Windows Hello for Business | In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. Windows Hello addresses the following problems with passwords:
      - Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
      - Server breaches can expose symmetric network credentials (passwords).
      - Passwords are subject to replay attacks.
      - Users can inadvertently expose their passwords due to phishing attacks. | +| [Conditional Access](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/) | Configure and enforce Conditional Access rules based on
      - Application Risk
      - Session Risk | With conditional access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions. Conditional access policies are enforced after the first-factor authentication has been completed. Therefore, conditional access is not intended as a first line defense for scenarios like denial-of-service (DoS) attacks, but can utilize signals from these events (e.g. the sign-in risk level, location of the request, and so on) to determine access. | +| [Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) | Enforce memory protection for OS-level controls:
      - Control flow guard (CFG)
      - Data Execution Protection (DEP)
      - Mandatory ASLR
      - Bottom-Up ASLR
      - High-entropy ASLR
      - Validate Exception Chains (SEHOP)
      - Validate heap integrity | Exploit protection helps protect devices from malware that use exploits to spread and infect to other devices. It consists of several mitigations that can be applied at either the operating system level, or at the individual app level. There is a risk to application compatibility, as some applications may rely on blocked behavior (e.g. dynamically generating code without marking memory as executable). Microsoft recommends gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | +| [Attack Surface Reduction (ASR)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)| Configure and enforce [Attack Surface Reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules)| Attack surface reduction controls help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. There is a risk to application compatibility, as some applications may rely on blocked behavior (e.g. an Office application spawning a child process). Each control has an Audit mode, and as such, Microsoft recommends the Audit / Enforce Methodology (repeated here):
      1) Audit – enable the controls in audit mode, and gather audit data in a centralized location
      2) Review – review the audit data to assess potential impact (both positive and negative) and configure any exemptions from the security control you need to configure
      3) Enforce – Deploy the configuration of any exemptions and convert the control to enforce mode | +| [Controlled Folder Access (CFA)](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) | Configure and audit [Controlled Folder Access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) | Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. Controlled folder access works best with Microsoft Defender Advanced Threat Protection, which gives you detailed reporting into controlled folder access events and blocks as part of the usual alert investigation scenarios.
      All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
      Microsoft recommends the Audit / Enforce Methodology (repeated here):
      1) Audit – enable the controls in audit mode, and gather audit data in a centralized location
      2) Review – review the audit data to assess potential impact (both positive and negative) and configure any exemptions from the security control you need to configure
      3) Enforce – Deploy the configuration of any exemptions and convert the control to enforce mode + +## Behaviors + +The behaviors recommended in level 2 implement a more sophisticated security process. While they may require a more sophisticated organization, they enforce +a level of security more commensurate with the risks facing users with access to +sensitive information. + +| Feature Set| Feature | Description | +|------------|----------|--------------| +| Antivirus | Configure Protection Updates to failover to retrieval from Microsoft | Sources for Windows Defender Antivirus Protection Updates can be provided in an ordered list. If you are using internal distribution, such as SCCM or WSUS, configure Microsoft Update lower in the list as a failover. | +| OS Security Updates | Deploy Windows Quality Updates within 4 days | As the time between release of a patch and an exploit based on the reverse engineering of that patch continues to shrink, engineering a process that provides the ability to validate and deploy quality updates addressing known security vulnerabilities is a critical aspect of security hygiene.| +| Helpdesk| 1:1 Administration| A simple and common model for helpdesk support is to add the Helpdesk group as a permanent member of the Local Administrators group of every device. If any device is compromised and helpdesk can connect to it, then these credentials can be used to obtain privilege on any / all other devices. Design and implement a strategy to provide helpdesk support without providing 1:all admin access – constraining the value of these Helpdesk credentials | + + diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-VIP-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-VIP-security.md deleted file mode 100644 index 9c8c264402..0000000000 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-VIP-security.md +++ /dev/null @@ -1,141 +0,0 @@ ---- -title: Level 3 enterprise VIP security configuration -description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 3 enterprise VIP security configuration. -keywords: virtualization, security, malware -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 04/05/2018 ---- - -# Level 3 enterprise VIP security configuration - -**Applies to** - -- Windows 10 - -Level 3 is the security configuration recommended as a standard for organizations with large and sophisticated security organizations, or for specific users and groups who will be uniquely targeted by adversaries. Such organizations are typically targeted by well-funded and sophisticated adversaries, and as such merit the additional constraints and controls described here. -A level 3 configuration should include all the configurations from level 5 and level 4 and add the following security policies, controls, and organizational behaviors. - -## Policies - -The policies enforced in level 3 implement strict security configuration and controls. They can have a potentially significant impact to users or to applications, enforcing a level of security commensurate with the risks facing targeted organizations. Microsoft recommends disciplined testing and deployment using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). - -### Security Template Policies - -| Feature | Policy Setting | Policy Value | Description | -|----------|-----------------|---------------|--------------| -| [Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/) | Account lockout duration | 15 | The number of minutes a locked-out account remains locked out before automatically becoming unlocked. | -| [Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/) | Account lockout threshold | 10 | The number of failed logon attempts that causes a user account to be locked out. | -| [Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/) | Reset account lockout counter after | 15 | The number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. | -| Password Policy | Maximum password age | 60 | The number of days that a password can be used before the system requires the user to change it. | -| Password Policy | Minimum password age | 1 | The number of days that a password must be used before a user can change it. | -| Security Options | Accounts: Administrator account status | Disabled | This security setting determines whether the local Administrator account is enabled or disabled. | -| Security Options | Accounts: Limit local account use of blank passwords to console logon only | Enabled | This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. | -| Security Options | Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | Enabled | Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category level, and existing Group Policy may override the subcategory settings of new machines as they are joined to the domain or upgraded. To allow audit policy to be managed using subcategories without requiring a change to Group Policy, there is a new registry value in Windows Vista and later versions, SCENoApplyLegacyAuditPolicy, which prevents the application of category-level audit policy from Group Policy and from the Local Security Policy administrative tool. | -| Security Options | Domain member: Digitally encrypt or sign secure channel data (always) | Enabled | This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. This setting determines whether all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically, it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
      - Domain member: Digitally encrypt secure channel data (when possible)
      - Domain member: Digitally sign secure channel data (when possible) | -| Security Options | Domain member: Digitally encrypt secure channel data (when possible) | Enabled | This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise, only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption. | -| Security Options | Domain member: Digitally sign secure channel data (when possible) | Enabled | This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed, which ensures that it cannot be tampered with in transit. | -| Security Options | Interactive logon: Smart card removal behavior | Lock Workstation | This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. If you click **Lock Workstation** in the **Properties** for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart cards with them, and still maintain protected sessions. For this setting to work beginning with Windows Vista, the Smart Card Removal Policy service must be started. | -| Security Options | Microsoft network client: Digitally sign communications (always) | Enabled | This security setting determines whether packet signing is required by the SMB client component. | -| Security Options | Microsoft network server: Digitally sign communications (always) | Enabled | This security setting determines whether packet signing is required by the SMB server component. | -| Security Options | Network access: Do not allow anonymous enumeration of SAM accounts | Enabled | This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. This security option allows additional restrictions to be placed on anonymous connections as follows: Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. | -| Security Options | Network access: Do not allow anonymous enumeration of SAM accounts and shares | Enabled | This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. | -| Security Options | Network access: Restrict anonymous access to Named Pipes and Shares | Enabled | When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
      - Network access: Named pipes that can be accessed anonymously
      - Network access: Shares that can be accessed anonymously | -| Security Options | Network security: Allow PKU2U authentication requests to this computer to use online identities. | Disabled | This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. | -| Security Options | Network security: LDAP client signing requirements | Negotiate signing | This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: Negotiate signing: If Transport Layer Security/Secure Sockets Layer (TLS\\SSL) has not been started, the LDAP BIND request is initiated with the LDAP data signing option set in addition to the options specified by the caller. If TLS\\SSL has been started, the LDAP BIND request is initiated with the options that are specified by the caller. | -| Security Options | System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | Enabled | This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. Each type of object is created with a default DACL that specifies who can access the objects and what permissions are granted. If this policy is enabled, the default DACL is stronger, allowing users who are not administrators to read shared objects but not allowing these users to modify shared objects that they did not create. | -| Security Options | User Account Control: Behavior of the elevation prompt for standard users | Automatically deny elevation requests | This policy setting controls the behavior of the elevation prompt for standard users. Automatically deny elevation requests: When an operation requires elevation of privilege, an access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. | - -### Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|----------|-----------------|---------------|--------------| -| Control Panel / Personalization | Prevent enabling lock screen camera | Enabled | Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default, users can enable invocation of an available camera on the lock screen. If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings and the camera cannot be invoked on the lock screen. | -| Control Panel / Personalization | Prevent enabling lock screen slide show | Enabled | Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. if you enable this setting, users will no longer be able to modify slide show settings in PC Settings and no slide show will ever start. | -| Windows Defender SmartScreen / Explorer | Configure App Install Control | Allow apps from Store only | App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly. | -| System / Device Installation / Device Installation Restrictions | Prevent installation of devices that match any of these device IDs | Enabled | This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in a list that you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. | -| System / Device Installation / Device Installation Restrictions | Prevent installation of devices using drivers that match these device setup classes | Enabled | This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. | -| System / Internet Communication Management / Internet Communication settings | Turn off downloading of print drivers over HTTP | Enabled | This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing non-inbox drivers need to be downloaded over HTTP. Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally. if you enable this policy setting, print drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HTTP. | -| System / Internet Communication Management / Internet Communication settings | Turn off printing over HTTP | Enabled | This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP. if you enable this policy setting, it prevents this client from printing to Internet printers over HTTP. If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP. Also see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers. | -| System / Logon | Enumerate local users on domain-joined computers | Disabled | This policy setting allows local users to be enumerated on domain-joined computers. if you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers. | -| System / Power Management / Sleep Settings | Allow standby states (S1-S3) when sleeping (on battery) | Disabled | This policy setting manages whether Windows can use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting Windows uses standby states to put the computer in a sleep state. If you disable this policy setting standby states (S1-S3) are not allowed. | -| System / Power Management / Sleep Settings | Allow standby states (S1-S3) when sleeping (plugged in) | Disabled | This policy setting manages whether Windows can use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting Windows uses standby states to put the computer in a sleep state. If you disable this policy setting standby states (S1-S3) are not allowed. | -| Windows Components / BitLocker Drive Encryption / Operating System Drives | Configure minimum PIN length for startup | Enabled: 7 | This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. if you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 4 and 20 digits. By default, the value is 6 digits. NOTE: If minimum PIN length is set below 6 digits Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. | -| Windows Components / BitLocker Drive Encryption / Removable Data Drives | Deny write access to removable drives not protected by BitLocker | Enabled | This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed, it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. Note: This policy setting can be overridden by the policy settings under User Configuration\\Administrative Templates\\System\\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled, this policy setting will be ignored. | -| Windows Components / Cloud Content | Turn off Microsoft consumer experiences | Enabled | This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. if you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. If you disable or do not configure this policy setting, users may see suggestions from Microsoft and notifications about their Microsoft account. Note: This setting only applies to Enterprise and Education SKUs. | -| Windows Components / Credential User Interface | Enumerate administrator accounts on elevation | Disabled | This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. if you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting users will always be required to type a user name and password to elevate. | -| Windows Components / Microsoft Edge | Configure Password Manager | Disabled | This policy setting lets you decide whether employees can save their passwords locally using Password Manager. By default, Password Manager is turned on. if you enable this setting, employees can use Password Manager to save their passwords locally. If you disable this setting employees can't use Password Manager to save their passwords locally. If you don't configure this setting employees can choose whether to use Password Manager to save their passwords locally. | -| Windows Components / Remote Desktop Services / Remote Desktop | Do not allow drive redirection | Enabled | This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format \ on \. You can use this policy setting to override this behavior. if you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions and Clipboard file copy redirection is not allowed on computers running Windows Server 2003 Windows 8 and Windows XP. If you disable this policy setting client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. | -| Windows Components / RSS Feeds | Prevent downloading of enclosures | Enabled | This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. if you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. | -| Windows Components / Search | Allow indexing of encrypted files | Disabled | This policy setting allows encrypted items to be indexed. if you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting the local setting configured through Control Panel will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled the index is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files. | -| Windows Components / Windows Ink Workspace | Allow Windows Ink Workspace | On, but disallow access above lock | Allow Windows Ink Workspace | - -### IE Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|-------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Windows Components / Internet Explorer | Prevent per-user installation of ActiveX controls | Enabled | This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. | -| Windows Components / Internet Explorer | Security Zones: Do not allow users to add/delete sites | Enabled | Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. | -| Windows Components / Internet Explorer | Security Zones: Do not allow users to change policies | Enabled | Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. | -| Windows Components / Internet Explorer | Security Zones: Use only machine settings | Enabled | Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level. If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer. | -| Windows Components / Internet Explorer | Turn off Crash Detection | Enabled | This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely, to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply. | -| Windows Components / Internet Explorer | Turn off the Security Settings Check feature | Disabled | This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | Enabled | This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Enabled | This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn on Enhanced Protected Mode | Enabled | Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page | Intranet Sites: Include all network paths (UNCs) | Disabled | This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow drag and drop or copy and paste files | Enabled: Disable | This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow loading of XAML files | Enabled: Disable | This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow only approved domains to use ActiveX controls without prompt | Enabled: Enable | This policy setting controls whether the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow only approved domains to use the TDC ActiveX control | Enabled: Enable | This policy setting controls whether the user can run the TDC ActiveX control on websites. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow scripting of Internet Explorer WebBrowser controls | Enabled: Disable | This policy setting determines whether a page can control embedded WebBrowser controls via script. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow script-initiated windows without size or position constraints | Enabled: Disable | This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow scriptlets | Enabled: Disable | This policy setting allows you to manage whether the user can run scriptlets. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow updates to status bar via script | Enabled: Disable | This policy setting allows you to manage whether script can update the status bar within the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow VBScript to run in Internet Explorer | Enabled: Disable | This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Download signed ActiveX controls | Enabled: Disable | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Include local path when user is uploading files to a server | Enabled: Disable | This policy setting controls whether local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Navigate windows and frames across different domains | Enabled: Disable | This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Web sites in less privileged Web content zones can navigate into this zone | Enabled: Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. | - -### IE User Policies - -| Feature | Policy Setting | Policy Value | Description | -|----------|-----------------|--------------|--------------| -| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. | - -## Controls - -The controls enforced in level 3 implement complex security configuration and controls. -They are likely to have a higher impact to users or to applications, -enforcing a level of security commensurate with the risks facing the most targeted organizations. -Microsoft recommends using the Audit/Enforce methodology for controls with audit mode, and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do -not. - -| Feature Set | Feature | Description | -|--------------|----------|--------------| -| Exploit protection | Enable exploit protection | Exploit protection helps protect devices from malware that use exploits to spread and infect to other devices. It consists of several mitigations that can be applied at the individual app level. | -| Windows Defender Application Control (WDAC) *or* AppLocker | Configure devices to use application whitelisting using one of the following approaches:
      [AaronLocker](https://blogs.msdn.microsoft.com/aaron_margosis/2018/10/11/aaronlocker-update-v0-91-and-see-aaronlocker-in-action-on-channel-9/) (admin writeable areas) when software distribution is not always centralized
      *or*
      [Managed installer](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer) when all software is pushed through software distribution
      *or*
      [Explicit control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy) when the software on a device is static and tightly controlled | Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. Application Control can help mitigate these types of security threats by restricting the applications that users can run and the code that runs in the System Core (kernel). WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs in [Constrained Language Mode](https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/). | - -## Behaviors - -The behaviors recommended in level 3 represent the most sophisticated security -configuration. Removing admin rights can be difficult, but it is essential to -achieve a level of security commensurate with the risks facing the most targeted -organizations. - -| Feature Set | Feature | Description | -|--------------|----------|--------------| -| Remove Admin Rights | Remove as many users as possible from the local Administrators group, targeting 0. Microsoft recommends removing admin rights role by role. Some roles are more challenging, including:
      - Developers, who often install rapidly iterating software which is difficult to package using current software distribution systems
      - Scientists/ Doctors, who often must install and operate specialized hardware devices
      - Remote locations with slow web links, where administration is delegated
      It is typically easier to address these roles later in the process.
      Microsoft recommends identifying the dependencies on admin rights and systematically addressing them:
      - Legitimate use of admin rights: crowdsourced admin, where a new process is needed to complete that workflow
      - Illegitimate use of admin rights: app compat dependency, where app remediation is the best path. The [Desktop App Assure](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-is-Desktop-App-Assure/ba-p/270232) program can assist with these app issues | Running as non-admin limits your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious code finds its way to one of those programs, it also gains unlimited access. When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privileges. If you’re running as admin, an exploit can:
      - install kernel-mode rootkits and/or keyloggers
      - install and start services
      - install ActiveX controls, including IE and shell add-ins
      - access data belonging to other users
      - cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
      - replace OS and other program files with trojan horses
      - disable/uninstall anti-virus
      - cover its tracks in the event log
      - render your machine unbootable | - - - - - diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md new file mode 100644 index 0000000000..b5c294ad6c --- /dev/null +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md @@ -0,0 +1,83 @@ +--- +title: Level 3 enterprise high security configuration +description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 3 enterprise VIP security configuration. +keywords: virtualization, security, malware +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.author: appcompatguy +author: appcompatguy +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 05/29/2019 +--- + +# Level 3 enterprise high security configuration + +**Applies to** + +- Windows 10 + +Level 3 is the security configuration recommended as a standard for organizations with large and sophisticated security organizations, or for specific users and groups who will be uniquely targeted by adversaries. Such organizations are typically targeted by well-funded and sophisticated adversaries, and as such merit the additional constraints and controls described here. +A level 3 configuration should include all the configurations from level 2 and level 1 and add the following security policies, controls, and organizational behaviors. + +## Hardware + +Devices targeting Level 3 should support all Level 2 and Level 1 features, and add the following hardware features: + +- [System Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) +- [Modern Standby](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby) + +## Policies + +The policies enforced in level 3 include all of the policies recommended for levels 2 and 1, and adds the below policies to +implement strict security configuration and controls. They can have a potentially significant impact to users or to applications, enforcing +a level of security commensurate with the risks facing targeted organizations. Microsoft recommends disciplined testing and deployment using +[the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). + +### Computer Policies + +| Feature | Policy Setting | Policy Value | Description | +|----------|-----------------|---------------|--------------| +| Control Panel / Personalization | Prevent enabling lock screen slide show | Enabled | Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. if you enable this setting, users will no longer be able to modify slide show settings in PC Settings and no slide show will ever start. | +| System / Logon | Enumerate local users on domain-joined computers | Disabled | This policy setting allows local users to be enumerated on domain-joined computers. if you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers. | +| System / Power Management / Sleep Settings | Allow standby states (S1-S3) when sleeping (on battery) | Disabled | This policy setting manages whether Windows can use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting Windows uses standby states to put the computer in a sleep state. If you disable this policy setting standby states (S1-S3) are not allowed. | +| System / Power Management / Sleep Settings | Allow standby states (S1-S3) when sleeping (plugged in) | Disabled | This policy setting manages whether Windows can use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting Windows uses standby states to put the computer in a sleep state. If you disable this policy setting standby states (S1-S3) are not allowed. | +| Windows Components / Cloud Content | Turn off Microsoft consumer experiences | Enabled | This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. if you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. If you disable or do not configure this policy setting, users may see suggestions from Microsoft and notifications about their Microsoft account. Note: This setting only applies to Enterprise and Education SKUs. | +| Windows Components / Credential User Interface | Enumerate administrator accounts on elevation | Disabled | This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. if you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting users will always be required to type a user name and password to elevate. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | Enabled | This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Enabled | This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows. | +| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn on Enhanced Protected Mode | Enabled | Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page | Intranet Sites: Include all network paths (UNCs) | Disabled | This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. | +| Windows Components / Microsoft Edge | Configure Password Manager | Disabled | This policy setting lets you decide whether employees can save their passwords locally using Password Manager. By default, Password Manager is turned on. if you enable this setting, employees can use Password Manager to save their passwords locally. If you disable this setting employees can't use Password Manager to save their passwords locally. If you don't configure this setting employees can choose whether to use Password Manager to save their passwords locally. | + +## Controls + +The controls enforced in level 3 implement complex security configuration and controls. +They are likely to have a higher impact to users or to applications, +enforcing a level of security commensurate with the risks facing the most targeted organizations. +Microsoft recommends using the Audit/Enforce methodology for controls with audit mode, and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do +not. + +| Feature Set | Feature | Description | +|--------------|----------|--------------| +| Exploit protection | Enable exploit protection | Exploit protection helps protect devices from malware that use exploits to spread and infect to other devices. It consists of several mitigations that can be applied at the individual app level. | +| Windows Defender Application Control (WDAC) *or* AppLocker | Configure devices to use application whitelisting using one of the following approaches:
      [AaronLocker](https://blogs.msdn.microsoft.com/aaron_margosis/2018/10/11/aaronlocker-update-v0-91-and-see-aaronlocker-in-action-on-channel-9/) (admin writeable areas) when software distribution is not always centralized
      *or*
      [Managed installer](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer) when all software is pushed through software distribution
      *or*
      [Explicit control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy) when the software on a device is static and tightly controlled | Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. Application Control can help mitigate these types of security threats by restricting the applications that users can run and the code that runs in the System Core (kernel). WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs in [Constrained Language Mode](https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/). | + +## Behaviors + +The behaviors recommended in level 3 represent the most sophisticated security +configuration. Removing admin rights can be difficult, but it is essential to +achieve a level of security commensurate with the risks facing the most targeted +organizations. + +| Feature Set | Feature | Description | +|--------------|----------|--------------| +| Remove Admin Rights | Remove as many users as possible from the local Administrators group, targeting 0. Microsoft recommends removing admin rights role by role. Some roles are more challenging, including:
      - Developers, who often install rapidly iterating software which is difficult to package using current software distribution systems
      - Scientists/ Doctors, who often must install and operate specialized hardware devices
      - Remote locations with slow web links, where administration is delegated
      It is typically easier to address these roles later in the process.
      Microsoft recommends identifying the dependencies on admin rights and systematically addressing them:
      - Legitimate use of admin rights: crowdsourced admin, where a new process is needed to complete that workflow
      - Illegitimate use of admin rights: app compat dependency, where app remediation is the best path. The [Desktop App Assure](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-is-Desktop-App-Assure/ba-p/270232) program can assist with these app issues | Running as non-admin limits your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious code finds its way to one of those programs, it also gains unlimited access. When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privileges. If you’re running as admin, an exploit can:
      - install kernel-mode rootkits and/or keyloggers
      - install and start services
      - install ActiveX controls, including IE and shell add-ins
      - access data belonging to other users
      - cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
      - replace OS and other program files with trojan horses
      - disable/uninstall anti-virus
      - cover its tracks in the event log
      - render your machine unbootable | + + + + + diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-devops-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md similarity index 54% rename from windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-devops-security.md rename to windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md index 3de02c1510..fbcf933ccc 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-devops-security.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md @@ -1,26 +1,27 @@ --- -title: Level 2 enterprise dev/ops security workstation configuration -description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 2 enterprise dev/ops security configuration. +title: Level 4 enterprise dev/ops security workstation configuration +description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 4 enterprise dev/ops security configuration. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/05/2018 +ms.date: 06/11/2019 +ms.reviewer: --- -# Level 2 enterprise dev/ops workstation security configuration +# Level 4 enterprise dev/ops workstation security configuration **Applies to** - Windows 10 -We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. A level 2 configuration should include all the configurations from levels 5, 4, and 3 and additional controls. We are planning recommendations for the additional controls now, so check back soon for level 2 enterprise dev/ops security configuration guidance! +We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. A level 4 configuration should include all the configurations from levels 3, 2, and 1 and additional controls. We are planning recommendations for the additional controls now, so check back soon for level 4 enterprise dev/ops security configuration guidance! diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-high-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-high-security.md deleted file mode 100644 index 2986d0f69e..0000000000 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-high-security.md +++ /dev/null @@ -1,209 +0,0 @@ ---- -title: Level 4 enterprise high security configuration -description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 4 enterprise security configuration. -keywords: virtualization, security, malware -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 04/05/2018 ---- - -# Level 4 enterprise high security configuration - -**Applies to** - -- Windows 10 - -Level 4 is the security configuration recommended as a standard for devices where users access more sensitive information. These devices are a natural target in enterprises today. While targeting high levels of security, these recommendations do not assume a large staff of highly skilled security practitioners, and therefore should be accessible to most enterprise organizations. -A level 4 configuration should include all the configurations from level 5 and add the following security policies, controls, and organizational behaviors. - -## Policies - -The policies enforced in level 4 implement more controls and a more sophisticated security -configuration than level 5. While they may have a slightly higher impact to -users or to applications, they enforce a level of security more commensurate -with the risks facing users with access to sensitive information. Microsoft -recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and -controls, with a moderate timeline that is anticipated to be slightly longer -than the process in level 5. - -### Security Template Policies - -| Feature | Policy Setting | Policy Value | Description | -|------------------------|-------------------------------------------------------------------------------------------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Security Options | Microsoft network client: Send unencrypted password to third party | Disabled | If this security setting is enabled, the Server Message Block (SMB) redirector can send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. | -| Security Options | Network access: Allow anonymous SID/Name translation | Disabled | This security setting determines if an anonymous user can request security identifier (SID) attributes for another user. If this policy is enabled, a user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. | -| Security Options | Network access: Restrict clients allowed to make remote calls to SAM | Enabled: Administrators (allowed) | This policy setting allows you to restrict remote RPC connections to SAM. If not selected, the default security descriptor will be used. | -| Security Options | Network security: Allow LocalSystem NULL session fallback | Disabled | Allow NTLM to fall back to NULL session when used with LocalSystem | -| Security Options | Network security: Do not store LAN Manager hash value on next password change | Enabled | This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. | -| Security Options | Network security: LAN Manager authentication level | Send NTLMv2 response only. Refuse LM & NTLM | This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send NTLMv2 response only\\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). | -| Security Options | Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | Require NTLMv2 session security and Require 128-bit encryption | This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. | -| Security Options | Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | Require NTLMv2 session security and Require 128-bit encryption | This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. | -| Security Options | User Account Control: Only elevate UIAccess applications that are installed in secure locations | Enabled | This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - …\\Program Files\\, including subfolders - …\\Windows\\system32\\ - …\\Program Files (x86)\\, including subfolders for 64-bit versions of Windows | -| User Rights Assignment | Access this computer from the network | Administrators; Remote Desktop Users | This user right determines which users and groups can connect to the computer over the network. Remote Desktop Services are not affected by this user right. | -| User Rights Assignment | Enable computer and user accounts to be trusted for delegation | No One (blank) | This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. | -| User Rights Assignment | Impersonate a client after authentication | Administrators, SERVICE, Local Service, Network Service | Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. | -| User Rights Assignment | Lock pages in memory | No One (blank) | This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random-access memory (RAM). | -| User Rights Assignment | Perform volume maintenance tasks | Administrators | This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. | -| User Rights Assignment | Profile single process | Administrators | This security setting determines which users can use performance monitoring tools to monitor the performance of non-system processes. | - -### Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|---------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Network / Network Connections | Prohibit use of Internet Connection Sharing on your DNS domain network | Enabled | Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. | -| Network / Network Provider | Hardened UNC Paths | Enabled: \\\\\*\\SYSVOL and \\\\\*\\NETLOGON RequireMutualAuthentication = 1, RequireIntegrity = 1 | This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. | -| Network / Windows Connection Manager | Prohibit connection to non-domain networks when connected to domain authenticated network | Enabled | This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time. | -| Network / WLAN Service / WLAN Settings | Allow Windows to automatically connect to suggested open hotspots to networks shared by contacts and to hotspots offering paid services | Disabled | This policy setting determines whether users can enable the following WLAN settings: "Connect to suggested open hotspots," "Connect to networks shared by my contacts," and "Enable paid services". | -| System / Credentials Delegation | Remote host allows delegation of non-exportable credentials | Enabled | When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. | -| System / Device Guard | Turn on Virtualization Based Security | Enabled: Virtualization-Based Protection of Code Integrity – Enabled with UEFI Lock | This setting enables virtualization-based protection of Kernel Mode Code Integrity. When this is enabled, kernel mode memory protections are enforced, and the Code Integrity validation path is protected by the Virtualization Based Security feature. | -| System / Internet Communication Management / Internet Communication | Turn off Internet download for Web publishing and online ordering wizards | Enabled | This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry. | -| System / Logon | Turn on convenience PIN sign-in | Disabled | This policy setting allows you to control whether a domain user can sign in using a convenience PIN. | -| System / Remote Assistance | Configure Solicited Remote Assistance | Disabled | This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. | -| Windows Components / File Explorer | Turn off Data Execution Prevention for Explorer | Disabled | Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. | -| Windows Components / File Explorer | Turn off heap termination on corruption | Disabled | Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. | -| Windows Components / Remote Desktop Services / Remote Desktop Connection Client | Do not allow passwords to be saved | Enabled | Controls whether passwords can be saved on this computer from Remote Desktop Connection. | -| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Always prompt for password upon connection | Enabled | This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. | -| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Require secure RPC communication | Enabled | Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. | -| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Set client connection encryption level | Enabled: High Level | Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. | -| Windows Components / Windows Security / App and browser protection | Prevent users from modifying settings | Enabled | Prevent users from making changes to the Exploit protection settings area in Windows Security. | -| Windows Components / Windows Game Recording and Broadcasting | Enables or disables Windows Game Recording and Broadcasting | Disabled | This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed. | -| Windows Components / Windows PowerShell | Turn on PowerShell Script Block Logging | Enabled | This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. | -| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Allow Basic authentication | Disabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. | -| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Disallow Digest authentication | Enabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication. | -| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Allow Basic authentication | Disabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. | -| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Disallow WinRM from storing RunAs credentials | Enabled | This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. | - -### Windows Defender Antivirus Policies - -| Feature | Policy Setting | Policy Value | Description | -|-------------------------------------------------|-----------------------------------------------------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Windows Components / Windows Defender Antivirus | Configure Detection for Potentially Unwanted Applications | Enabled: Block | Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. | - -### IE Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|---------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. | -| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. | -| Windows Components / Internet Explorer | Specify use of ActiveX Installer Service for installation of ActiveX controls | Enabled | This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls. | -| Windows Components / Internet Explorer / Internet Control Panel | Prevent ignoring certificate errors | Enabled | This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Allow software to run or install even if the signature is invalid | Disabled | This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Check for signatures on downloaded programs | Enabled | This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Turn off encryption support | Enabled: Use | This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most preferred match. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page | Turn on certificate address mismatch warning | Enabled | This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Allow cut copy or paste operations from the clipboard via script | Enabled: Disable | This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Automatic prompting for file downloads | Enabled: Disable | This policy setting determines whether users will be prompted for non-user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Download unsigned ActiveX controls | Enabled: Disable | This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Enable dragging of content from different domains across windows | Enabled: Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Enable dragging of content from different domains within a window | Enabled: Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Initialize and script ActiveX controls not marked as safe | Enabled: Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Launching applications and files in an IFRAME | Enabled: Disable | This policy setting allows you to manage whether applications may be run, and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Logon options | Enabled: Prompt for user name and password | This policy setting allows you to manage settings for logon options. Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Run .NET Framework-reliant components not signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Run .NET Framework-reliant components signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Show security warning for potentially unsafe files | Enabled: Prompt | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Userdata persistence | Enabled: Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Initialize and script ActiveX controls not marked as safe | Enabled: Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Intranet Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Local Machine Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow active scripting | Enabled: Disable | This policy setting allows you to manage whether script code on pages in the zone is run. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow binary and script behaviors | Enabled: Disable | This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow cut copy or paste operations from the clipboard via script | Enabled: Disable | This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow drag and drop or copy and paste files | Enabled: Disable | This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow file downloads | Enabled: Disable | This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow loading of XAML files | Enabled: Disable | This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow META REFRESH | Enabled: Disable | This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Download signed ActiveX controls | Enabled: Disable | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow only approved domains to use ActiveX controls without prompt | Enabled: Enable | This policy setting controls whether the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow only approved domains to use the TDC ActiveX control | Enabled: Enable | This policy setting controls whether the user can run the TDC ActiveX control on websites. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow scripting of Internet Explorer WebBrowser controls | Enabled: Disable | This policy setting determines whether a page can control embedded WebBrowser controls via script. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow script-initiated windows without size or position constraints | Enabled: Disable | This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow scriptlets | Enabled: Disable | This policy setting allows you to manage whether the user can run scriptlets. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow updates to status bar via script | Enabled: Disable | This policy setting allows you to manage whether script can update the status bar within the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow VBScript to run in Internet Explorer | Enabled: Disable | This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Automatic prompting for file downloads | Enabled: Disable | This policy setting determines whether users will be prompted for non-user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Download unsigned ActiveX controls | Enabled: Disable | This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Enable dragging of content from different domains across windows | Enabled: Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Enable dragging of content from different domains within a window | Enabled: Disable | This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Include local path when user is uploading files to a server | Enabled: Disable | This policy setting controls whether local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Initialize and script ActiveX controls not marked as safe | Enabled: Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Java permissions | Enabled: Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Launching applications and files in an IFRAME | Enabled: Disable | This policy setting allows you to manage whether applications may be run, and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Logon options | Enabled: Anonymous logon | This policy setting allows you to manage settings for logon options. Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Navigate windows and frames across different domains | Enabled: Disable | This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run .NET Framework-reliant components not signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run .NET Framework-reliant components signed with Authenticode | Enabled: Disable | This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Run ActiveX controls and plugins | Enabled: Disable | This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Script ActiveX controls marked safe for scripting | Enabled: Disable | This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Scripting of Java applets | Enabled: Disable | This policy setting allows you to manage whether applets are exposed to scripts within the zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Show security warning for potentially unsafe files | Enabled: Disable | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). If you disable this policy setting, these files do not open. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Userdata persistence | Enabled: Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Web sites in less privileged Web content zones can navigate into this zone | Enabled: Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Initialize and script ActiveX controls not marked as safe | Enabled: Disable | This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Java permissions | Enabled: High Safety | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. High Safety enables applets to run in their sandbox. | -| Windows Components / Internet Explorer / Security Features / Add-on Management | Remove "Run this time" button for outdated ActiveX controls in Internet Explorer | Enabled | This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer. | -| Windows Components / Internet Explorer / Security Features / Add-on Management | Turn off blocking of outdated ActiveX controls for Internet Explorer | Disabled | This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. | -| Windows Components / Internet Explorer / Security Features / Consistent Mime Handling | Internet Explorer Processes | Enabled | Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files. | -| Windows Components / Internet Explorer / Security Features / Mime Sniffing Safety Feature | Internet Explorer Processes | Enabled | This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. | -| Windows Components / Internet Explorer / Security Features / MK Protocol Security Restriction | Internet Explorer Processes | Enabled | The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. | -| Windows Components / Internet Explorer / Security Features / Notification Bar | Internet Explorer Processes | Enabled | This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes. | -| Windows Components / Internet Explorer / Security Features / Protection from Zone Elevation | Internet Explorer Processes | Enabled | Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. | -| Windows Components / Internet Explorer / Security Features / Restrict ActiveX Install | Internet Explorer Processes | Enabled | This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes. | -| Windows Components / Internet Explorer / Security Features / Restrict File Download | Internet Explorer Processes | Enabled | This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes. | -| Windows Components / Internet Explorer / Security Features / Scripted Window Security Restrictions | Internet Explorer Processes | Enabled | Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. | - -### Custom Policies - -| Feature | Policy Setting | Policy Value | Description | -|-------------------|---------------------------------|-------------------------|------------------------| -| MS Security Guide | Configure SMB v1 server | Disabled | Disable or enable server-side processing of the SMBv1 protocol | -| MS Security Guide | Configure SMB v1 client driver | Enabled: Disable driver | Configure the startup mode for the kernel mode driver that implements client-side SMBv1 processing (MrxSmb10). This setting includes a dropdown that is activated when the Enabled radio button is selected and that controls the “Start” registry value in HKLM\\SYSTEM\\CurrentControlSet\\Services\\MrxSmb10. | -| MS Security Guide | Enabled Structured Exception Handling Overwrite Protection (SEHOP)| Enabled | This feature is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. This protection mechanism is provided at run-time. Therefore, it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option. We recommend that Windows users who are running any of the above operating systems enable this feature to improve the security profile of their systems. | -| MS Security Guide | WDigest Authentication | Disabled | When the WDigest Authentication protocol is enabled, plain text passwords are stored in the Local Security Authority Subsystem Service (LSASS) exposing them to theft. WDigest is disabled by default in Windows 10. This setting ensures this is enforced. | -| MS Security Guide | Block Flash activation in Office documents | Enabled | Prevents the Adobe Flash ActiveX control from being loaded by Office applications. | -| MSS (Legacy) | MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing) | Highest Protection, source routing is completely disabled | Allowing source routed network traffic allows attackers to obscure their identity and location. | -| MSS (Legacy) | MSS: (DisableIPSourceRouting) IP source routing protection level (Protects against packet spoofing) | Highest Protection, source routing is completely disabled | Allowing source routed network traffic allows attackers to obscure their identity and location. | -| MSS (Legacy) | MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | Disabled | Allowing ICMP redirect of routes can lead to traffic not being routed properly. When disabled, this forces ICMP to be routed via shortest path first. | -| MSS (Legacy) | MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | Enabled | Prevents a denial-of-service (DoS) attack against a WINS server. The DoS consists of sending a NetBIOS Name Release Request to the server for each entry in the server's cache, causing a response delay in the normal operation of the server's WINS resolution capability. | - -## Controls - -The controls enforced in level 4 implement more controls and a more sophisticated security -configuration than level 5. While they may have a slightly higher impact to -users or to applications, they enforce a level of security more commensurate -with the risks facing users with access to sensitive information. Microsoft -recommends using the Audit/Enforce methodology for controls with an Audit mode, -and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do not, with a moderate timeline that -is anticipated to be slightly longer than the process in level 5. - -| Feature Set | Feature | Description | -|-------------------------------------------------------------|-------------------------------------------------------|----------------| -| [Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) | Enforce memory protection for OS-level controls:
      - Control flow guard (CFG)
      - Data Execution Protection (DEP)
      - Mandatory ASLR
      - Bottom-Up ASLR
      - High-entropy ASLR
      - Validate Exception Chains (SEHOP)
      - Validate heap integrity | Exploit protection helps protect devices from malware that use exploits to spread and infect to other devices. It consists of several mitigations that can be applied at either the operating system level, or at the individual app level. There is a risk to application compatibility, as some applications may rely on blocked behavior (e.g. dynamically generating code without marking memory as executable). Microsoft recommends gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | -| [Attack Surface Reduction (ASR)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)| Configure and enforce [Attack Surface Reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules)| Attack surface reduction controls help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. There is a risk to application compatibility, as some applications may rely on blocked behavior (e.g. an Office application spawning a child process). Each control has an Audit mode, and as such, Microsoft recommends the Audit / Enforce Methodology (repeated here):
      1) Audit – enable the controls in audit mode, and gather audit data in a centralized location
      2) Review – review the audit data to assess potential impact (both positive and negative) and configure any exemptions from the security control you need to configure
      3) Enforce – Deploy the configuration of any exemptions and convert the control to enforce mode | -| [Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard) | Configure and enforce Network Protection | Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. It expands the scope of Windows Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). There is a risk to application compatibility, as a result of false positives in flagged sites. Microsoft recommends deploying using the Audit / Enforce Methodology. | - -## Behaviors - -The behaviors recommended in level 4 implement a more sophisticated security process. While they may require a more sophisticated organization, they enforce -a level of security more commensurate with the risks facing users with access to -sensitive information. - -| Feature Set| Feature | Description | -|------------|----------|--------------| -| Antivirus | Configure Protection Updates to failover to retrieval from Microsoft | Sources for Windows Defender Antivirus Protection Updates can be provided in an ordered list. If you are using internal distribution, such as SCCM or WSUS, configure Microsoft Update lower in the list as a failover. | -| OS Security Updates | Deploy Windows Quality Updates within 4 days | As the time between release of a patch and an exploit based on the reverse engineering of that patch continues to shrink, engineering a process that provides the ability to validate and deploy quality updates addressing known security vulnerabilities is a critical aspect of security hygiene.| -| Helpdesk| 1:1 Administration| A simple and common model for helpdesk support is to add the Helpdesk group as a permanent member of the Local Administrators group of every device. If any device is compromised and helpdesk can connect to it, then these credentials can be used to obtain privilege on any / all other devices. Design and implement a strategy to provide helpdesk support without providing 1:all admin access – constraining the value of these Helpdesk credentials | - - diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-administrator-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md similarity index 56% rename from windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-administrator-security.md rename to windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md index bc0e695034..8b9d1f63c3 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-administrator-security.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md @@ -1,20 +1,21 @@ --- -title: Level 1 enterprise administrator workstation security +title: Level 5 enterprise administrator workstation security description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 1 enterprise administrator security configuration. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/05/2018 +ms.date: 06/11/2019 +ms.reviewer: --- -# Level 1 enterprise administrator workstation security configuration +# Level 5 enterprise administrator workstation security configuration **Applies to** @@ -22,4 +23,4 @@ ms.date: 04/05/2018 Administrators (particularly of identity or security systems) present the highest risk to the organization−through data theft, data alteration, or service disruption. -A level 1 configuration should include all the configurations from levels 5, 4, 3, and 2 and additional controls. We are planning recommendations for the additional controls now, so check back soon for level 1 enterprise administrator security configuration guidance! +A level 5 configuration should include all the configurations from levels 4, 3, 2, and 1 and adds additional controls. We are planning recommendations for the additional controls now, so check back soon for level 5 enterprise administrator security configuration guidance! diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-security.md deleted file mode 100644 index 5b7819551f..0000000000 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-security.md +++ /dev/null @@ -1,244 +0,0 @@ ---- -title: Level 5 enterprise security configuration -description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 5 enterprise security configuration. -keywords: virtualization, security, malware -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 04/05/2018 ---- - -# Level 5 enterprise security configuration - -**Applies to** - -- Windows 10 - -Level 5 is the minimum security configuration for an enterprise device. -Microsoft recommends the following configuration for level 5 devices. - -## Policies - -The policies in level 5 enforce a reasonable security level while minimizing the impact to users or to applications. -Microsoft recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and controls, noting that the timeline can generally be short given the limited potential impact of the security controls. - -### Security Template Policies - -| Feature | Policy Setting | Policy Value | Description | -|-------------------------|--------------------------------------------------------------------------------------------------|---------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Password Policy | Enforce password history | 24 | The number of unique new passwords that must be associated with a user account before an old password can be reused. | -| Password Policy | Minimum password length | 14 | The least number of characters that a password for a user account may contain. | -| Password Policy | Password must meet complexity requirements | Enabled | Determines whether passwords must meet complexity requirements:
      1) Not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither check is case sensitive.
      The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is less than three characters long, this check is skipped. The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.
      2) Contain characters from three of the following categories:
      - Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
      - Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
      - Base 10 digits (0 through 9)
      -Non-alphanumeric characters (special characters):
      (~!@#$%^&*_-+=`\|\\(){}[]:;"'<>,.?/)
      Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting.
      - Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages. | -| Password Policy | Store passwords using reversible encryption | Disabled | Determines whether the operating system stores passwords using reversible encryption. | -| Security Options | Accounts: Guest account status | Disabled | Determines if the Guest account is enabled or disabled. | -| Security Options | Domain member: Disable machine account password changes | Disabled | Determines whether a domain member periodically changes its computer account password. | -| Security Options | Domain member: Maximum machine account password age | 30 | Determines how often a domain member will attempt to change its computer account password | -| Security Options | Domain member: require strong (Windows 2000 or later) session key | Enabled | Determines whether 128-bit key strength is required for encrypted secure channel data | -| Security Options | Interactive logon: Machine inactivity limit | 900 | The number of seconds of inactivity before the session is locked | -| Security Options | User Account Control: Admin approval mode for the built-in administrator | Enabled | The built-in Administrator account uses Admin Approval Mode - any operation that requires elevation of privilege will prompt to user to approve that operation | -| Security Options | User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | Prompt for consent on the secure desktop | When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. | -| Security Options | User Account Control: Detect application installations and prompt for elevation | Enabled | When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. | -| Security Options | User Account Control: Run all Administrators in admin approval mode | Enabled | This policy must be enabled, and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. | -| Security Options | User Account Control: Virtualize file and registry write failures to per-user locations | Enabled | This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software. | -| User Rights Assignments | Access Credential Manager as a trusted caller | No One (blank) | This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. | -| User Rights Assignments | Act as part of the operating system | No One (blank) | This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | -| User Rights Assignments | Allow log on locally | Administrators; Users | Determines which users can log on to the computer | -| User Rights Assignments | Back up files and directories | Administrators | Determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system | -| User Rights Assignments | Create a pagefile | Administrators | Determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file | -| User Rights Assignments | Create a token object | No One (blank) | Determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. | -| User Rights Assignments | Create global objects | Administrators; LOCAL SERVICE; NETWORK SERVICE; SERVICE | This security setting determines whether users can create global objects that are available to all sessions. | -| User Rights Assignments | Create permanent shared objects | No One (blank) | Determines which accounts can be used by processes to create a directory object using the object manager | -| User Rights Assignments | Create symbolic links | Administrators | Determines if the user can create a symbolic link from the computer he is logged on to | -| User Rights Assignments | Debug programs | Administrators | Determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. | -| User Rights Assignments | Deny access to this computer from the network | Guests; NT AUTHORITY\\Local Account | Determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. | -| User Rights Assignments | Deny log on locally | Guests | Determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. | -| User Rights Assignments | Deny log on through Remote Desktop Services | Guests; NT AUTHORITY\\Local Account | Determines which users and groups are prohibited from logging on as a Remote Desktop Services client | -| User Rights Assignments | Force shutdown from a remote system | Administrators | Determines which users can shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. | -| User Rights Assignments | Increase scheduling priority | Administrators | Determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | -| User Rights Assignments | Load and unload device drivers | Administrators | Determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | -| User Rights Assignments | Manage auditing and security log | Administrators | Determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. | -| User Rights Assignments | Modify firmware environment variables | Administrators | Determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. | -| User Rights Assignments | Restore files and directories | Administrators | Determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object | -| User Rights Assignments | Take ownership of files or other objects | Administrators | Determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads | - -### Advanced Audit Policies - -| Feature | Policy Setting | Policy Value | Description | -|--------------------|---------------------------------------|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Account Logon | Audit Credential Validation | Success and Failure | Audit events generated by validation tests on user account logon credentials. Occurs only on the computer that is authoritative for those credentials. | -| Account Management | Audit Security Group Management | Success | Audit events generated by changes to security groups, such as creating, changing or deleting security groups, adding or removing members, or changing group type. | -| Account Management | Audit User Account Management | Success and Failure | Audit changes to user accounts. Events include creating, changing, deleting user accounts; renaming, disabling, enabling, locking out, or unlocking accounts; setting or changing a user account’s password; adding a security identifier (SID) to the SID History of a user account; configuring the Directory Services Restore Mode password; changing permissions on administrative user accounts; backing up or restoring Credential Manager credentials | -| Detailed Tracking | Audit PNP Activity | Success | Audit when plug and play detects an external device | -| Detailed Tracking | Audit Process Creation | Success | Audit events generated when a process is created or starts; the name of the application or user that created the process is also audited | -| Logon/ Logoff | Audit Account Lockout | Failure | Audit events generated by a failed attempt to log on to an account that is locked out | -| Logon/ Logoff | Audit Group Membership | Success | Audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. | -| Logon/ Logoff | Audit Logon | Success and Failure | Audit events generated by user account logon attempts on the computer | -| Logon/ Logoff | Audit Other Logon / Logoff Events | Success and Failure | Audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting, such as Terminal Services session disconnections, new Terminal Services sessions locking and unlocking a workstation, invoking or dismissing a screen saver, detection of a Kerberos replay attack, or access to a wireless network granted to a user or computer account | -| Logon/ Logoff | Audit Special Logon | Success | Audit events generated by special logons such as the use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level, or a logon by a member of a Special Group (Special Groups enable you to audit events generated when a member of a certain group has logged on to your network) | -| Object Access | Audit Detailed File Share | Failure | Audit attempts to access files and folders on a shared folder; the Detailed File Share setting logs an event every time a file or folder is accessed | -| Object Access | Audit File Share | Success and Failure | Audit attempts to access a shared folder; an audit event is generated when an attempt is made to access a shared folder | -| Object Access | Audit Other Object Access Events | Success and Failure | Audit events generated by the management of task scheduler jobs or COM+ objects | -| Object Access | Audit Removable Storage | Success and Failure | Audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. | -| Policy Change | Audit Audit Policy Change | Success | Audit changes in the security audit policy settings | -| Policy Change | Audit Authentication Policy Change | Success | Audit events generated by changes to the authentication policy | -| Policy Change | Audit MPSSVC Rule-Level Policy Change | Success and Failure | Audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. | -| Policy Change | Audit Other Policy Change Events | Failure | Audit events generated by other security policy changes that are not audited in the policy change category, such as Trusted Platform Module (TPM) configuration changes, kernel-mode cryptographic self tests, cryptographic provider operations, cryptographic context operations or modifications, applied Central Access Policies (CAPs) changes, or boot Configuration Data (BCD) modifications | -| Privilege Use | Audit Sensitive Privilege Use | Success and Failure | Audit events generated when sensitive privileges (user rights) are used | -| System | Audit Other System Events | Success and Failure | Audit any of the following events: Startup and shutdown of the Windows Firewall service and driver, security policy processing by the Windows Firewall Service, cryptography key file and migration operations. | -| System | Audit Security State Change | Success | Audit events generated by changes in the security state of the computer such as startup and shutdown of the computer, change of system time, recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured. | -| System | Audit Security System Extension | Success | Audit events related to security system extensions or services | -| System | Audit System Integrity | Success and Failure | Audit events that violate the integrity of the security subsystem | - -### Windows Defender Firewall Policies - -| Feature | Policy Setting | Policy Value | Description | -|----------------------------|---------------------------------------|--------------|-------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a domain connection | -| Domain Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a domain connection | -| Domain Profile / Logging | Size Limit | 16384 | Sets the firewall log file size for a domain connection | -| Domain Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the domain profile | -| Domain Profile / State | Firewall State | On | Enables the firewall when connected to the domain profile | -| Domain Profile / State | Inbound Connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the domain profile | -| Private Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a private connection | -| Private Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a private connection | -| Private Profile / Logging | Size limit | 16384 | Sets the firewall log file size for a private connection | -| Private Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the private profile | -| Private Profile / State | Firewall state | On | Enables the firewall when connected to the private profile | -| Private Profile / State | Inbound connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the private profile | -| Public Profile / Logging | Log dropped packets | Yes | Enables logging of dropped packets for a public connection | -| Public Profile / Logging | Log successful connections | Yes | Enables logging of successful connections for a public connection | -| Public Profile / Logging | Size Limit | 16384 | Sets the firewall log file size for a public connection | -| Public Profile / Settings | Apply local connection security rules | No | Ensures local connection rules will not be merged with Group Policy settings in the domain | -| Public Profile / Settings | Apply local firewall rules | No | Users cannot create new firewall rules | -| Public Profile / Settings | Display a notification | No | The display of notifications to the user is enabled when a program is blocked from receiving an inbound connection in the public profile | -| Public Profile / State | Firewall state | On | Enables the firewall when connected to the public profile | -| Public Profile / State | Inbound connections | Block | Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the public profile | - -### Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|---------------------------------------------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Network / Lanman Workstation | Enable insecure guest logons | Disabled | Determines if the SMB client will allow insecure guest logons to an SMB server | -| System / Device Guard | Turn on Virtualization Based Security | Enabled: SecureBoot and DMA Protection | Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices. | -| System / Early Launch Antimalware | Boot-Start Driver Initialization Policy | Enabled: Good, Unknown and bad but critical | Allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. | -| System / Power Management / Sleep Settings | Require a password when a computer wakes (on battery) | Enabled | Specifies whether the user is prompted for a password when the system resumes from sleep | -| System / Power Management / Sleep Settings | Require a password when a computer wakes (plugged in) | Enabled | Specifies whether the user is prompted for a password when the system resumes from sleep | -| System / Remote Procedure Call | Restrict Unauthenticated RPC clients | Enabled: Authenticated | Controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. | -| Windows Components / App runtime | Allow Microsoft accounts to be optional | Enabled | Lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. | -| Windows Components / AutoPlay Policies | Disallow Autoplay for non-volume devices | Enabled | Disallows AutoPlay for MTP devices like cameras or phones. | -| Windows Components / AutoPlay Policies | Set the default behavior for AutoRun | Enabled: Do not execute any autorun commands | Sets the default behavior for Autorun commands. | -| Windows Components / AutoPlay Policies | Turn off Autoplay | Enabled: All Drives | Allows you to turn off the Autoplay feature. | -| Windows Components / Biometrics / Facial Features | Configure enhanced anti-spoofing | Enabled | Determines whether enhanced anti-spoofing is required for Windows Hello face authentication | -| Windows Components / BitLocker Drive Encryption | Choose drive encryption method and cipher strength (Windows 10) | Enabled: XTA-AES-256 for operating system drives and fixed drives and AES-CBC-256 for removable drives | Allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. | -| Windows Components / BitLocker Drive Encryption | Disable new DMA devices when this computer is locked | Enabled | Allows you to block direct memory access (DMA) for all Thunderbolt hot pluggable PCI downstream ports until a user logs into Windows | -| Windows Components / BitLocker Drive Encryption / Operating System Drives | Allow enhanced PINs for startup | Enabled | Allows you to configure whether enhanced startup PINs are used with BitLocker | -| Windows Components / BitLocker Drive Encryption / Operating System Drives | Allow Secure Boot for integrity validation | Enabled | Allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives. | -| Windows Components / Event Log Service / Application | Specify the maximum log file size (KB) | Enabled: 32768 | Specifies the maximum size of the log file in kilobytes. | -| Windows Components / Event Log Service / Security | Specify the maximum log file size (KB) | Enabled: 196608 | Specifies the maximum size of the log file in kilobytes. | -| Windows Components / Event Log Service / System | Specify the maximum log file size (KB) | Enabled: 32768 | Specifies the maximum size of the log file in kilobytes. | -| Windows Components / Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Configure whether to turn on Windows Defender SmartScreen to provide warning messages to help protect your employees from potential phishing scams and malicious software | -| Windows Components / Windows Defender SmartScreen / Explorer | Configure Windows Defender SmartScreen | Warn and prevent bypass | Allows you to turn Windows Defender SmartScreen on or off | -| Windows Components / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for files | Enabled | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. | -| Windows Components / Windows Defender SmartScreen / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for sites | Enabled | Lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites | -| Windows Components / Windows Installer | Allow user control over installs | Disabled | Permits users to change installation options that typically are available only to system administrators | -| Windows Components / Windows Installer | Always install with elevated privileges | Disabled | Directs Windows Installer to use elevated permissions when it installs any program on the system | -| Windows Components / Windows Logon Options | Sign-in last interactive user automatically after a system-initiated restart | Disabled | Controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system | -| Windows Components / Windows Remote Management (WinRM) / WinRM Client | Allow unencrypted traffic | Disabled | Manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network | -| Windows Components / Windows Remote Management (WinRM) / WinRM Service | Allow unencrypted traffic | Disabled | Manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. | - -### Windows Defender Antivirus Policies - -| Feature | Policy Setting | Policy Value | Description | -|------------------------------------------------------------------------|-----------------------------------------------------------|----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Windows Components / Windows Defender Antivirus | Turn off Windows Defender Antivirus | Disabled | Turns off Windows Defender Antivirus | -| Windows Components / Windows Defender Antivirus | Configure detection for potentially unwanted applications | Enabled: Audit | Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. | -| Windows Components / Windows Defender Antivirus / MAPS | Join Microsoft MAPS | Enabled: Advanced MAPS | Allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. | -| Windows Components / Windows Defender Antivirus / MAPS | Send file samples when further analysis is required | Enabled: Send safe samples | Configures behavior of samples submission when opt-in for MAPS telemetry is set | -| Windows Components / Windows Defender Antivirus / Real-time Protection | Turn off real-time protection | Disabled | Turns off real-time protection prompts for known malware detection | -| Windows Components / Windows Defender Antivirus / Real-time Protection | Turn on behavior monitoring | Enabled | Allows you to configure behavior monitoring. | -| Windows Components / Windows Defender Antivirus / Scan | Scan removable drives | Enabled | Allows you to manage whether to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. | -| Windows Components / Windows Defender Antivirus / Scan | Specify the interval to run quick scans per day | 24 | Allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). | -| Windows Components / Windows Defender Antivirus / Scan | Turn on e-mail scanning | Enabled | Allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments | - -### User Policies - -| Feature | Policy Setting | Policy Value | Description | -|----------------------------------------|-------------------------------------------------------------|--------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Start Menu and Taskbar / Notifications | Turn off toast notifications on the lock screen | Enabled | Turns off toast notifications on the lock screen. | -| Windows Components / Cloud Content | Do not suggest third-party content in the Windows spotlight | Enabled | Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers | - -### IE Computer Policies - -| Feature | Policy Setting | Policy Value | Description | -|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Windows Components / Internet Explorer | Prevent managing SmartScreen Filter | Enabled: On | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. | -| Windows Components / Internet Explorer / Internet Control Panel / Advanced Page | Check for server certificate revocation | Enabled | Allows you to manage whether Internet Explorer will check revocation status of servers' certificates | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Cross-Site Scripting Filter | Enabled: Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Protected Mode | Enabled: Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Use Pop-up Blocker | Enabled: Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Java permissions | Enabled: High Safety | Allows you to manage permissions for Java applets. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-down Internet Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Cross-Site Scripting Filter | Enabled: Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Protected Mode | Enabled: Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Enabled: Enable | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Use Pop-up Blocker | Enabled: Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Trusted Sites Zone | Don't run antimalware programs against ActiveX controls | Enabled: Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. | -| Windows Components / Internet Explorer / Security Features | Allow fallback to SSL 3.0 (Internet Explorer) | Enabled: No sites | Allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. | - -### LAPS - -Download and install the [Microsoft Local Admin Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899). - -| Feature | Policy Setting | Policy Value | Description | -|---------|----------------------------------------|--------------|-------------------------------| -| LAPS | Enable local admin password management | Enabled | Activates LAPS for the device | - -### Custom Policies - -| Feature | Policy Setting | Policy Value | Description | -|-----------------------------------------------------------------------|-----------------------------------------------------------|--------------|---------------------------------------------------------------------------------------| -| Computer Configuration / Administrative Templates / MS Security Guide | Apply UAC restrictions to local accounts on network logon | Enabled | Filters the user account token for built-in administrator accounts for network logons | - -### Services - -| Feature | Policy Setting | Policy Value | Description | -|----------------|-----------------------------------|--------------|-----------------------------------------------------------------------------------| -| Scheduled Task | XblGameSaveTask | Disabled | Syncs save data for Xbox Live save-enabled games | -| Services | Xbox Accessory Management Service | Disabled | Manages connected Xbox accessories | -| Services | Xbox Game Monitoring | Disabled | Monitors Xbox games currently being played | -| Services | Xbox Live Auth Manager | Disabled | Provides authentication and authorization services for interactive with Xbox Live | -| Services | Xbox Live Game Save | Disabled | Syncs save data for Xbox live save enabled games | -| Services | Xbox Live Networking Service | Disabled | Supports the Windows.Networking.XboxLive API | - -## Controls - -The controls enabled in level 5 enforce a reasonable security level while minimizing the impact to users and applications. - -| Feature | Config | Description | -|-----------------------------------|-------------------------------------|--------------------| -| [Windows Defender ATP EDR](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | Deployed to all devices | The Windows Defender ATP endpoint detection and response (EDR) provides actionable and near real-time detection of advanced attacks. EDR helps security analysts , and aggregates alerts with the same attack techniques or attributed to the same attacker into an an entity called an *incident*. An incident helps analysts prioritize alerts, collectively investigate the full scope of a breach, and respond to threats. Windows Defender ATP EDR is not expected to impact users or applications, and it can be deployed to all devices in a single step. | -| [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Enabled for all compatible hardware | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. There is a small risk to application compatibility, as [applications will break](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements#application-requirements) if they require NTLMv1, Kerberos DES encryption, Kerberos unconstrained delegation, or extracting the Keberos TGT. As such, Microsoft recommends deploying Credential Guard using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | -| [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/) | Default browser | Microsoft Edge in Windows 10 provides better security than Internet Explorer 11 (IE11). While you may still need to leverage IE11 for compatibility with some sites, Microsoft recommends configuring Microsoft Edge as the default browser, and building an Enterprise Mode Site List to redirect to IE11 only for those sites that require it. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Enterprise Mode Site List, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | -| [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) | Enabled on compatible hardware | Windows Defender Application Guard uses a hardware isolation approach. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated container, which is separate from the host operating system and enabled by Hyper-V. If the untrusted site turns out to be malicious, the isolated container protects the host PC, and the attacker can't get to your enterprise data. There is a small risk to application compatibility, as some applications may require interaction with the host PC but may not yet be on the list of trusted web sites for Application Guard. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Network Isolation Settings, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). | - -## Behaviors - -The behaviors recommended in level 5 enforce a reasonable security level while minimizing the impact to users or to applications. - -| Feature | Config | Description | -|---------|-------------------|-------------| -| OS security updates | Deploy Windows Quality Updates within 7 days of release | As the time between the release of a patch and an exploit based on the reverse engineering of that patch continues to shrink, a critical aspect of security hygiene is having an engineering process that quickly validates and deploys Quality Updates that address security vulnerabilities. | - diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index fe229e350d..10ee86e0c0 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: sagaudre -author: justinha +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/26/2018 +ms.reviewer: --- # Microsoft Security Compliance Toolkit 1.0 @@ -69,4 +70,4 @@ LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file. -Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). \ No newline at end of file +Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index af866029c2..34891356ab 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: sagaudre -author: justinha +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 +ms.reviewer: --- # Windows security baselines diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md index aaf62986eb..9ebaf00d93 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/05/2018 +ms.reviewer: --- # Windows security guidance for enterprises diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md index e17ed61da6..e9ada36273 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md @@ -5,13 +5,14 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: appcompatguy -author: appcompatguy +ms.author: dansimp +author: dansimp manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/05/2018 +ms.date: 06/11/2019 +ms.reviewer: --- # Introducing the security configuration framework @@ -20,45 +21,56 @@ ms.date: 04/05/2018 - Windows 10 -Security configuration is complex. With thousands of group policies available in Windows, choosing the “best” setting is difficult. -It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of some security lockdowns. +Security configuration is complex. When hardening your deployment of Windows 10, how should you prioritize the hardware you buy, policies you enforce, controls you configure, and behavior your staff exhibit? -Because of this, with each release of Windows, Microsoft publishes [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), an industry-standard configuration that is broadly known and well-tested. -However, many organizations have discovered that this baseline sets a very high bar. -While appropriate for organizations with very high security needs such as those persistently targeted by Advanced Persistent Threats, some organizations have found that the cost of navigating the potential compatibility impact of this configuration is prohibitively expensive given their risk appetite. -They can’t justify the investment in that very high level of security with an ROI. +Even when configuring policies, with thousands of policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of security lockdowns. Because of this, with each release of Windows, Microsoft publishes [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), an industry-standard configuration that is broadly known and well-tested. However, many organizations have discovered that this baseline sets a very high bar for some scenarios. -As such, Microsoft is introducing a new taxonomy for security configurations for Windows 10. -This new security configuration framework, which we call the SECCON framework (remember "WarGames"?), organizes devices into one of 5 distinct security configurations. +To help you prioritize your endpoint hardening work, Microsoft is introducing a new taxonomy for security configurations for Windows 10. In this initial preview, we are simply listing recommended hardware, policies, controls, and behaviors in order to gather feedback from more customers and security experts in order to refine the framework and prioritize opportunities to automate. + +This new security configuration framework, which we affectionately nickname the SecCon framework (remember "WarGames"?), organizes devices into one of 5 distinct security configurations. ![SECCON Framework](images/seccon-framework.png) -- [Level 5 Enterprise Security](level-5-enterprise-security.md) – We recommend this configuration as the minimum security configuration for an enterprise device. Recommendations for this level are generally straightforward and are designed to be deployable within 30 days. -- [Level 4 Enterprise High Security](level-4-enterprise-high-security.md) – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compat, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days. -- [Level 3 Enterprise VIP Security](level-3-enterprise-vip-security.md) – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (as one example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days. -- [Level 2 DevOps Workstation](level-2-enterprise-devops-security.md) – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. Level 2 guidance is coming soon! -- [Level 1 Administrator Workstation](level-1-enterprise-administrator-security.md) – Administrators (particularly of identity or security systems) present the highest risk to the organization, through data theft, data alteration, or service disruption. Level 1 guidance is coming soon! +- [Level 1 enterprise basic security](level-1-enterprise-basic-security.md) – We recommend this configuration as the minimum security configuration for an enterprise device. Recommendations for this level are generally straightforward and are designed to be deployable within 30 days. +- [Level 2 enterprise enhanced security](level-2-enterprise-enhanced-security.md) – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compat, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days. +- [Level 3 enterprise high security](level-3-enterprise-high-security.md) – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (as one example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days. +- [Level 4 DevOps workstation](level-4-enterprise-devops-security.md) – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. Level 4 guidance is coming soon! +- [Level 5 administrator workstation](level-5-enterprise-administrator-security.md) – Administrators (particularly of identity or security systems) present the highest risk to the organization, through data theft, data alteration, or service disruption. Level 5 guidance is coming soon! The security configuration framework divides configuration into Productivity Devices and Privileged Access Workstations. This document will focus on Productivity Devices -(Levels 5, 4, and 3). +(Levels 1, 2, and 3). Microsoft’s current guidance on [Privileged Access Workstations](http://aka.ms/privsec) are part of the [Securing Privileged Access roadmap](http://aka.ms/privsec). Microsoft recommends reviewing and categorizing your devices, and then configuring them using the prescriptive guidance for that level. -Level 5 should be considered the minimum baseline for an enterprise device, and Microsoft recommends increasing the protection based on both threat environment and risk appetite. +Level 1 should be considered the minimum baseline for an enterprise device, and Microsoft recommends increasing the protection based on both threat environment and risk appetite. ## Security control classification -The recommendations are grouped into three categories. - -![Security Control Classifications](images/security-control-classification.png) +The recommendations are grouped into four categories. +| Hardware | Policies | Controls | Behaviors | +|----------|----------|----------|-----------| +| Microsoft recommends acquiring hardware that supports the specified hardware features, in order to support Windows security features | Microsoft recommends enforcing the configuration of the specified policies in the manner described, to harden Windows to the designated level of security | Microsoft recommends enabling the security controls specified in the manner described, to provide protections appropriate to the designated level of security. | Microsoft recommends changing organizational behavior towards the endpoints in the manner described. | ## Security control deployment methodologies The way Microsoft recommends implementing these controls depends on the auditability of the control–there are two primary methodologies. -![Security Control Deployment methodologies](images/security-control-deployment-methodologies.png) +### Rings +Security controls which don't support an audit mode should be deployed gradually. A typical deployment methodology: +1. Test ring - deploy to a lab to validate "must test" apps prior to enforcement of any configuration +2. Pilot ring - deploy to a representative sample of 2-5% of the environment +3. Fast ring - deploy to the next 25% of the environment +4. Slow ring - deploy to the remainder of the organization + +### Audit / Enforce + +Security controls which support an audit mode can be deployed using the following methodology: + +1. Audit - enable the control in audit mode, and gasther audit data in a centralized location +2. Review - review the audit data to assess potential impact (both positive and negative) and configure any exemptions from the security control you need to configure +3. Enforce - deploy the configuration of any exemptions and convert the control to enforce mode diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json index ca62dbde8c..98413f9962 100644 --- a/windows/threat-protection/docfx.json +++ b/windows/threat-protection/docfx.json @@ -20,7 +20,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -31,21 +31,22 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.author": "justinha", - "ms.date": "04/05/2017", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-threat-protection", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "ms.author": "justinha", + "ms.date": "04/05/2017", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-threat-protection", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], - "dest": "win-threat-protection" + "dest": "win-threat-protection", + "markdownEngineName": "markdig" } } diff --git a/windows/update/docfx.json b/windows/update/docfx.json index 0e654307a9..c5ef1b98ba 100644 --- a/windows/update/docfx.json +++ b/windows/update/docfx.json @@ -30,15 +30,16 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-update", - "folder_relative_path_in_docset": "./" - } - } - }, + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.windows-update", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], - "dest": "windows-update" + "dest": "windows-update", + "markdownEngineName": "markdig" } } diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md index 1655e466e9..2991f9ac65 100644 --- a/windows/whats-new/TOC.md +++ b/windows/whats-new/TOC.md @@ -1,4 +1,5 @@ # [What's new in Windows 10](index.md) +## [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md) ## [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md) ## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md) ## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md) diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md index 8d052ede68..f71dfffeea 100644 --- a/windows/whats-new/contribute-to-a-topic.md +++ b/windows/whats-new/contribute-to-a-topic.md @@ -6,6 +6,10 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.date: 10/13/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp +author: dansimp ms.topic: tutorial --- @@ -44,14 +48,14 @@ Across the docs.microsoft.com site, if you see **Edit** in the right-hand corner ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png) -4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see: - - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring) +4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see: + - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring) - - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) + - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) -5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct. +5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct. - ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png) + ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png) 6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change**. @@ -59,15 +63,15 @@ Across the docs.microsoft.com site, if you see **Edit** in the right-hand corner The **Comparing changes** screen shows the changes between your version of the article and the original content. -7. On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in. (Occasionally there are merge conflicts, where you've edited the file one way, while someone else edited the same lines in the same file in a different way. Before you can propose your changes, you need to fix those conflicts.) +7. On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in. (Occasionally there are merge conflicts, where you've edited the file one way, while someone else edited the same lines in the same file in a different way. Before you can propose your changes, you need to fix those conflicts.) - If there are no problems, you’ll see the message, **Able to merge**. + If there are no problems, you’ll see the message, **Able to merge**. - ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png) + ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png) -8. Click **Create pull request**. +8. Click **Create pull request**. -9. Enter a title and description to let us know what’s in the request. +9. Enter a title and description to let us know what’s in the request. 10. Scroll to the bottom of the page, and make sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people. @@ -75,6 +79,6 @@ Across the docs.microsoft.com site, if you see **Edit** in the right-hand corner 12. If you aren't a Microsoft employee, you need to [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before updating or adding to any Microsoft repositories. A bot running in GitHub checks whether you've signed the CLA - if not, you'll be prompted, in the pull request, to sign it. - If you've previously contributed to topics in the Microsoft repositories, congratulations! You've already completed this step. + If you've previously contributed to topics in the Microsoft repositories, congratulations! You've already completed this step. -Next, the pull request is sent to one of our writers to review your edits for technical and editorial accuracy. If we have any suggestions or questions, we'll add them to the pull request where we can discuss them with you. If we accept your edits, you'll see your changes the next time the article is published. \ No newline at end of file +Next, the pull request is sent to one of our writers to review your edits for technical and editorial accuracy. If we have any suggestions or questions, we'll add them to the pull request where we can discuss them with you. If we accept your edits, you'll see your changes the next time the article is published. diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json index 8095c10abd..1903ec7f9a 100644 --- a/windows/whats-new/docfx.json +++ b/windows/whats-new/docfx.json @@ -20,7 +20,7 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif" ], "exclude": [ "**/obj/**", @@ -31,24 +31,24 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.author": "trudyha", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-whats-new", - "folder_relative_path_in_docset": "./" - } - } - }, + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "ms.technology": "windows", + "ms.topic": "article", + "ms.author": "trudyha", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "MSDN.win-whats-new", + "folder_relative_path_in_docset": "./" + } + } + }, "fileMetadata": {}, "template": [], "dest": "win-whats-new", - "markdownEngineName": "dfm" + "markdownEngineName": "markdig" } } diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md index 3f464216ef..6dc2400981 100644 --- a/windows/whats-new/get-started-with-1709.md +++ b/windows/whats-new/get-started-with-1709.md @@ -5,9 +5,11 @@ keywords: ["get started", "windows 10", "fall creators update", "1709"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: DaniHalfin -ms.author: daniha +author: dansimp +ms.author: dansimp ms.date: 10/16/2017 +ms.reviewer: +manager: dansimp ms.localizationpriority: high ms.topic: article --- @@ -46,4 +48,4 @@ Having problems with your latest deployment of Windows 10, version 1709? Check o Ready to get started with Windows 10, version 1709? > [!div class="nextstepaction"] -> [Deploy and Update Windows 10](/windows/deployment) \ No newline at end of file +> [Deploy and Update Windows 10](/windows/deployment) diff --git a/windows/whats-new/images/Multi-app_kiosk_inFrame.png b/windows/whats-new/images/Multi-app_kiosk_inFrame.png index 7a1928501e..9dd28db197 100644 Binary files a/windows/whats-new/images/Multi-app_kiosk_inFrame.png and b/windows/whats-new/images/Multi-app_kiosk_inFrame.png differ diff --git a/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png b/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png index f329d74d3e..a7b20a039c 100644 Binary files a/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png and b/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png differ diff --git a/windows/whats-new/images/system-guard.png b/windows/whats-new/images/system-guard.png new file mode 100644 index 0000000000..586f63d4da Binary files /dev/null and b/windows/whats-new/images/system-guard.png differ diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index 1798631ea3..6c9a323ecd 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -2,21 +2,20 @@ title: What's new in Windows 10 (Windows 10) description: Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more. ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44 -keywords: ["What's new in Windows 10", "Windows 10", "anniversary update", "contribute", "edit topic", "Creators Update", "Fall Creators Update"] +keywords: ["What's new in Windows 10", "Windows 10"] ms.prod: w10 -author: TrudyHa -ms.date: 04/30/2018 +author: greg-lindsay ms.localizationpriority: high ms.topic: article --- # What's new in Windows 10 - Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more. ## In this section +- [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md) - [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md) - [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md) - [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md) @@ -24,9 +23,6 @@ Windows 10 provides IT professionals with advanced protection against modern sec - [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md) - [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md) - -- [Edit an existing topic using the Edit link](contribute-to-a-topic.md) - ## Learn more - [Windows 10 release information](https://technet.microsoft.com/windows/release-info) @@ -34,15 +30,8 @@ Windows 10 provides IT professionals with advanced protection against modern sec - [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210) - [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485) - ## See also -[Windows 10 Enterprise LTSC](ltsc/index.md) -  - -  - - - - +[Windows 10 Enterprise LTSC](ltsc/index.md)
      +[Edit an existing topic using the Edit link](contribute-to-a-topic.md) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 7b02c68fa1..c20bd31308 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -1,11 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2015 LTSC +ms.reviewer: +manager: dansimp +ms.author: macapara description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: mjcaparas ms.localizationpriority: low ms.topic: article --- @@ -241,10 +244,10 @@ Enterprises have the following identity and management choices. | Grouping | Domain join; Workgroup; Azure AD join | | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | - > **Note**   + > **Note**   With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). -  + ### Device lockdown diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index acf81acf24..dfa92423f4 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -1,11 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2016 LTSC +ms.reviewer: +manager: dansimp +ms.author: macapara description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: mjcaparas ms.localizationpriority: low ms.topic: article --- @@ -80,11 +83,11 @@ Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC: #### New Bitlocker features -- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. - It provides the following benefits: - - The algorithm is FIPS-compliant. - - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. - >**Note:**  Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. +- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. + It provides the following benefits: + - The algorithm is FIPS-compliant. + - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. + >**Note:** Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. ### Security auditing diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index dd8a314962..c60b88f548 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -1,11 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2019 LTSC +ms.reviewer: +manager: dansimp +ms.author: macapara description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: mjcaparas ms.localizationpriority: low ms.topic: article --- @@ -36,7 +39,6 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use >Microsoft Intune supports LTSC 2019 and later. - ## Security This version of Window 10 includes security improvements for threat protection, information protection, and identity protection. @@ -59,30 +61,6 @@ Attack surface reduction includes host-based intrusion prevention systems such a Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](https://docs.microsoft.com/windows/wsl/release-notes#build-17618-skip-ahead). -###### Windows Defender Application Guard - -Windows Defender Application Guard hardens a favorite attacker entry-point by isolating malware and other threats away from your data, apps, and infrastructure. For more information, see [Windows Defender Application Guard overview](https://docs.microsoft.com/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview). - -Windows Defender Application Guard has support for Edge and has extensions for Chrome and Firefox. For more information, see [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard#software-requirements) - -Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security Center. - -Additionally, users who are managed by enterprise policies will be able to check their settings to see what their administrators have configured for their machines to better understand the behavior of Windows Defender Application Guard. This new UI improves the overall experience for users while managing and checking their Windows Defender Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security. For more information, see [Windows Defender Application Guard inside Windows Security App](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/test/m-p/214102#M1709). - -To try this: - -1. Go to **Windows Security** and select **App & browser control**. -2. Under **Isolated browsing**, select **Install Windows Defender Application Guard**, then install and restart the device. -3. Select **Change Application Guard** settings. -4. Configure or check Application Guard settings. - -See the following example: - -![Security at a glance](../images/1_AppBrowser.png "app and browser control") -![Isolated browser](../images/2_InstallWDAG.png "isolated browsing") -![change WDAG settings](../images/3_ChangeSettings.png "change settings") -![view WDAG settings](../images/4_ViewSettings.jpg "view settings") - ##### Windows Defender Device Guard [Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: @@ -104,31 +82,31 @@ Endpoint detection and response is improved. Enterprise customers can now take a Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). The new library includes information on: - - [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) - - [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) - - [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) - - [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) - - [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) +- [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) +- [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) +- [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) +- [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) +- [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) - Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus). + Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus). - New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: - - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) - - [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) - - [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) + New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: +- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) +- [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) +- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) - We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). + We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). - **Endpoint detection and response** is also enhanced. New **detection** capabilities include: - - [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. - - [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. - - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. - - Upgraded detections of ransomware and other advanced attacks. - - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed. + **Endpoint detection and response** is also enhanced. New **detection** capabilities include: +- [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. + - [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. + - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. + - Upgraded detections of ransomware and other advanced attacks. + - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed. - **Threat reponse** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: - - [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. + **Threat reponse** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: +- [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. + - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. Additional capabilities have been added to help you gain a holistic view on **investigations** include: - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. @@ -657,4 +635,4 @@ See the following example: ## See Also -[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release. \ No newline at end of file +[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release. diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index da039f72df..cfc863d9b5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -2,10 +2,13 @@ title: What's new in Windows 10, versions 1507 and 1511 (Windows 10) description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile. ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: TrudyHa +author: dansimp ms.localizationpriority: high ms.date: 10/16/2017 ms.topic: article @@ -17,7 +20,7 @@ Below is a list of some of the new and updated features included in the initial >[!NOTE] >For release dates and servicing options for each version, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info). -  + ## Deployment @@ -44,11 +47,11 @@ With Windows 10, you can create provisioning packages that let you quickly and e #### New Bitlocker features in Windows 10, version 1511 -- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. - It provides the following benefits: - - The algorithm is FIPS-compliant. - - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. - >**Note:**  Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. +- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. + It provides the following benefits: + - The algorithm is FIPS-compliant. + - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. + >**Note:** Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. #### New Bitlocker features in Windows 10, version 1507 @@ -277,10 +280,10 @@ Enterprises have the following identity and management choices. | Grouping | Domain join; Workgroup; Azure AD join | | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | - > **Note**   + > **Note**   With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). -  + ### Device lockdown @@ -352,9 +355,9 @@ We also recommend that you upgrade to IE11 if you're running any earlier version - [Windows 10 release information](https://technet.microsoft.com/windows/release-info) -  + -  + diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 6ef3ef4059..a77ae7c354 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -5,9 +5,12 @@ keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: TrudyHa +author: dansimp ms.localizationpriority: high ms.date: 10/16/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article --- diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 91bac38458..46e7f7bca5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -5,9 +5,12 @@ keywords: ["What's new in Windows 10", "Windows 10", "creators update"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JasonGerend +author: dansimp ms.localizationpriority: high ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.date: 10/16/2017 ms.topic: article --- diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index af0c9c725d..df1f40120d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -5,8 +5,11 @@ keywords: ["What's new in Windows 10", "Windows 10", "Fall Creators Update"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 01/24/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.localizationpriority: high ms.topic: article --- diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index a4846edc0d..7c41c62396 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -5,8 +5,11 @@ keywords: ["What's new in Windows 10", "Windows 10", "April 2018 Update"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.date: 07/07/2018 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.localizationpriority: high ms.topic: article --- @@ -22,11 +25,8 @@ This article lists new and updated features and content that are of interest to The following 3-minute video summarizes some of the new features that are available for IT Pros in this release. -  - > [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false] - ## Deployment ### Windows Autopilot @@ -135,7 +135,7 @@ Portions of the work done during the offline phases of a Windows update have bee ### Co-management -Intune and System Center Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +**Intune** and **System Center Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) @@ -145,7 +145,7 @@ The OS uninstall period is a length of time that users are given when they can o ### Windows Hello for Business -[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#kiosk-configuration) section. +[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#windows-10-kiosk-and-kiosk-browser) section. - Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). - Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. @@ -231,8 +231,8 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu ## See Also -[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
      -[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
      -[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
      -[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. +- [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. +- [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. +- [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. +- [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index f50ed452fa..7bf5f8b3ee 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -1,11 +1,14 @@ --- title: What's new in Windows 10, version 1809 +ms.reviewer: +manager: dansimp +ms.author: dansimp description: New and updated features in Windows 10, version 1809 keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: greg-lindsay +author: dansimp ms.localizationpriority: high ms.topic: article --- @@ -78,6 +81,8 @@ To achieve this: 3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts. +For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](https://docs.microsoft.com/windows/deployment/windows-autopilot/bitlocker). + ### Windows Defender Application Guard Improvements Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without needing to change registry key settings. @@ -173,7 +178,7 @@ Microsoft Edge kiosk mode running in single-app assigned access has two kiosk ty Microsoft Edge kiosk mode running in multi-app assigned access has two kiosk types. >[!NOTE] ->The following Microsoft Edge kiosk mode types cannot be setup using the new simplified assigned access configuration wizard in Windows 10 Settings. +>The following Microsoft Edge kiosk mode types cannot be set up using the new simplified assigned access configuration wizard in Windows 10 Settings. **Public browsing** supports multi-tab browsing and runs InPrivate mode with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate mode windows. @@ -250,4 +255,4 @@ See the following example: ![Enter your credentials](images/RDPwBioTime.png "Windows Hello") ![Enter your credentials](images/RDPwBio2.png "Windows Hello personal") -![Microsoft Hyper-V Server 2016](images/hyper-v.png "Microsoft Hyper-V Server 2016") \ No newline at end of file +![Microsoft Hyper-V Server 2016](images/hyper-v.png "Microsoft Hyper-V Server 2016") diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md new file mode 100644 index 0000000000..7f6354c1f2 --- /dev/null +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -0,0 +1,150 @@ +--- +title: What's new in Windows 10, version 1903 +description: New and updated IT Pro content about new features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update). +keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: greg-lindsay +ms.localizationpriority: high +ms.topic: article +--- + +# What's new in Windows 10, version 1903 IT Pro content + +**Applies to** +- Windows 10, version 1903 + +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1809. + +>[!NOTE] +>New disk space requirement for Windows 10, version 1903 applies only to OEMs for the manufacture of new PCs. This new requirement does not apply to existing devices. PCs that don’t meet new device disk space requirements will continue to receive updates and the 1903 update will require about the same amount of free disk space as previous updates. For more information, see [Reserved storage](#reserved-storage). + +## Deployment + +### Windows Autopilot + +[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. The following Windows Autopilot features are available in Windows 10, version 1903 and later: + +- [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in this version of Windows. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users. +- The Intune [enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions​. +- [Cortana voiceover](https://docs.microsoft.com/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs. +- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE. +- Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE. + +### Windows 10 Subscription Activation + +Windows 10 Education support has been added to Windows 10 Subscription Activation. + +With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions – Windows 10 Education. For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation). + +### SetupDiag + +[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) version 1.4.1 is available. + +SetupDiag is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. + +### Reserved storage + +[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space. Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs. It will not be enabled when updating from a previous version of Windows 10. + +## Servicing + +- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon! +- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. +- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. +- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. +- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. +- **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar. +- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns. +- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions. + +## Security + +### Windows Information Protection + +With this release, Windows Defender ATP extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files). + +### Security configuration framework + +With this release of Windows 10, Microsoft is introducing a [new taxonomy for security configurations](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework), called the **SECCON framework**, comprised of 5 device security configurations. + +### Security baseline for Windows 10 and Windows Server + +The draft release of the [security configuration baseline settings](https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/) for Windows 10, version 1903 and for Windows Server version 1903 is available. + +### Intune security baselines + +[Intune Security Baselines](https://docs.microsoft.com/intune/security-baselines) (Preview): Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams. + +### Microsoft Defender Advanced Threat Protection (ATP): + +- [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses. +- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage. + - Integrity enforcement capabilities – Enable remote runtime attestation of Windows 10 platform. + - Tamper-proofing capabilities – Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers. +- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Windows Defender ATP’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities. + +### Microsoft Defender ATP next-gen protection technologies: + +- **Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware. +- **Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected. +- **Certified ISO 27001 compliance**: Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place. +- **Geolocation support**: Support geolocation and sovereignty of sample data as well as configurable retention policies. + +### Threat Protection + +- [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device. +- [Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone. + +- [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements: + - Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior. + - WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAG’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates. + + To try this extension: + 1. Configure WDAG policies on your device. + 2. Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension. + 3. Follow any additional configuration steps on the extension setup page. + 4. Reboot the device. + 5. Navigate to an untrusted site in Chrome and Firefox. + + - WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates. + +- [Windows Defender Application Control (WDAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC has a number of new features that light up key scenarios and provide feature parity with AppLocker. + - [Multiple Policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy. + - [Path-Based Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
      + This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker. + - [Allow COM Object Registration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. + +#### System Guard + +[System Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) has added a new feature in this version of Windows called **SMM Firmware Measurement**. This feature is built on top of [System Guard Secure Launch](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) to check that the System Management Mode (SMM) firmware on the device is operating in a healthy manner - specifically, OS memory and secrets are protected from SMM. There are currently no devices out there with compatible hardware, but they will be coming out in the next few months. + +This new feature is displayed under the Device Security page with the string “Your device exceeds the requirements for enhanced hardware security” if configured properly: + +![System Guard](images/system-guard.png "SMM Firmware Measurement") + +### Identity Protection + +- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD. +- [Streamlined Windows Hello PIN reset experience](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web. +- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! +- [Remote Desktop with Biometrics](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. + +### Security management + +- [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes. +- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations. +- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features. + +## Microsoft Edge + +Several new features are coming in the next version of Edge. See the [news from Build 2019](https://blogs.windows.com/msedgedev/2019/05/06/edge-chromium-build-2019-pwa-ie-mode-devtools/#2QJF4u970WjQ2Sv7.97) for more information. + +## See Also + +[What's New in Windows Server, version 1903](https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1903): New and updated features in Windows Server.
      +[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
      +[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
      +[What's new in Windows 10](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
      +[What's new in Windows 10 for developers](https://blogs.windows.com/buildingapps/2019/04/18/start-developing-on-windows-10-may-2019-update-today/#2Lp8FUFQ3Jm8KVcq.97): New and updated features in Windows 10 that are of interest to developers. diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 7ec491e3ef..6fd107bf08 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -4,8 +4,11 @@ description: Preliminary documentation for some Windows 10 features in Insider P ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: TrudyHa +author: dansimp ms.date: 04/14/2017 +ms.reviewer: +manager: dansimp +ms.author: dansimp ms.topic: article ---